| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
| 3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
| 4 * Various other functions. | 4 * Various other functions. |
| 5 * | 5 * |
| 6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
| 7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 9 /* $Id: sslsock.c,v 1.96 2012/09/24 23:57:42 wtc%google.com Exp $ */ | 9 /* $Id$ */ |
| 10 #include "seccomon.h" | 10 #include "seccomon.h" |
| 11 #include "cert.h" | 11 #include "cert.h" |
| 12 #include "keyhi.h" | 12 #include "keyhi.h" |
| 13 #include "ssl.h" | 13 #include "ssl.h" |
| 14 #include "sslimpl.h" | 14 #include "sslimpl.h" |
| 15 #include "sslproto.h" | 15 #include "sslproto.h" |
| 16 #include "nspr.h" | 16 #include "nspr.h" |
| 17 #include "private/pprio.h" | 17 #include "private/pprio.h" |
| 18 #ifndef NO_PKCS11_BYPASS | 18 #ifndef NO_PKCS11_BYPASS |
| 19 #include "blapi.h" | 19 #include "blapi.h" |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 147 PR_TRUE, /* detectRollBack */ | 147 PR_TRUE, /* detectRollBack */ |
| 148 PR_FALSE, /* noStepDown */ | 148 PR_FALSE, /* noStepDown */ |
| 149 PR_FALSE, /* bypassPKCS11 */ | 149 PR_FALSE, /* bypassPKCS11 */ |
| 150 PR_FALSE, /* noLocks */ | 150 PR_FALSE, /* noLocks */ |
| 151 PR_FALSE, /* enableSessionTickets */ | 151 PR_FALSE, /* enableSessionTickets */ |
| 152 PR_FALSE, /* enableDeflate */ | 152 PR_FALSE, /* enableDeflate */ |
| 153 2, /* enableRenegotiation (default: requires extension) */ | 153 2, /* enableRenegotiation (default: requires extension) */ |
| 154 PR_FALSE, /* requireSafeNegotiation */ | 154 PR_FALSE, /* requireSafeNegotiation */ |
| 155 PR_FALSE, /* enableFalseStart */ | 155 PR_FALSE, /* enableFalseStart */ |
| 156 PR_TRUE, /* cbcRandomIV */ | 156 PR_TRUE, /* cbcRandomIV */ |
| 157 PR_FALSE, /* enableOCSPStapling */ | 157 PR_FALSE /* enableOCSPStapling */ |
| 158 }; | 158 }; |
| 159 | 159 |
| 160 /* | 160 /* |
| 161 * default range of enabled SSL/TLS protocols | 161 * default range of enabled SSL/TLS protocols |
| 162 */ | 162 */ |
| 163 static SSLVersionRange versions_defaults_stream = { | 163 static SSLVersionRange versions_defaults_stream = { |
| 164 SSL_LIBRARY_VERSION_3_0, | 164 SSL_LIBRARY_VERSION_3_0, |
| 165 SSL_LIBRARY_VERSION_TLS_1_0 | 165 SSL_LIBRARY_VERSION_TLS_1_0 |
| 166 }; | 166 }; |
| 167 | 167 |
| (...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 320 sc->serverKeyPair = oc->serverKeyPair ? | 320 sc->serverKeyPair = oc->serverKeyPair ? |
| 321 ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; | 321 ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; |
| 322 if (oc->serverKeyPair && !sc->serverKeyPair) | 322 if (oc->serverKeyPair && !sc->serverKeyPair) |
| 323 goto loser; | 323 goto loser; |
| 324 sc->serverKeyBits = oc->serverKeyBits; | 324 sc->serverKeyBits = oc->serverKeyBits; |
| 325 } | 325 } |
| 326 ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : | 326 ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : |
| 327 ssl3_GetKeyPairRef(os->stepDownKeyPair); | 327 ssl3_GetKeyPairRef(os->stepDownKeyPair); |
| 328 ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : | 328 ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : |
| 329 ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); | 329 ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); |
| 330 ss->certStatusArray = !os->certStatusArray ? NULL : |
| 331 SECITEM_DupArray(NULL, os->certStatusArray); |
| 330 /* | 332 /* |
| 331 * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL. | 333 * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL. |
| 332 * XXX We should detect this, and not just march on with NULL pointers. | 334 * XXX We should detect this, and not just march on with NULL pointers. |
| 333 */ | 335 */ |
| 334 ss->authCertificate = os->authCertificate; | 336 ss->authCertificate = os->authCertificate; |
| 335 ss->authCertificateArg = os->authCertificateArg; | 337 ss->authCertificateArg = os->authCertificateArg; |
| 336 ss->getClientAuthData = os->getClientAuthData; | 338 ss->getClientAuthData = os->getClientAuthData; |
| 337 ss->getClientAuthDataArg = os->getClientAuthDataArg; | 339 ss->getClientAuthDataArg = os->getClientAuthDataArg; |
| 338 #ifdef NSS_PLATFORM_CLIENT_AUTH | 340 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 339 ss->getPlatformClientAuthData = os->getPlatformClientAuthData; | 341 ss->getPlatformClientAuthData = os->getPlatformClientAuthData; |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 437 ssl3_FreeKeyPair(sc->serverKeyPair); | 439 ssl3_FreeKeyPair(sc->serverKeyPair); |
| 438 } | 440 } |
| 439 if (ss->stepDownKeyPair) { | 441 if (ss->stepDownKeyPair) { |
| 440 ssl3_FreeKeyPair(ss->stepDownKeyPair); | 442 ssl3_FreeKeyPair(ss->stepDownKeyPair); |
| 441 ss->stepDownKeyPair = NULL; | 443 ss->stepDownKeyPair = NULL; |
| 442 } | 444 } |
| 443 if (ss->ephemeralECDHKeyPair) { | 445 if (ss->ephemeralECDHKeyPair) { |
| 444 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); | 446 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); |
| 445 ss->ephemeralECDHKeyPair = NULL; | 447 ss->ephemeralECDHKeyPair = NULL; |
| 446 } | 448 } |
| 449 if (ss->certStatusArray) { |
| 450 SECITEM_FreeArray(ss->certStatusArray, PR_TRUE); |
| 451 ss->certStatusArray = NULL; |
| 452 } |
| 447 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); | 453 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); |
| 448 PORT_Assert(!ss->xtnData.sniNameArr); | 454 PORT_Assert(!ss->xtnData.sniNameArr); |
| 449 if (ss->xtnData.sniNameArr) { | 455 if (ss->xtnData.sniNameArr) { |
| 450 PORT_Free(ss->xtnData.sniNameArr); | 456 PORT_Free(ss->xtnData.sniNameArr); |
| 451 ss->xtnData.sniNameArr = NULL; | 457 ss->xtnData.sniNameArr = NULL; |
| 452 } | 458 } |
| 453 } | 459 } |
| 454 | 460 |
| 455 /* | 461 /* |
| 456 * free an sslSocket struct, and all the stuff that hangs off of it | 462 * free an sslSocket struct, and all the stuff that hangs off of it |
| (...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 828 | 834 |
| 829 case SSL_ENABLE_FALSE_START: | 835 case SSL_ENABLE_FALSE_START: |
| 830 ss->opt.enableFalseStart = on; | 836 ss->opt.enableFalseStart = on; |
| 831 break; | 837 break; |
| 832 | 838 |
| 833 case SSL_CBC_RANDOM_IV: | 839 case SSL_CBC_RANDOM_IV: |
| 834 ss->opt.cbcRandomIV = on; | 840 ss->opt.cbcRandomIV = on; |
| 835 break; | 841 break; |
| 836 | 842 |
| 837 case SSL_ENABLE_OCSP_STAPLING: | 843 case SSL_ENABLE_OCSP_STAPLING: |
| 838 » ss->opt.enableOCSPStapling = on; | 844 ss->opt.enableOCSPStapling = on; |
