OLD | NEW |
1 /* | 1 /* |
2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
4 * Various other functions. | 4 * Various other functions. |
5 * | 5 * |
6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
9 /* $Id$ */ | 9 /* $Id$ */ |
10 #include "seccomon.h" | 10 #include "seccomon.h" |
(...skipping 778 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
789 if (on) | 789 if (on) |
790 SSL_DisableExportCipherSuites(fd); | 790 SSL_DisableExportCipherSuites(fd); |
791 break; | 791 break; |
792 | 792 |
793 case SSL_BYPASS_PKCS11: | 793 case SSL_BYPASS_PKCS11: |
794 if (ss->handshakeBegun) { | 794 if (ss->handshakeBegun) { |
795 PORT_SetError(PR_INVALID_STATE_ERROR); | 795 PORT_SetError(PR_INVALID_STATE_ERROR); |
796 rv = SECFailure; | 796 rv = SECFailure; |
797 } else { | 797 } else { |
798 if (PR_FALSE != on) { | 798 if (PR_FALSE != on) { |
799 /* PKCS#11 bypass is not supported with TLS 1.2. */ | 799 if (PR_SUCCESS == SSL_BypassSetup() ) { |
800 if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) { | |
801 ss->opt.bypassPKCS11 = PR_FALSE; | |
802 } else if (PR_SUCCESS == SSL_BypassSetup() ) { | |
803 #ifdef NO_PKCS11_BYPASS | 800 #ifdef NO_PKCS11_BYPASS |
804 ss->opt.bypassPKCS11 = PR_FALSE; | 801 ss->opt.bypassPKCS11 = PR_FALSE; |
805 #else | 802 #else |
806 ss->opt.bypassPKCS11 = on; | 803 ss->opt.bypassPKCS11 = on; |
807 #endif | 804 #endif |
808 } else { | 805 } else { |
809 rv = SECFailure; | 806 rv = SECFailure; |
810 } | 807 } |
811 } else { | 808 } else { |
812 ss->opt.bypassPKCS11 = PR_FALSE; | 809 ss->opt.bypassPKCS11 = PR_FALSE; |
(...skipping 1144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1957 /* If the user requested a minimum version of 1.2, then we don't | 1954 /* If the user requested a minimum version of 1.2, then we don't |
1958 * silently downgrade. */ | 1955 * silently downgrade. */ |
1959 if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) { | 1956 if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) { |
1960 ssl_ReleaseSSL3HandshakeLock(ss); | 1957 ssl_ReleaseSSL3HandshakeLock(ss); |
1961 ssl_Release1stHandshakeLock(ss); | 1958 ssl_Release1stHandshakeLock(ss); |
1962 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); | 1959 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); |
1963 return SECFailure; | 1960 return SECFailure; |
1964 } | 1961 } |
1965 ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1; | 1962 ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1; |
1966 } | 1963 } |
1967 /* PKCS#11 bypass is not supported with TLS 1.2. */ | |
1968 if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) { | |
1969 ss->opt.bypassPKCS11 = PR_FALSE; | |
1970 } | |
1971 | 1964 |
1972 ssl_ReleaseSSL3HandshakeLock(ss); | 1965 ssl_ReleaseSSL3HandshakeLock(ss); |
1973 ssl_Release1stHandshakeLock(ss); | 1966 ssl_Release1stHandshakeLock(ss); |
1974 | 1967 |
1975 return SECSuccess; | 1968 return SECSuccess; |
1976 } | 1969 } |
1977 | 1970 |
1978 const SECItemArray * | 1971 const SECItemArray * |
1979 SSL_PeerStapledOCSPResponses(PRFileDesc *fd) | 1972 SSL_PeerStapledOCSPResponses(PRFileDesc *fd) |
1980 { | 1973 { |
(...skipping 1145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3126 ssl_DestroySocketContents(ss); | 3119 ssl_DestroySocketContents(ss); |
3127 ssl_DestroyLocks(ss); | 3120 ssl_DestroyLocks(ss); |
3128 PORT_Free(ss); | 3121 PORT_Free(ss); |
3129 ss = NULL; | 3122 ss = NULL; |
3130 } | 3123 } |
3131 ss->protocolVariant = protocolVariant; | 3124 ss->protocolVariant = protocolVariant; |
3132 } | 3125 } |
3133 return ss; | 3126 return ss; |
3134 } | 3127 } |
3135 | 3128 |
OLD | NEW |