|
|
c6cc0b |
diff -up nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc.alert-handler nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
|
|
|
c6cc0b |
--- nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc.alert-handler 2017-02-17 14:20:06.000000000 +0100
|
|
|
c6cc0b |
+++ nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc 2017-03-14 11:01:42.563689719 +0100
|
|
|
c6cc0b |
@@ -24,6 +24,8 @@ namespace nss_test {
|
|
|
c6cc0b |
|
|
|
c6cc0b |
TEST_P(TlsConnectTls13, ZeroRtt) {
|
|
|
c6cc0b |
SetupForZeroRtt();
|
|
|
c6cc0b |
+ client_->SetExpectedAlertSentCount(1);
|
|
|
c6cc0b |
+ server_->SetExpectedAlertReceivedCount(1);
|
|
|
c6cc0b |
client_->Set0RttEnabled(true);
|
|
|
c6cc0b |
server_->Set0RttEnabled(true);
|
|
|
c6cc0b |
ExpectResumption(RESUME_TICKET);
|
|
|
c6cc0b |
@@ -103,6 +105,8 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRtt
|
|
|
c6cc0b |
EnableAlpn();
|
|
|
c6cc0b |
SetupForZeroRtt();
|
|
|
c6cc0b |
EnableAlpn();
|
|
|
c6cc0b |
+ client_->SetExpectedAlertSentCount(1);
|
|
|
c6cc0b |
+ server_->SetExpectedAlertReceivedCount(1);
|
|
|
c6cc0b |
client_->Set0RttEnabled(true);
|
|
|
c6cc0b |
server_->Set0RttEnabled(true);
|
|
|
c6cc0b |
ExpectResumption(RESUME_TICKET);
|
|
|
c6cc0b |
diff -up nss/gtests/ssl_gtest/ssl_exporter_unittest.cc.alert-handler nss/gtests/ssl_gtest/ssl_exporter_unittest.cc
|
|
|
c6cc0b |
--- nss/gtests/ssl_gtest/ssl_exporter_unittest.cc.alert-handler 2017-02-17 14:20:06.000000000 +0100
|
|
|
c6cc0b |
+++ nss/gtests/ssl_gtest/ssl_exporter_unittest.cc 2017-03-14 11:01:42.563689719 +0100
|
|
|
c6cc0b |
@@ -90,6 +90,8 @@ int32_t RegularExporterShouldFail(TlsAge
|
|
|
c6cc0b |
|
|
|
c6cc0b |
TEST_P(TlsConnectTls13, EarlyExporter) {
|
|
|
c6cc0b |
SetupForZeroRtt();
|
|
|
c6cc0b |
+ client_->SetExpectedAlertSentCount(1);
|
|
|
c6cc0b |
+ server_->SetExpectedAlertReceivedCount(1);
|
|
|
c6cc0b |
client_->Set0RttEnabled(true);
|
|
|
c6cc0b |
server_->Set0RttEnabled(true);
|
|
|
c6cc0b |
ExpectResumption(RESUME_TICKET);
|
|
|
c6cc0b |
diff -up nss/gtests/ssl_gtest/ssl_extension_unittest.cc.alert-handler nss/gtests/ssl_gtest/ssl_extension_unittest.cc
|
|
|
c6cc0b |
--- nss/gtests/ssl_gtest/ssl_extension_unittest.cc.alert-handler 2017-03-14 11:01:42.563689719 +0100
|
|
|
c6cc0b |
+++ nss/gtests/ssl_gtest/ssl_extension_unittest.cc 2017-03-14 11:06:39.215006989 +0100
|
|
|
c6cc0b |
@@ -167,27 +167,69 @@ class TlsExtensionTestBase : public TlsC
|
|
|
c6cc0b |
: TlsConnectTestBase(mode, version) {}
|
|
|
c6cc0b |
|
|
|
c6cc0b |
void ClientHelloErrorTest(PacketFilter* filter,
|
|
|
c6cc0b |
- uint8_t alert = kTlsAlertDecodeError) {
|
|
|
c6cc0b |
+ uint8_t desc = kTlsAlertDecodeError) {
|
|
|
c6cc0b |
+ SSLAlert alert;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
auto alert_recorder = new TlsAlertRecorder();
|
|
|
c6cc0b |
server_->SetPacketFilter(alert_recorder);
|
|
|
c6cc0b |
if (filter) {
|
|
|
c6cc0b |
client_->SetPacketFilter(filter);
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
ConnectExpectFail();
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
|
|
|
c6cc0b |
- EXPECT_EQ(alert, alert_recorder->description());
|
|
|
c6cc0b |
+ EXPECT_EQ(desc, alert_recorder->description());
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ // verify no alerts received by the server
|
|
|
c6cc0b |
+ EXPECT_EQ(0U, server_->alert_received_count());
