Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(725)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/ssl.h

Issue 992733002: Remove //net (except for Android test stuff) and sdch (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/ssl/prelib.c ('k') | net/third_party/nss/ssl/ssl.rc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * This file contains prototypes for the public SSL functions.
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
8 #ifndef __ssl_h_
9 #define __ssl_h_
10
11 #include "prtypes.h"
12 #include "prerror.h"
13 #include "prio.h"
14 #include "seccomon.h"
15 #include "cert.h"
16 #include "keyt.h"
17
18 #include "sslt.h" /* public ssl data types */
19
20 #if defined(_WIN32) && !defined(IN_LIBSSL) && !defined(NSS_USE_STATIC_LIBS)
21 #define SSL_IMPORT extern __declspec(dllimport)
22 #else
23 #define SSL_IMPORT extern
24 #endif
25
26 SEC_BEGIN_PROTOS
27
28 /* constant table enumerating all implemented SSL 2 and 3 cipher suites. */
29 SSL_IMPORT const PRUint16 SSL_ImplementedCiphers[];
30
31 /* the same as the above, but is a function */
32 SSL_IMPORT const PRUint16 *SSL_GetImplementedCiphers(void);
33
34 /* number of entries in the above table. */
35 SSL_IMPORT const PRUint16 SSL_NumImplementedCiphers;
36
37 /* the same as the above, but is a function */
38 SSL_IMPORT PRUint16 SSL_GetNumImplementedCiphers(void);
39
40 /* Macro to tell which ciphers in table are SSL2 vs SSL3/TLS. */
41 #define SSL_IS_SSL2_CIPHER(which) (((which) & 0xfff0) == 0xff00)
42
43 /*
44 ** Imports fd into SSL, returning a new socket. Copies SSL configuration
45 ** from model.
46 */
47 SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
48
49 /*
50 ** Imports fd into DTLS, returning a new socket. Copies DTLS configuration
51 ** from model.
52 */
53 SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
54
55 /*
56 ** Enable/disable an ssl mode
57 **
58 ** SSL_SECURITY:
59 ** enable/disable use of SSL security protocol before connect
60 **
61 ** SSL_SOCKS:
62 ** enable/disable use of socks before connect
63 ** (No longer supported).
64 **
65 ** SSL_REQUEST_CERTIFICATE:
66 ** require a certificate during secure connect
67 */
68 /* options */
69 #define SSL_SECURITY 1 /* (on by default) */
70 #define SSL_SOCKS 2 /* (off by default) */
71 #define SSL_REQUEST_CERTIFICATE 3 /* (off by default) */
72 #define SSL_HANDSHAKE_AS_CLIENT 5 /* force accept to hs as client */
73 /* (off by default) */
74 #define SSL_HANDSHAKE_AS_SERVER 6 /* force connect to hs as server */
75 /* (off by default) */
76
77 /* OBSOLETE: SSL v2 is obsolete and may be removed soon. */
78 #define SSL_ENABLE_SSL2 7 /* enable ssl v2 (off by default) */
79
80 /* OBSOLETE: See "SSL Version Range API" below for the replacement and a
81 ** description of the non-obvious semantics of using SSL_ENABLE_SSL3.
82 */
83 #define SSL_ENABLE_SSL3 8 /* enable ssl v3 (on by default) */
84
85 #define SSL_NO_CACHE 9 /* don't use the session cache */
86 /* (off by default) */
87 #define SSL_REQUIRE_CERTIFICATE 10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */
88 /* by default) */
89 #define SSL_ENABLE_FDX 11 /* permit simultaneous read/write */
90 /* (off by default) */
91
92 /* OBSOLETE: SSL v2 compatible hellos are not accepted by some TLS servers
93 ** and cannot negotiate extensions. SSL v2 is obsolete. This option may be
94 ** removed soon.
95 */
96 #define SSL_V2_COMPATIBLE_HELLO 12 /* send v3 client hello in v2 fmt */
97 /* (off by default) */
98
99 /* OBSOLETE: See "SSL Version Range API" below for the replacement and a
100 ** description of the non-obvious semantics of using SSL_ENABLE_TLS.
101 */
102 #define SSL_ENABLE_TLS 13 /* enable TLS (on by default) */
103
104 #define SSL_ROLLBACK_DETECTION 14 /* for compatibility, default: on */
105 #define SSL_NO_STEP_DOWN 15 /* Disable export cipher suites */
106 /* if step-down keys are needed. */
107 /* default: off, generate */
108 /* step-down keys if needed. */
109 #define SSL_BYPASS_PKCS11 16 /* use PKCS#11 for pub key only */
110 #define SSL_NO_LOCKS 17 /* Don't use locks for protection */
111 #define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */
112 /* extension (off by default) */
113 #define SSL_ENABLE_DEFLATE 19 /* Enable TLS compression with */
114 /* DEFLATE (off by default) */
115 #define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */
116 #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling */
117 /* Cipher Suite Value (SCSV) or */
118 /* Renegotiation Info (RI) */
119 /* extension in ALL handshakes. */
120 /* default: off */
121 #define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */
122 /* default, applies only to */
123 /* clients). False start is a */
124 /* mode where an SSL client will start sending application data before
125 * verifying the server's Finished message. This means that we could end up
126 * sending data to an imposter. However, the data will be encrypted and
127 * only the true server can derive the session key. Thus, so long as the
128 * cipher isn't broken this is safe. The advantage of false start is that
129 * it saves a round trip for client-speaks-first protocols when performing a
130 * full handshake.
131 *
132 * In addition to enabling this option, the application must register a
133 * callback using the SSL_SetCanFalseStartCallback function.
134 */
135
136 /* For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks
137 * on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting
138 * non-empty application_data records into two records; the first record has
139 * only the first byte of plaintext, and the second has the rest.
140 *
141 * This only prevents the attack in the sending direction; the connection may
142 * still be vulnerable to such attacks if the peer does not implement a similar
143 * countermeasure.
144 *
145 * This protection mechanism is on by default; the default can be overridden by
146 * setting NSS_SSL_CBC_RANDOM_IV=0 in the environment prior to execution,
147 * and/or by the application setting the option SSL_CBC_RANDOM_IV to PR_FALSE.
148 *
149 * The per-record IV in TLS 1.1 and later adds one block of overhead per
150 * record, whereas this hack will add at least two blocks of overhead per
151 * record, so TLS 1.1+ will always be more efficient.
