| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
| 3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
| 4 * Various other functions. | 4 * Various other functions. |
| 5 * | 5 * |
| 6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
| 7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 9 #include "seccomon.h" | 9 #include "seccomon.h" |
| 10 #include "cert.h" | 10 #include "cert.h" |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 166 PR_TRUE, /* detectRollBack */ | 166 PR_TRUE, /* detectRollBack */ |
| 167 PR_FALSE, /* noStepDown */ | 167 PR_FALSE, /* noStepDown */ |
| 168 PR_FALSE, /* bypassPKCS11 */ | 168 PR_FALSE, /* bypassPKCS11 */ |
| 169 PR_FALSE, /* noLocks */ | 169 PR_FALSE, /* noLocks */ |
| 170 PR_FALSE, /* enableSessionTickets */ | 170 PR_FALSE, /* enableSessionTickets */ |
| 171 PR_FALSE, /* enableDeflate */ | 171 PR_FALSE, /* enableDeflate */ |
| 172 2, /* enableRenegotiation (default: requires extension) */ | 172 2, /* enableRenegotiation (default: requires extension) */ |
| 173 PR_FALSE, /* requireSafeNegotiation */ | 173 PR_FALSE, /* requireSafeNegotiation */ |
| 174 PR_FALSE, /* enableFalseStart */ | 174 PR_FALSE, /* enableFalseStart */ |
| 175 PR_TRUE, /* cbcRandomIV */ | 175 PR_TRUE, /* cbcRandomIV */ |
| 176 PR_FALSE /* enableOCSPStapling */ | 176 PR_FALSE, /* enableOCSPStapling */ |
| 177 PR_FALSE /* enableSignedCertTimestamps */ |
| 177 }; | 178 }; |
| 178 | 179 |
| 179 /* | 180 /* |
| 180 * default range of enabled SSL/TLS protocols | 181 * default range of enabled SSL/TLS protocols |
| 181 */ | 182 */ |
| 182 static SSLVersionRange versions_defaults_stream = { | 183 static SSLVersionRange versions_defaults_stream = { |
| 183 SSL_LIBRARY_VERSION_3_0, | 184 SSL_LIBRARY_VERSION_3_0, |
| 184 SSL_LIBRARY_VERSION_TLS_1_0 | 185 SSL_LIBRARY_VERSION_TLS_1_0 |
| 185 }; | 186 }; |
| 186 | 187 |
| (...skipping 671 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 858 break; | 859 break; |
| 859 | 860 |
| 860 case SSL_CBC_RANDOM_IV: | 861 case SSL_CBC_RANDOM_IV: |
| 861 ss->opt.cbcRandomIV = on; | 862 ss->opt.cbcRandomIV = on; |
| 862 break; | 863 break; |
| 863 | 864 |
| 864 case SSL_ENABLE_OCSP_STAPLING: | 865 case SSL_ENABLE_OCSP_STAPLING: |
| 865 ss->opt.enableOCSPStapling = on; | 866 ss->opt.enableOCSPStapling = on; |
| 866 break; | 867 break; |
| 867 | 868 |
| 869 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
| 870 ss->opt.enableSignedCertTimestamps = on; |
| 871 break; |
| 872 |
| 868 default: | 873 default: |
| 869 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 874 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 870 rv = SECFailure; | 875 rv = SECFailure; |
| 871 } | 876 } |
| 872 | 877 |
| 873 /* We can't use the macros for releasing the locks here, | 878 /* We can't use the macros for releasing the locks here, |
| 874 * because ss->opt.noLocks might have changed just above. | 879 * because ss->opt.noLocks might have changed just above. |
| 875 * We must release these locks (monitors) here, if we aquired them above, | 880 * We must release these locks (monitors) here, if we aquired them above, |
| 876 * regardless of the current value of ss->opt.noLocks. | 881 * regardless of the current value of ss->opt.noLocks. |
| 877 */ | 882 */ |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 928 on = ss->opt.enableSessionTickets; | 933 on = ss->opt.enableSessionTickets; |
| 929 break; | 934 break; |
| 930 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; | 935 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; |
| 931 case SSL_ENABLE_RENEGOTIATION: | 936 case SSL_ENABLE_RENEGOTIATION: |
| 932 on = ss->opt.enableRenegotiation; break; | 937 on = ss->opt.enableRenegotiation; break; |
| 933 case SSL_REQUIRE_SAFE_NEGOTIATION: | 938 case SSL_REQUIRE_SAFE_NEGOTIATION: |
| 934 on = ss->opt.requireSafeNegotiation; break; | 939 on = ss->opt.requireSafeNegotiation; break; |
| 935 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; | 940 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; |
| 936 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; | 941 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; |
| 937 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; | 942 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; |
| 943 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
| 944 on = ss->opt.enableSignedCertTimestamps; |
| 945 break; |
| 938 | 946 |
| 939 default: | 947 default: |
| 940 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 948 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 941 rv = SECFailure; | 949 rv = SECFailure; |
| 942 } | 950 } |
| 943 | 951 |
| 944 ssl_ReleaseSSL3HandshakeLock(ss); | 952 ssl_ReleaseSSL3HandshakeLock(ss); |
| 945 ssl_Release1stHandshakeLock(ss); | 953 ssl_Release1stHandshakeLock(ss); |
| 946 | 954 |
| 947 *pOn = on; | 955 *pOn = on; |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 989 case SSL_ENABLE_RENEGOTIATION: | 997 case SSL_ENABLE_RENEGOTIATION: |
