OLD | NEW |
1 /* | 1 /* |
2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
4 * Various other functions. | 4 * Various other functions. |
5 * | 5 * |
6 * ***** BEGIN LICENSE BLOCK ***** | 6 * ***** BEGIN LICENSE BLOCK ***** |
7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
8 * | 8 * |
9 * The contents of this file are subject to the Mozilla Public License Version | 9 * The contents of this file are subject to the Mozilla Public License Version |
10 * 1.1 (the "License"); you may not use this file except in compliance with | 10 * 1.1 (the "License"); you may not use this file except in compliance with |
(...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
180 PR_FALSE, /* noStepDown */ | 180 PR_FALSE, /* noStepDown */ |
181 PR_FALSE, /* bypassPKCS11 */ | 181 PR_FALSE, /* bypassPKCS11 */ |
182 PR_FALSE, /* noLocks */ | 182 PR_FALSE, /* noLocks */ |
183 PR_FALSE, /* enableSessionTickets */ | 183 PR_FALSE, /* enableSessionTickets */ |
184 PR_FALSE, /* enableDeflate */ | 184 PR_FALSE, /* enableDeflate */ |
185 2, /* enableRenegotiation (default: requires extension) */ | 185 2, /* enableRenegotiation (default: requires extension) */ |
186 PR_FALSE, /* requireSafeNegotiation */ | 186 PR_FALSE, /* requireSafeNegotiation */ |
187 PR_FALSE, /* enableFalseStart */ | 187 PR_FALSE, /* enableFalseStart */ |
188 PR_TRUE, /* cbcRandomIV */ | 188 PR_TRUE, /* cbcRandomIV */ |
189 PR_FALSE, /* enableOCSPStapling */ | 189 PR_FALSE, /* enableOCSPStapling */ |
190 PR_FALSE, /* enableOBCerts */ | |
191 PR_FALSE, /* encryptClientCerts */ | |
192 }; | 190 }; |
193 | 191 |
194 /* | 192 /* |
195 * default range of enabled SSL/TLS protocols | 193 * default range of enabled SSL/TLS protocols |
196 */ | 194 */ |
197 static SSLVersionRange versions_defaults_stream = { | 195 static SSLVersionRange versions_defaults_stream = { |
198 SSL_LIBRARY_VERSION_3_0, | 196 SSL_LIBRARY_VERSION_3_0, |
199 SSL_LIBRARY_VERSION_TLS_1_0 | 197 SSL_LIBRARY_VERSION_TLS_1_0 |
200 }; | 198 }; |
201 | 199 |
(...skipping 657 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
859 break; | 857 break; |
860 | 858 |
861 case SSL_CBC_RANDOM_IV: | 859 case SSL_CBC_RANDOM_IV: |
862 ss->opt.cbcRandomIV = on; | 860 ss->opt.cbcRandomIV = on; |
863 break; | 861 break; |
864 | 862 |
865 case SSL_ENABLE_OCSP_STAPLING: | 863 case SSL_ENABLE_OCSP_STAPLING: |
866 ss->opt.enableOCSPStapling = on; | 864 ss->opt.enableOCSPStapling = on; |
867 break; | 865 break; |
868 | 866 |
869 case SSL_ENABLE_OB_CERTS: | |
870 ss->opt.enableOBCerts = on; | |
871 break; | |
872 | |
873 case SSL_ENCRYPT_CLIENT_CERTS: | |
874 ss->opt.encryptClientCerts = on; | |
875 break; | |
876 | |
877 default: | 867 default: |
878 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 868 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
879 rv = SECFailure; | 869 rv = SECFailure; |
880 } | 870 } |
881 | 871 |
882 /* We can't use the macros for releasing the locks here, | 872 /* We can't use the macros for releasing the locks here, |
883 * because ss->opt.noLocks might have changed just above. | 873 * because ss->opt.noLocks might have changed just above. |
884 * We must release these locks (monitors) here, if we aquired them above, | 874 * We must release these locks (monitors) here, if we aquired them above, |
885 * regardless of the current value of ss->opt.noLocks. | 875 * regardless of the current value of ss->opt.noLocks. |
886 */ | 876 */ |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
937 on = ss->opt.enableSessionTickets; | 927 on = ss->opt.enableSessionTickets; |
938 break; | 928 break; |
939 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; | 929 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; |
940 case SSL_ENABLE_RENEGOTIATION: | 930 case SSL_ENABLE_RENEGOTIATION: |
941 on = ss->opt.enableRenegotiation; break; | 931 on = ss->opt.enableRenegotiation; break; |
942 case SSL_REQUIRE_SAFE_NEGOTIATION: | 932 case SSL_REQUIRE_SAFE_NEGOTIATION: |
943 on = ss->opt.requireSafeNegotiation; break; | 933 on = ss->opt.requireSafeNegotiation; break; |
