NSS: remove cipher policy framework.

net/third_party/nss/ssl/ssl.h

 /*
  * This file contains prototypes for the public SSL functions.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef __ssl_h_
 #define __ssl_h_
 
@@ skipping 226 matching lines @@
                                       SSLNextProtoState *state,
                                       unsigned char *buf,
                                       unsigned int *bufLen,
                                       unsigned int bufLenMax);
 
 /*
 ** Control ciphers that SSL uses. If on is non-zero then the named cipher
 ** is enabled, otherwise it is disabled. 
 ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values).
 ** EnableCipher records user preferences.
-** SetPolicy sets the policy according to the policy module.
 */
 #ifdef SSL_DEPRECATED_FUNCTION 
 /* Old deprecated function names */
 SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled);
 SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy);
 #endif
 
 /* New function names */
 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool enabled);
 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *enabled);
 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);
 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
+
+/* Policy functions are deprecated and no longer have any effect. They exist in
+ * order to maintain ABI compatibility. */
 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
+/* SSL_CipherPolicyGet sets *policy to SSL_ALLOWED and returns SECSuccess. */
 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
 
 /* SSLChannelBindingType enumerates the types of supported channel binding
  * values. See RFC 5929. */
 typedef enum SSLChannelBindingType {
     SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
 } SSLChannelBindingType;
 
 /* SSL_GetChannelBinding copies the requested channel binding value, as defined
  * in RFC 5929, into |out|. The full length of the binding value is written
@@ skipping 74 matching lines @@
 
 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */
 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd,
                                          SSLVersionRange *vrange);
 
 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */
 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd,
                                          const SSLVersionRange *vrange);
 
 
-/* Values for "policy" argument to SSL_PolicySet */
+/* Values for "policy" argument to SSL_CipherPolicySet */
 /* Values returned by SSL_CipherPolicyGet. */
 #define SSL_NOT_ALLOWED          0            /* or invalid or unimplemented */
 #define SSL_ALLOWED              1
 #define SSL_RESTRICTED           2            /* only with "Step-Up" certs. */
 
 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */
 #define SSL_REQUIRE_NEVER           ((PRBool)0)
 #define SSL_REQUIRE_ALWAYS          ((PRBool)1)
 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2)
 #define SSL_REQUIRE_NO_ERROR        ((PRBool)3)
@@ skipping 519 matching lines @@
  * Used by NSS_GetClientAuthData.  May be used by other callback functions.
  */
 SSL_IMPORT SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert, 
                                           CERTDistNames *caNames);
 
 /* 
  * Returns key exchange type of the keys in an SSL server certificate.
  */
 SSL_IMPORT SSLKEAType NSS_FindCertKEAType(CERTCertificate * cert);
 
-/* Set cipher policies to a predefined Domestic (U.S.A.) policy.
- * This essentially enables all supported ciphers.
- */
+/*
+** The NSS_Set*Policy functions have no effect and exist in order to maintain
+** ABI compatibility. All supported ciphers are now allowed.
+*/
 SSL_IMPORT SECStatus NSS_SetDomesticPolicy(void);
-
-/* Set cipher policies to a predefined Policy that is exportable from the USA
- *   according to present U.S. policies as we understand them.
- * See documentation for the list.
- * Note that your particular application program may be able to obtain
- *   an export license with more or fewer capabilities than those allowed
- *   by this function.  In that case, you should use SSL_SetPolicy()
- *   to explicitly allow those ciphers you may legally export.
- */
 SSL_IMPORT SECStatus NSS_SetExportPolicy(void);
-
-/* Set cipher policies to a predefined Policy that is exportable from the USA
- *   according to present U.S. policies as we understand them, and that the 
- *   nation of France will permit to be imported into their country.
- * See documentation for the list.
- */
 SSL_IMPORT SECStatus NSS_SetFrancePolicy(void);
 
 SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void);
 
 /* Report more information than SSL_SecurityStatus.
 ** Caller supplies the info struct.  Function fills it in.
 */
 SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info,
                                         PRUintn len);
 SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, 
@@ skipping 176 matching lines @@
  * should continue using the connection. If the application passes a non-zero
  * value for second argument (error), or if SSL_AuthCertificateComplete returns
  * anything other than SECSuccess, then the application should close the
  * connection.
  */
 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
                                                  PRErrorCode error);
 SEC_END_PROTOS
 
 #endif /* __ssl_h_ */