OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 2847 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2858 * then buffer remaining bytes of ciphertext into pending buf, | 2858 * then buffer remaining bytes of ciphertext into pending buf, |
2859 * and continue to do that for all succssive records until all | 2859 * and continue to do that for all succssive records until all |
2860 * bytes are used. | 2860 * bytes are used. |
2861 * ssl_SEND_FLAG_FORCE_INTO_BUFFER | 2861 * ssl_SEND_FLAG_FORCE_INTO_BUFFER |
2862 * As above, except this suppresses all write attempts, and forces | 2862 * As above, except this suppresses all write attempts, and forces |
2863 * all ciphertext into the pending ciphertext buffer. | 2863 * all ciphertext into the pending ciphertext buffer. |
2864 * ssl_SEND_FLAG_USE_EPOCH (for DTLS) | 2864 * ssl_SEND_FLAG_USE_EPOCH (for DTLS) |
2865 * Forces the use of the provided epoch | 2865 * Forces the use of the provided epoch |
2866 * ssl_SEND_FLAG_CAP_RECORD_VERSION | 2866 * ssl_SEND_FLAG_CAP_RECORD_VERSION |
2867 * Caps the record layer version number of TLS ClientHello to { 3, 1 } | 2867 * Caps the record layer version number of TLS ClientHello to { 3, 1 } |
2868 * (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore | 2868 * (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore |
2869 * ClientHello.client_version and use the record layer version number | 2869 * ClientHello.client_version and use the record layer version number |
2870 * (TLSPlaintext.version) instead when negotiating protocol versions. In | 2870 * (TLSPlaintext.version) instead when negotiating protocol versions. In |
2871 * addition, if the record layer version number of ClientHello is { 3, 2 } | 2871 * addition, if the record layer version number of ClientHello is { 3, 2 } |
2872 * (TLS 1.1) or higher, these servers reset the TCP connections. Set this | 2872 * (TLS 1.1) or higher, these servers reset the TCP connections. Lastly, |
2873 * flag to work around such servers. | 2873 * some F5 BIG-IP servers hang if a record containing a ClientHello has a |
| 2874 * version greater than 0x0301 and a length greater than 255. Set this flag |
| 2875 * to work around such servers. |
2874 */ | 2876 */ |
2875 PRInt32 | 2877 PRInt32 |
2876 ssl3_SendRecord( sslSocket * ss, | 2878 ssl3_SendRecord( sslSocket * ss, |
2877 DTLSEpoch epoch, /* DTLS only */ | 2879 DTLSEpoch epoch, /* DTLS only */ |
2878 SSL3ContentType type, | 2880 SSL3ContentType type, |
2879 const SSL3Opaque * pIn, /* input buffer */ | 2881 const SSL3Opaque * pIn, /* input buffer */ |
2880 PRInt32 nIn, /* bytes of input */ | 2882 PRInt32 nIn, /* bytes of input */ |
2881 PRInt32 flags) | 2883 PRInt32 flags) |
2882 { | 2884 { |
2883 sslBuffer * wrBuf = &ss->sec.writeBuf; | 2885 sslBuffer * wrBuf = &ss->sec.writeBuf; |
(...skipping 2472 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5356 PORT_Assert(!maxBytes); | 5358 PORT_Assert(!maxBytes); |
5357 } | 5359 } |
5358 if (ss->ssl3.hs.sendingSCSV) { | 5360 if (ss->ssl3.hs.sendingSCSV) { |
5359 /* Since we sent the SCSV, pretend we sent empty RI extension. */ | 5361 /* Since we sent the SCSV, pretend we sent empty RI extension. */ |
5360 TLSExtensionData *xtnData = &ss->xtnData; | 5362 TLSExtensionData *xtnData = &ss->xtnData; |
5361 xtnData->advertised[xtnData->numAdvertised++] = | 5363 xtnData->advertised[xtnData->numAdvertised++] = |
5362 ssl_renegotiation_info_xtn; | 5364 ssl_renegotiation_info_xtn; |
5363 } | 5365 } |
5364 | 5366 |
5365 flags = 0; | 5367 flags = 0; |
5366 if (!ss->firstHsDone && !requestingResume && !IS_DTLS(ss)) { | 5368 if (!ss->firstHsDone && !IS_DTLS(ss)) { |
5367 flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION; | 5369 flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION; |
5368 } | 5370 } |
5369 rv = ssl3_FlushHandshake(ss, flags); | 5371 rv = ssl3_FlushHandshake(ss, flags); |
5370 if (rv != SECSuccess) { | 5372 if (rv != SECSuccess) { |
5371 return rv; /* error code set by ssl3_FlushHandshake */ | 5373 return rv; /* error code set by ssl3_FlushHandshake */ |
5372 } | 5374 } |
5373 | 5375 |
5374 ss->ssl3.hs.ws = wait_server_hello; | 5376 ss->ssl3.hs.ws = wait_server_hello; |
5375 return rv; | 5377 return rv; |
5376 } | 5378 } |
(...skipping 7091 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
12468 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12470 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
12469 } | 12471 } |
12470 } | 12472 } |
12471 | 12473 |
12472 ss->ssl3.initialized = PR_FALSE; | 12474 ss->ssl3.initialized = PR_FALSE; |
12473 | 12475 |
12474 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12476 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
12475 } | 12477 } |
12476 | 12478 |
12477 /* End of ssl3con.c */ | 12479 /* End of ssl3con.c */ |
OLD | NEW |