Back to index

lightning-sunbird  0.9+nobinonly
Defines | Typedefs | Functions | Variables
ssl.h File Reference
#include "prtypes.h"
#include "prerror.h"
#include "prio.h"
#include "seccomon.h"
#include "cert.h"
#include "keyt.h"
#include "sslt.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define SSL_IMPORT   extern
#define SSL_IS_SSL2_CIPHER(which)   (((which) & 0xfff0) == 0xff00)
#define SSL_SECURITY   1 /* (on by default) */
#define SSL_SOCKS   2 /* (off by default) */
#define SSL_REQUEST_CERTIFICATE   3 /* (off by default) */
#define SSL_HANDSHAKE_AS_CLIENT   5 /* force accept to hs as client */
#define SSL_HANDSHAKE_AS_SERVER   6 /* force connect to hs as server */
#define SSL_ENABLE_SSL2   7 /* enable ssl v2 (on by default) */
#define SSL_ENABLE_SSL3   8 /* enable ssl v3 (on by default) */
#define SSL_NO_CACHE   9 /* don't use the session cache */
#define SSL_REQUIRE_CERTIFICATE   10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */
#define SSL_ENABLE_FDX   11 /* permit simultaneous read/write */
#define SSL_V2_COMPATIBLE_HELLO   12 /* send v3 client hello in v2 fmt */
#define SSL_ENABLE_TLS   13 /* enable TLS (on by default) */
#define SSL_ROLLBACK_DETECTION   14 /* for compatibility, default: on */
#define SSL_NO_STEP_DOWN   15 /* Disable export cipher suites */
#define SSL_BYPASS_PKCS11   16 /* use PKCS#11 for pub key only */
#define SSL_NO_LOCKS   17 /* Don't use locks for protection */
#define SSL_NOT_ALLOWED   0 /* or invalid or unimplemented */
#define SSL_ALLOWED   1
#define SSL_RESTRICTED   2 /* only with "Step-Up" certs. */
#define SSL_REQUIRE_NEVER   ((PRBool)0)
#define SSL_REQUIRE_ALWAYS   ((PRBool)1)
#define SSL_REQUIRE_FIRST_HANDSHAKE   ((PRBool)2)
#define SSL_REQUIRE_NO_ERROR   ((PRBool)3)
#define SSL_SECURITY_STATUS_NOOPT   -1
#define SSL_SECURITY_STATUS_OFF   0
#define SSL_SECURITY_STATUS_ON_HIGH   1
#define SSL_SECURITY_STATUS_ON_LOW   2
#define SSL_SECURITY_STATUS_FORTEZZA   3 /* NO LONGER SUPPORTED */
#define SSL_ENV_VAR_NAME   "SSL_INHERITANCE"
#define SSL_CBP_SSL3   0x0001 /* test SSL v3 mechanisms */
#define SSL_CBP_TLS1_0   0x0002 /* test TLS v1.0 mechanisms */

Typedefs

typedef SECStatus(PR_CALLBACKSSLAuthCertificate )(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
typedef SECStatus(PR_CALLBACKSSLGetClientAuthData )(void *arg, PRFileDesc *fd, CERTDistNames *caNames, CERTCertificate **pRetCert, SECKEYPrivateKey **pRetKey)
typedef SECStatus(PR_CALLBACKSSLBadCertHandler )(void *arg, PRFileDesc *fd)
typedef void(PR_CALLBACKSSLHandshakeCallback )(PRFileDesc *fd, void *client_data)

Functions

SSL_IMPORT PRFileDescSSL_ImportFD (PRFileDesc *model, PRFileDesc *fd)
SSL_IMPORT SECStatus SSL_OptionSet (PRFileDesc *fd, PRInt32 option, PRBool on)
SSL_IMPORT SECStatus SSL_OptionGet (PRFileDesc *fd, PRInt32 option, PRBool *on)
SSL_IMPORT SECStatus SSL_OptionSetDefault (PRInt32 option, PRBool on)
SSL_IMPORT SECStatus SSL_OptionGetDefault (PRInt32 option, PRBool *on)
SSL_IMPORT SECStatus SSL_CertDBHandleSet (PRFileDesc *fd, CERTCertDBHandle *dbHandle)
SSL_IMPORT SECStatus SSL_CipherPrefSet (PRFileDesc *fd, PRInt32 cipher, PRBool enabled)
SSL_IMPORT SECStatus SSL_CipherPrefGet (PRFileDesc *fd, PRInt32 cipher, PRBool *enabled)
SSL_IMPORT SECStatus SSL_CipherPrefSetDefault (PRInt32 cipher, PRBool enabled)
SSL_IMPORT SECStatus SSL_CipherPrefGetDefault (PRInt32 cipher, PRBool *enabled)
SSL_IMPORT SECStatus SSL_CipherPolicySet (PRInt32 cipher, PRInt32 policy)
SSL_IMPORT SECStatus SSL_CipherPolicyGet (PRInt32 cipher, PRInt32 *policy)
SSL_IMPORT SECStatus SSL_ResetHandshake (PRFileDesc *fd, PRBool asServer)
SSL_IMPORT SECStatus SSL_ForceHandshake (PRFileDesc *fd)
SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout (PRFileDesc *fd, PRIntervalTime timeout)
SSL_IMPORT SECStatus SSL_SecurityStatus (PRFileDesc *fd, int *on, char **cipher, int *keySize, int *secretKeySize, char **issuer, char **subject)
SSL_IMPORT CERTCertificate * SSL_PeerCertificate (PRFileDesc *fd)
SSL_IMPORT SECStatus SSL_AuthCertificateHook (PRFileDesc *fd, SSLAuthCertificate f, void *arg)
SSL_IMPORT SECStatus SSL_AuthCertificate (void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
SSL_IMPORT SECStatus SSL_GetClientAuthDataHook (PRFileDesc *fd, SSLGetClientAuthData f, void *a)
SSL_IMPORT SECStatus SSL_SetPKCS11PinArg (PRFileDesc *fd, void *a)
SSL_IMPORT SECStatus SSL_BadCertHook (PRFileDesc *fd, SSLBadCertHandler f, void *arg)
SSL_IMPORT SECStatus SSL_ConfigSecureServer (PRFileDesc *fd, CERTCertificate *cert, SECKEYPrivateKey *key, SSLKEAType kea)
SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCache (int maxCacheEntries, PRUint32 timeout, PRUint32 ssl3_timeout, const char *directory)
SSL_IMPORT SECStatus SSL_ConfigMPServerSIDCache (int maxCacheEntries, PRUint32 timeout, PRUint32 ssl3_timeout, const char *directory)
SSL_IMPORT PRUint32 SSL_GetMaxServerCacheLocks (void)
SSL_IMPORT SECStatus SSL_SetMaxServerCacheLocks (PRUint32 maxLocks)
SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache (const char *envString)
SSL_IMPORT SECStatus SSL_HandshakeCallback (PRFileDesc *fd, SSLHandshakeCallback cb, void *client_data)
SSL_IMPORT SECStatus SSL_ReHandshake (PRFileDesc *fd, PRBool flushCache)
SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout (PRFileDesc *fd, PRBool flushCache, PRIntervalTime timeout)
SSL_IMPORT SECStatus SSL_SetURL (PRFileDesc *fd, const char *url)
SSL_IMPORT int SSL_DataPending (PRFileDesc *fd)
SSL_IMPORT SECStatus SSL_InvalidateSession (PRFileDesc *fd)
SSL_IMPORT SECItem * SSL_GetSessionID (PRFileDesc *fd)
SSL_IMPORT void SSL_ClearSessionCache (void)
SSL_IMPORT SECStatus SSL_ShutdownServerSessionIDCache (void)
SSL_IMPORT SECStatus SSL_SetSockPeerID (PRFileDesc *fd, char *peerID)
SSL_IMPORT CERTCertificate * SSL_RevealCert (PRFileDesc *socket)
SSL_IMPORT voidSSL_RevealPinArg (PRFileDesc *socket)
SSL_IMPORT char * SSL_RevealURL (PRFileDesc *socket)
SSL_IMPORT SECStatus NSS_GetClientAuthData (void *arg, PRFileDesc *socket, struct CERTDistNamesStr *caNames, struct CERTCertificateStr **pRetCert, struct SECKEYPrivateKeyStr **pRetKey)
SSL_IMPORT SECStatus NSS_CmpCertChainWCANames (CERTCertificate *cert, CERTDistNames *caNames)
SSL_IMPORT SSLKEAType NSS_FindCertKEAType (CERTCertificate *cert)
SSL_IMPORT SECStatus NSS_SetDomesticPolicy (void)
SSL_IMPORT SECStatus NSS_SetExportPolicy (void)
SSL_IMPORT SECStatus NSS_SetFrancePolicy (void)
SSL_IMPORT SSL3StatisticsSSL_GetStatistics (void)
SSL_IMPORT SECStatus SSL_GetChannelInfo (PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo (PRUint16 cipherSuite, SSLCipherSuiteInfo *info, PRUintn len)
SSL_IMPORT CERTCertificate * SSL_LocalCertificate (PRFileDesc *fd)
SSL_IMPORT SECStatus SSL_CanBypass (CERTCertificate *cert, SECKEYPrivateKey *privKey, PRUint32 protocolmask, PRUint16 *ciphers, int nciphers, PRBool *pcanbypass, void *pwArg)

Variables

SEC_BEGIN_PROTOS SSL_IMPORT
const PRUint16 
SSL_ImplementedCiphers []
SSL_IMPORT const PRUint16 SSL_NumImplementedCiphers

Define Documentation

Definition at line 153 of file ssl.h.

