← Back to branch summary

~ubuntu-branches/ubuntu/raring/nss/raring-security

~ubuntu-branches/ubuntu/raring/nss/raring-security

« back to all changes in this revision

Viewing changes to mozilla/security/nss/lib/ssl/sslreveal.c

Committer: Bazaar Package Importer
Author(s): Chris Coulson
Date: 2010-10-04 22:29:19 UTC
mfrom: (1.1.13 upstream) (24.1.1 maverick-security)
Revision ID: james.westby@ubuntu.com-20101004222919-f94922gs962h6hnp

Tags: 3.12.8-0ubuntu0.10.10.1

* New upstream release v3.12.8 (NSS_3_12_8_RTM)
  - Fix browser wildcard certificate validation issue
  - Update root certs
  - Fix SSL deadlocks
* Refresh patches:
  - update debian/patches/38_kbsd.patch
  - update debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch

files modified:
debian/changelog

debian/patches/38_kbsd.patch

debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch

mozilla/security/coreconf/Darwin.mk

mozilla/security/coreconf/Linux.mk

mozilla/security/coreconf/WIN32.mk

mozilla/security/coreconf/headers.mk

mozilla/security/nss/cmd/certutil/certutil.c

mozilla/security/nss/cmd/lib/SECerrs.h

mozilla/security/nss/cmd/lib/SSLerrs.h

mozilla/security/nss/cmd/lib/secutil.c

mozilla/security/nss/cmd/lib/secutil.h

mozilla/security/nss/cmd/pk12util/pk12util.c

mozilla/security/nss/cmd/strsclnt/strsclnt.c

mozilla/security/nss/cmd/tstclnt/tstclnt.c

mozilla/security/nss/lib/certdb/certdb.c

mozilla/security/nss/lib/certhigh/certhtml.c

mozilla/security/nss/lib/certhigh/certreq.c

mozilla/security/nss/lib/ckfw/builtins/certdata.c

mozilla/security/nss/lib/ckfw/builtins/certdata.txt

mozilla/security/nss/lib/ckfw/builtins/nssckbi.h

mozilla/security/nss/lib/crmf/servget.c

mozilla/security/nss/lib/freebl/Makefile

mozilla/security/nss/lib/freebl/config.mk

mozilla/security/nss/lib/freebl/ldvector.c

mozilla/security/nss/lib/jar/jar.h

mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c

mozilla/security/nss/lib/nss/nss.h

mozilla/security/nss/lib/pk11wrap/debug_module.c

mozilla/security/nss/lib/pk11wrap/pk11auth.c

mozilla/security/nss/lib/pkcs12/p12d.c

mozilla/security/nss/lib/pkcs12/p12e.c

mozilla/security/nss/lib/smime/cmssiginfo.c

mozilla/security/nss/lib/softoken/legacydb/keydb.c

mozilla/security/nss/lib/softoken/legacydb/manifest.mn

mozilla/security/nss/lib/softoken/manifest.mn

mozilla/security/nss/lib/softoken/pkcs11.c

mozilla/security/nss/lib/softoken/sdb.c

mozilla/security/nss/lib/softoken/sdb.h

mozilla/security/nss/lib/softoken/softkver.h

mozilla/security/nss/lib/ssl/ssl.h

mozilla/security/nss/lib/ssl/ssl3con.c

mozilla/security/nss/lib/ssl/ssl3gthr.c

mozilla/security/nss/lib/ssl/sslauth.c

mozilla/security/nss/lib/ssl/sslerr.h

mozilla/security/nss/lib/ssl/sslimpl.h

mozilla/security/nss/lib/ssl/sslinfo.c

mozilla/security/nss/lib/ssl/sslreveal.c

mozilla/security/nss/lib/ssl/sslsecur.c

mozilla/security/nss/lib/ssl/sslsock.c

mozilla/security/nss/lib/util/nssutil.h

mozilla/security/nss/lib/util/secoid.c

mozilla/security/nss/tests/ssl/sslstress.txt

Show diffs side-by-side

added added

removed removed

mozilla/security/nss/lib/ssl/sslreveal.c

36

36

* the terms of any one of the MPL, the GPL or the LGPL.

37

37

*

38

38

* ***** END LICENSE BLOCK ***** */

39

/* $Id: sslreveal.c,v 1.7 2010/02/04 03:21:11 wtc%google.com Exp $ */

39

/* $Id: sslreveal.c,v 1.7.2.1 2010/08/03 18:52:13 wtc%google.com Exp $ */

40

40

41

41

#include "cert.h"

42

42

#include "ssl.h"

111

111

/* some decisions derived from SSL_GetChannelInfo */

112

112

sslSocket * sslsocket = NULL;

113

113

SECStatus rv = SECFailure;

114

PRBool enoughFirstHsDone = PR_FALSE;

114

115

115

116

if (!pYes)

116

117

return rv;

117

118

118

119

sslsocket = ssl_FindSocket(socket);

120

if (!sslsocket) {

121

SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",

122

SSL_GETPID(), socket));

123

return rv;

124

}

125

126

if (sslsocket->firstHsDone) {

127

enoughFirstHsDone = PR_TRUE;

128

} else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) {

129

enoughFirstHsDone = PR_TRUE;

130

}

119

131

120

132

/* according to public API SSL_GetChannelInfo, this doesn't need a lock */

121

if (sslsocket && sslsocket->opt.useSecurity && sslsocket->firstHsDone) {

133

if (sslsocket->opt.useSecurity && enoughFirstHsDone) {

122

134

if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */

123

135

/* now we know this socket went through ssl3_InitState() and

124

136

* ss->xtnData got initialized, which is the only member accessed by

Older »