Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-06 17:16:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e8e3bd1cc7
gecko-dev/security/manager/ssl/src/nsNSSIOLayer.h

195 lines
6.1 KiB
C
Raw Normal View History

Initial check-in of PIP (PSM 2.0) Code almost entirely based on contribution from Brain Ryner (bryner@netscape.com)
2001-01-10 01:32:29 +00:00
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
Bug 759095 - upgrade license to MPL 2, and other licensing cleanups.
2012-05-31 09:33:35 +00:00
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
Initial check-in of PIP (PSM 2.0) Code almost entirely based on contribution from Brain Ryner (bryner@netscape.com)
2001-01-10 01:32:29 +00:00
#ifndef _NSNSSIOLAYER_H
#define _NSNSSIOLAYER_H
Bug 703834 - Part 1 - Factor TransportSecurityInfo base class out of nsNSSIOLayer, r=honzab --HG-- rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/src/TransportSecurityInfo.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/src/TransportSecurityInfo.h
2012-04-30 04:00:22 +00:00
#include "TransportSecurityInfo.h"
PSM 2.0 work: - Split nsISecureSocketInfo into nsISSLSocketControl and nsIChannelSecurityInfo. - Incorporate lock icon fixes from psm-glue into pipnss code. - Implement password callback for client auth in pipnss. - Locallize the lock icon tooltip. - Lots of code cleanup. r=javi, jgmyers, sr=ben.
2001-01-19 01:12:10 +00:00
#include "nsISSLSocketControl.h"
Bug 431819, IMAP/POP/SMTP/LDAP with SSL client auth, Thunderbird repeatedly prompts for client certificate (applies to firefox with SSL client auth, too) r=relyea for an earlier patch that was checked in to mozilla-1.8.x more than a year ago r=honzab on the diff on top of that earlier patch a=beltzner for landing on restricted trunk
2009-05-20 22:21:51 +00:00
#include "nsIClientAuthDialogs.h"
bug 386654, Implement notification for EV certs r=rrelyea, sr=bzbarsky, a=bzbarsky
2007-08-23 21:28:15 +00:00
#include "nsNSSCertificate.h"
Bug 445871 - SSL certificates added as exceptions should never be treated as EV, r=kaie, sr=bz
2009-05-20 08:23:41 +00:00
#include "nsDataHashtable.h"
Bug 700659 - Slay nsHashSets in security. r=kaie
2011-11-08 20:24:09 +00:00
#include "nsTHashtable.h"
bug 807435 telemetry for ssl handshake time r=bsmith r=honzab
2012-11-22 20:36:59 +00:00
#include "mozilla/TimeStamp.h"
Bug 66886 - parent PSM dialogs correctly. This fixes all of the cases in PSM2 and several cases in PSM1. r=javi,danm. sr=mscott.
2001-01-30 02:12:53 +00:00
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
namespace mozilla {
namespace psm {
class SharedSSLState;
}
}
class nsIObserver;
Bug 703834 - Part 1 - Factor TransportSecurityInfo base class out of nsNSSIOLayer, r=honzab --HG-- rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/src/TransportSecurityInfo.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/src/TransportSecurityInfo.h
2012-04-30 04:00:22 +00:00
class nsNSSSocketInfo : public mozilla::psm::TransportSecurityInfo,
Reorganize password callback context (uses nsIInterfaceRequestor). Fix several bugs in the SDR implementation.
2001-01-31 18:03:49 +00:00
public nsISSLSocketControl,
Bug 703834 - Part 1 - Factor TransportSecurityInfo base class out of nsNSSIOLayer, r=honzab --HG-- rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/src/TransportSecurityInfo.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/src/TransportSecurityInfo.h
2012-04-30 04:00:22 +00:00
public nsIClientAuthUserDecision
PSM 2.0 work: - Split nsISecureSocketInfo into nsISSLSocketControl and nsIChannelSecurityInfo. - Incorporate lock icon fixes from psm-glue into pipnss code. - Implement password callback for client auth in pipnss. - Locallize the lock icon tooltip. - Lots of code cleanup. r=javi, jgmyers, sr=ben.