#define SSL_BYPASS_PKCS11   16 /* use PKCS#11 for pub key only */

Definition at line 113 of file ssl.h.

#define SSL_CBP_SSL3   0x0001 /* test SSL v3 mechanisms */

Definition at line 499 of file ssl.h.

#define SSL_CBP_TLS1_0   0x0002 /* test TLS v1.0 mechanisms */

Definition at line 500 of file ssl.h.

#define SSL_ENABLE_FDX   11 /* permit simultaneous read/write */

Definition at line 103 of file ssl.h.

#define SSL_ENABLE_SSL2   7 /* enable ssl v2 (on by default) */

Definition at line 97 of file ssl.h.

#define SSL_ENABLE_SSL3   8 /* enable ssl v3 (on by default) */

Definition at line 98 of file ssl.h.

#define SSL_ENABLE_TLS   13 /* enable TLS (on by default) */

Definition at line 107 of file ssl.h.

#define SSL_ENV_VAR_NAME   "SSL_INHERITANCE"

Definition at line 318 of file ssl.h.

Definition at line 93 of file ssl.h.

#define SSL_HANDSHAKE_AS_SERVER   6 /* force connect to hs as server */

Definition at line 95 of file ssl.h.

#define SSL_IMPORT   extern

Definition at line 56 of file ssl.h.

#define SSL_IS_SSL2_CIPHER (   which)    (((which) & 0xfff0) == 0xff00)

Definition at line 68 of file ssl.h.

#define SSL_NO_CACHE   9 /* don't use the session cache */

Definition at line 99 of file ssl.h.

#define SSL_NO_LOCKS   17 /* Don't use locks for protection */

Definition at line 114 of file ssl.h.

#define SSL_NO_STEP_DOWN   15 /* Disable export cipher suites */

Definition at line 109 of file ssl.h.

#define SSL_NOT_ALLOWED   0 /* or invalid or unimplemented */

Definition at line 152 of file ssl.h.

#define SSL_REQUEST_CERTIFICATE   3 /* (off by default) */

Definition at line 92 of file ssl.h.

Definition at line 158 of file ssl.h.

Definition at line 101 of file ssl.h.

Definition at line 159 of file ssl.h.

Definition at line 157 of file ssl.h.

Definition at line 160 of file ssl.h.

#define SSL_RESTRICTED   2 /* only with "Step-Up" certs. */

Definition at line 154 of file ssl.h.

#define SSL_ROLLBACK_DETECTION   14 /* for compatibility, default: on */

Definition at line 108 of file ssl.h.

#define SSL_SECURITY   1 /* (on by default) */

Definition at line 90 of file ssl.h.

#define SSL_SECURITY_STATUS_FORTEZZA   3 /* NO LONGER SUPPORTED */

Definition at line 201 of file ssl.h.

Definition at line 197 of file ssl.h.

Definition at line 198 of file ssl.h.

Definition at line 199 of file ssl.h.

Definition at line 200 of file ssl.h.

#define SSL_SOCKS   2 /* (off by default) */

Definition at line 91 of file ssl.h.

Definition at line 105 of file ssl.h.


Typedef Documentation

Definition at line 217 of file ssl.h.

Definition at line 265 of file ssl.h.

typedef SECStatus(PR_CALLBACK * SSLGetClientAuthData)(void *arg, PRFileDesc *fd, CERTDistNames *caNames, CERTCertificate **pRetCert, SECKEYPrivateKey **pRetKey)

Definition at line 236 of file ssl.h.

typedef void(PR_CALLBACK * SSLHandshakeCallback)(PRFileDesc *fd, void *client_data)

Definition at line 331 of file ssl.h.


Function Documentation

SSL_IMPORT SECStatus NSS_CmpCertChainWCANames ( CERTCertificate *  cert,
CERTDistNames *  caNames 
)

Definition at line 58 of file cmpcert.c.

{
  SECItem *         caname;
  CERTCertificate * curcert;
  CERTCertificate * oldcert;
  PRInt32           contentlen;
  int               j;
  int               headerlen;
  int               depth;
  SECStatus         rv;
  SECItem           issuerName;
  SECItem           compatIssuerName;

  if (!cert || !caNames || !caNames->nnames || !caNames->names ||
      !caNames->names->data)
    return SECFailure;
  depth=0;
  curcert = CERT_DupCertificate(cert);
  
  while( curcert ) {
    issuerName = curcert->derIssuer;
    
    /* compute an alternate issuer name for compatibility with 2.0
     * enterprise server, which send the CA names without
     * the outer layer of DER hearder
     */
    rv = DER_Lengths(&issuerName, &headerlen, (uint32 *)&contentlen);
    if ( rv == SECSuccess ) {
      compatIssuerName.data = &issuerName.data[headerlen];
      compatIssuerName.len = issuerName.len - headerlen;
    } else {
      compatIssuerName.data = NULL;
      compatIssuerName.len = 0;
    }
    
    for (j = 0; j < caNames->nnames; j++) {
      caname = &caNames->names[j];
      if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
       rv = SECSuccess;
       CERT_DestroyCertificate(curcert);
       goto done;
      } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
       rv = SECSuccess;
       CERT_DestroyCertificate(curcert);
       goto done;
      }
    }
    if ( ( depth <= 20 ) &&
        ( SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject)
          != SECEqual ) ) {
      oldcert = curcert;
      curcert = CERT_FindCertByName(curcert->dbhandle,
                                &curcert->derIssuer);
      CERT_DestroyCertificate(oldcert);
      depth++;
    } else {
      CERT_DestroyCertificate(curcert);
      curcert = NULL;
    }
  }
  rv = SECFailure;
  
done:
  return rv;
}
SSL_IMPORT SSLKEAType NSS_FindCertKEAType ( CERTCertificate *  cert)

Definition at line 47 of file nsskea.c.

{
  SSLKEAType keaType = kt_null; 
  int tag;
  
  if (!cert) goto loser;
  
  tag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
  
  switch (tag) {
  case SEC_OID_X500_RSA_ENCRYPTION:
  case SEC_OID_PKCS1_RSA_ENCRYPTION:
    keaType = kt_rsa;
    break;
  case SEC_OID_X942_DIFFIE_HELMAN_KEY:
    keaType = kt_dh;
    break;
#ifdef NSS_ENABLE_ECC
  case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
    keaType = kt_ecdh;
    break;
#endif /* NSS_ENABLE_ECC */
  default:
    keaType = kt_null;
  }
  
 loser:
  
  return keaType;

}
SSL_IMPORT SECStatus NSS_GetClientAuthData ( void arg,
PRFileDesc socket,
struct CERTDistNamesStr caNames,
struct CERTCertificateStr **  pRetCert,
struct SECKEYPrivateKeyStr **  pRetKey 
)

Definition at line 59 of file authcert.c.

