| Index: net/third_party/nss/ssl/sslimpl.h
|
| ===================================================================
|
| --- net/third_party/nss/ssl/sslimpl.h (revision 242942)
|
| +++ net/third_party/nss/ssl/sslimpl.h (working copy)
|
| @@ -618,8 +618,18 @@
|
| #define MAX_PEER_CERT_CHAIN_SIZE 8
|
|
|
| struct sslSessionIDStr {
|
| + /* The global cache lock must be held when accessing these members when the
|
| + * sid is in any cache.
|
| + */
|
| sslSessionID * next; /* chain used for client sockets, only */
|
| + Cached cached;
|
| + int references;
|
| + PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
|
|
|
| + /* The rest of the members, except for the members of u.ssl3.locked, may
|
| + * be modified only when the sid is not in any cache.
|
| + */
|
| +
|
| CERTCertificate * peerCert;
|
| CERTCertificate * peerCertChain[MAX_PEER_CERT_CHAIN_SIZE];
|
| SECItemArray peerCertStatus; /* client only */
|
| @@ -633,10 +643,7 @@
|
| SSL3ProtocolVersion version;
|
|
|
| PRUint32 creationTime; /* seconds since Jan 1, 1970 */
|
| - PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
|
| PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
|
| - Cached cached;
|
| - int references;
|
|
|
| SSLSignType authAlgorithm;
|
| PRUint32 authKeyBits;
|
| @@ -702,11 +709,7 @@
|
| char masterValid;
|
| char clAuthValid;
|
|
|
| - /* Session ticket if we have one, is sent as an extension in the
|
| - * ClientHello message. This field is used by clients.
|
| - */
|
| - NewSessionTicket sessionTicket;
|
| - SECItem srvName;
|
| + SECItem srvName;
|
|
|
| /* originalHandshakeHash contains the hash of the original, full
|
| * handshake prior to the server's final flow. This is either a
|
| @@ -720,11 +723,28 @@
|
| ** (used only in client).
|
| */
|
| SECItem signedCertTimestamps;
|
| +
|
| + /* This lock is lazily initialized by CacheSID when a sid is first
|
| + * cached. Before then, there is no need to lock anything because
|
| + * the sid isn't being shared by anything.
|
| + */
|
| + PRRWLock *lock;
|
| +
|
| + /* The lock must be held while reading or writing these members
|
| + * because they change while the sid is cached.
|
| + */
|
| + struct {
|
| + /* The session ticket, if we have one, is sent as an extension
|
| + * in the ClientHello message. This field is used only by
|
| + * clients. It is protected by lock when lock is non-null
|
| + * (after the sid has been added to the client session cache).
|
| + */
|
| + NewSessionTicket sessionTicket;
|
| + } locked;
|
| } ssl3;
|
| } u;
|
| };
|
|
|
| -
|
| typedef struct ssl3CipherSuiteDefStr {
|
| ssl3CipherSuite cipher_suite;
|
| SSL3BulkCipher bulk_cipher_alg;
|
| @@ -804,6 +824,7 @@
|
| /* SessionTicket Extension related data. */
|
| PRBool ticketTimestampVerified;
|
| PRBool emptySessionTicket;
|
| + PRBool sentSessionTicketInClientHello;
|
|
|
| /* SNI Extension related data
|
| * Names data is not coppied from the input buffer. It can not be
|
| @@ -877,6 +898,7 @@
|
| /* NOTE: On the client side, TLS 1.2 and later use |md5| as a backup
|
| * handshake hash for generating client auth signatures. Confusingly, the
|
| * backup hash function is SHA-1. */
|
| +#define backupHash md5
|
| PK11Context * md5;
|
| PK11Context * sha;
|
|
|
| @@ -897,6 +919,14 @@
|
| PRBool sendingSCSV; /* instead of empty RI */
|
| sslBuffer msgState; /* current state for handshake messages*/
|
| /* protected by recvBufLock */
|
| +
|
| + /* The session ticket received in a NewSessionTicket message is temporarily
|
| + * stored in newSessionTicket until the handshake is finished; then it is
|
| + * moved to the sid.
|
| + */
|
| + PRBool receivedNewSessionTicket;
|
| + NewSessionTicket newSessionTicket;
|
| +
|
| PRUint16 finishedBytes; /* size of single finished below */
|
| union {
|
| TLSFinished tFinished[2]; /* client, then server */
|
| @@ -1836,8 +1866,8 @@
|
|
|
| /* Hello Extension related routines. */
|
| extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type);
|
| -extern SECStatus ssl3_SetSIDSessionTicket(sslSessionID *sid,
|
| - NewSessionTicket *session_ticket);
|
| +extern void ssl3_SetSIDSessionTicket(sslSessionID *sid,
|
| + /*in/out*/ NewSessionTicket *session_ticket);
|
| extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss);
|
| extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName,
|
| unsigned char *encKey, unsigned char *macKey);
|
| @@ -1862,10 +1892,11 @@
|
| extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
|
| extern void ssl_FreePRSocket(PRFileDesc *fd);
|
|
|
| -/* Internal config function so SSL2 can initialize the present state of
|
| +/* Internal config function so SSL3 can initialize the present state of
|
| * various ciphers */
|
| extern int ssl3_config_match_init(sslSocket *);
|
|
|
| +
|
| /* Create a new ref counted key pair object from two keys. */
|
| extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey,
|
| SECKEYPublicKey * pubKey);
|
| @@ -1962,6 +1993,10 @@
|
|
|
| /********************** misc calls *********************/
|
|
|
| +#ifdef DEBUG
|
| +extern void ssl3_CheckCipherSuiteOrderConsistency();
|
| +#endif
|
| +
|
| extern int ssl_MapLowLevelError(int hiLevelError);
|
|
|
| extern PRUint32 ssl_Time(void);
|
|
|
Chromium Code Reviews
Issue 111853013:
Update net/third_party/nss to NSS 3.15.4. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/