diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-11-22 21:42:38 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-11-22 21:42:38 +0000 |
| commit | 67d9e6801ab1201732fc2a1d13e95a2f330cc0f3 (patch) | |
| tree | 53a8023a177fdebe038955b43fcda0b0612f6e19 /net/third_party/nss/ssl/ssl.h | |
| parent | 53edc64524d217d22b175f78f8c81df0ece79a11 (diff) | |
| download | chromium_src-67d9e6801ab1201732fc2a1d13e95a2f330cc0f3.zip chromium_src-67d9e6801ab1201732fc2a1d13e95a2f330cc0f3.tar.gz chromium_src-67d9e6801ab1201732fc2a1d13e95a2f330cc0f3.tar.bz2 | |
nss: add support for OCSP stapling.
This patch adds support in libssl for requesting and storing OCSP
stapled responses.
BUG=none
TEST=none (yet)
http://codereview.chromium.org/5045001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67005 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party/nss/ssl/ssl.h')
| -rw-r--r-- | net/third_party/nss/ssl/ssl.h | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h index 9d3da0c..3515007 100644 --- a/net/third_party/nss/ssl/ssl.h +++ b/net/third_party/nss/ssl/ssl.h @@ -148,6 +148,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd); /* previous connection to the same server is required. See */ /* SSL_GetPredictedServerHelloData, SSL_SetPredictedPeerCertificates and */ /* SSL_SetSnapStartApplicationData. */ +#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ @@ -283,6 +284,23 @@ SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd); SSL_IMPORT SECStatus SSL_PeerCertificateChain( PRFileDesc *fd, CERTCertificate **certs, unsigned int *certs_size); +/* SSL_GetStapledOCSPResponse returns the OCSP response that was provided by + * the TLS server. The resulting data is copied to |out_data|. On entry, |*len| + * must contain the size of |out_data|. On exit, |*len| will contain the size + * of the OCSP stapled response. If the stapled response is too large to fit in + * |out_data| then it will be truncated. If no OCSP response was given by the + * server then it has zero length. + * + * You must set the SSL_ENABLE_OCSP_STAPLING option in order for OCSP responses + * to be provided by a server. + * + * You can call this function during the certificate verification callback or + * any time afterwards. + */ +SSL_IMPORT SECStatus SSL_GetStapledOCSPResponse(PRFileDesc *fd, + unsigned char *out_data, + unsigned int *len); + /* ** Authenticate certificate hook. Called when a certificate comes in ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the |