Skip to content

GitLab

T
tangled
Commit 5785c113 authored by wtc@chromium.org's avatar wtc@chromium.org
Browse files
Options

Remove the TLS Snap Start code from NSS. 

R=agl@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7003069

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88459 0039d316-1c4b-4281-b951-d872f2087c98
parent 533a6247
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 146 additions and 3769 deletions
net/third_party/nss/README.chromium
View file @ 5785c113
......@@ -27,11 +27,6 @@ Patches:
patches/cachecerts.patch
https://bugzilla.mozilla.org/show_bug.cgi?id=606049
* Add Snap Start support
patches/snapstart.patch
patches/snapstart2.patch
http://tools.ietf.org/html/draft-agl-tls-snapstart-00
* Add the SSL_PeerCertificateChain function
patches/peercertchain.patch
......
net/third_party/nss/patches/applypatches.sh
View file @ 5785c113
......@@ -13,9 +13,6 @@ patch -p4 < $patches_dir/renegoscsv.patch
patch -p4 < $patches_dir/cachecerts.patch
patch -p5 < $patches_dir/snapstart.patch
patch -p3 < $patches_dir/snapstart2.patch
patch -p3 < $patches_dir/peercertchain.patch
patch -p4 < $patches_dir/ocspstapling.patch
......
net/third_party/nss/patches/snapstart.patch deleted 100644 → 0
View file @ 533a6247
This diff is collapsed.
net/third_party/nss/patches/snapstart2.patch deleted 100644 → 0
View file @ 533a6247
Index: net/third_party/nss/ssl/snapstart.c
===================================================================
--- net/third_party/nss/ssl/snapstart.c (revision 64952)
+++ net/third_party/nss/ssl/snapstart.c (revision 64953)
@@ -48,10 +48,6 @@
/* TODO(agl): Add support for snap starting with compression. */
-/* TODO(agl): Free snapStartApplicationData as soon as the handshake has
-** completed.
-*/
-
#include "pk11pub.h"
#include "ssl.h"
#include "sslimpl.h"
@@ -821,6 +817,7 @@
rv = ssl3_AppendSnapStartApplicationData(
ss, ss->ssl3.snapStartApplicationData.data,
ss->ssl3.snapStartApplicationData.len);
+ SECITEM_FreeItem(&ss->ssl3.snapStartApplicationData, PR_FALSE);
if (rv != SECSuccess)
goto loser;
}
@@ -1053,6 +1053,8 @@
ss->ssl3.hs.snapStartType = snap_start_resume_recovery;
}
+ ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_SUPPORT;
+
ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_TRUE/*freeSrvName*/);
return SECSuccess;
Index: net/third_party/nss/ssl/ssl3con.c
===================================================================
--- net/third_party/nss/ssl/ssl3con.c (revision 65946)
+++ net/third_party/nss/ssl/ssl3con.c (revision 65947)
@@ -5023,21 +5023,21 @@
goto alert_loser;
}
- if (!ss->ssl3.serverHelloPredictionData.data) {
- /* If this allocation fails it will only stop the application from
- * recording the ServerHello information and performing future Snap
- * Starts. */
- if (SECITEM_AllocItem(NULL, &ss->ssl3.serverHelloPredictionData,
- length))
- memcpy(ss->ssl3.serverHelloPredictionData.data, b, length);
- /* ss->ssl3.serverHelloPredictionDataValid is still false at this
- * point. We have to record the contents of the ServerHello here
- * because we don't have a pointer to the whole message when handling
- * the extensions. However, we wait until the Snap Start extenion
- * handler to recognise that the server supports Snap Start and to set
- * serverHelloPredictionDataValid. */
- }
+ if (ss->ssl3.serverHelloPredictionData.data)
+ SECITEM_FreeItem(&ss->ssl3.serverHelloPredictionData, PR_FALSE);
+ /* If this allocation fails it will only stop the application from
+ * recording the ServerHello information and performing future Snap
+ * Starts. */
+ if (SECITEM_AllocItem(NULL, &ss->ssl3.serverHelloPredictionData, length))
+ memcpy(ss->ssl3.serverHelloPredictionData.data, b, length);
+ /* ss->ssl3.serverHelloPredictionDataValid is still false at this
+ * point. We have to record the contents of the ServerHello here
+ * because we don't have a pointer to the whole message when handling
+ * the extensions. However, we wait until the Snap Start extension
