Chromium Code Reviews Chromium Code Reviews
Issue 7327029:
Add client-side support for the origin bound certificate TLS extension. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
| 3 * any SSL implementation file. | 3 * any SSL implementation file. |
| 4 * | 4 * |
| 5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
| 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 7 * | 7 * |
| 8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
| 9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
| 10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
| (...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 343 unsigned int noStepDown : 1; /* 15 */ | 343 unsigned int noStepDown : 1; /* 15 */ |
| 344 unsigned int bypassPKCS11 : 1; /* 16 */ | 344 unsigned int bypassPKCS11 : 1; /* 16 */ |
| 345 unsigned int noLocks : 1; /* 17 */ | 345 unsigned int noLocks : 1; /* 17 */ |
| 346 unsigned int enableSessionTickets : 1; /* 18 */ | 346 unsigned int enableSessionTickets : 1; /* 18 */ |
| 347 unsigned int enableDeflate : 1; /* 19 */ | 347 unsigned int enableDeflate : 1; /* 19 */ |
| 348 unsigned int enableRenegotiation : 2; /* 20-21 */ | 348 unsigned int enableRenegotiation : 2; /* 20-21 */ |
| 349 unsigned int requireSafeNegotiation : 1; /* 22 */ | 349 unsigned int requireSafeNegotiation : 1; /* 22 */ |
| 350 unsigned int enableFalseStart : 1; /* 23 */ | 350 unsigned int enableFalseStart : 1; /* 23 */ |
| 351 unsigned int enableOCSPStapling : 1; /* 24 */ | 351 unsigned int enableOCSPStapling : 1; /* 24 */ |
| 352 unsigned int enableCachedInfo : 1; /* 25 */ | 352 unsigned int enableCachedInfo : 1; /* 25 */ |
| 353 unsigned int enableOBCerts : 1; /* 26 */ | |
| 354 | |
|
wtc
2011/07/13 01:17:15
Delete this blank line.
| |
| 353 } sslOptions; | 355 } sslOptions; |
| 354 | 356 |
| 355 typedef enum { sslHandshakingUndetermined = 0, | 357 typedef enum { sslHandshakingUndetermined = 0, |
| 356 sslHandshakingAsClient, | 358 sslHandshakingAsClient, |
| 357 sslHandshakingAsServer | 359 sslHandshakingAsServer |
| 358 } sslHandshakingType; | 360 } sslHandshakingType; |
| 359 | 361 |
| 360 typedef struct sslServerCertsStr { | 362 typedef struct sslServerCertsStr { |
| 361 /* Configuration state for server sockets */ | 363 /* Configuration state for server sockets */ |
| 362 CERTCertificate * serverCert; | 364 CERTCertificate * serverCert; |
| (...skipping 1198 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1561 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, | 1563 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, |
| 1562 PRUint16 ex_type, SECItem *data); | 1564 PRUint16 ex_type, SECItem *data); |
| 1563 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, | 1565 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, |
| 1564 PRUint16 ex_type, SECItem *data); | 1566 PRUint16 ex_type, SECItem *data); |
| 1565 extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, | 1567 extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, |
| 1566 PRUint16 ex_type, SECItem *data); | 1568 PRUint16 ex_type, SECItem *data); |
| 1567 extern SECStatus ssl3_ClientHandleCachedInfoXtn(sslSocket *ss, | 1569 extern SECStatus ssl3_ClientHandleCachedInfoXtn(sslSocket *ss, |
| 1568 PRUint16 ex_type, SECItem *data); | 1570 PRUint16 ex_type, SECItem *data); |
| 1569 extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, | 1571 extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, |
| 1570 PRUint16 ex_type, SECItem *data); | 1572 PRUint16 ex_type, SECItem *data); |
| 1573 extern SECStatus ssl3_ClientHandleOBCertXtn(sslSocket *ss, | |
| 1574 PRUint16 ex_type, SECItem *data); | |
| 1571 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, | 1575 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, |