{
  CERTCertificate *  cert = NULL;
  SECKEYPrivateKey * privkey = NULL;
  char *             chosenNickName = (char *)arg;    /* CONST */
  void *             proto_win  = NULL;
  SECStatus          rv         = SECFailure;
  
  proto_win = SSL_RevealPinArg(socket);
  
  if (chosenNickName) {
    cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
                                    chosenNickName, certUsageSSLClient,
                                    PR_FALSE, proto_win);      
    if ( cert ) {
      privkey = PK11_FindKeyByAnyCert(cert, proto_win);
      if ( privkey ) {
       rv = SECSuccess;
      } else {
       CERT_DestroyCertificate(cert);
      }
    }
  } else { /* no name given, automatically find the right cert. */
    CERTCertNicknames * names;
    int                 i;
      
    names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
                              SEC_CERT_NICKNAMES_USER, proto_win);
    if (names != NULL) {
      for (i = 0; i < names->numnicknames; i++) {
       cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
                            names->nicknames[i], certUsageSSLClient,
                            PR_FALSE, proto_win);       
       if ( !cert )
         continue;
       /* Only check unexpired certs */
       if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) != 
           secCertTimeValid ) {
         CERT_DestroyCertificate(cert);
         continue;
       }
       rv = NSS_CmpCertChainWCANames(cert, caNames);
       if ( rv == SECSuccess ) {
         privkey = PK11_FindKeyByAnyCert(cert, proto_win);
         if ( privkey )
           break;
       }
       rv = SECFailure;
       CERT_DestroyCertificate(cert);
      } 
      CERT_FreeNicknames(names);
    }
  }
  if (rv == SECSuccess) {
    *pRetCert = cert;
    *pRetKey  = privkey;
  }
  return rv;
}

Definition at line 1104 of file sslsock.c.

{
#ifndef EXPORT_VERSION
    SECStatus      status = SECSuccess;
    cipherPolicy * policy;

    for (policy = ssl_ciphers; policy->cipher != 0; ++policy) {
       status = SSL_SetPolicy(policy->cipher, SSL_ALLOWED);
       if (status != SECSuccess)
           break;
    }
    return status;
#else
    return NSS_SetExportPolicy();
#endif
}

Here is the caller graph for this function:

Definition at line 1122 of file sslsock.c.

{
    SECStatus      status = SECSuccess;
    cipherPolicy * policy;

    for (policy = ssl_ciphers; policy->cipher != 0; ++policy) {
       status = SSL_SetPolicy(policy->cipher, policy->export);
       if (status != SECSuccess)
           break;
    }
    return status;
}

Here is the caller graph for this function:

Definition at line 1136 of file sslsock.c.

{
    SECStatus      status = SECSuccess;
    cipherPolicy * policy;

    for (policy = ssl_ciphers; policy->cipher != 0; ++policy) {
       status = SSL_SetPolicy(policy->cipher, policy->france);
       if (status != SECSuccess)
           break;
    }
    return status;
}
SSL_IMPORT SECStatus SSL_AuthCertificate ( void arg,
PRFileDesc fd,
PRBool  checkSig,
PRBool  isServer 
)

Definition at line 235 of file sslauth.c.

{
    SECStatus          rv;
    CERTCertDBHandle * handle;
    sslSocket *        ss;
    SECCertUsage       certUsage;
    const char *             hostname    = NULL;
    
    ss = ssl_FindSocket(fd);
    PORT_Assert(ss != NULL);
    if (!ss) {
       return SECFailure;
    }

    handle = (CERTCertDBHandle *)arg;

    /* this may seem backwards, but isn't. */
    certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;

    rv = CERT_VerifyCertNow(handle, ss->sec.peerCert, checkSig, certUsage,
                         ss->pkcs11PinArg);

    if ( rv != SECSuccess || isServer )
       return rv;
  
    /* cert is OK.  This is the client side of an SSL connection.
     * Now check the name field in the cert against the desired hostname.
     * NB: This is our only defense against Man-In-The-Middle (MITM) attacks!
     */
    hostname = ss->url;
    if (hostname && hostname[0])
       rv = CERT_VerifyCertName(ss->sec.peerCert, hostname);
    else 
       rv = SECFailure;
    if (rv != SECSuccess)
       PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);

    return rv;
}

Here is the caller graph for this function:

Definition at line 176 of file sslauth.c.

{
    sslSocket *ss;

    ss = ssl_FindSocket(s);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in AuthCertificateHook",
               SSL_GETPID(), s));
       return SECFailure;
    }

    ss->authCertificate = func;
    ss->authCertificateArg = arg;

    return SECSuccess;
}

Here is the caller graph for this function:

Definition at line 1201 of file sslsecur.c.

{
    sslSocket *ss;
    
    ss = ssl_FindSocket(fd);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in SSLBadCertHook",
               SSL_GETPID(), fd));
       return SECFailure;
    }

    ss->handleBadCert = f;
    ss->badCertArg = arg;

    return SECSuccess;
}

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_CanBypass ( CERTCertificate *  cert,
SECKEYPrivateKey *  privKey,
PRUint32  protocolmask,
PRUint16 ciphers,
int  nciphers,
PRBool pcanbypass,
void pwArg 
)

Definition at line 566 of file derive.c.

{   SECStatus       rv;
    int                    i;
    PRUint16        suite;
    PK11SymKey *      pms = NULL;
    SECKEYPublicKey * srvPubkey = NULL;
    KeyType         privKeytype;
    PK11SlotInfo *    slot = NULL;
    SECItem           param;
    CK_VERSION             version;
    CK_MECHANISM_TYPE mechanism_array[2];
    SECItem           enc_pms = {siBuffer, NULL, 0};
    PRBool          isTLS = PR_FALSE;
    PRBool          isDH = PR_FALSE;
    SSLCipherSuiteInfo csdef;
    PRBool          extractable;
    PRBool          testrsa = PR_FALSE;
    PRBool          testrsa_export = PR_FALSE;
    PRBool          testecdh = PR_FALSE;
    PRBool          testecdhe = PR_FALSE;

    if (!cert || !srvPrivkey || !ciphersuites || !pcanbypass) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }
    
    srvPubkey = CERT_ExtractPublicKey(cert);
    if (!srvPubkey)
        return SECFailure;
       
    *pcanbypass = PR_TRUE;
    rv = SECFailure;
    
    /* determine which KEAs to test */
    for (i=0; i < nsuites && (suite = *ciphersuites++) != NULL; i++) {
       /* skip SSL2 cipher suites and ones NSS doesn't support */
       if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess
           || SSL_IS_SSL2_CIPHER(suite) )
           continue;
       switch (csdef.keaType) {
       case ssl_kea_rsa:
           switch (csdef.cipherSuite) {
           case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
           case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
           case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
           case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
              testrsa_export = PR_TRUE;
           }
           if (!testrsa_export)
              testrsa = PR_TRUE;
           break;
       case ssl_kea_ecdh:
           if (strcmp(csdef.keaTypeName, "ECDHE") == 0) /* ephemeral? */
              testecdhe = PR_TRUE;
           else
              testecdh = PR_TRUE;
           break;
       case ssl_kea_dh:
           /* this is actually DHE */
       default:
           continue;
       }
    }
    
    /* For each protocol try to derive and extract an MS.
     * Failure of any function except MS extract means
     * continue with the next cipher test. Stop testing when the list is
     * exhausted or when the first MS extract--not derive--fails.
     */
    privKeytype = SECKEY_GetPrivateKeyType(srvPrivkey);
    protocolmask &= SSL_CBP_SSL3|SSL_CBP_TLS1_0;
    while (protocolmask) {
       if (protocolmask & SSL_CBP_SSL3) {
           isTLS = PR_FALSE;
           protocolmask ^= SSL_CBP_SSL3;
       } else {
           isTLS = PR_TRUE;
           protocolmask ^= SSL_CBP_TLS1_0;
       }

       if (privKeytype == rsaKey && testrsa_export) {
           if (PK11_GetPrivateModulusLen(srvPrivkey) > EXPORT_RSA_KEY_LENGTH) {
              *pcanbypass = PR_FALSE;
              rv = SECSuccess;
              break;
           } else
              testrsa = PR_TRUE;
       }
       for (; privKeytype == rsaKey && testrsa; ) {
           /* TLS_RSA */
           unsigned char     rsaPmsBuf[SSL3_RSA_PMS_LENGTH];
           unsigned int      outLen = 0;
           CK_MECHANISM_TYPE target;
           SECStatus       irv;
           
           mechanism_array[0] = CKM_SSL3_PRE_MASTER_KEY_GEN;
           mechanism_array[1] = CKM_RSA_PKCS;

           slot = PK11_GetBestSlotMultiple(mechanism_array, 2, pwArg);
           if (slot == NULL) {
              PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND);
              break;
           }

