OLD | NEW |
---|---|
1 /* | 1 /* |
2 * SSL3 Protocol | 2 * SSL3 Protocol |
3 * | 3 * |
4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
6 * | 6 * |
7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
(...skipping 5639 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5650 ssl_GetRecvBufLock(ss); | 5650 ssl_GetRecvBufLock(ss); |
5651 if (ss->ssl3.hs.msgState.buf != NULL) { | 5651 if (ss->ssl3.hs.msgState.buf != NULL) { |
5652 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); | 5652 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); |
5653 } | 5653 } |
5654 ssl_ReleaseRecvBufLock(ss); | 5654 ssl_ReleaseRecvBufLock(ss); |
5655 } | 5655 } |
5656 } | 5656 } |
5657 return rv; | 5657 return rv; |
5658 } | 5658 } |
5659 | 5659 |
5660 | 5660 PRBool |
5661 ssl3_CanFalseStart(sslSocket *ss) { | |
5662 return ss->opt.enableFalseStart && | |
5663 » !ss->sec.isServer && | |
5664 » !ss->ssl3.hs.isResuming && | |
5665 » ss->ssl3.cwSpec && | |
5666 » ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && | |
5667 » ss->ssl3.hs.kea_def->exchKeyType == kt_rsa; | |
wtc
2010/02/20 00:39:51
I believe you should compare this with ssl_kea_rsa
| |
5668 } | |
5661 | 5669 |
5662 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | 5670 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
5663 * ssl3 Server Hello Done message. | 5671 * ssl3 Server Hello Done message. |
5664 * Caller must hold Handshake and RecvBuf locks. | 5672 * Caller must hold Handshake and RecvBuf locks. |
5665 */ | 5673 */ |
5666 static SECStatus | 5674 static SECStatus |
5667 ssl3_HandleServerHelloDone(sslSocket *ss) | 5675 ssl3_HandleServerHelloDone(sslSocket *ss) |
5668 { | 5676 { |
5669 SECStatus rv; | 5677 SECStatus rv; |
5670 SSL3WaitState ws = ss->ssl3.hs.ws; | 5678 SSL3WaitState ws = ss->ssl3.hs.ws; |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5728 if (rv != SECSuccess) { | 5736 if (rv != SECSuccess) { |
5729 goto loser; /* err code was set. */ | 5737 goto loser; /* err code was set. */ |
5730 } | 5738 } |
5731 | 5739 |
5732 ssl_ReleaseXmitBufLock(ss); /*******************************/ | 5740 ssl_ReleaseXmitBufLock(ss); /*******************************/ |
5733 | 5741 |
5734 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) | 5742 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) |
5735 ss->ssl3.hs.ws = wait_new_session_ticket; | 5743 ss->ssl3.hs.ws = wait_new_session_ticket; |
5736 else | 5744 else |
5737 ss->ssl3.hs.ws = wait_change_cipher; | 5745 ss->ssl3.hs.ws = wait_change_cipher; |
5746 | |
5747 /* Do the handshake callback for sslv3 here. */ | |
5748 if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { | |
5749 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | |
5750 } | |
5751 | |
5738 return SECSuccess; | 5752 return SECSuccess; |
5739 | 5753 |
5740 loser: | 5754 loser: |
5741 ssl_ReleaseXmitBufLock(ss); | 5755 ssl_ReleaseXmitBufLock(ss); |
5742 return rv; | 5756 return rv; |
5743 } | 5757 } |
5744 | 5758 |
5745 /* | 5759 /* |
5746 * Routines used by servers | 5760 * Routines used by servers |
5747 */ | 5761 */ |
(...skipping 2754 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8502 /* If the wrap failed, we don't cache the sid. | 8516 /* If the wrap failed, we don't cache the sid. |
8503 * The connection continues normally however. | 8517 * The connection continues normally however. |
8504 */ | 8518 */ |
8505 if (rv == SECSuccess) { | 8519 if (rv == SECSuccess) { |
8506 (*ss->sec.cache)(sid); | 8520 (*ss->sec.cache)(sid); |
8507 } | 8521 } |
8508 } | 8522 } |
8509 ss->ssl3.hs.ws = idle_handshake; | 8523 ss->ssl3.hs.ws = idle_handshake; |
8510 | 8524 |
8511 /* Do the handshake callback for sslv3 here. */ | 8525 /* Do the handshake callback for sslv3 here. */ |
8512 if (ss->handshakeCallback != NULL) { | 8526 if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { |
8513 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | 8527 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
8514 } | 8528 } |
8515 | 8529 |
8516 return SECSuccess; | 8530 return SECSuccess; |
8517 } | 8531 } |
8518 | 8532 |
8519 /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3 | 8533 /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3 |
8520 * hanshake message. | 8534 * hanshake message. |
8521 * Caller must hold Handshake and RecvBuf locks. | 8535 * Caller must hold Handshake and RecvBuf locks. |
8522 */ | 8536 */ |
(...skipping 976 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9499 | 9513 |
9500 ss->ssl3.initialized = PR_FALSE; | 9514 ss->ssl3.initialized = PR_FALSE; |
9501 | 9515 |
9502 if (ss->ssl3.nextProto.data) { | 9516 if (ss->ssl3.nextProto.data) { |
9503 PORT_Free(ss->ssl3.nextProto.data); | 9517 PORT_Free(ss->ssl3.nextProto.data); |
9504 ss->ssl3.nextProto.data = NULL; | 9518 ss->ssl3.nextProto.data = NULL; |
9505 } | 9519 } |
9506 } | 9520 } |
9507 | 9521 |
9508 /* End of ssl3con.c */ | 9522 /* End of ssl3con.c */ |
OLD | NEW |