| 839 » break; | 845 break; |
| 840 | 846 |
| 841 default: | 847 default: |
| 842 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 848 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 843 rv = SECFailure; | 849 rv = SECFailure; |
| 844 } | 850 } |
| 845 | 851 |
| 846 /* We can't use the macros for releasing the locks here, | 852 /* We can't use the macros for releasing the locks here, |
| 847 * because ss->opt.noLocks might have changed just above. | 853 * because ss->opt.noLocks might have changed just above. |
| 848 * We must release these locks (monitors) here, if we aquired them above, | 854 * We must release these locks (monitors) here, if we aquired them above, |
| 849 * regardless of the current value of ss->opt.noLocks. | 855 * regardless of the current value of ss->opt.noLocks. |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 960 break; | 966 break; |
| 961 case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break; | 967 case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break; |
| 962 case SSL_ENABLE_RENEGOTIATION: | 968 case SSL_ENABLE_RENEGOTIATION: |
| 963 on = ssl_defaults.enableRenegotiation; break; | 969 on = ssl_defaults.enableRenegotiation; break; |
| 964 case SSL_REQUIRE_SAFE_NEGOTIATION: | 970 case SSL_REQUIRE_SAFE_NEGOTIATION: |
| 965 on = ssl_defaults.requireSafeNegotiation; | 971 on = ssl_defaults.requireSafeNegotiation; |
| 966 break; | 972 break; |
| 967 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; | 973 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; |
| 968 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; | 974 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; |
| 969 case SSL_ENABLE_OCSP_STAPLING: | 975 case SSL_ENABLE_OCSP_STAPLING: |
| 970 » on = ssl_defaults.enableOCSPStapling; | 976 on = ssl_defaults.enableOCSPStapling; |
| 971 » break; | 977 break; |
| 972 | 978 |
| 973 default: | 979 default: |
| 974 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 980 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 975 rv = SECFailure; | 981 rv = SECFailure; |
| 976 } | 982 } |
| 977 | 983 |
| 978 *pOn = on; | 984 *pOn = on; |
| 979 return rv; | 985 return rv; |
| 980 } | 986 } |
| 981 | 987 |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1126 | 1132 |
| 1127 case SSL_ENABLE_FALSE_START: | 1133 case SSL_ENABLE_FALSE_START: |
| 1128 ssl_defaults.enableFalseStart = on; | 1134 ssl_defaults.enableFalseStart = on; |
| 1129 break; | 1135 break; |
| 1130 | 1136 |
| 1131 case SSL_CBC_RANDOM_IV: | 1137 case SSL_CBC_RANDOM_IV: |
| 1132 ssl_defaults.cbcRandomIV = on; | 1138 ssl_defaults.cbcRandomIV = on; |
| 1133 break; | 1139 break; |
| 1134 | 1140 |
| 1135 case SSL_ENABLE_OCSP_STAPLING: | 1141 case SSL_ENABLE_OCSP_STAPLING: |
| 1136 » ssl_defaults.enableOCSPStapling = on; | 1142 ssl_defaults.enableOCSPStapling = on; |
| 1137 » break; | 1143 break; |
| 1138 | 1144 |
| 1139 default: | 1145 default: |
| 1140 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1146 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1141 return SECFailure; | 1147 return SECFailure; |
| 1142 } | 1148 } |
| 1143 return SECSuccess; | 1149 return SECSuccess; |
| 1144 } | 1150 } |
| 1145 | 1151 |
