Added client-side support for the TLS cached info extension. This feature is disabled by default ...

net/third_party/nss/ssl/ssl.h

 /*
  * This file contains prototypes for the public SSL functions.
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
@@ skipping 122 matching lines @@
                                           /* clients). False start is a     */
 /* mode where an SSL client will start sending application data before      */
 /* verifying the server's Finished message. This means that we could end up */
 /* sending data to an imposter. However, the data will be encrypted and     */
 /* only the true server can derive the session key. Thus, so long as the    */
 /* cipher isn't broken this is safe. Because of this, False Start will only */
 /* occur on RSA or DH ciphersuites where the cipher's key length is >= 80   */
 /* bits. The advantage of False Start is that it saves a round trip for     */
 /* client-speaks-first protocols when performing a full handshake.          */
 #define SSL_ENABLE_OCSP_STAPLING       23 /* Request OCSP stapling (client) */
+#define SSL_ENABLE_CACHED_INFO         24 /* Enable TLS cached information  */
+                                          /* extension, off by default.     */
 
 #ifdef SSL_DEPRECATED_FUNCTION 
 /* Old deprecated function names */
 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
 #endif
 
 /* New function names */
 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
@@ skipping 277 matching lines @@
 
 /*
 ** This is a callback for dealing with server certs that are not authenticated
 ** by the client.  The client app can decide that it actually likes the
 ** cert by some external means and restart the connection.
 */
 typedef SECStatus (PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd);
 SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, 
                                      void *arg);
 
+/*      
+ ** Set the predicted chain of certificates for the peer. This is used for the  
+ ** TLS Cached Info extension. Note that the SSL_ENABLE_CACHED_INFO option must 
+ ** be set for this to occur.   
+ **     
+ ** This function takes a reference to each of the given certificates.  
+ */     
+ SSL_IMPORT SECStatus SSL_SetPredictedPeerCertificates( 
+         PRFileDesc *fd, CERTCertificate **certs,       
+         unsigned int numCerts);
+
 /*
 ** Configure SSL socket for running a secure server. Needs the
 ** certificate for the server and the servers private key. The arguments
 ** are copied.
 */
 SSL_IMPORT SECStatus SSL_ConfigSecureServer(
                                 PRFileDesc *fd, CERTCertificate *cert,
                                 SECKEYPrivateKey *key, SSLKEAType kea);
 
 /*
@@ skipping 250 matching lines @@
 ** Did the handshake with the peer negotiate the given extension?
 ** Output parameter valid only if function returns SECSuccess
 */
 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
                                                       SSLExtensionType extId,
                                                       PRBool *yes);
 
 SEC_END_PROTOS
 
 #endif /* __ssl_h_ */