DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Mercurial (d8847129d134)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

interface nsIInterfaceRequestor;
interface nsIX509Cert;

%{C++
template<class T> class nsTArray;
class nsCString;
%}
[ref] native nsCStringTArrayRef(nsTArray<nsCString>);

[scriptable, builtinclass, uuid(c6acb521-df47-49aa-b9e8-51c4e984968a)]
interface nsISSLSocketControl : nsISupports {
    attribute nsIInterfaceRequestor     notificationCallbacks;

    void proxyStartSSL();
    void StartTLS();

    /* NPN (Next Protocol Negotiation) is a mechanism for
       negotiating the protocol to be spoken inside the SSL
       tunnel during the SSL handshake. The NPNList is the list
       of offered client side protocols. setNPNList() needs to
       be called before any data is read or written (including the
       handshake to be setup correctly. The server determines the
       priority when multiple matches occur, but if there is no overlap
       the first protocol in the list is used. */

    [noscript] void setNPNList(in nsCStringTArrayRef aNPNList);

    /* negotiatedNPN is '' if no NPN list was provided by the client,
     * or if the server did not select any protocol choice from that
     * list. That also includes the case where the server does not
     * implement NPN.
     *
     * If negotiatedNPN is read before NPN has progressed to the point
     * where this information is available NS_ERROR_NOT_CONNECTED is
     * raised.
     */
    readonly attribute ACString negotiatedNPN;

    /* Determine if a potential SSL connection to hostname:port with
     * a desired NPN negotiated protocol of npnProtocol can use the socket
     * associated with this object instead of making a new one.
     */
    boolean joinConnection(
      in ACString npnProtocol, /* e.g. "spdy/2" */
      in ACString hostname,
      in long port);

    /* Determine if existing connection should be trusted to convey information about
     * a hostname.
     */
    boolean isAcceptableForHost(in ACString hostname);

    /* The Key Exchange Algorithm is used when determining whether or
       not HTTP/2 can be used.

       After a handshake is complete it can be read from KEAUsed.
       The values correspond to the SSLKEAType enum in NSS or the
       KEY_EXCHANGE_UNKNOWN constant defined below.

       KEAKeyBits is the size/security-level used for the KEA.
    */

    [infallible] readonly attribute short KEAUsed;
    [infallible] readonly attribute unsigned long KEAKeyBits;

    const short KEY_EXCHANGE_UNKNOWN = -1;

    /*
     * The original flags from the socket provider.
     */
    readonly attribute uint32_t providerFlags;

    /* These values are defined by TLS. */
    const short SSL_VERSION_3   = 0x0300;
    const short TLS_VERSION_1   = 0x0301;
    const short TLS_VERSION_1_1 = 0x0302;
    const short TLS_VERSION_1_2 = 0x0303;
    const short SSL_VERSION_UNKNOWN = -1;

    [infallible] readonly attribute short SSLVersionUsed;
    [infallible] readonly attribute short SSLVersionOffered;

    /* These values match the NSS defined values in sslt.h */
    const short SSL_MAC_UNKNOWN = -1;
    const short SSL_MAC_NULL    = 0;
    const short SSL_MAC_MD5     = 1;
    const short SSL_MAC_SHA     = 2;
    const short SSL_HMAC_MD5    = 3;
    const short SSL_HMAC_SHA    = 4;
    const short SSL_HMAC_SHA256 = 5;
    const short SSL_MAC_AEAD    = 6;

    [infallible] readonly attribute short MACAlgorithmUsed;

    /**
     * If set before the server requests a client cert (assuming it does so at
     * all), then this cert will be presented to the server, instead of asking
     * the user or searching the set of rememebered user cert decisions.
     */
    attribute nsIX509Cert clientCert;

    /**
     * If you wish to verify the host certificate using a different name than
     * was used for the tcp connection, but without using proxy semantics, you
     * can set authenticationName and authenticationPort
     */
    attribute ACString authenticationName;
    [infallible] attribute long authenticationPort;

    /**
     * set bypassAuthentication to true if the server certificate checks should
     * not be enforced. This is to enable non-secure transport over TLS.
     */
    [infallible] attribute boolean bypassAuthentication;

    /*
     * failedVerification is true if any enforced certificate checks have failed.
     * Connections that have not yet tried to verify, have verifications bypassed,
     * or are using acceptable exceptions will all return false.
     */
    [infallible] readonly attribute boolean failedVerification;
};