| OLD | NEW |
|---|
| 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| 2 /* | 2 /* |
| 3 * SSL3 Protocol | 3 * SSL3 Protocol |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 | 8 |
| 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
| 10 | 10 |
| (...skipping 2847 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2858 * then buffer remaining bytes of ciphertext into pending buf, | 2858 * then buffer remaining bytes of ciphertext into pending buf, |
| 2859 * and continue to do that for all succssive records until all | 2859 * and continue to do that for all succssive records until all |
| 2860 * bytes are used. | 2860 * bytes are used. |
| 2861 * ssl_SEND_FLAG_FORCE_INTO_BUFFER | 2861 * ssl_SEND_FLAG_FORCE_INTO_BUFFER |
| 2862 * As above, except this suppresses all write attempts, and forces | 2862 * As above, except this suppresses all write attempts, and forces |
| 2863 * all ciphertext into the pending ciphertext buffer. | 2863 * all ciphertext into the pending ciphertext buffer. |
| 2864 * ssl_SEND_FLAG_USE_EPOCH (for DTLS) | 2864 * ssl_SEND_FLAG_USE_EPOCH (for DTLS) |
| 2865 * Forces the use of the provided epoch | 2865 * Forces the use of the provided epoch |
| 2866 * ssl_SEND_FLAG_CAP_RECORD_VERSION | 2866 * ssl_SEND_FLAG_CAP_RECORD_VERSION |
| 2867 * Caps the record layer version number of TLS ClientHello to { 3, 1 } | 2867 * Caps the record layer version number of TLS ClientHello to { 3, 1 } |
| 2868 * (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore | 2868 * (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore |
| 2869 * ClientHello.client_version and use the record layer version number | 2869 * ClientHello.client_version and use the record layer version number |
| 2870 * (TLSPlaintext.version) instead when negotiating protocol versions. In | 2870 * (TLSPlaintext.version) instead when negotiating protocol versions. In |
| 2871 * addition, if the record layer version number of ClientHello is { 3, 2 } | 2871 * addition, if the record layer version number of ClientHello is { 3, 2 } |
| 2872 * (TLS 1.1) or higher, these servers reset the TCP connections. Set this | 2872 * (TLS 1.1) or higher, these servers reset the TCP connections. Lastly, |
| 2873 * flag to work around such servers. | 2873 * some F5 BIG-IP servers hang if a record containing a ClientHello has a |
| 2874 * version greater than 0x0301 and a length greater than 255. Set this flag |
| 2875 * to work around such servers. |
| 2874 */ | 2876 */ |
| 2875 PRInt32 | 2877 PRInt32 |
| 2876 ssl3_SendRecord( sslSocket * ss, | 2878 ssl3_SendRecord( sslSocket * ss, |
| 2877 DTLSEpoch epoch, /* DTLS only */ | 2879 DTLSEpoch epoch, /* DTLS only */ |
| 2878 SSL3ContentType type, | 2880 SSL3ContentType type, |
| 2879 const SSL3Opaque * pIn, /* input buffer */ | 2881 const SSL3Opaque * pIn, /* input buffer */ |
| 2880 PRInt32 nIn, /* bytes of input */ | 2882 PRInt32 nIn, /* bytes of input */ |
| 2881 PRInt32 flags) | 2883 PRInt32 flags) |
| 2882 { | 2884 { |
| 2883 sslBuffer * wrBuf = &ss->sec.writeBuf; | 2885 sslBuffer * wrBuf = &ss->sec.writeBuf; |
| (...skipping 2472 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5356 PORT_Assert(!maxBytes); | 5358 PORT_Assert(!maxBytes); |
| 5357 } | 5359 } |
| 5358 if (ss->ssl3.hs.sendingSCSV) { | 5360 if (ss->ssl3.hs.sendingSCSV) { |
| 5359 /* Since we sent the SCSV, pretend we sent empty RI extension. */ | 5361 /* Since we sent the SCSV, pretend we sent empty RI extension. */ |
| 5360 TLSExtensionData *xtnData = &ss->xtnData; | 5362 TLSExtensionData *xtnData = &ss->xtnData; |
| 5361 xtnData->advertised[xtnData->numAdvertised++] = | 5363 xtnData->advertised[xtnData->numAdvertised++] = |
| 5362 ssl_renegotiation_info_xtn; | 5364 ssl_renegotiation_info_xtn; |
| 5363 } | 5365 } |
| 5364 | 5366 |
| 5365 flags = 0; | 5367 flags = 0; |
| 5366 if (!ss->firstHsDone && !requestingResume && !IS_DTLS(ss)) { | 5368 if (!ss->firstHsDone && !IS_DTLS(ss)) { |
| 5367 flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION; | 5369 flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION; |
| 5368 } | 5370 } |
| 5369 rv = ssl3_FlushHandshake(ss, flags); | 5371 rv = ssl3_FlushHandshake(ss, flags); |
| 5370 if (rv != SECSuccess) { | 5372 if (rv != SECSuccess) { |
| 5371 return rv; /* error code set by ssl3_FlushHandshake */ | 5373 return rv; /* error code set by ssl3_FlushHandshake */ |
| 5372 } | 5374 } |
| 5373 | 5375 |
| 5374 ss->ssl3.hs.ws = wait_server_hello; | 5376 ss->ssl3.hs.ws = wait_server_hello; |
| 5375 return rv; | 5377 return rv; |
| 5376 } | 5378 } |
| (...skipping 7091 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12468 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12470 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
| 12469 } | 12471 } |
| 12470 } | 12472 } |
| 12471 | 12473 |
| 12472 ss->ssl3.initialized = PR_FALSE; | 12474 ss->ssl3.initialized = PR_FALSE; |
| 12473 | 12475 |
| 12474 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12476 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 12475 } | 12477 } |
| 12476 | 12478 |
| 12477 /* End of ssl3con.c */ | 12479 /* End of ssl3con.c */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 25868004:
net: don't send resumption ClientHello records with versions > 0x0301. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src