| 1146 /* function tells us if the cipher suite is one that we no longer support. */ | 1152 /* function tells us if the cipher suite is one that we no longer support. */ |
| 1147 static PRBool | 1153 static PRBool |
| (...skipping 565 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1713 } | 1719 } |
| 1714 ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair); | 1720 ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair); |
| 1715 } | 1721 } |
| 1716 if (sm->ephemeralECDHKeyPair) { | 1722 if (sm->ephemeralECDHKeyPair) { |
| 1717 if (ss->ephemeralECDHKeyPair) { | 1723 if (ss->ephemeralECDHKeyPair) { |
| 1718 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); | 1724 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); |
| 1719 } | 1725 } |
| 1720 ss->ephemeralECDHKeyPair = | 1726 ss->ephemeralECDHKeyPair = |
| 1721 ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair); | 1727 ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair); |
| 1722 } | 1728 } |
| 1729 if (sm->certStatusArray) { |
| 1730 if (ss->certStatusArray) { |
| 1731 SECITEM_FreeArray(ss->certStatusArray, PR_TRUE); |
| 1732 ss->certStatusArray = NULL; |
| 1733 } |
| 1734 ss->certStatusArray = SECITEM_DupArray(NULL, sm->certStatusArray); |
| 1735 } |
| 1723 /* copy trust anchor names */ | 1736 /* copy trust anchor names */ |
| 1724 if (sm->ssl3.ca_list) { | 1737 if (sm->ssl3.ca_list) { |
| 1725 if (ss->ssl3.ca_list) { | 1738 if (ss->ssl3.ca_list) { |
| 1726 CERT_FreeDistNames(ss->ssl3.ca_list); | 1739 CERT_FreeDistNames(ss->ssl3.ca_list); |
| 1727 } | 1740 } |
| 1728 ss->ssl3.ca_list = CERT_DupDistNames(sm->ssl3.ca_list); | 1741 ss->ssl3.ca_list = CERT_DupDistNames(sm->ssl3.ca_list); |
| 1729 if (!ss->ssl3.ca_list) { | 1742 if (!ss->ssl3.ca_list) { |
| 1730 goto loser; | 1743 goto loser; |
| 1731 } | 1744 } |
| 1732 } | 1745 } |
| (...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1902 ssl_GetSSL3HandshakeLock(ss); | 1915 ssl_GetSSL3HandshakeLock(ss); |
| 1903 | 1916 |
| 1904 ss->vrange = *vrange; | 1917 ss->vrange = *vrange; |
| 1905 | 1918 |
| 1906 ssl_ReleaseSSL3HandshakeLock(ss); | 1919 ssl_ReleaseSSL3HandshakeLock(ss); |
| 1907 ssl_Release1stHandshakeLock(ss); | 1920 ssl_Release1stHandshakeLock(ss); |
| 1908 | 1921 |
| 1909 return SECSuccess; | 1922 return SECSuccess; |
| 1910 } | 1923 } |
| 1911 | 1924 |
| 1912 SECStatus | 1925 const SECItemArray * |
| 1913 SSL_GetStapledOCSPResponse(PRFileDesc *fd, unsigned char *out_data, | 1926 SSL_PeerStapledOCSPResponses(PRFileDesc *fd) |
| 1914 » » » unsigned int *len) { | 1927 { |
| 1915 sslSocket *ss = ssl_FindSocket(fd); | 1928 sslSocket *ss = ssl_FindSocket(fd); |
| 1916 | 1929 |
| 1917 if (!ss) { | 1930 if (!ss) { |
| 1918 » SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetStapledOCSPResponse", | 1931 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses", |
| 1919 » » SSL_GETPID(), fd)); | 1932 SSL_GETPID(), fd)); |
| 1920 » return SECFailure; | 1933 return NULL; |
| 1921 } | 1934 } |
| 1922 | 1935 |
| 1923 ssl_Get1stHandshakeLock(ss); | 1936 if (!ss->sec.ci.sid) { |
| 1924 ssl_GetSSL3HandshakeLock(ss); | 1937 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); |
| 1925 | 1938 return NULL; |
| 1926 if (ss->ssl3.hs.cert_status.data) { | |
| 1927 » unsigned int todo = ss->ssl3.hs.cert_status.len; | |
