Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1155)

Side by Side Diff: net/third_party/nss/ssl/ssl.h

Issue 9733012: Update NSS to NSS 3.13.4 pre-release snapshot 20120319. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Forgot to update the sslerr.h and SSLerrs.h files Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 /* 1 /*
2 * This file contains prototypes for the public SSL functions. 2 * This file contains prototypes for the public SSL functions.
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 18 matching lines...) Expand all
29 * in which case the provisions of the GPL or the LGPL are applicable instead 29 * in which case the provisions of the GPL or the LGPL are applicable instead
30 * of those above. If you wish to allow use of your version of this file only 30 * of those above. If you wish to allow use of your version of this file only
31 * under the terms of either the GPL or the LGPL, and not to allow others to 31 * under the terms of either the GPL or the LGPL, and not to allow others to
32 * use your version of this file under the terms of the MPL, indicate your 32 * use your version of this file under the terms of the MPL, indicate your
33 * decision by deleting the provisions above and replace them with the notice 33 * decision by deleting the provisions above and replace them with the notice
34 * and other provisions required by the GPL or the LGPL. If you do not delete 34 * and other provisions required by the GPL or the LGPL. If you do not delete
35 * the provisions above, a recipient may use your version of this file under 35 * the provisions above, a recipient may use your version of this file under
36 * the terms of any one of the MPL, the GPL or the LGPL. 36 * the terms of any one of the MPL, the GPL or the LGPL.
37 * 37 *
38 * ***** END LICENSE BLOCK ***** */ 38 * ***** END LICENSE BLOCK ***** */
39 /* $Id: ssl.h,v 1.49 2012/02/15 21:52:08 kaie%kuix.de Exp $ */ 39 /* $Id: ssl.h,v 1.54 2012/03/18 00:31:19 wtc%google.com Exp $ */
40 40
41 #ifndef __ssl_h_ 41 #ifndef __ssl_h_
42 #define __ssl_h_ 42 #define __ssl_h_
43 43
44 #include "prtypes.h" 44 #include "prtypes.h"
45 #include "prerror.h" 45 #include "prerror.h"
46 #include "prio.h" 46 #include "prio.h"
47 #include "seccomon.h" 47 #include "seccomon.h"
48 #include "cert.h" 48 #include "cert.h"
49 #include "keyt.h" 49 #include "keyt.h"
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
93 ** require a certificate during secure connect 93 ** require a certificate during secure connect
94 */ 94 */
95 /* options */ 95 /* options */
96 #define SSL_SECURITY 1 /* (on by default) */ 96 #define SSL_SECURITY 1 /* (on by default) */
97 #define SSL_SOCKS 2 /* (off by default) */ 97 #define SSL_SOCKS 2 /* (off by default) */
98 #define SSL_REQUEST_CERTIFICATE 3 /* (off by default) */ 98 #define SSL_REQUEST_CERTIFICATE 3 /* (off by default) */
99 #define SSL_HANDSHAKE_AS_CLIENT 5 /* force accept to hs as client */ 99 #define SSL_HANDSHAKE_AS_CLIENT 5 /* force accept to hs as client */
100 /* (off by default) */ 100 /* (off by default) */
101 #define SSL_HANDSHAKE_AS_SERVER 6 /* force connect to hs as server */ 101 #define SSL_HANDSHAKE_AS_SERVER 6 /* force connect to hs as server */
102 /* (off by default) */ 102 /* (off by default) */
103
104 /* OBSOLETE: SSL v2 is obsolete and may be removed soon. */
103 #define SSL_ENABLE_SSL2 7 /* enable ssl v2 (off by default) */ 105 #define SSL_ENABLE_SSL2 7 /* enable ssl v2 (off by default) */
106
107 /* OBSOLETE: See "SSL Version Range API" below for the replacement and a
108 ** description of the non-obvious semantics of using SSL_ENABLE_SSL3.