| 1572 PRUint16 ex_type, SECItem *data); | 1576 PRUint16 ex_type, SECItem *data); |
| 1573 extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, | 1577 extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, |
| 1574 PRUint16 ex_type, SECItem *data); | 1578 PRUint16 ex_type, SECItem *data); |
| 1579 extern SECStatus ssl3_ServerHandleOBCertXtn(sslSocket *ss, | |
| 1580 PRUint16 ex_type, SECItem *data); | |
| 1575 | 1581 |
| 1576 /* ClientHello and ServerHello extension senders. | 1582 /* ClientHello and ServerHello extension senders. |
| 1577 * Note that not all extension senders are exposed here; only those that | 1583 * Note that not all extension senders are exposed here; only those that |
| 1578 * that need exposure. | 1584 * that need exposure. |
| 1579 */ | 1585 */ |
| 1580 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, | 1586 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, |
| 1581 PRUint32 maxBytes); | 1587 PRUint32 maxBytes); |
| 1582 extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append, | 1588 extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append, |
| 1583 PRUint32 maxBytes); | 1589 PRUint32 maxBytes); |
| 1584 | 1590 |
| 1585 /* ClientHello and ServerHello extension senders. | 1591 /* ClientHello and ServerHello extension senders. |
| 1586 * The code is in ssl3ext.c. | 1592 * The code is in ssl3ext.c. |
| 1587 */ | 1593 */ |
| 1588 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, | 1594 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, |
| 1589 PRUint32 maxBytes); | 1595 PRUint32 maxBytes); |
| 1590 extern PRInt32 ssl3_ClientSendCachedInfoXtn(sslSocket *ss, PRBool append, | 1596 extern PRInt32 ssl3_ClientSendCachedInfoXtn(sslSocket *ss, PRBool append, |
| 1591 PRUint32 maxBytes); | 1597 PRUint32 maxBytes); |
|
wtc
2011/07/13 01:17:15
This reminds me that you should merge your upstrea
| |
| 1598 extern PRInt32 ssl3_ClientSendOBCertXtn(sslSocket *ss, PRBool append, | |
| 1599 PRUint32 maxBytes); | |
| 1600 extern PRInt32 ssl3_ServerSendOBCertXtn(sslSocket *ss, PRBool append, | |
| 1601 PRUint32 maxBytes); | |
| 1592 | 1602 |
| 1593 /* Assigns new cert, cert chain and keys to ss->serverCerts | 1603 /* Assigns new cert, cert chain and keys to ss->serverCerts |
| 1594 * struct. If certChain is NULL, tries to find one. Aborts if | 1604 * struct. If certChain is NULL, tries to find one. Aborts if |
| 1595 * fails to do so. If cert and keyPair are NULL - unconfigures | 1605 * fails to do so. If cert and keyPair are NULL - unconfigures |
| 1596 * sslSocket of kea type.*/ | 1606 * sslSocket of kea type.*/ |
| 1597 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, | 1607 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, |
| 1598 CERTCertificateList *certChain, | 1608 CERTCertificateList *certChain, |
| 1599 ssl3KeyPair *keyPair, SSLKEAType kea); | 1609 ssl3KeyPair *keyPair, SSLKEAType kea); |
| 1600 /* Return key type for the cert */ | 1610 /* Return key type for the cert */ |
| 1601 extern SSLKEAType ssl_FindCertKEAType(CERTCertificate * cert); | 1611 extern SSLKEAType ssl_FindCertKEAType(CERTCertificate * cert); |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1728 #elif defined(_WIN32_WCE) | 1738 #elif defined(_WIN32_WCE) |
| 1729 #define SSL_GETPID GetCurrentProcessId | 1739 #define SSL_GETPID GetCurrentProcessId |
| 1730 #elif defined(WIN32) | 1740 #elif defined(WIN32) |
| 1731 extern int __cdecl _getpid(void); | 1741 extern int __cdecl _getpid(void); |
| 1732 #define SSL_GETPID _getpid | 1742 #define SSL_GETPID _getpid |
| 1733 #else | 1743 #else |
| 1734 #define SSL_GETPID() 0 | 1744 #define SSL_GETPID() 0 |
| 1735 #endif | 1745 #endif |
| 1736 | 1746 |
| 1737 #endif /* __sslimpl_h_ */ | 1747 #endif /* __sslimpl_h_ */ |
| OLD | NEW |