| 1928 » if (todo > *len) | |
| 1929 » todo = *len; | |
| 1930 » *len = ss->ssl3.hs.cert_status.len; | |
| 1931 » PORT_Memcpy(out_data, ss->ssl3.hs.cert_status.data, todo); | |
| 1932 } else { | |
| 1933 » *len = 0; | |
| 1934 } | 1939 } |
| 1935 | 1940 |
| 1936 ssl_ReleaseSSL3HandshakeLock(ss); | 1941 return &ss->sec.ci.sid->peerCertStatus; |
| 1937 ssl_Release1stHandshakeLock(ss); | |
| 1938 | |
| 1939 return SECSuccess; | |
| 1940 } | 1942 } |
| 1941 | 1943 |
| 1942 SECStatus | 1944 SECStatus |
| 1943 SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) { | 1945 SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) { |
| 1944 sslSocket *ss = ssl_FindSocket(fd); | 1946 sslSocket *ss = ssl_FindSocket(fd); |
| 1945 | 1947 |
| 1946 if (!ss) { | 1948 if (!ss) { |
| 1947 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession", | 1949 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession", |
| 1948 SSL_GETPID(), fd)); | 1950 SSL_GETPID(), fd)); |
| 1949 return SECFailure; | 1951 return SECFailure; |
| (...skipping 348 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2298 | 2300 |
| 2299 ss = ssl_GetPrivate(fd); | 2301 ss = ssl_GetPrivate(fd); |
| 2300 if (!ss) { | 2302 if (!ss) { |
| 2301 SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd)); | 2303 SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd)); |
| 2302 return PR_FAILURE; | 2304 return PR_FAILURE; |
| 2303 } | 2305 } |
| 2304 return (PRStatus)(*ss->ops->getsockname)(ss, name); | 2306 return (PRStatus)(*ss->ops->getsockname)(ss, name); |
| 2305 } | 2307 } |
| 2306 | 2308 |
| 2307 SECStatus | 2309 SECStatus |
| 2310 SSL_SetStapledOCSPResponses(PRFileDesc *fd, SECItemArray *responses, |
| 2311 PRBool takeOwnership) |
| 2312 { |
| 2313 sslSocket *ss; |
| 2314 |
| 2315 ss = ssl_FindSocket(fd); |
| 2316 if (!ss) { |
| 2317 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses", |
| 2318 SSL_GETPID(), fd)); |
| 2319 return SECFailure; |
| 2320 } |
| 2321 |
| 2322 if (ss->certStatusArray) { |
| 2323 SECITEM_FreeArray(ss->certStatusArray, PR_TRUE); |
| 2324 ss->certStatusArray = NULL; |
| 2325 } |
| 2326 if (responses) { |
| 2327 if (takeOwnership) { |
| 2328 ss->certStatusArray = responses; |
| 2329 } |
| 2330 else { |
| 2331 ss->certStatusArray = SECITEM_DupArray(NULL, responses); |
| 2332 } |
| 2333 } |
| 2334 return (ss->certStatusArray || !responses) ? SECSuccess : SECFailure; |
| 2335 } |
| 2336 |
| 2337 SECStatus |
| 2308 SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID) | 2338 SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID) |
| 2309 { | 2339 { |
| 2310 sslSocket *ss; | 2340 sslSocket *ss; |
| 2311 | 2341 |
| 2312 ss = ssl_FindSocket(fd); | 2342 ss = ssl_FindSocket(fd); |
| 2313 if (!ss) { | 2343 if (!ss) { |
| 2314 » SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCacheIndex", | 2344 » SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID", |
| 2315 SSL_GETPID(), fd)); | 2345 SSL_GETPID(), fd)); |
| 2316 return SECFailure; | 2346 return SECFailure; |
| 2317 } | 2347 } |
| 2318 | 2348 |
| 2319 if (ss->peerID) { | 2349 if (ss->peerID) { |
| 2320 PORT_Free(ss->peerID); | 2350 PORT_Free(ss->peerID); |
| 2321 ss->peerID = NULL; | 2351 ss->peerID = NULL; |
| 2322 } | 2352 } |
| 2323 if (peerID) | 2353 if (peerID) |
