Home | History | Annotate | Download | only in ssl
      1 /*
      2  * This file contains prototypes for the public SSL functions.
      3  *
      4  * This Source Code Form is subject to the terms of the Mozilla Public
      5  * License, v. 2.0. If a copy of the MPL was not distributed with this
      6  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      7 
      8 #ifndef __ssl_h_
      9 #define __ssl_h_
     10 
     11 #include "prtypes.h"
     12 #include "prerror.h"
     13 #include "prio.h"
     14 #include "seccomon.h"
     15 #include "cert.h"
     16 #include "keyt.h"
     17 
     18 #include "sslt.h"  /* public ssl data types */
     19 
     20 #if defined(_WIN32) && !defined(IN_LIBSSL) && !defined(NSS_USE_STATIC_LIBS)
     21 #define SSL_IMPORT extern __declspec(dllimport)
     22 #else
     23 #define SSL_IMPORT extern
     24 #endif
     25 
     26 SEC_BEGIN_PROTOS
     27 
     28 /* constant table enumerating all implemented SSL 2 and 3 cipher suites. */
     29 SSL_IMPORT const PRUint16 SSL_ImplementedCiphers[];
     30 
     31 /* the same as the above, but is a function */
     32 SSL_IMPORT const PRUint16 *SSL_GetImplementedCiphers(void);
     33 
     34 /* number of entries in the above table. */
     35 SSL_IMPORT const PRUint16 SSL_NumImplementedCiphers;
     36 
     37 /* the same as the above, but is a function */
     38 SSL_IMPORT PRUint16 SSL_GetNumImplementedCiphers(void);
     39 
     40 /* Macro to tell which ciphers in table are SSL2 vs SSL3/TLS. */
     41 #define SSL_IS_SSL2_CIPHER(which) (((which) & 0xfff0) == 0xff00)
     42 
     43 /*
     44 ** Imports fd into SSL, returning a new socket.  Copies SSL configuration
     45 ** from model.
     46 */
     47 SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
     48 
     49 /*
     50 ** Imports fd into DTLS, returning a new socket.  Copies DTLS configuration
     51 ** from model.
     52 */
     53 SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
     54 
     55 /*
     56 ** Enable/disable an ssl mode
     57 **
     58 ** 	SSL_SECURITY:
     59 ** 		enable/disable use of SSL security protocol before connect
     60 **
     61 ** 	SSL_SOCKS:
     62 ** 		enable/disable use of socks before connect
     63 **		(No longer supported).
     64 **
     65 ** 	SSL_REQUEST_CERTIFICATE:
     66 ** 		require a certificate during secure connect
     67 */
     68 /* options */
     69 #define SSL_SECURITY			1 /* (on by default) */
     70 #define SSL_SOCKS			2 /* (off by default) */
     71 #define SSL_REQUEST_CERTIFICATE		3 /* (off by default) */
     72 #define SSL_HANDSHAKE_AS_CLIENT		5 /* force accept to hs as client */
     73                                		  /* (off by default) */
     74 #define SSL_HANDSHAKE_AS_SERVER		6 /* force connect to hs as server */
     75                                		  /* (off by default) */
     76 
     77 /* OBSOLETE: SSL v2 is obsolete and may be removed soon. */
     78 #define SSL_ENABLE_SSL2			7 /* enable ssl v2 (off by default) */
     79 
     80 /* OBSOLETE: See "SSL Version Range API" below for the replacement and a
     81 ** description of the non-obvious semantics of using SSL_ENABLE_SSL3.
     82 */
     83 #define SSL_ENABLE_SSL3		        8 /* enable ssl v3 (on by default) */
     84 
     85 #define SSL_NO_CACHE		        9 /* don't use the session cache */
     86                     		          /* (off by default) */
     87 #define SSL_REQUIRE_CERTIFICATE        10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */
     88                                           /* by default) */
     89 #define SSL_ENABLE_FDX                 11 /* permit simultaneous read/write */
     90                                           /* (off by default) */
     91 
     92 /* OBSOLETE: SSL v2 compatible hellos are not accepted by some TLS servers
     93 ** and cannot negotiate extensions. SSL v2 is obsolete. This option may be
     94 ** removed soon.
     95 */
     96 #define SSL_V2_COMPATIBLE_HELLO        12 /* send v3 client hello in v2 fmt */
     97                                           /* (off by default) */
     98 
     99 /* OBSOLETE: See "SSL Version Range API" below for the replacement and a
    100 ** description of the non-obvious semantics of using SSL_ENABLE_TLS.
    101 */
    102 #define SSL_ENABLE_TLS		       13 /* enable TLS (on by default) */
    103 
    104 #define SSL_ROLLBACK_DETECTION         14 /* for compatibility, default: on */
    105 #define SSL_NO_STEP_DOWN               15 /* Disable export cipher suites   */
    106                                           /* if step-down keys are needed.  */
    107 					  /* default: off, generate         */
    108 					  /* step-down keys if needed.      */
    109 #define SSL_BYPASS_PKCS11              16 /* use PKCS#11 for pub key only   */
    110 #define SSL_NO_LOCKS                   17 /* Don't use locks for protection */
    111 #define SSL_ENABLE_SESSION_TICKETS     18 /* Enable TLS SessionTicket       */
    112                                           /* extension (off by default)     */
    113 #define SSL_ENABLE_DEFLATE             19 /* Enable TLS compression with    */
    114                                           /* DEFLATE (off by default)       */
    115 #define SSL_ENABLE_RENEGOTIATION       20 /* Values below (default: never)  */
    116 #define SSL_REQUIRE_SAFE_NEGOTIATION   21 /* Peer must send Signaling       */
    117 					  /* Cipher Suite Value (SCSV) or   */
    118                                           /* Renegotiation  Info (RI)       */
    119 					  /* extension in ALL handshakes.   */
    120                                           /* default: off                   */
    121 #define SSL_ENABLE_FALSE_START         22 /* Enable SSL false start (off by */
    122                                           /* default, applies only to       */
    123                                           /* clients). False start is a     */
    124 /* mode where an SSL client will start sending application data before      */
    125 /* verifying the server's Finished message. This means that we could end up */
    126 /* sending data to an imposter. However, the data will be encrypted and     */
    127 /* only the true server can derive the session key. Thus, so long as the    */
    128 /* cipher isn't broken this is safe. Because of this, False Start will only */
    129 /* occur on RSA or DH ciphersuites where the cipher's key length is >= 80   */
    130 /* bits. The advantage of False Start is that it saves a round trip for     */
    131 /* client-speaks-first protocols when performing a full handshake.          */
    132 
    133 /* For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks
    134  * on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting
    135  * non-empty application_data records into two records; the first record has
    136  * only the first byte of plaintext, and the second has the rest.
