net: rework the NPN patch.

net/third_party/nss/ssl/sslimpl.h

 /*
  * This file is PRIVATE to SSL and should be the first thing included by
  * any SSL implementation file.
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
@@ skipping 304 matching lines @@
 #endif
 } ssl3CipherSuiteCfg;
 
 #ifdef NSS_ENABLE_ECC
 #define ssl_V3_SUITES_IMPLEMENTED 50
 #else
 #define ssl_V3_SUITES_IMPLEMENTED 30
 #endif /* NSS_ENABLE_ECC */
 
 typedef struct sslOptionsStr {
-    /* For clients, this is a validated list of protocols in preference order
-     * and wire format. For servers, this is the list of support protocols,
-     * also in wire format. */
-    SECItem      nextProtoNego;
-
     unsigned int useSecurity            : 1;  /*  1 */
     unsigned int useSocks               : 1;  /*  2 */
     unsigned int requestCertificate     : 1;  /*  3 */
     unsigned int requireCertificate     : 2;  /*  4-5 */
     unsigned int handshakeAsClient      : 1;  /*  6 */
     unsigned int handshakeAsServer      : 1;  /*  7 */
     unsigned int enableSSL2             : 1;  /*  8 */
     unsigned int enableSSL3             : 1;  /*  9 */
     unsigned int enableTLS              : 1;  /* 10 */
     unsigned int noCache                : 1;  /* 11 */
@@ skipping 480 matching lines @@
     sslBuffer             messages;    /* Accumulated handshake messages */
     PRUint16              finishedBytes; /* size of single finished below */
     union {
         TLSFinished       tFinished[2]; /* client, then server */
         SSL3Hashes        sFinished[2];
         SSL3Opaque        data[72];
     }                     finishedMsgs;
 #ifdef NSS_ENABLE_ECC
     PRUint32              negotiatedECCurves; /* bit mask */
 #endif /* NSS_ENABLE_ECC */
-    PRBool                nextProtoNego;/* Our peer has sent this extension */
 } SSL3HandshakeState;
 
 
 
 /*
 ** This is the "ssl3" struct, as in "ss->ssl3".
 ** note:
 ** usually,   crSpec == cwSpec and prSpec == pwSpec.  
 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
 ** But there are never more than 2 actual specs.  
@@ skipping 38 matching lines @@
                              * does not include the leaf cert. It is actually a
                              * linked list of ssl3CertNode structs.
                              */
     CERTDistNames *      ca_list; 
                             /* used by server.  trusted CAs for this socket. */
     PRBool               initialized;
     SSL3HandshakeState   hs;
     ssl3CipherSpec       specs[2];      /* one is current, one is pending. */
 
     /* In a client: if the server supports Next Protocol Negotiation, then
      * this is the protocol that was requested.

[wtc, 2011/10/11 23:43:04]

Nit: I think "that was negotiated" or "that the client selected"
is clearer than "that was requested".

At least change this to "that the client requested".

[agl, 2011/10/17 17:37:24]

Done.

-     * In a server: this is the protocol that the client requested via Next
-     * Protocol Negotiation.

[wtc, 2011/10/11 23:43:04]

Why do you delete this comment about servers?
Is it because the NPN patch for NSS does't have the
server-side implementation?  (I don't see a
ssl3_ServerSendNextProtoNegoXtn function.)

[agl, 2011/10/17 17:37:24]

Right, the server side hasn't been written and the comment was misleading in
suggesting that server-side support exists.

      *
-     * In either case, if the data pointer is non-NULL, then it is malloced
-     * data.  */
+     * If the data pointer is non-NULL, then it is malloced data.  */
     SECItem             nextProto;
-    int                 nextProtoState; /* See SSL_NEXT_PROTO_* defines */
 };
 
 typedef struct {
     SSL3ContentType      type;
     SSL3ProtocolVersion  version;
     sslBuffer *          buf;
 } SSL3Ciphertext;
 
 struct ssl3KeyPairStr {
     SECKEYPrivateKey *    privKey;
@@ skipping 215 matching lines @@
     SSLGetPlatformClientAuthData getPlatformClientAuthData;
     void                        *getPlatformClientAuthDataArg;
 #endif  /* NSS_PLATFORM_CLIENT_AUTH */
     SSLSNISocketConfig        sniSocketConfig;
     void                     *sniSocketConfigArg;
     SSLBadCertHandler         handleBadCert;
     void                     *badCertArg;
     SSLHandshakeCallback      handshakeCallback;
     void                     *handshakeCallbackData;
     void                     *pkcs11PinArg;
+    SSLNextProtoCallback      nextProtoCallback;
+    void                     *nextProtoArg;
 
     PRIntervalTime            rTimeout; /* timeout for NSPR I/O */
     PRIntervalTime            wTimeout; /* timeout for NSPR I/O */
     PRIntervalTime            cTimeout; /* timeout for NSPR I/O */
 
     PZLock *      recvLock;     /* lock against multiple reader threads. */
     PZLock *      sendLock;     /* lock against multiple sender threads. */
 
     PZMonitor *   recvBufLock;  /* locks low level recv buffers. */
     PZMonitor *   xmitBufLock;  /* locks low level xmit buffers. */
@@ skipping 607 matching lines @@
 #elif defined(_WIN32_WCE)
 #define SSL_GETPID GetCurrentProcessId
 #elif defined(WIN32)
 extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
 #else
 #define SSL_GETPID() 0
 #endif
 
 #endif /* __sslimpl_h_ */