| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
| 3 * any SSL implementation file. | 3 * any SSL implementation file. |
| 4 * | 4 * |
| 5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
| 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 7 * | 7 * |
| 8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
| 9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
| 10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
| (...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 342 unsigned int detectRollBack : 1; /* 14 */ | 342 unsigned int detectRollBack : 1; /* 14 */ |
| 343 unsigned int noStepDown : 1; /* 15 */ | 343 unsigned int noStepDown : 1; /* 15 */ |
| 344 unsigned int bypassPKCS11 : 1; /* 16 */ | 344 unsigned int bypassPKCS11 : 1; /* 16 */ |
| 345 unsigned int noLocks : 1; /* 17 */ | 345 unsigned int noLocks : 1; /* 17 */ |
| 346 unsigned int enableSessionTickets : 1; /* 18 */ | 346 unsigned int enableSessionTickets : 1; /* 18 */ |
| 347 unsigned int enableDeflate : 1; /* 19 */ | 347 unsigned int enableDeflate : 1; /* 19 */ |
| 348 unsigned int enableRenegotiation : 2; /* 20-21 */ | 348 unsigned int enableRenegotiation : 2; /* 20-21 */ |
| 349 unsigned int requireSafeNegotiation : 1; /* 22 */ | 349 unsigned int requireSafeNegotiation : 1; /* 22 */ |
| 350 unsigned int enableFalseStart : 1; /* 23 */ | 350 unsigned int enableFalseStart : 1; /* 23 */ |
| 351 unsigned int enableOCSPStapling : 1; /* 24 */ | 351 unsigned int enableOCSPStapling : 1; /* 24 */ |
| 352 unsigned int enableCachedInfo : 1; /* 25 */ |
| 352 } sslOptions; | 353 } sslOptions; |
| 353 | 354 |
| 354 typedef enum { sslHandshakingUndetermined = 0, | 355 typedef enum { sslHandshakingUndetermined = 0, |
| 355 sslHandshakingAsClient, | 356 sslHandshakingAsClient, |
| 356 sslHandshakingAsServer | 357 sslHandshakingAsServer |
| 357 } sslHandshakingType; | 358 } sslHandshakingType; |
| 358 | 359 |
| 359 typedef struct sslServerCertsStr { | 360 typedef struct sslServerCertsStr { |
| 360 /* Configuration state for server sockets */ | 361 /* Configuration state for server sockets */ |
| 361 CERTCertificate * serverCert; | 362 CERTCertificate * serverCert; |
| (...skipping 404 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 766 PRBool emptySessionTicket; | 767 PRBool emptySessionTicket; |
| 767 | 768 |
| 768 /* SNI Extension related data | 769 /* SNI Extension related data |
| 769 * Names data is not coppied from the input buffer. It can not be | 770 * Names data is not coppied from the input buffer. It can not be |
| 770 * used outside the scope where input buffer is defined and that | 771 * used outside the scope where input buffer is defined and that |
| 771 * is beyond ssl3_HandleClientHello function. */ | 772 * is beyond ssl3_HandleClientHello function. */ |
| 772 SECItem *sniNameArr; | 773 SECItem *sniNameArr; |
| 773 PRUint32 sniNameArrSize; | 774 PRUint32 sniNameArrSize; |
| 774 }; | 775 }; |
| 775 | 776 |
| 777 typedef enum { |
| 778 cached_info_certificate_chain = 1, |
| 779 cached_info_trusted_cas = 2 |
| 780 } TLSCachedInfoType; |
| 781 |
| 776 /* | 782 /* |
| 777 ** This is the "hs" member of the "ssl3" struct. | 783 ** This is the "hs" member of the "ssl3" struct. |
| 778 ** This entire struct is protected by ssl3HandshakeLock | 784 ** This entire struct is protected by ssl3HandshakeLock |
| 779 */ | 785 */ |
| 780 typedef struct SSL3HandshakeStateStr { | 786 typedef struct SSL3HandshakeStateStr { |
| 781 SSL3Random server_random; | 787 SSL3Random server_random; |
| 782 SSL3Random client_random; | 788 SSL3Random client_random; |
| 783 SSL3WaitState ws; | 789 SSL3WaitState ws; |
| 784 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; | 790 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
| 785 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; | 791 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 847 ssl3CipherSpec * pwSpec; /* pending write spec. */ | 853 ssl3CipherSpec * pwSpec; /* pending write spec. */ |
| 848 | 854 |
| 849 CERTCertificate * clientCertificate; /* used by client */ | 855 CERTCertificate * clientCertificate; /* used by client */ |
| 850 SECKEYPrivateKey * clientPrivateKey; /* used by client */ | 856 SECKEYPrivateKey * clientPrivateKey; /* used by client */ |
| 851 #ifdef NSS_PLATFORM_CLIENT_AUTH | 857 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 852 PlatformKey platformClientKey; /* used by client */ | 858 PlatformKey platformClientKey; /* used by client */ |
| 853 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 859 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 854 CERTCertificateList *clientCertChain; /* used by client */ | 860 CERTCertificateList *clientCertChain; /* used by client */ |
| 855 PRBool sendEmptyCert; /* used by client */ | 861 PRBool sendEmptyCert; /* used by client */ |
| 856 | 862 |
| 863 /* TLS Cached Info Extension */ |
| 864 CERTCertificate ** predictedCertChain; |
| 865 /* An array terminated with a NULL. */ |
| 866 PRUint8 certChainDigest[8]; |
| 867 /* Used in cached info extension. Stored in network |
| 868 * byte order. */ |
| 869 PRBool digestReceived; |
| 870 |
| 857 int policy; | 871 int policy; |
| 858 /* This says what cipher suites we can do, and should | 872 /* This says what cipher suites we can do, and should |
| 859 * be either SSL_ALLOWED or SSL_RESTRICTED | 873 * be either SSL_ALLOWED or SSL_RESTRICTED |
| 860 */ | 874 */ |
| 861 PRArenaPool * peerCertArena; | 875 PRArenaPool * peerCertArena; |
