OLD | NEW |
1 /* | 1 /* |
2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
4 * Various other functions. | 4 * Various other functions. |
5 * | 5 * |
6 * ***** BEGIN LICENSE BLOCK ***** | 6 * ***** BEGIN LICENSE BLOCK ***** |
7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
8 * | 8 * |
9 * The contents of this file are subject to the Mozilla Public License Version | 9 * The contents of this file are subject to the Mozilla Public License Version |
10 * 1.1 (the "License"); you may not use this file except in compliance with | 10 * 1.1 (the "License"); you may not use this file except in compliance with |
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
156 ssl_SecureRead, | 156 ssl_SecureRead, |
157 ssl_SecureWrite, | 157 ssl_SecureWrite, |
158 ssl_DefGetpeername, | 158 ssl_DefGetpeername, |
159 ssl_DefGetsockname | 159 ssl_DefGetsockname |
160 }; | 160 }; |
161 | 161 |
162 /* | 162 /* |
163 ** default settings for socket enables | 163 ** default settings for socket enables |
164 */ | 164 */ |
165 static sslOptions ssl_defaults = { | 165 static sslOptions ssl_defaults = { |
| 166 { siBuffer, NULL, 0 }, /* nextProtoNego */ |
166 PR_TRUE, /* useSecurity */ | 167 PR_TRUE, /* useSecurity */ |
167 PR_FALSE, /* useSocks */ | 168 PR_FALSE, /* useSocks */ |
168 PR_FALSE, /* requestCertificate */ | 169 PR_FALSE, /* requestCertificate */ |
169 2, /* requireCertificate */ | 170 2, /* requireCertificate */ |
170 PR_FALSE, /* handshakeAsClient */ | 171 PR_FALSE, /* handshakeAsClient */ |
171 PR_FALSE, /* handshakeAsServer */ | 172 PR_FALSE, /* handshakeAsServer */ |
172 PR_TRUE, /* enableSSL2 */ | 173 PR_TRUE, /* enableSSL2 */ |
173 PR_TRUE, /* enableSSL3 */ | 174 PR_TRUE, /* enableSSL3 */ |
174 PR_TRUE, /* enableTLS */ /* now defaults to on in NSS 3.0 */ | 175 PR_TRUE, /* enableTLS */ /* now defaults to on in NSS 3.0 */ |
175 PR_FALSE, /* noCache */ | 176 PR_FALSE, /* noCache */ |
(...skipping 251 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
427 ssl3_FreeKeyPair(sc->serverKeyPair); | 428 ssl3_FreeKeyPair(sc->serverKeyPair); |
428 } | 429 } |
429 if (ss->stepDownKeyPair) { | 430 if (ss->stepDownKeyPair) { |
430 ssl3_FreeKeyPair(ss->stepDownKeyPair); | 431 ssl3_FreeKeyPair(ss->stepDownKeyPair); |
431 ss->stepDownKeyPair = NULL; | 432 ss->stepDownKeyPair = NULL; |
432 } | 433 } |
433 if (ss->ephemeralECDHKeyPair) { | 434 if (ss->ephemeralECDHKeyPair) { |
434 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); | 435 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); |
435 ss->ephemeralECDHKeyPair = NULL; | 436 ss->ephemeralECDHKeyPair = NULL; |
436 } | 437 } |
| 438 if (ss->opt.nextProtoNego.data) { |
| 439 PORT_Free(ss->opt.nextProtoNego.data); |
| 440 ss->opt.nextProtoNego.data = NULL; |
| 441 } |
437 } | 442 } |
438 | 443 |
439 /* | 444 /* |
440 * free an sslSocket struct, and all the stuff that hangs off of it | 445 * free an sslSocket struct, and all the stuff that hangs off of it |
441 */ | 446 */ |
442 void | 447 void |
443 ssl_FreeSocket(sslSocket *ss) | 448 ssl_FreeSocket(sslSocket *ss) |
444 { | 449 { |
445 #ifdef DEBUG | 450 #ifdef DEBUG |
446 sslSocket *fs; | 451 sslSocket *fs; |
(...skipping 793 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1240 #ifdef _WIN32 | 1245 #ifdef _WIN32 |
1241 PR_Sleep(PR_INTERVAL_NO_WAIT); /* workaround NT winsock connect bug. */ | 1246 PR_Sleep(PR_INTERVAL_NO_WAIT); /* workaround NT winsock connect bug. */ |
1242 #endif | 1247 #endif |
1243 ns = ssl_FindSocket(fd); | 1248 ns = ssl_FindSocket(fd); |
1244 PORT_Assert(ns); | 1249 PORT_Assert(ns); |
1245 if (ns) | 1250 if (ns) |
1246 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr)); | 1251 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr)); |
1247 return fd; | 1252 return fd; |
