OLD | NEW |
1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h | 1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h |
2 index 0983b5f..cf9f6db 100644 | 2 index e905aab..9e57220 100644 |
3 --- a/lib/ssl/ssl.h | 3 --- a/lib/ssl/ssl.h |
4 +++ b/lib/ssl/ssl.h | 4 +++ b/lib/ssl/ssl.h |
5 @@ -896,6 +896,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc
*fd, | 5 @@ -896,6 +896,17 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc
*fd, |
6 PRBool flushCache, | 6 PRBool flushCache, |
7 PRIntervalTime timeout); | 7 PRIntervalTime timeout); |
8 | 8 |
9 +/* Returns a SECItem containing the certificate_types field of the | 9 +/* Returns a SECItem containing the certificate_types field of the |
10 +** CertificateRequest message. Each byte of the data is a TLS | 10 +** CertificateRequest message. Each byte of the data is a TLS |
11 +** ClientCertificateType value, and they are ordered from most preferred to | 11 +** ClientCertificateType value, and they are ordered from most preferred to |
12 +** least. This function should only be called from the | 12 +** least. This function should only be called from the |
13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any | 13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any |
14 +** other time. The returned value is valid only until the callback returns, an
d | 14 +** other time. The returned value is valid only until the callback returns, an
d |
15 +** should not be freed. | 15 +** should not be freed. |
16 +*/ | 16 +*/ |
17 +SSL_IMPORT const SECItem * | 17 +SSL_IMPORT const SECItem * |
18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); | 18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); |
19 | 19 + |
20 #ifdef SSL_DEPRECATED_FUNCTION | 20 #ifdef SSL_DEPRECATED_FUNCTION |
21 /* deprecated! | 21 /* deprecated! |
| 22 ** For the server, request a new handshake. For the client, begin a new |
22 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c | 23 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c |
23 index cc193cd..27038f3 100644 | 24 index b8d4784..784f59b 100644 |
24 --- a/lib/ssl/ssl3con.c | 25 --- a/lib/ssl/ssl3con.c |
25 +++ b/lib/ssl/ssl3con.c | 26 +++ b/lib/ssl/ssl3con.c |
26 @@ -7266,6 +7266,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b
, PRUint32 length) | 27 @@ -7674,6 +7674,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b
, PRUint32 length) |
27 if (rv != SECSuccess) | 28 if (rv != SECSuccess) |
28 » goto loser;» » /* malformed, alert has been sent */ | 29 goto loser; /* malformed, alert has been sent */ |
29 | 30 |
30 + PORT_Assert(!ss->requestedCertTypes); | 31 + PORT_Assert(!ss->requestedCertTypes); |
31 + ss->requestedCertTypes = &cert_types; | 32 + ss->requestedCertTypes = &cert_types; |
32 + | 33 + |
33 if (isTLS12) { | 34 if (isTLS12) { |
34 » rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); | 35 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); |
35 » if (rv != SECSuccess) | 36 if (rv != SECSuccess) |
36 @@ -7469,6 +7472,7 @@ loser: | 37 @@ -7723,6 +7726,7 @@ loser: |
37 PORT_SetError(errCode); | 38 PORT_SetError(errCode); |
38 rv = SECFailure; | 39 rv = SECFailure; |
39 done: | 40 done: |
40 + ss->requestedCertTypes = NULL; | 41 + ss->requestedCertTypes = NULL; |
41 if (arena != NULL) | 42 if (arena != NULL) |
42 » PORT_FreeArena(arena, PR_FALSE); | 43 PORT_FreeArena(arena, PR_FALSE); |
43 #ifdef NSS_PLATFORM_CLIENT_AUTH | 44 return rv; |
44 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h | 45 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h |
45 index 94bb9f4..c7231a7 100644 | 46 index 10361a0..5f0e6c9 100644 |
46 --- a/lib/ssl/sslimpl.h | 47 --- a/lib/ssl/sslimpl.h |
47 +++ b/lib/ssl/sslimpl.h | 48 +++ b/lib/ssl/sslimpl.h |
48 @@ -1265,6 +1265,10 @@ struct sslSocketStr { | 49 @@ -1296,6 +1296,10 @@ struct sslSocketStr { |
49 unsigned int sizeCipherSpecs; | 50 unsigned int sizeCipherSpecs; |
50 const unsigned char * preferredCipher; | 51 const unsigned char *preferredCipher; |
51 | 52 |
52 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ | 53 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ |
53 + /* Will be NULL at all other times. */ | 54 + /* Will be NULL at all other times. */ |
54 + const SECItem *requestedCertTypes; | 55 + const SECItem *requestedCertTypes; |
55 + | 56 + |
56 ssl3KeyPair * stepDownKeyPair;» /* RSA step down keys */ | 57 ssl3KeyPair *stepDownKeyPair; /* RSA step down keys */ |
57 | 58 |
58 const ssl3DHParams *dheParams; /* DHE param */ | 59 const ssl3DHParams *dheParams; /* DHE param */ |
59 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c | 60 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c |
60 index b73f8f6..11e66f2 100644 | 61 index 601df2a..7f97b14 100644 |
61 --- a/lib/ssl/sslsock.c | 62 --- a/lib/ssl/sslsock.c |
62 +++ b/lib/ssl/sslsock.c | 63 +++ b/lib/ssl/sslsock.c |
63 @@ -2165,6 +2165,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands
hake_resumed) { | 64 @@ -2496,6 +2496,21 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands
hake_resumed) |
64 return SECSuccess; | 65 return SECSuccess; |
65 } | 66 } |
66 | 67 |
67 +const SECItem * | 68 +const SECItem * |
68 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) | 69 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) |
69 +{ | 70 +{ |
70 + sslSocket *ss = ssl_FindSocket(fd); | 71 + sslSocket *ss = ssl_FindSocket(fd); |
71 + | 72 + |
72 + if (!ss) { | 73 + if (!ss) { |
73 + SSL_DBG(("%d: SSL[%d]: bad socket in " | 74 + SSL_DBG(("%d: SSL[%d]: bad socket in " |
74 + "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd)); | 75 + "SSL_GetRequestedClientCertificateTypes", |
75 + return NULL; | 76 + SSL_GETPID(), fd)); |
76 + } | 77 + return NULL; |
| 78 + } |
77 + | 79 + |
78 + return ss->requestedCertTypes; | 80 + return ss->requestedCertTypes; |
79 +} | 81 +} |
80 + | 82 + |
81 /************************************************************************/ | 83 /************************************************************************/ |
82 /* The following functions are the TOP LEVEL SSL functions. | 84 /* The following functions are the TOP LEVEL SSL functions. |
83 ** They all get called through the NSPRIOMethods table below. | 85 ** They all get called through the NSPRIOMethods table below. |
84 @@ -3243,6 +3257,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco
lVariant) | 86 @@ -3610,6 +3625,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco
lVariant) |
85 sc->serverKeyBits = 0; | 87 sc->serverKeyBits = 0; |
86 ss->certStatusArray[i] = NULL; | 88 ss->certStatusArray[i] = NULL; |
87 } | 89 } |
88 + ss->requestedCertTypes = NULL; | 90 + ss->requestedCertTypes = NULL; |
89 ss->stepDownKeyPair = NULL; | 91 ss->stepDownKeyPair = NULL; |
90 | 92 |
91 ss->dheParams = NULL; | 93 ss->dheParams = NULL; |
OLD | NEW |