152 *
153 * Other implementations (e.g. some versions of OpenSSL, in some
154 * configurations) prevent the same attack by prepending an empty
155 * application_data record to every application_data record they send; we do
156 * not do that because some implementations cannot handle empty
157 * application_data records. Also, we only split application_data records and
158 * not other types of records, because some implementations will not accept
159 * fragmented records of some other types (e.g. some versions of NSS do not
160 * accept fragmented alerts).
161 */
162 #define SSL_CBC_RANDOM_IV 23
163 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
164
165 /* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial
166 * handshake when protocol negotiation is used. SSL_SetNextProtoCallback
167 * or SSL_SetNextProtoNego must be used to control the protocol negotiation;
168 * otherwise, the NPN extension will not be negotiated. SSL_ENABLE_NPN is
169 * currently enabled by default but this may change in future versions.
170 */
171 #define SSL_ENABLE_NPN 25
172
173 /* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the
174 * initial handshake when protocol negotiation is used. SSL_SetNextProtoNego
175 * (not SSL_SetNextProtoCallback) must be used to control the protocol
176 * negotiation; otherwise, the ALPN extension will not be negotiated. ALPN is
177 * not negotiated for renegotiation handshakes, even though the ALPN
178 * specification defines a way to use ALPN during renegotiations.
179 * SSL_ENABLE_ALPN is currently disabled by default, but this may change in
180 * future versions.
181 */
182 #define SSL_ENABLE_ALPN 26
183
184 /* Request Signed Certificate Timestamps via TLS extension (client) */
185 #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27
186 #define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
187 * handshakes. */
188
189 #ifdef SSL_DEPRECATED_FUNCTION
190 /* Old deprecated function names */
191 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
192 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
193 #endif
194
195 /* New function names */
196 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
197 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
198 SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
199 SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);
200 SSL_IMPORT SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHan dle);
201
202 /* SSLNextProtoCallback is called during the handshake for the client, when a
203 * Next Protocol Negotiation (NPN) extension has been received from the server.
204 * |protos| and |protosLen| define a buffer which contains the server's
205 * advertisement. This data is guaranteed to be well formed per the NPN spec.
206 * |protoOut| is a buffer provided by the caller, of length 255 (the maximum
207 * allowed by the protocol). On successful return, the protocol to be announced
208 * to the server will be in |protoOut| and its length in |*protoOutLen|.
209 *
210 * The callback must return SECFailure or SECSuccess (not SECWouldBlock).
211 */
212 typedef SECStatus (PR_CALLBACK *SSLNextProtoCallback)(
213 void *arg,
214 PRFileDesc *fd,
215 const unsigned char* protos,
216 unsigned int protosLen,
217 unsigned char* protoOut,
218 unsigned int* protoOutLen,
219 unsigned int protoMaxOut);
220
221 /* SSL_SetNextProtoCallback sets a callback function to handle Next Protocol
222 * Negotiation. It causes a client to advertise NPN. */
223 SSL_IMPORT SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd,
224 SSLNextProtoCallback callback,
225 void *arg);
226
227 /* SSL_SetNextProtoNego can be used as an alternative to
228 * SSL_SetNextProtoCallback. It also causes a client to advertise NPN and
229 * installs a default callback function which selects the first supported
230 * protocol in server-preference order. If no matching protocol is found it
231 * selects the first supported protocol.
232 *
233 * Using this function also allows the client to transparently support ALPN.
234 * The same set of protocols will be advertised via ALPN and, if the server
235 * uses ALPN to select a protocol, SSL_GetNextProto will return
236 * SSL_NEXT_PROTO_SELECTED as the state.
237 *
238 * Since NPN uses the first protocol as the fallback protocol, when sending an
239 * ALPN extension, the first protocol is moved to the end of the list. This
240 * indicates that the fallback protocol is the least preferred. The other
241 * protocols should be in preference order.
242 *
243 * The supported protocols are specified in |data| in wire-format (8-bit
244 * length-prefixed). For example: "\010http/1.1\006spdy/2". */
245 SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd,
246 const unsigned char *data,
247 unsigned int length);
248
249 typedef enum SSLNextProtoState {
250 SSL_NEXT_PROTO_NO_SUPPORT = 0, /* No peer support */
251 SSL_NEXT_PROTO_NEGOTIATED = 1, /* Mutual agreement */
252 SSL_NEXT_PROTO_NO_OVERLAP = 2, /* No protocol overlap found */
253 SSL_NEXT_PROTO_SELECTED = 3 /* Server selected proto (ALPN) */
254 } SSLNextProtoState;
255
256 /* SSL_GetNextProto can be used in the HandshakeCallback or any time after
257 * a handshake to retrieve the result of the Next Protocol negotiation.
258 *
259 * The length of the negotiated protocol, if any, is written into *bufLen.
260 * If the negotiated protocol is longer than bufLenMax, then SECFailure is
261 * returned. Otherwise, the negotiated protocol, if any, is written into buf,
262 * and SECSuccess is returned. */
263 SSL_IMPORT SECStatus SSL_GetNextProto(PRFileDesc *fd,
264 SSLNextProtoState *state,
265 unsigned char *buf,
266 unsigned int *bufLen,
267 unsigned int bufLenMax);
268
269 /*
270 ** Control ciphers that SSL uses. If on is non-zero then the named cipher
271 ** is enabled, otherwise it is disabled.
272 ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values).
273 ** EnableCipher records user preferences.
274 ** SetPolicy sets the policy according to the policy module.
275 */
276 #ifdef SSL_DEPRECATED_FUNCTION
277 /* Old deprecated function names */
278 SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled);
279 SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy);
280 #endif
281
282 /* New function names */
283 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool en abled);
284 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *e nabled);
285 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);
286 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
287 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
288 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
289
290 /* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
291 * which must be an array of cipher suite ids of length |len|. All the given
292 * cipher suite ids must appear in the array that is returned by
293 * |SSL_GetImplementedCiphers| and may only appear once, at most. */
294 SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers,
295 unsigned int len);
296
297 /* SSLChannelBindingType enumerates the types of supported channel binding
298 * values. See RFC 5929. */
299 typedef enum SSLChannelBindingType {
300 SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
301 } SSLChannelBindingType;
302
303 /* SSL_GetChannelBinding copies the requested channel binding value, as defined
304 * in RFC 5929, into |out|. The full length of the binding value is written
305 * into |*outLen|.
306 *
307 * At most |outLenMax| bytes of data are copied. If |outLenMax| is
308 * insufficient then the function returns SECFailure and sets the error to
309 * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
310 *
311 * This call will fail if made during a renegotiation. */
312 SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
313 SSLChannelBindingType binding_type,
314 unsigned char *out,
315 unsigned int *outLen,
316 unsigned int outLenMax);
317
318 /* SSL Version Range API
319 **
320 ** This API should be used to control SSL 3.0 & TLS support instead of the
321 ** older SSL_Option* API; however, the SSL_Option* API MUST still be used to
322 ** control SSL 2.0 support. In this version of libssl, SSL 3.0 and TLS 1.0 are
323 ** enabled by default. Future versions of libssl may change which versions of
324 ** the protocol are enabled by default.
325 **
326 ** The SSLProtocolVariant enum indicates whether the protocol is of type
327 ** stream or datagram. This must be provided to the functions that do not
328 ** take an fd. Functions which take an fd will get the variant from the fd,
329 ** which is typed.
330 **
331 ** Using the new version range API in conjunction with the older
332 ** SSL_OptionSet-based API for controlling the enabled protocol versions may
333 ** cause unexpected results. Going forward, we guarantee only the following:
334 **
335 ** SSL_OptionGet(SSL_ENABLE_TLS) will return PR_TRUE if *ANY* versions of TLS
336 ** are enabled.
337 **
338 ** SSL_OptionSet(SSL_ENABLE_TLS, PR_FALSE) will disable *ALL* versions of TLS,
339 ** including TLS 1.0 and later.
340 **
341 ** The above two properties provide compatibility for applications that use
342 ** SSL_OptionSet to implement the insecure fallback from TLS 1.x to SSL 3.0.
343 **
344 ** SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) will enable TLS 1.0, and may also
345 ** enable some later versions of TLS, if it is necessary to do so in order to
346 ** keep the set of enabled versions contiguous. For example, if TLS 1.2 is
347 ** enabled, then after SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE), TLS 1.0,
348 ** TLS 1.1, and TLS 1.2 will be enabled, and the call will have no effect on
349 ** whether SSL 3.0 is enabled. If no later versions of TLS are enabled at the
350 ** time SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) is called, then no later
351 ** versions of TLS will be enabled by the call.
352 **
353 ** SSL_OptionSet(SSL_ENABLE_SSL3, PR_FALSE) will disable SSL 3.0, and will not
354 ** change the set of TLS versions that are enabled.
355 **
356 ** SSL_OptionSet(SSL_ENABLE_SSL3, PR_TRUE) will enable SSL 3.0, and may also
357 ** enable some versions of TLS if TLS 1.1 or later is enabled at the time of
358 ** the call, the same way SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) works, in
359 ** order to keep the set of enabled versions contiguous.
360 */
361
362 /* Returns, in |*vrange|, the range of SSL3/TLS versions supported for the
363 ** given protocol variant by the version of libssl linked-to at runtime.
364 */
365 SSL_IMPORT SECStatus SSL_VersionRangeGetSupported(
366 SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
367
368 /* Returns, in |*vrange|, the range of SSL3/TLS versions enabled by default
369 ** for the given protocol variant.
370 */
371 SSL_IMPORT SECStatus SSL_VersionRangeGetDefault(
372 SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
373
374 /* Sets the range of enabled-by-default SSL3/TLS versions for the given
375 ** protocol variant to |*vrange|.
376 */
377 SSL_IMPORT SECStatus SSL_VersionRangeSetDefault(
378 SSLProtocolVariant protocolVariant, const SSLVersionRange *vrange);
379
380 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */
381 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd,
382 SSLVersionRange *vrange);
383
384 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */
385 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd,
386 const SSLVersionRange *vrange);
387
388
389 /* Values for "policy" argument to SSL_CipherPolicySet */
390 /* Values returned by SSL_CipherPolicyGet. */
391 #define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */
392 #define SSL_ALLOWED 1
393 #define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */
394
395 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */
396 #define SSL_REQUIRE_NEVER ((PRBool)0)
397 #define SSL_REQUIRE_ALWAYS ((PRBool)1)
398 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2)
399 #define SSL_REQUIRE_NO_ERROR ((PRBool)3)
400
401 /* Values for "on" with SSL_ENABLE_RENEGOTIATION */
402 /* Never renegotiate at all. */
403 #define SSL_RENEGOTIATE_NEVER ((PRBool)0)
404 /* Renegotiate without restriction, whether or not the peer's client hello */
405 /* bears the renegotiation info extension. Vulnerable, as in the past. */
406 #define SSL_RENEGOTIATE_UNRESTRICTED ((PRBool)1)
407 /* Only renegotiate if the peer's hello bears the TLS renegotiation_info */
408 /* extension. This is safe renegotiation. */
409 #define SSL_RENEGOTIATE_REQUIRES_XTN ((PRBool)2)
410 /* Disallow unsafe renegotiation in server sockets only, but allow clients */
411 /* to continue to renegotiate with vulnerable servers. */
412 /* This value should only be used during the transition period when few */
413 /* servers have been upgraded. */
414 #define SSL_RENEGOTIATE_TRANSITIONAL ((PRBool)3)
415
416 /*
417 ** Reset the handshake state for fd. This will make the complete SSL
418 ** handshake protocol execute from the ground up on the next i/o
419 ** operation.
420 */
421 SSL_IMPORT SECStatus SSL_ResetHandshake(PRFileDesc *fd, PRBool asServer);
422
423 /*
424 ** Force the handshake for fd to complete immediately. This blocks until
425 ** the complete SSL handshake protocol is finished.
426 */
427 SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
428
429 /*
430 ** Same as above, but with an I/O timeout.
431 */
432 SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
433 PRIntervalTime timeout);
434
435 SSL_IMPORT SECStatus SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
436 CERTCertificate *cert,
437 SECKEYPrivateKey *key,
438 CERTCertificateList *certChain);
439
440 /*
441 ** Query security status of socket. *on is set to one if security is
442 ** enabled. *keySize will contain the stream key size used. *issuer will
443 ** contain the RFC1485 verison of the name of the issuer of the
444 ** certificate at the other end of the connection. For a client, this is
445 ** the issuer of the server's certificate; for a server, this is the
446 ** issuer of the client's certificate (if any). Subject is the subject of
447 ** the other end's certificate. The pointers can be zero if the desired
448 ** data is not needed. All strings returned by this function are owned
449 ** by the caller, and need to be freed with PORT_Free.
450 */
451 SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
452 int *keySize, int *secretKeySize,
453 char **issuer, char **subject);
454
455 /* Values for "on" */
456 #define SSL_SECURITY_STATUS_NOOPT -1
457 #define SSL_SECURITY_STATUS_OFF 0
458 #define SSL_SECURITY_STATUS_ON_HIGH 1
459 #define SSL_SECURITY_STATUS_ON_LOW 2
460 #define SSL_SECURITY_STATUS_FORTEZZA 3 /* NO LONGER SUPPORTED */
461
462 /*
463 ** Return the certificate for our SSL peer. If the client calls this
464 ** it will always return the server's certificate. If the server calls
465 ** this, it may return NULL if client authentication is not enabled or
466 ** if the client had no certificate when asked.
