|
|
f3f450 |
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
|
f3f450 |
--- a/lib/ssl/sslsock.c
|
|
|
f3f450 |
+++ b/lib/ssl/sslsock.c
|
|
|
f3f450 |
@@ -4394,62 +4394,82 @@ ssl_ClearPRCList(PRCList *list, void (*f
|
|
|
f3f450 |
}
|
|
|
f3f450 |
PORT_Free(cursor);
|
|
|
f3f450 |
}
|
|
|
f3f450 |
}
|
|
|
f3f450 |
|
|
|
f3f450 |
SECStatus
|
|
|
f3f450 |
SSLExp_EnableTls13GreaseEch(PRFileDesc *fd, PRBool enabled)
|
|
|
f3f450 |
{
|
|
|
f3f450 |
+#ifdef notdef
|
|
|
f3f450 |
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
f3f450 |
if (!ss) {
|
|
|
f3f450 |
return SECFailure;
|
|
|
f3f450 |
}
|
|
|
f3f450 |
ss->opt.enableTls13GreaseEch = enabled;
|
|
|
f3f450 |
return SECSuccess;
|
|
|
f3f450 |
+#else
|
|
|
f3f450 |
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
|
|
|
f3f450 |
+ return SECFailure;
|
|
|
f3f450 |
+#endif
|
|
|
f3f450 |
}
|
|
|
f3f450 |
|
|
|
f3f450 |
SECStatus
|
|
|
f3f450 |
SSLExp_SetTls13GreaseEchSize(PRFileDesc *fd, PRUint8 size)
|
|
|
f3f450 |
{
|
|
|
f3f450 |
+#ifdef notdef
|
|
|
f3f450 |
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
f3f450 |
if (!ss || size == 0) {
|
|
|
f3f450 |
return SECFailure;
|
|
|
f3f450 |
}
|
|
|
f3f450 |
ssl_Get1stHandshakeLock(ss);
|
|
|
f3f450 |
ssl_GetSSL3HandshakeLock(ss);
|
|
|
f3f450 |
|
|
|
f3f450 |
ss->ssl3.hs.greaseEchSize = size;
|
|
|
f3f450 |
|
|
|
f3f450 |
ssl_ReleaseSSL3HandshakeLock(ss);
|
|
|
f3f450 |
ssl_Release1stHandshakeLock(ss);
|
|
|
f3f450 |
|
|
|
f3f450 |
return SECSuccess;
|
|
|
f3f450 |
+#else
|
|
|
f3f450 |
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
|
|
|
f3f450 |
+ return SECFailure;
|
|
|
f3f450 |
+#endif
|
|
|
f3f450 |
}
|
|
|
f3f450 |
|
|
|
f3f450 |
SECStatus
|
|
|
f3f450 |
SSLExp_EnableTls13BackendEch(PRFileDesc *fd, PRBool enabled)
|
|
|
f3f450 |
{
|
|
|
f3f450 |
+#ifdef notdef
|
|
|
f3f450 |
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
f3f450 |
if (!ss) {
|
|
|
f3f450 |
return SECFailure;
|
|
|
f3f450 |
}
|
|
|
f3f450 |
ss->opt.enableTls13BackendEch = enabled;
|
|
|
f3f450 |
return SECSuccess;
|
|
|
f3f450 |
+#else
|
|
|
f3f450 |
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
|
|
|
f3f450 |
+ return SECFailure;
|
|
|
f3f450 |
+#endif
|
|
|
f3f450 |
}
|
|
|
f3f450 |
|
|
|
f3f450 |
SECStatus
|
|
|
f3f450 |
SSLExp_CallExtensionWriterOnEchInner(PRFileDesc *fd, PRBool enabled)
|
|
|
f3f450 |
{
|
|
|
f3f450 |
+#ifdef notdef
|
|
|
f3f450 |
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
f3f450 |
if (!ss) {
|
|
|
f3f450 |
return SECFailure;
|
|
|
f3f450 |
}
|
|
|
f3f450 |
ss->opt.callExtensionWriterOnEchInner = enabled;
|
|
|
f3f450 |
return SECSuccess;
|
|
|
f3f450 |
+#else
|
|
|
f3f450 |
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
|
|
|
f3f450 |
+ return SECFailure;
|
|
|
f3f450 |
+#endif
|
|
|
f3f450 |
}
|
|
|
f3f450 |
|
|
|
f3f450 |
SECStatus
|
|
|
f3f450 |
SSLExp_SetDtls13VersionWorkaround(PRFileDesc *fd, PRBool enabled)
|
|
|
f3f450 |
{
|
|
|
f3f450 |
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
f3f450 |
if (!ss) {
|
|
|
f3f450 |
return SECFailure;
|
|
|
f3f450 |
diff -up ./gtests/ssl_gtest/manifest.mn.disable_ech ./gtests/ssl_gtest/manifest.mn
|
|
|
f3f450 |
--- ./gtests/ssl_gtest/manifest.mn.disable_ech 2023-06-21 19:02:02.160400997 +0200
|
|
|
f3f450 |
+++ ./gtests/ssl_gtest/manifest.mn 2023-06-21 19:02:18.226618324 +0200
|
|
|
f3f450 |
@@ -57,7 +57,6 @@ CPPSRCS = \
|
|
|
f3f450 |
tls_filter.cc \
|
|
|
f3f450 |
tls_protect.cc \
|
|
|
f3f450 |
tls_psk_unittest.cc \
|
|
|
f3f450 |
- tls_ech_unittest.cc \
|
|
|
f3f450 |
$(SSLKEYLOGFILE_FILES) \
|
|
|
f3f450 |
$(NULL)
|