OLD | NEW |
1 /* | 1 /* |
2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
4 * Various other functions. | 4 * Various other functions. |
5 * | 5 * |
6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
9 #include "seccomon.h" | 9 #include "seccomon.h" |
10 #include "cert.h" | 10 #include "cert.h" |
(...skipping 10 matching lines...) Expand all Loading... |
21 #include "nss.h" | 21 #include "nss.h" |
22 | 22 |
23 /* This is a bodge to allow this code to be compiled against older NSS headers | 23 /* This is a bodge to allow this code to be compiled against older NSS headers |
24 * that don't contain the TLS 1.2 changes. */ | 24 * that don't contain the TLS 1.2 changes. */ |
25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 | 25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 |
26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) | 26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
27 #endif | 27 #endif |
28 | 28 |
29 #define SET_ERROR_CODE /* reminder */ | 29 #define SET_ERROR_CODE /* reminder */ |
30 | 30 |
31 struct cipherPolicyStr { | |
32 int cipher; | |
33 unsigned char export; /* policy value for export policy */ | |
34 unsigned char france; /* policy value for france policy */ | |
35 }; | |
36 | |
37 typedef struct cipherPolicyStr cipherPolicy; | |
38 | |
39 /* This table contains two preconfigured policies: Export and France. | |
40 ** It is used only by the functions NSS_SetDomesticPolicy, | |
41 ** NSS_SetExportPolicy, and NSS_SetFrancePolicy. | |
42 ** Order of entries is not important. | |
43 */ | |
44 static cipherPolicy ssl_ciphers[] = { /* Export France */ | |
45 { SSL_EN_RC4_128_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
46 { SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
47 { SSL_EN_RC2_128_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
48 { SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
49 { SSL_EN_DES_64_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
50 { SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
51 { SSL_RSA_WITH_RC4_128_MD5, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
52 { SSL_RSA_WITH_RC4_128_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
53 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
54 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
55 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
56 { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
57 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
58 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
59 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
60 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
61 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
62 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
63 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
64 { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
65 { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
66 { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, SSL_ALLOWED }, | |
67 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
68 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
69 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
70 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
71 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
72 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
73 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
74 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
75 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
76 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
77 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
78 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
79 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
80 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
81 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
82 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
83 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
84 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED }, | |
85 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED }, | |
86 #ifdef NSS_ENABLE_ECC | |
87 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
88 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
89 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
90 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
91 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
92 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
93 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
94 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
95 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
96 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
97 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
98 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
99 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
100 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
101 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
102 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
103 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