109 */
104 #define SSL_ENABLE_SSL3 8 /* enable ssl v3 (on by default) */ 110 #define SSL_ENABLE_SSL3 8 /* enable ssl v3 (on by default) */
111
105 #define SSL_NO_CACHE 9 /* don't use the session cache */ 112 #define SSL_NO_CACHE 9 /* don't use the session cache */
106 /* (off by default) */ 113 /* (off by default) */
107 #define SSL_REQUIRE_CERTIFICATE 10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */ 114 #define SSL_REQUIRE_CERTIFICATE 10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */
108 /* by default) */ 115 /* by default) */
109 #define SSL_ENABLE_FDX 11 /* permit simultaneous read/write */ 116 #define SSL_ENABLE_FDX 11 /* permit simultaneous read/write */
110 /* (off by default) */ 117 /* (off by default) */
118
119 /* OBSOLETE: SSL v2 compatible hellos are not accepted by some TLS servers
120 ** and cannot negotiate extensions. SSL v2 is obsolete. This option may be
121 ** removed soon.
122 */
111 #define SSL_V2_COMPATIBLE_HELLO 12 /* send v3 client hello in v2 fmt */ 123 #define SSL_V2_COMPATIBLE_HELLO 12 /* send v3 client hello in v2 fmt */
112 /* (off by default) */ 124 /* (off by default) */
125
126 /* OBSOLETE: See "SSL Version Range API" below for the replacement and a
127 ** description of the non-obvious semantics of using SSL_ENABLE_TLS.
128 */
113 #define SSL_ENABLE_TLS 13 /* enable TLS (on by default) */ 129 #define SSL_ENABLE_TLS 13 /* enable TLS (on by default) */
130
114 #define SSL_ROLLBACK_DETECTION 14 /* for compatibility, default: on */ 131 #define SSL_ROLLBACK_DETECTION 14 /* for compatibility, default: on */
115 #define SSL_NO_STEP_DOWN 15 /* Disable export cipher suites */ 132 #define SSL_NO_STEP_DOWN 15 /* Disable export cipher suites */
116 /* if step-down keys are needed. */ 133 /* if step-down keys are needed. */
117 /* default: off, generate */ 134 /* default: off, generate */
118 /* step-down keys if needed. */ 135 /* step-down keys if needed. */
119 #define SSL_BYPASS_PKCS11 16 /* use PKCS#11 for pub key only */ 136 #define SSL_BYPASS_PKCS11 16 /* use PKCS#11 for pub key only */
120 #define SSL_NO_LOCKS 17 /* Don't use locks for protection */ 137 #define SSL_NO_LOCKS 17 /* Don't use locks for protection */
121 #define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */ 138 #define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */
122 /* extension (off by default) */ 139 /* extension (off by default) */
123 #define SSL_ENABLE_DEFLATE 19 /* Enable TLS compression with */ 140 #define SSL_ENABLE_DEFLATE 19 /* Enable TLS compression with */
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after
254 #endif 271 #endif
255 272
256 /* New function names */ 273 /* New function names */
257 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool en abled); 274 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool en abled);
258 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *e nabled); 275 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *e nabled);
259 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled); 276 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);
260 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); 277 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
261 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); 278 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
262 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); 279 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
263 280
281 /* SSL Version Range API
282 **
283 ** This API should be used to control SSL 3.0 & TLS support instead of the
284 ** older SSL_Option* API; however, the SSL_Option* API MUST still be used to
285 ** control SSL 2.0 support. In this version of libssl, SSL 3.0 and TLS 1.0 are
286 ** enabled by default. Future versions of libssl may change which versions of
287 ** the protocol are enabled by default.
288 **
289 ** The SSLProtocolVariant enum indicates whether the protocol is of type
290 ** stream or datagram. This must be provided to the functions that do not
291 ** take an fd. Functions which take an fd will get the variant from the fd,
292 ** which is typed.
293 **
294 ** Using the new version range API in conjunction with the older
295 ** SSL_OptionSet-based API for controlling the enabled protocol versions may
296 ** cause unexpected results. Going forward, we guarantee only the following:
297 **
298 ** SSL_OptionGet(SSL_ENABLE_TLS) will return PR_TRUE if *ANY* versions of TLS
299 ** are enabled.