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ // verify the alert sent by the server
|
|
|
c6cc0b |
+ EXPECT_EQ(1U, server_->alert_sent_count());
|
|
|
c6cc0b |
+ EXPECT_TRUE(server_->GetLastAlertSent(&alert));
|
|
|
c6cc0b |
+ EXPECT_EQ(kTlsAlertFatal, alert.level);
|
|
|
c6cc0b |
+ EXPECT_EQ(desc, alert.description);
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ // verify the alert received by the client
|
|
|
c6cc0b |
+ EXPECT_EQ(1U, client_->alert_received_count());
|
|
|
c6cc0b |
+ EXPECT_TRUE(client_->GetLastAlertReceived(&alert));
|
|
|
c6cc0b |
+ EXPECT_EQ(kTlsAlertFatal, alert.level);
|
|
|
c6cc0b |
+ EXPECT_EQ(desc, alert.description);
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ // verify no alerts sent by the client
|
|
|
c6cc0b |
+ EXPECT_EQ(0U, client_->alert_sent_count());
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
|
|
|
c6cc0b |
void ServerHelloErrorTest(PacketFilter* filter,
|
|
|
c6cc0b |
- uint8_t alert = kTlsAlertDecodeError) {
|
|
|
c6cc0b |
+ uint8_t desc = kTlsAlertDecodeError) {
|
|
|
c6cc0b |
+ SSLAlert alert;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
auto alert_recorder = new TlsAlertRecorder();
|
|
|
c6cc0b |
client_->SetPacketFilter(alert_recorder);
|
|
|
c6cc0b |
if (filter) {
|
|
|
c6cc0b |
server_->SetPacketFilter(filter);
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
ConnectExpectFail();
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
|
|
|
c6cc0b |
- EXPECT_EQ(alert, alert_recorder->description());
|
|
|
c6cc0b |
+ EXPECT_EQ(desc, alert_recorder->description());
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ // verify no alerts received by the client
|
|
|
c6cc0b |
+ EXPECT_EQ(0U, client_->alert_received_count());
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ // verify the alert sent by the client
|
|
|
c6cc0b |
+ EXPECT_EQ(1U, client_->alert_sent_count());
|
|
|
c6cc0b |
+ EXPECT_TRUE(client_->GetLastAlertSent(&alert));
|
|
|
c6cc0b |
+ EXPECT_EQ(kTlsAlertFatal, alert.level);
|
|
|
c6cc0b |
+ EXPECT_EQ(desc, alert.description);
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ // verify the alert received by the server
|
|
|
c6cc0b |
+ EXPECT_EQ(1U, server_->alert_received_count());
|
|
|
c6cc0b |
+ EXPECT_TRUE(server_->GetLastAlertReceived(&alert));
|
|
|
c6cc0b |
+ EXPECT_EQ(kTlsAlertFatal, alert.level);
|
|
|
c6cc0b |
+ EXPECT_EQ(desc, alert.description);
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ // verify no alerts sent by the server
|
|
|
c6cc0b |
+ EXPECT_EQ(0U, server_->alert_sent_count());
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
|
|
|
c6cc0b |
static void InitSimpleSni(DataBuffer* extension) {
|
|
|
c6cc0b |
diff -up nss/gtests/ssl_gtest/ssl_version_unittest.cc.alert-handler nss/gtests/ssl_gtest/ssl_version_unittest.cc
|
|
|
c6cc0b |
--- nss/gtests/ssl_gtest/ssl_version_unittest.cc.alert-handler 2017-02-17 14:20:06.000000000 +0100
|
|
|
c6cc0b |
+++ nss/gtests/ssl_gtest/ssl_version_unittest.cc 2017-03-14 11:01:42.563689719 +0100
|
|
|
c6cc0b |
@@ -225,6 +225,7 @@ TEST_F(TlsConnectTest, Tls13RejectsRehan
|
|
|
c6cc0b |
|
|
|
c6cc0b |
TEST_P(TlsConnectGeneric, AlertBeforeServerHello) {
|
|
|
c6cc0b |
EnsureTlsSetup();
|
|
|
c6cc0b |
+ client_->SetExpectedAlertReceivedCount(1);
|
|
|
c6cc0b |
client_->StartConnect();
|
|
|
c6cc0b |
server_->StartConnect();
|
|
|
c6cc0b |
client_->Handshake(); // Send ClientHello.