           /* Generate the pre-master secret ...  (client side) */
           version.major = 3 /*MSB(clientHelloVersion)*/;
           version.minor = 0 /*LSB(clientHelloVersion)*/;
           param.data = (unsigned char *)&version;
           param.len  = sizeof version;
           pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN, &param, 0, pwArg);
           PK11_FreeSlot(slot);
           if (!pms)
              break;
           /* now wrap it */
           enc_pms.len  = SECKEY_PublicKeyStrength(srvPubkey);
           enc_pms.data = (unsigned char*)PORT_Alloc(enc_pms.len);
           irv = PK11_PubWrapSymKey(CKM_RSA_PKCS, srvPubkey, pms, &enc_pms);
           if (irv != SECSuccess) 
              break;
           PK11_FreeSymKey(pms);
           /* now do the server side--check the triple bypass first */
           rv = PK11_PrivDecryptPKCS1(srvPrivkey, rsaPmsBuf, &outLen,
                                   sizeof rsaPmsBuf,
                                   (unsigned char *)enc_pms.data,
                                   enc_pms.len);
           /* if decrypt worked we're done with the RSA test */
           if (rv == SECSuccess) {
              *pcanbypass = PR_TRUE;
              break;
           }
           /* check for fallback to double bypass */
           target = isTLS ? CKM_TLS_MASTER_KEY_DERIVE
                     : CKM_SSL3_MASTER_KEY_DERIVE;
           pms = PK11_PubUnwrapSymKey(srvPrivkey, &enc_pms,
                                   target, CKA_DERIVE, 0);
           rv = ssl_canExtractMS(pms, isTLS, PR_FALSE, pcanbypass);
           if (rv == SECSuccess && *pcanbypass == PR_FALSE)
              goto done;
           break;
       }
#ifdef NSS_ENABLE_ECC
       for (; (privKeytype == ecKey && ( testecdh || testecdhe)) ||
              (privKeytype == rsaKey && testecdhe); ) {
           CK_MECHANISM_TYPE target;
           SECKEYPublicKey  *keapub = NULL;
           SECKEYPrivateKey *keapriv;
           SECKEYPublicKey  *cpub = NULL; /* client's ephemeral ECDH keys */
           SECKEYPrivateKey *cpriv = NULL;
           SECKEYECParams    ecParams = { siBuffer, NULL, 0 },
                           *pecParams;

           if (privKeytype == ecKey && testecdhe) {
              /* TLS_ECDHE_ECDSA */
              pecParams = &srvPubkey->u.ec.DEREncodedParams;
           } else if (privKeytype == rsaKey && testecdhe) {
              /* TLS_ECDHE_RSA */
              ECName       ec_curve;
              int            serverKeyStrengthInBits;
              int            signatureKeyStrength;
              int            requiredECCbits;

              /* find a curve of equivalent strength to the RSA key's */
              requiredECCbits = PK11_GetPrivateModulusLen(srvPrivkey);
              if (requiredECCbits < 0)
                  break;
              requiredECCbits *= BPB;
              serverKeyStrengthInBits = srvPubkey->u.rsa.modulus.len;
              if (srvPubkey->u.rsa.modulus.data[0] == 0) {
                  serverKeyStrengthInBits--;
              }
              /* convert to strength in bits */
              serverKeyStrengthInBits *= BPB;

              signatureKeyStrength =
                  SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);

              if ( requiredECCbits > signatureKeyStrength ) 
                   requiredECCbits = signatureKeyStrength;

              ec_curve =
                  ssl3_GetCurveWithECKeyStrength(SSL3_SUPPORTED_CURVES_MASK,
                                             requiredECCbits);
              rv = ssl3_ECName2Params(NULL, ec_curve, &ecParams);
              if (rv == SECFailure) {
                  break;
              }
              pecParams = &ecParams;
           }

           if (testecdhe) {
              /* generate server's ephemeral keys */
              keapriv = SECKEY_CreateECPrivateKey(pecParams, &keapub, NULL); 
              if (!keapriv || !keapub) {
                  if (keapriv)
                     SECKEY_DestroyPrivateKey(keapriv);
                  if (keapub)
                     SECKEY_DestroyPublicKey(keapub);
                  PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
                  rv = SECFailure;
                  break;
              }
           } else {
              /* TLS_ECDH_ECDSA */
              keapub = srvPubkey;
              keapriv = srvPrivkey;
              pecParams = &srvPubkey->u.ec.DEREncodedParams;
           }

           /* perform client side ops */
           /* generate a pair of ephemeral keys using server's parms */
           cpriv = SECKEY_CreateECPrivateKey(pecParams, &cpub, NULL);
           if (!cpriv || !cpub) {
              if (testecdhe) {
                  SECKEY_DestroyPrivateKey(keapriv);
                  SECKEY_DestroyPublicKey(keapub);
              }
              PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
              rv = SECFailure;
              break;
           }
           /* now do the server side */
           /* determine the PMS using client's public value */
           target = isTLS ? CKM_TLS_MASTER_KEY_DERIVE_DH
                        : CKM_SSL3_MASTER_KEY_DERIVE_DH;
           pms = PK11_PubDeriveWithKDF(keapriv, cpub, PR_FALSE, NULL, NULL,
                                CKM_ECDH1_DERIVE,
                                target,
                                CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
           rv = ssl_canExtractMS(pms, isTLS, PR_TRUE, pcanbypass);
           SECKEY_DestroyPrivateKey(cpriv);
           SECKEY_DestroyPublicKey(cpub);
           if (testecdhe) {
              SECKEY_DestroyPrivateKey(keapriv);
              SECKEY_DestroyPublicKey(keapub);
              if (privKeytype == rsaKey)
                  PORT_Free(ecParams.data);
           }
           if (rv == SECSuccess && *pcanbypass == PR_FALSE)
              goto done;
           break;
       }
#endif /* NSS_ENABLE_ECC */
       if (pms)
           PK11_FreeSymKey(pms);
    }

    /* *pcanbypass has been set */
    rv = SECSuccess;
    
  done:
    if (pms)
       PK11_FreeSymKey(pms);

    SECITEM_FreeItem(&enc_pms, PR_FALSE);

    if (srvPubkey) {
       SECKEY_DestroyPublicKey(srvPubkey);
       srvPubkey = NULL;
    }


    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_CertDBHandleSet ( PRFileDesc fd,
CERTCertDBHandle *  dbHandle 
)

Definition at line 1334 of file sslsecur.c.

{
    sslSocket *    ss;

    ss = ssl_FindSocket(fd);
    if (!ss)
       return SECFailure;
    if (!dbHandle) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    ss->dbHandle = dbHandle;
    return SECSuccess;
}

Definition at line 975 of file sslsock.c.

{
    SECStatus rv;

    if (!oPolicy) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    if (ssl_IsRemovedCipherSuite(which)) {
       *oPolicy = SSL_NOT_ALLOWED;
       rv = SECSuccess;
    } else if (SSL_IS_SSL2_CIPHER(which)) {
       rv = ssl2_GetPolicy(which, oPolicy);
    } else {
       rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
    }
    return rv;
}

Definition at line 960 of file sslsock.c.

{
    SECStatus rv;

    if (ssl_IsRemovedCipherSuite(which)) {
       rv = SECSuccess;
    } else if (SSL_IS_SSL2_CIPHER(which)) {
       rv = ssl2_SetPolicy(which, policy);
    } else {
       rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
    }
    return rv;
}

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_CipherPrefGet ( PRFileDesc fd,
PRInt32  cipher,
PRBool enabled 
)

Definition at line 1078 of file sslsock.c.

{
    SECStatus  rv;
    sslSocket *ss = ssl_FindSocket(fd);
    
    if (!enabled) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
       *enabled = PR_FALSE;
       return SECFailure;
    }
    if (ssl_IsRemovedCipherSuite(which)) {
       *enabled = PR_FALSE;
       rv = SECSuccess;
    } else if (SSL_IS_SSL2_CIPHER(which)) {
       rv = ssl2_CipherPrefGet(ss, which, enabled);
    } else {
       rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
    }
    return rv;
}

Definition at line 1034 of file sslsock.c.

{
    SECStatus  rv;
    
    if (!enabled) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    if (ssl_IsRemovedCipherSuite(which)) {
       *enabled = PR_FALSE;
       rv = SECSuccess;
    } else if (SSL_IS_SSL2_CIPHER(which)) {
       rv = ssl2_CipherPrefGetDefault(which, enabled);
    } else {
       rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
    }
    return rv;
}

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_CipherPrefSet ( PRFileDesc fd,
PRInt32  cipher,
PRBool  enabled 
)

Definition at line 1054 of file sslsock.c.

