OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 #include "cert.h" | 4 #include "cert.h" |
5 #include "secitem.h" | 5 #include "secitem.h" |
6 #include "ssl.h" | 6 #include "ssl.h" |
7 #include "sslimpl.h" | 7 #include "sslimpl.h" |
8 #include "sslproto.h" | 8 #include "sslproto.h" |
9 #include "pk11func.h" | 9 #include "pk11func.h" |
10 #include "ocsp.h" | 10 #include "ocsp.h" |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
93 | 93 |
94 | 94 |
95 /* NEED LOCKS IN HERE. */ | 95 /* NEED LOCKS IN HERE. */ |
96 SECStatus | 96 SECStatus |
97 SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1, | 97 SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1, |
98 char **ip, char **sp) | 98 char **ip, char **sp) |
99 { | 99 { |
100 sslSocket *ss; | 100 sslSocket *ss; |
101 const char *cipherName; | 101 const char *cipherName; |
102 PRBool isDes = PR_FALSE; | 102 PRBool isDes = PR_FALSE; |
103 PRBool enoughFirstHsDone = PR_FALSE; | |
104 | 103 |
105 ss = ssl_FindSocket(fd); | 104 ss = ssl_FindSocket(fd); |
106 if (!ss) { | 105 if (!ss) { |
107 SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus", | 106 SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus", |
108 SSL_GETPID(), fd)); | 107 SSL_GETPID(), fd)); |
109 return SECFailure; | 108 return SECFailure; |
110 } | 109 } |
111 | 110 |
112 if (cp) *cp = 0; | 111 if (cp) *cp = 0; |
113 if (kp0) *kp0 = 0; | 112 if (kp0) *kp0 = 0; |
114 if (kp1) *kp1 = 0; | 113 if (kp1) *kp1 = 0; |
115 if (ip) *ip = 0; | 114 if (ip) *ip = 0; |
116 if (sp) *sp = 0; | 115 if (sp) *sp = 0; |
117 if (op) { | 116 if (op) { |
118 *op = SSL_SECURITY_STATUS_OFF; | 117 *op = SSL_SECURITY_STATUS_OFF; |
119 } | 118 } |
120 | 119 |
121 if (ss->firstHsDone) { | 120 if (ss->opt.useSecurity && ss->enoughFirstHsDone) { |
122 » enoughFirstHsDone = PR_TRUE; | |
123 } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 && | |
124 » ssl3_CanFalseStart(ss)) { | |
125 » enoughFirstHsDone = PR_TRUE; | |
126 } | |
127 | |
128 if (ss->opt.useSecurity && enoughFirstHsDone) { | |
129 if (ss->version < SSL_LIBRARY_VERSION_3_0) { | 121 if (ss->version < SSL_LIBRARY_VERSION_3_0) { |
130 cipherName = ssl_cipherName[ss->sec.cipherType]; | 122 cipherName = ssl_cipherName[ss->sec.cipherType]; |
131 } else { | 123 } else { |
132 cipherName = ssl3_cipherName[ss->sec.cipherType]; | 124 cipherName = ssl3_cipherName[ss->sec.cipherType]; |
133 } | 125 } |
134 PORT_Assert(cipherName); | 126 PORT_Assert(cipherName); |
135 if (cipherName) { | 127 if (cipherName) { |
136 if (PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE; | 128 if (PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE; |
137 | 129 |
138 if (cp) { | 130 if (cp) { |
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
328 hostname = ss->url; | 320 hostname = ss->url; |
329 if (hostname && hostname[0]) | 321 if (hostname && hostname[0]) |
330 rv = CERT_VerifyCertName(ss->sec.peerCert, hostname); | 322 rv = CERT_VerifyCertName(ss->sec.peerCert, hostname); |
331 else | 323 else |
332 rv = SECFailure; | 324 rv = SECFailure; |
333 if (rv != SECSuccess) | 325 if (rv != SECSuccess) |
334 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); | 326 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); |
335 | 327 |
336 return rv; | 328 return rv; |
337 } | 329 } |
OLD | NEW |