|
|
|
c6cc0b |
diff -up nss/gtests/ssl_gtest/tls_agent.cc.alert-handler nss/gtests/ssl_gtest/tls_agent.cc
|
|
|
c6cc0b |
--- nss/gtests/ssl_gtest/tls_agent.cc.alert-handler 2017-02-17 14:20:06.000000000 +0100
|
|
|
c6cc0b |
+++ nss/gtests/ssl_gtest/tls_agent.cc 2017-03-14 11:07:22.414890511 +0100
|
|
|
c6cc0b |
@@ -61,6 +61,12 @@ TlsAgent::TlsAgent(const std::string& na
|
|
|
c6cc0b |
can_falsestart_hook_called_(false),
|
|
|
c6cc0b |
sni_hook_called_(false),
|
|
|
c6cc0b |
auth_certificate_hook_called_(false),
|
|
|
c6cc0b |
+ alert_received_count_(0),
|
|
|
c6cc0b |
+ expected_alert_received_count_(0),
|
|
|
c6cc0b |
+ last_alert_received_({0, 0}),
|
|
|
c6cc0b |
+ alert_sent_count_(0),
|
|
|
c6cc0b |
+ expected_alert_sent_count_(0),
|
|
|
c6cc0b |
+ last_alert_sent_({0, 0}),
|
|
|
c6cc0b |
handshake_callback_called_(false),
|
|
|
c6cc0b |
error_code_(0),
|
|
|
c6cc0b |
send_ctr_(0),
|
|
|
c6cc0b |
@@ -165,6 +171,14 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc
|
|
|
c6cc0b |
EXPECT_EQ(SECSuccess, rv);
|
|
|
c6cc0b |
if (rv != SECSuccess) return false;
|
|
|
c6cc0b |
|
|
|
c6cc0b |
+ rv = SSL_AlertReceivedCallback(ssl_fd(), AlertReceivedCallback, this);
|
|
|
c6cc0b |
+ EXPECT_EQ(SECSuccess, rv);
|
|
|
c6cc0b |
+ if (rv != SECSuccess) return false;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ rv = SSL_AlertSentCallback(ssl_fd(), AlertSentCallback, this);
|
|
|
c6cc0b |
+ EXPECT_EQ(SECSuccess, rv);
|
|
|
c6cc0b |
+ if (rv != SECSuccess) return false;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
rv = SSL_HandshakeCallback(ssl_fd_, HandshakeCallback, this);
|
|
|
c6cc0b |
EXPECT_EQ(SECSuccess, rv);
|
|
|
c6cc0b |
if (rv != SECSuccess) return false;
|
|
|
c6cc0b |
@@ -578,6 +592,11 @@ void TlsAgent::CheckErrorCode(int32_t ex
|
|
|
c6cc0b |
<< PORT_ErrorToName(expected) << std::endl;
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
|
|
|
c6cc0b |
+void TlsAgent::CheckAlerts() const {
|
|
|
c6cc0b |
+ EXPECT_EQ(expected_alert_received_count_, alert_received_count_);
|
|
|
c6cc0b |
+ EXPECT_EQ(expected_alert_sent_count_, alert_sent_count_);
|
|
|
c6cc0b |
+}
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
void TlsAgent::WaitForErrorCode(int32_t expected, uint32_t delay) const {
|
|
|
c6cc0b |
ASSERT_EQ(0, error_code_);
|
|
|
c6cc0b |
WAIT_(error_code_ != 0, delay);
|
|
|
c6cc0b |
diff -up nss/gtests/ssl_gtest/tls_agent.h.alert-handler nss/gtests/ssl_gtest/tls_agent.h
|
|
|
c6cc0b |
--- nss/gtests/ssl_gtest/tls_agent.h.alert-handler 2017-02-17 14:20:06.000000000 +0100
|
|
|
c6cc0b |
+++ nss/gtests/ssl_gtest/tls_agent.h 2017-03-14 11:01:42.564689693 +0100
|
|
|
c6cc0b |
@@ -139,6 +139,7 @@ class TlsAgent : public PollTarget {
|
|
|
c6cc0b |
void EnableSrtp();
|
|
|
c6cc0b |
void CheckSrtp() const;
|
|
|
c6cc0b |
void CheckErrorCode(int32_t expected) const;
|
|
|
c6cc0b |
+ void CheckAlerts() const;
|
|
|
c6cc0b |
void WaitForErrorCode(int32_t expected, uint32_t delay) const;
|
|
|
c6cc0b |
// Send data on the socket, encrypting it.
