Make SSL False Start work with asynchronous certificate validation

net/third_party/nss/ssl/sslimpl.h

Index: net/third_party/nss/ssl/sslimpl.h
===================================================================
--- net/third_party/nss/ssl/sslimpl.h	(revision 227672)
+++ net/third_party/nss/ssl/sslimpl.h	(working copy)
@@ -881,6 +881,8 @@
     /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */
     PRBool                cacheSID;
 
+    PRBool                canFalseStart;   /* Can/did we False Start */
+
     /* clientSigAndHash contains the contents of the signature_algorithms
      * extension (if any) from the client. This is only valid for TLS 1.2
      * or later. */
@@ -1162,6 +1164,10 @@
     unsigned long    clientAuthRequested;
     unsigned long    delayDisabled;       /* Nagle delay disabled */
     unsigned long    firstHsDone;         /* first handshake is complete. */
+    unsigned long    enoughFirstHsDone;   /* enough of the first handshake is
+					   * done for callbacks to be able to
+					   * retrieve channel security
+					   * parameters from the SSL socket. */
     unsigned long    handshakeBegun;     
     unsigned long    lastWriteBlocked;   
     unsigned long    recvdCloseNotify;    /* received SSL EOF. */
@@ -1210,6 +1216,8 @@
     void                     *badCertArg;
     SSLHandshakeCallback      handshakeCallback;
     void                     *handshakeCallbackData;
+    SSLCanFalseStartCallback  canFalseStartCallback;
+    void                     *canFalseStartCallbackData;
     void                     *pkcs11PinArg;
     SSLNextProtoCallback      nextProtoCallback;
     void                     *nextProtoArg;
@@ -1423,7 +1431,19 @@
 
 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled);
 
-extern PRBool    ssl3_CanFalseStart(sslSocket *ss);
+extern void      ssl_FinishHandshake(sslSocket *ss);
+
+/* Returns PR_TRUE if we are still waiting for the server to respond to
+ * our client second round. Once we've received any part of the server's second
+ * round then we don't botehr trying to false start, since it is almost always

[wtc, 2013/10/29 19:54:22]

1. Typo: botehr => bother

2. If the server sends the NewSessionTicket, ChangeCipherSoec, and
Finished messages in the same packet, I think NSS will handle the three
messages in one shot. So it seems that we will not try to false start in
the middle of the server's second round. It seems that this function is
only useful in the uncommon case that NSS cannot read the three messages
in the server's second round in one shot.

If you agree, then we should delete this function to simplify our code.

[briansmith, 2013/10/29 21:00:13]

Done.
The ChangeCipherSpec message is always in a record of type change_cipher_spec,
whereas NewSessionTicket and Finished are always in a record of type handshake.
So, these three messages can never appear together in one TLS record. The libssl
record parser only parses one record at a time. So, I think this function is
still useful.

+ * the case that the NewSessionTicket, ChangeCipherSoec, and Finished mesage

[wtc, 2013/10/29 01:21:51]

Typo: mesage => messages (two s'es and plural).

[briansmith, 2013/10/29 21:00:13]

Done.

+ * were sent in the same packet and we want to process them all at the same
+ * time. If we were to try to false start in the middle of the server's second
+ * round, then we would increase the number of I/O operations
+ * (SSL_ForceHandshake/PR_Recv/PR_Send/etc.) needed to finish the handshake.
+ */
+extern PRBool    ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss);
+
 extern SECStatus
 ssl3_CompressMACEncryptRecord(ssl3CipherSpec *   cwSpec,
 		              PRBool             isServer,