The Tor Browser / file comparison
comparison: security/nss/lib/ssl/sslreveal.c
security/nss/lib/ssl/sslreveal.c
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:da87b7b80692 |
|---|---|
| 1 /* | |
| 2 * Accessor functions for SSLSocket private members. | |
| 3 * | |
| 4 * This Source Code Form is subject to the terms of the Mozilla Public | |
| 5 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 7 | |
| 8 #include "cert.h" | |
| 9 #include "ssl.h" | |
| 10 #include "certt.h" | |
| 11 #include "sslimpl.h" | |
| 12 | |
| 13 /* given PRFileDesc, returns a copy of certificate associated with the socket | |
| 14 * the caller should delete the cert when done with SSL_DestroyCertificate | |
| 15 */ | |
| 16 CERTCertificate * | |
| 17 SSL_RevealCert(PRFileDesc * fd) | |
| 18 { | |
| 19 CERTCertificate * cert = NULL; | |
| 20 sslSocket * sslsocket = NULL; | |
| 21 | |
| 22 sslsocket = ssl_FindSocket(fd); | |
| 23 | |
| 24 /* CERT_DupCertificate increases reference count and returns pointer to | |
| 25 * the same cert | |
| 26 */ | |
| 27 if (sslsocket && sslsocket->sec.peerCert) | |
| 28 cert = CERT_DupCertificate(sslsocket->sec.peerCert); | |
| 29 | |
| 30 return cert; | |
| 31 } | |
| 32 | |
| 33 /* given PRFileDesc, returns a pointer to PinArg associated with the socket | |
| 34 */ | |
| 35 void * | |
| 36 SSL_RevealPinArg(PRFileDesc * fd) | |
| 37 { | |
| 38 sslSocket * sslsocket = NULL; | |
| 39 void * PinArg = NULL; | |
| 40 | |
| 41 sslsocket = ssl_FindSocket(fd); | |
| 42 | |
| 43 /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */ | |
| 44 if (sslsocket) | |
| 45 PinArg = sslsocket->pkcs11PinArg; | |
| 46 | |
| 47 return PinArg; | |
| 48 } | |
| 49 | |
| 50 | |
| 51 /* given PRFileDesc, returns a pointer to the URL associated with the socket | |
| 52 * the caller should free url when done | |
| 53 */ | |
| 54 char * | |
| 55 SSL_RevealURL(PRFileDesc * fd) | |
| 56 { | |
| 57 sslSocket * sslsocket = NULL; | |
| 58 char * url = NULL; | |
| 59 | |
| 60 sslsocket = ssl_FindSocket(fd); | |
| 61 | |
| 62 if (sslsocket && sslsocket->url) | |
| 63 url = PL_strdup(sslsocket->url); | |
| 64 | |
| 65 return url; | |
| 66 } | |
| 67 | |
| 68 | |
| 69 /* given PRFileDesc, returns status information related to extensions | |
| 70 * negotiated with peer during the handshake. | |
| 71 */ | |
| 72 | |
| 73 SECStatus | |
| 74 SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, | |
| 75 SSLExtensionType extId, | |
| 76 PRBool *pYes) | |
| 77 { | |
| 78 /* some decisions derived from SSL_GetChannelInfo */ | |
| 79 sslSocket * sslsocket = NULL; | |
| 80 | |
| 81 if (!pYes) { | |
| 82 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 83 return SECFailure; | |
| 84 } | |
| 85 | |
| 86 sslsocket = ssl_FindSocket(socket); | |
| 87 if (!sslsocket) { | |
| 88 SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension", | |
| 89 SSL_GETPID(), socket)); | |
| 90 return SECFailure; | |
| 91 } | |
| 92 | |
| 93 *pYes = PR_FALSE; | |
| 94 | |
| 95 /* according to public API SSL_GetChannelInfo, this doesn't need a lock */ | |
| 96 if (sslsocket->opt.useSecurity) { | |
| 97 if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */ | |
| 98 /* now we know this socket went through ssl3_InitState() and | |
| 99 * ss->xtnData got initialized, which is the only member accessed by | |
| 100 * ssl3_ExtensionNegotiated(); | |
| 101 * Member xtnData appears to get accessed in functions that handle | |
| 102 * the handshake (hello messages and extension sending), | |
| 103 * therefore the handshake lock should be sufficient. | |
| 104 */ | |
| 105 ssl_GetSSL3HandshakeLock(sslsocket); | |
| 106 *pYes = ssl3_ExtensionNegotiated(sslsocket, extId); | |
| 107 ssl_ReleaseSSL3HandshakeLock(sslsocket); | |
| 108 } | |
| 109 } | |
| 110 | |
| 111 return SECSuccess; | |
| 112 } |
