| OLD | NEW |
| 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| 2 /* | 2 /* |
| 3 * SSL3 Protocol | 3 * SSL3 Protocol |
| 4 * | 4 * |
| 5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
| 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 7 * | 7 * |
| 8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
| 9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
| 10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
| (...skipping 5183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5194 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); | 5194 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); |
| 5195 ss->ssl3.clientPrivateKey = NULL; | 5195 ss->ssl3.clientPrivateKey = NULL; |
| 5196 } | 5196 } |
| 5197 #ifdef NSS_PLATFORM_CLIENT_AUTH | 5197 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 5198 if (ss->ssl3.platformClientKey) { | 5198 if (ss->ssl3.platformClientKey) { |
| 5199 ssl_FreePlatformKey(ss->ssl3.platformClientKey); | 5199 ssl_FreePlatformKey(ss->ssl3.platformClientKey); |
| 5200 ss->ssl3.platformClientKey = (PlatformKey)NULL; | 5200 ss->ssl3.platformClientKey = (PlatformKey)NULL; |
| 5201 } | 5201 } |
| 5202 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 5202 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 5203 | 5203 |
| 5204 if (ss->ssl3.channelID != NULL) { |
| 5205 SECKEY_DestroyPrivateKey(ss->ssl3.channelID); |
| 5206 ss->ssl3.channelID = NULL; |
| 5207 } |
| 5208 if (ss->ssl3.channelIDPub != NULL) { |
| 5209 SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); |
| 5210 ss->ssl3.channelIDPub = NULL; |
| 5211 } |
| 5212 |
| 5204 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); | 5213 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
| 5205 if (temp < 0) { | 5214 if (temp < 0) { |
| 5206 goto loser; /* alert has been sent */ | 5215 goto loser; /* alert has been sent */ |
| 5207 } | 5216 } |
| 5208 version = (SSL3ProtocolVersion)temp; | 5217 version = (SSL3ProtocolVersion)temp; |
| 5209 | 5218 |
| 5210 if (IS_DTLS(ss)) { | 5219 if (IS_DTLS(ss)) { |
| 5211 /* RFC 4347 required that you verify that the server versions | 5220 /* RFC 4347 required that you verify that the server versions |
| 5212 * match (Section 4.2.1) in the HelloVerifyRequest and the | 5221 * match (Section 4.2.1) in the HelloVerifyRequest and the |
| 5213 * ServerHello. | 5222 * ServerHello. |
| (...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5446 ss->ssl3.hs.ws = wait_change_cipher; | 5455 ss->ssl3.hs.ws = wait_change_cipher; |
| 5447 | 5456 |
| 5448 ss->ssl3.hs.isResuming = PR_TRUE; | 5457 ss->ssl3.hs.isResuming = PR_TRUE; |
| 5449 | 5458 |
| 5450 /* copy the peer cert from the SID */ | 5459 /* copy the peer cert from the SID */ |
| 5451 if (sid->peerCert != NULL) { | 5460 if (sid->peerCert != NULL) { |
| 5452 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); | 5461 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); |
| 5453 ssl3_CopyPeerCertsFromSID(ss, sid); | 5462 ssl3_CopyPeerCertsFromSID(ss, sid); |
| 5454 } | 5463 } |
| 5455 | 5464 |
| 5456 | |
| 5457 /* NULL value for PMS signifies re-use of the old MS */ | 5465 /* NULL value for PMS signifies re-use of the old MS */ |
| 5458 rv = ssl3_InitPendingCipherSpec(ss, NULL); | 5466 rv = ssl3_InitPendingCipherSpec(ss, NULL); |
| 5459 if (rv != SECSuccess) { | 5467 if (rv != SECSuccess) { |
| 5460 goto alert_loser; /* err code was set */ | 5468 goto alert_loser; /* err code was set */ |
| 5461 } | 5469 } |
| 5462 » return SECSuccess; | 5470 » goto winner; |
