OLD | NEW |
1 /* | 1 /* |
2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 #ifndef __ssl_h_ | 8 #ifndef __ssl_h_ |
9 #define __ssl_h_ | 9 #define __ssl_h_ |
10 | 10 |
(...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
237 SSLNextProtoState *state, | 237 SSLNextProtoState *state, |
238 unsigned char *buf, | 238 unsigned char *buf, |
239 unsigned int *bufLen, | 239 unsigned int *bufLen, |
240 unsigned int bufLenMax); | 240 unsigned int bufLenMax); |
241 | 241 |
242 /* | 242 /* |
243 ** Control ciphers that SSL uses. If on is non-zero then the named cipher | 243 ** Control ciphers that SSL uses. If on is non-zero then the named cipher |
244 ** is enabled, otherwise it is disabled. | 244 ** is enabled, otherwise it is disabled. |
245 ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values). | 245 ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values). |
246 ** EnableCipher records user preferences. | 246 ** EnableCipher records user preferences. |
247 ** SetPolicy sets the policy according to the policy module. | |
248 */ | 247 */ |
249 #ifdef SSL_DEPRECATED_FUNCTION | 248 #ifdef SSL_DEPRECATED_FUNCTION |
250 /* Old deprecated function names */ | 249 /* Old deprecated function names */ |
251 SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled); | 250 SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled); |
252 SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy); | 251 SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy); |
253 #endif | 252 #endif |
254 | 253 |
255 /* New function names */ | 254 /* New function names */ |
256 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool en
abled); | 255 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool en
abled); |
257 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *e
nabled); | 256 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *e
nabled); |
258 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled); | 257 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled); |
259 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); | 258 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); |
| 259 |
| 260 /* Policy functions are deprecated and no longer have any effect. They exist in |
| 261 * order to maintain ABI compatibility. */ |
260 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); | 262 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); |
| 263 /* SSL_CipherPolicyGet sets *policy to SSL_ALLOWED and returns SECSuccess. */ |
261 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); | 264 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); |
262 | 265 |
263 /* SSLChannelBindingType enumerates the types of supported channel binding | 266 /* SSLChannelBindingType enumerates the types of supported channel binding |
264 * values. See RFC 5929. */ | 267 * values. See RFC 5929. */ |
265 typedef enum SSLChannelBindingType { | 268 typedef enum SSLChannelBindingType { |
266 SSL_CHANNEL_BINDING_TLS_UNIQUE = 1, | 269 SSL_CHANNEL_BINDING_TLS_UNIQUE = 1, |
267 } SSLChannelBindingType; | 270 } SSLChannelBindingType; |
268 | 271 |
269 /* SSL_GetChannelBinding copies the requested channel binding value, as defined | 272 /* SSL_GetChannelBinding copies the requested channel binding value, as defined |
270 * in RFC 5929, into |out|. The full length of the binding value is written | 273 * in RFC 5929, into |out|. The full length of the binding value is written |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
345 | 348 |
346 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */ | 349 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */ |
347 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd, | 350 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd, |
348 SSLVersionRange *vrange); | 351 SSLVersionRange *vrange); |
349 | 352 |
350 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */ | 353 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */ |
351 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd, | 354 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd, |
352 const SSLVersionRange *vrange); | 355 const SSLVersionRange *vrange); |
353 | 356 |
354 | 357 |
355 /* Values for "policy" argument to SSL_PolicySet */ | 358 /* Values for "policy" argument to SSL_CipherPolicySet */ |
356 /* Values returned by SSL_CipherPolicyGet. */ | 359 /* Values returned by SSL_CipherPolicyGet. */ |
357 #define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */ | 360 #define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */ |
358 #define SSL_ALLOWED 1 | 361 #define SSL_ALLOWED 1 |
359 #define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */ | 362 #define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */ |
360 | 363 |
361 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */ | 364 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */ |
362 #define SSL_REQUIRE_NEVER ((PRBool)0) | 365 #define SSL_REQUIRE_NEVER ((PRBool)0) |
363 #define SSL_REQUIRE_ALWAYS ((PRBool)1) | 366 #define SSL_REQUIRE_ALWAYS ((PRBool)1) |
364 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2) | 367 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2) |
365 #define SSL_REQUIRE_NO_ERROR ((PRBool)3) | 368 #define SSL_REQUIRE_NO_ERROR ((PRBool)3) |
(...skipping 519 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
885 * Used by NSS_GetClientAuthData. May be used by other callback functions. | 888 * Used by NSS_GetClientAuthData. May be used by other callback functions. |
886 */ | 889 */ |
887 SSL_IMPORT SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert, | 890 SSL_IMPORT SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert, |
888 CERTDistNames *caNames); | 891 CERTDistNames *caNames); |
889 | 892 |
890 /* | 893 /* |
891 * Returns key exchange type of the keys in an SSL server certificate. | 894 * Returns key exchange type of the keys in an SSL server certificate. |
892 */ | 895 */ |
893 SSL_IMPORT SSLKEAType NSS_FindCertKEAType(CERTCertificate * cert); | 896 SSL_IMPORT SSLKEAType NSS_FindCertKEAType(CERTCertificate * cert); |
894 | 897 |
895 /* Set cipher policies to a predefined Domestic (U.S.A.) policy. | 898 /* |
896 * This essentially enables all supported ciphers. | 899 ** The NSS_Set*Policy functions have no effect and exist in order to maintain |
897 */ | 900 ** ABI compatibility. All supported ciphers are now allowed. |
| 901 */ |
898 SSL_IMPORT SECStatus NSS_SetDomesticPolicy(void); | 902 SSL_IMPORT SECStatus NSS_SetDomesticPolicy(void); |
899 | |
900 /* Set cipher policies to a predefined Policy that is exportable from the USA | |
901 * according to present U.S. policies as we understand them. | |
902 * See documentation for the list. | |
903 * Note that your particular application program may be able to obtain | |
904 * an export license with more or fewer capabilities than those allowed | |
905 * by this function. In that case, you should use SSL_SetPolicy() | |
906 * to explicitly allow those ciphers you may legally export. | |
907 */ | |
908 SSL_IMPORT SECStatus NSS_SetExportPolicy(void); | 903 SSL_IMPORT SECStatus NSS_SetExportPolicy(void); |
909 | |
910 /* Set cipher policies to a predefined Policy that is exportable from the USA | |
911 * according to present U.S. policies as we understand them, and that the | |
912 * nation of France will permit to be imported into their country. | |
913 * See documentation for the list. | |
914 */ | |
915 SSL_IMPORT SECStatus NSS_SetFrancePolicy(void); | 904 SSL_IMPORT SECStatus NSS_SetFrancePolicy(void); |
916 | 905 |
917 SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void); | 906 SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void); |
918 | 907 |
919 /* Report more information than SSL_SecurityStatus. | 908 /* Report more information than SSL_SecurityStatus. |
920 ** Caller supplies the info struct. Function fills it in. | 909 ** Caller supplies the info struct. Function fills it in. |
921 */ | 910 */ |
922 SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, | 911 SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, |
923 PRUintn len); | 912 PRUintn len); |
924 SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, | 913 SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1101 * should continue using the connection. If the application passes a non-zero | 1090 * should continue using the connection. If the application passes a non-zero |
1102 * value for second argument (error), or if SSL_AuthCertificateComplete returns | 1091 * value for second argument (error), or if SSL_AuthCertificateComplete returns |
1103 * anything other than SECSuccess, then the application should close the | 1092 * anything other than SECSuccess, then the application should close the |
1104 * connection. | 1093 * connection. |
1105 */ | 1094 */ |
1106 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, | 1095 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, |
1107 PRErrorCode error); | 1096 PRErrorCode error); |
1108 SEC_END_PROTOS | 1097 SEC_END_PROTOS |
1109 | 1098 |
1110 #endif /* __ssl_h_ */ | 1099 #endif /* __ssl_h_ */ |
OLD | NEW |