| 862 /* These are used to keep track of the peer CA */ | 876 /* These are used to keep track of the peer CA */ |
| 863 void * peerCertChain; | 877 void * peerCertChain; |
| 864 /* chain while we are trying to validate it. */ | 878 /* chain while we are trying to validate it. */ |
| 865 CERTDistNames * ca_list; | 879 CERTDistNames * ca_list; |
| 866 /* used by server. trusted CAs for this socket. */ | 880 /* used by server. trusted CAs for this socket. */ |
| (...skipping 676 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1543 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, | 1557 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, |
| 1544 PRUint16 ex_type, SECItem *data); | 1558 PRUint16 ex_type, SECItem *data); |
| 1545 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, | 1559 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, |
| 1546 PRUint16 ex_type, SECItem *data); | 1560 PRUint16 ex_type, SECItem *data); |
| 1547 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, | 1561 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, |
| 1548 PRUint16 ex_type, SECItem *data); | 1562 PRUint16 ex_type, SECItem *data); |
| 1549 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, | 1563 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, |
| 1550 PRUint16 ex_type, SECItem *data); | 1564 PRUint16 ex_type, SECItem *data); |
| 1551 extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, | 1565 extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, |
| 1552 PRUint16 ex_type, SECItem *data); | 1566 PRUint16 ex_type, SECItem *data); |
| 1567 extern SECStatus ssl3_ClientHandleCachedInfoXtn(sslSocket *ss, |
| 1568 PRUint16 ex_type, SECItem *data); |
| 1553 extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, | 1569 extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, |
| 1554 PRUint16 ex_type, SECItem *data); | 1570 PRUint16 ex_type, SECItem *data); |
| 1555 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, | 1571 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, |
| 1556 PRUint16 ex_type, SECItem *data); | 1572 PRUint16 ex_type, SECItem *data); |
| 1557 extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, | 1573 extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, |
| 1558 PRUint16 ex_type, SECItem *data); | 1574 PRUint16 ex_type, SECItem *data); |
| 1559 | 1575 |
| 1560 /* ClientHello and ServerHello extension senders. | 1576 /* ClientHello and ServerHello extension senders. |
| 1561 * Note that not all extension senders are exposed here; only those that | 1577 * Note that not all extension senders are exposed here; only those that |
| 1562 * that need exposure. | 1578 * that need exposure. |
| 1563 */ | 1579 */ |
| 1564 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, | 1580 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, |
| 1565 PRUint32 maxBytes); | 1581 PRUint32 maxBytes); |
| 1566 extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append, | 1582 extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append, |
| 1567 PRUint32 maxBytes); | 1583 PRUint32 maxBytes); |
| 1568 | 1584 |
| 1569 /* ClientHello and ServerHello extension senders. | 1585 /* ClientHello and ServerHello extension senders. |
| 1570 * The code is in ssl3ext.c. | 1586 * The code is in ssl3ext.c. |
| 1571 */ | 1587 */ |
| 1572 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, | 1588 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, |
| 1573 PRUint32 maxBytes); | 1589 PRUint32 maxBytes); |
| 1590 extern PRInt32 ssl3_ClientSendCachedInfoXtn(sslSocket *ss, PRBool append, |
| 1591 PRUint32 maxBytes); |
| 1574 | 1592 |
| 1575 /* Assigns new cert, cert chain and keys to ss->serverCerts | 1593 /* Assigns new cert, cert chain and keys to ss->serverCerts |
| 1576 * struct. If certChain is NULL, tries to find one. Aborts if | 1594 * struct. If certChain is NULL, tries to find one. Aborts if |
| 1577 * fails to do so. If cert and keyPair are NULL - unconfigures | 1595 * fails to do so. If cert and keyPair are NULL - unconfigures |
| 1578 * sslSocket of kea type.*/ | 1596 * sslSocket of kea type.*/ |
| 1579 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, | 1597 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, |
| 1580 CERTCertificateList *certChain, | 1598 CERTCertificateList *certChain, |
| 1581 ssl3KeyPair *keyPair, SSLKEAType kea); | 1599 ssl3KeyPair *keyPair, SSLKEAType kea); |
| 1582 /* Return key type for the cert */ | 1600 /* Return key type for the cert */ |
| 1583 extern SSLKEAType ssl_FindCertKEAType(CERTCertificate * cert); | 1601 extern SSLKEAType ssl_FindCertKEAType(CERTCertificate * cert); |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1710 #elif defined(_WIN32_WCE) | 1728 #elif defined(_WIN32_WCE) |
| 1711 #define SSL_GETPID GetCurrentProcessId | 1729 #define SSL_GETPID GetCurrentProcessId |
| 1712 #elif defined(WIN32) | 1730 #elif defined(WIN32) |
| 1713 extern int __cdecl _getpid(void); | 1731 extern int __cdecl _getpid(void); |
| 1714 #define SSL_GETPID _getpid | 1732 #define SSL_GETPID _getpid |
| 1715 #else | 1733 #else |
| 1716 #define SSL_GETPID() 0 | 1734 #define SSL_GETPID() 0 |
| 1717 #endif | 1735 #endif |
| 1718 | 1736 |
| 1719 #endif /* __sslimpl_h_ */ | 1737 #endif /* __sslimpl_h_ */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7058049:
Added client-side support for the TLS cached info extension. This feature is disabled by default ... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/