2001-01-19 01:12:10 +00:00
{
public:
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
nsNSSSocketInfo(mozilla::psm::SharedSSLState& aState, uint32_t providerFlags);
PSM 2.0 work: - Split nsISecureSocketInfo into nsISSLSocketControl and nsIChannelSecurityInfo. - Incorporate lock icon fixes from psm-glue into pipnss code. - Implement password callback for client auth in pipnss. - Locallize the lock icon tooltip. - Lots of code cleanup. r=javi, jgmyers, sr=ben.
2001-01-19 01:12:10 +00:00
Bug 703834 - Part 1 - Factor TransportSecurityInfo base class out of nsNSSIOLayer, r=honzab --HG-- rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/src/TransportSecurityInfo.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/src/TransportSecurityInfo.h
2012-04-30 04:00:22 +00:00
NS_DECL_ISUPPORTS_INHERITED
PSM 2.0 work: - Split nsISecureSocketInfo into nsISSLSocketControl and nsIChannelSecurityInfo. - Incorporate lock icon fixes from psm-glue into pipnss code. - Implement password callback for client auth in pipnss. - Locallize the lock icon tooltip. - Lots of code cleanup. r=javi, jgmyers, sr=ben.
2001-01-19 01:12:10 +00:00
NS_DECL_NSISSLSOCKETCONTROL
Bug 431819, IMAP/POP/SMTP/LDAP with SSL client auth, Thunderbird repeatedly prompts for client certificate (applies to firefox with SSL client auth, too) r=relyea for an earlier patch that was checked in to mozilla-1.8.x more than a year ago r=honzab on the diff on top of that earlier patch a=beltzner for landing on restricted trunk
2009-05-20 22:21:51 +00:00
NS_DECL_NSICLIENTAUTHUSERDECISION
Bug 703834 - Part 1 - Factor TransportSecurityInfo base class out of nsNSSIOLayer, r=honzab --HG-- rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/src/TransportSecurityInfo.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/src/TransportSecurityInfo.h
2012-04-30 04:00:22 +00:00
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
nsresult SetForSTARTTLS(bool aForSTARTTLS);
nsresult GetForSTARTTLS(bool *aForSTARTTLS);
Bug 67507 - implement TLSStepUp(). r=javi. Not part of build.
2001-02-05 21:46:24 +00:00
nsresult GetFileDescPtr(PRFileDesc** aFilePtr);
nsresult SetFileDescPtr(PRFileDesc* aFilePtr);
Fix for Bug 64888 r=wtc, sr=blizzard, a=asa Retry an SSL connection if we fail during first write after a successful connect since it's most likely due to a TLS intolerant server
2001-06-08 00:50:32 +00:00
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
nsresult GetHandshakePending(bool *aHandshakePending);
nsresult SetHandshakePending(bool aHandshakePending);
Fix for Bug 64888 r=wtc, sr=blizzard, a=asa Retry an SSL connection if we fail during first write after a successful connect since it's most likely due to a TLS intolerant server
2001-06-08 00:50:32 +00:00
Bug 675221: Remove XPCOM Proxies from nsNSSSocketInfo::GetPreviousCert, r=mayhemer
2011-11-03 04:01:47 +00:00
void GetPreviousCert(nsIX509Cert** _result);
Patch from bug 87902 to fix SSL/TLS logic. - make TLS intolerant server detection over proxies work (this bug 87902) - on connection failure, only retry without TLS when it is really likely to help (bug 149910) - remove obsolete workarounds in SSL i/o layer (see removed comments in patch) - avoid to confuse programmers reading code, by renaming TLSStepUp (which means something else) to the correct term STARTTLS (what the code is actually doing). (As suggested by nelsonb) - If an invalid or expired etc. server certificate is presented, a warning is shown. If the user decides to cancel, network activity should stop immediately. (we currently warn multiple times) (bug 87209) r=javi/darin/ducarroz/dmose sr=alecf
2002-08-14 23:43:28 +00:00
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
void SetHasCleartextPhase(bool aHasCleartextPhase);
bool GetHasCleartextPhase();
