OLD | NEW |
1 diff --git a/ssl/ssl.h b/ssl/ssl.h | 1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h |
2 index 34142fc..e2d1b09 100644 | 2 index 0983b5f..cf9f6db 100644 |
3 --- a/ssl/ssl.h | 3 --- a/lib/ssl/ssl.h |
4 +++ b/ssl/ssl.h | 4 +++ b/lib/ssl/ssl.h |
5 @@ -803,6 +803,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc
*fd, | 5 @@ -896,6 +896,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc
*fd, |
6 PRBool flushCache, | 6 PRBool flushCache, |
7 PRIntervalTime timeout); | 7 PRIntervalTime timeout); |
8 | 8 |
9 +/* Returns a SECItem containing the certificate_types field of the | 9 +/* Returns a SECItem containing the certificate_types field of the |
10 +** CertificateRequest message. Each byte of the data is a TLS | 10 +** CertificateRequest message. Each byte of the data is a TLS |
11 +** ClientCertificateType value, and they are ordered from most preferred to | 11 +** ClientCertificateType value, and they are ordered from most preferred to |
12 +** least. This function should only be called from the | 12 +** least. This function should only be called from the |
13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any | 13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any |
14 +** other time. The returned value is valid only until the callback returns, an
d | 14 +** other time. The returned value is valid only until the callback returns, an
d |
15 +** should not be freed. | 15 +** should not be freed. |
16 +*/ | 16 +*/ |
17 +SSL_IMPORT const SECItem * | 17 +SSL_IMPORT const SECItem * |
18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); | 18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); |
19 | 19 |
20 #ifdef SSL_DEPRECATED_FUNCTION | 20 #ifdef SSL_DEPRECATED_FUNCTION |
21 /* deprecated! | 21 /* deprecated! |
22 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c | 22 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c |
23 index b9014ef..800c28e 100644 | 23 index cc193cd..27038f3 100644 |
24 --- a/ssl/ssl3con.c | 24 --- a/lib/ssl/ssl3con.c |
25 +++ b/ssl/ssl3con.c | 25 +++ b/lib/ssl/ssl3con.c |
26 @@ -7061,6 +7061,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b
, PRUint32 length) | 26 @@ -7266,6 +7266,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b
, PRUint32 length) |
27 if (rv != SECSuccess) | 27 if (rv != SECSuccess) |
28 goto loser; /* malformed, alert has been sent */ | 28 goto loser; /* malformed, alert has been sent */ |
29 | 29 |
30 + PORT_Assert(!ss->requestedCertTypes); | 30 + PORT_Assert(!ss->requestedCertTypes); |
31 + ss->requestedCertTypes = &cert_types; | 31 + ss->requestedCertTypes = &cert_types; |
32 + | 32 + |
33 if (isTLS12) { | 33 if (isTLS12) { |
34 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); | 34 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); |
35 if (rv != SECSuccess) | 35 if (rv != SECSuccess) |
36 @@ -7262,6 +7265,7 @@ loser: | 36 @@ -7469,6 +7472,7 @@ loser: |
37 PORT_SetError(errCode); | 37 PORT_SetError(errCode); |
38 rv = SECFailure; | 38 rv = SECFailure; |
39 done: | 39 done: |
40 + ss->requestedCertTypes = NULL; | 40 + ss->requestedCertTypes = NULL; |
41 if (arena != NULL) | 41 if (arena != NULL) |
42 PORT_FreeArena(arena, PR_FALSE); | 42 PORT_FreeArena(arena, PR_FALSE); |
43 #ifdef NSS_PLATFORM_CLIENT_AUTH | 43 #ifdef NSS_PLATFORM_CLIENT_AUTH |
44 diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h | 44 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h |
45 index bbc9bd2..46e618a 100644 | 45 index 94bb9f4..c7231a7 100644 |
46 --- a/ssl/sslimpl.h | 46 --- a/lib/ssl/sslimpl.h |
47 +++ b/ssl/sslimpl.h | 47 +++ b/lib/ssl/sslimpl.h |
48 @@ -1238,6 +1238,10 @@ struct sslSocketStr { | 48 @@ -1265,6 +1265,10 @@ struct sslSocketStr { |
49 unsigned int sizeCipherSpecs; | 49 unsigned int sizeCipherSpecs; |
50 const unsigned char * preferredCipher; | 50 const unsigned char * preferredCipher; |
51 | 51 |
52 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ | 52 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ |
53 + /* Will be NULL at all other times. */ | 53 + /* Will be NULL at all other times. */ |
54 + const SECItem *requestedCertTypes; | 54 + const SECItem *requestedCertTypes; |
55 + | 55 + |
56 ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ | 56 ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ |
57 | 57 |
58 /* Callbacks */ | 58 const ssl3DHParams *dheParams; /* DHE param */ |
59 diff --git a/ssl/sslsock.c b/ssl/sslsock.c | 59 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c |
60 index 1a9c584..9431fe4 100644 | 60 index b73f8f6..11e66f2 100644 |
61 --- a/ssl/sslsock.c | 61 --- a/lib/ssl/sslsock.c |
62 +++ b/ssl/sslsock.c | 62 +++ b/lib/ssl/sslsock.c |
63 @@ -1911,6 +1911,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands
hake_resumed) { | 63 @@ -2165,6 +2165,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands
hake_resumed) { |
64 return SECSuccess; | 64 return SECSuccess; |
65 } | 65 } |
66 | 66 |
67 +const SECItem * | 67 +const SECItem * |
68 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) | 68 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) |
69 +{ | 69 +{ |
70 + sslSocket *ss = ssl_FindSocket(fd); | 70 + sslSocket *ss = ssl_FindSocket(fd); |
71 + | 71 + |
72 + if (!ss) { | 72 + if (!ss) { |
73 + SSL_DBG(("%d: SSL[%d]: bad socket in " | 73 + SSL_DBG(("%d: SSL[%d]: bad socket in " |
74 + "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd)); | 74 + "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd)); |
75 + return NULL; | 75 + return NULL; |
76 + } | 76 + } |
77 + | 77 + |
78 + return ss->requestedCertTypes; | 78 + return ss->requestedCertTypes; |
79 +} | 79 +} |
80 + | 80 + |
81 /************************************************************************/ | 81 /************************************************************************/ |
82 /* The following functions are the TOP LEVEL SSL functions. | 82 /* The following functions are the TOP LEVEL SSL functions. |
83 ** They all get called through the NSPRIOMethods table below. | 83 ** They all get called through the NSPRIOMethods table below. |
84 @@ -2989,6 +3003,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco
lVariant) | 84 @@ -3243,6 +3257,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco
lVariant) |
85 sc->serverKeyBits = 0; | 85 sc->serverKeyBits = 0; |
86 ss->certStatusArray[i] = NULL; | 86 ss->certStatusArray[i] = NULL; |
87 } | 87 } |
88 + ss->requestedCertTypes = NULL; | 88 + ss->requestedCertTypes = NULL; |
89 ss->stepDownKeyPair = NULL; | 89 ss->stepDownKeyPair = NULL; |
90 ss->dbHandle = CERT_GetDefaultCertDB(); | |
91 | 90 |
| 91 ss->dheParams = NULL; |
OLD | NEW |