| 2324 ss->peerID = PORT_Strdup(peerID); | 2354 ss->peerID = PORT_Strdup(peerID); |
| (...skipping 535 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2860 ss->sendLock = PZ_NewLock(nssILockSSL); | 2890 ss->sendLock = PZ_NewLock(nssILockSSL); |
| 2861 if (!ss->sendLock) | 2891 if (!ss->sendLock) |
| 2862 goto loser; | 2892 goto loser; |
| 2863 } | 2893 } |
| 2864 return SECSuccess; | 2894 return SECSuccess; |
| 2865 loser: | 2895 loser: |
| 2866 ssl_DestroyLocks(ss); | 2896 ssl_DestroyLocks(ss); |
| 2867 return SECFailure; | 2897 return SECFailure; |
| 2868 } | 2898 } |
| 2869 | 2899 |
| 2870 #if (defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)) && !defined(_WIN
32_WCE) | 2900 #if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) |
| 2871 #define NSS_HAVE_GETENV 1 | 2901 #define NSS_HAVE_GETENV 1 |
| 2872 #endif | 2902 #endif |
| 2873 | 2903 |
| 2874 #define LOWER(x) (x | 0x20) /* cheap ToLower function ignores LOCALE */ | 2904 #define LOWER(x) (x | 0x20) /* cheap ToLower function ignores LOCALE */ |
| 2875 | 2905 |
| 2876 static void | 2906 static void |
| 2877 ssl_SetDefaultsFromEnvironment(void) | 2907 ssl_SetDefaultsFromEnvironment(void) |
| 2878 { | 2908 { |
| 2879 #if defined( NSS_HAVE_GETENV ) | 2909 #if defined( NSS_HAVE_GETENV ) |
| 2880 static int firsttime = 1; | 2910 static int firsttime = 1; |
| (...skipping 19 matching lines...) Expand all Loading... |
| 2900 ev = getenv("SSLDEBUG"); | 2930 ev = getenv("SSLDEBUG"); |
| 2901 if (ev && ev[0]) { | 2931 if (ev && ev[0]) { |
| 2902 ssl_debug = atoi(ev); | 2932 ssl_debug = atoi(ev); |
| 2903 SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); | 2933 SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); |
| 2904 } | 2934 } |
| 2905 #endif /* DEBUG */ | 2935 #endif /* DEBUG */ |
| 2906 ev = getenv("SSLKEYLOGFILE"); | 2936 ev = getenv("SSLKEYLOGFILE"); |
| 2907 if (ev && ev[0]) { | 2937 if (ev && ev[0]) { |
| 2908 ssl_keylog_iob = fopen(ev, "a"); | 2938 ssl_keylog_iob = fopen(ev, "a"); |
| 2909 if (!ssl_keylog_iob) { | 2939 if (!ssl_keylog_iob) { |
| 2910 » » SSL_TRACE(("Failed to open key log file")); | 2940 » » SSL_TRACE(("SSL: failed to open key log file")); |
| 2911 } else { | 2941 } else { |
| 2912 if (ftell(ssl_keylog_iob) == 0) { | 2942 if (ftell(ssl_keylog_iob) == 0) { |
| 2913 fputs("# SSL/TLS secrets log file, generated by NSS\n", | 2943 fputs("# SSL/TLS secrets log file, generated by NSS\n", |
| 2914 ssl_keylog_iob); | 2944 ssl_keylog_iob); |
| 2915 } | 2945 } |
| 2916 SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev)); | 2946 SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev)); |
| 2917 } | 2947 } |
| 2918 } | 2948 } |
| 2919 #ifndef NO_PKCS11_BYPASS | 2949 #ifndef NO_PKCS11_BYPASS |
| 2920 ev = getenv("SSLBYPASS"); | 2950 ev = getenv("SSLBYPASS"); |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2998 for (i=kt_null; i < kt_kea_size; i++) { | 3028 for (i=kt_null; i < kt_kea_size; i++) { |
| 2999 sslServerCerts * sc = ss->serverCerts + i; | 3029 sslServerCerts * sc = ss->serverCerts + i; |
| 3000 sc->serverCert = NULL; | 3030 sc->serverCert = NULL; |
| 3001 sc->serverCertChain = NULL; | 3031 sc->serverCertChain = NULL; |
| 3002 sc->serverKeyPair = NULL; | 3032 sc->serverKeyPair = NULL; |
