Index: net/third_party/nss/ssl/sslimpl.h |
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h |
index 614eed145ecf3a35994c46b1b7cabbd141cf1b51..c17cc23cac606a8f4dbb580fd449e6a2a9de1956 100644 |
--- a/net/third_party/nss/ssl/sslimpl.h |
+++ b/net/third_party/nss/ssl/sslimpl.h |
@@ -305,29 +305,30 @@ typedef struct sslOptionsStr { |
* list of supported protocols. */ |
SECItem nextProtoNego; |
- unsigned int useSecurity : 1; /* 1 */ |
- unsigned int useSocks : 1; /* 2 */ |
- unsigned int requestCertificate : 1; /* 3 */ |
- unsigned int requireCertificate : 2; /* 4-5 */ |
- unsigned int handshakeAsClient : 1; /* 6 */ |
- unsigned int handshakeAsServer : 1; /* 7 */ |
- unsigned int enableSSL2 : 1; /* 8 */ |
- unsigned int unusedBit9 : 1; /* 9 */ |
- unsigned int unusedBit10 : 1; /* 10 */ |
- unsigned int noCache : 1; /* 11 */ |
- unsigned int fdx : 1; /* 12 */ |
- unsigned int v2CompatibleHello : 1; /* 13 */ |
- unsigned int detectRollBack : 1; /* 14 */ |
- unsigned int noStepDown : 1; /* 15 */ |
- unsigned int bypassPKCS11 : 1; /* 16 */ |
- unsigned int noLocks : 1; /* 17 */ |
- unsigned int enableSessionTickets : 1; /* 18 */ |
- unsigned int enableDeflate : 1; /* 19 */ |
- unsigned int enableRenegotiation : 2; /* 20-21 */ |
- unsigned int requireSafeNegotiation : 1; /* 22 */ |
- unsigned int enableFalseStart : 1; /* 23 */ |
- unsigned int cbcRandomIV : 1; /* 24 */ |
- unsigned int enableOCSPStapling : 1; /* 25 */ |
+ unsigned int useSecurity : 1; /* 1 */ |
+ unsigned int useSocks : 1; /* 2 */ |
+ unsigned int requestCertificate : 1; /* 3 */ |
+ unsigned int requireCertificate : 2; /* 4-5 */ |
+ unsigned int handshakeAsClient : 1; /* 6 */ |
+ unsigned int handshakeAsServer : 1; /* 7 */ |
+ unsigned int enableSSL2 : 1; /* 8 */ |
+ unsigned int unusedBit9 : 1; /* 9 */ |
+ unsigned int unusedBit10 : 1; /* 10 */ |
+ unsigned int noCache : 1; /* 11 */ |
+ unsigned int fdx : 1; /* 12 */ |
+ unsigned int v2CompatibleHello : 1; /* 13 */ |
+ unsigned int detectRollBack : 1; /* 14 */ |
+ unsigned int noStepDown : 1; /* 15 */ |
+ unsigned int bypassPKCS11 : 1; /* 16 */ |
+ unsigned int noLocks : 1; /* 17 */ |
+ unsigned int enableSessionTickets : 1; /* 18 */ |
+ unsigned int enableDeflate : 1; /* 19 */ |
+ unsigned int enableRenegotiation : 2; /* 20-21 */ |
+ unsigned int requireSafeNegotiation : 1; /* 22 */ |
+ unsigned int enableFalseStart : 1; /* 23 */ |
+ unsigned int cbcRandomIV : 1; /* 24 */ |
+ unsigned int enableOCSPStapling : 1; /* 25 */ |
+ unsigned int enableSignedCertTimestamps : 1; /* 26 */ |
} sslOptions; |
typedef enum { sslHandshakingUndetermined = 0, |
@@ -698,6 +699,10 @@ struct sslSessionIDStr { |
*/ |
NewSessionTicket sessionTicket; |
SECItem srvName; |
+ /* Signed certificate timestamps received in a TLS extension. |
wtc
2013/11/08 19:51:31
Nit: add a blank line before this line.
ekasper
2013/11/18 17:47:18
Done.
|
+ ** (used only in client). |
+ */ |
+ SECItem signedCertTimestamps; |
} ssl3; |
} u; |
}; |
@@ -789,6 +794,15 @@ struct TLSExtensionDataStr { |
* is beyond ssl3_HandleClientHello function. */ |
SECItem *sniNameArr; |
PRUint32 sniNameArrSize; |
+ /* Signed Certificate Timestamps extracted from the TLS extension. |
wtc
2013/11/08 19:51:31
Nit: add a blank line before this line.
ekasper
2013/11/18 17:47:18
Done.
|
+ * (client only). |
+ * This container holds a temporary pointer to the extension data, |
+ * until a session is setup that can hold a permanent copy of the data. |
wtc
2013/11/08 19:51:31
Is the 'signedCertTimestamps' SECItem on line 705
ekasper
2013/11/18 17:47:18
Yup.
|
+ * The data pointed to by this structure is neither explicitly allocated |
+ * nor copied: the pointer points to the handshake message buffer and is |
+ * only valid in the scope of ssl3_HandleServerHello. |
+ */ |
+ SECItem signedCertTimestamps; |
}; |
typedef SECStatus (*sslRestartTarget)(sslSocket *); |