| 5463 } while (0); | 5471 } while (0); |
| 5464 | 5472 |
| 5465 if (sid_match) | 5473 if (sid_match) |
| 5466 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_not_ok ); | 5474 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_not_ok ); |
| 5467 else | 5475 else |
| 5468 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_misses ); | 5476 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_misses ); |
| 5469 | 5477 |
| 5470 /* throw the old one away */ | 5478 /* throw the old one away */ |
| 5471 sid->u.ssl3.keys.resumable = PR_FALSE; | 5479 sid->u.ssl3.keys.resumable = PR_FALSE; |
| 5472 (*ss->sec.uncache)(sid); | 5480 (*ss->sec.uncache)(sid); |
| 5473 ssl_FreeSID(sid); | 5481 ssl_FreeSID(sid); |
| 5474 | 5482 |
| 5475 /* get a new sid */ | 5483 /* get a new sid */ |
| 5476 ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE); | 5484 ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE); |
| 5477 if (sid == NULL) { | 5485 if (sid == NULL) { |
| 5478 goto alert_loser; /* memory error is set. */ | 5486 goto alert_loser; /* memory error is set. */ |
| 5479 } | 5487 } |
| 5480 | 5488 |
| 5481 sid->version = ss->version; | 5489 sid->version = ss->version; |
| 5482 sid->u.ssl3.sessionIDLength = sidBytes.len; | 5490 sid->u.ssl3.sessionIDLength = sidBytes.len; |
| 5483 PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); | 5491 PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); |
| 5484 | 5492 |
| 5485 ss->ssl3.hs.isResuming = PR_FALSE; | 5493 ss->ssl3.hs.isResuming = PR_FALSE; |
| 5486 ss->ssl3.hs.ws = wait_server_cert; | 5494 ss->ssl3.hs.ws = wait_server_cert; |
| 5495 |
| 5496 winner: |
| 5497 /* If we will need a ChannelID key then we make the callback now. This |
| 5498 * allows the handshake to be restarted cleanly if the callback returns |
| 5499 * SECWouldBlock. */ |
| 5500 if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { |
| 5501 rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, |
| 5502 &ss->ssl3.channelIDPub, &ss->ssl3.channelID); |
| 5503 if (rv == SECWouldBlock) { |
| 5504 ssl3_SetAlwaysBlock(ss); |
| 5505 return rv; |
| 5506 } |
| 5507 if (rv != SECSuccess || |
| 5508 ss->ssl3.channelIDPub == NULL || |
| 5509 ss->ssl3.channelID == NULL) { |
| 5510 PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); |
| 5511 goto loser; |
| 5512 } |
| 5513 } |
| 5514 |
| 5487 return SECSuccess; | 5515 return SECSuccess; |
| 5488 | 5516 |
| 5489 alert_loser: | 5517 alert_loser: |
| 5490 (void)SSL3_SendAlert(ss, alert_fatal, desc); | 5518 (void)SSL3_SendAlert(ss, alert_fatal, desc); |
| 5491 | 5519 |
| 5492 loser: | 5520 loser: |
| 5493 errCode = ssl_MapLowLevelError(errCode); | 5521 errCode = ssl_MapLowLevelError(errCode); |
| 5494 return SECFailure; | 5522 return SECFailure; |
| 5495 } | 5523 } |
| 5496 | 5524 |
| (...skipping 3393 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8890 | 8918 |
| 8891 SECStatus rv = SECFailure; | 8919 SECStatus rv = SECFailure; |
| 8892 SECItem *spki = NULL; | 8920 SECItem *spki = NULL; |
| 8893 SSL3Hashes hashes; | 8921 SSL3Hashes hashes; |
| 8894 const unsigned char *pub_bytes; | 8922 const unsigned char *pub_bytes; |
| 8895 unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)]; | 8923 unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)]; |
| 8896 unsigned char digest[SHA256_LENGTH]; | 8924 unsigned char digest[SHA256_LENGTH]; |
| 8897 SECItem digest_item; | 8925 SECItem digest_item; |
| 8898 unsigned char signature[64]; | 8926 unsigned char signature[64]; |
| 8899 SECItem signature_item; | 8927 SECItem signature_item; |
