Index: net/third_party/nss/ssl/ssl.h |
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h |
index 47468a0a289a1b712b2a7acde2a28c73dad4c31b..dac483ae1bf42b7420a02c3e37fda34b5bc9148f 100644 |
--- a/net/third_party/nss/ssl/ssl.h |
+++ b/net/third_party/nss/ssl/ssl.h |
@@ -166,6 +166,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); |
*/ |
#define SSL_CBC_RANDOM_IV 23 |
#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ |
+/* Request Signed Certificate Timestamps via TLS extension (client) */ |
+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 25 |
#ifdef SSL_DEPRECATED_FUNCTION |
/* Old deprecated function names */ |
@@ -469,6 +471,21 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd); |
*/ |
SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd); |
+/* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp |
+ * extension data provided by the TLS server. The return value is a pointer |
wtc
2013/11/08 19:51:31
Should we mention the extension data is a SignedCe
ekasper
2013/11/18 17:47:18
Can't hurt! Done.
|
+ * to an internal SECItem that contains the returned response; it is only valid |
+ * until the callback function that calls SSL_PeerSignedCertTimestamps returns. |
wtc
2013/11/08 19:51:31
Please be explicit which callback function you are
ekasper
2013/11/18 17:47:18
I believe the precise callback doesn't matter but
|
+ * |
+ * If no Signed Certificate Timestamps were given by the server then the result |
+ * will be empty. If there was an error, then the result will be NULL. |
+ * |
+ * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to enable Signed |
+ * Certificate Timestamps to be provided by a server. |
wtc
2013/11/08 19:51:31
Nit: change "to enable Signed Certificate Timestam
ekasper
2013/11/18 17:47:18
That's much better, thanks. Done. I chose "indicat
|
+ * |
+ * libssl does not do any parsing or validation of the response itself. |
+ */ |
+SSL_IMPORT const SECItem * SSL_PeerSignedCertTimestamps(PRFileDesc *fd); |
+ |
/* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses |
* in the fd's data, which may be sent as part of a server side cert_status |
* handshake message. Parameter |responses| is for the server certificate of |