Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(51)

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 6413010: Allow the SSL session cache on Win/Mac to be used even after a client cert key is removed (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 1994 matching lines...) Expand 10 before | Expand all | Expand 10 after
2005 if (rv != SECSuccess) { 2005 if (rv != SECSuccess) {
2006 rv = SECFailure; 2006 rv = SECFailure;
2007 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); 2007 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
2008 } 2008 }
2009 return rv; 2009 return rv;
2010 } 2010 }
2011 2011
2012 static PRBool 2012 static PRBool
2013 ssl3_ClientAuthTokenPresent(sslSessionID *sid) { 2013 ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
2014 #ifdef NSS_PLATFORM_CLIENT_AUTH 2014 #ifdef NSS_PLATFORM_CLIENT_AUTH
2015 if (!sid || !sid->u.ssl3.clPlatformAuthValid) { 2015 return PR_TRUE;
wtc 2011/02/06 03:02:31 It would be nice to document the consequence of re
wtc 2011/02/06 16:29:44 rsleevi: thank you for looking up the NSS bug. It
2016 » return PR_TRUE;
2017 }
2018 return ssl_PlatformAuthTokenPresent(&sid->u.ssl3.clPlatformAuthInfo);
2019 #else 2016 #else
2020 PK11SlotInfo *slot = NULL; 2017 PK11SlotInfo *slot = NULL;
2021 PRBool isPresent = PR_TRUE; 2018 PRBool isPresent = PR_TRUE;
2022 2019
2023 /* we only care if we are doing client auth */ 2020 /* we only care if we are doing client auth */
2024 if (!sid || !sid->u.ssl3.clAuthValid) { 2021 if (!sid || !sid->u.ssl3.clAuthValid) {
2025 return PR_TRUE; 2022 return PR_TRUE;
2026 } 2023 }
2027 2024
2028 /* get the slot */ 2025 /* get the slot */
2029 slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID, 2026 slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID,
2030 sid->u.ssl3.clAuthSlotID); 2027 sid->u.ssl3.clAuthSlotID);
2031 if (slot == NULL || 2028 if (slot == NULL ||
2032 !PK11_IsPresent(slot) || 2029 !PK11_IsPresent(slot) ||
wtc 2011/02/06 16:34:13 What I meant by the lib/pk11wrap layer of NSS is t
2033 sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) || 2030 sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) ||
2034 sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) || 2031 sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) ||
2035 sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) || 2032 sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) ||
2036 (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) { 2033 (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) {
2037 isPresent = PR_FALSE; 2034 isPresent = PR_FALSE;
2038 } 2035 }
2039 if (slot) { 2036 if (slot) {
2040 PK11_FreeSlot(slot); 2037 PK11_FreeSlot(slot);
2041 } 2038 }
2042 return isPresent; 2039 return isPresent;
(...skipping 2787 matching lines...) Expand 10 before | Expand all | Expand 10 after
4830 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.pwSpec, &hashes, 0); 4827 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.pwSpec, &hashes, 0);
4831 ssl_ReleaseSpecReadLock(ss); 4828 ssl_ReleaseSpecReadLock(ss);
4832 if (rv != SECSuccess) { 4829 if (rv != SECSuccess) {
4833 goto done; /* err code was set by ssl3_ComputeHandshakeHashes */ 4830 goto done; /* err code was set by ssl3_ComputeHandshakeHashes */
4834 } 4831 }
4835 4832
4836 isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); 4833 isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
4837 #ifdef NSS_PLATFORM_CLIENT_AUTH 4834 #ifdef NSS_PLATFORM_CLIENT_AUTH
4838 rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey, 4835 rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey,
4839 &buf, isTLS); 4836 &buf, isTLS);
4840 if (rv == SECSuccess) {
4841 sslSessionID * sid = ss->sec.ci.sid;
4842 ssl_GetPlatformAuthInfoForKey(ss->ssl3.platformClientKey,
4843 &sid->u.ssl3.clPlatformAuthInfo);
4844 sid->u.ssl3.clPlatformAuthValid = PR_TRUE;
4845 }
4846 ssl_FreePlatformKey(ss->ssl3.platformClientKey); 4837 ssl_FreePlatformKey(ss->ssl3.platformClientKey);
4847 ss->ssl3.platformClientKey = (PlatformKey)NULL; 4838 ss->ssl3.platformClientKey = (PlatformKey)NULL;
4848 #else /* NSS_PLATFORM_CLIENT_AUTH */ 4839 #else /* NSS_PLATFORM_CLIENT_AUTH */
4849 rv = ssl3_SignHashes(&hashes, ss->ssl3.clientPrivateKey, &buf, isTLS); 4840 rv = ssl3_SignHashes(&hashes, ss->ssl3.clientPrivateKey, &buf, isTLS);
4850 if (rv == SECSuccess) { 4841 if (rv == SECSuccess) {
4851 PK11SlotInfo * slot; 4842 PK11SlotInfo * slot;
4852 sslSessionID * sid = ss->sec.ci.sid; 4843 sslSessionID * sid = ss->sec.ci.sid;
4853 4844
4854 /* Remember the info about the slot that did the signing. 4845 /* Remember the info about the slot that did the signing.
4855 ** Later, when doing an SSL restart handshake, verify this. 4846 ** Later, when doing an SSL restart handshake, verify this.
(...skipping 5031 matching lines...) Expand 10 before | Expand all | Expand 10 after
9887 9878
9888 ss->ssl3.initialized = PR_FALSE; 9879 ss->ssl3.initialized = PR_FALSE;
9889 9880
9890 if (ss->ssl3.nextProto.data) { 9881 if (ss->ssl3.nextProto.data) {
9891 PORT_Free(ss->ssl3.nextProto.data); 9882 PORT_Free(ss->ssl3.nextProto.data);
9892 ss->ssl3.nextProto.data = NULL; 9883 ss->ssl3.nextProto.data = NULL;
9893 } 9884 }
9894 } 9885 }
9895 9886
9896 /* End of ssl3con.c */ 9887 /* End of ssl3con.c */
OLDNEW
« no previous file with comments | « no previous file | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698