Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(316)

Unified Diff: net/third_party/nss/ssl/sslcon.c

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/ssl/sslauth.c ('k') | net/third_party/nss/ssl/sslerr.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/sslcon.c
===================================================================
--- net/third_party/nss/ssl/sslcon.c (revision 124804)
+++ net/third_party/nss/ssl/sslcon.c (working copy)
@@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslcon.c,v 1.40 2010/04/25 23:37:38 nelson%bolyard.com Exp $ */
+/* $Id: sslcon.c,v 1.45 2011/11/19 21:58:21 bsmith%mozilla.com Exp $ */
#include "nssrenam.h"
#include "cert.h"
@@ -518,7 +518,6 @@
* ssl2_HandleMessage() <- ssl_Do1stHandshake()
* ssl2_HandleServerHelloMessage() <- ssl_Do1stHandshake()
after ssl2_BeginClientHandshake()
- * ssl2_RestartHandshakeAfterCertReq() <- Called from certdlgs.c in nav.
* ssl2_HandleClientHelloMessage() <- ssl_Do1stHandshake()
after ssl2_BeginServerHandshake()
*
@@ -765,7 +764,6 @@
}
/* Called from ssl2_HandleRequestCertificate() <- ssl2_HandleMessage()
- * ssl2_RestartHandshakeAfterCertReq() <- (application)
* Acquires and releases the socket's xmitBufLock.
*/
static int
@@ -1177,7 +1175,6 @@
/*
** Called from: ssl2_HandleServerHelloMessage,
** ssl2_HandleClientSessionKeyMessage,
-** ssl2_RestartHandshakeAfterServerCert,
** ssl2_HandleClientHelloMessage,
**
*/
@@ -1237,9 +1234,7 @@
* ssl2_HandleServerHelloMessage
* ssl2_BeginClientHandshake
* ssl2_HandleClientSessionKeyMessage
- * ssl2_RestartHandshakeAfterCertReq
* ssl3_RestartHandshakeAfterCertReq
- * ssl2_RestartHandshakeAfterServerCert
* ssl3_RestartHandshakeAfterServerCert
* ssl2_HandleClientHelloMessage
* ssl2_BeginServerHandshake
@@ -2232,8 +2227,6 @@
** ssl2_HandleVerifyMessage
** ssl2_HandleServerHelloMessage
** ssl2_HandleClientSessionKeyMessage
-** ssl2_RestartHandshakeAfterCertReq
-** ssl2_RestartHandshakeAfterServerCert
*/
static SECStatus
ssl2_TryToFinish(sslSocket *ss)
@@ -2267,7 +2260,6 @@
/*
** Called from ssl2_HandleRequestCertificate
-** ssl2_RestartHandshakeAfterCertReq
*/
static SECStatus
ssl2_SignResponse(sslSocket *ss,
@@ -2354,8 +2346,9 @@
ret = (*ss->getClientAuthData)(ss->getClientAuthDataArg, ss->fd,
NULL, &cert, &key);
if ( ret == SECWouldBlock ) {
- ssl_SetAlwaysBlock(ss);
- goto done;
+ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
+ ret = -1;
+ goto loser;
}
if (ret) {
@@ -2715,8 +2708,7 @@
/************************************************************************/
-/* Called from ssl_Do1stHandshake, after ssl2_HandleServerHelloMessage or
-** ssl2_RestartHandshakeAfterServerCert.
+/* Called from ssl_Do1stHandshake, after ssl2_HandleServerHelloMessage.
*/
static SECStatus
ssl2_HandleVerifyMessage(sslSocket *ss)
@@ -2936,19 +2928,16 @@
rv = (*ss->handleBadCert)(ss->badCertArg, ss->fd);
if ( rv ) {
if ( rv == SECWouldBlock ) {
- /* someone will handle this connection asynchronously*/
-
- SSL_DBG(("%d: SSL[%d]: go to async cert handler",
- SSL_GETPID(), ss->fd));
- ssl_ReleaseRecvBufLock(ss);
- ssl_SetAlwaysBlock(ss);
- return SECWouldBlock;
+ SSL_DBG(("%d: SSL[%d]: SSL2 bad cert handler returned "
+ "SECWouldBlock", SSL_GETPID(), ss->fd));
+ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
+ rv = SECFailure;
+ } else {
+ /* cert is bad */
+ SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
+ SSL_GETPID(), ss->fd, PORT_GetError()));
}
- /* cert is bad */
- SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
goto loser;
-
}
/* cert is good */
} else {
@@ -3125,11 +3114,11 @@
/* ssl3_SendClientHello will override this if it succeeds. */
ss->version = SSL_LIBRARY_VERSION_3_0;
- ssl_GetXmitBufLock(ss); /***************************************/
ssl_GetSSL3HandshakeLock(ss);
+ ssl_GetXmitBufLock(ss);
rv = ssl3_SendClientHello(ss);
+ ssl_ReleaseXmitBufLock(ss);
ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_ReleaseXmitBufLock(ss); /***************************************/
return rv;
}
@@ -3331,133 +3320,6 @@
}
/*
- * attempt to restart the handshake after asynchronously handling
- * a request for the client's certificate.