|
|
|
c6cc0b |
void SendData(size_t bytes, size_t blocksize = 1024);
|
|
|
c6cc0b |
@@ -239,6 +240,34 @@ class TlsAgent : public PollTarget {
|
|
|
c6cc0b |
sni_callback_ = sni_callback;
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
|
|
|
c6cc0b |
+ size_t alert_received_count() const { return alert_received_count_; }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ void SetExpectedAlertReceivedCount(size_t count) {
|
|
|
c6cc0b |
+ expected_alert_received_count_ = count;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ bool GetLastAlertReceived(SSLAlert* alert) const {
|
|
|
c6cc0b |
+ if (!alert_received_count_) {
|
|
|
c6cc0b |
+ return false;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+ *alert = last_alert_received_;
|
|
|
c6cc0b |
+ return true;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ size_t alert_sent_count() const { return alert_sent_count_; }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ void SetExpectedAlertSentCount(size_t count) {
|
|
|
c6cc0b |
+ expected_alert_sent_count_ = count;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ bool GetLastAlertSent(SSLAlert* alert) const {
|
|
|
c6cc0b |
+ if (!alert_sent_count_) {
|
|
|
c6cc0b |
+ return false;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+ *alert = last_alert_sent_;
|
|
|
c6cc0b |
+ return true;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
private:
|
|
|
c6cc0b |
const static char* states[];
|
|
|
c6cc0b |
|
|
|
c6cc0b |
@@ -320,6 +349,30 @@ class TlsAgent : public PollTarget {
|
|
|
c6cc0b |
return SECSuccess;
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
|
|
|
c6cc0b |
+ static void AlertReceivedCallback(const PRFileDesc* fd, void* arg,
|
|
|
c6cc0b |
+ const SSLAlert* alert) {
|
|
|
c6cc0b |
+ TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ std::cerr << agent->role_str()
|
|
|
c6cc0b |
+ << ": Alert received: level=" << static_cast<int>(alert->level)
|
|
|
c6cc0b |
+ << " desc=" << static_cast<int>(alert->description) << std::endl;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ ++agent->alert_received_count_;
|
|
|
c6cc0b |
+ agent->last_alert_received_ = *alert;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ static void AlertSentCallback(const PRFileDesc* fd, void* arg,
|
|
|
c6cc0b |
+ const SSLAlert* alert) {
|
|
|
c6cc0b |
+ TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ std::cerr << agent->role_str()
|
|
|
c6cc0b |
+ << ": Alert sent: level=" << static_cast<int>(alert->level)
|
|
|
c6cc0b |