{
    SECStatus rv;
    sslSocket *ss = ssl_FindSocket(fd);
    
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
       return SECFailure;
    }
    if (ssl_IsRemovedCipherSuite(which))
       return SECSuccess;
    if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
       PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
       return SECFailure;
    }
    if (SSL_IS_SSL2_CIPHER(which)) {
       rv = ssl2_CipherPrefSet(ss, which, enabled);
    } else {
       rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
    }
    return rv;
}

Here is the caller graph for this function:

Definition at line 1015 of file sslsock.c.

Here is the caller graph for this function:

Definition at line 348 of file sslnonce.c.

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_ConfigMPServerSIDCache ( int  maxCacheEntries,
PRUint32  timeout,
PRUint32  ssl3_timeout,
const char *  directory 
)

Definition at line 1674 of file sslsnce.c.

{
    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigMPServerSIDCache)");    
    return SECFailure;
}

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_ConfigSecureServer ( PRFileDesc fd,
CERTCertificate *  cert,
SECKEYPrivateKey *  key,
SSLKEAType  kea 
)

Definition at line 679 of file sslsecur.c.

{
    SECStatus rv;
    sslSocket *ss;
    sslServerCerts  *sc;
    SECKEYPublicKey * pubKey = NULL;

    ss = ssl_FindSocket(fd);
    if (!ss) {
       return SECFailure;
    }

    /* Both key and cert must have a value or be NULL */
    /* Passing a value of NULL will turn off key exchange algorithms that were
     * previously turned on */
    if (!cert != !key) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }

    /* make sure the key exchange is recognized */
    if ((kea >= kt_kea_size) || (kea < kt_null)) {
       PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
       return SECFailure;
    }

    if (kea != ssl_FindCertKEAType(cert)) {
       PORT_SetError(SSL_ERROR_CERT_KEA_MISMATCH);
       return SECFailure;
    }

    sc = ss->serverCerts + kea;
    /* load the server certificate */
    if (sc->serverCert != NULL) {
       CERT_DestroyCertificate(sc->serverCert);
       sc->serverCert = NULL;
    }
    if (cert) {
       sc->serverCert = CERT_DupCertificate(cert);
       if (!sc->serverCert)
           goto loser;
       /* get the size of the cert's public key, and remember it */
       pubKey = CERT_ExtractPublicKey(cert);
       if (!pubKey) 
           goto loser;
       sc->serverKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey);
    }


    /* load the server cert chain */
    if (sc->serverCertChain != NULL) {
       CERT_DestroyCertificateList(sc->serverCertChain);
       sc->serverCertChain = NULL;
    }
    if (cert) {
       sc->serverCertChain = CERT_CertChainFromCert(
                         sc->serverCert, certUsageSSLServer, PR_TRUE);
       if (sc->serverCertChain == NULL)
            goto loser;
    }

    /* load the private key */
    if (sc->serverKeyPair != NULL) {
        ssl3_FreeKeyPair(sc->serverKeyPair);
        sc->serverKeyPair = NULL;
    }
    if (key) {
       SECKEYPrivateKey * keyCopy  = NULL;
       CK_MECHANISM_TYPE  keyMech  = CKM_INVALID_MECHANISM;

       if (key->pkcs11Slot) {
           PK11SlotInfo * bestSlot;
           bestSlot = PK11_ReferenceSlot(key->pkcs11Slot);
           if (bestSlot) {
              keyCopy = PK11_CopyTokenPrivKeyToSessionPrivKey(bestSlot, key);
              PK11_FreeSlot(bestSlot);
           }
       }
       if (keyCopy == NULL)
           keyMech = PK11_MapSignKeyType(key->keyType);
       if (keyMech != CKM_INVALID_MECHANISM) {
           PK11SlotInfo * bestSlot;
           /* XXX Maybe should be bestSlotMultiple? */
           bestSlot = PK11_GetBestSlot(keyMech, NULL /* wincx */);
           if (bestSlot) {
              keyCopy = PK11_CopyTokenPrivKeyToSessionPrivKey(bestSlot, key);
              PK11_FreeSlot(bestSlot);
           }
       }
       if (keyCopy == NULL)
           keyCopy = SECKEY_CopyPrivateKey(key);
       if (keyCopy == NULL)
           goto loser;
       SECKEY_CacheStaticFlags(keyCopy);
        sc->serverKeyPair = ssl3_NewKeyPair(keyCopy, pubKey);
        if (sc->serverKeyPair == NULL) {
            SECKEY_DestroyPrivateKey(keyCopy);
            goto loser;
        }
       pubKey = NULL; /* adopted by serverKeyPair */
    }

    if (kea == kt_rsa && cert && sc->serverKeyBits > 512) {
       if (ss->opt.noStepDown) {
           /* disable all export ciphersuites */
       } else {
           rv = ssl3_CreateRSAStepDownKeys(ss);
           if (rv != SECSuccess) {
              return SECFailure; /* err set by ssl3_CreateRSAStepDownKeys */
           }
       }
    }

    /* Only do this once because it's global. */
    if (PR_SUCCESS == PR_CallOnceWithArg(&setupServerCAListOnce, 
                                         &serverCAListSetup,
                                         (void *)(ss->dbHandle))) {
       return SECSuccess;
    }

loser:
    if (pubKey) {
       SECKEY_DestroyPublicKey(pubKey); 
       pubKey = NULL;
    }
    if (sc->serverCert != NULL) {
       CERT_DestroyCertificate(sc->serverCert);
       sc->serverCert = NULL;
    }
    if (sc->serverCertChain != NULL) {
       CERT_DestroyCertificateList(sc->serverCertChain);
       sc->serverCertChain = NULL;
    }
    if (sc->serverKeyPair != NULL) {
       ssl3_FreeKeyPair(sc->serverKeyPair);
       sc->serverKeyPair = NULL;
    }
    return SECFailure;
}

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCache ( int  maxCacheEntries,
PRUint32  timeout,
PRUint32  ssl3_timeout,
const char *  directory 
)

Definition at line 1664 of file sslsnce.c.

{
    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigServerSessionIDCache)");    
    return SECFailure;
}

Here is the caller graph for this function:

Definition at line 1256 of file sslsecur.c.

{
    sslSocket *ss;
    int        rv  = 0;

    ss = ssl_FindSocket(fd);

    if (ss && ss->opt.useSecurity) {

       ssl_Get1stHandshakeLock(ss);
       ssl_GetSSL3HandshakeLock(ss);

       ssl_GetRecvBufLock(ss);
       rv = ss->gs.writeOffset - ss->gs.readOffset;
       ssl_ReleaseRecvBufLock(ss);

       ssl_ReleaseSSL3HandshakeLock(ss);
       ssl_Release1stHandshakeLock(ss);
    }

    return rv;
}

Here is the caller graph for this function:

Definition at line 375 of file sslsecur.c.

{
    sslSocket *ss;
    SECStatus  rv = SECFailure;

    ss = ssl_FindSocket(fd);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in ForceHandshake",
               SSL_GETPID(), fd));
       return rv;
    }

    /* Don't waste my time */
    if (!ss->opt.useSecurity) 
       return SECSuccess;

    ssl_Get1stHandshakeLock(ss);

    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
       int gatherResult;

       ssl_GetRecvBufLock(ss);
       gatherResult = ssl3_GatherCompleteHandshake(ss, 0);
       ssl_ReleaseRecvBufLock(ss);
       if (gatherResult > 0) {
           rv = SECSuccess;
       } else if (gatherResult == 0) {
           PORT_SetError(PR_END_OF_FILE_ERROR);
       } else if (gatherResult == SECWouldBlock) {
           PORT_SetError(PR_WOULD_BLOCK_ERROR);
       }
    } else if (!ss->firstHsDone) {
       rv = ssl_Do1stHandshake(ss);
    } else {
       /* tried to force handshake on an SSL 2 socket that has 
       ** already completed the handshake. */
       rv = SECSuccess;     /* just pretend we did it. */
    }

    ssl_Release1stHandshakeLock(ss);

    return rv;
}

Here is the caller graph for this function:

Definition at line 422 of file sslsecur.c.

{
    if (SECSuccess != ssl_SetTimeout(fd, timeout)) {
        return SECFailure;
    }
    return SSL_ForceHandshake(fd);
}
SSL_IMPORT SECStatus SSL_GetChannelInfo ( PRFileDesc fd,
SSLChannelInfo info,
PRUintn  len 
)

Definition at line 43 of file sslinfo.c.