    137  *
    138  * This only prevents the attack in the sending direction; the connection may
    139  * still be vulnerable to such attacks if the peer does not implement a similar
    140  * countermeasure.
    141  *
    142  * This protection mechanism is on by default; the default can be overridden by
    143  * setting NSS_SSL_CBC_RANDOM_IV=0 in the environment prior to execution,
    144  * and/or by the application setting the option SSL_CBC_RANDOM_IV to PR_FALSE.
    145  *
    146  * The per-record IV in TLS 1.1 and later adds one block of overhead per
    147  * record, whereas this hack will add at least two blocks of overhead per
    148  * record, so TLS 1.1+ will always be more efficient.
    149  *
    150  * Other implementations (e.g. some versions of OpenSSL, in some
    151  * configurations) prevent the same attack by prepending an empty
    152  * application_data record to every application_data record they send; we do
    153  * not do that because some implementations cannot handle empty
    154  * application_data records. Also, we only split application_data records and
    155  * not other types of records, because some implementations will not accept
    156  * fragmented records of some other types (e.g. some versions of NSS do not
    157  * accept fragmented alerts).
    158  */
    159 #define SSL_CBC_RANDOM_IV 23
    160 #define SSL_ENABLE_OCSP_STAPLING       24 /* Request OCSP stapling (client) */
    161 
    162 #ifdef SSL_DEPRECATED_FUNCTION
    163 /* Old deprecated function names */
    164 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
    165 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
    166 #endif
    167 
    168 /* New function names */
    169 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
    170 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
    171 SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
    172 SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);
    173 SSL_IMPORT SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle);
    174 
    175 /* SSLNextProtoCallback is called during the handshake for the client, when a
    176  * Next Protocol Negotiation (NPN) extension has been received from the server.
    177  * |protos| and |protosLen| define a buffer which contains the server's
    178  * advertisement. This data is guaranteed to be well formed per the NPN spec.
    179  * |protoOut| is a buffer provided by the caller, of length 255 (the maximum
    180  * allowed by the protocol). On successful return, the protocol to be announced
    181  * to the server will be in |protoOut| and its length in |*protoOutLen|.
    182  *
    183  * The callback must return SECFailure or SECSuccess (not SECWouldBlock).
    184  */
    185 typedef SECStatus (PR_CALLBACK *SSLNextProtoCallback)(
    186     void *arg,
    187     PRFileDesc *fd,
    188     const unsigned char* protos,
    189     unsigned int protosLen,
    190     unsigned char* protoOut,
    191     unsigned int* protoOutLen,
    192     unsigned int protoMaxOut);
    193 
    194 /* SSL_SetNextProtoCallback sets a callback function to handle Next Protocol
    195  * Negotiation. It causes a client to advertise NPN. */
    196 SSL_IMPORT SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd,
    197                                               SSLNextProtoCallback callback,
    198                                               void *arg);
    199 
    200 /* SSL_SetNextProtoNego can be used as an alternative to
    201  * SSL_SetNextProtoCallback. It also causes a client to advertise NPN and
    202  * installs a default callback function which selects the first supported
    203  * protocol in server-preference order. If no matching protocol is found it
    204  * selects the first supported protocol.
    205  *
    206  * Using this function also allows the client to transparently support ALPN.
    207  * The same set of protocols will be advertised via ALPN and, if the server
    208  * uses ALPN to select a protocol, SSL_GetNextProto will return
    209  * SSL_NEXT_PROTO_SELECTED as the state.
    210  *
    211  * Since NPN uses the first protocol as the fallback protocol, when sending an
    212  * ALPN extension, the first protocol is moved to the end of the list. This
    213  * indicates that the fallback protocol is the least preferred. The other
    214  * protocols should be in preference order.
    215  *
    216  * The supported protocols are specified in |data| in wire-format (8-bit
    217  * length-prefixed). For example: "\010http/1.1\006spdy/2". */
    218 SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd,
    219 					  const unsigned char *data,
    220 					  unsigned int length);
    221 
    222 typedef enum SSLNextProtoState {
    223   SSL_NEXT_PROTO_NO_SUPPORT = 0, /* No peer support                */
    224   SSL_NEXT_PROTO_NEGOTIATED = 1, /* Mutual agreement               */
    225   SSL_NEXT_PROTO_NO_OVERLAP = 2, /* No protocol overlap found      */
    226   SSL_NEXT_PROTO_SELECTED   = 3  /* Server selected proto (ALPN)   */
    227 } SSLNextProtoState;
    228 
    229 /* SSL_GetNextProto can be used in the HandshakeCallback or any time after
    230  * a handshake to retrieve the result of the Next Protocol negotiation.
    231  *
    232  * The length of the negotiated protocol, if any, is written into *bufLen.
    233  * If the negotiated protocol is longer than bufLenMax, then SECFailure is
    234  * returned. Otherwise, the negotiated protocol, if any, is written into buf,
    235  * and SECSuccess is returned. */
    236 SSL_IMPORT SECStatus SSL_GetNextProto(PRFileDesc *fd,
    237 				      SSLNextProtoState *state,
    238 				      unsigned char *buf,
    239 				      unsigned int *bufLen,
    240 				      unsigned int bufLenMax);
    241 
    242 /*
    243 ** Control ciphers that SSL uses. If on is non-zero then the named cipher
    244 ** is enabled, otherwise it is disabled.
    245 ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values).
    246 ** EnableCipher records user preferences.
    247 ** SetPolicy sets the policy according to the policy module.
    248 */
    249 #ifdef SSL_DEPRECATED_FUNCTION
    250 /* Old deprecated function names */
    251 SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled);
    252 SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy);
    253 #endif
    254 
    255 /* New function names */
    256 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool enabled);
    257 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *enabled);
    258 SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);
    259 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
    260 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
    261 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
    262 
    263 /* SSLChannelBindingType enumerates the types of supported channel binding
    264  * values. See RFC 5929. */
    265 typedef enum SSLChannelBindingType {
    266     SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
    267 } SSLChannelBindingType;
    268 
    269 /* SSL_GetChannelBinding copies the requested channel binding value, as defined
    270  * in RFC 5929, into |out|. The full length of the binding value is written
    271  * into |*outLen|.