+ << " desc=" << static_cast<int>(alert->description) << std::endl;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ ++agent->alert_sent_count_;
|
|
|
c6cc0b |
+ agent->last_alert_sent_ = *alert;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
static void HandshakeCallback(PRFileDesc* fd, void* arg) {
|
|
|
c6cc0b |
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
|
|
|
c6cc0b |
agent->handshake_callback_called_ = true;
|
|
|
c6cc0b |
@@ -352,6 +405,12 @@ class TlsAgent : public PollTarget {
|
|
|
c6cc0b |
bool can_falsestart_hook_called_;
|
|
|
c6cc0b |
bool sni_hook_called_;
|
|
|
c6cc0b |
bool auth_certificate_hook_called_;
|
|
|
c6cc0b |
+ size_t alert_received_count_;
|
|
|
c6cc0b |
+ size_t expected_alert_received_count_;
|
|
|
c6cc0b |
+ SSLAlert last_alert_received_;
|
|
|
c6cc0b |
+ size_t alert_sent_count_;
|
|
|
c6cc0b |
+ size_t expected_alert_sent_count_;
|
|
|
c6cc0b |
+ SSLAlert last_alert_sent_;
|
|
|
c6cc0b |
bool handshake_callback_called_;
|
|
|
c6cc0b |
SSLChannelInfo info_;
|
|
|
c6cc0b |
SSLCipherSuiteInfo csinfo_;
|
|
|
c6cc0b |
diff -up nss/gtests/ssl_gtest/tls_connect.cc.alert-handler nss/gtests/ssl_gtest/tls_connect.cc
|
|
|
c6cc0b |
--- nss/gtests/ssl_gtest/tls_connect.cc.alert-handler 2017-02-17 14:20:06.000000000 +0100
|
|
|
c6cc0b |
+++ nss/gtests/ssl_gtest/tls_connect.cc 2017-03-14 11:01:42.564689693 +0100
|
|
|
c6cc0b |
@@ -309,6 +309,9 @@ void TlsConnectTestBase::CheckConnected(
|
|
|
c6cc0b |
CheckResumption(expected_resumption_mode_);
|
|
|
c6cc0b |
client_->CheckSecretsDestroyed();
|
|
|
c6cc0b |
server_->CheckSecretsDestroyed();
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ client_->CheckAlerts();
|
|
|
c6cc0b |
+ server_->CheckAlerts();
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
|
|
|
c6cc0b |
void TlsConnectTestBase::CheckKeys(SSLKEAType kea_type, SSLNamedGroup kea_group,
|
|
|
c6cc0b |
diff -up nss/lib/ssl/ssl3con.c.alert-handler nss/lib/ssl/ssl3con.c
|
|
|
c6cc0b |
--- nss/lib/ssl/ssl3con.c.alert-handler 2017-03-14 11:01:42.551690030 +0100
|
|
|
c6cc0b |
+++ nss/lib/ssl/ssl3con.c 2017-03-14 11:03:45.319510356 +0100
|
|
|
c6cc0b |
@@ -3143,6 +3143,10 @@ SSL3_SendAlert(sslSocket *ss, SSL3AlertL
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
ssl_ReleaseXmitBufLock(ss);
|
|
|
c6cc0b |
ssl_ReleaseSSL3HandshakeLock(ss);
|
|
|
c6cc0b |
+ if (rv == SECSuccess && ss->alertSentCallback) {
|
|
|
c6cc0b |
+ SSLAlert alert = { level, desc };
|
|
|
c6cc0b |
+ ss->alertSentCallback(ss->fd, ss->alertSentCallbackArg, &alert);
