| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 /* | 5 /* |
| 6 * Implementation of OCSP services, for both client and server. | 6 * Implementation of OCSP services, for both client and server. |
| 7 * (XXX, really, mostly just for client right now, but intended to do both.) | 7 * (XXX, really, mostly just for client right now, but intended to do both.) |
| 8 * | 8 * |
| 9 * $Id: ocsp.c,v 1.74.2.1 2012/12/12 16:38:39 wtc%google.com Exp $ | 9 * $Id: ocsp.c,v 1.77 2013/01/23 23:05:50 kaie%kuix.de Exp $ |
| 10 */ | 10 */ |
| 11 | 11 |
| 12 #include "prerror.h" | 12 #include "prerror.h" |
| 13 #include "prprf.h" | 13 #include "prprf.h" |
| 14 #include "plarena.h" | 14 #include "plarena.h" |
| 15 #include "prnetdb.h" | 15 #include "prnetdb.h" |
| 16 | 16 |
| 17 #include "seccomon.h" | 17 #include "seccomon.h" |
| 18 #include "secitem.h" | 18 #include "secitem.h" |
| 19 #include "secoidt.h" | 19 #include "secoidt.h" |
| (...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 149 #define OCSP_TRACE(msg) ocsp_Trace msg | 149 #define OCSP_TRACE(msg) ocsp_Trace msg |
| 150 #define OCSP_TRACE_TIME(msg, time) ocsp_dumpStringWithTime(msg, time) | 150 #define OCSP_TRACE_TIME(msg, time) ocsp_dumpStringWithTime(msg, time) |
| 151 #define OCSP_TRACE_CERT(cert) dumpCertificate(cert) | 151 #define OCSP_TRACE_CERT(cert) dumpCertificate(cert) |
| 152 #define OCSP_TRACE_CERTID(certid) dumpCertID(certid) | 152 #define OCSP_TRACE_CERTID(certid) dumpCertID(certid) |
| 153 | 153 |
| 154 #if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) \ | 154 #if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) \ |
| 155 || defined(XP_MACOSX) | 155 || defined(XP_MACOSX) |
| 156 #define NSS_HAVE_GETENV 1 | 156 #define NSS_HAVE_GETENV 1 |
| 157 #endif | 157 #endif |
| 158 | 158 |
| 159 static PRBool wantOcspTrace() | 159 static PRBool wantOcspTrace(void) |
| 160 { | 160 { |
| 161 static PRBool firstTime = PR_TRUE; | 161 static PRBool firstTime = PR_TRUE; |
| 162 static PRBool wantTrace = PR_FALSE; | 162 static PRBool wantTrace = PR_FALSE; |
| 163 | 163 |
| 164 #ifdef NSS_HAVE_GETENV | 164 #ifdef NSS_HAVE_GETENV |
| 165 if (firstTime) { | 165 if (firstTime) { |
| 166 char *ev = getenv("NSS_TRACE_OCSP"); | 166 char *ev = getenv("NSS_TRACE_OCSP"); |
| 167 if (ev && ev[0]) { | 167 if (ev && ev[0]) { |
| 168 wantTrace = PR_TRUE; | 168 wantTrace = PR_TRUE; |
| 169 } | 169 } |
| (...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 497 PR_ExitMonitor(OCSP_Global.monitor); | 497 PR_ExitMonitor(OCSP_Global.monitor); |
| 498 return; | 498 return; |
| 499 } | 499 } |
| 500 OCSP_TRACE(("OCSP ocsp_MakeCacheEntryMostRecent NEW entry\n")); | 500 OCSP_TRACE(("OCSP ocsp_MakeCacheEntryMostRecent NEW entry\n")); |
| 501 ocsp_RemoveCacheItemFromLinkedList(cache, new_most_recent); | 501 ocsp_RemoveCacheItemFromLinkedList(cache, new_most_recent); |
| 502 ocsp_AddCacheItemToLinkedList(cache, new_most_recent); | 502 ocsp_AddCacheItemToLinkedList(cache, new_most_recent); |
| 503 PR_ExitMonitor(OCSP_Global.monitor); | 503 PR_ExitMonitor(OCSP_Global.monitor); |
| 504 } | 504 } |
| 505 | 505 |
| 506 static PRBool | 506 static PRBool |
| 507 ocsp_IsCacheDisabled() | 507 ocsp_IsCacheDisabled(void) |
| 508 { | 508 { |
| 509 /* | 509 /* |
| 510 * maxCacheEntries == 0 means unlimited cache entries | 510 * maxCacheEntries == 0 means unlimited cache entries |
| 511 * maxCacheEntries < 0 means cache is disabled | 511 * maxCacheEntries < 0 means cache is disabled |