    272  *
    273  * At most |outLenMax| bytes of data are copied. If |outLenMax| is
    274  * insufficient then the function returns SECFailure and sets the error to
    275  * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
    276  *
    277  * This call will fail if made during a renegotiation. */
    278 SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
    279 					   SSLChannelBindingType binding_type,
    280 					   unsigned char *out,
    281 					   unsigned int *outLen,
    282 					   unsigned int outLenMax);
    283 
    284 /* SSL Version Range API
    285 **
    286 ** This API should be used to control SSL 3.0 & TLS support instead of the
    287 ** older SSL_Option* API; however, the SSL_Option* API MUST still be used to
    288 ** control SSL 2.0 support. In this version of libssl, SSL 3.0 and TLS 1.0 are
    289 ** enabled by default. Future versions of libssl may change which versions of
    290 ** the protocol are enabled by default.
    291 **
    292 ** The SSLProtocolVariant enum indicates whether the protocol is of type
    293 ** stream or datagram. This must be provided to the functions that do not
    294 ** take an fd. Functions which take an fd will get the variant from the fd,
    295 ** which is typed.
    296 **
    297 ** Using the new version range API in conjunction with the older
    298 ** SSL_OptionSet-based API for controlling the enabled protocol versions may
    299 ** cause unexpected results. Going forward, we guarantee only the following:
    300 **
    301 ** SSL_OptionGet(SSL_ENABLE_TLS) will return PR_TRUE if *ANY* versions of TLS
    302 ** are enabled.
    303 **
    304 ** SSL_OptionSet(SSL_ENABLE_TLS, PR_FALSE) will disable *ALL* versions of TLS,
    305 ** including TLS 1.0 and later.
    306 **
    307 ** The above two properties provide compatibility for applications that use
    308 ** SSL_OptionSet to implement the insecure fallback from TLS 1.x to SSL 3.0.
    309 **
    310 ** SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) will enable TLS 1.0, and may also
    311 ** enable some later versions of TLS, if it is necessary to do so in order to
    312 ** keep the set of enabled versions contiguous. For example, if TLS 1.2 is
    313 ** enabled, then after SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE), TLS 1.0,
    314 ** TLS 1.1, and TLS 1.2 will be enabled, and the call will have no effect on
    315 ** whether SSL 3.0 is enabled. If no later versions of TLS are enabled at the
    316 ** time SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) is called, then no later
    317 ** versions of TLS will be enabled by the call.
    318 **
    319 ** SSL_OptionSet(SSL_ENABLE_SSL3, PR_FALSE) will disable SSL 3.0, and will not
    320 ** change the set of TLS versions that are enabled.
    321 **
    322 ** SSL_OptionSet(SSL_ENABLE_SSL3, PR_TRUE) will enable SSL 3.0, and may also
    323 ** enable some versions of TLS if TLS 1.1 or later is enabled at the time of
    324 ** the call, the same way SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) works, in
    325 ** order to keep the set of enabled versions contiguous.
    326 */
    327 
    328 /* Returns, in |*vrange|, the range of SSL3/TLS versions supported for the
    329 ** given protocol variant by the version of libssl linked-to at runtime.
    330 */
    331 SSL_IMPORT SECStatus SSL_VersionRangeGetSupported(
    332     SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
    333 
    334 /* Returns, in |*vrange|, the range of SSL3/TLS versions enabled by default
    335 ** for the given protocol variant.
    336 */
    337 SSL_IMPORT SECStatus SSL_VersionRangeGetDefault(
    338     SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
    339 
    340 /* Sets the range of enabled-by-default SSL3/TLS versions for the given
    341 ** protocol variant to |*vrange|.
    342 */
    343 SSL_IMPORT SECStatus SSL_VersionRangeSetDefault(
    344     SSLProtocolVariant protocolVariant, const SSLVersionRange *vrange);
    345 
    346 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */
    347 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd,
    348 					 SSLVersionRange *vrange);
    349 
    350 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */
    351 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd,
    352 					 const SSLVersionRange *vrange);
    353 
    354 
    355 /* Values for "policy" argument to SSL_PolicySet */
    356 /* Values returned by SSL_CipherPolicyGet. */
    357 #define SSL_NOT_ALLOWED		 0	      /* or invalid or unimplemented */
    358 #define SSL_ALLOWED		 1
    359 #define SSL_RESTRICTED		 2	      /* only with "Step-Up" certs. */
    360 
    361 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */
    362 #define SSL_REQUIRE_NEVER           ((PRBool)0)
    363 #define SSL_REQUIRE_ALWAYS          ((PRBool)1)
    364 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2)
    365 #define SSL_REQUIRE_NO_ERROR        ((PRBool)3)
    366 
    367 /* Values for "on" with SSL_ENABLE_RENEGOTIATION */
    368 /* Never renegotiate at all.                                               */
    369 #define SSL_RENEGOTIATE_NEVER        ((PRBool)0)
    370 /* Renegotiate without restriction, whether or not the peer's client hello */
    371 /* bears the renegotiation info extension.  Vulnerable, as in the past.    */
    372 #define SSL_RENEGOTIATE_UNRESTRICTED ((PRBool)1)
    373 /* Only renegotiate if the peer's hello bears the TLS renegotiation_info   */
    374 /* extension. This is safe renegotiation.                                  */
    375 #define SSL_RENEGOTIATE_REQUIRES_XTN ((PRBool)2)
    376 /* Disallow unsafe renegotiation in server sockets only, but allow clients */
    377 /* to continue to renegotiate with vulnerable servers.                     */
    378 /* This value should only be used during the transition period when few    */
    379 /* servers have been upgraded.                                             */
    380 #define SSL_RENEGOTIATE_TRANSITIONAL ((PRBool)3)
    381 
    382 /*
    383 ** Reset the handshake state for fd. This will make the complete SSL
    384 ** handshake protocol execute from the ground up on the next i/o
    385 ** operation.
    386 */
    387 SSL_IMPORT SECStatus SSL_ResetHandshake(PRFileDesc *fd, PRBool asServer);
    388 
    389 /*
    390 ** Force the handshake for fd to complete immediately.  This blocks until
    391 ** the complete SSL handshake protocol is finished.
    392 */
    393 SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
    394 
    395 /*
    396 ** Same as above, but with an I/O timeout.
    397  */
    398 SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
    399                                                    PRIntervalTime timeout);
    400 
    401 SSL_IMPORT SECStatus SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
    402 					    CERTCertificate *cert,
    403 					    SECKEYPrivateKey *key,
    404 					    CERTCertificateList *certChain);
    405 
    406 /*
    407 ** Query security status of socket. *on is set to one if security is
    408 ** enabled. *keySize will contain the stream key size used. *issuer will
    409 ** contain the RFC1485 verison of the name of the issuer of the
    410 ** certificate at the other end of the connection. For a client, this is
    411 ** the issuer of the server's certificate; for a server, this is the
    412 ** issuer of the client's certificate (if any). Subject is the subject of
    413 ** the other end's certificate. The pointers can be zero if the desired
    414 ** data is not needed.  All strings returned by this function are owned
    415 ** by the caller, and need to be freed with PORT_Free.