{
    sslSocket *      ss;
    SSLChannelInfo   inf;
    sslSessionID *   sid;

    if (!info || len < sizeof inf.length) { 
       return SECSuccess;
    }

    ss = ssl_FindSocket(fd);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo",
               SSL_GETPID(), fd));
       return SECFailure;
    }

    memset(&inf, 0, sizeof inf);
    inf.length = PR_MIN(sizeof inf, len);

    if (ss->opt.useSecurity && ss->firstHsDone) {
        sid = ss->sec.ci.sid;
       inf.protocolVersion  = ss->version;
       inf.authKeyBits      = ss->sec.authKeyBits;
       inf.keaKeyBits       = ss->sec.keaKeyBits;
       if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
           inf.cipherSuite      = ss->sec.cipherType | 0xff00;
       } else if (ss->ssl3.initialized) {        /* SSL3 and TLS */

           /* XXX  These should come from crSpec */
           inf.cipherSuite      = ss->ssl3.hs.cipher_suite;
       }
       if (sid) {
           inf.creationTime   = sid->creationTime;
           inf.lastAccessTime = sid->lastAccessTime;
           inf.expirationTime = sid->expirationTime;
           if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
               inf.sessionIDLength = SSL2_SESSIONID_BYTES;
              memcpy(inf.sessionID, sid->u.ssl2.sessionID, 
                     SSL2_SESSIONID_BYTES);
           } else {
              unsigned int sidLen = sid->u.ssl3.sessionIDLength;
               sidLen = PR_MIN(sidLen, sizeof inf.sessionID);
               inf.sessionIDLength = sidLen;
              memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen);
           }
       }
    }

    memcpy(info, &inf, inf.length);

    return SECSuccess;
}

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo ( PRUint16  cipherSuite,
SSLCipherSuiteInfo info,
PRUintn  len 
)

Definition at line 201 of file sslinfo.c.

{
    unsigned int i;

    len = PR_MIN(len, sizeof suiteInfo[0]);
    if (!info || len < sizeof suiteInfo[0].length) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    for (i = 0; i < NUM_SUITEINFOS; i++) {
       if (suiteInfo[i].cipherSuite == cipherSuite) {
           memcpy(info, &suiteInfo[i], len);
           info->length = len;
           return SECSuccess;
       }
    }
    PORT_SetError(SEC_ERROR_INVALID_ARGS);
    return SECFailure;
}

Here is the caller graph for this function:

Definition at line 195 of file sslauth.c.

{
    sslSocket *ss;

    ss = ssl_FindSocket(s);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in GetClientAuthDataHook",
               SSL_GETPID(), s));
       return SECFailure;
    }

    ss->getClientAuthData = func;
    ss->getClientAuthDataArg = arg;
    return SECSuccess;
}

Here is the caller graph for this function:

Definition at line 1718 of file sslsnce.c.

{
    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_GetMaxServerCacheLocks)");
    return -1;
}

Definition at line 1301 of file sslsecur.c.

{
    sslSocket *    ss;
    SECItem *      item = NULL;

    ss = ssl_FindSocket(fd);
    if (ss) {
       ssl_Get1stHandshakeLock(ss);
       ssl_GetSSL3HandshakeLock(ss);

       if (ss->opt.useSecurity && ss->firstHsDone && ss->sec.ci.sid) {
           item = (SECItem *)PORT_Alloc(sizeof(SECItem));
           if (item) {
              sslSessionID * sid = ss->sec.ci.sid;
              if (sid->version < SSL_LIBRARY_VERSION_3_0) {
                  item->len = SSL2_SESSIONID_BYTES;
                  item->data = (unsigned char*)PORT_Alloc(item->len);
                  PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
              } else {
                  item->len = sid->u.ssl3.sessionIDLength;
                  item->data = (unsigned char*)PORT_Alloc(item->len);
                  PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
              }
           }
       }

       ssl_ReleaseSSL3HandshakeLock(ss);
       ssl_Release1stHandshakeLock(ss);
    }
    return item;
}

Definition at line 496 of file ssl3con.c.

{
    return &ssl3stats;
}

Here is the caller graph for this function:

Definition at line 335 of file sslsecur.c.

{
    sslSocket *ss;
    
    ss = ssl_FindSocket(fd);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeCallback",
               SSL_GETPID(), fd));
       return SECFailure;
    }

    if (!ss->opt.useSecurity) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }

    ssl_Get1stHandshakeLock(ss);
    ssl_GetSSL3HandshakeLock(ss);

    ss->handshakeCallback     = cb;
    ss->handshakeCallbackData = client_data;

    ssl_ReleaseSSL3HandshakeLock(ss);
    ssl_Release1stHandshakeLock(ss);

    return SECSuccess;
}

Here is the caller graph for this function:

Definition at line 1153 of file sslsock.c.

{
    sslSocket * ns = NULL;
    PRStatus    rv;
    PRNetAddr   addr;

    if (model == NULL) {
       /* Just create a default socket if we're given NULL for the model */
       ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks));
    } else {
       sslSocket * ss = ssl_FindSocket(model);
       if (ss == NULL) {
           SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", 
                    SSL_GETPID(), model));
           return NULL;
       }
       ns = ssl_DupSocket(ss);
    }
    if (ns == NULL)
       return NULL;

    rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
    if (rv != PR_SUCCESS) {
       ssl_FreeSocket(ns);
       SET_ERROR_CODE
       return NULL;
    }
#ifdef _WIN32
    PR_Sleep(PR_INTERVAL_NO_WAIT);     /* workaround NT winsock connect bug. */
#endif
    ns = ssl_FindSocket(fd);
    PORT_Assert(ns);
    if (ns)
       ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
    return fd;
}

Here is the caller graph for this function:

Definition at line 1684 of file sslsnce.c.

{
    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_InheritMPServerSIDCache)");    
    return SECFailure;
}

Here is the caller graph for this function:

Definition at line 1280 of file sslsecur.c.

{
    sslSocket *   ss = ssl_FindSocket(fd);
    SECStatus     rv = SECFailure;

    if (ss) {
       ssl_Get1stHandshakeLock(ss);
       ssl_GetSSL3HandshakeLock(ss);

       if (ss->sec.ci.sid) {
           ss->sec.uncache(ss->sec.ci.sid);
           rv = SECSuccess;
       }

       ssl_ReleaseSSL3HandshakeLock(ss);
       ssl_Release1stHandshakeLock(ss);
    }
    return rv;
}
SSL_IMPORT CERTCertificate* SSL_LocalCertificate ( PRFileDesc fd)

Definition at line 64 of file sslauth.c.

{
    sslSocket *ss;

    ss = ssl_FindSocket(fd);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",
               SSL_GETPID(), fd));
       return NULL;
    }
    if (ss->opt.useSecurity) {
       if (ss->sec.localCert) {
           return CERT_DupCertificate(ss->sec.localCert);
       }
       if (ss->sec.ci.sid && ss->sec.ci.sid->localCert) {
           return CERT_DupCertificate(ss->sec.ci.sid->localCert);
       }
    }
    return NULL;
}

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_OptionGet ( PRFileDesc fd,
PRInt32  option,
PRBool on 
)

Definition at line 715 of file sslsock.c.

{
    sslSocket *ss = ssl_FindSocket(fd);
    SECStatus  rv = SECSuccess;
    PRBool     on = PR_FALSE;

    if (!pOn) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
       *pOn = PR_FALSE;
       return SECFailure;
    }

    ssl_Get1stHandshakeLock(ss);
    ssl_GetSSL3HandshakeLock(ss);

    switch (which) {
    case SSL_SOCKS:               on = PR_FALSE;               break;
    case SSL_SECURITY:            on = ss->opt.useSecurity;        break;
    case SSL_REQUEST_CERTIFICATE: on = ss->opt.requestCertificate; break;
    case SSL_REQUIRE_CERTIFICATE: on = ss->opt.requireCertificate; break;
    case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient;  break;
    case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer;  break;
    case SSL_ENABLE_TLS:          on = ss->opt.enableTLS;          break;
    case SSL_ENABLE_SSL3:         on = ss->opt.enableSSL3;         break;
    case SSL_ENABLE_SSL2:         on = ss->opt.enableSSL2;         break;
    case SSL_NO_CACHE:            on = ss->opt.noCache;            break;
    case SSL_ENABLE_FDX:          on = ss->opt.fdx;                break;
    case SSL_V2_COMPATIBLE_HELLO: on = ss->opt.v2CompatibleHello;  break;
    case SSL_ROLLBACK_DETECTION:  on = ss->opt.detectRollBack;     break;
    case SSL_NO_STEP_DOWN:        on = ss->opt.noStepDown;         break;
    case SSL_BYPASS_PKCS11:       on = ss->opt.bypassPKCS11;       break;
    case SSL_NO_LOCKS:            on = ss->opt.noLocks;            break;

    default:
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       rv = SECFailure;
    }

    ssl_ReleaseSSL3HandshakeLock(ss);
    ssl_Release1stHandshakeLock(ss);

    *pOn = on;
    return rv;
}

Here is the caller graph for this function:

Definition at line 542 of file sslsock.c.