1248 } | 1253 } |
1249 | 1254 |
| 1255 /* SSL_SetNextProtoNego sets the list of supported protocols for the given |
| 1256 * socket. The list is a series of 8-bit, length prefixed strings. */ |
| 1257 SECStatus |
| 1258 SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data, |
| 1259 unsigned short length) |
| 1260 { |
| 1261 sslSocket *ss = ssl_FindSocket(fd); |
| 1262 |
| 1263 if (!ss) { |
| 1264 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", SSL_GETPID()
, |
| 1265 fd)); |
| 1266 return SECFailure; |
| 1267 } |
| 1268 |
| 1269 if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess) |
| 1270 return SECFailure; |
| 1271 |
| 1272 ssl_GetSSL3HandshakeLock(ss); |
| 1273 if (ss->opt.nextProtoNego.data) |
| 1274 PORT_Free(ss->opt.nextProtoNego.data); |
| 1275 ss->opt.nextProtoNego.data = PORT_Alloc(length); |
| 1276 if (!ss->opt.nextProtoNego.data) { |
| 1277 ssl_ReleaseSSL3HandshakeLock(ss); |
| 1278 return SECFailure; |
| 1279 } |
| 1280 memcpy(ss->opt.nextProtoNego.data, data, length); |
| 1281 ss->opt.nextProtoNego.len = length; |
| 1282 ss->opt.nextProtoNego.type = siBuffer; |
| 1283 ssl_ReleaseSSL3HandshakeLock(ss); |
| 1284 |
| 1285 return SECSuccess; |
| 1286 } |
| 1287 |
| 1288 /* SSL_GetNextProto reads the resulting Next Protocol Negotiation result for |
| 1289 * the given socket. It's only valid to call this once the handshake has |
| 1290 * completed. |
| 1291 * |
| 1292 * state is set to one of the SSL_NEXT_PROTO_* constants. The negotiated |
| 1293 * protocol, if any, is written into buf, which must be at least buf_len |
| 1294 * bytes long. If the negotiated protocol is longer than this, it is truncated. |
| 1295 * The number of bytes copied is written into length. |
| 1296 */ |
| 1297 SECStatus |
| 1298 SSL_GetNextProto(PRFileDesc *fd, int *state, unsigned char *buf, |
| 1299 unsigned int *length, unsigned int buf_len) |
| 1300 { |
| 1301 sslSocket *ss = ssl_FindSocket(fd); |
| 1302 |
| 1303 if (!ss) { |
| 1304 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(), |
| 1305 fd)); |
| 1306 return SECFailure; |
| 1307 } |
| 1308 |
| 1309 *state = ss->ssl3.nextProtoState; |
| 1310 |
| 1311 if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT && |
| 1312 ss->ssl3.nextProto.data) { |
| 1313 *length = ss->ssl3.nextProto.len; |
| 1314 if (*length > buf_len) |
| 1315 *length = buf_len; |
| 1316 PORT_Memcpy(buf, ss->ssl3.nextProto.data, *length); |
| 1317 } else { |
| 1318 *length = 0; |
| 1319 } |
| 1320 |
| 1321 return SECSuccess; |
| 1322 } |
| 1323 |
1250 /************************************************************************/ | 1324 /************************************************************************/ |
1251 /* The following functions are the TOP LEVEL SSL functions. | 1325 /* The following functions are the TOP LEVEL SSL functions. |
1252 ** They all get called through the NSPRIOMethods table below. | 1326 ** They all get called through the NSPRIOMethods table below. |
1253 */ | 1327 */ |
1254 | 1328 |
1255 static PRFileDesc * PR_CALLBACK | 1329 static PRFileDesc * PR_CALLBACK |
1256 ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout) | 1330 ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout) |
1257 { | 1331 { |
1258 sslSocket *ss; | 1332 sslSocket *ss; |
1259 sslSocket *ns = NULL; | 1333 sslSocket *ns = NULL; |
(...skipping 997 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2257 loser: | 2331 loser: |
2258 ssl_DestroySocketContents(ss); | 2332 ssl_DestroySocketContents(ss); |
2259 ssl_DestroyLocks(ss); | 2333 ssl_DestroyLocks(ss); |
2260 PORT_Free(ss); | 2334 PORT_Free(ss); |
2261 ss = NULL; | 2335 ss = NULL; |
2262 } | 2336 } |
2263 } | 2337 } |
2264 return ss; | 2338 return ss; |
2265 } | 2339 } |
2266 | 2340 |
OLD | NEW |