    416 */
    417 SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
    418 			                int *keySize, int *secretKeySize,
    419 			                char **issuer, char **subject);
    420 
    421 /* Values for "on" */
    422 #define SSL_SECURITY_STATUS_NOOPT	-1
    423 #define SSL_SECURITY_STATUS_OFF		0
    424 #define SSL_SECURITY_STATUS_ON_HIGH	1
    425 #define SSL_SECURITY_STATUS_ON_LOW	2
    426 #define SSL_SECURITY_STATUS_FORTEZZA	3 /* NO LONGER SUPPORTED */
    427 
    428 /*
    429 ** Return the certificate for our SSL peer. If the client calls this
    430 ** it will always return the server's certificate. If the server calls
    431 ** this, it may return NULL if client authentication is not enabled or
    432 ** if the client had no certificate when asked.
    433 **	"fd" the socket "file" descriptor
    434 */
    435 SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
    436 
    437 /* SSL_PeerStapledOCSPResponses returns the OCSP responses that were provided
    438  * by the TLS server. The return value is a pointer to an internal SECItemArray
    439  * that contains the returned OCSP responses; it is only valid until the
    440  * callback function that calls SSL_PeerStapledOCSPResponses returns.
    441  *
    442  * If no OCSP responses were given by the server then the result will be empty.
    443  * If there was an error, then the result will be NULL.
    444  *
    445  * You must set the SSL_ENABLE_OCSP_STAPLING option to enable OCSP stapling.
    446  * to be provided by a server.
    447  *
    448  * libssl does not do any validation of the OCSP response itself; the
    449  * authenticate certificate hook is responsible for doing so. The default
    450  * authenticate certificate hook, SSL_AuthCertificate, does not implement
    451  * any OCSP stapling funtionality, but this may change in future versions.
    452  */
    453 SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
    454 
    455 /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
    456  * in the fd's data, which may be sent as part of a server side cert_status
    457  * handshake message. Parameter |responses| is for the server certificate of
    458  * the key exchange type |kea|.
    459  * The function will duplicate the responses array.
    460  */
    461 SSL_IMPORT SECStatus
    462 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
    463 			    SSLKEAType kea);
    464 
    465 /*
    466 ** Return references to the certificates presented by the SSL peer.
    467 ** |maxNumCerts| must contain the size of the |certs| array. On successful
    468 ** return, |*numCerts| contains the number of certificates available and
    469 ** |certs| will contain references to as many certificates as would fit.
    470 ** Therefore if |*numCerts| contains a value less than or equal to
    471 ** |maxNumCerts|, then all certificates were returned.
    472 */
    473 SSL_IMPORT SECStatus SSL_PeerCertificateChain(
    474 	PRFileDesc *fd, CERTCertificate **certs,
    475 	unsigned int *numCerts, unsigned int maxNumCerts);
    476 
    477 /*
    478 ** Authenticate certificate hook. Called when a certificate comes in
    479 ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
    480 ** certificate.
    481 **
    482 ** The authenticate certificate hook must return SECSuccess to indicate the
    483 ** certificate is valid, SECFailure to indicate the certificate is invalid,
    484 ** or SECWouldBlock if the application will authenticate the certificate
    485 ** asynchronously. SECWouldBlock is only supported for non-blocking sockets.
    486 **
    487 ** If the authenticate certificate hook returns SECFailure, then the bad cert
    488 ** hook will be called. The bad cert handler is NEVER called if the
    489 ** authenticate certificate hook returns SECWouldBlock. If the application
    490 ** needs to handle and/or override a bad cert, it should do so before it
    491 ** calls SSL_AuthCertificateComplete (modifying the error it passes to
    492 ** SSL_AuthCertificateComplete as needed).
    493 **
    494 ** See the documentation for SSL_AuthCertificateComplete for more information
    495 ** about the asynchronous behavior that occurs when the authenticate
    496 ** certificate hook returns SECWouldBlock.
    497 **
    498 ** RFC 6066 says that clients should send the bad_certificate_status_response
    499 ** alert when they encounter an error processing the stapled OCSP response.
    500 ** libssl does not provide a way for the authenticate certificate hook to
    501 ** indicate that an OCSP error (SEC_ERROR_OCSP_*) that it returns is an error
    502 ** in the stapled OCSP response or an error in some other OCSP response.
    503 ** Further, NSS does not provide a convenient way to control or determine
    504 ** which OCSP response(s) were used to validate a certificate chain.
    505 ** Consequently, the current version of libssl does not ever send the
    506 ** bad_certificate_status_response alert. This may change in future releases.
    507 */
    508 typedef SECStatus (PR_CALLBACK *SSLAuthCertificate)(void *arg, PRFileDesc *fd,
    509                                                     PRBool checkSig,
    510                                                     PRBool isServer);
    511 
    512 SSL_IMPORT SECStatus SSL_AuthCertificateHook(PRFileDesc *fd,
    513 					     SSLAuthCertificate f,
    514 				             void *arg);
    515 
    516 /* An implementation of the certificate authentication hook */
    517 SSL_IMPORT SECStatus SSL_AuthCertificate(void *arg, PRFileDesc *fd,
    518 					 PRBool checkSig, PRBool isServer);
    519 
    520 /*
    521  * Prototype for SSL callback to get client auth data from the application.
    522  *	arg - application passed argument
    523  *	caNames - pointer to distinguished names of CAs that the server likes
    524  *	pRetCert - pointer to pointer to cert, for return of cert
    525  *	pRetKey - pointer to key pointer, for return of key
    526  */
    527 typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
    528                                 PRFileDesc *fd,
    529                                 CERTDistNames *caNames,
    530                                 CERTCertificate **pRetCert,/*return */
    531                                 SECKEYPrivateKey **pRetKey);/* return */
    532 
    533 /*
    534  * Set the client side callback for SSL to retrieve user's private key
    535  * and certificate.
    536  *	fd - the file descriptor for the connection in question
    537  *	f - the application's callback that delivers the key and cert
    538  *	a - application specific data
    539  */
    540 SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
    541 			                       SSLGetClientAuthData f, void *a);
    542 
    543 /*
    544  * Prototype for SSL callback to get client auth data from the application,
    545  * optionally using the underlying platform's cryptographic primitives.
    546  * To use the platform cryptographic primitives, caNames and pRetCerts
    547  * should be set.  To use NSS, pRetNSSCert and pRetNSSKey should be set.