| 8900 SECKEYPrivateKey *channelID = NULL; | |
| 8901 SECKEYPublicKey *channelIDPub = NULL; | |
| 8902 | 8928 |
| 8903 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | 8929 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
| 8904 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 8930 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
| 8905 | 8931 |
| 8906 if (ss->getChannelID == NULL || | 8932 if (ss->ssl3.channelID == NULL) |
| 8907 » !ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { | |
| 8908 return SECSuccess; | 8933 return SECSuccess; |
| 8909 } | |
| 8910 | 8934 |
| 8911 rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, | 8935 PORT_Assert(ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)); |
| 8912 » » » &channelIDPub, &channelID); | |
| 8913 if (rv != SECSuccess) { | |
| 8914 » PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); | |
| 8915 » goto loser; | |
| 8916 } | |
| 8917 | 8936 |
| 8918 if (SECKEY_GetPrivateKeyType(channelID) != ecKey || | 8937 if (SECKEY_GetPrivateKeyType(ss->ssl3.channelID) != ecKey || |
| 8919 » PK11_SignatureLen(channelID) != sizeof(signature)) { | 8938 » PK11_SignatureLen(ss->ssl3.channelID) != sizeof(signature)) { |
| 8920 PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); | 8939 PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); |
| 8921 rv = SECFailure; | 8940 rv = SECFailure; |
| 8922 goto loser; | 8941 goto loser; |
| 8923 } | 8942 } |
| 8924 | 8943 |
| 8925 ssl_GetSpecReadLock(ss); | 8944 ssl_GetSpecReadLock(ss); |
| 8926 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0); | 8945 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0); |
| 8927 ssl_ReleaseSpecReadLock(ss); | 8946 ssl_ReleaseSpecReadLock(ss); |
| 8928 | 8947 |
| 8929 if (rv != SECSuccess) | 8948 if (rv != SECSuccess) |
| 8930 goto loser; | 8949 goto loser; |
| 8931 | 8950 |
| 8932 rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions, | 8951 rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions, |
| 8933 2 + 2 + CHANNEL_ID_LENGTH); | 8952 2 + 2 + CHANNEL_ID_LENGTH); |
| 8934 if (rv != SECSuccess) | 8953 if (rv != SECSuccess) |
| 8935 goto loser; /* error code set by AppendHandshakeHeader */ | 8954 goto loser; /* error code set by AppendHandshakeHeader */ |
| 8936 rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); | 8955 rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); |
| 8937 if (rv != SECSuccess) | 8956 if (rv != SECSuccess) |
| 8938 goto loser; /* error code set by AppendHandshake */ | 8957 goto loser; /* error code set by AppendHandshake */ |
| 8939 rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2); | 8958 rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2); |
| 8940 if (rv != SECSuccess) | 8959 if (rv != SECSuccess) |
| 8941 goto loser; /* error code set by AppendHandshake */ | 8960 goto loser; /* error code set by AppendHandshake */ |
| 8942 | 8961 |
| 8943 spki = SECKEY_EncodeDERSubjectPublicKeyInfo(channelIDPub); | 8962 spki = SECKEY_EncodeDERSubjectPublicKeyInfo(ss->ssl3.channelIDPub); |
| 8944 | 8963 |
| 8945 if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH || | 8964 if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH || |
| 8946 memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) { | 8965 memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) { |
| 8947 PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); | 8966 PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); |
| 8948 rv = SECFailure; | 8967 rv = SECFailure; |
| 8949 goto loser; | 8968 goto loser; |