- *
- * inputs:
- * cert Client cert chosen by application.
- * key Private key associated with cert.
- *
- * XXX: need to make ssl2 and ssl3 versions of this function agree on whether
- * they take the reference, or bump the ref count!
- *
- * Return value: XXX
- *
- * Caller holds 1stHandshakeLock.
- */
-int
-ssl2_RestartHandshakeAfterCertReq(sslSocket * ss,
- CERTCertificate * cert,
- SECKEYPrivateKey * key)
-{
- int ret;
- SECStatus rv = SECSuccess;
- SECItem response;
-
- if (ss->version >= SSL_LIBRARY_VERSION_3_0)
- return SECFailure;
-
- response.data = NULL;
-
- /* generate error if no cert or key */
- if ( ( cert == NULL ) || ( key == NULL ) ) {
- goto no_cert;
- }
-
- /* generate signed response to the challenge */
- rv = ssl2_SignResponse(ss, key, &response);
- if ( rv != SECSuccess ) {
- goto no_cert;
- }
-
- /* Send response message */
- ret = ssl2_SendCertificateResponseMessage(ss, &cert->derCert, &response);
- if (ret) {
- goto no_cert;
- }
-
- /* try to finish the handshake */
- ret = ssl2_TryToFinish(ss);
- if (ret) {
- goto loser;
- }
-
- /* done with handshake */
- if (ss->handshake == 0) {
- ret = SECSuccess;
- goto done;
- }
-
- /* continue handshake */
- ssl_GetRecvBufLock(ss);
- ss->gs.recordLen = 0;
- ssl_ReleaseRecvBufLock(ss);
-
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->nextHandshake = ssl2_HandleMessage;
- ret = ssl2_TriggerNextMessage(ss);
- goto done;
-
-no_cert:
- /* no cert - send error */
- ret = ssl2_SendErrorMessage(ss, SSL_PE_NO_CERTIFICATE);
- goto done;
-
-loser:
- ret = SECFailure;
-done:
- /* free allocated data */
- if ( response.data ) {
- PORT_Free(response.data);
- }
-
- return ret;
-}
-
-
-/* restart an SSL connection that we stopped to run certificate dialogs
-** XXX Need to document here how an application marks a cert to show that
-** the application has accepted it (overridden CERT_VerifyCert).
- *
- * Return value: XXX
- *
- * Caller holds 1stHandshakeLock.
-*/
-int
-ssl2_RestartHandshakeAfterServerCert(sslSocket *ss)
-{
- int rv = SECSuccess;
-
- if (ss->version >= SSL_LIBRARY_VERSION_3_0)
- return SECFailure;
-
- /* SSL 2
- ** At this point we have a completed session key and our session
- ** cipher is setup and ready to go. Switch to encrypted write routine
- ** as all future message data is to be encrypted.
- */
- ssl2_UseEncryptedSendFunc(ss);
-
- rv = ssl2_TryToFinish(ss);
- if (rv == SECSuccess && ss->handshake != NULL) {
- /* handshake is not yet finished. */
-
- SSL_TRC(5, ("%d: SSL[%d]: got server-hello, required=0x%d got=0x%x",
- SSL_GETPID(), ss->fd, ss->sec.ci.requiredElements,
- ss->sec.ci.elements));
-
- ssl_GetRecvBufLock(ss);
- ss->gs.recordLen = 0; /* mark it all used up. */
- ssl_ReleaseRecvBufLock(ss);
-
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->nextHandshake = ssl2_HandleVerifyMessage;
- }
-
- return rv;
-}
-
-/*
** Handle the initial hello message from the client
**
** not static because ssl2_GatherData() tests ss->nextHandshake for this value.
@@ -3852,3 +3714,9 @@
c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0];
return NSS_VersionCheck(importedVersion);
}
+
+const char *
+NSSSSL_GetVersion(void)
+{
+ return NSS_VERSION;
+}
« no previous file with comments | « net/third_party/nss/ssl/sslauth.c ('k') | net/third_party/nss/ssl/sslerr.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698