    548  * Returning SECFailure will cause the socket to send no client certificate.
    549  *	arg - application passed argument
    550  *	caNames - pointer to distinguished names of CAs that the server likes
    551  *	pRetCerts - pointer to pointer to list of certs, with the first being
    552  *		    the client cert, and any following being used for chain
    553  *		    building
    554  *	pRetKey - pointer to native key pointer, for return of key
    555  *          - Windows: A pointer to a PCERT_KEY_CONTEXT that was allocated
    556  *                     via PORT_Alloc(). Ownership of the PCERT_KEY_CONTEXT
    557  *                     is transferred to NSS, which will free via
    558  *                     PORT_Free().
    559  *          - Mac OS X: A pointer to a SecKeyRef. Ownership is
    560  *                      transferred to NSS, which will free via CFRelease().
    561  *	pRetNSSCert - pointer to pointer to NSS cert, for return of cert.
    562  *	pRetNSSKey - pointer to NSS key pointer, for return of key.
    563  */
    564 typedef SECStatus (PR_CALLBACK *SSLGetPlatformClientAuthData)(void *arg,
    565                                 PRFileDesc *fd,
    566                                 CERTDistNames *caNames,
    567                                 CERTCertList **pRetCerts,/*return */
    568                                 void **pRetKey,/* return */
    569                                 CERTCertificate **pRetNSSCert,/*return */
    570                                 SECKEYPrivateKey **pRetNSSKey);/* return */
    571 
    572 /*
    573  * Set the client side callback for SSL to retrieve user's private key
    574  * and certificate.
    575  * Note: If a platform client auth callback is set, the callback configured by
    576  * SSL_GetClientAuthDataHook, if any, will not be called.
    577  *
    578  *	fd - the file descriptor for the connection in question
    579  *	f - the application's callback that delivers the key and cert
    580  *	a - application specific data
    581  */
    582 SSL_IMPORT SECStatus
    583 SSL_GetPlatformClientAuthDataHook(PRFileDesc *fd,
    584                                   SSLGetPlatformClientAuthData f, void *a);
    585 
    586 /*
    587 ** SNI extension processing callback function.
    588 ** It is called when SSL socket receives SNI extension in ClientHello message.
    589 ** Upon this callback invocation, application is responsible to reconfigure the
    590 ** socket with the data for a particular server name.
    591 ** There are three potential outcomes of this function invocation:
    592 **    * application does not recognize the name or the type and wants the
    593 **    "unrecognized_name" alert be sent to the client. In this case the callback
    594 **    function must return SSL_SNI_SEND_ALERT status.
    595 **    * application does not recognize  the name, but wants to continue with
    596 **    the handshake using the current socket configuration. In this case,
    597 **    no socket reconfiguration is needed and the function should return
    598 **    SSL_SNI_CURRENT_CONFIG_IS_USED.
    599 **    * application recognizes the name and reconfigures the socket with
    600 **    appropriate certs, key, etc. There are many ways to reconfigure. NSS
    601 **    provides SSL_ReconfigFD function that can be used to update the socket
    602 **    data from model socket. To continue with the rest of the handshake, the
    603 **    implementation function should return an index of a name it has chosen.
    604 ** LibSSL will ignore any SNI extension received in a ClientHello message
    605 ** if application does not register a SSLSNISocketConfig callback.
    606 ** Each type field of SECItem indicates the name type.
    607 ** NOTE: currently RFC3546 defines only one name type: sni_host_name.
    608 ** Client is allowed to send only one name per known type. LibSSL will
    609 ** send an "unrecognized_name" alert if SNI extension name list contains more
    610 ** then one name of a type.
    611 */
    612 typedef PRInt32 (PR_CALLBACK *SSLSNISocketConfig)(PRFileDesc *fd,
    613                                             const SECItem *srvNameArr,
    614                                                   PRUint32 srvNameArrSize,
    615                                                   void *arg);
    616 
    617 /*
    618 ** SSLSNISocketConfig should return an index within 0 and srvNameArrSize-1
    619 ** when it has reconfigured the socket fd to use certs and keys, etc
    620 ** for a specific name. There are two other allowed return values. One
    621 ** tells libSSL to use the default cert and key.  The other tells libSSL
    622 ** to send the "unrecognized_name" alert.  These values are:
    623 **/
    624 #define SSL_SNI_CURRENT_CONFIG_IS_USED           -1
    625 #define SSL_SNI_SEND_ALERT                       -2
    626 
    627 /*
    628 ** Set application implemented SNISocketConfig callback.
    629 */
    630 SSL_IMPORT SECStatus SSL_SNISocketConfigHook(PRFileDesc *fd,
    631                                              SSLSNISocketConfig f,
    632                                              void *arg);
    633 
    634 /*
    635 ** Reconfigure fd SSL socket with model socket parameters. Sets
    636 ** server certs and keys, list of trust anchor, socket options
    637 ** and all SSL socket call backs and parameters.
    638 */
    639 SSL_IMPORT PRFileDesc *SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd);
    640 
    641 /*
    642  * Set the client side argument for SSL to retrieve PKCS #11 pin.
    643  *	fd - the file descriptor for the connection in question
    644  *	a - pkcs11 application specific data
    645  */
    646 SSL_IMPORT SECStatus SSL_SetPKCS11PinArg(PRFileDesc *fd, void *a);
    647 
    648 /*
    649 ** This is a callback for dealing with server certs that are not authenticated
    650 ** by the client.  The client app can decide that it actually likes the
    651 ** cert by some external means and restart the connection.
    652 **
    653 ** The bad cert hook must return SECSuccess to override the result of the
    654 ** authenticate certificate hook, SECFailure if the certificate should still be
    655 ** considered invalid, or SECWouldBlock if the application will authenticate
    656 ** the certificate asynchronously. SECWouldBlock is only supported for
    657 ** non-blocking sockets.
    658 **
    659 ** See the documentation for SSL_AuthCertificateComplete for more information
    660 ** about the asynchronous behavior that occurs when the bad cert hook returns
    661 ** SECWouldBlock.
    662 */
    663 typedef SECStatus (PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd);
    664 SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f,
    665 				     void *arg);
    666 
    667 /*
    668 ** Configure SSL socket for running a secure server. Needs the
    669 ** certificate for the server and the servers private key. The arguments
    670 ** are copied.
    671 */
    672 SSL_IMPORT SECStatus SSL_ConfigSecureServer(
    673 				PRFileDesc *fd, CERTCertificate *cert,
    674 				SECKEYPrivateKey *key, SSLKEAType kea);
    675 
    676 /*
    677 ** Allows SSL socket configuration with caller-supplied certificate chain.
