diff options
| author | ekasper@google.com <ekasper@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-21 02:36:55 +0000 |
|---|---|---|
| committer | ekasper@google.com <ekasper@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-21 02:36:55 +0000 |
| commit | b04dff61dbf2c71c021eed65dd549c7e84dfb34b (patch) | |
| tree | cdd1783d87edb19c35a99e56d6c87d245020cfd3 /net/third_party/nss/ssl/ssl.h | |
| parent | 6bfe8216bf3258382f19da1a9dd220a9851914e0 (diff) | |
| download | chromium_src-b04dff61dbf2c71c021eed65dd549c7e84dfb34b.zip chromium_src-b04dff61dbf2c71c021eed65dd549c7e84dfb34b.tar.gz chromium_src-b04dff61dbf2c71c021eed65dd549c7e84dfb34b.tar.bz2 | |
Certificate Transparency TLS extension patch for NSS
BUG=309578
Review URL: https://codereview.chromium.org/64553002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@236376 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party/nss/ssl/ssl.h')
| -rw-r--r-- | net/third_party/nss/ssl/ssl.h | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h index 67cc3a7..4cf02aa 100644 --- a/net/third_party/nss/ssl/ssl.h +++ b/net/third_party/nss/ssl/ssl.h @@ -161,6 +161,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); */ #define SSL_CBC_RANDOM_IV 23 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ +/* Request Signed Certificate Timestamps via TLS extension (client) */ +#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 25 #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ @@ -464,6 +466,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd); */ SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd); +/* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp + * extension data provided by the TLS server. The return value is a pointer + * to an internal SECItem that contains the returned response (as a serialized + * SignedCertificateTimestampList, see RFC 6962). The returned pointer is only + * valid until the callback function that calls SSL_PeerSignedCertTimestamps + * (e.g. the authenticate certificate hook, or the handshake callback) returns. + * + * If no Signed Certificate Timestamps were given by the server then the result + * will be empty. If there was an error, then the result will be NULL. + * + * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to indicate support + * for Signed Certificate Timestamps to a server. + * + * libssl does not do any parsing or validation of the response itself. + */ +SSL_IMPORT const SECItem * SSL_PeerSignedCertTimestamps(PRFileDesc *fd); + /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses * in the fd's data, which may be sent as part of a server side cert_status * handshake message. Parameter |responses| is for the server certificate of |