+ * handler to recognise that the server supports Snap Start and to set
+ * serverHelloPredictionDataValid. */
+
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (temp < 0) {
goto loser; /* alert has been sent */
@@ -8366,20 +8366,6 @@
}
}
- if ((ss->ssl3.hs.snapStartType == snap_start_recovery ||
- ss->ssl3.hs.snapStartType == snap_start_resume_recovery) &&
- ss->ssl3.snapStartApplicationData.data) {
- /* In the event that the server ignored the application data in our
- * snap start extension, we need to retransmit it now. */
- PRInt32 sent = ssl3_SendRecord(ss, content_application_data,
- ss->ssl3.snapStartApplicationData.data,
- ss->ssl3.snapStartApplicationData.len,
- flags);
- SECITEM_FreeItem(&ss->ssl3.snapStartApplicationData, PR_FALSE);
- if (sent < 0)
- return (SECStatus)sent; /* error code set by ssl3_SendRecord */
- }
-
return SECSuccess;
fail:
net/third_party/nss/ssl.gyp
View file @ 5785c113
......@@ -28,13 +28,11 @@
'ssl/authcert.c',
'ssl/cmpcert.c',
'ssl/derive.c',
'ssl/fnv1a64.c',
'ssl/nsskea.c',
'ssl/os2_err.c',
'ssl/os2_err.h',
'ssl/preenc.h',
'ssl/prelib.c',
'ssl/snapstart.c',
'ssl/ssl.h',
'ssl/ssl3con.c',
'ssl/ssl3ecc.c',
......
net/third_party/nss/ssl/fnv1a64.c deleted 100644 → 0
View file @ 533a6247
/*
* FNV1A64 Hash
* http://www.isthe.com/chongo/tech/comp/fnv/index.html#FNV-param
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Adam Langley, Google Inc.
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: fnv1a64.c,v 1.0 2010/08/09 13:00:00 agl%google.com Exp $ */
#include "prtypes.h"
#include "prnetdb.h"
/* Older versions of Visual C++ don't support the 'ull' suffix. */
#ifdef _MSC_VER
static const PRUint64 FNV1A64_OFFSET_BASIS = 14695981039346656037ui64;
static const PRUint64 FNV1A64_PRIME = 1099511628211ui64;
#else
static const PRUint64 FNV1A64_OFFSET_BASIS = 14695981039346656037ull;
static const PRUint64 FNV1A64_PRIME = 1099511628211ull;
#endif
void FNV1A64_Init(PRUint64* digest) {
*digest = FNV1A64_OFFSET_BASIS;
}
void FNV1A64_Update(PRUint64* digest, const unsigned char *data,
unsigned int length) {
unsigned int i;
for (i = 0; i < length; i++) {
*digest ^= data[i];
*digest *= FNV1A64_PRIME;
}
}
void FNV1A64_Final(PRUint64 *digest) {
*digest = PR_htonll(*digest);
}
net/third_party/nss/ssl/snapstart.c deleted 100644 → 0
View file @ 533a6247
This diff is collapsed.
net/third_party/nss/ssl/ssl.def
View file @ 5785c113
......@@ -155,19 +155,9 @@ SSL_SNISocketConfigHook;
;+NSS_CHROMIUM {
;+ global:
SSL_GetNextProto;
SSL_SetNextProtoNego;
;+ local:
;+*;
;+};
;+NSS_3.13 { # NSS 3.13 release
;+ global:
SSL_GetPredictedServerHelloData;
SSL_GetSnapStartResult;
SSL_GetStapledOCSPResponse;
SSL_PeerCertificateChain;
SSL_SetPredictedPeerCertificates;
SSL_SetPredictedServerHelloData;
SSL_SetSnapStartApplicationData;
SSL_SetNextProtoNego;
;+ local:
;+*;
;+};
net/third_party/nss/ssl/ssl.h
View file @ 5785c113
......@@ -139,16 +139,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
/* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */
/* bits. The advantage of False Start is that it saves a round trip for */
/* client-speaks-first protocols when performing a full handshake. */
#define SSL_ENABLE_SNAP_START 23 /* Enable SSL snap start (off by */
/* default, applies only to */
/* clients). Snap start is a way */
/* of performing TLS handshakes with no round trips. The client's entire */
/* handshake is included in the first handshake message, along with */
/* optional application data. In order to do this, information from a */
/* previous connection to the same server is required. See */
/* SSL_GetPredictedServerHelloData, SSL_SetPredictedPeerCertificates and */
/* SSL_SetSnapStartApplicationData. */
#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
#define SSL_ENABLE_OCSP_STAPLING 23 /* Request OCSP stapling (client) */
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
......@@ -446,49 +437,6 @@ typedef SECStatus (PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd);
SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f,
void *arg);
