OLD | NEW |
---|---|
1 /* | 1 /* |
2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 #ifndef __ssl_h_ | 8 #ifndef __ssl_h_ |
9 #define __ssl_h_ | 9 #define __ssl_h_ |
10 | 10 |
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
232 SSLNextProtoState *state, | 232 SSLNextProtoState *state, |
233 unsigned char *buf, | 233 unsigned char *buf, |
234 unsigned int *bufLen, | 234 unsigned int *bufLen, |
235 unsigned int bufLenMax); | 235 unsigned int bufLenMax); |
236 | 236 |
237 /* | 237 /* |
238 ** Control ciphers that SSL uses. If on is non-zero then the named cipher | 238 ** Control ciphers that SSL uses. If on is non-zero then the named cipher |
239 ** is enabled, otherwise it is disabled. | 239 ** is enabled, otherwise it is disabled. |
240 ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values). | 240 ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values). |
241 ** EnableCipher records user preferences. | 241 ** EnableCipher records user preferences. |
242 ** SetPolicy sets the policy according to the policy module. | |
243 */ | 242 */ |
244 #ifdef SSL_DEPRECATED_FUNCTION | 243 #ifdef SSL_DEPRECATED_FUNCTION |
245 /* Old deprecated function names */ | 244 /* Old deprecated function names */ |
246 SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled); | 245 SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled); |
247 SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy); | 246 SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy); |
248 #endif | 247 #endif |
249 | 248 |
250 /* New function names */ | 249 /* New function names */ |
251 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool en abled); | 250 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool en abled); |
252 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *e nabled); | 251 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *e nabled); |
253 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled); | 252 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled); |
254 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); | 253 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); |
254 | |
255 /* Policy functions are deprecated and no longer have any effect. They exist in | |
256 * order to maintain ABI compatibility. */ | |
wtc
2013/08/08 21:26:28
It would be nice to document that SSL_CipherPolicy
agl
2013/08/09 15:53:49
Done.
| |
255 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); | 257 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); |
256 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); | 258 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); |
257 | 259 |
258 /* SSLChannelBindingType enumerates the types of supported channel binding | 260 /* SSLChannelBindingType enumerates the types of supported channel binding |
259 * values. See RFC 5929. */ | 261 * values. See RFC 5929. */ |
260 typedef enum SSLChannelBindingType { | 262 typedef enum SSLChannelBindingType { |
261 SSL_CHANNEL_BINDING_TLS_UNIQUE = 1, | 263 SSL_CHANNEL_BINDING_TLS_UNIQUE = 1, |
262 } SSLChannelBindingType; | 264 } SSLChannelBindingType; |
263 | 265 |
264 /* SSL_GetChannelBinding copies the requested channel binding value, as defined | 266 /* SSL_GetChannelBinding copies the requested channel binding value, as defined |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
340 | 342 |
341 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */ | 343 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */ |
342 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd, | 344 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd, |
343 SSLVersionRange *vrange); | 345 SSLVersionRange *vrange); |
344 | 346 |
345 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */ | 347 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */ |
346 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd, | 348 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd, |
347 const SSLVersionRange *vrange); | 349 const SSLVersionRange *vrange); |
348 | 350 |
349 | 351 |
350 /* Values for "policy" argument to SSL_PolicySet */ | 352 /* Values for "policy" argument to SSL_PolicySet */ |
wtc
2013/08/08 21:26:28
Pre-existing typo: SSL_PolicySet => SSL_CipherPoli
agl
2013/08/09 15:53:49
Done.
| |
351 /* Values returned by SSL_CipherPolicyGet. */ | 353 /* Values returned by SSL_CipherPolicyGet. */ |
352 #define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */ | 354 #define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */ |
353 #define SSL_ALLOWED 1 | 355 #define SSL_ALLOWED 1 |
354 #define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */ | 356 #define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */ |
355 | 357 |
356 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */ | 358 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */ |
357 #define SSL_REQUIRE_NEVER ((PRBool)0) | 359 #define SSL_REQUIRE_NEVER ((PRBool)0) |
358 #define SSL_REQUIRE_ALWAYS ((PRBool)1) | 360 #define SSL_REQUIRE_ALWAYS ((PRBool)1) |
359 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2) | 361 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2) |
360 #define SSL_REQUIRE_NO_ERROR ((PRBool)3) | 362 #define SSL_REQUIRE_NO_ERROR ((PRBool)3) |
(...skipping 539 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
900 * by this function. In that case, you should use SSL_SetPolicy() | 902 * by this function. In that case, you should use SSL_SetPolicy() |
901 * to explicitly allow those ciphers you may legally export. | 903 * to explicitly allow those ciphers you may legally export. |
902 */ | 904 */ |
903 SSL_IMPORT SECStatus NSS_SetExportPolicy(void); | 905 SSL_IMPORT SECStatus NSS_SetExportPolicy(void); |
904 | 906 |
905 /* Set cipher policies to a predefined Policy that is exportable from the USA | 907 /* Set cipher policies to a predefined Policy that is exportable from the USA |
906 * according to present U.S. policies as we understand them, and that the | 908 * according to present U.S. policies as we understand them, and that the |
907 * nation of France will permit to be imported into their country. | 909 * nation of France will permit to be imported into their country. |
908 * See documentation for the list. | 910 * See documentation for the list. |
909 */ | 911 */ |
910 SSL_IMPORT SECStatus NSS_SetFrancePolicy(void); | 912 SSL_IMPORT SECStatus NSS_SetFrancePolicy(void); |
wtc
2013/08/08 21:26:28
I think the comments for these three NSS_SetXXXPol
agl
2013/08/09 15:53:49
Done.
| |
911 | 913 |
912 SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void); | 914 SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void); |
913 | 915 |
914 /* Report more information than SSL_SecurityStatus. | 916 /* Report more information than SSL_SecurityStatus. |
915 ** Caller supplies the info struct. Function fills it in. | 917 ** Caller supplies the info struct. Function fills it in. |
916 */ | 918 */ |
917 SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, | 919 SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, |
918 PRUintn len); | 920 PRUintn len); |
919 SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, | 921 SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, |
920 SSLCipherSuiteInfo *info, PRUintn len); | 922 SSLCipherSuiteInfo *info, PRUintn len); |
(...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1096 * should continue using the connection. If the application passes a non-zero | 1098 * should continue using the connection. If the application passes a non-zero |
1097 * value for second argument (error), or if SSL_AuthCertificateComplete returns | 1099 * value for second argument (error), or if SSL_AuthCertificateComplete returns |
1098 * anything other than SECSuccess, then the application should close the | 1100 * anything other than SECSuccess, then the application should close the |
1099 * connection. | 1101 * connection. |
1100 */ | 1102 */ |
1101 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, | 1103 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, |
1102 PRErrorCode error); | 1104 PRErrorCode error); |
1103 SEC_END_PROTOS | 1105 SEC_END_PROTOS |
1104 | 1106 |
1105 #endif /* __ssl_h_ */ | 1107 #endif /* __ssl_h_ */ |
OLD | NEW |