Add PPAPI interface for secure sockets in flash

ppapi/api/private/ppb_flash_tcp_socket.idl

Index: ppapi/api/private/ppb_flash_tcp_socket.idl
diff --git a/ppapi/api/private/ppb_flash_tcp_socket.idl b/ppapi/api/private/ppb_flash_tcp_socket.idl
index 1ec9ec49a4224898150a8e0ddba0ad2e25b97084..b528208c76b29cabcd9525dbe08a7082d3c22855 100644
--- a/ppapi/api/private/ppb_flash_tcp_socket.idl
+++ b/ppapi/api/private/ppb_flash_tcp_socket.idl
@@ -77,6 +77,22 @@ interface PPB_Flash_TCPSocket {
                        [in] PP_CompletionCallback callback);
 
   /**
+   * Returns the <code>PPB_Flash_X509Certificate</code> for a socket connection
+   * if an SSL connection has been established using <code>SSL_Handshake</code>.
+   * If no SSL connection has been established, a null resource is returned.
+   */
+  PP_Resource GetX509Certificate([in] PP_Resource tcp_socket);

[Ryan Sleevi, 2012/02/16 21:29:23]

Why only return a single certificate?

A (typical) SSL handshake is made up of 1 or more certificates, with the first
certificate asserting the servers identity, and the remaining certificates used
to assist in establishing that identity.

Further, is this the list the server sends? Or is this the list that was
actually validated - which may be completely different than what the server sent
(with the exception of the first certificate, the server's identity, which
remains constant)

[raymes, 2012/02/16 22:31:29]

I guess the intention is only to return the server's certificate here, which is
the data that flash requires. I can update the name/comment.

On 2012/02/16 21:29:23, Ryan Sleevi wrote:

[Ryan Sleevi, 2012/02/16 23:06:33]

If going the Flash-specific interface route: GetServerCertificate
If going the general purpose route: I would return an array (of server supplied)
certificates.

[raymes, 2012/02/21 19:07:40]

Done.

+
+  /**
+   * Add a trusted/untrusted root certificate to be used for this connection.
+   * The <code>PP_Resource</code> must be a
+   * <code>PPB_Flash_X509Certificate<code>. <code>PP_TRUE</code> is returned
+   * upon success.
+   */
+  PP_Bool AddRootCertificates([in] PP_Resource certificate,

[Ryan Sleevi, 2012/02/16 23:06:33]

Looking at the Flash API, I would suggest dropping the term root here.

This is a chain building certificate, which may be trusted or not. This is a
separate dimension than root certificates (root certificates can be trusted or
untrusted, intermediate certificates can be trusted or untrusted, if an
intermediate is trusted you don't need a root)

[raymes, 2012/02/21 19:07:40]

Done.

+                              [in] PP_Bool is_trusted);
+
+  /**
    * Reads data from the socket. The size of |buffer| must be at least as large
    * as |bytes_to_read|. May perform a partial read. Returns the number of bytes
    * read or an error code. If the return value is 0, then it indicates that