OLD | NEW |
| (Empty) |
1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h | |
2 index e905aab..9e57220 100644 | |
3 --- a/lib/ssl/ssl.h | |
4 +++ b/lib/ssl/ssl.h | |
5 @@ -896,6 +896,17 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc
*fd, | |
6 PRBool flushCache, | |
7 PRIntervalTime timeout); | |
8 | |
9 +/* Returns a SECItem containing the certificate_types field of the | |
10 +** CertificateRequest message. Each byte of the data is a TLS | |
11 +** ClientCertificateType value, and they are ordered from most preferred to | |
12 +** least. This function should only be called from the | |
13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any | |
14 +** other time. The returned value is valid only until the callback returns, an
d | |
15 +** should not be freed. | |
16 +*/ | |
17 +SSL_IMPORT const SECItem * | |
18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); | |
19 + | |
20 #ifdef SSL_DEPRECATED_FUNCTION | |
21 /* deprecated! | |
22 ** For the server, request a new handshake. For the client, begin a new | |
23 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c | |
24 index b8d4784..784f59b 100644 | |
25 --- a/lib/ssl/ssl3con.c | |
26 +++ b/lib/ssl/ssl3con.c | |
27 @@ -7674,6 +7674,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b
, PRUint32 length) | |
28 if (rv != SECSuccess) | |
29 goto loser; /* malformed, alert has been sent */ | |
30 | |
31 + PORT_Assert(!ss->requestedCertTypes); | |
32 + ss->requestedCertTypes = &cert_types; | |
33 + | |
34 if (isTLS12) { | |
35 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); | |
36 if (rv != SECSuccess) | |
37 @@ -7723,6 +7726,7 @@ loser: | |
38 PORT_SetError(errCode); | |
39 rv = SECFailure; | |
40 done: | |
41 + ss->requestedCertTypes = NULL; | |
42 if (arena != NULL) | |
43 PORT_FreeArena(arena, PR_FALSE); | |
44 return rv; | |
45 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h | |
46 index 10361a0..5f0e6c9 100644 | |
47 --- a/lib/ssl/sslimpl.h | |
48 +++ b/lib/ssl/sslimpl.h | |
49 @@ -1296,6 +1296,10 @@ struct sslSocketStr { | |
50 unsigned int sizeCipherSpecs; | |
51 const unsigned char *preferredCipher; | |
52 | |
53 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ | |
54 + /* Will be NULL at all other times. */ | |
55 + const SECItem *requestedCertTypes; | |
56 + | |
57 ssl3KeyPair *stepDownKeyPair; /* RSA step down keys */ | |
58 | |
59 const ssl3DHParams *dheParams; /* DHE param */ | |
60 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c | |
61 index 601df2a..7f97b14 100644 | |
62 --- a/lib/ssl/sslsock.c | |
63 +++ b/lib/ssl/sslsock.c | |
64 @@ -2496,6 +2496,21 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands
hake_resumed) | |
65 return SECSuccess; | |
66 } | |
67 | |
68 +const SECItem * | |
69 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) | |
70 +{ | |
71 + sslSocket *ss = ssl_FindSocket(fd); | |
72 + | |
73 + if (!ss) { | |
74 + SSL_DBG(("%d: SSL[%d]: bad socket in " | |
75 + "SSL_GetRequestedClientCertificateTypes", | |
76 + SSL_GETPID(), fd)); | |
77 + return NULL; | |
78 + } | |
79 + | |
80 + return ss->requestedCertTypes; | |
81 +} | |
82 + | |
83 /************************************************************************/ | |
84 /* The following functions are the TOP LEVEL SSL functions. | |
85 ** They all get called through the NSPRIOMethods table below. | |
86 @@ -3610,6 +3625,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco
lVariant) | |
87 sc->serverKeyBits = 0; | |
88 ss->certStatusArray[i] = NULL; | |
89 } | |
90 + ss->requestedCertTypes = NULL; | |
91 ss->stepDownKeyPair = NULL; | |
92 | |
93 ss->dheParams = NULL; | |
OLD | NEW |