1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ssl/sslreveal.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,112 @@
1.4 +/*
1.5 + * Accessor functions for SSLSocket private members.
1.6 + *
1.7 + * This Source Code Form is subject to the terms of the Mozilla Public
1.8 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.9 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.10 +
1.11 +#include "cert.h"
1.12 +#include "ssl.h"
1.13 +#include "certt.h"
1.14 +#include "sslimpl.h"
1.15 +
1.16 +/* given PRFileDesc, returns a copy of certificate associated with the socket
1.17 + * the caller should delete the cert when done with SSL_DestroyCertificate
1.18 + */
1.19 +CERTCertificate *
1.20 +SSL_RevealCert(PRFileDesc * fd)
1.21 +{
1.22 + CERTCertificate * cert = NULL;
1.23 + sslSocket * sslsocket = NULL;
1.24 +
1.25 + sslsocket = ssl_FindSocket(fd);
1.26 +
1.27 + /* CERT_DupCertificate increases reference count and returns pointer to
1.28 + * the same cert
1.29 + */
1.30 + if (sslsocket && sslsocket->sec.peerCert)
1.31 + cert = CERT_DupCertificate(sslsocket->sec.peerCert);
1.32 +
1.33 + return cert;
1.34 +}
1.35 +
1.36 +/* given PRFileDesc, returns a pointer to PinArg associated with the socket
1.37 + */
1.38 +void *
1.39 +SSL_RevealPinArg(PRFileDesc * fd)
1.40 +{
1.41 + sslSocket * sslsocket = NULL;
1.42 + void * PinArg = NULL;
1.43 +
1.44 + sslsocket = ssl_FindSocket(fd);
1.45 +
1.46 + /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */
1.47 + if (sslsocket)
1.48 + PinArg = sslsocket->pkcs11PinArg;
1.49 +
1.50 + return PinArg;
1.51 +}
1.52 +
1.53 +
1.54 +/* given PRFileDesc, returns a pointer to the URL associated with the socket
1.55 + * the caller should free url when done
1.56 + */
1.57 +char *
1.58 +SSL_RevealURL(PRFileDesc * fd)
1.59 +{
1.60 + sslSocket * sslsocket = NULL;
1.61 + char * url = NULL;
1.62 +
1.63 + sslsocket = ssl_FindSocket(fd);
1.64 +
1.65 + if (sslsocket && sslsocket->url)
1.66 + url = PL_strdup(sslsocket->url);
1.67 +
1.68 + return url;
1.69 +}
1.70 +
1.71 +
1.72 +/* given PRFileDesc, returns status information related to extensions
1.73 + * negotiated with peer during the handshake.
1.74 + */
1.75 +
1.76 +SECStatus
1.77 +SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
1.78 + SSLExtensionType extId,
1.79 + PRBool *pYes)
1.80 +{
1.81 + /* some decisions derived from SSL_GetChannelInfo */
1.82 + sslSocket * sslsocket = NULL;
1.83 +
1.84 + if (!pYes) {
1.85 + PORT_SetError(SEC_ERROR_INVALID_ARGS);
1.86 + return SECFailure;
1.87 + }
1.88 +
1.89 + sslsocket = ssl_FindSocket(socket);
1.90 + if (!sslsocket) {
1.91 + SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
1.92 + SSL_GETPID(), socket));
1.93 + return SECFailure;
1.94 + }
1.95 +
1.96 + *pYes = PR_FALSE;
1.97 +
1.98 + /* according to public API SSL_GetChannelInfo, this doesn't need a lock */
1.99 + if (sslsocket->opt.useSecurity) {
1.100 + if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
1.101 + /* now we know this socket went through ssl3_InitState() and
1.102 + * ss->xtnData got initialized, which is the only member accessed by
1.103 + * ssl3_ExtensionNegotiated();
1.104 + * Member xtnData appears to get accessed in functions that handle
1.105 + * the handshake (hello messages and extension sending),
1.106 + * therefore the handshake lock should be sufficient.
1.107 + */
1.108 + ssl_GetSSL3HandshakeLock(sslsocket);
1.109 + *pYes = ssl3_ExtensionNegotiated(sslsocket, extId);
1.110 + ssl_ReleaseSSL3HandshakeLock(sslsocket);
1.111 + }
1.112 + }
1.113 +
1.114 + return SECSuccess;
1.115 +}
