diff options
Diffstat (limited to 'security/nss/lib/ssl/ssl.h')
| -rw-r--r-- | security/nss/lib/ssl/ssl.h | 49 |
1 files changed, 11 insertions, 38 deletions
diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index 25aabbaa2..7e538ac1f 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -107,7 +107,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); #define SSL_NO_LOCKS 17 /* Don't use locks for protection */ #define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */ /* extension (off by default) */ -#define SSL_ENABLE_DEFLATE 19 /* (unsupported, deprecated, off) */ +#define SSL_ENABLE_DEFLATE 19 /* Enable TLS compression with */ + /* DEFLATE (off by default) */ #define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */ #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling */ /* Cipher Suite Value (SCSV) or */ @@ -230,46 +231,25 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); * parameters. * * The transition between the 0-RTT and 1-RTT modes is marked by the - * handshake callback. However, it is possible to force the completion - * of the handshake (and cause the handshake callback to be called) - * prior to reading all 0-RTT data using SSL_ForceHandshake(). To - * ensure that all early data is read before the handshake callback, any - * time that SSL_ForceHandshake() returns a PR_WOULD_BLOCK_ERROR, use - * PR_Read() to read all available data. If PR_Read() is called - * multiple times, this will result in the handshake completing, but the - * handshake callback will occur after early data has all been read. + * handshake callback. * * WARNING: 0-RTT data has different anti-replay and PFS properties than - * the rest of the TLS data. See [draft-ietf-tls-tls13; Section 8] + * the rest of the TLS data. See [draft-ietf-tls-tls13; Section 6.2.3] * for more details. - * - * Note: when DTLS 1.3 is in use, any 0-RTT data received after EndOfEarlyData - * (e.g., because of reordering) is discarded. */ #define SSL_ENABLE_0RTT_DATA 33 -/* Enables TLS 1.3 compatibility mode. In this mode, the client includes a fake - * session ID in the handshake and sends a ChangeCipherSpec. A server will - * always use the setting chosen by the client, so the value of this option has - * no effect for a server. This setting is ignored for DTLS. */ -#define SSL_ENABLE_TLS13_COMPAT_MODE 35 - #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ -SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRIntn on); -SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRIntn on); +SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); +SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); #endif -/* Set (and get) options for sockets and defaults for newly created sockets. - * - * While the |val| parameter of these methods is PRIntn, options only support - * two values by default: PR_TRUE or PR_FALSE. The documentation of specific - * options will explain if other values are permitted. - */ -SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRIntn val); -SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRIntn *val); -SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRIntn val); -SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRIntn *val); +/* New function names */ +SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); +SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); +SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on); +SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on); SSL_IMPORT SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle); /* SSLNextProtoCallback is called during the handshake for the client, when a @@ -1394,13 +1374,6 @@ extern const char *NSSSSL_GetVersion(void); */ SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error); - -/* - * This is used to access experimental APIs. Don't call this directly. This is - * used to enable the experimental APIs that are defined in "sslexp.h". - */ -SSL_IMPORT void *SSL_GetExperimentalAPI(const char *name); - SEC_END_PROTOS #endif /* __ssl_h_ */ |