Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(336)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslsock.c

Issue 17109007: Miscellaneous cleanup of TLS 1.2 code. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Make error handling in ssl3_InitHandshakeHashes more uniform. Include the patch file. Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * vtables (and methods that call through them) for the 4 types of 2 * vtables (and methods that call through them) for the 4 types of
3 * SSLSockets supported. Only one type is still supported. 3 * SSLSockets supported. Only one type is still supported.
4 * Various other functions. 4 * Various other functions.
5 * 5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public 6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * License, v. 2.0. If a copy of the MPL was not distributed with this
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
9 /* $Id$ */ 9 /* $Id$ */
10 #include "seccomon.h" 10 #include "seccomon.h"
(...skipping 778 matching lines...) Expand 10 before | Expand all | Expand 10 after
789 if (on) 789 if (on)
790 SSL_DisableExportCipherSuites(fd); 790 SSL_DisableExportCipherSuites(fd);
791 break; 791 break;
792 792
793 case SSL_BYPASS_PKCS11: 793 case SSL_BYPASS_PKCS11:
794 if (ss->handshakeBegun) { 794 if (ss->handshakeBegun) {
795 PORT_SetError(PR_INVALID_STATE_ERROR); 795 PORT_SetError(PR_INVALID_STATE_ERROR);
796 rv = SECFailure; 796 rv = SECFailure;
797 } else { 797 } else {
798 if (PR_FALSE != on) { 798 if (PR_FALSE != on) {
799 /* PKCS#11 bypass is not supported with TLS 1.2. */ 799 if (PR_SUCCESS == SSL_BypassSetup() ) {
800 if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) {
801 ss->opt.bypassPKCS11 = PR_FALSE;
802 } else if (PR_SUCCESS == SSL_BypassSetup() ) {
803 #ifdef NO_PKCS11_BYPASS 800 #ifdef NO_PKCS11_BYPASS
804 ss->opt.bypassPKCS11 = PR_FALSE; 801 ss->opt.bypassPKCS11 = PR_FALSE;
805 #else 802 #else
806 ss->opt.bypassPKCS11 = on; 803 ss->opt.bypassPKCS11 = on;
807 #endif 804 #endif
808 } else { 805 } else {
809 rv = SECFailure; 806 rv = SECFailure;
810 } 807 }
811 } else { 808 } else {
812 ss->opt.bypassPKCS11 = PR_FALSE; 809 ss->opt.bypassPKCS11 = PR_FALSE;
(...skipping 1144 matching lines...) Expand 10 before | Expand all | Expand 10 after
1957 /* If the user requested a minimum version of 1.2, then we don't 1954 /* If the user requested a minimum version of 1.2, then we don't
1958 * silently downgrade. */ 1955 * silently downgrade. */
1959 if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) { 1956 if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) {
1960 ssl_ReleaseSSL3HandshakeLock(ss); 1957 ssl_ReleaseSSL3HandshakeLock(ss);
1961 ssl_Release1stHandshakeLock(ss); 1958 ssl_Release1stHandshakeLock(ss);
1962 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); 1959 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
1963 return SECFailure; 1960 return SECFailure;
1964 } 1961 }
1965 ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1; 1962 ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1;
1966 } 1963 }
1967 /* PKCS#11 bypass is not supported with TLS 1.2. */
1968 if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) {
1969 ss->opt.bypassPKCS11 = PR_FALSE;
1970 }
1971 1964
1972 ssl_ReleaseSSL3HandshakeLock(ss); 1965 ssl_ReleaseSSL3HandshakeLock(ss);
1973 ssl_Release1stHandshakeLock(ss); 1966 ssl_Release1stHandshakeLock(ss);
1974 1967
1975 return SECSuccess; 1968 return SECSuccess;
1976 } 1969 }
1977 1970
1978 const SECItemArray * 1971 const SECItemArray *
1979 SSL_PeerStapledOCSPResponses(PRFileDesc *fd) 1972 SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
1980 { 1973 {
(...skipping 1145 matching lines...) Expand 10 before | Expand all | Expand 10 after
3126 ssl_DestroySocketContents(ss); 3119 ssl_DestroySocketContents(ss);
3127 ssl_DestroyLocks(ss); 3120 ssl_DestroyLocks(ss);
3128 PORT_Free(ss); 3121 PORT_Free(ss);
3129 ss = NULL; 3122 ss = NULL;
3130 } 3123 }
3131 ss->protocolVariant = protocolVariant; 3124 ss->protocolVariant = protocolVariant;
3132 } 3125 }
3133 return ss; 3126 return ss;
3134 } 3127 }
3135 3128
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698