944 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; | 934 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; |
945 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; | 935 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; |
946 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; | 936 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; |
947 case SSL_ENABLE_OB_CERTS: on = ss->opt.enableOBCerts; break; | |
948 case SSL_ENCRYPT_CLIENT_CERTS: | |
949 on = ss->opt.encryptClientCerts; break; | |
950 | 937 |
951 default: | 938 default: |
952 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 939 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
953 rv = SECFailure; | 940 rv = SECFailure; |
954 } | 941 } |
955 | 942 |
956 ssl_ReleaseSSL3HandshakeLock(ss); | 943 ssl_ReleaseSSL3HandshakeLock(ss); |
957 ssl_Release1stHandshakeLock(ss); | 944 ssl_Release1stHandshakeLock(ss); |
958 | 945 |
959 *pOn = on; | 946 *pOn = on; |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1001 case SSL_ENABLE_RENEGOTIATION: | 988 case SSL_ENABLE_RENEGOTIATION: |
1002 on = ssl_defaults.enableRenegotiation; break; | 989 on = ssl_defaults.enableRenegotiation; break; |
1003 case SSL_REQUIRE_SAFE_NEGOTIATION: | 990 case SSL_REQUIRE_SAFE_NEGOTIATION: |
1004 on = ssl_defaults.requireSafeNegotiation; | 991 on = ssl_defaults.requireSafeNegotiation; |
1005 break; | 992 break; |
1006 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; | 993 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; |
1007 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; | 994 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; |
1008 case SSL_ENABLE_OCSP_STAPLING: | 995 case SSL_ENABLE_OCSP_STAPLING: |
1009 on = ssl_defaults.enableOCSPStapling; | 996 on = ssl_defaults.enableOCSPStapling; |
1010 break; | 997 break; |
1011 case SSL_ENABLE_OB_CERTS: on = ssl_defaults.enableOBCerts; break; | |
1012 case SSL_ENCRYPT_CLIENT_CERTS: | |
1013 on = ssl_defaults.encryptClientCerts; break; | |
1014 | 998 |
1015 default: | 999 default: |
1016 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1000 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1017 rv = SECFailure; | 1001 rv = SECFailure; |
1018 } | 1002 } |
1019 | 1003 |
1020 *pOn = on; | 1004 *pOn = on; |
1021 return rv; | 1005 return rv; |
1022 } | 1006 } |
1023 | 1007 |
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1167 break; | 1151 break; |
1168 | 1152 |
1169 case SSL_CBC_RANDOM_IV: | 1153 case SSL_CBC_RANDOM_IV: |
1170 ssl_defaults.cbcRandomIV = on; | 1154 ssl_defaults.cbcRandomIV = on; |
1171 break; | 1155 break; |
1172 | 1156 |
1173 case SSL_ENABLE_OCSP_STAPLING: | 1157 case SSL_ENABLE_OCSP_STAPLING: |
1174 ssl_defaults.enableOCSPStapling = on; | 1158 ssl_defaults.enableOCSPStapling = on; |
1175 break; | 1159 break; |
1176 | 1160 |
1177 case SSL_ENABLE_OB_CERTS: | |
1178 ssl_defaults.enableOBCerts = on; | |
1179 break; | |
1180 | |
1181 case SSL_ENCRYPT_CLIENT_CERTS: | |
1182 ssl_defaults.encryptClientCerts = on; | |
1183 break; | |
1184 | |
1185 default: | 1161 default: |
1186 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1162 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1187 return SECFailure; | 1163 return SECFailure; |
1188 } | 1164 } |
1189 return SECSuccess; | 1165 return SECSuccess; |
1190 } | 1166 } |
1191 | 1167 |
1192 /* function tells us if the cipher suite is one that we no longer support. */ | 1168 /* function tells us if the cipher suite is one that we no longer support. */ |
1193 static PRBool | 1169 static PRBool |
1194 ssl_IsRemovedCipherSuite(PRInt32 suite) | 1170 ssl_IsRemovedCipherSuite(PRInt32 suite) |
(...skipping 1786 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2981 ssl_DestroySocketContents(ss); | 2957 ssl_DestroySocketContents(ss); |
2982 ssl_DestroyLocks(ss); | 2958 ssl_DestroyLocks(ss); |
2983 PORT_Free(ss); | 2959 PORT_Free(ss); |
2984 ss = NULL; | 2960 ss = NULL; |
2985 } | 2961 } |
2986 ss->protocolVariant = protocolVariant; | 2962 ss->protocolVariant = protocolVariant; |
2987 } | 2963 } |
2988 return ss; | 2964 return ss; |
2989 } | 2965 } |
2990 | 2966 |
OLD | NEW |