467 ** "fd" the socket "file" descriptor
468 */
469 SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
470
471 /*
472 ** Return the certificates presented by the SSL peer. If the SSL peer
473 ** did not present certificates, return NULL with the
474 ** SSL_ERROR_NO_CERTIFICATE error. On failure, return NULL with an error
475 ** code other than SSL_ERROR_NO_CERTIFICATE.
476 ** "fd" the socket "file" descriptor
477 */
478 SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
479
480 /* SSL_PeerStapledOCSPResponses returns the OCSP responses that were provided
481 * by the TLS server. The return value is a pointer to an internal SECItemArray
482 * that contains the returned OCSP responses; it is only valid until the
483 * callback function that calls SSL_PeerStapledOCSPResponses returns.
484 *
485 * If no OCSP responses were given by the server then the result will be empty.
486 * If there was an error, then the result will be NULL.
487 *
488 * You must set the SSL_ENABLE_OCSP_STAPLING option to enable OCSP stapling.
489 * to be provided by a server.
490 *
491 * libssl does not do any validation of the OCSP response itself; the
492 * authenticate certificate hook is responsible for doing so. The default
493 * authenticate certificate hook, SSL_AuthCertificate, does not implement
494 * any OCSP stapling funtionality, but this may change in future versions.
495 */
496 SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
497
498 /* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp
499 * extension data provided by the TLS server. The return value is a pointer
500 * to an internal SECItem that contains the returned response (as a serialized
501 * SignedCertificateTimestampList, see RFC 6962). The returned pointer is only
502 * valid until the callback function that calls SSL_PeerSignedCertTimestamps
503 * (e.g. the authenticate certificate hook, or the handshake callback) returns.
504 *
505 * If no Signed Certificate Timestamps were given by the server then the result
506 * will be empty. If there was an error, then the result will be NULL.
507 *
508 * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to indicate support
509 * for Signed Certificate Timestamps to a server.
510 *
511 * libssl does not do any parsing or validation of the response itself.
512 */
513 SSL_IMPORT const SECItem * SSL_PeerSignedCertTimestamps(PRFileDesc *fd);
514
515 /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
516 * in the fd's data, which may be sent as part of a server side cert_status
517 * handshake message. Parameter |responses| is for the server certificate of
518 * the key exchange type |kea|.
519 * The function will duplicate the responses array.
520 */
521 SSL_IMPORT SECStatus
522 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
523 SSLKEAType kea);
524
525 /*
526 ** Authenticate certificate hook. Called when a certificate comes in
527 ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
528 ** certificate.
529 **
530 ** The authenticate certificate hook must return SECSuccess to indicate the
531 ** certificate is valid, SECFailure to indicate the certificate is invalid,
532 ** or SECWouldBlock if the application will authenticate the certificate
533 ** asynchronously. SECWouldBlock is only supported for non-blocking sockets.
534 **
535 ** If the authenticate certificate hook returns SECFailure, then the bad cert
536 ** hook will be called. The bad cert handler is NEVER called if the
537 ** authenticate certificate hook returns SECWouldBlock. If the application
538 ** needs to handle and/or override a bad cert, it should do so before it
539 ** calls SSL_AuthCertificateComplete (modifying the error it passes to
540 ** SSL_AuthCertificateComplete as needed).
541 **
542 ** See the documentation for SSL_AuthCertificateComplete for more information
543 ** about the asynchronous behavior that occurs when the authenticate
544 ** certificate hook returns SECWouldBlock.
545 **
546 ** RFC 6066 says that clients should send the bad_certificate_status_response
547 ** alert when they encounter an error processing the stapled OCSP response.
548 ** libssl does not provide a way for the authenticate certificate hook to
549 ** indicate that an OCSP error (SEC_ERROR_OCSP_*) that it returns is an error
550 ** in the stapled OCSP response or an error in some other OCSP response.
551 ** Further, NSS does not provide a convenient way to control or determine
552 ** which OCSP response(s) were used to validate a certificate chain.
553 ** Consequently, the current version of libssl does not ever send the
554 ** bad_certificate_status_response alert. This may change in future releases.
555 */
556 typedef SECStatus (PR_CALLBACK *SSLAuthCertificate)(void *arg, PRFileDesc *fd,
557 PRBool checkSig,
558 PRBool isServer);
559
560 SSL_IMPORT SECStatus SSL_AuthCertificateHook(PRFileDesc *fd,
561 SSLAuthCertificate f,
562 void *arg);
563
564 /* An implementation of the certificate authentication hook */
565 SSL_IMPORT SECStatus SSL_AuthCertificate(void *arg, PRFileDesc *fd,
566 PRBool checkSig, PRBool isServer);
567
568 /*
569 * Prototype for SSL callback to get client auth data from the application.
570 * arg - application passed argument
571 * caNames - pointer to distinguished names of CAs that the server likes
572 * pRetCert - pointer to pointer to cert, for return of cert
573 * pRetKey - pointer to key pointer, for return of key
574 */
575 typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
576 PRFileDesc *fd,
577 CERTDistNames *caNames,
578 CERTCertificate **pRetCert,/*return */
579 SECKEYPrivateKey **pRetKey);/* return */
580
581 /*
582 * Set the client side callback for SSL to retrieve user's private key
583 * and certificate.
584 * fd - the file descriptor for the connection in question
585 * f - the application's callback that delivers the key and cert
586 * a - application specific data
587 */
588 SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
589 SSLGetClientAuthData f, void *a);
590
591 /*
592 * Prototype for SSL callback to get client auth data from the application,
593 * optionally using the underlying platform's cryptographic primitives.
594 * To use the platform cryptographic primitives, caNames and pRetCerts
595 * should be set. To use NSS, pRetNSSCert and pRetNSSKey should be set.
596 * Returning SECFailure will cause the socket to send no client certificate.
597 * arg - application passed argument
598 * caNames - pointer to distinguished names of CAs that the server likes
599 * pRetCerts - pointer to pointer to list of certs, with the first being
600 * the client cert, and any following being used for chain
601 * building
602 * pRetKey - pointer to native key pointer, for return of key
603 * - Windows: A pointer to a PCERT_KEY_CONTEXT that was allocated
604 * via PORT_Alloc(). Ownership of the PCERT_KEY_CONTEXT
605 * is transferred to NSS, which will free via
606 * PORT_Free().
