Chromium Code Reviews Chromium Code Reviews
Issue 21564003:
NSS: remove cipher policy framework.
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
| 3 * | 3 * |
| 4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
| 5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 7 | 7 |
| 8 #ifndef __ssl_h_ | 8 #ifndef __ssl_h_ |
| 9 #define __ssl_h_ | 9 #define __ssl_h_ |
| 10 | 10 |
| (...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 232 SSLNextProtoState *state, | 232 SSLNextProtoState *state, |
| 233 unsigned char *buf, | 233 unsigned char *buf, |
| 234 unsigned int *bufLen, | 234 unsigned int *bufLen, |
| 235 unsigned int bufLenMax); | 235 unsigned int bufLenMax); |
| 236 | 236 |
| 237 /* | 237 /* |
| 238 ** Control ciphers that SSL uses. If on is non-zero then the named cipher | 238 ** Control ciphers that SSL uses. If on is non-zero then the named cipher |
| 239 ** is enabled, otherwise it is disabled. | 239 ** is enabled, otherwise it is disabled. |
| 240 ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values). | 240 ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values). |
| 241 ** EnableCipher records user preferences. | 241 ** EnableCipher records user preferences. |
| 242 ** SetPolicy sets the policy according to the policy module. | |
| 243 */ | 242 */ |
| 244 #ifdef SSL_DEPRECATED_FUNCTION | 243 #ifdef SSL_DEPRECATED_FUNCTION |
| 245 /* Old deprecated function names */ | 244 /* Old deprecated function names */ |
| 246 SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled); | 245 SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled); |
| 247 SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy); | 246 SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy); |
| 248 #endif | 247 #endif |
| 249 | 248 |
| 250 /* New function names */ | 249 /* New function names */ |
| 251 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool en abled); | 250 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool en abled); |
| 252 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *e nabled); | 251 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *e nabled); |
| 253 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled); | 252 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled); |
| 254 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); | 253 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); |
| 254 | |
| 255 /* Policy functions are deprecated and no longer have any effect. They exist in | |
| 256 * order to maintain ABI compatibility. */ | |
|
wtc
2013/08/08 21:26:28
It would be nice to document that SSL_CipherPolicy
agl
2013/08/09 15:53:49
Done.
| |
| 255 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); | 257 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); |
| 256 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); | 258 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); |
| 257 | 259 |
| 258 /* SSLChannelBindingType enumerates the types of supported channel binding | 260 /* SSLChannelBindingType enumerates the types of supported channel binding |
| 259 * values. See RFC 5929. */ | 261 * values. See RFC 5929. */ |
| 260 typedef enum SSLChannelBindingType { | 262 typedef enum SSLChannelBindingType { |
| 261 SSL_CHANNEL_BINDING_TLS_UNIQUE = 1, | 263 SSL_CHANNEL_BINDING_TLS_UNIQUE = 1, |
| 262 } SSLChannelBindingType; | 264 } SSLChannelBindingType; |
| 263 | 265 |
| 264 /* SSL_GetChannelBinding copies the requested channel binding value, as defined | 266 /* SSL_GetChannelBinding copies the requested channel binding value, as defined |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 340 | 342 |
| 341 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */ | 343 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */ |
| 342 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd, | 344 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd, |
| 343 SSLVersionRange *vrange); | 345 SSLVersionRange *vrange); |
| 344 | 346 |
| 345 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */ | 347 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */ |
| 346 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd, | 348 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd, |
| 347 const SSLVersionRange *vrange); | 349 const SSLVersionRange *vrange); |
| 348 | 350 |
| 349 | 351 |
| 350 /* Values for "policy" argument to SSL_PolicySet */ | 352 /* Values for "policy" argument to SSL_PolicySet */ |
|
wtc
2013/08/08 21:26:28
Pre-existing typo: SSL_PolicySet => SSL_CipherPoli
agl
2013/08/09 15:53:49
Done.
| |
| 351 /* Values returned by SSL_CipherPolicyGet. */ | 353 /* Values returned by SSL_CipherPolicyGet. */ |
| 352 #define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */ | 354 #define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */ |
| 353 #define SSL_ALLOWED 1 | 355 #define SSL_ALLOWED 1 |
| 354 #define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */ | 356 #define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */ |
| 355 | 357 |
| 356 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */ | 358 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */ |
| 357 #define SSL_REQUIRE_NEVER ((PRBool)0) | 359 #define SSL_REQUIRE_NEVER ((PRBool)0) |
| 358 #define SSL_REQUIRE_ALWAYS ((PRBool)1) | 360 #define SSL_REQUIRE_ALWAYS ((PRBool)1) |
| 359 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2) | 361 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2) |
| 360 #define SSL_REQUIRE_NO_ERROR ((PRBool)3) | 362 #define SSL_REQUIRE_NO_ERROR ((PRBool)3) |
| (...skipping 539 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 900 * by this function. In that case, you should use SSL_SetPolicy() | 902 * by this function. In that case, you should use SSL_SetPolicy() |
| 901 * to explicitly allow those ciphers you may legally export. | 903 * to explicitly allow those ciphers you may legally export. |
| 902 */ | 904 */ |
| 903 SSL_IMPORT SECStatus NSS_SetExportPolicy(void); | 905 SSL_IMPORT SECStatus NSS_SetExportPolicy(void); |
| 904 | 906 |
| 905 /* Set cipher policies to a predefined Policy that is exportable from the USA | 907 /* Set cipher policies to a predefined Policy that is exportable from the USA |
| 906 * according to present U.S. policies as we understand them, and that the | 908 * according to present U.S. policies as we understand them, and that the |
| 907 * nation of France will permit to be imported into their country. | 909 * nation of France will permit to be imported into their country. |
| 908 * See documentation for the list. | 910 * See documentation for the list. |
| 909 */ | 911 */ |
| 910 SSL_IMPORT SECStatus NSS_SetFrancePolicy(void); | 912 SSL_IMPORT SECStatus NSS_SetFrancePolicy(void); |
|
wtc
2013/08/08 21:26:28
I think the comments for these three NSS_SetXXXPol
agl
2013/08/09 15:53:49
Done.
| |
| 911 | 913 |
| 912 SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void); | 914 SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void); |
| 913 | 915 |
| 914 /* Report more information than SSL_SecurityStatus. | 916 /* Report more information than SSL_SecurityStatus. |
| 915 ** Caller supplies the info struct. Function fills it in. | 917 ** Caller supplies the info struct. Function fills it in. |
| 916 */ | 918 */ |
| 917 SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, | 919 SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, |
| 918 PRUintn len); | 920 PRUintn len); |
| 919 SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, | 921 SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, |
| 920 SSLCipherSuiteInfo *info, PRUintn len); | 922 SSLCipherSuiteInfo *info, PRUintn len); |
| (...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1096 * should continue using the connection. If the application passes a non-zero | 1098 * should continue using the connection. If the application passes a non-zero |
| 1097 * value for second argument (error), or if SSL_AuthCertificateComplete returns | 1099 * value for second argument (error), or if SSL_AuthCertificateComplete returns |
| 1098 * anything other than SECSuccess, then the application should close the | 1100 * anything other than SECSuccess, then the application should close the |
| 1099 * connection. | 1101 * connection. |
| 1100 */ | 1102 */ |
| 1101 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, | 1103 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, |
| 1102 PRErrorCode error); | 1104 PRErrorCode error); |
| 1103 SEC_END_PROTOS | 1105 SEC_END_PROTOS |
| 1104 | 1106 |
| 1105 #endif /* __ssl_h_ */ | 1107 #endif /* __ssl_h_ */ |
| OLD | NEW |