/*
** Set the predicted chain of certificates for the peer. This is used for the
** TLS Snap Start extension. Note that the SSL_ENABLE_SNAP_START option must
** be set for this to occur.
**
** This function takes a reference to each of the given certificates.
*/
SSL_IMPORT SECStatus SSL_SetPredictedPeerCertificates(
PRFileDesc *fd, CERTCertificate **certs,
unsigned int numCerts);
/*
** Get the data needed to predict the server's hello message in the future. On
** return, |*data| will either be NULL (in which case no data is available and
** |*data_len| will be zero) or it will point to a buffer within the internal
** data of |fd| and |*data_len| will contain the number of bytes available. If
** non-NULL, |*data| will persist at least until the next handshake on |fd|.
*/
SSL_IMPORT SECStatus SSL_GetPredictedServerHelloData(
PRFileDesc *fd, const unsigned char **data,
unsigned int *data_len);
/*
** Set the predicted server hello data. This is used for the TLS Snap Start
** extension. Note that the SSL_ENABLE_SNAP_START option must be set for this
** to occur.
*/
SSL_IMPORT SECStatus SSL_SetPredictedServerHelloData(
PRFileDesc *fd, const unsigned char *data, unsigned int data_len);
/* Set the application data which will be transmitted in a Snap Start
** handshake. If the Snap Start handshake fails, this data will be
* retransmitted automatically. */
SSL_IMPORT SECStatus SSL_SetSnapStartApplicationData(
PRFileDesc *fd, const unsigned char *data, unsigned int data_len);
/* Get the result of a Snap Start handshake. It's valid to call then even if
** SSL_ENABLE_SNAP_START hasn't been set, although the result will always be
** SSL_SNAP_START_NONE.
*/
SSL_IMPORT SECStatus SSL_GetSnapStartResult(PRFileDesc* socket,
SSLSnapStartResult* result);
/*
** Configure SSL socket for running a secure server. Needs the
** certificate for the server and the servers private key. The arguments
......
net/third_party/nss/ssl/ssl3con.c
View file @ 5785c113
This diff is collapsed.
net/third_party/nss/ssl/ssl3ext.c
View file @ 5785c113
......@@ -248,7 +248,6 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
{ ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
{ ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
{ ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
{ ssl_snap_start_xtn, &ssl3_ClientHandleSnapStartXtn },
{ -1, NULL }
};
......@@ -273,9 +272,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
#endif
{ ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
{ ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn },
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_snap_start_xtn, &ssl3_SendSnapStartXtn }
/* NOTE: The Snap Start sender MUST be the last extension in the list. */
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }
/* any extra entries will appear as { 0, NULL } */
};
......@@ -303,7 +300,7 @@ ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) {
xtnData->numNegotiated, ex_type);
}
PRBool
static PRBool
ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) {
TLSExtensionData *xtnData = &ss->xtnData;
return arrayContainsExtension(xtnData->advertised,
......@@ -520,8 +517,6 @@ ssl3_SendSessionTicketXtn(
rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data,
session_ticket->ticket.len, 2);
ss->xtnData.ticketTimestampVerified = PR_FALSE;
if (!ss->sec.isServer)
ss->xtnData.clientSentNonEmptySessionTicket = PR_TRUE;
} else {
rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
}
......@@ -580,7 +575,7 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned short length)
SECStatus
ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data)
SECItem *data)
{
unsigned int i, j;
SECStatus rv;
......@@ -1102,7 +1097,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
* instead of terminating the current connection.
