From f017b749ea9f1586d2308504553d40bf4cc5439d Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Tue, 6 Feb 2018 11:46:26 +0100 Subject: Update NSS to 3.32.1-RTM --- security/nss/lib/ssl/ssl.h | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) (limited to 'security/nss/lib/ssl/ssl.h') diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index 9394adcca..7e538ac1f 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -228,7 +228,7 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); * on the server to read that data. Calls to * SSL_GetPreliminaryChannelInfo() and SSL_GetNextProto() * can be made used during this period to learn about the channel - * parameters [TODO(ekr@rtfm.com): This hasn't landed yet]. + * parameters. * * The transition between the 0-RTT and 1-RTT modes is marked by the * handshake callback. @@ -394,7 +394,7 @@ SSL_IMPORT SECStatus SSL_SignaturePrefGet( ** can be set or retrieved using SSL_SignatureSchemePrefSet or ** SSL_SignatureSchemePrefGet. */ -SSL_IMPORT unsigned int SSL_SignatureMaxCount(); +SSL_IMPORT unsigned int SSL_SignatureMaxCount(void); /* ** Define custom priorities for EC and FF groups used in DH key exchange and EC @@ -819,6 +819,25 @@ SSL_IMPORT PRFileDesc *SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd); */ SSL_IMPORT SECStatus SSL_SetPKCS11PinArg(PRFileDesc *fd, void *a); +/* +** These are callbacks for dealing with SSL alerts. + */ + +typedef PRUint8 SSLAlertLevel; +typedef PRUint8 SSLAlertDescription; + +typedef struct { + SSLAlertLevel level; + SSLAlertDescription description; +} SSLAlert; + +typedef void(PR_CALLBACK *SSLAlertCallback)(const PRFileDesc *fd, void *arg, + const SSLAlert *alert); + +SSL_IMPORT SECStatus SSL_AlertReceivedCallback(PRFileDesc *fd, SSLAlertCallback cb, + void *arg); +SSL_IMPORT SECStatus SSL_AlertSentCallback(PRFileDesc *fd, SSLAlertCallback cb, + void *arg); /* ** This is a callback for dealing with server certs that are not authenticated ** by the client. The client app can decide that it actually likes the @@ -914,6 +933,22 @@ SSL_ConfigSecureServerWithCertChain(PRFileDesc *fd, CERTCertificate *cert, const CERTCertificateList *certChainOpt, SECKEYPrivateKey *key, SSLKEAType kea); +/* +** SSL_SetSessionTicketKeyPair configures an asymmetric key pair for use in +** wrapping session ticket keys, used by the server. This function currently +** only accepts an RSA public/private key pair. +** +** Prior to the existence of this function, NSS used an RSA private key +** associated with a configured certificate to perform session ticket +** encryption. If this function isn't used, the keys provided with a configured +** RSA certificate are used for wrapping session ticket keys. +** +** NOTE: This key is used for all self-encryption but is named for +** session tickets for historical reasons. +*/ +SSL_IMPORT SECStatus +SSL_SetSessionTicketKeyPair(SECKEYPublicKey *pubKey, SECKEYPrivateKey *privKey); + /* ** Configure a secure server's session-id cache. Define the maximum number ** of entries in the cache, the longevity of the entires, and the directory -- cgit v1.2.3