    678 ** If certChainOpt is NULL, tries to find one.
    679 */
    680 SSL_IMPORT SECStatus
    681 SSL_ConfigSecureServerWithCertChain(PRFileDesc *fd, CERTCertificate *cert,
    682                                     const CERTCertificateList *certChainOpt,
    683                                     SECKEYPrivateKey *key, SSLKEAType kea);
    684 
    685 /*
    686 ** Configure a secure server's session-id cache. Define the maximum number
    687 ** of entries in the cache, the longevity of the entires, and the directory
    688 ** where the cache files will be placed.  These values can be zero, and
    689 ** if so, the implementation will choose defaults.
    690 ** This version of the function is for use in applications that have only one
    691 ** process that uses the cache (even if that process has multiple threads).
    692 */
    693 SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCache(int      maxCacheEntries,
    694 					            PRUint32 timeout,
    695 					            PRUint32 ssl3_timeout,
    696 				              const char *   directory);
    697 
    698 /* Configure a secure server's session-id cache. Depends on value of
    699  * enableMPCache, configures malti-proc or single proc cache. */
    700 SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCacheWithOpt(
    701                                                            PRUint32 timeout,
    702                                                        PRUint32 ssl3_timeout,
    703                                                      const char *   directory,
    704                                                           int maxCacheEntries,
    705                                                       int maxCertCacheEntries,
    706                                                     int maxSrvNameCacheEntries,
    707                                                            PRBool enableMPCache);
    708 
    709 /*
    710 ** Like SSL_ConfigServerSessionIDCache, with one important difference.
    711 ** If the application will run multiple processes (as opposed to, or in
    712 ** addition to multiple threads), then it must call this function, instead
    713 ** of calling SSL_ConfigServerSessionIDCache().
    714 ** This has nothing to do with the number of processORs, only processEs.
    715 ** This function sets up a Server Session ID (SID) cache that is safe for
    716 ** access by multiple processes on the same system.
    717 */
    718 SSL_IMPORT SECStatus SSL_ConfigMPServerSIDCache(int      maxCacheEntries,
    719 				                PRUint32 timeout,
    720 			       	                PRUint32 ssl3_timeout,
    721 		                          const char *   directory);
    722 
    723 /* Get and set the configured maximum number of mutexes used for the
    724 ** server's store of SSL sessions.  This value is used by the server
    725 ** session ID cache initialization functions shown above.  Note that on
    726 ** some platforms, these mutexes are actually implemented with POSIX
    727 ** semaphores, or with unnamed pipes.  The default value varies by platform.
    728 ** An attempt to set a too-low maximum will return an error and the
    729 ** configured value will not be changed.
    730 */
    731 SSL_IMPORT PRUint32  SSL_GetMaxServerCacheLocks(void);
    732 SSL_IMPORT SECStatus SSL_SetMaxServerCacheLocks(PRUint32 maxLocks);
    733 
    734 /* environment variable set by SSL_ConfigMPServerSIDCache, and queried by
    735  * SSL_InheritMPServerSIDCache when envString is NULL.
    736  */
    737 #define SSL_ENV_VAR_NAME            "SSL_INHERITANCE"
    738 
    739 /* called in child to inherit SID Cache variables.
    740  * If envString is NULL, this function will use the value of the environment
    741  * variable "SSL_INHERITANCE", otherwise the string value passed in will be
    742  * used.
    743  */
    744 SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char * envString);
    745 
    746 /*
    747 ** Set the callback on a particular socket that gets called when we finish
    748 ** performing a handshake.
    749 */
    750 typedef void (PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd,
    751                                                  void *client_data);
    752 SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd,
    753 			          SSLHandshakeCallback cb, void *client_data);
    754 
    755 /*
    756 ** For the server, request a new handshake.  For the client, begin a new
    757 ** handshake.  If flushCache is non-zero, the SSL3 cache entry will be
    758 ** flushed first, ensuring that a full SSL handshake will be done.
    759 ** If flushCache is zero, and an SSL connection is established, it will
    760 ** do the much faster session restart handshake.  This will change the
    761 ** session keys without doing another private key operation.
    762 */
    763 SSL_IMPORT SECStatus SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache);
    764 
    765 /*
    766 ** Same as above, but with an I/O timeout.
    767  */
    768 SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
    769                                                 PRBool flushCache,
    770                                                 PRIntervalTime timeout);
    771 
    772 /* Returns a SECItem containing the certificate_types field of the
    773 ** CertificateRequest message.  Each byte of the data is a TLS
    774 ** ClientCertificateType value, and they are ordered from most preferred to
    775 ** least.  This function should only be called from the
    776 ** SSL_GetClientAuthDataHook callback, and will return NULL if called at any
    777 ** other time.  The returned value is valid only until the callback returns, and
    778 ** should not be freed.
    779 */
    780 SSL_IMPORT const SECItem *
    781 SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd);
    782 
    783 #ifdef SSL_DEPRECATED_FUNCTION
    784 /* deprecated!
    785 ** For the server, request a new handshake.  For the client, begin a new
    786 ** handshake.  Flushes SSL3 session cache entry first, ensuring that a
    787 ** full handshake will be done.
    788 ** This call is equivalent to SSL_ReHandshake(fd, PR_TRUE)
    789 */
    790 SSL_IMPORT SECStatus SSL_RedoHandshake(PRFileDesc *fd);
    791 #endif
    792 
    793 /*
    794  * Allow the application to pass a URL or hostname into the SSL library.
    795  */
    796 SSL_IMPORT SECStatus SSL_SetURL(PRFileDesc *fd, const char *url);
    797 
    798 /*
    799  * Allow an application to define a set of trust anchors for peer
    800  * cert validation.
    801  */
    802 SSL_IMPORT SECStatus SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *list);
    803 
    804 /*
    805 ** Return the number of bytes that SSL has waiting in internal buffers.
    806 ** Return 0 if security is not enabled.
    807 */
    808 SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
    809 
    810 /*
    811 ** Invalidate the SSL session associated with fd.
    812 */
    813 SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
    814 
    815 /*
    816 ** Return a SECItem containing the SSL session ID associated with the fd.
    817 */
    818 SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
    819 
    820 /*
    821 ** Clear out the client's SSL session cache, not the server's session cache.
    822 */
    823 SSL_IMPORT void SSL_ClearSessionCache(void);
    824 
    825 /*
    826 ** Close the server's SSL session cache.
    827 */
    828 SSL_IMPORT SECStatus SSL_ShutdownServerSessionIDCache(void);
    829 
    830 /*
    831 ** Set peer information so we can correctly look up SSL session later.