{
    sslSocket *ss = ssl_FindSocket(fd);
    SECStatus  rv = SECSuccess;
    PRBool     holdingLocks;

    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
       return SECFailure;
    }

    holdingLocks = (!ss->opt.noLocks);
    ssl_Get1stHandshakeLock(ss);
    ssl_GetSSL3HandshakeLock(ss);

    switch (which) {
      case SSL_SOCKS:
       ss->opt.useSocks = PR_FALSE;
       rv = PrepareSocket(ss);
       if (on) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           rv = SECFailure;
       }
       break;

      case SSL_SECURITY:
       ss->opt.useSecurity = on;
       rv = PrepareSocket(ss);
       break;

      case SSL_REQUEST_CERTIFICATE:
       ss->opt.requestCertificate = on;
       break;

      case SSL_REQUIRE_CERTIFICATE:
       ss->opt.requireCertificate = on;
       break;

      case SSL_HANDSHAKE_AS_CLIENT:
       if ( ss->opt.handshakeAsServer && on ) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           rv = SECFailure;
           break;
       }
       ss->opt.handshakeAsClient = on;
       break;

      case SSL_HANDSHAKE_AS_SERVER:
       if ( ss->opt.handshakeAsClient && on ) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           rv = SECFailure;
           break;
       }
       ss->opt.handshakeAsServer = on;
       break;

      case SSL_ENABLE_TLS:
       ss->opt.enableTLS       = on;
       ss->preferredCipher     = NULL;
       if (ss->cipherSpecs) {
           PORT_Free(ss->cipherSpecs);
           ss->cipherSpecs     = NULL;
           ss->sizeCipherSpecs = 0;
       }
       break;

      case SSL_ENABLE_SSL3:
       ss->opt.enableSSL3      = on;
       ss->preferredCipher     = NULL;
       if (ss->cipherSpecs) {
           PORT_Free(ss->cipherSpecs);
           ss->cipherSpecs     = NULL;
           ss->sizeCipherSpecs = 0;
       }
       break;

      case SSL_ENABLE_SSL2:
       ss->opt.enableSSL2       = on;
       if (on) {
           ss->opt.v2CompatibleHello = on;
       }
       ss->preferredCipher     = NULL;
       if (ss->cipherSpecs) {
           PORT_Free(ss->cipherSpecs);
           ss->cipherSpecs     = NULL;
           ss->sizeCipherSpecs = 0;
       }
       break;

      case SSL_NO_CACHE:
       ss->opt.noCache = on;
       break;

      case SSL_ENABLE_FDX:
       if (on && ss->opt.noLocks) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           rv = SECFailure;
       }
       ss->opt.fdx = on;
       break;

      case SSL_V2_COMPATIBLE_HELLO:
       ss->opt.v2CompatibleHello = on;
       if (!on) {
           ss->opt.enableSSL2    = on;
       }
       break;

      case SSL_ROLLBACK_DETECTION:  
       ss->opt.detectRollBack = on;
        break;

      case SSL_NO_STEP_DOWN:        
       ss->opt.noStepDown     = on;         
       if (on) 
           SSL_DisableExportCipherSuites(fd);
       break;

      case SSL_BYPASS_PKCS11:
       if (ss->handshakeBegun) {
           PORT_SetError(PR_INVALID_STATE_ERROR);
           rv = SECFailure;
       } else {
            if (PR_FALSE != on) {
                if (PR_SUCCESS == SSL_BypassSetup() ) {
                    ss->opt.bypassPKCS11   = on;
                } else {
                    rv = SECFailure;
                }
            } else {
                ss->opt.bypassPKCS11   = PR_FALSE;
            }
       }
       break;

      case SSL_NO_LOCKS:
       if (on && ss->opt.fdx) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           rv = SECFailure;
       }
       if (on && ssl_force_locks) 
           on = PR_FALSE;   /* silent override */
       ss->opt.noLocks   = on;
       if (on) {
           locksEverDisabled = PR_TRUE;
           strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
       } else if (!holdingLocks) {
           rv = ssl_MakeLocks(ss);
           if (rv != SECSuccess) {
              ss->opt.noLocks   = PR_TRUE;
           }
       }
       break;

      default:
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       rv = SECFailure;
    }

    /* We can't use the macros for releasing the locks here,
     * because ss->opt.noLocks might have changed just above.
     * We must release these locks (monitors) here, if we aquired them above,
     * regardless of the current value of ss->opt.noLocks.
     */
    if (holdingLocks) {
       PZ_ExitMonitor((ss)->ssl3HandshakeLock);
       PZ_ExitMonitor((ss)->firstHandshakeLock);
    }

    return rv;
}

Here is the caller graph for this function:

Definition at line 810 of file sslsock.c.

{
    switch (which) {
      case SSL_SOCKS:
       ssl_defaults.useSocks = PR_FALSE;
       if (on) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           return SECFailure;
       }
       break;

      case SSL_SECURITY:
       ssl_defaults.useSecurity = on;
       break;

      case SSL_REQUEST_CERTIFICATE:
       ssl_defaults.requestCertificate = on;
       break;

      case SSL_REQUIRE_CERTIFICATE:
       ssl_defaults.requireCertificate = on;
       break;

      case SSL_HANDSHAKE_AS_CLIENT:
       if ( ssl_defaults.handshakeAsServer && on ) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           return SECFailure;
       }
       ssl_defaults.handshakeAsClient = on;
       break;

      case SSL_HANDSHAKE_AS_SERVER:
       if ( ssl_defaults.handshakeAsClient && on ) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           return SECFailure;
       }
       ssl_defaults.handshakeAsServer = on;
       break;

      case SSL_ENABLE_TLS:
       ssl_defaults.enableTLS = on;
       break;

      case SSL_ENABLE_SSL3:
       ssl_defaults.enableSSL3 = on;
       break;

      case SSL_ENABLE_SSL2:
       ssl_defaults.enableSSL2 = on;
       if (on) {
           ssl_defaults.v2CompatibleHello = on;
       }
       break;

      case SSL_NO_CACHE:
       ssl_defaults.noCache = on;
       break;

      case SSL_ENABLE_FDX:
       if (on && ssl_defaults.noLocks) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           return SECFailure;
       }
       ssl_defaults.fdx = on;
       break;

      case SSL_V2_COMPATIBLE_HELLO:
       ssl_defaults.v2CompatibleHello = on;
       if (!on) {
           ssl_defaults.enableSSL2    = on;
       }
       break;

      case SSL_ROLLBACK_DETECTION:  
       ssl_defaults.detectRollBack = on;
       break;

      case SSL_NO_STEP_DOWN:        
       ssl_defaults.noStepDown     = on;         
       if (on)
           SSL_DisableDefaultExportCipherSuites();
       break;

      case SSL_BYPASS_PKCS11:
        if (PR_FALSE != on) {
            if (PR_SUCCESS == SSL_BypassSetup()) {
                ssl_defaults.bypassPKCS11   = on;
            } else {
                return SECFailure;
            }
        } else {
            ssl_defaults.bypassPKCS11   = PR_FALSE;
        }
       break;

      case SSL_NO_LOCKS:
       if (on && ssl_defaults.fdx) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           return SECFailure;
       }
       if (on && ssl_force_locks) 
           on = PR_FALSE;          /* silent override */
       ssl_defaults.noLocks        = on;
       if (on) {
           locksEverDisabled = PR_TRUE;
           strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
       }
       break;

      default:
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    return SECSuccess;
}

Here is the caller graph for this function:

SSL_IMPORT CERTCertificate* SSL_PeerCertificate ( PRFileDesc fd)

Definition at line 46 of file sslauth.c.

{
    sslSocket *ss;

    ss = ssl_FindSocket(fd);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",
               SSL_GETPID(), fd));
       return 0;
    }
    if (ss->opt.useSecurity && ss->sec.peerCert) {
       return CERT_DupCertificate(ss->sec.peerCert);
    }
    return 0;
}

Here is the caller graph for this function:

Definition at line 281 of file sslsecur.c.

