Bug 67507 - implement TLSStepUp(). r=javi. Not part of build.

This commit is contained in:
bryner%uiuc.edu 2001-02-05 21:46:24 +00:00
Родитель 34539fbc41
Коммит 8668f287ba
2 изменённых файлов: 30 добавлений и 5 удалений

Просмотреть файл

@ -59,10 +59,11 @@ extern PRLogModuleInfo* gPIPNSSLog;
#endif
nsNSSSocketInfo::nsNSSSocketInfo()
: mSecurityState(nsIWebProgressListener::STATE_IS_INSECURE),
: mChannel(nsnull),
mFd(nsnull),
mSecurityState(nsIWebProgressListener::STATE_IS_INSECURE),
mForceHandshake(PR_FALSE),
mUseTLS(PR_FALSE),
mChannel(nsnull)
mUseTLS(PR_FALSE)
{
NS_INIT_ISUPPORTS();
}
@ -238,6 +239,24 @@ nsNSSSocketInfo::ProxyStepUp()
NS_IMETHODIMP
nsNSSSocketInfo::TLSStepUp()
{
if (SECSuccess != SSL_OptionSet(mFd, SSL_SECURITY, PR_TRUE))
return NS_ERROR_FAILURE;
if (SECSuccess != SSL_ResetHandshake(mFd, PR_FALSE))
return NS_ERROR_FAILURE;
return NS_OK;
}
nsresult nsNSSSocketInfo::GetFileDescPtr(PRFileDesc** aFilePtr)
{
*aFilePtr = mFd;
return NS_OK;
}
nsresult nsNSSSocketInfo::SetFileDescPtr(PRFileDesc* aFilePtr)
{
mFd = aFilePtr;
return NS_OK;
}
@ -508,6 +527,7 @@ nsSSLIOLayerAddToSocket(const char* host,
goto loser;
}
infoObject->SetFileDescPtr(sslSock);
SSL_SetPKCS11PinArg(sslSock, (nsIInterfaceRequestor*)infoObject);
SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject);
SSL_GetClientAuthDataHook(sslSock, (SSLGetClientAuthData)NSS_GetClientAuthData,
@ -534,9 +554,10 @@ nsSSLIOLayerAddToSocket(const char* host,
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%p] Socket set up\n", (void*)sslSock));
infoObject->QueryInterface(NS_GET_IID(nsISupports), (void**) (info));
if (SECSuccess != SSL_OptionSet(sslSock, SSL_SECURITY, PR_TRUE)) {
if (useTLS &&
SECSuccess != SSL_OptionSet(sslSock, SSL_SECURITY, PR_FALSE))
goto loser;
}
if (SECSuccess != SSL_OptionSet(sslSock, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE)) {
goto loser;
}

Просмотреть файл

@ -57,6 +57,9 @@ public:
nsresult SetUseTLS(PRBool useTLS);
nsresult GetUseTLS(PRBool *useTLS);
nsresult GetFileDescPtr(PRFileDesc** aFilePtr);
nsresult SetFileDescPtr(PRFileDesc* aFilePtr);
protected:
nsString mHostName;
@ -67,6 +70,7 @@ protected:
nsIChannel* mChannel; // note, don't use an owning reference
// to avoid circular references
PRFileDesc* mFd;
PRInt32 mSecurityState;
nsString mShortDesc;
PRBool mForceHandshake;