b=163605 Use of blocking I/O for SSL in PSM stalls network activity r=javi sr=darin a=asa
2002-10-16 22:20:42 +00:00
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
void SetHandshakeInProgress(bool aIsIn);
bool GetHandshakeInProgress() { return mHandshakeInProgress; }
Bug 749890 - Do not do TLS intolerance handshake timeout after we know we've received the server hello, r=honzab --HG-- extra : rebase_source : 068310dfad1562d72c74681f722c46fb64947d7d
2012-05-28 05:03:04 +00:00
void SetFirstServerHelloReceived() { mFirstServerHelloReceived = true; }
bug 845934 Telemetry for TLS Resumption rates r=honzab --HG-- extra : rebase_source : 185c871273dcca7a84aafea5dc818033fcda945d
2013-03-27 00:06:14 +00:00
bool GetFirstServerHelloReceived() { return mFirstServerHelloReceived; }
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
bool HandshakeTimeout();
Fix for Bug 64888 r=wtc, sr=blizzard, a=asa Retry an SSL connection if we fail during first write after a successful connect since it's most likely due to a TLS intolerant server
2001-06-08 00:50:32 +00:00
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
void SetAllowTLSIntoleranceTimeout(bool aAllow);
Bug 368126, client abandons SSL connection during bad cert dialogs Incremental patch v2 r=nelson, sr=rrelyea
2007-03-07 19:54:54 +00:00
Bug 674147 (Remove the SSL Thread) Part 2: Everything else, r=honzab
2011-12-01 22:37:57 +00:00
PRStatus CloseSocketAndDestroy(
const nsNSSShutDownPreventionLock & proofOfLock);
bug 111384, Support OCSP requests through a proxy combined r= by darin / rrelyea second checkin attempt
2006-04-04 13:14:40 +00:00
Bug 579517 - Part 1: Automated conversion of NSPR numeric types to stdint types in Gecko; r=bsmedberg This patch was generated by a script. Here's the source of the script for future reference: function convert() { echo "Converting $1 to $2..." find . ! -wholename "*nsprpub*" \ ! -wholename "*security/nss*" \ ! -wholename "*/.hg*" \ ! -wholename "obj-ff-dbg*" \ ! -name nsXPCOMCID.h \ ! -name prtypes.h \ -type f \ \( -iname "*.cpp" \ -o -iname "*.h" \ -o -iname "*.c" \ -o -iname "*.cc" \ -o -iname "*.idl" \ -o -iname "*.ipdl" \ -o -iname "*.ipdlh" \ -o -iname "*.mm" \) | \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert PRInt8 int8_t convert PRUint8 uint8_t convert PRInt16 int16_t convert PRUint16 uint16_t convert PRInt32 int32_t convert PRUint32 uint32_t convert PRInt64 int64_t convert PRUint64 uint64_t convert PRIntn int convert PRUintn unsigned convert PRSize size_t convert PROffset32 int32_t convert PROffset64 int64_t convert PRPtrdiff ptrdiff_t convert PRFloat64 double
2012-08-22 15:56:38 +00:00
void SetNegotiatedNPN(const char *value, uint32_t length);
bug 845934 Telemetry for TLS Resumption rates r=honzab --HG-- extra : rebase_source : 185c871273dcca7a84aafea5dc818033fcda945d
2013-03-27 00:06:14 +00:00
void SetHandshakeCompleted(bool aResumedSession);
bug 528288 - reland spdy after libxul weightloss a=khuey CLOSED TREE
2011-12-13 15:55:50 +00:00
bool GetJoined() { return mJoined; }
void SetSentClientCert() { mSentClientCert = true; }
Bug 769288 - Part 7: Use separate SSL session cache entries for private connections. r=mayhemer
2012-12-07 22:57:53 +00:00
uint32_t GetProviderFlags() const { return mProviderFlags; }
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
mozilla::psm::SharedSSLState& SharedState();
Bug 674147 (Remove the SSL Thread) Part 2: Everything else, r=honzab
2011-12-01 22:37:57 +00:00
// XXX: These are only used on for diagnostic purposes
enum CertVerificationState {
before_cert_verification,
waiting_for_cert_verification,
after_cert_verification
};
void SetCertVerificationWaiting();
// Use errorCode == 0 to indicate success; in that case, errorMessageType is
// ignored.