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
|
|
|
c6cc0b |
@@ -3255,6 +3259,11 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffe
|
|
|
c6cc0b |
SSL_TRC(5, ("%d: SSL3[%d] received alert, level = %d, description = %d",
|
|
|
c6cc0b |
SSL_GETPID(), ss->fd, level, desc));
|
|
|
c6cc0b |
|
|
|
c6cc0b |
+ if (ss->alertReceivedCallback) {
|
|
|
c6cc0b |
+ SSLAlert alert = { level, desc };
|
|
|
c6cc0b |
+ ss->alertReceivedCallback(ss->fd, ss->alertReceivedCallbackArg, &alert);
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
switch (desc) {
|
|
|
c6cc0b |
case close_notify:
|
|
|
c6cc0b |
ss->recvdCloseNotify = 1;
|
|
|
c6cc0b |
diff -up nss/lib/ssl/ssl.def.alert-handler nss/lib/ssl/ssl.def
|
|
|
c6cc0b |
--- nss/lib/ssl/ssl.def.alert-handler 2017-02-17 14:20:06.000000000 +0100
|
|
|
c6cc0b |
+++ nss/lib/ssl/ssl.def 2017-03-14 11:01:42.564689693 +0100
|
|
|
c6cc0b |
@@ -221,3 +221,10 @@ SSL_SignatureSchemePrefGet;
|
|
|
c6cc0b |
;+ local:
|
|
|
c6cc0b |
;+*;
|
|
|
c6cc0b |
;+};
|
|
|
c6cc0b |
+;+NSS_3.30.0.1 { # Additional symbols for NSS 3.30 release
|
|
|
c6cc0b |
+;+ global:
|
|
|
c6cc0b |
+SSL_AlertReceivedCallback;
|
|
|
c6cc0b |
+SSL_AlertSentCallback;
|
|
|
c6cc0b |
+;+ local:
|
|
|
c6cc0b |
+;+*;
|
|
|
c6cc0b |
+;+};
|
|
|
c6cc0b |
diff -up nss/lib/ssl/ssl.h.alert-handler nss/lib/ssl/ssl.h
|
|
|
c6cc0b |
--- nss/lib/ssl/ssl.h.alert-handler 2017-02-17 14:20:06.000000000 +0100
|
|
|
c6cc0b |
+++ nss/lib/ssl/ssl.h 2017-03-14 11:01:42.564689693 +0100
|
|
|
c6cc0b |
@@ -820,6 +820,25 @@ SSL_IMPORT PRFileDesc *SSL_ReconfigFD(PR
|
|
|
c6cc0b |
SSL_IMPORT SECStatus SSL_SetPKCS11PinArg(PRFileDesc *fd, void *a);
|
|
|
c6cc0b |
|
|
|
c6cc0b |
/*
|
|
|
c6cc0b |
+** These are callbacks for dealing with SSL alerts.
|
|
|
c6cc0b |
+ */
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+typedef PRUint8 SSLAlertLevel;
|
|
|
c6cc0b |
+typedef PRUint8 SSLAlertDescription;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+typedef struct {
|
|
|
c6cc0b |
+ SSLAlertLevel level;
|
|
|
c6cc0b |
+ SSLAlertDescription description;
|
|
|
c6cc0b |
+} SSLAlert;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+typedef void(PR_CALLBACK *SSLAlertCallback)(const PRFileDesc *fd, void *arg,
|
|
|
c6cc0b |
+ const SSLAlert *alert);
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+SSL_IMPORT SECStatus SSL_AlertReceivedCallback(PRFileDesc *fd, SSLAlertCallback cb,
|
|
|
c6cc0b |
+ void *arg);
|
|
|
c6cc0b |
+SSL_IMPORT SECStatus SSL_AlertSentCallback(PRFileDesc *fd, SSLAlertCallback cb,
|
|
|
c6cc0b |
+ void *arg);