607 * - Mac OS X: A pointer to a SecKeyRef. Ownership is
608 * transferred to NSS, which will free via CFRelease().
609 * pRetNSSCert - pointer to pointer to NSS cert, for return of cert.
610 * pRetNSSKey - pointer to NSS key pointer, for return of key.
611 */
612 typedef SECStatus (PR_CALLBACK *SSLGetPlatformClientAuthData)(void *arg,
613 PRFileDesc *fd,
614 CERTDistNames *caNames,
615 CERTCertList **pRetCerts,/*return */
616 void **pRetKey,/* return */
617 CERTCertificate **pRetNSSCert,/*return */
618 SECKEYPrivateKey **pRetNSSKey);/* return */
619
620 /*
621 * Set the client side callback for SSL to retrieve user's private key
622 * and certificate.
623 * Note: If a platform client auth callback is set, the callback configured by
624 * SSL_GetClientAuthDataHook, if any, will not be called.
625 *
626 * fd - the file descriptor for the connection in question
627 * f - the application's callback that delivers the key and cert
628 * a - application specific data
629 */
630 SSL_IMPORT SECStatus
631 SSL_GetPlatformClientAuthDataHook(PRFileDesc *fd,
632 SSLGetPlatformClientAuthData f, void *a);
633
634 /*
635 ** SNI extension processing callback function.
636 ** It is called when SSL socket receives SNI extension in ClientHello message.
637 ** Upon this callback invocation, application is responsible to reconfigure the
638 ** socket with the data for a particular server name.
639 ** There are three potential outcomes of this function invocation:
640 ** * application does not recognize the name or the type and wants the
641 ** "unrecognized_name" alert be sent to the client. In this case the callback
642 ** function must return SSL_SNI_SEND_ALERT status.
643 ** * application does not recognize the name, but wants to continue with
644 ** the handshake using the current socket configuration. In this case,
645 ** no socket reconfiguration is needed and the function should return
646 ** SSL_SNI_CURRENT_CONFIG_IS_USED.
647 ** * application recognizes the name and reconfigures the socket with
648 ** appropriate certs, key, etc. There are many ways to reconfigure. NSS
649 ** provides SSL_ReconfigFD function that can be used to update the socket
650 ** data from model socket. To continue with the rest of the handshake, the
651 ** implementation function should return an index of a name it has chosen.
652 ** LibSSL will ignore any SNI extension received in a ClientHello message
653 ** if application does not register a SSLSNISocketConfig callback.
654 ** Each type field of SECItem indicates the name type.
655 ** NOTE: currently RFC3546 defines only one name type: sni_host_name.
656 ** Client is allowed to send only one name per known type. LibSSL will
657 ** send an "unrecognized_name" alert if SNI extension name list contains more
658 ** then one name of a type.
659 */
660 typedef PRInt32 (PR_CALLBACK *SSLSNISocketConfig)(PRFileDesc *fd,
661 const SECItem *srvNameArr,
662 PRUint32 srvNameArrSize,
663 void *arg);
664
665 /*
666 ** SSLSNISocketConfig should return an index within 0 and srvNameArrSize-1
667 ** when it has reconfigured the socket fd to use certs and keys, etc
668 ** for a specific name. There are two other allowed return values. One
669 ** tells libSSL to use the default cert and key. The other tells libSSL
670 ** to send the "unrecognized_name" alert. These values are:
671 **/
672 #define SSL_SNI_CURRENT_CONFIG_IS_USED -1
673 #define SSL_SNI_SEND_ALERT -2
674
675 /*
676 ** Set application implemented SNISocketConfig callback.
677 */
678 SSL_IMPORT SECStatus SSL_SNISocketConfigHook(PRFileDesc *fd,
679 SSLSNISocketConfig f,
680 void *arg);
681
682 /*
683 ** Reconfigure fd SSL socket with model socket parameters. Sets
684 ** server certs and keys, list of trust anchor, socket options
685 ** and all SSL socket call backs and parameters.
686 */
687 SSL_IMPORT PRFileDesc *SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd);
688
689 /*
690 * Set the client side argument for SSL to retrieve PKCS #11 pin.
691 * fd - the file descriptor for the connection in question
692 * a - pkcs11 application specific data
693 */
694 SSL_IMPORT SECStatus SSL_SetPKCS11PinArg(PRFileDesc *fd, void *a);
695
696 /*
697 ** This is a callback for dealing with server certs that are not authenticated
698 ** by the client. The client app can decide that it actually likes the
699 ** cert by some external means and restart the connection.
700 **
701 ** The bad cert hook must return SECSuccess to override the result of the
702 ** authenticate certificate hook, SECFailure if the certificate should still be
703 ** considered invalid, or SECWouldBlock if the application will authenticate
704 ** the certificate asynchronously. SECWouldBlock is only supported for
705 ** non-blocking sockets.
706 **
707 ** See the documentation for SSL_AuthCertificateComplete for more information
708 ** about the asynchronous behavior that occurs when the bad cert hook returns
709 ** SECWouldBlock.
710 */
711 typedef SECStatus (PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd);
712 SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f,
713 void *arg);
714
715 /*
716 ** Configure SSL socket for running a secure server. Needs the
717 ** certificate for the server and the servers private key. The arguments
718 ** are copied.
719 */
720 SSL_IMPORT SECStatus SSL_ConfigSecureServer(
721 PRFileDesc *fd, CERTCertificate *cert,
722 SECKEYPrivateKey *key, SSLKEAType kea);
723
724 /*
725 ** Allows SSL socket configuration with caller-supplied certificate chain.
726 ** If certChainOpt is NULL, tries to find one.
727 */
728 SSL_IMPORT SECStatus
729 SSL_ConfigSecureServerWithCertChain(PRFileDesc *fd, CERTCertificate *cert,
730 const CERTCertificateList *certChainOpt,
731 SECKEYPrivateKey *key, SSLKEAType kea);
732
733 /*
734 ** Configure a secure server's session-id cache. Define the maximum number
735 ** of entries in the cache, the longevity of the entires, and the directory
736 ** where the cache files will be placed. These values can be zero, and
737 ** if so, the implementation will choose defaults.
738 ** This version of the function is for use in applications that have only one
739 ** process that uses the cache (even if that process has multiple threads).
