Added client-side support for the TLS cached info extension. This feature is disabled by default ...

net/third_party/nss/ssl/ssl.h

Index: net/third_party/nss/ssl/ssl.h
===================================================================
--- net/third_party/nss/ssl/ssl.h	(revision 89911)
+++ net/third_party/nss/ssl/ssl.h	(working copy)
@@ -140,6 +140,8 @@
 /* bits. The advantage of False Start is that it saves a round trip for     */
 /* client-speaks-first protocols when performing a full handshake.          */
 #define SSL_ENABLE_OCSP_STAPLING       23 /* Request OCSP stapling (client) */
+#define SSL_ENABLE_CACHED_INFO         24 /* Enable TLS cached information  */
+                                          /* extension, off by default.     */
 
 #ifdef SSL_DEPRECATED_FUNCTION 
 /* Old deprecated function names */
@@ -437,6 +439,17 @@
 SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, 
 				     void *arg);
 
+/*	
+ ** Set the predicted chain of certificates for the peer. This is used for the	
+ ** TLS Cached Info extension. Note that the SSL_ENABLE_CACHED_INFO option must	
+ ** be set for this to occur.	
+ **	
+ ** This function takes a reference to each of the given certificates.	
+ */	
+ SSL_IMPORT SECStatus SSL_SetPredictedPeerCertificates(	
+         PRFileDesc *fd, CERTCertificate **certs,	
+         unsigned int numCerts);
+
 /*
 ** Configure SSL socket for running a secure server. Needs the
 ** certificate for the server and the servers private key. The arguments