| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
| 3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
| 4 * Various other functions. | 4 * Various other functions. |
| 5 * | 5 * |
| 6 * ***** BEGIN LICENSE BLOCK ***** | 6 * ***** BEGIN LICENSE BLOCK ***** |
| 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 8 * | 8 * |
| 9 * The contents of this file are subject to the Mozilla Public License Version | 9 * The contents of this file are subject to the Mozilla Public License Version |
| 10 * 1.1 (the "License"); you may not use this file except in compliance with | 10 * 1.1 (the "License"); you may not use this file except in compliance with |
| (...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 180 PR_FALSE, /* noStepDown */ | 180 PR_FALSE, /* noStepDown */ |
| 181 PR_FALSE, /* bypassPKCS11 */ | 181 PR_FALSE, /* bypassPKCS11 */ |
| 182 PR_FALSE, /* noLocks */ | 182 PR_FALSE, /* noLocks */ |
| 183 PR_FALSE, /* enableSessionTickets */ | 183 PR_FALSE, /* enableSessionTickets */ |
| 184 PR_FALSE, /* enableDeflate */ | 184 PR_FALSE, /* enableDeflate */ |
| 185 2, /* enableRenegotiation (default: requires extension) */ | 185 2, /* enableRenegotiation (default: requires extension) */ |
| 186 PR_FALSE, /* requireSafeNegotiation */ | 186 PR_FALSE, /* requireSafeNegotiation */ |
| 187 PR_FALSE, /* enableFalseStart */ | 187 PR_FALSE, /* enableFalseStart */ |
| 188 PR_TRUE, /* cbcRandomIV */ | 188 PR_TRUE, /* cbcRandomIV */ |
| 189 PR_FALSE, /* enableOCSPStapling */ | 189 PR_FALSE, /* enableOCSPStapling */ |
| 190 PR_FALSE, /* enableOBCerts */ | |
| 191 PR_FALSE, /* encryptClientCerts */ | |
| 192 }; | 190 }; |
| 193 | 191 |
| 194 /* | 192 /* |
| 195 * default range of enabled SSL/TLS protocols | 193 * default range of enabled SSL/TLS protocols |
| 196 */ | 194 */ |
| 197 static SSLVersionRange versions_defaults_stream = { | 195 static SSLVersionRange versions_defaults_stream = { |
| 198 SSL_LIBRARY_VERSION_3_0, | 196 SSL_LIBRARY_VERSION_3_0, |
| 199 SSL_LIBRARY_VERSION_TLS_1_0 | 197 SSL_LIBRARY_VERSION_TLS_1_0 |
| 200 }; | 198 }; |
| 201 | 199 |
| (...skipping 657 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 859 break; | 857 break; |
| 860 | 858 |
| 861 case SSL_CBC_RANDOM_IV: | 859 case SSL_CBC_RANDOM_IV: |
| 862 ss->opt.cbcRandomIV = on; | 860 ss->opt.cbcRandomIV = on; |
| 863 break; | 861 break; |
| 864 | 862 |
| 865 case SSL_ENABLE_OCSP_STAPLING: | 863 case SSL_ENABLE_OCSP_STAPLING: |
| 866 ss->opt.enableOCSPStapling = on; | 864 ss->opt.enableOCSPStapling = on; |
| 867 break; | 865 break; |
| 868 | 866 |
| 869 case SSL_ENABLE_OB_CERTS: | |
| 870 ss->opt.enableOBCerts = on; | |
| 871 break; | |
| 872 | |
| 873 case SSL_ENCRYPT_CLIENT_CERTS: | |
| 874 ss->opt.encryptClientCerts = on; | |
| 875 break; | |
| 876 | |
| 877 default: | 867 default: |
| 878 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 868 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 879 rv = SECFailure; | 869 rv = SECFailure; |
| 880 } | 870 } |
| 881 | 871 |
| 882 /* We can't use the macros for releasing the locks here, | 872 /* We can't use the macros for releasing the locks here, |
| 883 * because ss->opt.noLocks might have changed just above. | 873 * because ss->opt.noLocks might have changed just above. |
| 884 * We must release these locks (monitors) here, if we aquired them above, | 874 * We must release these locks (monitors) here, if we aquired them above, |
| 885 * regardless of the current value of ss->opt.noLocks. | 875 * regardless of the current value of ss->opt.noLocks. |
| 886 */ | 876 */ |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 937 on = ss->opt.enableSessionTickets; | 927 on = ss->opt.enableSessionTickets; |
| 938 break; | 928 break; |
| 939 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; | 929 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; |
| 940 case SSL_ENABLE_RENEGOTIATION: | 930 case SSL_ENABLE_RENEGOTIATION: |
| 941 on = ss->opt.enableRenegotiation; break; | 931 on = ss->opt.enableRenegotiation; break; |
| 942 case SSL_REQUIRE_SAFE_NEGOTIATION: | 932 case SSL_REQUIRE_SAFE_NEGOTIATION: |
| 943 on = ss->opt.requireSafeNegotiation; break; | 933 on = ss->opt.requireSafeNegotiation; break; |
| 944 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; | 934 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; |
