OLD | NEW |
1 /* | 1 /* |
2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
4 * Various other functions. | 4 * Various other functions. |
5 * | 5 * |
6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
9 #include "seccomon.h" | 9 #include "seccomon.h" |
10 #include "cert.h" | 10 #include "cert.h" |
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
166 PR_TRUE, /* detectRollBack */ | 166 PR_TRUE, /* detectRollBack */ |
167 PR_FALSE, /* noStepDown */ | 167 PR_FALSE, /* noStepDown */ |
168 PR_FALSE, /* bypassPKCS11 */ | 168 PR_FALSE, /* bypassPKCS11 */ |
169 PR_FALSE, /* noLocks */ | 169 PR_FALSE, /* noLocks */ |
170 PR_FALSE, /* enableSessionTickets */ | 170 PR_FALSE, /* enableSessionTickets */ |
171 PR_FALSE, /* enableDeflate */ | 171 PR_FALSE, /* enableDeflate */ |
172 2, /* enableRenegotiation (default: requires extension) */ | 172 2, /* enableRenegotiation (default: requires extension) */ |
173 PR_FALSE, /* requireSafeNegotiation */ | 173 PR_FALSE, /* requireSafeNegotiation */ |
174 PR_FALSE, /* enableFalseStart */ | 174 PR_FALSE, /* enableFalseStart */ |
175 PR_TRUE, /* cbcRandomIV */ | 175 PR_TRUE, /* cbcRandomIV */ |
176 PR_FALSE /* enableOCSPStapling */ | 176 PR_FALSE, /* enableOCSPStapling */ |
| 177 PR_FALSE /* enableSignedCertTimestamps */ |
177 }; | 178 }; |
178 | 179 |
179 /* | 180 /* |
180 * default range of enabled SSL/TLS protocols | 181 * default range of enabled SSL/TLS protocols |
181 */ | 182 */ |
182 static SSLVersionRange versions_defaults_stream = { | 183 static SSLVersionRange versions_defaults_stream = { |
183 SSL_LIBRARY_VERSION_3_0, | 184 SSL_LIBRARY_VERSION_3_0, |
184 SSL_LIBRARY_VERSION_TLS_1_0 | 185 SSL_LIBRARY_VERSION_TLS_1_0 |
185 }; | 186 }; |
186 | 187 |
(...skipping 671 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
858 break; | 859 break; |
859 | 860 |
860 case SSL_CBC_RANDOM_IV: | 861 case SSL_CBC_RANDOM_IV: |
861 ss->opt.cbcRandomIV = on; | 862 ss->opt.cbcRandomIV = on; |
862 break; | 863 break; |
863 | 864 |
864 case SSL_ENABLE_OCSP_STAPLING: | 865 case SSL_ENABLE_OCSP_STAPLING: |
865 ss->opt.enableOCSPStapling = on; | 866 ss->opt.enableOCSPStapling = on; |
866 break; | 867 break; |
867 | 868 |
| 869 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
| 870 ss->opt.enableSignedCertTimestamps = on; |
| 871 break; |
| 872 |
868 default: | 873 default: |
869 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 874 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
870 rv = SECFailure; | 875 rv = SECFailure; |
871 } | 876 } |
872 | 877 |
873 /* We can't use the macros for releasing the locks here, | 878 /* We can't use the macros for releasing the locks here, |
874 * because ss->opt.noLocks might have changed just above. | 879 * because ss->opt.noLocks might have changed just above. |
875 * We must release these locks (monitors) here, if we aquired them above, | 880 * We must release these locks (monitors) here, if we aquired them above, |
876 * regardless of the current value of ss->opt.noLocks. | 881 * regardless of the current value of ss->opt.noLocks. |
877 */ | 882 */ |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
928 on = ss->opt.enableSessionTickets; | 933 on = ss->opt.enableSessionTickets; |
929 break; | 934 break; |
930 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; | 935 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; |
931 case SSL_ENABLE_RENEGOTIATION: | 936 case SSL_ENABLE_RENEGOTIATION: |
932 on = ss->opt.enableRenegotiation; break; | 937 on = ss->opt.enableRenegotiation; break; |
933 case SSL_REQUIRE_SAFE_NEGOTIATION: | 938 case SSL_REQUIRE_SAFE_NEGOTIATION: |
934 on = ss->opt.requireSafeNegotiation; break; | 939 on = ss->opt.requireSafeNegotiation; break; |
935 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; | 940 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; |
936 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; | 941 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; |
937 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; | 942 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; |
| 943 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
| 944 on = ss->opt.enableSignedCertTimestamps; |
| 945 break; |
938 | 946 |
939 default: | 947 default: |
940 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 948 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
941 rv = SECFailure; | 949 rv = SECFailure; |
942 } | 950 } |
943 | 951 |
944 ssl_ReleaseSSL3HandshakeLock(ss); | 952 ssl_ReleaseSSL3HandshakeLock(ss); |
945 ssl_Release1stHandshakeLock(ss); | 953 ssl_Release1stHandshakeLock(ss); |
946 | 954 |
947 *pOn = on; | 955 *pOn = on; |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
989 case SSL_ENABLE_RENEGOTIATION: | 997 case SSL_ENABLE_RENEGOTIATION: |
