The Tor Browser: security/nss/lib/ssl/sslreveal.c@b8a032363ba2

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 /*

     2  * Accessor functions for SSLSocket private members.

     3  *

     4  * This Source Code Form is subject to the terms of the Mozilla Public

     5  * License, v. 2.0. If a copy of the MPL was not distributed with this

     6  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     8 #include "cert.h"

     9 #include "ssl.h"

    10 #include "certt.h"

    11 #include "sslimpl.h"

    13 /* given PRFileDesc, returns a copy of certificate associated with the socket

    14  * the caller should delete the cert when done with SSL_DestroyCertificate

    15  */

    16 CERTCertificate *

    17 SSL_RevealCert(PRFileDesc * fd)

    18 {

    19   CERTCertificate * cert = NULL;

    20   sslSocket * sslsocket = NULL;

    22   sslsocket = ssl_FindSocket(fd);

    24   /* CERT_DupCertificate increases reference count and returns pointer to

    25    * the same cert

    26    */

    27   if (sslsocket && sslsocket->sec.peerCert)

    28     cert = CERT_DupCertificate(sslsocket->sec.peerCert);

    30   return cert;

    31 }

    33 /* given PRFileDesc, returns a pointer to PinArg associated with the socket

    34  */

    35 void *

    36 SSL_RevealPinArg(PRFileDesc * fd)

    37 {

    38   sslSocket * sslsocket = NULL;

    39   void * PinArg = NULL;

    41   sslsocket = ssl_FindSocket(fd);

    43   /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */

    44   if (sslsocket)

    45     PinArg = sslsocket->pkcs11PinArg;

    47   return PinArg;

    48 }

    51 /* given PRFileDesc, returns a pointer to the URL associated with the socket

    52  * the caller should free url when done

    53  */

    54 char *

    55 SSL_RevealURL(PRFileDesc * fd)

    56 {

    57   sslSocket * sslsocket = NULL;

    58   char * url = NULL;

    60   sslsocket = ssl_FindSocket(fd);

    62   if (sslsocket && sslsocket->url)

    63     url = PL_strdup(sslsocket->url);

    65   return url;

    66 }

    69 /* given PRFileDesc, returns status information related to extensions

    70  * negotiated with peer during the handshake.

    71  */

    73 SECStatus

    74 SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,

    75                                  SSLExtensionType extId,

    76                                  PRBool *pYes)

    77 {

    78   /* some decisions derived from SSL_GetChannelInfo */

    79   sslSocket * sslsocket = NULL;

    81   if (!pYes) {

    82     PORT_SetError(SEC_ERROR_INVALID_ARGS);

    83     return SECFailure;

    84   }

    86   sslsocket = ssl_FindSocket(socket);

    87   if (!sslsocket) {

    88     SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",

    89              SSL_GETPID(), socket));

    90     return SECFailure;

    91   }

    93   *pYes = PR_FALSE;

    95   /* according to public API SSL_GetChannelInfo, this doesn't need a lock */

    96   if (sslsocket->opt.useSecurity) {

    97     if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */

    98       /* now we know this socket went through ssl3_InitState() and

    99        * ss->xtnData got initialized, which is the only member accessed by

   100        * ssl3_ExtensionNegotiated();

   101        * Member xtnData appears to get accessed in functions that handle

   102        * the handshake (hello messages and extension sending),

   103        * therefore the handshake lock should be sufficient.

   104        */

   105       ssl_GetSSL3HandshakeLock(sslsocket);

   106       *pYes = ssl3_ExtensionNegotiated(sslsocket, extId);

   107       ssl_ReleaseSSL3HandshakeLock(sslsocket);

   108     }

   109   }

   111   return SECSuccess;

   112 }

The Tor Browser / file revision