    832 ** You only have to do this if you're tunneling through a proxy.
    833 */
    834 SSL_IMPORT SECStatus SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID);
    835 
    836 /*
    837 ** Reveal the security information for the peer.
    838 */
    839 SSL_IMPORT CERTCertificate * SSL_RevealCert(PRFileDesc * socket);
    840 SSL_IMPORT void * SSL_RevealPinArg(PRFileDesc * socket);
    841 SSL_IMPORT char * SSL_RevealURL(PRFileDesc * socket);
    842 
    843 /* This callback may be passed to the SSL library via a call to
    844  * SSL_GetClientAuthDataHook() for each SSL client socket.
    845  * It will be invoked when SSL needs to know what certificate and private key
    846  * (if any) to use to respond to a request for client authentication.
    847  * If arg is non-NULL, it is a pointer to a NULL-terminated string containing
    848  * the nickname of the cert/key pair to use.
    849  * If arg is NULL, this function will search the cert and key databases for
    850  * a suitable match and send it if one is found.
    851  */
    852 SSL_IMPORT SECStatus
    853 NSS_GetClientAuthData(void *                       arg,
    854                       PRFileDesc *                 socket,
    855                       struct CERTDistNamesStr *    caNames,
    856                       struct CERTCertificateStr ** pRetCert,
    857                       struct SECKEYPrivateKeyStr **pRetKey);
    858 
    859 /*
    860 ** Configure DTLS-SRTP (RFC 5764) cipher suite preferences.
    861 ** Input is a list of ciphers in descending preference order and a length
    862 ** of the list. As a side effect, this causes the use_srtp extension to be
    863 ** negotiated.
    864 **
    865 ** Invalid or unimplemented cipher suites in |ciphers| are ignored. If at
    866 ** least one cipher suite in |ciphers| is implemented, returns SECSuccess.
    867 ** Otherwise returns SECFailure.
    868 */
    869 SSL_IMPORT SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
    870 					const PRUint16 *ciphers,
    871 					unsigned int numCiphers);
    872 
    873 /*
    874 ** Get the selected DTLS-SRTP cipher suite (if any).
    875 ** To be called after the handshake completes.
    876 ** Returns SECFailure if not negotiated.
    877 */
    878 SSL_IMPORT SECStatus SSL_GetSRTPCipher(PRFileDesc *fd,
    879 				       PRUint16 *cipher);
    880 
    881 /*
    882  * Look to see if any of the signers in the cert chain for "cert" are found
    883  * in the list of caNames.
    884  * Returns SECSuccess if so, SECFailure if not.
    885  * Used by NSS_GetClientAuthData.  May be used by other callback functions.
    886  */
    887 SSL_IMPORT SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert,
    888                                           CERTDistNames *caNames);
    889 
    890 /*
    891  * Returns key exchange type of the keys in an SSL server certificate.
    892  */
    893 SSL_IMPORT SSLKEAType NSS_FindCertKEAType(CERTCertificate * cert);
    894 
    895 /* Set cipher policies to a predefined Domestic (U.S.A.) policy.
    896  * This essentially enables all supported ciphers.
    897  */
    898 SSL_IMPORT SECStatus NSS_SetDomesticPolicy(void);
    899 
    900 /* Set cipher policies to a predefined Policy that is exportable from the USA
    901  *   according to present U.S. policies as we understand them.
    902  * See documentation for the list.
    903  * Note that your particular application program may be able to obtain
    904  *   an export license with more or fewer capabilities than those allowed
    905  *   by this function.  In that case, you should use SSL_SetPolicy()
    906  *   to explicitly allow those ciphers you may legally export.
    907  */
    908 SSL_IMPORT SECStatus NSS_SetExportPolicy(void);
    909 
    910 /* Set cipher policies to a predefined Policy that is exportable from the USA
    911  *   according to present U.S. policies as we understand them, and that the
    912  *   nation of France will permit to be imported into their country.
    913  * See documentation for the list.
    914  */
    915 SSL_IMPORT SECStatus NSS_SetFrancePolicy(void);
    916 
    917 SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void);
    918 
    919 /* Report more information than SSL_SecurityStatus.
    920 ** Caller supplies the info struct.  Function fills it in.
    921 */
    922 SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info,
    923                                         PRUintn len);
    924 SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
    925                                         SSLCipherSuiteInfo *info, PRUintn len);
    926 
    927 /* Returnes negotiated through SNI host info. */
    928 SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
    929 
    930 /* Export keying material according to RFC 5705.
    931 ** fd must correspond to a TLS 1.0 or higher socket and out must
    932 ** already be allocated. If hasContext is false, it uses the no-context
    933 ** construction from the RFC and ignores the context and contextLen
    934 ** arguments.
    935 */
    936 SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
    937                                               const char *label,
    938                                               unsigned int labelLen,
    939                                               PRBool hasContext,
    940                                               const unsigned char *context,
    941                                               unsigned int contextLen,
    942                                               unsigned char *out,
    943                                               unsigned int outLen);
    944 
    945 /*
    946 ** Return a new reference to the certificate that was most recently sent
    947 ** to the peer on this SSL/TLS connection, or NULL if none has been sent.
    948 */
    949 SSL_IMPORT CERTCertificate * SSL_LocalCertificate(PRFileDesc *fd);
    950 
    951 /* Test an SSL configuration to see if  SSL_BYPASS_PKCS11 can be turned on.
    952 ** Check the key exchange algorithm for each cipher in the list to see if
    953 ** a master secret key can be extracted after being derived with the mechanism
    954 ** required by the protocolmask argument. If the KEA will use keys from the
    955 ** specified cert make sure the extract operation is attempted from the slot
    956 ** where the private key resides.
    957 ** If MS can be extracted for all ciphers, (*pcanbypass) is set to TRUE and
    958 ** SECSuccess is returned. In all other cases but one (*pcanbypass) is
    959 ** set to FALSE and SECFailure is returned.
    960 ** In that last case Derive() has been called successfully but the MS is null,
    961 ** CanBypass sets (*pcanbypass) to FALSE and returns SECSuccess indicating the
    962 ** arguments were all valid but the slot cannot be bypassed.
    963 **
    964 ** Note: A TRUE return code from CanBypass means "Your configuration will perform
    965 ** NO WORSE with the bypass enabled than without"; it does NOT mean that every
    966 ** cipher suite listed will work properly with the selected protocols.
    967 **
    968 ** Caveat: If export cipher suites are included in the argument list Canbypass
    969 ** will return FALSE.
