OLD | NEW |
---|---|
1 /* | 1 /* |
2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
3 * any SSL implementation file. | 3 * any SSL implementation file. |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 #ifndef __sslimpl_h_ | 9 #ifndef __sslimpl_h_ |
10 #define __sslimpl_h_ | 10 #define __sslimpl_h_ |
(...skipping 287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
298 #define ssl_V3_SUITES_IMPLEMENTED 37 | 298 #define ssl_V3_SUITES_IMPLEMENTED 37 |
299 #endif /* NSS_ENABLE_ECC */ | 299 #endif /* NSS_ENABLE_ECC */ |
300 | 300 |
301 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 | 301 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 |
302 | 302 |
303 typedef struct sslOptionsStr { | 303 typedef struct sslOptionsStr { |
304 /* If SSL_SetNextProtoNego has been called, then this contains the | 304 /* If SSL_SetNextProtoNego has been called, then this contains the |
305 * list of supported protocols. */ | 305 * list of supported protocols. */ |
306 SECItem nextProtoNego; | 306 SECItem nextProtoNego; |
307 | 307 |
308 unsigned int useSecurity» » : 1; /* 1 */ | 308 unsigned int useSecurity» » : 1; /* 1 */ |
309 unsigned int useSocks» » : 1; /* 2 */ | 309 unsigned int useSocks» » : 1; /* 2 */ |
310 unsigned int requestCertificate» : 1; /* 3 */ | 310 unsigned int requestCertificate» : 1; /* 3 */ |
311 unsigned int requireCertificate» : 2; /* 4-5 */ | 311 unsigned int requireCertificate» : 2; /* 4-5 */ |
312 unsigned int handshakeAsClient» : 1; /* 6 */ | 312 unsigned int handshakeAsClient» : 1; /* 6 */ |
313 unsigned int handshakeAsServer» : 1; /* 7 */ | 313 unsigned int handshakeAsServer» : 1; /* 7 */ |
314 unsigned int enableSSL2» » : 1; /* 8 */ | 314 unsigned int enableSSL2» » : 1; /* 8 */ |
315 unsigned int unusedBit9» » : 1; /* 9 */ | 315 unsigned int unusedBit9» » : 1; /* 9 */ |
316 unsigned int unusedBit10» » : 1; /* 10 */ | 316 unsigned int unusedBit10» » : 1; /* 10 */ |
317 unsigned int noCache» » : 1; /* 11 */ | 317 unsigned int noCache» » : 1; /* 11 */ |
318 unsigned int fdx» » » : 1; /* 12 */ | 318 unsigned int fdx» » » : 1; /* 12 */ |
319 unsigned int v2CompatibleHello» : 1; /* 13 */ | 319 unsigned int v2CompatibleHello» : 1; /* 13 */ |
320 unsigned int detectRollBack » : 1; /* 14 */ | 320 unsigned int detectRollBack » : 1; /* 14 */ |
321 unsigned int noStepDown : 1; /* 15 */ | 321 unsigned int noStepDown : 1; /* 15 */ |
322 unsigned int bypassPKCS11 : 1; /* 16 */ | 322 unsigned int bypassPKCS11 : 1; /* 16 */ |
323 unsigned int noLocks : 1; /* 17 */ | 323 unsigned int noLocks : 1; /* 17 */ |
324 unsigned int enableSessionTickets : 1; /* 18 */ | 324 unsigned int enableSessionTickets : 1; /* 18 */ |
325 unsigned int enableDeflate : 1; /* 19 */ | 325 unsigned int enableDeflate : 1; /* 19 */ |
326 unsigned int enableRenegotiation : 2; /* 20-21 */ | 326 unsigned int enableRenegotiation : 2; /* 20-21 */ |
327 unsigned int requireSafeNegotiation : 1; /* 22 */ | 327 unsigned int requireSafeNegotiation : 1; /* 22 */ |
328 unsigned int enableFalseStart : 1; /* 23 */ | 328 unsigned int enableFalseStart : 1; /* 23 */ |
329 unsigned int cbcRandomIV : 1; /* 24 */ | 329 unsigned int cbcRandomIV : 1; /* 24 */ |
330 unsigned int enableOCSPStapling : 1; /* 25 */ | 330 unsigned int enableOCSPStapling» : 1; /* 25 */ |
331 unsigned int enableSignedCertTimestamps : 1; /* 26 */ | |
331 } sslOptions; | 332 } sslOptions; |
332 | 333 |
333 typedef enum { sslHandshakingUndetermined = 0, | 334 typedef enum { sslHandshakingUndetermined = 0, |
334 sslHandshakingAsClient, | 335 sslHandshakingAsClient, |
335 sslHandshakingAsServer | 336 sslHandshakingAsServer |
336 } sslHandshakingType; | 337 } sslHandshakingType; |
337 | 338 |
338 typedef struct sslServerCertsStr { | 339 typedef struct sslServerCertsStr { |
339 /* Configuration state for server sockets */ | 340 /* Configuration state for server sockets */ |
340 CERTCertificate * serverCert; | 341 CERTCertificate * serverCert; |
(...skipping 350 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
691 PRUint16 clAuthSeries; | 692 PRUint16 clAuthSeries; |
692 | 693 |
693 char masterValid; | 694 char masterValid; |
694 char clAuthValid; | 695 char clAuthValid; |
695 | 696 |
696 /* Session ticket if we have one, is sent as an extension in the | 697 /* Session ticket if we have one, is sent as an extension in the |
697 * ClientHello message. This field is used by clients. | 698 * ClientHello message. This field is used by clients. |
698 */ | 699 */ |
699 NewSessionTicket sessionTicket; | 700 NewSessionTicket sessionTicket; |
700 SECItem srvName; | 701 SECItem srvName; |
702 /* Signed certificate timestamps received in a TLS extension. | |
wtc
2013/11/08 19:51:31
Nit: add a blank line before this line.