990 on = ssl_defaults.enableRenegotiation; break; | 998 on = ssl_defaults.enableRenegotiation; break; |
991 case SSL_REQUIRE_SAFE_NEGOTIATION: | 999 case SSL_REQUIRE_SAFE_NEGOTIATION: |
992 on = ssl_defaults.requireSafeNegotiation; | 1000 on = ssl_defaults.requireSafeNegotiation; |
993 break; | 1001 break; |
994 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; | 1002 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; |
995 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; | 1003 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; |
996 case SSL_ENABLE_OCSP_STAPLING: | 1004 case SSL_ENABLE_OCSP_STAPLING: |
997 on = ssl_defaults.enableOCSPStapling; | 1005 on = ssl_defaults.enableOCSPStapling; |
998 break; | 1006 break; |
| 1007 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
| 1008 on = ssl_defaults.enableSignedCertTimestamps; |
| 1009 break; |
999 | 1010 |
1000 default: | 1011 default: |
1001 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1012 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1002 rv = SECFailure; | 1013 rv = SECFailure; |
1003 } | 1014 } |
1004 | 1015 |
1005 *pOn = on; | 1016 *pOn = on; |
1006 return rv; | 1017 return rv; |
1007 } | 1018 } |
1008 | 1019 |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1156 break; | 1167 break; |
1157 | 1168 |
1158 case SSL_CBC_RANDOM_IV: | 1169 case SSL_CBC_RANDOM_IV: |
1159 ssl_defaults.cbcRandomIV = on; | 1170 ssl_defaults.cbcRandomIV = on; |
1160 break; | 1171 break; |
1161 | 1172 |
1162 case SSL_ENABLE_OCSP_STAPLING: | 1173 case SSL_ENABLE_OCSP_STAPLING: |
1163 ssl_defaults.enableOCSPStapling = on; | 1174 ssl_defaults.enableOCSPStapling = on; |
1164 break; | 1175 break; |
1165 | 1176 |
| 1177 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
| 1178 ssl_defaults.enableSignedCertTimestamps = on; |
| 1179 break; |
| 1180 |
1166 default: | 1181 default: |
1167 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1182 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1168 return SECFailure; | 1183 return SECFailure; |
1169 } | 1184 } |
1170 return SECSuccess; | 1185 return SECSuccess; |
1171 } | 1186 } |
1172 | 1187 |
1173 /* function tells us if the cipher suite is one that we no longer support. */ | 1188 /* function tells us if the cipher suite is one that we no longer support. */ |
1174 static PRBool | 1189 static PRBool |
1175 ssl_IsRemovedCipherSuite(PRInt32 suite) | 1190 ssl_IsRemovedCipherSuite(PRInt32 suite) |
(...skipping 810 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1986 } | 2001 } |
1987 | 2002 |
1988 if (!ss->sec.ci.sid) { | 2003 if (!ss->sec.ci.sid) { |
1989 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); | 2004 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); |
1990 return NULL; | 2005 return NULL; |
1991 } | 2006 } |
1992 | 2007 |
1993 return &ss->sec.ci.sid->peerCertStatus; | 2008 return &ss->sec.ci.sid->peerCertStatus; |
1994 } | 2009 } |
1995 | 2010 |
| 2011 const SECItem * |
| 2012 SSL_PeerSignedCertTimestamps(PRFileDesc *fd) |
| 2013 { |
| 2014 sslSocket *ss = ssl_FindSocket(fd); |
| 2015 |
| 2016 if (!ss) { |
| 2017 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps", |
| 2018 SSL_GETPID(), fd)); |
| 2019 return NULL; |
| 2020 } |
| 2021 |
| 2022 if (!ss->sec.ci.sid) { |
| 2023 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); |
| 2024 return NULL; |
| 2025 } |
| 2026 |
| 2027 if (ss->sec.ci.sid->version < SSL_LIBRARY_VERSION_3_0) { |
| 2028 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); |
| 2029 return NULL; |
| 2030 } |
| 2031 return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps; |
| 2032 } |
| 2033 |
1996 SECStatus | 2034 SECStatus |
1997 SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) { | 2035 SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) { |
1998 sslSocket *ss = ssl_FindSocket(fd); | 2036 sslSocket *ss = ssl_FindSocket(fd); |
1999 | 2037 |
2000 if (!ss) { | 2038 if (!ss) { |
2001 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession", | 2039 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession", |
2002 SSL_GETPID(), fd)); | 2040 SSL_GETPID(), fd)); |
2003 return SECFailure; | 2041 return SECFailure; |
2004 } | 2042 } |
2005 | 2043 |
(...skipping 1120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3126 if (status != SECSuccess) { | 3164 if (status != SECSuccess) { |
3127 loser: | 3165 loser: |
3128 ssl_DestroySocketContents(ss); | 3166 ssl_DestroySocketContents(ss); |
3129 ssl_DestroyLocks(ss); | 3167 ssl_DestroyLocks(ss); |
3130 PORT_Free(ss); | 3168 PORT_Free(ss); |
3131 ss = NULL; | 3169 ss = NULL; |
3132 } | 3170 } |
3133 } | 3171 } |
3134 return ss; | 3172 return ss; |
3135 } | 3173 } |
3136 | |
OLD | NEW |