    970 **/
    971 
    972 /* protocol mask bits */
    973 #define SSL_CBP_SSL3	0x0001	        /* test SSL v3 mechanisms */
    974 #define SSL_CBP_TLS1_0	0x0002		/* test TLS v1.0 mechanisms */
    975 
    976 SSL_IMPORT SECStatus SSL_CanBypass(CERTCertificate *cert,
    977                                    SECKEYPrivateKey *privKey,
    978 				   PRUint32 protocolmask,
    979 				   PRUint16 *ciphers, int nciphers,
    980                                    PRBool *pcanbypass, void *pwArg);
    981 
    982 /*
    983 ** Did the handshake with the peer negotiate the given extension?
    984 ** Output parameter valid only if function returns SECSuccess
    985 */
    986 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
    987                                                       SSLExtensionType extId,
    988                                                       PRBool *yes);
    989 
    990 SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
    991                                                  PRBool *last_handshake_resumed);
    992 
    993 /* See SSL_SetClientChannelIDCallback for usage. If the callback returns
    994  * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in
    995  * the future to restart the handshake.  On SECSuccess, the callback must have
    996  * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */
    997 typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)(
    998     void *arg,
    999     PRFileDesc *fd,
   1000     SECKEYPublicKey **out_public_key,
   1001     SECKEYPrivateKey **out_private_key);
   1002 
   1003 /* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake
   1004  * after a ChannelID callback returned SECWouldBlock.
   1005  *
   1006  * This function takes ownership of |channelIDPub| and |channelID|. */
   1007 SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq(
   1008     PRFileDesc *fd,
   1009     SECKEYPublicKey *channelIDPub,
   1010     SECKEYPrivateKey *channelID);
   1011 
   1012 /* SSL_SetClientChannelIDCallback sets a callback function that will be called
   1013  * once the server's ServerHello has been processed. This is only applicable to
   1014  * a client socket and setting this callback causes the TLS Channel ID
   1015  * extension to be advertised. */
   1016 SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback(
   1017     PRFileDesc *fd,
   1018     SSLClientChannelIDCallback callback,
   1019     void *arg);
   1020 
   1021 /*
   1022 ** How long should we wait before retransmitting the next flight of
   1023 ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
   1024 ** handshake.
   1025 */
   1026 SSL_IMPORT SECStatus DTLS_GetHandshakeTimeout(PRFileDesc *socket,
   1027                                               PRIntervalTime *timeout);
   1028 
   1029 /*
   1030  * Return a boolean that indicates whether the underlying library
   1031  * will perform as the caller expects.
   1032  *
   1033  * The only argument is a string, which should be the version
   1034  * identifier of the NSS library. That string will be compared
   1035  * against a string that represents the actual build version of
   1036  * the SSL library.
   1037  */
   1038 extern PRBool NSSSSL_VersionCheck(const char *importedVersion);
   1039 
   1040 /*
   1041  * Returns a const string of the SSL library version.
   1042  */
   1043 extern const char *NSSSSL_GetVersion(void);
   1044 
   1045 /* Restart an SSL connection that was paused to do asynchronous certificate
   1046  * chain validation (when the auth certificate hook or bad cert handler
   1047  * returned SECWouldBlock).
   1048  *
   1049  * This function only works for non-blocking sockets; Do not use it for
   1050  * blocking sockets. Currently, this function works only for the client role of
   1051  * a connection; it does not work for the server role.
   1052  *
   1053  * The application must call SSL_AuthCertificateComplete with 0 as the value of
   1054  * the error parameter after it has successfully validated the peer's
   1055  * certificate, in order to continue the SSL handshake.
   1056  *
   1057  * The application may call SSL_AuthCertificateComplete with a non-zero value
   1058  * for error (e.g. SEC_ERROR_REVOKED_CERTIFICATE) when certificate validation
   1059  * fails, before it closes the connection. If the application does so, an
   1060  * alert corresponding to the error (e.g. certificate_revoked) will be sent to
   1061  * the peer. See the source code of the internal function
   1062  * ssl3_SendAlertForCertError for the current mapping of error to alert. This
   1063  * mapping may change in future versions of libssl.
   1064  *
   1065  * This function will not complete the entire handshake. The application must
   1066  * call SSL_ForceHandshake, PR_Recv, PR_Send, etc. after calling this function
   1067  * to force the handshake to complete.
   1068  *
   1069  * On the first handshake of a connection, libssl will wait for the peer's
   1070  * certificate to be authenticated before calling the handshake callback,
   1071  * sending a client certificate, sending any application data, or returning
   1072  * any application data to the application. On subsequent (renegotiation)
   1073  * handshakes, libssl will block the handshake unconditionally while the
   1074  * certificate is being validated.
   1075  *
   1076  * libssl may send and receive handshake messages while waiting for the
   1077  * application to call SSL_AuthCertificateComplete, and it may call other
   1078  * callbacks (e.g, the client auth data hook) before
   1079  * SSL_AuthCertificateComplete has been called.
   1080  *
   1081  * An application that uses this asynchronous mechanism will usually have lower
   1082  * handshake latency if it has to do public key operations on the certificate
   1083  * chain and/or CRL/OCSP/cert fetching during the authentication, especially if
   1084  * it does so in parallel on another thread. However, if the application can
   1085  * authenticate the peer's certificate quickly then it may be more efficient
   1086  * to use the synchronous mechanism (i.e. returning SECFailure/SECSuccess
   1087  * instead of SECWouldBlock from the authenticate certificate hook).
   1088  *
   1089  * Be careful about converting an application from synchronous cert validation
   1090  * to asynchronous certificate validation. A naive conversion is likely to
   1091  * result in deadlocks; e.g. the application will wait in PR_Poll for network
   1092  * I/O on the connection while all network I/O on the connection is blocked
   1093  * waiting for this function to be called.
   1094  *
   1095  * Returns SECFailure on failure, SECSuccess on success. Never returns
   1096  * SECWouldBlock. Note that SSL_AuthCertificateComplete will (usually) return
   1097  * SECSuccess; do not interpret the return value of SSL_AuthCertificateComplete
   1098  * as an indicator of whether it is OK to continue using the connection. For
   1099  * example, SSL_AuthCertificateComplete(fd, SEC_ERROR_REVOKED_CERTIFICATE) will
   1100  * return SECSuccess (normally), but that does not mean that the application
   1101  * should continue using the connection. If the application passes a non-zero
   1102  * value for second argument (error), or if SSL_AuthCertificateComplete returns
   1103  * anything other than SECSuccess, then the application should close the
   1104  * connection.
   1105  */
   1106 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
   1107 						 PRErrorCode error);
   1108 SEC_END_PROTOS
   1109 
   1110 #endif /* __ssl_h_ */
   1111