OLD | NEW |
---|---|
1 /* | 1 /* |
2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 #ifndef __ssl_h_ | 8 #ifndef __ssl_h_ |
9 #define __ssl_h_ | 9 #define __ssl_h_ |
10 | 10 |
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
154 * configurations) prevent the same attack by prepending an empty | 154 * configurations) prevent the same attack by prepending an empty |
155 * application_data record to every application_data record they send; we do | 155 * application_data record to every application_data record they send; we do |
156 * not do that because some implementations cannot handle empty | 156 * not do that because some implementations cannot handle empty |
157 * application_data records. Also, we only split application_data records and | 157 * application_data records. Also, we only split application_data records and |
158 * not other types of records, because some implementations will not accept | 158 * not other types of records, because some implementations will not accept |
159 * fragmented records of some other types (e.g. some versions of NSS do not | 159 * fragmented records of some other types (e.g. some versions of NSS do not |
160 * accept fragmented alerts). | 160 * accept fragmented alerts). |
161 */ | 161 */ |
162 #define SSL_CBC_RANDOM_IV 23 | 162 #define SSL_CBC_RANDOM_IV 23 |
163 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ | 163 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ |
164 /* Request Signed Certificate Timestamps via TLS extension (client) */ | |
165 #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 25 | |
164 | 166 |
165 #ifdef SSL_DEPRECATED_FUNCTION | 167 #ifdef SSL_DEPRECATED_FUNCTION |
166 /* Old deprecated function names */ | 168 /* Old deprecated function names */ |
167 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); | 169 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); |
168 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); | 170 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); |
169 #endif | 171 #endif |
170 | 172 |
171 /* New function names */ | 173 /* New function names */ |
172 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); | 174 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); |
173 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); | 175 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); |
(...skipping 283 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
457 * You must set the SSL_ENABLE_OCSP_STAPLING option to enable OCSP stapling. | 459 * You must set the SSL_ENABLE_OCSP_STAPLING option to enable OCSP stapling. |
458 * to be provided by a server. | 460 * to be provided by a server. |
459 * | 461 * |
460 * libssl does not do any validation of the OCSP response itself; the | 462 * libssl does not do any validation of the OCSP response itself; the |
461 * authenticate certificate hook is responsible for doing so. The default | 463 * authenticate certificate hook is responsible for doing so. The default |
462 * authenticate certificate hook, SSL_AuthCertificate, does not implement | 464 * authenticate certificate hook, SSL_AuthCertificate, does not implement |
463 * any OCSP stapling funtionality, but this may change in future versions. | 465 * any OCSP stapling funtionality, but this may change in future versions. |
464 */ | 466 */ |
465 SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd); | 467 SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd); |
466 | 468 |
469 /* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp | |
470 * extension data provided by the TLS server. The return value is a pointer | |
471 * to an internal SECItem that contains the returned response (as a serialized | |
472 * SignedCertificateTimestampList, see RFC 6962). The returned pointer is only | |
473 * valid until the callback function that calls SSL_PeerSignedCertTimestamps | |
474 * (e.g. the authenticate certificate hook, or the handshake callback) returns. | |
475 * | |
476 * If no Signed Certificate Timestamps were given by the server then the result | |
477 * will be empty. If there was an error, then the result will be NULL. | |
478 * | |
479 * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to indicate support | |
480 * for Signed Certificate Timestamps to a server. | |
481 * | |
482 * libssl does not do any parsing or validation of the response itself. | |
483 */ | |
484 SSL_IMPORT const SECItem * SSL_PeerSignedCertTimestamps(PRFileDesc *fd); | |
wtc
2013/11/20 23:05:55
We'll need to add this function to net/third_party
| |
485 | |
467 /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses | 486 /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses |
468 * in the fd's data, which may be sent as part of a server side cert_status | 487 * in the fd's data, which may be sent as part of a server side cert_status |
469 * handshake message. Parameter |responses| is for the server certificate of | 488 * handshake message. Parameter |responses| is for the server certificate of |
470 * the key exchange type |kea|. | 489 * the key exchange type |kea|. |
471 * The function will duplicate the responses array. | 490 * The function will duplicate the responses array. |
472 */ | 491 */ |
473 SSL_IMPORT SECStatus | 492 SSL_IMPORT SECStatus |
474 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses, | 493 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses, |
475 SSLKEAType kea); | 494 SSLKEAType kea); |
476 | 495 |
(...skipping 655 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1132 * should continue using the connection. If the application passes a non-zero | 1151 * should continue using the connection. If the application passes a non-zero |
1133 * value for second argument (error), or if SSL_AuthCertificateComplete returns | 1152 * value for second argument (error), or if SSL_AuthCertificateComplete returns |
1134 * anything other than SECSuccess, then the application should close the | 1153 * anything other than SECSuccess, then the application should close the |
1135 * connection. | 1154 * connection. |
1136 */ | 1155 */ |
1137 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, | 1156 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, |
1138 PRErrorCode error); | 1157 PRErrorCode error); |
1139 SEC_END_PROTOS | 1158 SEC_END_PROTOS |
1140 | 1159 |
1141 #endif /* __ssl_h_ */ | 1160 #endif /* __ssl_h_ */ |
OLD | NEW |