|
|
|
c6cc0b |
+/*
|
|
|
c6cc0b |
** This is a callback for dealing with server certs that are not authenticated
|
|
|
c6cc0b |
** by the client. The client app can decide that it actually likes the
|
|
|
c6cc0b |
** cert by some external means and restart the connection.
|
|
|
c6cc0b |
diff -up nss/lib/ssl/sslimpl.h.alert-handler nss/lib/ssl/sslimpl.h
|
|
|
c6cc0b |
--- nss/lib/ssl/sslimpl.h.alert-handler 2017-02-17 14:20:06.000000000 +0100
|
|
|
c6cc0b |
+++ nss/lib/ssl/sslimpl.h 2017-03-14 11:01:42.566689641 +0100
|
|
|
c6cc0b |
@@ -1121,6 +1121,10 @@ struct sslSocketStr {
|
|
|
c6cc0b |
void *getClientAuthDataArg;
|
|
|
c6cc0b |
SSLSNISocketConfig sniSocketConfig;
|
|
|
c6cc0b |
void *sniSocketConfigArg;
|
|
|
c6cc0b |
+ SSLAlertCallback alertReceivedCallback;
|
|
|
c6cc0b |
+ void *alertReceivedCallbackArg;
|
|
|
c6cc0b |
+ SSLAlertCallback alertSentCallback;
|
|
|
c6cc0b |
+ void *alertSentCallbackArg;
|
|
|
c6cc0b |
SSLBadCertHandler handleBadCert;
|
|
|
c6cc0b |
void *badCertArg;
|
|
|
c6cc0b |
SSLHandshakeCallback handshakeCallback;
|
|
|
c6cc0b |
diff -up nss/lib/ssl/sslsecur.c.alert-handler nss/lib/ssl/sslsecur.c
|
|
|
c6cc0b |
--- nss/lib/ssl/sslsecur.c.alert-handler 2017-02-17 14:20:06.000000000 +0100
|
|
|
c6cc0b |
+++ nss/lib/ssl/sslsecur.c 2017-03-14 11:01:42.566689641 +0100
|
|
|
c6cc0b |
@@ -994,6 +994,42 @@ ssl_SecureWrite(sslSocket *ss, const uns
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
|
|
|
c6cc0b |
SECStatus
|
|
|
c6cc0b |
+SSL_AlertReceivedCallback(PRFileDesc *fd, SSLAlertCallback cb, void *arg)
|
|
|
c6cc0b |
+{
|
|
|
c6cc0b |
+ sslSocket *ss;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ ss = ssl_FindSocket(fd);
|
|
|
c6cc0b |
+ if (!ss) {
|
|
|
c6cc0b |
+ SSL_DBG(("%d: SSL[%d]: unable to find socket in SSL_AlertReceivedCallback",
|
|
|
c6cc0b |
+ SSL_GETPID(), fd));
|
|
|
c6cc0b |
+ return SECFailure;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ ss->alertReceivedCallback = cb;
|
|
|
c6cc0b |
+ ss->alertReceivedCallbackArg = arg;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ return SECSuccess;
|
|
|
c6cc0b |
+}
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+SECStatus
|
|
|
c6cc0b |
+SSL_AlertSentCallback(PRFileDesc *fd, SSLAlertCallback cb, void *arg)
|
|
|
c6cc0b |
+{
|
|
|
c6cc0b |
+ sslSocket *ss;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ ss = ssl_FindSocket(fd);
|
|
|
c6cc0b |
+ if (!ss) {
|
|
|
c6cc0b |
+ SSL_DBG(("%d: SSL[%d]: unable to find socket in SSL_AlertSentCallback",
|
|
|
c6cc0b |
+ SSL_GETPID(), fd));
|
|
|
c6cc0b |
+ return SECFailure;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ ss->alertSentCallback = cb;
|
|
|
c6cc0b |
+ ss->alertSentCallbackArg = arg;
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+ return SECSuccess;
|
|
|
c6cc0b |
+}
|
|
|
c6cc0b |
+
|
|
|
c6cc0b |
+SECStatus
|
|
|
c6cc0b |
SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, void *arg)
|
|
|
c6cc0b |
{
|
|
|
c6cc0b |
sslSocket *ss;
|
|
|
c6cc0b |
diff -up nss/lib/ssl/sslsock.c.alert-handler nss/lib/ssl/sslsock.c
|
|
|
c6cc0b |
--- nss/lib/ssl/sslsock.c.alert-handler 2017-03-14 11:01:42.538690367 +0100
|
|
|
c6cc0b |
+++ nss/lib/ssl/sslsock.c 2017-03-14 11:01:42.566689641 +0100
|
|
|
c6cc0b |
@@ -330,6 +330,10 @@ ssl_DupSocket(sslSocket *os)
|
|
|
c6cc0b |
