diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2003-02-05 03:00:47 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2003-02-05 03:00:47 +0000 |
commit | 4d2bc7e18152503dfc4347839857b1121f41347c (patch) | |
tree | 550977b0f4e9b076ca9701a7c860aa2e111f890e | |
parent | bb305c589df5be308ad2563bb6989cbe83abe5f6 (diff) | |
download | nss-hg-4d2bc7e18152503dfc4347839857b1121f41347c.tar.gz |
fix ssl2 bugs
-rw-r--r-- | security/nss/cmd/tstclnt/tstclnt.c | 9 | ||||
-rw-r--r-- | security/nss/lib/pki/cryptocontext.c | 6 | ||||
-rw-r--r-- | security/nss/lib/pki/volatiledomain.c | 13 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 6 | ||||
-rw-r--r-- | security/nss/lib/ssl/sslcon.c | 3 | ||||
-rw-r--r-- | security/nss/tests/ssl/sslcov.txt | 4 |
6 files changed, 20 insertions, 21 deletions
diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index 8f5103e61..9eb08fd53 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -312,13 +312,14 @@ int main(int argc, char **argv) PRStatus prStatus; NSSCallback *pwcb; NSSTrustDomain *td = NULL; + PRFileDesc *infile = NULL; progName = strrchr(argv[0], '/'); if (!progName) progName = strrchr(argv[0], '\\'); progName = progName ? progName+1 : argv[0]; - optstate = PL_CreateOptState(argc, argv, "23Tfc:h:p:d:m:n:oqvw:x"); + optstate = PL_CreateOptState(argc, argv, "23Tfc:h:i:p:d:m:n:oqvw:x"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -339,6 +340,8 @@ int main(int argc, char **argv) case 'f': break; #endif + case 'i': infile = PR_Open(optstate->value, PR_RDONLY, 0); break; + case 'd': certDir = strdup(optstate->value); break; @@ -607,7 +610,7 @@ int main(int argc, char **argv) pollset[0].fd = s; pollset[0].in_flags = PR_POLL_READ; - pollset[1].fd = PR_GetSpecialFD(PR_StandardInput); + pollset[1].fd = infile ? infile : PR_GetSpecialFD(PR_StandardInput); pollset[1].in_flags = PR_POLL_READ; npds = 2; std_out = PR_GetSpecialFD(PR_StandardOutput); @@ -730,6 +733,6 @@ int main(int argc, char **argv) PR_Close(s); SSL_ClearSessionCache(); NSS_Shutdown(); - PR_Cleanup(); + /* XXX idm PR_Cleanup(); */ return error; } diff --git a/security/nss/lib/pki/cryptocontext.c b/security/nss/lib/pki/cryptocontext.c index d3159c013..065bb340f 100644 --- a/security/nss/lib/pki/cryptocontext.c +++ b/security/nss/lib/pki/cryptocontext.c @@ -162,10 +162,10 @@ nssCryptoContext_Destroy ( { PRStatus status = PR_SUCCESS; switch (cc->which) { - case a_cert: nssCert_Destroy(cc->u.cert); break; - case a_pubkey: nssPublicKey_Destroy(cc->u.bkey); break; + case a_cert: nssCert_Destroy(cc->u.cert); break; + case a_pubkey: nssPublicKey_Destroy(cc->u.bkey); break; case a_privkey: nssPrivateKey_Destroy(cc->u.vkey); break; - case a_symkey: nssSymKey_Destroy(cc->u.mkey); break; + case a_symkey: nssSymKey_Destroy(cc->u.mkey); break; default: break; } if (cc->key) { diff --git a/security/nss/lib/pki/volatiledomain.c b/security/nss/lib/pki/volatiledomain.c index 59ffa082f..29a67d0d4 100644 --- a/security/nss/lib/pki/volatiledomain.c +++ b/security/nss/lib/pki/volatiledomain.c @@ -620,8 +620,7 @@ nssVolatileDomain_FindBestCertByNickname ( NULL, 0, NULL); if (certs) { /* find the best one */ - rvCert = nssCertArray_FindBestCert(certs, time, - usages, policiesOpt); + rvCert = nssCertArray_FindBestCert(certs, time, usages, policiesOpt); nssCertArray_Destroy(certs); } return rvCert; @@ -637,8 +636,8 @@ NSSVolatileDomain_FindBestCertByNickname ( ) { return nssVolatileDomain_FindBestCertByNickname(vd, name, - time, usages, - policiesOpt); + time, usages, + policiesOpt); } NSS_IMPLEMENT NSSCert * @@ -681,8 +680,7 @@ NSSVolatileDomain_FindCertByIssuerAndSerialNumber ( ) { return nssVolatileDomain_FindCertByIssuerAndSerialNumber(vd, - issuer, - serial); + issuer, serial); } NSS_IMPLEMENT NSSCert ** @@ -748,8 +746,7 @@ nssVolatileDomain_FindBestCertBySubject ( NSSCert *rvCert = NULL; /* search the volatile (and trust) domain by subject */ - certs = nssVolatileDomain_FindCertsBySubject(vd, subject, - NULL, 0, NULL); + certs = nssVolatileDomain_FindCertsBySubject(vd, subject, NULL, 0, NULL); if (certs) { /* find the best one */ rvCert = nssCertArray_FindBestCert(certs, time, usages, policiesOpt); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 237f17404..d750eb132 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -88,9 +88,7 @@ static NSSSymKey *ssl3_GenerateRSAPMS(sslSocket *ss, static PRStatus ssl3_GenerateSessionKeys( sslSocket *ss, NSSSymKey *pmsOpt); static SECStatus ssl3_HandshakeFailure( sslSocket *ss); static SECStatus ssl3_InitState( sslSocket *ss); -#ifdef IMPLEMENT_SESSION_ID_CACHE static sslSessionID *ssl3_NewSessionID( sslSocket *ss, PRBool is_server); -#endif /* IMPLEMENT_SESSION_ID_CACHE */ static SECStatus ssl3_SendCertificate( sslSocket *ss); static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); @@ -2921,12 +2919,10 @@ ssl3_SendClientHello(sslSocket *ss) if (rv != SECSuccess) return rv; /* error code was set */ -#ifdef IMPLEMENT_SSL_SESSION_ID_CACHE sid = ssl3_NewSessionID(ss, PR_FALSE); if (!sid) { return SECFailure; /* memory error is set */ } -#endif /* IMPLEMENT_SSL_SESSION_ID_CACHE */ } ssl_GetSpecWriteLock(ss); @@ -5470,6 +5466,7 @@ compression_found: sid = NULL; } ++ssl3stats.hch_sid_cache_misses; +#endif /* IMPLEMENT_SESSION_ID_CACHE */ sid = ssl3_NewSessionID(ss, PR_TRUE); if (sid == NULL) { @@ -5477,7 +5474,6 @@ compression_found: goto loser; /* memory error is set. */ } ss->sec.ci.sid = sid; -#endif /* IMPLEMENT_SESSION_ID_CACHE */ ssl3->hs.isResuming = PR_FALSE; ssl_GetXmitBufLock(ss); diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index e04064879..18f81826a 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -1556,6 +1556,7 @@ ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient) writecx = NSSSymKey_CreateCryptoContext(symKey, ap, NULL); if (writecx == NULL) goto loser; + NSSSymKey_Destroy(symKey); symKey = NULL; status = NSSCryptoContext_BeginEncrypt(writecx, NULL, NULL); if (status == PR_FAILURE) @@ -3107,6 +3108,8 @@ ssl2_BeginClientHandshake(sslSocket *ss) ss->sec.localCert = CERT_DupCertificate(sid->localCert); break; /* this isn't really a loop */ } +#else + sid = NULL; #endif /* IMPLEMENT_SESSION_ID_CACHE */ if (!sid) { sidLen = 0; diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt index e04bc84a0..c960eade1 100644 --- a/security/nss/tests/ssl/sslcov.txt +++ b/security/nss/tests/ssl/sslcov.txt @@ -9,10 +9,10 @@ # noTLS A SSL2 RC4 128 WITH MD5 # TLS B SSL2 RC4 128 EXPORT40 WITH MD5 - TLS C SSL2 RC2 128 CBC WITH MD5 +# TLS C SSL2 RC2 128 CBC WITH MD5 # noTLS D SSL2 RC2 128 CBC EXPORT40 WITH MD5 TLS E SSL2 DES 64 CBC WITH MD5 - noTLS F SSL2 DES 192 EDE3 CBC WITH MD5 +# noTLS F SSL2 DES 192 EDE3 CBC WITH MD5 # # noTLS a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA # noTLS b SSL3 FORTEZZA DMS WITH RC4 128 SHA |