OLD | NEW |
1 /* | 1 /* |
2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 #ifndef __ssl_h_ | 8 #ifndef __ssl_h_ |
9 #define __ssl_h_ | 9 #define __ssl_h_ |
10 | 10 |
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
156 * not do that because some implementations cannot handle empty | 156 * not do that because some implementations cannot handle empty |
157 * application_data records. Also, we only split application_data records and | 157 * application_data records. Also, we only split application_data records and |
158 * not other types of records, because some implementations will not accept | 158 * not other types of records, because some implementations will not accept |
159 * fragmented records of some other types (e.g. some versions of NSS do not | 159 * fragmented records of some other types (e.g. some versions of NSS do not |
160 * accept fragmented alerts). | 160 * accept fragmented alerts). |
161 */ | 161 */ |
162 #define SSL_CBC_RANDOM_IV 23 | 162 #define SSL_CBC_RANDOM_IV 23 |
163 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ | 163 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ |
164 | 164 |
165 /* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial | 165 /* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial |
166 * handshake when protocol negotiation is used. SSL_SetNextProtoCallback | 166 * handshake when application layer protocol negotiation is used. |
167 * or SSL_SetNextProtoNego must be used to control the protocol negotiation; | 167 * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the |
168 * otherwise, the NPN extension will not be negotiated. SSL_ENABLE_NPN is | 168 * application layer protocol negotiation; otherwise, the NPN extension will |
169 * currently enabled by default but this may change in future versions. | 169 * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this |
| 170 * may change in future versions. |
170 */ | 171 */ |
171 #define SSL_ENABLE_NPN 25 | 172 #define SSL_ENABLE_NPN 25 |
172 | 173 |
173 /* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the | 174 /* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the |
174 * initial handshake when protocol negotiation is used. SSL_SetNextProtoNego | 175 * initial handshake when application layer protocol negotiation is used. |
175 * (not SSL_SetNextProtoCallback) must be used to control the protocol | 176 * SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control |
176 * negotiation; otherwise, the ALPN extension will not be negotiated. ALPN is | 177 * the application layer protocol negotiation; otherwise, the ALPN extension |
177 * not negotiated for renegotiation handshakes, even though the ALPN | 178 * will not be negotiated. ALPN is not negotiated for renegotiation handshakes, |
178 * specification defines a way to use ALPN during renegotiations. | 179 * even though the ALPN specification defines a way to use ALPN during |
179 * SSL_ENABLE_ALPN is currently disabled by default, but this may change in | 180 * renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this |
180 * future versions. | 181 * may change in future versions. |
181 */ | 182 */ |
182 #define SSL_ENABLE_ALPN 26 | 183 #define SSL_ENABLE_ALPN 26 |
183 | 184 |
184 /* Request Signed Certificate Timestamps via TLS extension (client) */ | 185 /* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is |
185 #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27 | 186 * reused for multiple handshakes or generated each time. |
| 187 * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default. |
| 188 */ |
| 189 #define SSL_REUSE_SERVER_ECDHE_KEY 27 |
| 190 |
186 #define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in | 191 #define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in |
187 * handshakes. */ | 192 * handshakes. */ |
188 | 193 |
| 194 /* Request Signed Certificate Timestamps via TLS extension (client) */ |
| 195 #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 29 |
| 196 |
189 #ifdef SSL_DEPRECATED_FUNCTION | 197 #ifdef SSL_DEPRECATED_FUNCTION |
190 /* Old deprecated function names */ | 198 /* Old deprecated function names */ |
191 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); | 199 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); |
192 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); | 200 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); |
193 #endif | 201 #endif |
194 | 202 |
195 /* New function names */ | 203 /* New function names */ |
196 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); | 204 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); |
197 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); | 205 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); |
198 SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on); | 206 SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on); |
(...skipping 989 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1188 * should continue using the connection. If the application passes a non-zero | 1196 * should continue using the connection. If the application passes a non-zero |
1189 * value for second argument (error), or if SSL_AuthCertificateComplete returns | 1197 * value for second argument (error), or if SSL_AuthCertificateComplete returns |
1190 * anything other than SECSuccess, then the application should close the | 1198 * anything other than SECSuccess, then the application should close the |
1191 * connection. | 1199 * connection. |
1192 */ | 1200 */ |
1193 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, | 1201 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, |
1194 PRErrorCode error); | 1202 PRErrorCode error); |
1195 SEC_END_PROTOS | 1203 SEC_END_PROTOS |
1196 | 1204 |
1197 #endif /* __ssl_h_ */ | 1205 #endif /* __ssl_h_ */ |
OLD | NEW |