740 */
741 SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCache(int maxCacheEntries,
742 PRUint32 timeout,
743 PRUint32 ssl3_timeout,
744 const char * directory);
745
746 /* Configure a secure server's session-id cache. Depends on value of
747 * enableMPCache, configures malti-proc or single proc cache. */
748 SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCacheWithOpt(
749 PRUint32 timeout,
750 PRUint32 ssl3_timeout,
751 const char * directory,
752 int maxCacheEntries,
753 int maxCertCacheEntries,
754 int maxSrvNameCacheEntries,
755 PRBool enableMPCache) ;
756
757 /*
758 ** Like SSL_ConfigServerSessionIDCache, with one important difference.
759 ** If the application will run multiple processes (as opposed to, or in
760 ** addition to multiple threads), then it must call this function, instead
761 ** of calling SSL_ConfigServerSessionIDCache().
762 ** This has nothing to do with the number of processORs, only processEs.
763 ** This function sets up a Server Session ID (SID) cache that is safe for
764 ** access by multiple processes on the same system.
765 */
766 SSL_IMPORT SECStatus SSL_ConfigMPServerSIDCache(int maxCacheEntries,
767 PRUint32 timeout,
768 PRUint32 ssl3_timeout,
769 const char * directory);
770
771 /* Get and set the configured maximum number of mutexes used for the
772 ** server's store of SSL sessions. This value is used by the server
773 ** session ID cache initialization functions shown above. Note that on
774 ** some platforms, these mutexes are actually implemented with POSIX
775 ** semaphores, or with unnamed pipes. The default value varies by platform.
776 ** An attempt to set a too-low maximum will return an error and the
777 ** configured value will not be changed.
778 */
779 SSL_IMPORT PRUint32 SSL_GetMaxServerCacheLocks(void);
780 SSL_IMPORT SECStatus SSL_SetMaxServerCacheLocks(PRUint32 maxLocks);
781
782 /* environment variable set by SSL_ConfigMPServerSIDCache, and queried by
783 * SSL_InheritMPServerSIDCache when envString is NULL.
784 */
785 #define SSL_ENV_VAR_NAME "SSL_INHERITANCE"
786
787 /* called in child to inherit SID Cache variables.
788 * If envString is NULL, this function will use the value of the environment
789 * variable "SSL_INHERITANCE", otherwise the string value passed in will be
790 * used.
791 */
792 SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char * envString);
793
794 /*
795 ** Set the callback that gets called when a TLS handshake is complete. The
796 ** handshake callback is called after verifying the peer's Finished message and
797 ** before processing incoming application data.
798 **
799 ** For the initial handshake: If the handshake false started (see
800 ** SSL_ENABLE_FALSE_START), then application data may already have been sent
801 ** before the handshake callback is called. If we did not false start then the
802 ** callback will get called before any application data is sent.
803 */
804 typedef void (PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd,
805 void *client_data);
806 SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd,
807 SSLHandshakeCallback cb, void *client_data);
808
809 /* Applications that wish to enable TLS false start must set this callback
810 ** function. NSS will invoke the functon to determine if a particular
811 ** connection should use false start or not. SECSuccess indicates that the
812 ** callback completed successfully, and if so *canFalseStart indicates if false
813 ** start can be used. If the callback does not return SECSuccess then the
814 ** handshake will be canceled. NSS's recommended criteria can be evaluated by
815 ** calling SSL_RecommendedCanFalseStart.
816 **
817 ** If no false start callback is registered then false start will never be
818 ** done, even if the SSL_ENABLE_FALSE_START option is enabled.
819 **/
820 typedef SECStatus (PR_CALLBACK *SSLCanFalseStartCallback)(
821 PRFileDesc *fd, void *arg, PRBool *canFalseStart);
822
823 SSL_IMPORT SECStatus SSL_SetCanFalseStartCallback(
824 PRFileDesc *fd, SSLCanFalseStartCallback callback, void *arg);
825
826 /* This function sets *canFalseStart according to the recommended criteria for
827 ** false start. These criteria may change from release to release and may depend
828 ** on which handshake features have been negotiated and/or properties of the
829 ** certifciates/keys used on the connection.
830 */
831 SSL_IMPORT SECStatus SSL_RecommendedCanFalseStart(PRFileDesc *fd,
832 PRBool *canFalseStart);
833
834 /*
835 ** For the server, request a new handshake. For the client, begin a new
836 ** handshake. If flushCache is non-zero, the SSL3 cache entry will be
837 ** flushed first, ensuring that a full SSL handshake will be done.
838 ** If flushCache is zero, and an SSL connection is established, it will
839 ** do the much faster session restart handshake. This will change the
840 ** session keys without doing another private key operation.
841 */
842 SSL_IMPORT SECStatus SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache);
843
844 /*
845 ** Same as above, but with an I/O timeout.
846 */
847 SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
848 PRBool flushCache,
849 PRIntervalTime timeout);
850
851 /* Returns a SECItem containing the certificate_types field of the
852 ** CertificateRequest message. Each byte of the data is a TLS
853 ** ClientCertificateType value, and they are ordered from most preferred to
854 ** least. This function should only be called from the
855 ** SSL_GetClientAuthDataHook callback, and will return NULL if called at any
856 ** other time. The returned value is valid only until the callback returns, and
857 ** should not be freed.
858 */
859 SSL_IMPORT const SECItem *
860 SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd);
861
862 #ifdef SSL_DEPRECATED_FUNCTION
863 /* deprecated!
864 ** For the server, request a new handshake. For the client, begin a new
865 ** handshake. Flushes SSL3 session cache entry first, ensuring that a
866 ** full handshake will be done.
867 ** This call is equivalent to SSL_ReHandshake(fd, PR_TRUE)
868 */
869 SSL_IMPORT SECStatus SSL_RedoHandshake(PRFileDesc *fd);
870 #endif
871
872 /*
873 * Allow the application to pass a URL or hostname into the SSL library.
874 */
875 SSL_IMPORT SECStatus SSL_SetURL(PRFileDesc *fd, const char *url);
876
877 /*
878 * Allow an application to define a set of trust anchors for peer
879 * cert validation.
880 */
881 SSL_IMPORT SECStatus SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *list);
882
883 /*
884 ** Return the number of bytes that SSL has waiting in internal buffers.
885 ** Return 0 if security is not enabled.
886 */
887 SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
888
889 /*
890 ** Invalidate the SSL session associated with fd.
891 */
892 SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
893
894 /*
895 ** Cache the SSL session associated with fd, if it has not already been cached.
896 */
897 SSL_IMPORT SECStatus SSL_CacheSession(PRFileDesc *fd);
898
899 /*
900 ** Cache the SSL session associated with fd, if it has not already been cached.