104 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
105 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
106 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
107 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
108 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
109 #endif /* NSS_ENABLE_ECC */ | |
110 { 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED } | |
111 }; | |
112 | |
113 static const sslSocketOps ssl_default_ops = { /* No SSL. */ | 31 static const sslSocketOps ssl_default_ops = { /* No SSL. */ |
114 ssl_DefConnect, | 32 ssl_DefConnect, |
115 NULL, | 33 NULL, |
116 ssl_DefBind, | 34 ssl_DefBind, |
117 ssl_DefListen, | 35 ssl_DefListen, |
118 ssl_DefShutdown, | 36 ssl_DefShutdown, |
119 ssl_DefClose, | 37 ssl_DefClose, |
120 ssl_DefRecv, | 38 ssl_DefRecv, |
121 ssl_DefSend, | 39 ssl_DefSend, |
122 ssl_DefRead, | 40 ssl_DefRead, |
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
284 | 202 |
285 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); | 203 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); |
286 ss->url = !os->url ? NULL : PORT_Strdup(os->url); | 204 ss->url = !os->url ? NULL : PORT_Strdup(os->url); |
287 | 205 |
288 ss->ops = os->ops; | 206 ss->ops = os->ops; |
289 ss->rTimeout = os->rTimeout; | 207 ss->rTimeout = os->rTimeout; |
290 ss->wTimeout = os->wTimeout; | 208 ss->wTimeout = os->wTimeout; |
291 ss->cTimeout = os->cTimeout; | 209 ss->cTimeout = os->cTimeout; |
292 ss->dbHandle = os->dbHandle; | 210 ss->dbHandle = os->dbHandle; |
293 | 211 |
294 » /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */ | 212 » /* copy ssl2&3 prefs, even if it's not selected (yet) */ |
295 » ss->allowedByPolicy» = os->allowedByPolicy; | |
296 » ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; | |
297 ss->chosenPreference = os->chosenPreference; | 213 ss->chosenPreference = os->chosenPreference; |
298 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites)
; | 214 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites)
; |
299 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, | 215 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, |
300 sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); | 216 sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); |
301 ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; | 217 ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; |
302 | 218 |
303 if (os->cipherSpecs) { | 219 if (os->cipherSpecs) { |
304 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); | 220 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); |
305 if (ss->cipherSpecs) | 221 if (ss->cipherSpecs) |
306 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, | 222 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, |
(...skipping 862 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1169 switch (suite) { | 1085 switch (suite) { |
1170 case SSL_FORTEZZA_DMS_WITH_NULL_SHA: | 1086 case SSL_FORTEZZA_DMS_WITH_NULL_SHA: |
1171 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: | 1087 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: |
1172 case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA: | 1088 case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA: |
1173 return PR_TRUE; | 1089 return PR_TRUE; |
1174 default: | 1090 default: |
1175 return PR_FALSE; | 1091 return PR_FALSE; |
1176 } | 1092 } |
1177 } | 1093 } |
1178 | 1094 |
1179 /* Part of the public NSS API. | |
1180 * Since this is a global (not per-socket) setting, we cannot use the | |
1181 * HandshakeLock to protect this. Probably want a global lock. | |
1182 */ | |
1183 SECStatus | 1095 SECStatus |
1184 SSL_SetPolicy(long which, int policy) | 1096 SSL_SetPolicy(long which, int policy) |
1185 { | 1097 { |
1186 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) { | 1098 return SECSuccess; |
1187 » /* one of the two old FIPS ciphers */ | |
1188 » if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) | |
1189 » which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; | |
1190 » else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) | |
1191 » which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; | |
1192 } | |
1193 if (ssl_IsRemovedCipherSuite(which)) | |
1194 » return SECSuccess; | |
1195 return SSL_CipherPolicySet(which, policy); | |
1196 } | 1099 } |
1197 | 1100 |
1198 SECStatus | 1101 SECStatus |
1199 SSL_CipherPolicySet(PRInt32 which, PRInt32 policy) | 1102 SSL_CipherPolicySet(PRInt32 which, PRInt32 policy) |
1200 { | 1103 { |
1201 SECStatus rv = ssl_Init(); | 1104 return SECSuccess; |
1202 | |
1203 if (rv != SECSuccess) { | |
1204 » return rv; | |
1205 } | |
1206 | |
1207 if (ssl_IsRemovedCipherSuite(which)) { | |
1208 » rv = SECSuccess; | |
1209 } else if (SSL_IS_SSL2_CIPHER(which)) { | |
1210 » rv = ssl2_SetPolicy(which, policy); | |
1211 } else { | |
1212 » rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); | |
1213 } | |
1214 return rv; | |
1215 } | 1105 } |
1216 | 1106 |
1217 SECStatus | 1107 SECStatus |
1218 SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) | 1108 SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) |
1219 { | 1109 { |
