OLD | NEW |
---|---|
1 /* | 1 /* |
2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 #ifndef __ssl_h_ | 8 #ifndef __ssl_h_ |
9 #define __ssl_h_ | 9 #define __ssl_h_ |
10 | 10 |
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
159 * configurations) prevent the same attack by prepending an empty | 159 * configurations) prevent the same attack by prepending an empty |
160 * application_data record to every application_data record they send; we do | 160 * application_data record to every application_data record they send; we do |
161 * not do that because some implementations cannot handle empty | 161 * not do that because some implementations cannot handle empty |
162 * application_data records. Also, we only split application_data records and | 162 * application_data records. Also, we only split application_data records and |
163 * not other types of records, because some implementations will not accept | 163 * not other types of records, because some implementations will not accept |
164 * fragmented records of some other types (e.g. some versions of NSS do not | 164 * fragmented records of some other types (e.g. some versions of NSS do not |
165 * accept fragmented alerts). | 165 * accept fragmented alerts). |
166 */ | 166 */ |
167 #define SSL_CBC_RANDOM_IV 23 | 167 #define SSL_CBC_RANDOM_IV 23 |
168 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ | 168 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ |
169 /* Request Signed Certificate Timestamps via TLS extension (client) */ | |
170 #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 25 | |
169 | 171 |
170 #ifdef SSL_DEPRECATED_FUNCTION | 172 #ifdef SSL_DEPRECATED_FUNCTION |
171 /* Old deprecated function names */ | 173 /* Old deprecated function names */ |
172 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); | 174 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); |
173 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); | 175 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); |
174 #endif | 176 #endif |
175 | 177 |
176 /* New function names */ | 178 /* New function names */ |
177 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); | 179 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); |
178 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); | 180 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); |
(...skipping 283 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
462 * You must set the SSL_ENABLE_OCSP_STAPLING option to enable OCSP stapling. | 464 * You must set the SSL_ENABLE_OCSP_STAPLING option to enable OCSP stapling. |
463 * to be provided by a server. | 465 * to be provided by a server. |
464 * | 466 * |
465 * libssl does not do any validation of the OCSP response itself; the | 467 * libssl does not do any validation of the OCSP response itself; the |
466 * authenticate certificate hook is responsible for doing so. The default | 468 * authenticate certificate hook is responsible for doing so. The default |
467 * authenticate certificate hook, SSL_AuthCertificate, does not implement | 469 * authenticate certificate hook, SSL_AuthCertificate, does not implement |
468 * any OCSP stapling funtionality, but this may change in future versions. | 470 * any OCSP stapling funtionality, but this may change in future versions. |
469 */ | 471 */ |
470 SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd); | 472 SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd); |
471 | 473 |
474 /* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp | |
475 * extension data provided by the TLS server. The return value is a pointer | |
wtc
2013/11/08 19:51:31
Should we mention the extension data is a SignedCe
ekasper
2013/11/18 17:47:18
Can't hurt! Done.
| |
476 * to an internal SECItem that contains the returned response; it is only valid | |
477 * until the callback function that calls SSL_PeerSignedCertTimestamps returns. | |
wtc
2013/11/08 19:51:31
Please be explicit which callback function you are
ekasper
2013/11/18 17:47:18
I believe the precise callback doesn't matter but
| |
478 * | |
479 * If no Signed Certificate Timestamps were given by the server then the result | |
480 * will be empty. If there was an error, then the result will be NULL. | |
481 * | |
482 * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to enable Signed | |
483 * Certificate Timestamps to be provided by a server. | |
wtc
2013/11/08 19:51:31
Nit: change "to enable Signed Certificate Timestam
ekasper
2013/11/18 17:47:18
That's much better, thanks. Done. I chose "indicat
| |
484 * | |
485 * libssl does not do any parsing or validation of the response itself. | |
486 */ | |
487 SSL_IMPORT const SECItem * SSL_PeerSignedCertTimestamps(PRFileDesc *fd); | |
488 | |
472 /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses | 489 /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses |
473 * in the fd's data, which may be sent as part of a server side cert_status | 490 * in the fd's data, which may be sent as part of a server side cert_status |
474 * handshake message. Parameter |responses| is for the server certificate of | 491 * handshake message. Parameter |responses| is for the server certificate of |
475 * the key exchange type |kea|. | 492 * the key exchange type |kea|. |
476 * The function will duplicate the responses array. | 493 * The function will duplicate the responses array. |
477 */ | 494 */ |
478 SSL_IMPORT SECStatus | 495 SSL_IMPORT SECStatus |
479 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses, | 496 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses, |
480 SSLKEAType kea); | 497 SSLKEAType kea); |
481 | 498 |
(...skipping 669 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1151 * should continue using the connection. If the application passes a non-zero | 1168 * should continue using the connection. If the application passes a non-zero |
1152 * value for second argument (error), or if SSL_AuthCertificateComplete returns | 1169 * value for second argument (error), or if SSL_AuthCertificateComplete returns |
1153 * anything other than SECSuccess, then the application should close the | 1170 * anything other than SECSuccess, then the application should close the |
1154 * connection. | 1171 * connection. |
1155 */ | 1172 */ |
1156 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, | 1173 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, |
1157 PRErrorCode error); | 1174 PRErrorCode error); |
1158 SEC_END_PROTOS | 1175 SEC_END_PROTOS |
1159 | 1176 |
1160 #endif /* __ssl_h_ */ | 1177 #endif /* __ssl_h_ */ |
OLD | NEW |