void SetCertVerificationResult(PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType);
// for logging only
PRBool IsWaitingForCertVerification() const
{
return mCertVerificationState == waiting_for_cert_verification;
}
Bug 722979 - Add privacy status argument to relevant nsIStrictTransportSecurityService methods. r=bsmith sr=biesi
2012-06-30 14:34:17 +00:00
Bug 716636, Part 1: Fix TLS toleraance lock reentrence, r=honzab
2012-01-31 13:19:25 +00:00
bool IsSSL3Enabled() const { return mSSL3Enabled; }
void SetSSL3Enabled(bool enabled) { mSSL3Enabled = enabled; }
bool IsTLSEnabled() const { return mTLSEnabled; }
void SetTLSEnabled(bool enabled) { mTLSEnabled = enabled; }
bug 848139 - telemetry for tls server hello size r=honzab --HG-- extra : rebase_source : 5e8d1fa5e86ed7845cb196ad84539a6be024ca73
2013-03-27 00:06:15 +00:00
void AddPlaintextBytesRead(uint64_t val) { mPlaintextBytesRead += val; }
Bug 703834 - Part 1 - Factor TransportSecurityInfo base class out of nsNSSIOLayer, r=honzab --HG-- rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/src/TransportSecurityInfo.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/src/TransportSecurityInfo.h
2012-04-30 04:00:22 +00:00
private:
Bug 67507 - implement TLSStepUp(). r=javi. Not part of build.
2001-02-05 21:46:24 +00:00
PRFileDesc* mFd;
Bug 703834 - Part 1 - Factor TransportSecurityInfo base class out of nsNSSIOLayer, r=honzab --HG-- rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/src/TransportSecurityInfo.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/src/TransportSecurityInfo.h
2012-04-30 04:00:22 +00:00
Bug 674147 (Remove the SSL Thread) Part 2: Everything else, r=honzab
2011-12-01 22:37:57 +00:00
CertVerificationState mCertVerificationState;
Bug 703508: Make nsNSSSocketInfo::GetErrorMessage() lazily format the error message, r=honzab
2011-12-01 22:36:41 +00:00
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
mozilla::psm::SharedSSLState& mSharedState;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
bool mForSTARTTLS;
Bug 716636, Part 1: Fix TLS toleraance lock reentrence, r=honzab
2012-01-31 13:19:25 +00:00
bool mSSL3Enabled;
bool mTLSEnabled;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
bool mHandshakePending;
bool mHasCleartextPhase;
bool mHandshakeInProgress;
bool mAllowTLSIntoleranceTimeout;
bool mRememberClientAuthCertificate;
Bug 340359, SSL Server stalls on v3 hello using TLS hello extensions r=darin
2006-08-24 18:14:40 +00:00
PRIntervalTime mHandshakeStartTime;
Bug 749890 - Do not do TLS intolerance handshake timeout after we know we've received the server hello, r=honzab --HG-- extra : rebase_source : 068310dfad1562d72c74681f722c46fb64947d7d
2012-05-28 05:03:04 +00:00
bool mFirstServerHelloReceived;
Bug 78123 r=javi/sr=scc Add security information to Page Info window
2001-05-03 00:36:48 +00:00
Patch from bug 87902 to fix SSL/TLS logic. - make TLS intolerant server detection over proxies work (this bug 87902) - on connection failure, only retry without TLS when it is really likely to help (bug 149910) - remove obsolete workarounds in SSL i/o layer (see removed comments in patch) - avoid to confuse programmers reading code, by renaming TLSStepUp (which means something else) to the correct term STARTTLS (what the code is actually doing). (As suggested by nelsonb) - If an invalid or expired etc. server certificate is presented, a warning is shown. If the user decides to cancel, network activity should stop immediately. (we currently warn multiple times) (bug 87209) r=javi/darin/ducarroz/dmose sr=alecf
2002-08-14 23:43:28 +00:00
nsresult ActivateSSL();
