| OLD | NEW |
| 1 /* | 1 /* |
| 2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
| 3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
| 4 * Various other functions. | 4 * Various other functions. |
| 5 * | 5 * |
| 6 * ***** BEGIN LICENSE BLOCK ***** | 6 * ***** BEGIN LICENSE BLOCK ***** |
| 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 8 * | 8 * |
| 9 * The contents of this file are subject to the Mozilla Public License Version | 9 * The contents of this file are subject to the Mozilla Public License Version |
| 10 * 1.1 (the "License"); you may not use this file except in compliance with | 10 * 1.1 (the "License"); you may not use this file except in compliance with |
| (...skipping 22 matching lines...) Expand all Loading... |
| 33 * in which case the provisions of the GPL or the LGPL are applicable instead | 33 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 34 * of those above. If you wish to allow use of your version of this file only | 34 * of those above. If you wish to allow use of your version of this file only |
| 35 * under the terms of either the GPL or the LGPL, and not to allow others to | 35 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 36 * use your version of this file under the terms of the MPL, indicate your | 36 * use your version of this file under the terms of the MPL, indicate your |
| 37 * decision by deleting the provisions above and replace them with the notice | 37 * decision by deleting the provisions above and replace them with the notice |
| 38 * and other provisions required by the GPL or the LGPL. If you do not delete | 38 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 39 * the provisions above, a recipient may use your version of this file under | 39 * the provisions above, a recipient may use your version of this file under |
| 40 * the terms of any one of the MPL, the GPL or the LGPL. | 40 * the terms of any one of the MPL, the GPL or the LGPL. |
| 41 * | 41 * |
| 42 * ***** END LICENSE BLOCK ***** */ | 42 * ***** END LICENSE BLOCK ***** */ |
| 43 /* $Id: sslsock.c,v 1.64 2010/01/28 06:19:13 nelson%bolyard.com Exp $ */ | 43 /* $Id: sslsock.c,v 1.67 2010/04/25 23:37:38 nelson%bolyard.com Exp $ */ |
| 44 #include "seccomon.h" | 44 #include "seccomon.h" |
| 45 #include "cert.h" | 45 #include "cert.h" |
| 46 #include "keyhi.h" | 46 #include "keyhi.h" |
| 47 #include "ssl.h" | 47 #include "ssl.h" |
| 48 #include "sslimpl.h" | 48 #include "sslimpl.h" |
| 49 #include "sslproto.h" | 49 #include "sslproto.h" |
| 50 #include "nspr.h" | 50 #include "nspr.h" |
| 51 #include "private/pprio.h" | 51 #include "private/pprio.h" |
| 52 #include "blapi.h" | 52 #include "blapi.h" |
| 53 #include "nss.h" | 53 #include "nss.h" |
| (...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 322 ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; | 322 ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; |
| 323 if (oc->serverKeyPair && !sc->serverKeyPair) | 323 if (oc->serverKeyPair && !sc->serverKeyPair) |
| 324 goto loser; | 324 goto loser; |
| 325 sc->serverKeyBits = oc->serverKeyBits; | 325 sc->serverKeyBits = oc->serverKeyBits; |
| 326 } | 326 } |
| 327 ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : | 327 ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : |
| 328 ssl3_GetKeyPairRef(os->stepDownKeyPair); | 328 ssl3_GetKeyPairRef(os->stepDownKeyPair); |
| 329 ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : | 329 ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : |
| 330 ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); | 330 ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); |
| 331 /* | 331 /* |
| 332 * XXX the preceeding CERT_ and SECKEY_ functions can fail and return NULL. | 332 * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL. |
| 333 * XXX We should detect this, and not just march on with NULL pointers. | 333 * XXX We should detect this, and not just march on with NULL pointers. |
| 334 */ | 334 */ |
| 335 ss->authCertificate = os->authCertificate; | 335 ss->authCertificate = os->authCertificate; |
| 336 ss->authCertificateArg = os->authCertificateArg; | 336 ss->authCertificateArg = os->authCertificateArg; |
| 337 ss->getClientAuthData = os->getClientAuthData; | 337 ss->getClientAuthData = os->getClientAuthData; |
| 338 ss->getClientAuthDataArg = os->getClientAuthDataArg; | 338 ss->getClientAuthDataArg = os->getClientAuthDataArg; |
| 339 ss->sniSocketConfig = os->sniSocketConfig; | 339 ss->sniSocketConfig = os->sniSocketConfig; |
| 340 ss->sniSocketConfigArg = os->sniSocketConfigArg; | 340 ss->sniSocketConfigArg = os->sniSocketConfigArg; |
| 341 ss->handleBadCert = os->handleBadCert; | 341 ss->handleBadCert = os->handleBadCert; |
| 342 ss->badCertArg = os->badCertArg; | 342 ss->badCertArg = os->badCertArg; |
| (...skipping 2040 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2383 ssl_defaults.noLocks = 0; | 2383 ssl_defaults.noLocks = 0; |
| 2384 strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. "); | 2384 strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. "); |
| 2385 SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks)); | 2385 SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks)); |
| 2386 } | 2386 } |
| 2387 ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION"); | 2387 ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION"); |
| 2388 if (ev) { | 2388 if (ev) { |
| 2389 if (ev[0] == '1' || LOWER(ev[0]) == 'u') | 2389 if (ev[0] == '1' || LOWER(ev[0]) == 'u') |
| 2390 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED; | 2390 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED; |
| 2391 else if (ev[0] == '0' || LOWER(ev[0]) == 'n') | 2391 else if (ev[0] == '0' || LOWER(ev[0]) == 'n') |
| 2392 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER; | 2392 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER; |
| 2393 » else if (ev[0] == '3' || LOWER(ev[0]) == 'c') | 2393 » else if (ev[0] == '2' || LOWER(ev[0]) == 'r') |
| 2394 » » ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_CLIENT_ONLY; | 2394 » » ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN; |
| 2395 » else | 2395 » else if (ev[0] == '3' || LOWER(ev[0]) == 't') |
| 2396 » » ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN; | 2396 » » ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL; |
| 2397 SSL_TRACE(("SSL: enableRenegotiation set to %d", | 2397 SSL_TRACE(("SSL: enableRenegotiation set to %d", |
| 2398 ssl_defaults.enableRenegotiation)); | 2398 ssl_defaults.enableRenegotiation)); |
| 2399 } | 2399 } |
| 2400 ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION"); | 2400 ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION"); |
| 2401 if (ev && ev[0] == '1') { | 2401 if (ev && ev[0] == '1') { |
| 2402 ssl_defaults.requireSafeNegotiation = PR_TRUE; | 2402 ssl_defaults.requireSafeNegotiation = PR_TRUE; |
| 2403 SSL_TRACE(("SSL: requireSafeNegotiation set to %d", | 2403 SSL_TRACE(("SSL: requireSafeNegotiation set to %d", |
| 2404 PR_TRUE)); | 2404 PR_TRUE)); |
| 2405 } | 2405 } |
| 2406 } | 2406 } |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2467 loser: | 2467 loser: |
| 2468 ssl_DestroySocketContents(ss); | 2468 ssl_DestroySocketContents(ss); |
| 2469 ssl_DestroyLocks(ss); | 2469 ssl_DestroyLocks(ss); |
| 2470 PORT_Free(ss); | 2470 PORT_Free(ss); |
| 2471 ss = NULL; | 2471 ss = NULL; |
| 2472 } | 2472 } |
| 2473 } | 2473 } |
| 2474 return ss; | 2474 return ss; |
| 2475 } | 2475 } |
| 2476 | 2476 |
| OLD | NEW |