| 512 */ | 512 */ |
| 513 PRBool retval; | 513 PRBool retval; |
| 514 PR_EnterMonitor(OCSP_Global.monitor); | 514 PR_EnterMonitor(OCSP_Global.monitor); |
| 515 retval = (OCSP_Global.maxCacheEntries < 0); | 515 retval = (OCSP_Global.maxCacheEntries < 0); |
| 516 PR_ExitMonitor(OCSP_Global.monitor); | 516 PR_ExitMonitor(OCSP_Global.monitor); |
| 517 return retval; | 517 return retval; |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 585 */ | 585 */ |
| 586 while (cache->numberOfEntries > | 586 while (cache->numberOfEntries > |
| 587 (PRUint32)OCSP_Global.maxCacheEntries) { | 587 (PRUint32)OCSP_Global.maxCacheEntries) { |
| 588 ocsp_RemoveCacheItem(cache, cache->LRUitem); | 588 ocsp_RemoveCacheItem(cache, cache->LRUitem); |
| 589 } | 589 } |
| 590 } | 590 } |
| 591 PR_ExitMonitor(OCSP_Global.monitor); | 591 PR_ExitMonitor(OCSP_Global.monitor); |
| 592 } | 592 } |
| 593 | 593 |
| 594 SECStatus | 594 SECStatus |
| 595 CERT_ClearOCSPCache() | 595 CERT_ClearOCSPCache(void) |
| 596 { | 596 { |
| 597 OCSP_TRACE(("OCSP CERT_ClearOCSPCache\n")); | 597 OCSP_TRACE(("OCSP CERT_ClearOCSPCache\n")); |
| 598 PR_EnterMonitor(OCSP_Global.monitor); | 598 PR_EnterMonitor(OCSP_Global.monitor); |
| 599 while (OCSP_Global.cache.numberOfEntries > 0) { | 599 while (OCSP_Global.cache.numberOfEntries > 0) { |
| 600 ocsp_RemoveCacheItem(&OCSP_Global.cache, | 600 ocsp_RemoveCacheItem(&OCSP_Global.cache, |
| 601 OCSP_Global.cache.LRUitem); | 601 OCSP_Global.cache.LRUitem); |
| 602 } | 602 } |
| 603 PR_ExitMonitor(OCSP_Global.monitor); | 603 PR_ExitMonitor(OCSP_Global.monitor); |
| 604 return SECSuccess; | 604 return SECSuccess; |
| 605 } | 605 } |
| (...skipping 340 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 946 | 946 |
| 947 PR_DestroyMonitor(OCSP_Global.monitor); | 947 PR_DestroyMonitor(OCSP_Global.monitor); |
| 948 OCSP_Global.monitor = NULL; | 948 OCSP_Global.monitor = NULL; |
| 949 return SECSuccess; | 949 return SECSuccess; |
| 950 } | 950 } |
| 951 | 951 |
| 952 /* | 952 /* |
| 953 * A return value of NULL means: | 953 * A return value of NULL means: |
| 954 * The application did not register it's own HTTP client. | 954 * The application did not register it's own HTTP client. |
| 955 */ | 955 */ |
| 956 const SEC_HttpClientFcn *SEC_GetRegisteredHttpClient() | 956 const SEC_HttpClientFcn *SEC_GetRegisteredHttpClient(void) |
| 957 { | 957 { |
| 958 const SEC_HttpClientFcn *retval; | 958 const SEC_HttpClientFcn *retval; |
| 959 | 959 |
| 960 if (!OCSP_Global.monitor) { | 960 if (!OCSP_Global.monitor) { |
| 961 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); | 961 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); |
| 962 return NULL; | 962 return NULL; |
| 963 } | 963 } |
| 964 | 964 |
| 965 PR_EnterMonitor(OCSP_Global.monitor); | 965 PR_EnterMonitor(OCSP_Global.monitor); |
| 966 retval = OCSP_Global.defaultHttpClientFcn; | 966 retval = OCSP_Global.defaultHttpClientFcn; |
| (...skipping 966 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1933 PORT_ArenaUnmark(arena, mark); | 1933 PORT_ArenaUnmark(arena, mark); |
| 1934 requestList[1] = NULL; | 1934 requestList[1] = NULL; |
| 1935 return requestList; | 1935 return requestList; |
| 1936 | 1936 |
| 1937 loser: | 1937 loser: |
| 1938 PORT_ArenaRelease(arena, mark); | 1938 PORT_ArenaRelease(arena, mark); |
| 1939 return NULL; | 1939 return NULL; |
| 1940 } | 1940 } |
