net/third_party/nss/ssl/ssl.h - Issue 64553002: Certificate Transparency TLS extension patch for NSS

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/third_party/nss/ssl/ssl.h

Issue 64553002: Certificate Transparency TLS extension patch for NSS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: more review comments Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: net/third_party/nss/ssl/ssl.h

diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h

index 67cc3a786d78ff2c02b66eacdb7a8933ef2c3961..4cf02aaedbb0d4347e05b833cec46be669c62aea 100644

--- a/net/third_party/nss/ssl/ssl.h

+++ b/net/third_party/nss/ssl/ssl.h

@@ -161,6 +161,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);

#define SSL_CBC_RANDOM_IV 23

#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */

+/* Request Signed Certificate Timestamps via TLS extension (client) */

+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 25

#ifdef SSL_DEPRECATED_FUNCTION

/* Old deprecated function names */

@@ -464,6 +466,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);

SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);

+/* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp

+ * extension data provided by the TLS server. The return value is a pointer

+ * to an internal SECItem that contains the returned response (as a serialized

+ * SignedCertificateTimestampList, see RFC 6962). The returned pointer is only

+ * valid until the callback function that calls SSL_PeerSignedCertTimestamps

+ * (e.g. the authenticate certificate hook, or the handshake callback) returns.

+ *

+ * If no Signed Certificate Timestamps were given by the server then the result

+ * will be empty. If there was an error, then the result will be NULL.

+ *

+ * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to indicate support

+ * for Signed Certificate Timestamps to a server.

+ *

+ * libssl does not do any parsing or validation of the response itself.

+ */

+SSL_IMPORT const SECItem * SSL_PeerSignedCertTimestamps(PRFileDesc *fd);

wtc 2013/11/20 23:05:55 We'll need to add this function to net/third_party

/* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses

* in the fd's data, which may be sent as part of a server side cert_status

* handshake message. Parameter |responses| is for the server certificate of