Added client-side support for the TLS cached info extension. This feature is disabled by default ...

net/third_party/nss/ssl/sslimpl.h

 /*
  * This file is PRIVATE to SSL and should be the first thing included by
  * any SSL implementation file.
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
@@ skipping 331 matching lines @@
     unsigned int detectRollBack         : 1;  /* 14 */
     unsigned int noStepDown             : 1;  /* 15 */
     unsigned int bypassPKCS11           : 1;  /* 16 */
     unsigned int noLocks                : 1;  /* 17 */
     unsigned int enableSessionTickets   : 1;  /* 18 */
     unsigned int enableDeflate          : 1;  /* 19 */
     unsigned int enableRenegotiation    : 2;  /* 20-21 */
     unsigned int requireSafeNegotiation : 1;  /* 22 */
     unsigned int enableFalseStart       : 1;  /* 23 */
     unsigned int enableOCSPStapling     : 1;  /* 24 */
+    unsigned int enableCachedInfo       : 1;  /* 25 */
 } sslOptions;
 
 typedef enum { sslHandshakingUndetermined = 0,
                sslHandshakingAsClient,
                sslHandshakingAsServer 
 } sslHandshakingType;
 
 typedef struct sslServerCertsStr {
     /* Configuration state for server sockets */
     CERTCertificate *     serverCert;
@@ skipping 404 matching lines @@
     PRBool emptySessionTicket;
 
     /* SNI Extension related data
      * Names data is not coppied from the input buffer. It can not be
      * used outside the scope where input buffer is defined and that
      * is beyond ssl3_HandleClientHello function. */
     SECItem *sniNameArr;
     PRUint32 sniNameArrSize;
 };
 
+typedef enum {
+    cached_info_certificate_chain = 1,
+    cached_info_trusted_cas = 2
+} TLSCachedInfoType;
+
 /*
 ** This is the "hs" member of the "ssl3" struct.
 ** This entire struct is protected by ssl3HandshakeLock
 */
 typedef struct SSL3HandshakeStateStr {
     SSL3Random            server_random;
     SSL3Random            client_random;
     SSL3WaitState         ws;
     PRUint64              md5_cx[MAX_MAC_CONTEXT_LLONGS];
     PRUint64              sha_cx[MAX_MAC_CONTEXT_LLONGS];
@@ skipping 61 matching lines @@
     ssl3CipherSpec *     pwSpec;        /* pending write spec. */
 
     CERTCertificate *    clientCertificate;  /* used by client */
     SECKEYPrivateKey *   clientPrivateKey;   /* used by client */
 #ifdef NSS_PLATFORM_CLIENT_AUTH
     PlatformKey          platformClientKey;  /* used by client */
 #endif  /* NSS_PLATFORM_CLIENT_AUTH */
     CERTCertificateList *clientCertChain;    /* used by client */
     PRBool               sendEmptyCert;      /* used by client */
 
+    /* TLS Cached Info Extension */
+    CERTCertificate **   predictedCertChain;
+                            /* An array terminated with a NULL. */
+    PRUint8              certChainDigest[8];
+                            /* Used in cached info extension. Stored in network
+                             * byte order. */
+
     int                  policy;
                         /* This says what cipher suites we can do, and should 
                          * be either SSL_ALLOWED or SSL_RESTRICTED 
                          */
     PRArenaPool *        peerCertArena;  
                             /* These are used to keep track of the peer CA */
     void *               peerCertChain;     
                             /* chain while we are trying to validate it.   */
     CERTDistNames *      ca_list; 
                             /* used by server.  trusted CAs for this socket. */
@@ skipping 676 matching lines @@
 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
+extern SECStatus ssl3_ClientHandleCachedInfoXtn(sslSocket *ss,
+                        PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
 
 /* ClientHello and ServerHello extension senders.
  * Note that not all extension senders are exposed here; only those that
  * that need exposure.
  */
 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
                         PRUint32 maxBytes);
 extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
                         PRUint32 maxBytes);
 
 /* ClientHello and ServerHello extension senders.
  * The code is in ssl3ext.c.
  */
 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
                      PRUint32 maxBytes);
+extern PRInt32 ssl3_ClientSendCachedInfoXtn(sslSocket *ss, PRBool append,
+                     PRUint32 maxBytes);
 
 /* Assigns new cert, cert chain and keys to ss->serverCerts
  * struct. If certChain is NULL, tries to find one. Aborts if
  * fails to do so. If cert and keyPair are NULL - unconfigures
  * sslSocket of kea type.*/
 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert,
                                         CERTCertificateList *certChain,
                                         ssl3KeyPair *keyPair, SSLKEAType kea);
 /* Return key type for the cert */
 extern SSLKEAType ssl_FindCertKEAType(CERTCertificate * cert);
@@ skipping 126 matching lines @@
 #elif defined(_WIN32_WCE)
 #define SSL_GETPID GetCurrentProcessId
 #elif defined(WIN32)
 extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
 #else
 #define SSL_GETPID() 0
 #endif
 
 #endif /* __sslimpl_h_ */