901 ** This function may only be called when processing within a callback assigned
902 ** via SSL_HandshakeCallback
903 */
904 SSL_IMPORT SECStatus SSL_CacheSessionUnlocked(PRFileDesc *fd);
905
906 /*
907 ** Return a SECItem containing the SSL session ID associated with the fd.
908 */
909 SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
910
911 /*
912 ** Clear out the client's SSL session cache, not the server's session cache.
913 */
914 SSL_IMPORT void SSL_ClearSessionCache(void);
915
916 /*
917 ** Close the server's SSL session cache.
918 */
919 SSL_IMPORT SECStatus SSL_ShutdownServerSessionIDCache(void);
920
921 /*
922 ** Set peer information so we can correctly look up SSL session later.
923 ** You only have to do this if you're tunneling through a proxy.
924 */
925 SSL_IMPORT SECStatus SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID);
926
927 /*
928 ** Reveal the security information for the peer.
929 */
930 SSL_IMPORT CERTCertificate * SSL_RevealCert(PRFileDesc * socket);
931 SSL_IMPORT void * SSL_RevealPinArg(PRFileDesc * socket);
932 SSL_IMPORT char * SSL_RevealURL(PRFileDesc * socket);
933
934 /* This callback may be passed to the SSL library via a call to
935 * SSL_GetClientAuthDataHook() for each SSL client socket.
936 * It will be invoked when SSL needs to know what certificate and private key
937 * (if any) to use to respond to a request for client authentication.
938 * If arg is non-NULL, it is a pointer to a NULL-terminated string containing
939 * the nickname of the cert/key pair to use.
940 * If arg is NULL, this function will search the cert and key databases for
941 * a suitable match and send it if one is found.
942 */
943 SSL_IMPORT SECStatus
944 NSS_GetClientAuthData(void * arg,
945 PRFileDesc * socket,
946 struct CERTDistNamesStr * caNames,
947 struct CERTCertificateStr ** pRetCert,
948 struct SECKEYPrivateKeyStr **pRetKey);
949
950 /*
951 ** Configure DTLS-SRTP (RFC 5764) cipher suite preferences.
952 ** Input is a list of ciphers in descending preference order and a length
953 ** of the list. As a side effect, this causes the use_srtp extension to be
954 ** negotiated.
955 **
956 ** Invalid or unimplemented cipher suites in |ciphers| are ignored. If at
957 ** least one cipher suite in |ciphers| is implemented, returns SECSuccess.
958 ** Otherwise returns SECFailure.
959 */
960 SSL_IMPORT SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
961 const PRUint16 *ciphers,
962 unsigned int numCiphers);
963
964 /*
965 ** Get the selected DTLS-SRTP cipher suite (if any).
966 ** To be called after the handshake completes.
967 ** Returns SECFailure if not negotiated.
968 */
969 SSL_IMPORT SECStatus SSL_GetSRTPCipher(PRFileDesc *fd,
970 PRUint16 *cipher);
971
972 /*
973 * Look to see if any of the signers in the cert chain for "cert" are found
974 * in the list of caNames.
975 * Returns SECSuccess if so, SECFailure if not.
976 * Used by NSS_GetClientAuthData. May be used by other callback functions.
977 */
978 SSL_IMPORT SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert,
979 CERTDistNames *caNames);
980
981 /*
982 * Returns key exchange type of the keys in an SSL server certificate.
983 */
984 SSL_IMPORT SSLKEAType NSS_FindCertKEAType(CERTCertificate * cert);
985
986 /* Set cipher policies to a predefined Domestic (U.S.A.) policy.
987 * This essentially allows all supported ciphers.
988 */
989 SSL_IMPORT SECStatus NSS_SetDomesticPolicy(void);
990
991 /* Set cipher policies to a predefined Policy that is exportable from the USA
992 * according to present U.S. policies as we understand them.
993 * It is the same as NSS_SetDomesticPolicy now.
994 */
995 SSL_IMPORT SECStatus NSS_SetExportPolicy(void);
996
997 /* Set cipher policies to a predefined Policy that is exportable from the USA
998 * according to present U.S. policies as we understand them, and that the
999 * nation of France will permit to be imported into their country.
1000 * It is the same as NSS_SetDomesticPolicy now.
1001 */
1002 SSL_IMPORT SECStatus NSS_SetFrancePolicy(void);
1003
1004 SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void);
1005
1006 /* Report more information than SSL_SecurityStatus.
1007 ** Caller supplies the info struct. Function fills it in.
1008 */
1009 SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info,
1010 PRUintn len);
1011 SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
1012 SSLCipherSuiteInfo *info, PRUintn len);
1013
1014 /* Returnes negotiated through SNI host info. */
1015 SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
1016
1017 /* Export keying material according to RFC 5705.
1018 ** fd must correspond to a TLS 1.0 or higher socket and out must
1019 ** already be allocated. If hasContext is false, it uses the no-context
1020 ** construction from the RFC and ignores the context and contextLen
1021 ** arguments.
1022 */
1023 SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
1024 const char *label,
1025 unsigned int labelLen,
1026 PRBool hasContext,
1027 const unsigned char *context,
1028 unsigned int contextLen,
1029 unsigned char *out,
1030 unsigned int outLen);
1031
1032 /*
1033 ** Return a new reference to the certificate that was most recently sent
1034 ** to the peer on this SSL/TLS connection, or NULL if none has been sent.
1035 */
1036 SSL_IMPORT CERTCertificate * SSL_LocalCertificate(PRFileDesc *fd);
1037
1038 /* Test an SSL configuration to see if SSL_BYPASS_PKCS11 can be turned on.
1039 ** Check the key exchange algorithm for each cipher in the list to see if
1040 ** a master secret key can be extracted after being derived with the mechanism
1041 ** required by the protocolmask argument. If the KEA will use keys from the
1042 ** specified cert make sure the extract operation is attempted from the slot
1043 ** where the private key resides.
1044 ** If MS can be extracted for all ciphers, (*pcanbypass) is set to TRUE and
1045 ** SECSuccess is returned. In all other cases but one (*pcanbypass) is
1046 ** set to FALSE and SECFailure is returned.
1047 ** In that last case Derive() has been called successfully but the MS is null,
1048 ** CanBypass sets (*pcanbypass) to FALSE and returns SECSuccess indicating the
1049 ** arguments were all valid but the slot cannot be bypassed.
1050 **
1051 ** Note: A TRUE return code from CanBypass means "Your configuration will perfor m
1052 ** NO WORSE with the bypass enabled than without"; it does NOT mean that every
1053 ** cipher suite listed will work properly with the selected protocols.