| 3003 sc->serverKeyBits = 0; | 3033 sc->serverKeyBits = 0; |
| 3004 } | 3034 } |
| 3005 ss->requestedCertTypes = NULL; | 3035 ss->requestedCertTypes = NULL; |
| 3006 ss->stepDownKeyPair = NULL; | 3036 ss->stepDownKeyPair = NULL; |
| 3007 ss->dbHandle = CERT_GetDefaultCertDB(); | 3037 ss->dbHandle = CERT_GetDefaultCertDB(); |
| 3038 ss->certStatusArray = NULL; |
| 3008 | 3039 |
| 3009 /* Provide default implementation of hooks */ | 3040 /* Provide default implementation of hooks */ |
| 3010 ss->authCertificate = SSL_AuthCertificate; | 3041 ss->authCertificate = SSL_AuthCertificate; |
| 3011 ss->authCertificateArg = (void *)ss->dbHandle; | 3042 ss->authCertificateArg = (void *)ss->dbHandle; |
| 3012 ss->sniSocketConfig = NULL; | 3043 ss->sniSocketConfig = NULL; |
| 3013 ss->sniSocketConfigArg = NULL; | 3044 ss->sniSocketConfigArg = NULL; |
| 3014 ss->getClientAuthData = NULL; | 3045 ss->getClientAuthData = NULL; |
| 3015 #ifdef NSS_PLATFORM_CLIENT_AUTH | 3046 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 3016 ss->getPlatformClientAuthData = NULL; | 3047 ss->getPlatformClientAuthData = NULL; |
| 3017 ss->getPlatformClientAuthDataArg = NULL; | 3048 ss->getPlatformClientAuthDataArg = NULL; |
| 3018 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 3049 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 3019 ss->handleBadCert = NULL; | 3050 ss->handleBadCert = NULL; |
| 3020 ss->badCertArg = NULL; | 3051 ss->badCertArg = NULL; |
| 3021 ss->pkcs11PinArg = NULL; | 3052 ss->pkcs11PinArg = NULL; |
| 3053 ss->ephemeralECDHKeyPair = NULL; |
| 3022 ss->getChannelID = NULL; | 3054 ss->getChannelID = NULL; |
| 3023 ss->getChannelIDArg = NULL; | 3055 ss->getChannelIDArg = NULL; |
| 3024 | 3056 |
| 3025 ssl_ChooseOps(ss); | 3057 ssl_ChooseOps(ss); |
| 3026 ssl2_InitSocketPolicy(ss); | 3058 ssl2_InitSocketPolicy(ss); |
| 3027 ssl3_InitSocketPolicy(ss); | 3059 ssl3_InitSocketPolicy(ss); |
| 3028 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); | 3060 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); |
| 3029 | 3061 |
| 3030 if (makeLocks) { | 3062 if (makeLocks) { |
| 3031 status = ssl_MakeLocks(ss); | 3063 status = ssl_MakeLocks(ss); |
| 3032 if (status != SECSuccess) | 3064 if (status != SECSuccess) |
| 3033 goto loser; | 3065 goto loser; |
| 3034 } | 3066 } |
| 3035 status = ssl_CreateSecurityInfo(ss); | 3067 status = ssl_CreateSecurityInfo(ss); |
| 3036 if (status != SECSuccess) | 3068 if (status != SECSuccess) |
| 3037 goto loser; | 3069 goto loser; |
| 3038 status = ssl_InitGather(&ss->gs); | 3070 status = ssl_InitGather(&ss->gs); |
| 3039 if (status != SECSuccess) { | 3071 if (status != SECSuccess) { |
| 3040 loser: | 3072 loser: |
| 3041 ssl_DestroySocketContents(ss); | 3073 ssl_DestroySocketContents(ss); |
| 3042 ssl_DestroyLocks(ss); | 3074 ssl_DestroyLocks(ss); |
| 3043 PORT_Free(ss); | 3075 PORT_Free(ss); |
| 3044 ss = NULL; | 3076 ss = NULL; |
| 3045 } | 3077 } |
| 3046 ss->protocolVariant = protocolVariant; | 3078 ss->protocolVariant = protocolVariant; |
| 3047 } | 3079 } |
| 3048 return ss; | 3080 return ss; |
| 3049 } | 3081 } |
| 3050 | 3082 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14522022:
Update NSS libSSL to NSS_3_15_BETA2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/