ss->getClientAuthDataArg = os->getClientAuthDataArg;
|
|
|
c6cc0b |
ss->sniSocketConfig = os->sniSocketConfig;
|
|
|
c6cc0b |
ss->sniSocketConfigArg = os->sniSocketConfigArg;
|
|
|
c6cc0b |
+ ss->alertReceivedCallback = os->alertReceivedCallback;
|
|
|
c6cc0b |
+ ss->alertReceivedCallbackArg = os->alertReceivedCallbackArg;
|
|
|
c6cc0b |
+ ss->alertSentCallback = os->alertSentCallback;
|
|
|
c6cc0b |
+ ss->alertSentCallbackArg = os->alertSentCallbackArg;
|
|
|
c6cc0b |
ss->handleBadCert = os->handleBadCert;
|
|
|
c6cc0b |
ss->badCertArg = os->badCertArg;
|
|
|
c6cc0b |
ss->handshakeCallback = os->handshakeCallback;
|
|
|
c6cc0b |
@@ -2149,6 +2153,14 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
|
|
|
c6cc0b |
ss->sniSocketConfig = sm->sniSocketConfig;
|
|
|
c6cc0b |
if (sm->sniSocketConfigArg)
|
|
|
c6cc0b |
ss->sniSocketConfigArg = sm->sniSocketConfigArg;
|
|
|
c6cc0b |
+ if (ss->alertReceivedCallback) {
|
|
|
c6cc0b |
+ ss->alertReceivedCallback = sm->alertReceivedCallback;
|
|
|
c6cc0b |
+ ss->alertReceivedCallbackArg = sm->alertReceivedCallbackArg;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
+ if (ss->alertSentCallback) {
|
|
|
c6cc0b |
+ ss->alertSentCallback = sm->alertSentCallback;
|
|
|
c6cc0b |
+ ss->alertSentCallbackArg = sm->alertSentCallbackArg;
|
|
|
c6cc0b |
+ }
|
|
|
c6cc0b |
if (sm->handleBadCert)
|
|
|
c6cc0b |
ss->handleBadCert = sm->handleBadCert;
|
|
|
c6cc0b |
if (sm->badCertArg)
|
|
|
c6cc0b |
@@ -3691,6 +3703,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
|
|
|
c6cc0b |
ss->sniSocketConfig = NULL;
|
|
|
c6cc0b |
ss->sniSocketConfigArg = NULL;
|
|
|
c6cc0b |
ss->getClientAuthData = NULL;
|
|
|
c6cc0b |
+ ss->alertReceivedCallback = NULL;
|
|
|
c6cc0b |
+ ss->alertReceivedCallbackArg = NULL;
|
|
|
c6cc0b |
+ ss->alertSentCallback = NULL;
|
|
|
c6cc0b |
+ ss->alertSentCallbackArg = NULL;
|
|
|
c6cc0b |
ss->handleBadCert = NULL;
|
|
|
c6cc0b |
ss->badCertArg = NULL;
|
|
|
c6cc0b |
ss->pkcs11PinArg = NULL;
|
|
|
c6cc0b |
# HG changeset patch
|
|
|
c6cc0b |
# User Kai Engert <kaie@kuix.de>
|
|
|
c6cc0b |
# Date 1493741561 -7200
|
|
|
c6cc0b |
# Tue May 02 18:12:41 2017 +0200
|
|
|
c6cc0b |
# Node ID 8804a0c65a08ee53096c07cc091536c7cf102b58
|
|
|
c6cc0b |
# Parent 769f9ae07b103494af809620478e60256a344adc
|
|
|
c6cc0b |
Bug 1360207, Fix incorrect if (ss->...) in SSL_ReconfigFD, Patch contributed by Ian Goldberg, r=ttaubert
|
|
|
c6cc0b |
|
|
|
c6cc0b |
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
|
c6cc0b |
--- a/lib/ssl/sslsock.c
|
|
|
c6cc0b |
+++ b/lib/ssl/sslsock.c
|
|
|
c6cc0b |
@@ -2152,11 +2152,11 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
|
|
|
c6cc0b |
ss->sniSocketConfig = sm->sniSocketConfig;
|
|
|
c6cc0b |
if (sm->sniSocketConfigArg)
|
|
|
c6cc0b |
ss->sniSocketConfigArg = sm->sniSocketConfigArg;
|
|
|
c6cc0b |
- if (ss->alertReceivedCallback) {
|
|
|
c6cc0b |
+ if (sm->alertReceivedCallback) {
|
|
|
c6cc0b |
ss->alertReceivedCallback = sm->alertReceivedCallback;
|
|
|
c6cc0b |
ss->alertReceivedCallbackArg = sm->alertReceivedCallbackArg;
|
|
|
c6cc0b |
}
|
|
|
c6cc0b |
- if (ss->alertSentCallback) {
|
|
|
c6cc0b |
+ if (sm->alertSentCallback) {
|
|
|
c6cc0b |
ss->alertSentCallback = sm->alertSentCallback;
|
|
|
c6cc0b |
ss->alertSentCallbackArg = sm->alertSentCallbackArg;
|
|
|
c6cc0b |
}
|