Make SSL False Start work with asynchronous certificate validation

net/third_party/nss/ssl/sslimpl.h

 /*
  * This file is PRIVATE to SSL and should be the first thing included by
  * any SSL implementation file.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef __sslimpl_h_
 #define __sslimpl_h_
@@ skipping 887 matching lines @@
     PRInt32               recvdHighWater;  /* The high water mark for fragments
                                             * received. -1 means no reassembly
                                             * in progress. */
     unsigned char         cookie[32];      /* The cookie */
     unsigned char         cookieLen;       /* The length of the cookie */
     PRIntervalTime        rtTimerStarted;  /* When the timer was started */
     DTLSTimerCb           rtTimerCb;       /* The function to call on expiry */
     PRUint32              rtTimeoutMs;     /* The length of the current timeout
                                             * used for backoff (in ms) */
     PRUint32              rtRetries;       /* The retry counter */
+    PRBool                canFalseStart;   /* Can/did we False Start */

[wtc, 2013/09/18 22:57:23]

I moved this new member elsewhere because this section is
under the comment "This group of values is used for DTLS".

+
 } SSL3HandshakeState;
 
 
 
 /*
 ** This is the "ssl3" struct, as in "ss->ssl3".
 ** note:
 ** usually,   crSpec == cwSpec and prSpec == pwSpec.  
 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
 ** But there are never more than 2 actual specs.  
@@ skipping 235 matching lines @@
 
     /* SSL socket options */
     sslOptions       opt;
     /* Enabled version range */
     SSLVersionRange  vrange;
 
     /* State flags */
     unsigned long    clientAuthRequested;
     unsigned long    delayDisabled;       /* Nagle delay disabled */
     unsigned long    firstHsDone;         /* first handshake is complete. */
+    unsigned long    enoughFirstHsDone;   /* enough of the handshake is done
+                                           * for callbacks to be able to
+                                           * retrieve channel security
+                                           * parameters from callback functions. */
     unsigned long    handshakeBegun;     
     unsigned long    lastWriteBlocked;   
     unsigned long    recvdCloseNotify;    /* received SSL EOF. */
     unsigned long    TCPconnected;       
     unsigned long    appDataBuffered;
     unsigned long    peerRequestedProtection; /* from old renegotiation */
 
     /* version of the protocol to use */
     SSL3ProtocolVersion version;
     SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */
@@ skipping 28 matching lines @@
 #ifdef NSS_PLATFORM_CLIENT_AUTH
     SSLGetPlatformClientAuthData getPlatformClientAuthData;
     void                        *getPlatformClientAuthDataArg;
 #endif  /* NSS_PLATFORM_CLIENT_AUTH */
     SSLSNISocketConfig        sniSocketConfig;
     void                     *sniSocketConfigArg;
     SSLBadCertHandler         handleBadCert;
     void                     *badCertArg;
     SSLHandshakeCallback      handshakeCallback;
     void                     *handshakeCallbackData;
+    SSLCanFalseStartCallback  canFalseStartCallback;
+    void                     *canFalseStartCallbackData;
     void                     *pkcs11PinArg;
     SSLNextProtoCallback      nextProtoCallback;
     void                     *nextProtoArg;
     SSLClientChannelIDCallback getChannelID;
     void                     *getChannelIDArg;
 
     PRIntervalTime            rTimeout; /* timeout for NSPR I/O */
     PRIntervalTime            wTimeout; /* timeout for NSPR I/O */
     PRIntervalTime            cTimeout; /* timeout for NSPR I/O */
 
@@ skipping 193 matching lines @@
                                           int len, int flags);
 
 extern PRBool    ssl_FdIsBlocking(PRFileDesc *fd);
 
 extern PRBool    ssl_SocketIsBlocking(sslSocket *ss);
 
 extern void      ssl3_SetAlwaysBlock(sslSocket *ss);
 
 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled);
 
-extern PRBool    ssl3_CanFalseStart(sslSocket *ss);
 extern SECStatus
 ssl3_CompressMACEncryptRecord(ssl3CipherSpec *   cwSpec,
                               PRBool             isServer,
                               PRBool             isDTLS,
                               PRBool             capRecordVersion,
                               SSL3ContentType    type,
                               const SSL3Opaque * pIn,
                               PRUint32           contentLen,
                               sslBuffer *        wrBuf);
 extern PRInt32   ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch,
@@ skipping 500 matching lines @@
 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
 #define SSL_GETPID getpid
 #elif defined(WIN32)
 extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
 #else
 #define SSL_GETPID() 0
 #endif
 
 #endif /* __sslimpl_h_ */