bug 111384, Support OCSP requests through a proxy combined r= by darin / rrelyea second checkin attempt
2006-04-04 13:14:40 +00:00
bug 528288 - reland spdy after libxul weightloss a=khuey CLOSED TREE
2011-12-13 15:55:50 +00:00
nsCString mNegotiatedNPN;
bool mNPNCompleted;
bool mHandshakeCompleted;
bool mJoined;
bool mSentClientCert;
Bug 722979 - Add privacy status argument to relevant nsIStrictTransportSecurityService methods. r=bsmith sr=biesi
2012-06-30 14:34:17 +00:00
uint32_t mProviderFlags;
bug 807435 telemetry for ssl handshake time r=bsmith r=honzab
2012-11-22 20:36:59 +00:00
mozilla::TimeStamp mSocketCreationTimestamp;
bug 848139 - telemetry for tls server hello size r=honzab --HG-- extra : rebase_source : 5e8d1fa5e86ed7845cb196ad84539a6be024ca73
2013-03-27 00:06:15 +00:00
uint64_t mPlaintextBytesRead;
Bug 445871 - SSL certificates added as exceptions should never be treated as EV, r=kaie, sr=bz
2009-05-20 08:23:41 +00:00
};
bug 111384, Support OCSP requests through a proxy combined r= by darin / rrelyea second checkin attempt
2006-04-04 13:14:40 +00:00
class nsSSLIOLayerHelpers
{
public:
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
nsSSLIOLayerHelpers();
~nsSSLIOLayerHelpers();
nsresult Init();
void Cleanup();
bug 111384, Support OCSP requests through a proxy combined r= by darin / rrelyea second checkin attempt
2006-04-04 13:14:40 +00:00
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
static bool nsSSLIOLayerInitialized;
bug 111384, Support OCSP requests through a proxy combined r= by darin / rrelyea second checkin attempt
2006-04-04 13:14:40 +00:00
static PRDescIdentity nsSSLIOLayerIdentity;
bug 848139 - telemetry for tls server hello size r=honzab --HG-- extra : rebase_source : 5e8d1fa5e86ed7845cb196ad84539a6be024ca73
2013-03-27 00:06:15 +00:00
static PRDescIdentity nsSSLPlaintextLayerIdentity;
bug 111384, Support OCSP requests through a proxy combined r= by darin / rrelyea second checkin attempt
2006-04-04 13:14:40 +00:00
static PRIOMethods nsSSLIOLayerMethods;
bug 848139 - telemetry for tls server hello size r=honzab --HG-- extra : rebase_source : 5e8d1fa5e86ed7845cb196ad84539a6be024ca73
2013-03-27 00:06:15 +00:00
static PRIOMethods nsSSLPlaintextLayerMethods;
bug 111384, Support OCSP requests through a proxy combined r= by darin / rrelyea second checkin attempt
2006-04-04 13:14:40 +00:00
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
mozilla::Mutex *mutex;
nsTHashtable<nsCStringHashKey> *mTLSIntolerantSites;
nsTHashtable<nsCStringHashKey> *mTLSTolerantSites;
Bug 535649 - Implement UI around CVE-2009-3555 and draft-rescorla-tls-renegotiation, r=rrelyea == NSS 3.12.6 will block some renegotiation attempts on SSL sockets by default == This patch does not yet implement new UI by default, but adds 4 new prefs to get fine grained control (blocking/allowing, displaying broken state) == One of the prefs is a temporary pref that is supposed to go away at some point in the future
2010-02-07 12:09:51 +00:00
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
nsTHashtable<nsCStringHashKey> *mRenegoUnrestrictedSites;
bool mTreatUnsafeNegotiationAsBroken;
int32_t mWarnLevelMissingRFC5746;
Bug 535649 - Implement UI around CVE-2009-3555 and draft-rescorla-tls-renegotiation, r=rrelyea == NSS 3.12.6 will block some renegotiation attempts on SSL sockets by default == This patch does not yet implement new UI by default, but adds 4 new prefs to get fine grained control (blocking/allowing, displaying broken state) == One of the prefs is a temporary pref that is supposed to go away at some point in the future
2010-02-07 12:09:51 +00:00
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