| 8950 } | 8969 } |
| 8951 | 8970 |
| 8952 pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); | 8971 pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); |
| 8953 | 8972 |
| 8954 memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC)); | 8973 memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC)); |
| 8955 memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), &hashes, sizeof(hashes)); | 8974 memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), &hashes, sizeof(hashes)); |
| 8956 | 8975 |
| 8957 rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, sizeof(signed_data)); | 8976 rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, sizeof(signed_data)); |
| 8958 if (rv != SECSuccess) | 8977 if (rv != SECSuccess) |
| 8959 goto loser; | 8978 goto loser; |
| 8960 | 8979 |
| 8961 digest_item.data = digest; | 8980 digest_item.data = digest; |
| 8962 digest_item.len = sizeof(digest); | 8981 digest_item.len = sizeof(digest); |
| 8963 | 8982 |
| 8964 signature_item.data = signature; | 8983 signature_item.data = signature; |
| 8965 signature_item.len = sizeof(signature); | 8984 signature_item.len = sizeof(signature); |
| 8966 | 8985 |
| 8967 rv = PK11_Sign(channelID, &signature_item, &digest_item); | 8986 rv = PK11_Sign(ss->ssl3.channelID, &signature_item, &digest_item); |
| 8968 if (rv != SECSuccess) | 8987 if (rv != SECSuccess) |
| 8969 goto loser; | 8988 goto loser; |
| 8970 | 8989 |
| 8971 rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH); | 8990 rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH); |
| 8972 if (rv != SECSuccess) | 8991 if (rv != SECSuccess) |
| 8973 goto loser; | 8992 goto loser; |
| 8974 rv = ssl3_AppendHandshake(ss, signature, sizeof(signature)); | 8993 rv = ssl3_AppendHandshake(ss, signature, sizeof(signature)); |
| 8975 | 8994 |
| 8976 loser: | 8995 loser: |
| 8977 if (spki) | 8996 if (spki) |
| 8978 SECITEM_FreeItem(spki, PR_TRUE); | 8997 SECITEM_FreeItem(spki, PR_TRUE); |
| 8979 if (channelID) | 8998 if (ss->ssl3.channelID) { |
| 8980 » SECKEY_DestroyPrivateKey(channelID); | 8999 » SECKEY_DestroyPrivateKey(ss->ssl3.channelID); |
| 8981 if (channelIDPub) | 9000 » ss->ssl3.channelID = NULL; |
| 8982 » SECKEY_DestroyPublicKey(channelIDPub); | 9001 } |
| 9002 if (ss->ssl3.channelIDPub) { |
| 9003 » SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); |
| 9004 » ss->ssl3.channelIDPub = NULL; |
| 9005 } |
| 8983 | 9006 |
| 8984 return rv; | 9007 return rv; |
| 8985 } | 9008 } |
| 8986 | 9009 |
| 9010 /* ssl3_RestartHandshakeAfterChannelIDReq is called to restart a handshake |
| 9011 * after a ChannelID callback returned SECWouldBlock. At this point we have |
| 9012 * processed the server's ServerHello but not yet any further messages. We will |
| 9013 * always get a message from the server after a ServerHello so either they are |
| 9014 * waiting in the buffer or we'll get network I/O. */ |
| 9015 SECStatus |
| 9016 ssl3_RestartHandshakeAfterChannelIDReq(sslSocket *ss, |
| 9017 SECKEYPublicKey *channelIDPub, |
| 9018 SECKEYPrivateKey *channelID) |
| 9019 { |
| 9020 if (ss->handshake == 0) { |
| 9021 SECKEY_DestroyPublicKey(channelIDPub); |
| 9022 SECKEY_DestroyPrivateKey(channelID); |
| 9023 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
| 9024 return SECFailure; |
| 9025 } |
| 9026 |
| 9027 if (channelIDPub == NULL || |
| 9028 channelID == NULL) { |
| 9029 if (channelIDPub) |
| 9030 SECKEY_DestroyPublicKey(channelIDPub); |
| 9031 if (channelID) |
| 9032 SECKEY_DestroyPrivateKey(channelID); |
