diff options
Diffstat (limited to 'security/nss/lib/ssl/ssl.h')
| -rw-r--r-- | security/nss/lib/ssl/ssl.h | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index 9394adcca0..7e538ac1fc 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -228,7 +228,7 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); * on the server to read that data. Calls to * SSL_GetPreliminaryChannelInfo() and SSL_GetNextProto() * can be made used during this period to learn about the channel - * parameters [TODO(ekr@rtfm.com): This hasn't landed yet]. + * parameters. * * The transition between the 0-RTT and 1-RTT modes is marked by the * handshake callback. @@ -394,7 +394,7 @@ SSL_IMPORT SECStatus SSL_SignaturePrefGet( ** can be set or retrieved using SSL_SignatureSchemePrefSet or ** SSL_SignatureSchemePrefGet. */ -SSL_IMPORT unsigned int SSL_SignatureMaxCount(); +SSL_IMPORT unsigned int SSL_SignatureMaxCount(void); /* ** Define custom priorities for EC and FF groups used in DH key exchange and EC @@ -820,6 +820,25 @@ SSL_IMPORT PRFileDesc *SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd); SSL_IMPORT SECStatus SSL_SetPKCS11PinArg(PRFileDesc *fd, void *a); /* +** These are callbacks for dealing with SSL alerts. + */ + +typedef PRUint8 SSLAlertLevel; +typedef PRUint8 SSLAlertDescription; + +typedef struct { + SSLAlertLevel level; + SSLAlertDescription description; +} SSLAlert; + +typedef void(PR_CALLBACK *SSLAlertCallback)(const PRFileDesc *fd, void *arg, + const SSLAlert *alert); + +SSL_IMPORT SECStatus SSL_AlertReceivedCallback(PRFileDesc *fd, SSLAlertCallback cb, + void *arg); +SSL_IMPORT SECStatus SSL_AlertSentCallback(PRFileDesc *fd, SSLAlertCallback cb, + void *arg); +/* ** This is a callback for dealing with server certs that are not authenticated ** by the client. The client app can decide that it actually likes the ** cert by some external means and restart the connection. @@ -915,6 +934,22 @@ SSL_ConfigSecureServerWithCertChain(PRFileDesc *fd, CERTCertificate *cert, SECKEYPrivateKey *key, SSLKEAType kea); /* +** SSL_SetSessionTicketKeyPair configures an asymmetric key pair for use in +** wrapping session ticket keys, used by the server. This function currently +** only accepts an RSA public/private key pair. +** +** Prior to the existence of this function, NSS used an RSA private key +** associated with a configured certificate to perform session ticket +** encryption. If this function isn't used, the keys provided with a configured +** RSA certificate are used for wrapping session ticket keys. +** +** NOTE: This key is used for all self-encryption but is named for +** session tickets for historical reasons. +*/ +SSL_IMPORT SECStatus +SSL_SetSessionTicketKeyPair(SECKEYPublicKey *pubKey, SECKEYPrivateKey *privKey); + +/* ** Configure a secure server's session-id cache. Define the maximum number ** of entries in the cache, the longevity of the entires, and the directory ** where the cache files will be placed. These values can be zero, and |