void setTreatUnsafeNegotiationAsBroken(bool broken);
bool treatUnsafeNegotiationAsBroken();
Bug 535649 - Implement UI around CVE-2009-3555 and draft-rescorla-tls-renegotiation, r=rrelyea == NSS 3.12.6 will block some renegotiation attempts on SSL sockets by default == This patch does not yet implement new UI by default, but adds 4 new prefs to get fine grained control (blocking/allowing, displaying broken state) == One of the prefs is a temporary pref that is supposed to go away at some point in the future
2010-02-07 12:09:51 +00:00
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
void setWarnLevelMissingRFC5746(int32_t level);
int32_t getWarnLevelMissingRFC5746();
Bug 549641, Firefox raises alarm (in error console) about SSL servers being vulnerable to CVE-2009-3555 r=rrelyea, r=honzab
2010-05-03 11:34:16 +00:00
Bug 412833 - TLS intolerant server condition is concluded prematurely, r=nelson
2009-07-20 15:25:04 +00:00
static void getSiteKey(nsNSSSocketInfo *socketInfo, nsCSubstring &key);
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
bool rememberPossibleTLSProblemSite(nsNSSSocketInfo *socketInfo);
void rememberTolerantSite(nsNSSSocketInfo *socketInfo);
void addIntolerantSite(const nsCString &str);
void removeIntolerantSite(const nsCString &str);
bool isKnownAsIntolerantSite(const nsCString &str);
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
void setRenegoUnrestrictedSites(const nsCString &str);
bool isRenegoUnrestrictedSite(const nsCString &str);
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
Bug 769288 - Part 1: Make PSM more amenable to storing concurrent private and non-private data. r=bsmith
2012-12-07 03:05:27 +00:00
void clearStoredData();
private:
nsCOMPtr<nsIObserver> mPrefObserver;
PSM 2.0 work: - Split nsISecureSocketInfo into nsISSLSocketControl and nsIChannelSecurityInfo. - Incorporate lock icon fixes from psm-glue into pipnss code. - Implement password callback for client auth in pipnss. - Locallize the lock icon tooltip. - Lots of code cleanup. r=javi, jgmyers, sr=ben.
2001-01-19 01:12:10 +00:00
};
Initial check-in of PIP (PSM 2.0) Code almost entirely based on contribution from Brain Ryner (bryner@netscape.com)
2001-01-10 01:32:29 +00:00
Bug 579517 - Part 1: Automated conversion of NSPR numeric types to stdint types in Gecko; r=bsmedberg This patch was generated by a script. Here's the source of the script for future reference: function convert() { echo "Converting $1 to $2..." find . ! -wholename "*nsprpub*" \ ! -wholename "*security/nss*" \ ! -wholename "*/.hg*" \ ! -wholename "obj-ff-dbg*" \ ! -name nsXPCOMCID.h \ ! -name prtypes.h \ -type f \ \( -iname "*.cpp" \ -o -iname "*.h" \ -o -iname "*.c" \ -o -iname "*.cc" \ -o -iname "*.idl" \ -o -iname "*.ipdl" \ -o -iname "*.ipdlh" \ -o -iname "*.mm" \) | \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert PRInt8 int8_t convert PRUint8 uint8_t convert PRInt16 int16_t convert PRUint16 uint16_t convert PRInt32 int32_t convert PRUint32 uint32_t convert PRInt64 int64_t convert PRUint64 uint64_t convert PRIntn int convert PRUintn unsigned convert PRSize size_t convert PROffset32 int32_t convert PROffset64 int64_t convert PRPtrdiff ptrdiff_t convert PRFloat64 double
2012-08-22 15:56:38 +00:00
nsresult nsSSLIOLayerNewSocket(int32_t family,
landing patch for bug 205726 "DNS rewrite" r=dougt sr=bryner
2003-09-11 20:32:33 +00:00
const char *host,