| 9033 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); |
| 9034 return SECFailure; |
| 9035 } |
| 9036 |
| 9037 if (ss->ssl3.channelID) |
| 9038 SECKEY_DestroyPrivateKey(ss->ssl3.channelID); |
| 9039 if (ss->ssl3.channelIDPub) |
| 9040 SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); |
| 9041 |
| 9042 ss->handshake = ssl_GatherRecord1stHandshake; |
| 9043 ss->ssl3.channelID = channelID; |
| 9044 ss->ssl3.channelIDPub = channelIDPub; |
| 9045 |
| 9046 return SECSuccess; |
| 9047 } |
| 9048 |
| 8987 /* called from ssl3_HandleServerHelloDone | 9049 /* called from ssl3_HandleServerHelloDone |
| 8988 * ssl3_HandleClientHello | 9050 * ssl3_HandleClientHello |
| 8989 * ssl3_HandleFinished | 9051 * ssl3_HandleFinished |
| 8990 */ | 9052 */ |
| 8991 static SECStatus | 9053 static SECStatus |
| 8992 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) | 9054 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) |
| 8993 { | 9055 { |
| 8994 ssl3CipherSpec *cwSpec; | 9056 ssl3CipherSpec *cwSpec; |
| 8995 PRBool isTLS; | 9057 PRBool isTLS; |
| 8996 PRBool isServer = ss->sec.isServer; | 9058 PRBool isServer = ss->sec.isServer; |
| (...skipping 1506 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10503 if (ss->ssl3.clientCertificate != NULL) | 10565 if (ss->ssl3.clientCertificate != NULL) |
| 10504 CERT_DestroyCertificate(ss->ssl3.clientCertificate); | 10566 CERT_DestroyCertificate(ss->ssl3.clientCertificate); |
| 10505 | 10567 |
| 10506 if (ss->ssl3.clientPrivateKey != NULL) | 10568 if (ss->ssl3.clientPrivateKey != NULL) |
| 10507 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); | 10569 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); |
| 10508 #ifdef NSS_PLATFORM_CLIENT_AUTH | 10570 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 10509 if (ss->ssl3.platformClientKey) | 10571 if (ss->ssl3.platformClientKey) |
| 10510 ssl_FreePlatformKey(ss->ssl3.platformClientKey); | 10572 ssl_FreePlatformKey(ss->ssl3.platformClientKey); |
| 10511 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 10573 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 10512 | 10574 |
| 10575 if (ss->ssl3.channelID) |
| 10576 SECKEY_DestroyPrivateKey(ss->ssl3.channelID); |
| 10577 if (ss->ssl3.channelIDPub) |
| 10578 SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); |
| 10579 |
| 10513 if (ss->ssl3.peerCertArena != NULL) | 10580 if (ss->ssl3.peerCertArena != NULL) |
| 10514 ssl3_CleanupPeerCerts(ss); | 10581 ssl3_CleanupPeerCerts(ss); |
| 10515 | 10582 |
| 10516 if (ss->ssl3.clientCertChain != NULL) { | 10583 if (ss->ssl3.clientCertChain != NULL) { |
| 10517 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); | 10584 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); |
| 10518 ss->ssl3.clientCertChain = NULL; | 10585 ss->ssl3.clientCertChain = NULL; |
| 10519 } | 10586 } |
| 10520 | 10587 |
| 10521 /* clean up handshake */ | 10588 /* clean up handshake */ |
| 10522 if (ss->opt.bypassPKCS11) { | 10589 if (ss->opt.bypassPKCS11) { |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10559 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 10626 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
| 10560 } | 10627 } |
| 10561 } | 10628 } |
| 10562 | 10629 |
| 10563 ss->ssl3.initialized = PR_FALSE; | 10630 ss->ssl3.initialized = PR_FALSE; |
| 10564 | 10631 |
| 10565 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 10632 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 10566 } | 10633 } |
| 10567 | 10634 |
| 10568 /* End of ssl3con.c */ | 10635 /* End of ssl3con.c */ |
| OLD | NEW |