ekasper
2013/11/18 17:47:18
Done.
| |
703 ** (used only in client). | |
704 */ | |
705 SECItem signedCertTimestamps; | |
701 } ssl3; | 706 } ssl3; |
702 } u; | 707 } u; |
703 }; | 708 }; |
704 | 709 |
705 | 710 |
706 typedef struct ssl3CipherSuiteDefStr { | 711 typedef struct ssl3CipherSuiteDefStr { |
707 ssl3CipherSuite cipher_suite; | 712 ssl3CipherSuite cipher_suite; |
708 SSL3BulkCipher bulk_cipher_alg; | 713 SSL3BulkCipher bulk_cipher_alg; |
709 SSL3MACAlgorithm mac_alg; | 714 SSL3MACAlgorithm mac_alg; |
710 SSL3KeyExchangeAlgorithm key_exchange_alg; | 715 SSL3KeyExchangeAlgorithm key_exchange_alg; |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
782 /* SessionTicket Extension related data. */ | 787 /* SessionTicket Extension related data. */ |
783 PRBool ticketTimestampVerified; | 788 PRBool ticketTimestampVerified; |
784 PRBool emptySessionTicket; | 789 PRBool emptySessionTicket; |
785 | 790 |
786 /* SNI Extension related data | 791 /* SNI Extension related data |
787 * Names data is not coppied from the input buffer. It can not be | 792 * Names data is not coppied from the input buffer. It can not be |
788 * used outside the scope where input buffer is defined and that | 793 * used outside the scope where input buffer is defined and that |
789 * is beyond ssl3_HandleClientHello function. */ | 794 * is beyond ssl3_HandleClientHello function. */ |
790 SECItem *sniNameArr; | 795 SECItem *sniNameArr; |
791 PRUint32 sniNameArrSize; | 796 PRUint32 sniNameArrSize; |
797 /* Signed Certificate Timestamps extracted from the TLS extension. | |
wtc
2013/11/08 19:51:31
Nit: add a blank line before this line.
ekasper
2013/11/18 17:47:18
Done.
| |
798 * (client only). | |
799 * This container holds a temporary pointer to the extension data, | |
800 * until a session is setup that can hold a permanent copy of the data. | |
wtc
2013/11/08 19:51:31
Is the 'signedCertTimestamps' SECItem on line 705
ekasper
2013/11/18 17:47:18
Yup.
| |
801 * The data pointed to by this structure is neither explicitly allocated | |
802 * nor copied: the pointer points to the handshake message buffer and is | |
803 * only valid in the scope of ssl3_HandleServerHello. | |
804 */ | |
805 SECItem signedCertTimestamps; | |
792 }; | 806 }; |
793 | 807 |
794 typedef SECStatus (*sslRestartTarget)(sslSocket *); | 808 typedef SECStatus (*sslRestartTarget)(sslSocket *); |
795 | 809 |
796 /* | 810 /* |
797 ** A DTLS queued message (potentially to be retransmitted) | 811 ** A DTLS queued message (potentially to be retransmitted) |
798 */ | 812 */ |
799 typedef struct DTLSQueuedMessageStr { | 813 typedef struct DTLSQueuedMessageStr { |
800 PRCList link; /* The linked list link */ | 814 PRCList link; /* The linked list link */ |
801 DTLSEpoch epoch; /* The epoch to use */ | 815 DTLSEpoch epoch; /* The epoch to use */ |
(...skipping 1140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1942 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 1956 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
1943 #define SSL_GETPID getpid | 1957 #define SSL_GETPID getpid |
1944 #elif defined(WIN32) | 1958 #elif defined(WIN32) |
1945 extern int __cdecl _getpid(void); | 1959 extern int __cdecl _getpid(void); |
1946 #define SSL_GETPID _getpid | 1960 #define SSL_GETPID _getpid |
1947 #else | 1961 #else |
1948 #define SSL_GETPID() 0 | 1962 #define SSL_GETPID() 0 |
1949 #endif | 1963 #endif |
1950 | 1964 |
1951 #endif /* __sslimpl_h_ */ | 1965 #endif /* __sslimpl_h_ */ |
OLD | NEW |