Make SSL False Start work with asynchronous certificate validation

net/third_party/nss/ssl/sslsock.c

 /*
  * vtables (and methods that call through them) for the 4 types of 
  * SSLSockets supported.  Only one type is still supported.
  * Various other functions.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "seccomon.h"
 #include "cert.h"
@@ skipping 348 matching lines @@
 #ifdef NSS_PLATFORM_CLIENT_AUTH
             ss->getPlatformClientAuthData    = os->getPlatformClientAuthData;
             ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
 #endif
             ss->sniSocketConfig       = os->sniSocketConfig;
             ss->sniSocketConfigArg    = os->sniSocketConfigArg;
             ss->handleBadCert         = os->handleBadCert;
             ss->badCertArg            = os->badCertArg;
             ss->handshakeCallback     = os->handshakeCallback;
             ss->handshakeCallbackData = os->handshakeCallbackData;
+            ss->canFalseStartCallback = os->canFalseStartCallback;
+            ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
             ss->pkcs11PinArg          = os->pkcs11PinArg;
             ss->getChannelID          = os->getChannelID;
             ss->getChannelIDArg       = os->getChannelIDArg;
     
             /* Create security data */
             rv = ssl_CopySecurityInfo(ss, os);
             if (rv != SECSuccess) {
                 goto loser;
             }
         }
@@ skipping 2071 matching lines @@
                     ** but the initial handshake is blocked on write, or the 
                     ** client's first handshake record has not been written.
                     ** The code should select on write, not read.
                     */
                     new_flags ^=  PR_POLL_READ;    /* don't select on read. */
                     new_flags |=  PR_POLL_WRITE;   /* do    select on write. */
                 }
             } else if (new_flags & PR_POLL_WRITE) {
                     /* The caller is trying to write, but the handshake is 
                     ** blocked waiting for data to read, and the first 
-                    ** handshake has been sent.  so do NOT to poll on write.
+                    ** handshake has been sent.  So do NOT to poll on write
+                    ** unless we did false start.
                     */
-                    new_flags ^=  PR_POLL_WRITE;   /* don't select on write. */
-                    new_flags |=  PR_POLL_READ;    /* do    select on read. */
+                    if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
+                        ss->ssl3.hs.canFalseStart)) {

[wtc, 2013/10/17 00:10:53]

I think we can remove the ss->version >= SSL_LIBRARY_VERSION_3_0 check because
ss->ssl3.hs.canFalseStart can only be true if ss->version >=
SSL_LIBRARY_VERSION_3_0.

[briansmith, 2013/10/17 01:42:40]

I don't know if we can rely on ss->ssl3.hs being initialized correctly for the
SSL 2.0 case though, since ssl3_init was not called.

[wtc, 2013/10/17 15:28:14]

I see. I missed that.

+                        new_flags ^= PR_POLL_WRITE; /* don't select on write. */
+                    }
+                    new_flags |= PR_POLL_READ;      /* do    select on read. */
             }
         }
     } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
         *p_out_flags = PR_POLL_READ;    /* it's ready already. */
         return new_flags;
     } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
                (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
         new_flags |=  PR_POLL_WRITE;   /* also select on write. */
     }
 
@@ skipping 647 matching lines @@
 loser:
             ssl_DestroySocketContents(ss);
             ssl_DestroyLocks(ss);
             PORT_Free(ss);
             ss = NULL;
         }
     }
     return ss;
 }