1220 SECStatus rv; | 1110 *oPolicy = SSL_ALLOWED; |
1221 | 1111 return SECSuccess; |
1222 if (!oPolicy) { | |
1223 » PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
1224 » return SECFailure; | |
1225 } | |
1226 if (ssl_IsRemovedCipherSuite(which)) { | |
1227 » *oPolicy = SSL_NOT_ALLOWED; | |
1228 » rv = SECSuccess; | |
1229 } else if (SSL_IS_SSL2_CIPHER(which)) { | |
1230 » rv = ssl2_GetPolicy(which, oPolicy); | |
1231 } else { | |
1232 » rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy); | |
1233 } | |
1234 return rv; | |
1235 } | 1112 } |
1236 | 1113 |
1237 /* Part of the public NSS API. | 1114 /* Part of the public NSS API. |
1238 * Since this is a global (not per-socket) setting, we cannot use the | 1115 * Since this is a global (not per-socket) setting, we cannot use the |
1239 * HandshakeLock to protect this. Probably want a global lock. | 1116 * HandshakeLock to protect this. Probably want a global lock. |
1240 * These changes have no effect on any sslSockets already created. | 1117 * These changes have no effect on any sslSockets already created. |
1241 */ | 1118 */ |
1242 SECStatus | 1119 SECStatus |
1243 SSL_EnableCipher(long which, PRBool enabled) | 1120 SSL_EnableCipher(long which, PRBool enabled) |
1244 { | 1121 { |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1343 rv = ssl2_CipherPrefGet(ss, which, enabled); | 1220 rv = ssl2_CipherPrefGet(ss, which, enabled); |
1344 } else { | 1221 } else { |
1345 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); | 1222 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); |
1346 } | 1223 } |
1347 return rv; | 1224 return rv; |
1348 } | 1225 } |
1349 | 1226 |
1350 SECStatus | 1227 SECStatus |
1351 NSS_SetDomesticPolicy(void) | 1228 NSS_SetDomesticPolicy(void) |
1352 { | 1229 { |
1353 SECStatus status = SECSuccess; | 1230 return SECSuccess; |
1354 cipherPolicy * policy; | |
1355 | |
1356 for (policy = ssl_ciphers; policy->cipher != 0; ++policy) { | |
1357 » status = SSL_SetPolicy(policy->cipher, SSL_ALLOWED); | |
1358 » if (status != SECSuccess) | |
1359 » break; | |
1360 } | |
1361 return status; | |
1362 } | 1231 } |
1363 | 1232 |
1364 SECStatus | 1233 SECStatus |
1365 NSS_SetExportPolicy(void) | 1234 NSS_SetExportPolicy(void) |
1366 { | 1235 { |
1367 return NSS_SetDomesticPolicy(); | 1236 return SECSuccess; |
1368 } | 1237 } |
1369 | 1238 |
1370 SECStatus | 1239 SECStatus |
1371 NSS_SetFrancePolicy(void) | 1240 NSS_SetFrancePolicy(void) |
1372 { | 1241 { |
1373 return NSS_SetDomesticPolicy(); | 1242 return SECSuccess; |
1374 } | 1243 } |
1375 | 1244 |
1376 SECStatus | 1245 SECStatus |
1377 SSL_GetChannelBinding(PRFileDesc *fd, | 1246 SSL_GetChannelBinding(PRFileDesc *fd, |
1378 SSLChannelBindingType binding_type, | 1247 SSLChannelBindingType binding_type, |
1379 unsigned char *out, | 1248 unsigned char *out, |
1380 unsigned int *outLen, | 1249 unsigned int *outLen, |
1381 unsigned int outLenMax) { | 1250 unsigned int outLenMax) { |
1382 sslSocket *ss = ssl_FindSocket(fd); | 1251 sslSocket *ss = ssl_FindSocket(fd); |
1383 | 1252 |
(...skipping 1706 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3090 ss->getPlatformClientAuthDataArg = NULL; | 2959 ss->getPlatformClientAuthDataArg = NULL; |
3091 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 2960 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
3092 ss->handleBadCert = NULL; | 2961 ss->handleBadCert = NULL; |
3093 ss->badCertArg = NULL; | 2962 ss->badCertArg = NULL; |
3094 ss->pkcs11PinArg = NULL; | 2963 ss->pkcs11PinArg = NULL; |
3095 ss->ephemeralECDHKeyPair = NULL; | 2964 ss->ephemeralECDHKeyPair = NULL; |
3096 ss->getChannelID = NULL; | 2965 ss->getChannelID = NULL; |
3097 ss->getChannelIDArg = NULL; | 2966 ss->getChannelIDArg = NULL; |
3098 | 2967 |
3099 ssl_ChooseOps(ss); | 2968 ssl_ChooseOps(ss); |
3100 » ssl2_InitSocketPolicy(ss); | 2969 » ssl2_InitSocketCipherSuites(ss); |
3101 » ssl3_InitSocketPolicy(ss); | 2970 » ssl3_InitSocketCipherSuites(ss); |
3102 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); | 2971 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); |
3103 | 2972 |
3104 if (makeLocks) { | 2973 if (makeLocks) { |
3105 status = ssl_MakeLocks(ss); | 2974 status = ssl_MakeLocks(ss); |
3106 if (status != SECSuccess) | 2975 if (status != SECSuccess) |
3107 goto loser; | 2976 goto loser; |
3108 } | 2977 } |
3109 status = ssl_CreateSecurityInfo(ss); | 2978 status = ssl_CreateSecurityInfo(ss); |
3110 if (status != SECSuccess) | 2979 if (status != SECSuccess) |
3111 goto loser; | 2980 goto loser; |
3112 status = ssl_InitGather(&ss->gs); | 2981 status = ssl_InitGather(&ss->gs); |
3113 if (status != SECSuccess) { | 2982 if (status != SECSuccess) { |
3114 loser: | 2983 loser: |
3115 ssl_DestroySocketContents(ss); | 2984 ssl_DestroySocketContents(ss); |
3116 ssl_DestroyLocks(ss); | 2985 ssl_DestroyLocks(ss); |
3117 PORT_Free(ss); | 2986 PORT_Free(ss); |
3118 ss = NULL; | 2987 ss = NULL; |
3119 } | 2988 } |
3120 ss->protocolVariant = protocolVariant; | 2989 ss->protocolVariant = protocolVariant; |
3121 } | 2990 } |
3122 return ss; | 2991 return ss; |
3123 } | 2992 } |
3124 | 2993 |
OLD | NEW |