| 945 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; | 935 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; |
| 946 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; | 936 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; |
| 947 case SSL_ENABLE_OB_CERTS: on = ss->opt.enableOBCerts; break; | |
| 948 case SSL_ENCRYPT_CLIENT_CERTS: | |
| 949 on = ss->opt.encryptClientCerts; break; | |
| 950 | 937 |
| 951 default: | 938 default: |
| 952 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 939 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 953 rv = SECFailure; | 940 rv = SECFailure; |
| 954 } | 941 } |
| 955 | 942 |
| 956 ssl_ReleaseSSL3HandshakeLock(ss); | 943 ssl_ReleaseSSL3HandshakeLock(ss); |
| 957 ssl_Release1stHandshakeLock(ss); | 944 ssl_Release1stHandshakeLock(ss); |
| 958 | 945 |
| 959 *pOn = on; | 946 *pOn = on; |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1001 case SSL_ENABLE_RENEGOTIATION: | 988 case SSL_ENABLE_RENEGOTIATION: |
| 1002 on = ssl_defaults.enableRenegotiation; break; | 989 on = ssl_defaults.enableRenegotiation; break; |
| 1003 case SSL_REQUIRE_SAFE_NEGOTIATION: | 990 case SSL_REQUIRE_SAFE_NEGOTIATION: |
| 1004 on = ssl_defaults.requireSafeNegotiation; | 991 on = ssl_defaults.requireSafeNegotiation; |
| 1005 break; | 992 break; |
| 1006 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; | 993 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; |
| 1007 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; | 994 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; |
| 1008 case SSL_ENABLE_OCSP_STAPLING: | 995 case SSL_ENABLE_OCSP_STAPLING: |
| 1009 on = ssl_defaults.enableOCSPStapling; | 996 on = ssl_defaults.enableOCSPStapling; |
| 1010 break; | 997 break; |
| 1011 case SSL_ENABLE_OB_CERTS: on = ssl_defaults.enableOBCerts; break; | |
| 1012 case SSL_ENCRYPT_CLIENT_CERTS: | |
| 1013 on = ssl_defaults.encryptClientCerts; break; | |
| 1014 | 998 |
| 1015 default: | 999 default: |
| 1016 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1000 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1017 rv = SECFailure; | 1001 rv = SECFailure; |
| 1018 } | 1002 } |
| 1019 | 1003 |
| 1020 *pOn = on; | 1004 *pOn = on; |
| 1021 return rv; | 1005 return rv; |
| 1022 } | 1006 } |
| 1023 | 1007 |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1167 break; | 1151 break; |
| 1168 | 1152 |
| 1169 case SSL_CBC_RANDOM_IV: | 1153 case SSL_CBC_RANDOM_IV: |
| 1170 ssl_defaults.cbcRandomIV = on; | 1154 ssl_defaults.cbcRandomIV = on; |
| 1171 break; | 1155 break; |
| 1172 | 1156 |
| 1173 case SSL_ENABLE_OCSP_STAPLING: | 1157 case SSL_ENABLE_OCSP_STAPLING: |
| 1174 ssl_defaults.enableOCSPStapling = on; | 1158 ssl_defaults.enableOCSPStapling = on; |
| 1175 break; | 1159 break; |
| 1176 | 1160 |
| 1177 case SSL_ENABLE_OB_CERTS: | |
| 1178 ssl_defaults.enableOBCerts = on; | |
| 1179 break; | |
| 1180 | |
| 1181 case SSL_ENCRYPT_CLIENT_CERTS: | |
| 1182 ssl_defaults.encryptClientCerts = on; | |
| 1183 break; | |
| 1184 | |
| 1185 default: | 1161 default: |
| 1186 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1162 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1187 return SECFailure; | 1163 return SECFailure; |
| 1188 } | 1164 } |
| 1189 return SECSuccess; | 1165 return SECSuccess; |
| 1190 } | 1166 } |
| 1191 | 1167 |
| 1192 /* function tells us if the cipher suite is one that we no longer support. */ | 1168 /* function tells us if the cipher suite is one that we no longer support. */ |
| 1193 static PRBool | 1169 static PRBool |
| 1194 ssl_IsRemovedCipherSuite(PRInt32 suite) | 1170 ssl_IsRemovedCipherSuite(PRInt32 suite) |
| (...skipping 1786 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2981 ssl_DestroySocketContents(ss); | 2957 ssl_DestroySocketContents(ss); |
| 2982 ssl_DestroyLocks(ss); | 2958 ssl_DestroyLocks(ss); |
| 2983 PORT_Free(ss); | 2959 PORT_Free(ss); |
| 2984 ss = NULL; | 2960 ss = NULL; |
| 2985 } | 2961 } |
| 2986 ss->protocolVariant = protocolVariant; | 2962 ss->protocolVariant = protocolVariant; |
| 2987 } | 2963 } |
| 2988 return ss; | 2964 return ss; |
| 2989 } | 2965 } |
| 2990 | 2966 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10451012:
Revert 138795 - Revert "nss: revert encrypted and origin bound certificates support." (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/