*/
if (data->len == 0) {
ss->xtnData.serverReceivedEmptySessionTicket = PR_TRUE;
ss->xtnData.emptySessionTicket = PR_TRUE;
} else {
int i;
SECItem extension_data;
......
net/third_party/nss/ssl/sslimpl.h
View file @ 5785c113
......@@ -287,7 +287,6 @@ struct sslSocketOpsStr {
/* Flags interpreted by ssl send functions. */
#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
#define ssl_SEND_FLAG_NO_BUFFER 0x20000000
#define ssl_SEND_FLAG_NO_FLUSH 0x10000000
#define ssl_SEND_FLAG_MASK 0x7f000000
/*
......@@ -349,8 +348,7 @@ typedef struct sslOptionsStr {
unsigned int enableRenegotiation : 2; /* 20-21 */
unsigned int requireSafeNegotiation : 1; /* 22 */
unsigned int enableFalseStart : 1; /* 23 */
unsigned int enableSnapStart : 1; /* 24 */
unsigned int enableOCSPStapling : 1; /* 25 */
unsigned int enableOCSPStapling : 1; /* 24 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
......@@ -765,8 +763,7 @@ struct TLSExtensionDataStr {
/* SessionTicket Extension related data. */
PRBool ticketTimestampVerified;
PRBool serverReceivedEmptySessionTicket;
PRBool clientSentNonEmptySessionTicket;
PRBool emptySessionTicket;
/* SNI Extension related data
* Names data is not coppied from the input buffer. It can not be
......@@ -776,14 +773,6 @@ struct TLSExtensionDataStr {
PRUint32 sniNameArrSize;
};
typedef enum {
snap_start_none = 0,
snap_start_full,
snap_start_recovery,
snap_start_resume,
snap_start_resume_recovery
} TLSSnapStartType;
/*
** This is the "hs" member of the "ssl3" struct.
** This entire struct is protected by ssl3HandshakeLock
......@@ -830,14 +819,6 @@ const ssl3CipherSuiteDef *suite_def;
SSL3Hashes sFinished[2];
SSL3Opaque data[72];
} finishedMsgs;
TLSSnapStartType snapStartType;
/* When we perform a Snap Start handshake, we hash our ClientHello as if
* the Snap Start extension wasn't included. However, if the server rejects
* our Snap Start attempt, then it will hash the whole ClientHello. Thus we
* store the original ClientHello that we sent in case we need to reset our
* Finished hash to cover it. */
SECItem origClientHello;
#ifdef NSS_ENABLE_ECC
PRUint32 negotiatedECCurves; /* bit mask */
#endif /* NSS_ENABLE_ECC */
......@@ -873,17 +854,6 @@ struct ssl3StateStr {
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
/* TLS Snap Start: */
CERTCertificate ** predictedCertChain;
/* An array terminated with a NULL. */
SECItem serverHelloPredictionData;
PRBool serverHelloPredictionDataValid;
/* data needed to predict the ServerHello from
* this server. */
SECItem snapStartApplicationData;
/* the application data to include in the Snap
* Start extension. */
int policy;
/* This says what cipher suites we can do, and should
* be either SSL_ALLOWED or SSL_RESTRICTED
......@@ -1323,13 +1293,10 @@ extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server);
extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
const char *peerID, const char *urlSvrName);
extern void ssl_FreeSID(sslSessionID *sid);
extern void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid);
extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in,
int len, int flags);
extern SECStatus ssl3_RestartHandshakeHashes(sslSocket *ss);
extern PRBool ssl_FdIsBlocking(PRFileDesc *fd);
extern PRBool ssl_SocketIsBlocking(sslSocket *ss);
......@@ -1502,9 +1469,6 @@ ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
#endif /* NSS_ENABLE_ECC */
extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket* ss, unsigned char *b,
unsigned int l);
extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
......@@ -1525,7 +1489,6 @@ extern void ssl3_InitSocketPolicy(sslSocket *ss);
extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
unsigned char *cs, int *size);
extern void ssl3_DestroyCipherSpec(ssl3CipherSpec* spec, PRBool freeSrvName);
extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
......@@ -1575,31 +1538,6 @@ extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash,
extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss,
sslSessionID *sid, ssl3CipherSpec *spec,
SSL3KEAType effectiveExchKeyType);
extern void ssl3_CleanupPredictedPeerCertificates(sslSocket *ss);
extern const ssl3CipherSuiteDef* ssl_LookupCipherSuiteDef(ssl3CipherSuite suite);