| 990 on = ssl_defaults.enableRenegotiation; break; | 998 on = ssl_defaults.enableRenegotiation; break; |
| 991 case SSL_REQUIRE_SAFE_NEGOTIATION: | 999 case SSL_REQUIRE_SAFE_NEGOTIATION: |
| 992 on = ssl_defaults.requireSafeNegotiation; | 1000 on = ssl_defaults.requireSafeNegotiation; |
| 993 break; | 1001 break; |
| 994 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; | 1002 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; |
| 995 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; | 1003 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; |
| 996 case SSL_ENABLE_OCSP_STAPLING: | 1004 case SSL_ENABLE_OCSP_STAPLING: |
| 997 on = ssl_defaults.enableOCSPStapling; | 1005 on = ssl_defaults.enableOCSPStapling; |
| 998 break; | 1006 break; |
| 1007 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
| 1008 on = ssl_defaults.enableSignedCertTimestamps; |
| 1009 break; |
| 999 | 1010 |
| 1000 default: | 1011 default: |
| 1001 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1012 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1002 rv = SECFailure; | 1013 rv = SECFailure; |
| 1003 } | 1014 } |
| 1004 | 1015 |
| 1005 *pOn = on; | 1016 *pOn = on; |
| 1006 return rv; | 1017 return rv; |
| 1007 } | 1018 } |
| 1008 | 1019 |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1156 break; | 1167 break; |
| 1157 | 1168 |
| 1158 case SSL_CBC_RANDOM_IV: | 1169 case SSL_CBC_RANDOM_IV: |
| 1159 ssl_defaults.cbcRandomIV = on; | 1170 ssl_defaults.cbcRandomIV = on; |
| 1160 break; | 1171 break; |
| 1161 | 1172 |
| 1162 case SSL_ENABLE_OCSP_STAPLING: | 1173 case SSL_ENABLE_OCSP_STAPLING: |
| 1163 ssl_defaults.enableOCSPStapling = on; | 1174 ssl_defaults.enableOCSPStapling = on; |
| 1164 break; | 1175 break; |
| 1165 | 1176 |
| 1177 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
| 1178 ssl_defaults.enableSignedCertTimestamps = on; |
| 1179 break; |
| 1180 |
| 1166 default: | 1181 default: |
| 1167 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1182 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1168 return SECFailure; | 1183 return SECFailure; |
| 1169 } | 1184 } |
| 1170 return SECSuccess; | 1185 return SECSuccess; |
| 1171 } | 1186 } |
| 1172 | 1187 |
| 1173 /* function tells us if the cipher suite is one that we no longer support. */ | 1188 /* function tells us if the cipher suite is one that we no longer support. */ |
| 1174 static PRBool | 1189 static PRBool |
| 1175 ssl_IsRemovedCipherSuite(PRInt32 suite) | 1190 ssl_IsRemovedCipherSuite(PRInt32 suite) |
| (...skipping 810 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1986 } | 2001 } |
| 1987 | 2002 |
| 1988 if (!ss->sec.ci.sid) { | 2003 if (!ss->sec.ci.sid) { |
| 1989 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); | 2004 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); |
| 1990 return NULL; | 2005 return NULL; |
| 1991 } | 2006 } |
| 1992 | 2007 |
| 1993 return &ss->sec.ci.sid->peerCertStatus; | 2008 return &ss->sec.ci.sid->peerCertStatus; |
| 1994 } | 2009 } |
| 1995 | 2010 |
| 2011 const SECItem * |
| 2012 SSL_PeerSignedCertTimestamps(PRFileDesc *fd) |
| 2013 { |
| 2014 sslSocket *ss = ssl_FindSocket(fd); |
| 2015 |
| 2016 if (!ss) { |
| 2017 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps", |
| 2018 SSL_GETPID(), fd)); |
| 2019 return NULL; |
| 2020 } |
| 2021 |
| 2022 if (!ss->sec.ci.sid) { |
| 2023 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); |
| 2024 return NULL; |
| 2025 } |
| 2026 |
| 2027 if (ss->sec.ci.sid->version < SSL_LIBRARY_VERSION_3_0) { |
| 2028 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); |
| 2029 return NULL; |
| 2030 } |
| 2031 return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps; |
| 2032 } |
| 2033 |
| 1996 SECStatus | 2034 SECStatus |
| 1997 SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) { | 2035 SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) { |
| 1998 sslSocket *ss = ssl_FindSocket(fd); | 2036 sslSocket *ss = ssl_FindSocket(fd); |
| 1999 | 2037 |
| 2000 if (!ss) { | 2038 if (!ss) { |
| 2001 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession", | 2039 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession", |
| 2002 SSL_GETPID(), fd)); | 2040 SSL_GETPID(), fd)); |
| 2003 return SECFailure; | 2041 return SECFailure; |
| 2004 } | 2042 } |
| 2005 | 2043 |
| (...skipping 1120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3126 if (status != SECSuccess) { | 3164 if (status != SECSuccess) { |
| 3127 loser: | 3165 loser: |
| 3128 ssl_DestroySocketContents(ss); | 3166 ssl_DestroySocketContents(ss); |
| 3129 ssl_DestroyLocks(ss); | 3167 ssl_DestroyLocks(ss); |
| 3130 PORT_Free(ss); | 3168 PORT_Free(ss); |
| 3131 ss = NULL; | 3169 ss = NULL; |
| 3132 } | 3170 } |
| 3133 } | 3171 } |
| 3134 return ss; | 3172 return ss; |
| 3135 } | 3173 } |
| 3136 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 64553002:
Certificate Transparency TLS extension patch for NSS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master