Bug 579517 - Part 1: Automated conversion of NSPR numeric types to stdint types in Gecko; r=bsmedberg This patch was generated by a script. Here's the source of the script for future reference: function convert() { echo "Converting $1 to $2..." find . ! -wholename "*nsprpub*" \ ! -wholename "*security/nss*" \ ! -wholename "*/.hg*" \ ! -wholename "obj-ff-dbg*" \ ! -name nsXPCOMCID.h \ ! -name prtypes.h \ -type f \ \( -iname "*.cpp" \ -o -iname "*.h" \ -o -iname "*.c" \ -o -iname "*.cc" \ -o -iname "*.idl" \ -o -iname "*.ipdl" \ -o -iname "*.ipdlh" \ -o -iname "*.mm" \) | \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert PRInt8 int8_t convert PRUint8 uint8_t convert PRInt16 int16_t convert PRUint16 uint16_t convert PRInt32 int32_t convert PRUint32 uint32_t convert PRInt64 int64_t convert PRUint64 uint64_t convert PRIntn int convert PRUintn unsigned convert PRSize size_t convert PROffset32 int32_t convert PROffset64 int64_t convert PRPtrdiff ptrdiff_t convert PRFloat64 double
2012-08-22 15:56:38 +00:00
int32_t port,
Initial check-in of PIP (PSM 2.0) Code almost entirely based on contribution from Brain Ryner (bryner@netscape.com)
2001-01-10 01:32:29 +00:00
const char *proxyHost,
Bug 579517 - Part 1: Automated conversion of NSPR numeric types to stdint types in Gecko; r=bsmedberg This patch was generated by a script. Here's the source of the script for future reference: function convert() { echo "Converting $1 to $2..." find . ! -wholename "*nsprpub*" \ ! -wholename "*security/nss*" \ ! -wholename "*/.hg*" \ ! -wholename "obj-ff-dbg*" \ ! -name nsXPCOMCID.h \ ! -name prtypes.h \ -type f \ \( -iname "*.cpp" \ -o -iname "*.h" \ -o -iname "*.c" \ -o -iname "*.cc" \ -o -iname "*.idl" \ -o -iname "*.ipdl" \ -o -iname "*.ipdlh" \ -o -iname "*.mm" \) | \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert PRInt8 int8_t convert PRUint8 uint8_t convert PRInt16 int16_t convert PRUint16 uint16_t convert PRInt32 int32_t convert PRUint32 uint32_t convert PRInt64 int64_t convert PRUint64 uint64_t convert PRIntn int convert PRUintn unsigned convert PRSize size_t convert PROffset32 int32_t convert PROffset64 int64_t convert PRPtrdiff ptrdiff_t convert PRFloat64 double
2012-08-22 15:56:38 +00:00
int32_t proxyPort,
Initial check-in of PIP (PSM 2.0) Code almost entirely based on contribution from Brain Ryner (bryner@netscape.com)
2001-01-10 01:32:29 +00:00
PRFileDesc **fd,
nsISupports **securityInfo,
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
bool forSTARTTLS,
Bug 722979 - Add privacy status argument to relevant nsIStrictTransportSecurityService methods. r=bsmith sr=biesi
2012-06-30 14:34:17 +00:00
uint32_t flags);
Initial check-in of PIP (PSM 2.0) Code almost entirely based on contribution from Brain Ryner (bryner@netscape.com)
2001-01-10 01:32:29 +00:00
Bug 579517 - Part 1: Automated conversion of NSPR numeric types to stdint types in Gecko; r=bsmedberg This patch was generated by a script. Here's the source of the script for future reference: function convert() { echo "Converting $1 to $2..." find . ! -wholename "*nsprpub*" \ ! -wholename "*security/nss*" \ ! -wholename "*/.hg*" \ ! -wholename "obj-ff-dbg*" \ ! -name nsXPCOMCID.h \ ! -name prtypes.h \ -type f \ \( -iname "*.cpp" \ -o -iname "*.h" \ -o -iname "*.c" \ -o -iname "*.cc" \ -o -iname "*.idl" \ -o -iname "*.ipdl" \ -o -iname "*.ipdlh" \ -o -iname "*.mm" \) | \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert PRInt8 int8_t convert PRUint8 uint8_t convert PRInt16 int16_t convert PRUint16 uint16_t convert PRInt32 int32_t convert PRUint32 uint32_t convert PRInt64 int64_t convert PRUint64 uint64_t convert PRIntn int convert PRUintn unsigned convert PRSize size_t convert PROffset32 int32_t convert PROffset64 int64_t convert PRPtrdiff ptrdiff_t convert PRFloat64 double
2012-08-22 15:56:38 +00:00
nsresult nsSSLIOLayerAddToSocket(int32_t family,
landing patch for bug 205726 "DNS rewrite" r=dougt sr=bryner
2003-09-11 20:32:33 +00:00
const char *host,
Bug 579517 - Part 1: Automated conversion of NSPR numeric types to stdint types in Gecko; r=bsmedberg This patch was generated by a script. Here's the source of the script for future reference: function convert() { echo "Converting $1 to $2..." find . ! -wholename "*nsprpub*" \ ! -wholename "*security/nss*" \ ! -wholename "*/.hg*" \ ! -wholename "obj-ff-dbg*" \ ! -name nsXPCOMCID.h \ ! -name prtypes.h \ -type f \ \( -iname "*.cpp" \ -o -iname "*.h" \ -o -iname "*.c" \ -o -iname "*.cc" \ -o -iname "*.idl" \ -o -iname "*.ipdl" \ -o -iname "*.ipdlh" \ -o -iname "*.mm" \) | \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert PRInt8 int8_t convert PRUint8 uint8_t convert PRInt16 int16_t convert PRUint16 uint16_t convert PRInt32 int32_t convert PRUint32 uint32_t convert PRInt64 int64_t convert PRUint64 uint64_t convert PRIntn int convert PRUintn unsigned convert PRSize size_t convert PROffset32 int32_t convert PROffset64 int64_t convert PRPtrdiff ptrdiff_t convert PRFloat64 double
2012-08-22 15:56:38 +00:00
int32_t port,
Initial check-in of PIP (PSM 2.0) Code almost entirely based on contribution from Brain Ryner (bryner@netscape.com)
2001-01-10 01:32:29 +00:00
const char *proxyHost,
Bug 579517 - Part 1: Automated conversion of NSPR numeric types to stdint types in Gecko; r=bsmedberg This patch was generated by a script. Here's the source of the script for future reference: function convert() { echo "Converting $1 to $2..." find . ! -wholename "*nsprpub*" \ ! -wholename "*security/nss*" \ ! -wholename "*/.hg*" \ ! -wholename "obj-ff-dbg*" \ ! -name nsXPCOMCID.h \ ! -name prtypes.h \ -type f \ \( -iname "*.cpp" \ -o -iname "*.h" \ -o -iname "*.c" \ -o -iname "*.cc" \ -o -iname "*.idl" \ -o -iname "*.ipdl" \ -o -iname "*.ipdlh" \ -o -iname "*.mm" \) | \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert PRInt8 int8_t convert PRUint8 uint8_t convert PRInt16 int16_t convert PRUint16 uint16_t convert PRInt32 int32_t convert PRUint32 uint32_t convert PRInt64 int64_t convert PRUint64 uint64_t convert PRIntn int convert PRUintn unsigned convert PRSize size_t convert PROffset32 int32_t convert PROffset64 int64_t convert PRPtrdiff ptrdiff_t convert PRFloat64 double
2012-08-22 15:56:38 +00:00
int32_t proxyPort,
Initial check-in of PIP (PSM 2.0) Code almost entirely based on contribution from Brain Ryner (bryner@netscape.com)
2001-01-10 01:32:29 +00:00
PRFileDesc *fd,
nsISupports **securityInfo,
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-29 06:19:26 +00:00
bool forSTARTTLS,
Bug 722979 - Add privacy status argument to relevant nsIStrictTransportSecurityService methods. r=bsmith sr=biesi
2012-06-30 14:34:17 +00:00
uint32_t flags);
Fix for Bug 88244, r=ddrinan, sr=blizzard Use necko's premature EOF mechanism to re-try connections to TLS intolerant sites. This makes TLS through proxies possible.
2001-07-24 00:42:52 +00:00
nsresult nsSSLIOLayerFreeTLSIntolerantSites();
bug# 100457; r=ddrinan; r=nelsonb; r=blizzard; sr=blizzard; Patch to put in proper handling of unrecognized cert errors in psm
2001-09-26 00:28:24 +00:00
nsresult displayUnknownCertErrorAlert(nsNSSSocketInfo *infoObject, int error);
bug 262116 make disk cache serialize/deserialize the security info, if present also make nsNSSSocketInfo serializable PSM part: r=kaie sr=darin rest: r+sr=darin
2007-11-30 18:05:54 +00:00
Initial check-in of PIP (PSM 2.0) Code almost entirely based on contribution from Brain Ryner (bryner@netscape.com)
2001-01-10 01:32:29 +00:00
#endif /* _NSNSSIOLAYER_H */
Reference in New Issue Copy Permalink