300 **
301 ** SSL_OptionSet(SSL_ENABLE_TLS, PR_FALSE) will disable *ALL* versions of TLS,
302 ** including TLS 1.0 and later.
303 **
304 ** The above two properties provide compatibility for applications that use
305 ** SSL_OptionSet to implement the insecure fallback from TLS 1.x to SSL 3.0.
306 **
307 ** SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) will enable TLS 1.0, and may also
308 ** enable some later versions of TLS, if it is necessary to do so in order to
309 ** keep the set of enabled versions contiguous. For example, if TLS 1.2 is
310 ** enabled, then after SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE), TLS 1.0,
311 ** TLS 1.1, and TLS 1.2 will be enabled, and the call will have no effect on
312 ** whether SSL 3.0 is enabled. If no later versions of TLS are enabled at the
313 ** time SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) is called, then no later
314 ** versions of TLS will be enabled by the call.
315 **
316 ** SSL_OptionSet(SSL_ENABLE_SSL3, PR_FALSE) will disable SSL 3.0, and will not
317 ** change the set of TLS versions that are enabled.
318 **
319 ** SSL_OptionSet(SSL_ENABLE_SSL3, PR_TRUE) will enable SSL 3.0, and may also
320 ** enable some versions of TLS if TLS 1.1 or later is enabled at the time of
321 ** the call, the same way SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) works, in
322 ** order to keep the set of enabled versions contiguous.
323 */
324
325 /* Returns, in |*vrange|, the range of SSL3/TLS versions supported for the
326 ** given protocol variant by the version of libssl linked-to at runtime.
327 */
328 SSL_IMPORT SECStatus SSL_VersionRangeGetSupported(
329 SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
330
331 /* Returns, in |*vrange|, the range of SSL3/TLS versions enabled by default
332 ** for the given protocol variant.
333 */
334 SSL_IMPORT SECStatus SSL_VersionRangeGetDefault(
335 SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
336
337 /* Sets the range of enabled-by-default SSL3/TLS versions for the given
338 ** protocol variant to |*vrange|.
339 */
340 SSL_IMPORT SECStatus SSL_VersionRangeSetDefault(
341 SSLProtocolVariant protocolVariant, const SSLVersionRange *vrange);
342
343 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */
344 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd,
345 SSLVersionRange *vrange);
346
347 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */
348 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd,
349 const SSLVersionRange *vrange);
350
351
264 /* Values for "policy" argument to SSL_PolicySet */ 352 /* Values for "policy" argument to SSL_PolicySet */
265 /* Values returned by SSL_CipherPolicyGet. */ 353 /* Values returned by SSL_CipherPolicyGet. */
266 #define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */ 354 #define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */
267 #define SSL_ALLOWED 1 355 #define SSL_ALLOWED 1
268 #define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */ 356 #define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */
269 357
270 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */ 358 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */
271 #define SSL_REQUIRE_NEVER ((PRBool)0) 359 #define SSL_REQUIRE_NEVER ((PRBool)0)
272 #define SSL_REQUIRE_ALWAYS ((PRBool)1) 360 #define SSL_REQUIRE_ALWAYS ((PRBool)1)
273 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2) 361 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2)
(...skipping 655 matching lines...) Expand 10 before | Expand all | Expand 10 after
929 * should continue using the connection. If the application passes a non-zero 1017 * should continue using the connection. If the application passes a non-zero
930 * value for second argument (error), or if SSL_AuthCertificateComplete returns 1018 * value for second argument (error), or if SSL_AuthCertificateComplete returns
931 * anything other than SECSuccess, then the application should close the 1019 * anything other than SECSuccess, then the application should close the
932 * connection. 1020 * connection.
933 */ 1021 */
934 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, 1022 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
935 PRErrorCode error); 1023 PRErrorCode error);
936 SEC_END_PROTOS 1024 SEC_END_PROTOS
937 1025
938 #endif /* __ssl_h_ */ 1026 #endif /* __ssl_h_ */
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698