1054 **
1055 ** Caveat: If export cipher suites are included in the argument list Canbypass
1056 ** will return FALSE.
1057 **/
1058
1059 /* protocol mask bits */
1060 #define SSL_CBP_SSL3 0x0001 /* test SSL v3 mechanisms */
1061 #define SSL_CBP_TLS1_0 0x0002 /* test TLS v1.0 mechanisms */
1062
1063 SSL_IMPORT SECStatus SSL_CanBypass(CERTCertificate *cert,
1064 SECKEYPrivateKey *privKey,
1065 PRUint32 protocolmask,
1066 PRUint16 *ciphers, int nciphers,
1067 PRBool *pcanbypass, void *pwArg);
1068
1069 /*
1070 ** Did the handshake with the peer negotiate the given extension?
1071 ** Output parameter valid only if function returns SECSuccess
1072 */
1073 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
1074 SSLExtensionType extId,
1075 PRBool *yes);
1076
1077 SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
1078 PRBool *last_handshake_resumed) ;
1079
1080 /* See SSL_SetClientChannelIDCallback for usage. If the callback returns
1081 * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in
1082 * the future to restart the handshake. On SECSuccess, the callback must have
1083 * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */
1084 typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)(
1085 void *arg,
1086 PRFileDesc *fd,
1087 SECKEYPublicKey **out_public_key,
1088 SECKEYPrivateKey **out_private_key);
1089
1090 /* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake
1091 * after a ChannelID callback returned SECWouldBlock.
1092 *
1093 * This function takes ownership of |channelIDPub| and |channelID|. */
1094 SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq(
1095 PRFileDesc *fd,
1096 SECKEYPublicKey *channelIDPub,
1097 SECKEYPrivateKey *channelID);
1098
1099 /* SSL_SetClientChannelIDCallback sets a callback function that will be called
1100 * once the server's ServerHello has been processed. This is only applicable to
1101 * a client socket and setting this callback causes the TLS Channel ID
1102 * extension to be advertised. */
1103 SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback(
1104 PRFileDesc *fd,
1105 SSLClientChannelIDCallback callback,
1106 void *arg);
1107
1108 /*
1109 ** How long should we wait before retransmitting the next flight of
1110 ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
1111 ** handshake.
1112 */
1113 SSL_IMPORT SECStatus DTLS_GetHandshakeTimeout(PRFileDesc *socket,
1114 PRIntervalTime *timeout);
1115
1116 /*
1117 * Return a boolean that indicates whether the underlying library
1118 * will perform as the caller expects.
1119 *
1120 * The only argument is a string, which should be the version
1121 * identifier of the NSS library. That string will be compared
1122 * against a string that represents the actual build version of
1123 * the SSL library.
1124 */
1125 extern PRBool NSSSSL_VersionCheck(const char *importedVersion);
1126
1127 /*
1128 * Returns a const string of the SSL library version.
1129 */
1130 extern const char *NSSSSL_GetVersion(void);
1131
1132 /* Restart an SSL connection that was paused to do asynchronous certificate
1133 * chain validation (when the auth certificate hook or bad cert handler
1134 * returned SECWouldBlock).
1135 *
1136 * This function only works for non-blocking sockets; Do not use it for
1137 * blocking sockets. Currently, this function works only for the client role of
1138 * a connection; it does not work for the server role.
1139 *
1140 * The application must call SSL_AuthCertificateComplete with 0 as the value of
1141 * the error parameter after it has successfully validated the peer's
1142 * certificate, in order to continue the SSL handshake.
1143 *
1144 * The application may call SSL_AuthCertificateComplete with a non-zero value
1145 * for error (e.g. SEC_ERROR_REVOKED_CERTIFICATE) when certificate validation
1146 * fails, before it closes the connection. If the application does so, an
1147 * alert corresponding to the error (e.g. certificate_revoked) will be sent to
1148 * the peer. See the source code of the internal function
1149 * ssl3_SendAlertForCertError for the current mapping of error to alert. This
1150 * mapping may change in future versions of libssl.
1151 *
1152 * This function will not complete the entire handshake. The application must
1153 * call SSL_ForceHandshake, PR_Recv, PR_Send, etc. after calling this function
1154 * to force the handshake to complete.
1155 *
1156 * On the first handshake of a connection, libssl will wait for the peer's
1157 * certificate to be authenticated before calling the handshake callback,
1158 * sending a client certificate, sending any application data, or returning
1159 * any application data to the application. On subsequent (renegotiation)
1160 * handshakes, libssl will block the handshake unconditionally while the
1161 * certificate is being validated.
1162 *
1163 * libssl may send and receive handshake messages while waiting for the
1164 * application to call SSL_AuthCertificateComplete, and it may call other
1165 * callbacks (e.g, the client auth data hook) before
1166 * SSL_AuthCertificateComplete has been called.
1167 *
1168 * An application that uses this asynchronous mechanism will usually have lower
1169 * handshake latency if it has to do public key operations on the certificate
1170 * chain and/or CRL/OCSP/cert fetching during the authentication, especially if
1171 * it does so in parallel on another thread. However, if the application can
1172 * authenticate the peer's certificate quickly then it may be more efficient
1173 * to use the synchronous mechanism (i.e. returning SECFailure/SECSuccess
1174 * instead of SECWouldBlock from the authenticate certificate hook).
1175 *
1176 * Be careful about converting an application from synchronous cert validation
1177 * to asynchronous certificate validation. A naive conversion is likely to
1178 * result in deadlocks; e.g. the application will wait in PR_Poll for network
1179 * I/O on the connection while all network I/O on the connection is blocked
1180 * waiting for this function to be called.
1181 *
1182 * Returns SECFailure on failure, SECSuccess on success. Never returns
1183 * SECWouldBlock. Note that SSL_AuthCertificateComplete will (usually) return
1184 * SECSuccess; do not interpret the return value of SSL_AuthCertificateComplete
1185 * as an indicator of whether it is OK to continue using the connection. For
1186 * example, SSL_AuthCertificateComplete(fd, SEC_ERROR_REVOKED_CERTIFICATE) will
1187 * return SECSuccess (normally), but that does not mean that the application
1188 * should continue using the connection. If the application passes a non-zero
1189 * value for second argument (error), or if SSL_AuthCertificateComplete returns
1190 * anything other than SECSuccess, then the application should close the
1191 * connection.
1192 */
1193 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
1194 PRErrorCode error);
1195 SEC_END_PROTOS
1196
1197 #endif /* __ssl_h_ */
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/prelib.c ('k') | net/third_party/nss/ssl/ssl.rc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698