{
    sslSocket *ss;
    SECStatus  rv;
    
    ss = ssl_FindSocket(fd);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in RedoHandshake", SSL_GETPID(), fd));
       return SECFailure;
    }

    if (!ss->opt.useSecurity)
       return SECSuccess;
    
    ssl_Get1stHandshakeLock(ss);

    /* SSL v2 protocol does not support subsequent handshakes. */
    if (ss->version < SSL_LIBRARY_VERSION_3_0) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       rv = SECFailure;
    } else {
       ssl_GetSSL3HandshakeLock(ss);
       rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */
       ssl_ReleaseSSL3HandshakeLock(ss);
    }

    ssl_Release1stHandshakeLock(ss);

    return rv;
}

Here is the caller graph for this function:

Definition at line 315 of file sslsecur.c.

{
    if (SECSuccess != ssl_SetTimeout(fd, timeout)) {
        return SECFailure;
    }
    return SSL_ReHandshake(fd, flushCache);
}

Definition at line 217 of file sslsecur.c.

{
    sslSocket *ss;
    SECStatus status;
    PRNetAddr addr;

    ss = ssl_FindSocket(s);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in ResetHandshake", SSL_GETPID(), s));
       return SECFailure;
    }

    /* Don't waste my time */
    if (!ss->opt.useSecurity)
       return SECSuccess;

    SSL_LOCK_READER(ss);
    SSL_LOCK_WRITER(ss);

    /* Reset handshake state */
    ssl_Get1stHandshakeLock(ss);
    ssl_GetSSL3HandshakeLock(ss);

    ss->firstHsDone = PR_FALSE;
    if ( asServer ) {
       ss->handshake = ssl2_BeginServerHandshake;
       ss->handshaking = sslHandshakingAsServer;
    } else {
       ss->handshake = ssl2_BeginClientHandshake;
       ss->handshaking = sslHandshakingAsClient;
    }
    ss->nextHandshake       = 0;
    ss->securityHandshake   = 0;

    ssl_GetRecvBufLock(ss);
    status = ssl_InitGather(&ss->gs);
    ssl_ReleaseRecvBufLock(ss);

    /*
    ** Blow away old security state and get a fresh setup.
    */
    ssl_GetXmitBufLock(ss); 
    ssl_ResetSecurityInfo(&ss->sec, PR_TRUE);
    status = ssl_CreateSecurityInfo(ss);
    ssl_ReleaseXmitBufLock(ss); 

    ssl_ReleaseSSL3HandshakeLock(ss);
    ssl_Release1stHandshakeLock(ss);

    if (!ss->TCPconnected)
       ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));

    SSL_UNLOCK_WRITER(ss);
    SSL_UNLOCK_READER(ss);

    return status;
}

Here is the caller graph for this function:

SSL_IMPORT CERTCertificate* SSL_RevealCert ( PRFileDesc socket)

Definition at line 50 of file sslreveal.c.

{
  CERTCertificate * cert = NULL;
  sslSocket * sslsocket = NULL;

  sslsocket = ssl_FindSocket(fd);
  
  /* CERT_DupCertificate increases reference count and returns pointer to 
   * the same cert
   */
  if (sslsocket && sslsocket->sec.peerCert)
    cert = CERT_DupCertificate(sslsocket->sec.peerCert);
  
  return cert;
}

Here is the caller graph for this function:

Definition at line 69 of file sslreveal.c.

{
  sslSocket * sslsocket = NULL;
  void * PinArg = NULL;
  
  sslsocket = ssl_FindSocket(fd);
  
  /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */
  if (sslsocket)
    PinArg = sslsocket->pkcs11PinArg;
  
  return PinArg;
}

Here is the caller graph for this function:

SSL_IMPORT char* SSL_RevealURL ( PRFileDesc socket)

Definition at line 88 of file sslreveal.c.

{
  sslSocket * sslsocket = NULL;
  char * url = NULL;

  sslsocket = ssl_FindSocket(fd);
  
  if (sslsocket && sslsocket->url)
    url = PL_strdup(sslsocket->url);
  
  return url;
}

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_SecurityStatus ( PRFileDesc fd,
int on,
char **  cipher,
int keySize,
int secretKeySize,
char **  issuer,
char **  subject 
)

Definition at line 89 of file sslauth.c.

{
    sslSocket *ss;
    const char *cipherName;
    PRBool isDes = PR_FALSE;

    ss = ssl_FindSocket(fd);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus",
               SSL_GETPID(), fd));
       return SECFailure;
    }

    if (cp) *cp = 0;
    if (kp0) *kp0 = 0;
    if (kp1) *kp1 = 0;
    if (ip) *ip = 0;
    if (sp) *sp = 0;
    if (op) {
       *op = SSL_SECURITY_STATUS_OFF;
    }

    if (ss->opt.useSecurity && ss->firstHsDone) {

       if (ss->version < SSL_LIBRARY_VERSION_3_0) {
           cipherName = ssl_cipherName[ss->sec.cipherType];
       } else {
           cipherName = ssl3_cipherName[ss->sec.cipherType];
       }
       PORT_Assert(cipherName);
       if (cipherName) {
            if (PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE;

            if (cp) {
                *cp = PORT_Strdup(cipherName);
            }
        }

       if (kp0) {
           *kp0 = ss->sec.keyBits;
           if (isDes) *kp0 = (*kp0 * 7) / 8;
       }
       if (kp1) {
           *kp1 = ss->sec.secretKeyBits;
           if (isDes) *kp1 = (*kp1 * 7) / 8;
       }
       if (op) {
           if (ss->sec.keyBits == 0) {
              *op = SSL_SECURITY_STATUS_OFF;
           } else if (ss->sec.secretKeyBits < 90) {
              *op = SSL_SECURITY_STATUS_ON_LOW;

           } else {
              *op = SSL_SECURITY_STATUS_ON_HIGH;
           }
       }

       if (ip || sp) {
           CERTCertificate *cert;

           cert = ss->sec.peerCert;
           if (cert) {
              if (ip) {
                  *ip = CERT_NameToAscii(&cert->issuer);
              }
              if (sp) {
                  *sp = CERT_NameToAscii(&cert->subject);
              }
           } else {
              if (ip) {
                  *ip = PORT_Strdup("no certificate");
              }
              if (sp) {
                  *sp = PORT_Strdup("no certificate");
              }
           }
       }
    }

    return SECSuccess;
}

Here is the caller graph for this function:

Definition at line 1725 of file sslsnce.c.

{
    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_SetMaxServerCacheLocks)");
    return SECFailure;
}

Definition at line 214 of file sslauth.c.

{
    sslSocket *ss;

    ss = ssl_FindSocket(s);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in GetClientAuthDataHook",
               SSL_GETPID(), s));
       return SECFailure;
    }

    ss->pkcs11PinArg = arg;
    return SECSuccess;
}

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_SetSockPeerID ( PRFileDesc fd,
char *  peerID 
)

Definition at line 1528 of file sslsock.c.

{
    sslSocket *ss;

    ss = ssl_FindSocket(fd);
    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCacheIndex",
               SSL_GETPID(), fd));
       return SECFailure;
    }

    ss->peerID = PORT_Strdup(peerID);
    return SECSuccess;
}

Here is the caller graph for this function:

SSL_IMPORT SECStatus SSL_SetURL ( PRFileDesc fd,
const char *  url 
)

Definition at line 1223 of file sslsecur.c.

{
    sslSocket *   ss = ssl_FindSocket(fd);
    SECStatus     rv = SECSuccess;

    if (!ss) {
       SSL_DBG(("%d: SSL[%d]: bad socket in SSLSetURL",
               SSL_GETPID(), fd));
       return SECFailure;
    }
    ssl_Get1stHandshakeLock(ss);
    ssl_GetSSL3HandshakeLock(ss);

    if ( ss->url ) {
       PORT_Free((void *)ss->url); /* CONST */
    }

    ss->url = (const char *)PORT_Strdup(url);
    if ( ss->url == NULL ) {
       rv = SECFailure;
    }

    ssl_ReleaseSSL3HandshakeLock(ss);
    ssl_Release1stHandshakeLock(ss);

    return rv;
}

Here is the caller graph for this function:

Here is the caller graph for this function:


Variable Documentation

Definition at line 62 of file ssl.h.

Definition at line 65 of file ssl.h.