| 1941 | 1941 |
| 1942 static CERTOCSPRequest * | 1942 static CERTOCSPRequest * |
| 1943 ocsp_prepareEmptyOCSPRequest() | 1943 ocsp_prepareEmptyOCSPRequest(void) |
| 1944 { | 1944 { |
| 1945 PRArenaPool *arena = NULL; | 1945 PRArenaPool *arena = NULL; |
| 1946 CERTOCSPRequest *request = NULL; | 1946 CERTOCSPRequest *request = NULL; |
| 1947 ocspTBSRequest *tbsRequest = NULL; | 1947 ocspTBSRequest *tbsRequest = NULL; |
| 1948 | 1948 |
| 1949 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 1949 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 1950 if (arena == NULL) { | 1950 if (arena == NULL) { |
| 1951 goto loser; | 1951 goto loser; |
| 1952 } | 1952 } |
| 1953 request = PORT_ArenaZNew(arena, CERTOCSPRequest); | 1953 request = PORT_ArenaZNew(arena, CERTOCSPRequest); |
| (...skipping 2725 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4679 *rvOcsp = SECSuccess; | 4679 *rvOcsp = SECSuccess; |
| 4680 } | 4680 } |
| 4681 *missingResponseError = cacheItem->missingResponseError; | 4681 *missingResponseError = cacheItem->missingResponseError; |
| 4682 } | 4682 } |
| 4683 } | 4683 } |
| 4684 PR_ExitMonitor(OCSP_Global.monitor); | 4684 PR_ExitMonitor(OCSP_Global.monitor); |
| 4685 return rv; | 4685 return rv; |
| 4686 } | 4686 } |
| 4687 | 4687 |
| 4688 PRBool | 4688 PRBool |
| 4689 ocsp_FetchingFailureIsVerificationFailure() | 4689 ocsp_FetchingFailureIsVerificationFailure(void) |
| 4690 { | 4690 { |
| 4691 PRBool isFailure; | 4691 PRBool isFailure; |
| 4692 | 4692 |
| 4693 PR_EnterMonitor(OCSP_Global.monitor); | 4693 PR_EnterMonitor(OCSP_Global.monitor); |
| 4694 isFailure = | 4694 isFailure = |
| 4695 OCSP_Global.ocspFailureMode == ocspMode_FailureIsVerificationFailure; | 4695 OCSP_Global.ocspFailureMode == ocspMode_FailureIsVerificationFailure; |
| 4696 PR_ExitMonitor(OCSP_Global.monitor); | 4696 PR_ExitMonitor(OCSP_Global.monitor); |
| 4697 return isFailure; | 4697 return isFailure; |
| 4698 } | 4698 } |
| 4699 | 4699 |
| (...skipping 984 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5684 case ocspResponse_tryLater: | 5684 case ocspResponse_tryLater: |
| 5685 PORT_SetError(SEC_ERROR_OCSP_TRY_SERVER_LATER); | 5685 PORT_SetError(SEC_ERROR_OCSP_TRY_SERVER_LATER); |
| 5686 break; | 5686 break; |
| 5687 case ocspResponse_sigRequired: | 5687 case ocspResponse_sigRequired: |
| 5688 /* XXX We *should* retry with a signature, if possible. */ | 5688 /* XXX We *should* retry with a signature, if possible. */ |
| 5689 PORT_SetError(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG); | 5689 PORT_SetError(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG); |
| 5690 break; | 5690 break; |
| 5691 case ocspResponse_unauthorized: | 5691 case ocspResponse_unauthorized: |
| 5692 PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST); | 5692 PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST); |
| 5693 break; | 5693 break; |
| 5694 case ocspResponse_other: | |
| 5695 case ocspResponse_unused: | 5694 case ocspResponse_unused: |
| 5696 default: | 5695 default: |
| 5697 PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS); | 5696 PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS); |
| 5698 break; | 5697 break; |
| 5699 } | 5698 } |
| 5700 return SECFailure; | 5699 return SECFailure; |
| 5701 } | 5700 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12197027:
Merge NSS_3_14_2_RTM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/