OLD | NEW |
| (Empty) |
1 Index: mozilla/security/nss/lib/ssl/ssl3con.c | |
2 =================================================================== | |
3 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v | |
4 retrieving revision 1.142.2.4 | |
5 diff -u -p -u -8 -r1.142.2.4 ssl3con.c | |
6 --- mozilla/security/nss/lib/ssl/ssl3con.c 1 Sep 2010 19:47:11 -0000
1.142.2.4 | |
7 +++ mozilla/security/nss/lib/ssl/ssl3con.c 8 Dec 2010 06:55:49 -0000 | |
8 @@ -4832,24 +4832,18 @@ ssl3_SendCertificateVerify(sslSocket *ss | |
9 */ | |
10 slot = PK11_GetSlotFromPrivateKey(ss->ssl3.clientPrivateKey); | |
11 sid->u.ssl3.clAuthSeries = PK11_GetSlotSeries(slot); | |
12 sid->u.ssl3.clAuthSlotID = PK11_GetSlotID(slot); | |
13 sid->u.ssl3.clAuthModuleID = PK11_GetModuleID(slot); | |
14 sid->u.ssl3.clAuthValid = PR_TRUE; | |
15 PK11_FreeSlot(slot); | |
16 } | |
17 - /* If we're doing RSA key exchange, we're all done with the private key | |
18 - * here. Diffie-Hellman key exchanges need the client's | |
19 - * private key for the key exchange. | |
20 - */ | |
21 - if (ss->ssl3.hs.kea_def->exchKeyType == kt_rsa) { | |
22 - SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); | |
23 - ss->ssl3.clientPrivateKey = NULL; | |
24 - } | |
25 + SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); | |
26 + ss->ssl3.clientPrivateKey = NULL; | |
27 if (rv != SECSuccess) { | |
28 goto done; /* err code was set by ssl3_SignHashes */ | |
29 } | |
30 | |
31 rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, buf.len + 2); | |
32 if (rv != SECSuccess) { | |
33 goto done; /* error code set by AppendHandshake */ | |
34 } | |
35 @@ -4894,16 +4888,30 @@ ssl3_HandleServerHello(sslSocket *ss, SS | |
36 goto alert_loser; | |
37 } | |
38 if (ss->ssl3.hs.ws != wait_server_hello) { | |
39 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; | |
40 desc = unexpected_message; | |
41 goto alert_loser; | |
42 } | |
43 | |
44 + /* clean up anything left from previous handshake. */ | |
45 + if (ss->ssl3.clientCertChain != NULL) { | |
46 + CERT_DestroyCertificateList(ss->ssl3.clientCertChain); | |
47 + ss->ssl3.clientCertChain = NULL; | |
48 + } | |
49 + if (ss->ssl3.clientCertificate != NULL) { | |
50 + CERT_DestroyCertificate(ss->ssl3.clientCertificate); | |
51 + ss->ssl3.clientCertificate = NULL; | |
52 + } | |
53 + if (ss->ssl3.clientPrivateKey != NULL) { | |
54 + SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); | |
55 + ss->ssl3.clientPrivateKey = NULL; | |
56 + } | |
57 + | |
58 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); | |
59 if (temp < 0) { | |
60 goto loser; /* alert has been sent */ | |
61 } | |
62 version = (SSL3ProtocolVersion)temp; | |
63 | |
64 /* this is appropriate since the negotiation is complete, and we only | |
65 ** know SSL 3.x. | |
66 @@ -5449,29 +5457,19 @@ ssl3_HandleCertificateRequest(sslSocket | |
67 | |
68 if (ss->ssl3.hs.ws != wait_cert_request && | |
69 ss->ssl3.hs.ws != wait_server_key) { | |
70 desc = unexpected_message; | |
71 errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; | |
72 goto alert_loser; | |
73 } | |
74 | |
75 - /* clean up anything left from previous handshake. */ | |
76 - if (ss->ssl3.clientCertChain != NULL) { | |
77 - CERT_DestroyCertificateList(ss->ssl3.clientCertChain); | |
78 - ss->ssl3.clientCertChain = NULL; | |
79 - } | |
80 - if (ss->ssl3.clientCertificate != NULL) { | |
81 - CERT_DestroyCertificate(ss->ssl3.clientCertificate); | |
82 - ss->ssl3.clientCertificate = NULL; | |
83 - } | |
84 - if (ss->ssl3.clientPrivateKey != NULL) { | |
85 - SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); | |
86 - ss->ssl3.clientPrivateKey = NULL; | |
87 - } | |
88 + PORT_Assert(ss->ssl3.clientCertChain == NULL); | |
89 + PORT_Assert(ss->ssl3.clientCertificate == NULL); | |
90 + PORT_Assert(ss->ssl3.clientPrivateKey == NULL); | |
91 | |
92 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); | |
93 rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length); | |
94 if (rv != SECSuccess) | |
95 goto loser; /* malformed, alert has been sent */ | |
96 | |
97 arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
98 if (arena == NULL) | |
OLD | NEW |