mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-04 11:26:09 +00:00
Bug 199082: checked in Nelson's patch, which
a) changes selfserv to test the return value from NSS_Shutdown. b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before returning SECFailure. c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h. d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling NSS_Shutdown. Modified Files: cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/sslimpl.h lib/ssl/sslsnce.c
This commit is contained in:
parent
a55ec07e69
commit
a98f4c0628
@ -1739,7 +1739,13 @@ main(int argc, char **argv)
|
||||
free(nickName);
|
||||
free(passwd);
|
||||
|
||||
NSS_Shutdown();
|
||||
SSL_ShutdownServerSessionIDCache();
|
||||
|
||||
if (NSS_Shutdown() != SECSuccess) {
|
||||
SECU_PrintError(progName, "NSS_Shutdown");
|
||||
PR_Cleanup();
|
||||
exit(1);
|
||||
}
|
||||
PR_Cleanup();
|
||||
printf("selfserv: normal termination\n");
|
||||
return 0;
|
||||
|
@ -112,7 +112,11 @@ SECMOD_Shutdown() {
|
||||
PORT_Assert(secmod_PrivateModuleCount == 0);
|
||||
}
|
||||
#endif
|
||||
return (secmod_PrivateModuleCount == 0) ? SECSuccess : SECFailure;
|
||||
if (secmod_PrivateModuleCount) {
|
||||
PORT_SetError(SEC_ERROR_BUSY);
|
||||
return SECFailure;
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
|
||||
|
@ -115,3 +115,9 @@ SSL_SetMaxServerCacheLocks;
|
||||
;+ local:
|
||||
;+*;
|
||||
;+};
|
||||
;+NSS_3.7.4 { # NSS 3.7.4 release
|
||||
;+ global:
|
||||
SSL_ShutdownServerSessionIDCache;
|
||||
;+ local:
|
||||
;+*;
|
||||
;+};
|
||||
|
@ -32,7 +32,7 @@
|
||||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*
|
||||
* $Id: ssl.h,v 1.15 2002/09/18 22:32:19 wtc%netscape.com Exp $
|
||||
* $Id: ssl.h,v 1.16 2003/03/26 00:31:12 wtc%netscape.com Exp $
|
||||
*/
|
||||
|
||||
#ifndef __ssl_h_
|
||||
@ -364,6 +364,11 @@ SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
|
||||
*/
|
||||
SSL_IMPORT void SSL_ClearSessionCache(void);
|
||||
|
||||
/*
|
||||
** Close the server's SSL session cache.
|
||||
*/
|
||||
SSL_IMPORT SECStatus SSL_ShutdownServerSessionIDCache(void);
|
||||
|
||||
/*
|
||||
** Set peer information so we can correctly look up SSL session later.
|
||||
** You only have to do this if you're tunneling through a proxy.
|
||||
|
@ -37,7 +37,7 @@
|
||||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*
|
||||
* $Id: ssl3con.c,v 1.51 2003/03/13 16:36:43 relyea%netscape.com Exp $
|
||||
* $Id: ssl3con.c,v 1.52 2003/03/26 00:31:12 wtc%netscape.com Exp $
|
||||
*/
|
||||
|
||||
#include "nssrenam.h"
|
||||
@ -3320,6 +3320,33 @@ typedef struct {
|
||||
PK11SymKey * symWrapKey[kt_kea_size];
|
||||
} ssl3SymWrapKey;
|
||||
|
||||
static PZLock * symWrapKeysLock;
|
||||
static ssl3SymWrapKey symWrapKeys[SSL_NUM_WRAP_MECHS];
|
||||
|
||||
SECStatus
|
||||
SSL3_ShutdownServerCache(void)
|
||||
{
|
||||
int i, j;
|
||||
|
||||
if (!symWrapKeysLock)
|
||||
return SECSuccess; /* was never initialized */
|
||||
PZ_Lock(symWrapKeysLock);
|
||||
/* get rid of all symWrapKeys */
|
||||
for (i = 0; i < SSL_NUM_WRAP_MECHS; ++i) {
|
||||
for (j = 0; j < kt_kea_size; ++j) {
|
||||
PK11SymKey ** pSymWrapKey;
|
||||
pSymWrapKey = &symWrapKeys[i].symWrapKey[j];
|
||||
if (*pSymWrapKey) {
|
||||
PK11_FreeSymKey(*pSymWrapKey);
|
||||
*pSymWrapKey = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
PZ_Unlock(symWrapKeysLock);
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
/* Try to get wrapping key for mechanism from in-memory array.
|
||||
* If that fails, look for one on disk.
|
||||
* If that fails, generate a new one, put the new one on disk,
|
||||
@ -3344,9 +3371,6 @@ getWrappingKey( sslSocket * ss,
|
||||
SECItem wrappedKey;
|
||||
SSLWrappedSymWrappingKey wswk;
|
||||
|
||||
static PZLock * symWrapKeysLock;
|
||||
static ssl3SymWrapKey symWrapKeys[SSL_NUM_WRAP_MECHS];
|
||||
|
||||
svrPrivKey = ss->serverCerts[exchKeyType].serverKey;
|
||||
PORT_Assert(svrPrivKey != NULL);
|
||||
if (!svrPrivKey) {
|
||||
|
@ -38,7 +38,7 @@
|
||||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*
|
||||
* $Id: sslimpl.h,v 1.30 2003/02/27 01:31:34 nelsonb%netscape.com Exp $
|
||||
* $Id: sslimpl.h,v 1.31 2003/03/26 00:31:13 wtc%netscape.com Exp $
|
||||
*/
|
||||
|
||||
#ifndef __sslimpl_h_
|
||||
@ -1261,6 +1261,9 @@ ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
|
||||
extern PRBool
|
||||
ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
|
||||
|
||||
/* get rid of the symmetric wrapping key references. */
|
||||
extern SECStatus SSL3_ShutdownServerCache(void);
|
||||
|
||||
/********************** misc calls *********************/
|
||||
|
||||
extern int ssl_MapLowLevelError(int hiLevelError);
|
||||
|
@ -32,7 +32,7 @@
|
||||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*
|
||||
* $Id: sslsnce.c,v 1.23 2003/01/23 00:15:08 jpierre%netscape.com Exp $
|
||||
* $Id: sslsnce.c,v 1.24 2003/03/26 00:31:13 wtc%netscape.com Exp $
|
||||
*/
|
||||
|
||||
/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server
|
||||
@ -1158,6 +1158,21 @@ SSL_ConfigServerSessionIDCache( int maxCacheEntries,
|
||||
maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SSL_ShutdownServerSessionIDCacheInstance(cacheDesc *cache)
|
||||
{
|
||||
/* if single process, close down, clean up.
|
||||
** if multi-process, TBD.
|
||||
*/
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SSL_ShutdownServerSessionIDCache(void)
|
||||
{
|
||||
SSL3_ShutdownServerCache();
|
||||
return SSL_ShutdownServerSessionIDCacheInstance(&globalCache);
|
||||
}
|
||||
|
||||
/* Use this function, instead of SSL_ConfigServerSessionIDCache,
|
||||
* if the cache will be shared by multiple processes.
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user