Added client-side support for the TLS cached info extension. This feature is disabled by default ...

net/third_party/nss/ssl/ssl.h

Index: net/third_party/nss/ssl/ssl.h
===================================================================
--- net/third_party/nss/ssl/ssl.h	(revision 89500)
+++ net/third_party/nss/ssl/ssl.h	(working copy)
@@ -140,6 +140,8 @@
 /* bits. The advantage of False Start is that it saves a round trip for     */
 /* client-speaks-first protocols when performing a full handshake.          */
 #define SSL_ENABLE_OCSP_STAPLING       23 /* Request OCSP stapling (client) */
+#define SSL_ENABLE_CACHED_INFO         24 /* Enable SSL cached information  */

[wtc, 2011/06/20 22:21:51]

Nit: let's call this "TLS cached information extension", so
change "SSL" to "TLS" in the comment.

[rkn, 2011/06/20 23:52:51]

Done. I changed the comment, but I did not change the name
"SSL_ENABLE_CACHED_INFO". I think that is what you intended.

+                                          /* extension, off by default.     */
 
 #ifdef SSL_DEPRECATED_FUNCTION 
 /* Old deprecated function names */
@@ -437,6 +439,17 @@
 SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, 
 				     void *arg);
 
+/*	
+ ** Set the predicted chain of certificates for the peer. This is used for the	
+ ** TLS Cached Info extension. Note that the SSL_ENABLE_CACHED_INFO option must	
+ ** be set for this to occur.	
+ **	
+ ** This function takes a reference to each of the given certificates.	
+ */	
+ SSL_IMPORT SECStatus SSL_SetPredictedPeerCertificates(	
+         PRFileDesc *fd, CERTCertificate **certs,	
+         unsigned int numCerts);
+
 /*
 ** Configure SSL socket for running a secure server. Needs the
 ** certificate for the server and the servers private key. The arguments