extern SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss);
extern SECStatus ssl3_SendClientKeyExchange(sslSocket *ss);
extern SECStatus ssl3_SendNextProto(sslSocket *ss);
extern SECStatus ssl3_SendFinished(sslSocket *ss, PRInt32 flags);
extern SECStatus ssl3_CompressMACEncryptRecord
(sslSocket * ss,
SSL3ContentType type,
const SSL3Opaque * pIn,
PRUint32 contentLen);
extern PRBool ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type);
extern SECStatus ssl3_SetupMasterSecretFromSessionID(sslSocket* ss);
extern SECStatus ssl3_ComputeHandshakeHashes(
sslSocket * ss,
ssl3CipherSpec *spec, /* uses ->master_secret */
SSL3Hashes * hashes, /* output goes here. */
PRUint32 sender);
extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket* ss, unsigned char *b,
unsigned int l);
extern SECStatus ssl3_ComputeTLSFinished(
ssl3CipherSpec *spec,
PRBool isServer,
const SSL3Finished * hashes,
TLSFinished * tlsFinished);
/* Functions that handle ClientHello and ServerHello extensions. */
extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss,
......@@ -1633,13 +1571,6 @@ extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
*/
extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
extern PRInt32 ssl3_SendSnapStartXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
extern SECStatus ssl3_ClientHandleSnapStartXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data);
extern SECStatus ssl3_ResetForSnapStartRecovery(sslSocket *ss,
SSL3Opaque *b, PRUint32 length);
/* Assigns new cert, cert chain and keys to ss->serverCerts
* struct. If certChain is NULL, tries to find one. Aborts if
......@@ -1763,12 +1694,6 @@ SECStatus SSL_DisableDefaultExportCipherSuites(void);
SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
/********************** FNV hash *********************/
void FNV1A64_Init(PRUint64 *digest);
void FNV1A64_Update(PRUint64 *digest, const unsigned char *data,
unsigned int length);
void FNV1A64_Final(PRUint64 *digest);
#ifdef TRACE
#define SSL_TRACE(msg) ssl_Trace msg
......
net/third_party/nss/ssl/sslsock.c
View file @ 5785c113
......@@ -743,10 +743,6 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
ss->opt.enableFalseStart = on;
break;
case SSL_ENABLE_SNAP_START:
ss->opt.enableSnapStart = on;
break;
case SSL_ENABLE_OCSP_STAPLING:
ss->opt.enableOCSPStapling = on;
break;
......@@ -815,7 +811,6 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
case SSL_REQUIRE_SAFE_NEGOTIATION:
on = ss->opt.requireSafeNegotiation; break;
case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
case SSL_ENABLE_SNAP_START: on = ss->opt.enableSnapStart; break;
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
default:
......@@ -868,7 +863,6 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
on = ssl_defaults.requireSafeNegotiation;
break;
case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
case SSL_ENABLE_SNAP_START: on = ssl_defaults.enableSnapStart; break;
case SSL_ENABLE_OCSP_STAPLING:
on = ssl_defaults.enableOCSPStapling;
break;
......@@ -1019,10 +1013,6 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
ssl_defaults.enableFalseStart = on;
break;
case SSL_ENABLE_SNAP_START:
ssl_defaults.enableSnapStart = on;
break;
case SSL_ENABLE_OCSP_STAPLING:
ssl_defaults.enableOCSPStapling = on;
break;
......
net/third_party/nss/ssl/sslt.h
View file @ 5785c113
......@@ -205,23 +205,9 @@ typedef enum {
#endif
ssl_session_ticket_xtn = 35,
ssl_next_proto_neg_xtn = 13172,
ssl_snap_start_xtn = 13174,
ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
} SSLExtensionType;
#define SSL_MAX_EXTENSIONS 8
typedef enum {
/* No Snap Start handshake was attempted. */
SSL_SNAP_START_NONE = 0,
/* A Snap Start full handshake was completed. */
SSL_SNAP_START_FULL = 1,
/* A Snap Start full handshake was attempted, but failed. */
SSL_SNAP_START_RECOVERY = 2,
/* A Snap Start resume handshake was completed. */
SSL_SNAP_START_RESUME = 3,
/* A Snap Start resume handshake was attempted, but failed. */
SSL_SNAP_START_RESUME_RECOVERY = 4
} SSLSnapStartResult;
#define SSL_MAX_EXTENSIONS 7
#endif /* __sslt_h_ */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment