Bug 199082: checked in Nelson's patch, which

a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c
This commit is contained in:
wtc%netscape.com 2003-03-26 00:31:13 +00:00
parent a55ec07e69
commit a98f4c0628
7 changed files with 72 additions and 9 deletions

View File

@ -1739,7 +1739,13 @@ main(int argc, char **argv)
free(nickName);
free(passwd);
NSS_Shutdown();
SSL_ShutdownServerSessionIDCache();
if (NSS_Shutdown() != SECSuccess) {
SECU_PrintError(progName, "NSS_Shutdown");
PR_Cleanup();
exit(1);
}
PR_Cleanup();
printf("selfserv: normal termination\n");
return 0;

View File

@ -112,7 +112,11 @@ SECMOD_Shutdown() {
PORT_Assert(secmod_PrivateModuleCount == 0);
}
#endif
return (secmod_PrivateModuleCount == 0) ? SECSuccess : SECFailure;
if (secmod_PrivateModuleCount) {
PORT_SetError(SEC_ERROR_BUSY);
return SECFailure;
}
return SECSuccess;
}

View File

@ -115,3 +115,9 @@ SSL_SetMaxServerCacheLocks;
;+ local:
;+*;
;+};
;+NSS_3.7.4 { # NSS 3.7.4 release
;+ global:
SSL_ShutdownServerSessionIDCache;
;+ local:
;+*;
;+};

View File

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: ssl.h,v 1.15 2002/09/18 22:32:19 wtc%netscape.com Exp $
* $Id: ssl.h,v 1.16 2003/03/26 00:31:12 wtc%netscape.com Exp $
*/
#ifndef __ssl_h_
@ -364,6 +364,11 @@ SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
*/
SSL_IMPORT void SSL_ClearSessionCache(void);
/*
** Close the server's SSL session cache.
*/
SSL_IMPORT SECStatus SSL_ShutdownServerSessionIDCache(void);
/*
** Set peer information so we can correctly look up SSL session later.
** You only have to do this if you're tunneling through a proxy.

View File

@ -37,7 +37,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: ssl3con.c,v 1.51 2003/03/13 16:36:43 relyea%netscape.com Exp $
* $Id: ssl3con.c,v 1.52 2003/03/26 00:31:12 wtc%netscape.com Exp $
*/
#include "nssrenam.h"
@ -3320,6 +3320,33 @@ typedef struct {
PK11SymKey * symWrapKey[kt_kea_size];
} ssl3SymWrapKey;
static PZLock * symWrapKeysLock;
static ssl3SymWrapKey symWrapKeys[SSL_NUM_WRAP_MECHS];
SECStatus
SSL3_ShutdownServerCache(void)
{
int i, j;
if (!symWrapKeysLock)
return SECSuccess; /* was never initialized */
PZ_Lock(symWrapKeysLock);
/* get rid of all symWrapKeys */
for (i = 0; i < SSL_NUM_WRAP_MECHS; ++i) {
for (j = 0; j < kt_kea_size; ++j) {
PK11SymKey ** pSymWrapKey;
pSymWrapKey = &symWrapKeys[i].symWrapKey[j];
if (*pSymWrapKey) {
PK11_FreeSymKey(*pSymWrapKey);
*pSymWrapKey = NULL;
}
}
}
PZ_Unlock(symWrapKeysLock);
return SECSuccess;
}
/* Try to get wrapping key for mechanism from in-memory array.
* If that fails, look for one on disk.
* If that fails, generate a new one, put the new one on disk,
@ -3344,9 +3371,6 @@ getWrappingKey( sslSocket * ss,
SECItem wrappedKey;
SSLWrappedSymWrappingKey wswk;
static PZLock * symWrapKeysLock;
static ssl3SymWrapKey symWrapKeys[SSL_NUM_WRAP_MECHS];
svrPrivKey = ss->serverCerts[exchKeyType].serverKey;
PORT_Assert(svrPrivKey != NULL);
if (!svrPrivKey) {

View File

@ -38,7 +38,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslimpl.h,v 1.30 2003/02/27 01:31:34 nelsonb%netscape.com Exp $
* $Id: sslimpl.h,v 1.31 2003/03/26 00:31:13 wtc%netscape.com Exp $
*/
#ifndef __sslimpl_h_
@ -1261,6 +1261,9 @@ ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
extern PRBool
ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
/* get rid of the symmetric wrapping key references. */
extern SECStatus SSL3_ShutdownServerCache(void);
/********************** misc calls *********************/
extern int ssl_MapLowLevelError(int hiLevelError);

View File

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslsnce.c,v 1.23 2003/01/23 00:15:08 jpierre%netscape.com Exp $
* $Id: sslsnce.c,v 1.24 2003/03/26 00:31:13 wtc%netscape.com Exp $
*/
/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server
@ -1158,6 +1158,21 @@ SSL_ConfigServerSessionIDCache( int maxCacheEntries,
maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
}
SECStatus
SSL_ShutdownServerSessionIDCacheInstance(cacheDesc *cache)
{
/* if single process, close down, clean up.
** if multi-process, TBD.
*/
}
SECStatus
SSL_ShutdownServerSessionIDCache(void)
{
SSL3_ShutdownServerCache();
return SSL_ShutdownServerSessionIDCacheInstance(&globalCache);
}
/* Use this function, instead of SSL_ConfigServerSessionIDCache,
* if the cache will be shared by multiple processes.
*/