Home | History | Annotate | Download | only in ssl
      1 /*
      2  * Accessor functions for SSLSocket private members.
      3  *
      4  * This Source Code Form is subject to the terms of the Mozilla Public
      5  * License, v. 2.0. If a copy of the MPL was not distributed with this
      6  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      7 
      8 #include "cert.h"
      9 #include "ssl.h"
     10 #include "certt.h"
     11 #include "sslimpl.h"
     12 
     13 /* given PRFileDesc, returns a copy of certificate associated with the socket
     14  * the caller should delete the cert when done with SSL_DestroyCertificate
     15  */
     16 CERTCertificate *
     17 SSL_RevealCert(PRFileDesc * fd)
     18 {
     19   CERTCertificate * cert = NULL;
     20   sslSocket * sslsocket = NULL;
     21 
     22   sslsocket = ssl_FindSocket(fd);
     23 
     24   /* CERT_DupCertificate increases reference count and returns pointer to
     25    * the same cert
     26    */
     27   if (sslsocket && sslsocket->sec.peerCert)
     28     cert = CERT_DupCertificate(sslsocket->sec.peerCert);
     29 
     30   return cert;
     31 }
     32 
     33 /* given PRFileDesc, returns a pointer to PinArg associated with the socket
     34  */
     35 void *
     36 SSL_RevealPinArg(PRFileDesc * fd)
     37 {
     38   sslSocket * sslsocket = NULL;
     39   void * PinArg = NULL;
     40 
     41   sslsocket = ssl_FindSocket(fd);
     42 
     43   /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */
     44   if (sslsocket)
     45     PinArg = sslsocket->pkcs11PinArg;
     46 
     47   return PinArg;
     48 }
     49 
     50 
     51 /* given PRFileDesc, returns a pointer to the URL associated with the socket
     52  * the caller should free url when done
     53  */
     54 char *
     55 SSL_RevealURL(PRFileDesc * fd)
     56 {
     57   sslSocket * sslsocket = NULL;
     58   char * url = NULL;
     59 
     60   sslsocket = ssl_FindSocket(fd);
     61 
     62   if (sslsocket && sslsocket->url)
     63     url = PL_strdup(sslsocket->url);
     64 
     65   return url;
     66 }
     67 
     68 
     69 /* given PRFileDesc, returns status information related to extensions
     70  * negotiated with peer during the handshake.
     71  */
     72 
     73 SECStatus
     74 SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
     75                                  SSLExtensionType extId,
     76                                  PRBool *pYes)
     77 {
     78   /* some decisions derived from SSL_GetChannelInfo */
     79   sslSocket * sslsocket = NULL;
     80 
     81   if (!pYes) {
     82     PORT_SetError(SEC_ERROR_INVALID_ARGS);
     83     return SECFailure;
     84   }
     85 
     86   sslsocket = ssl_FindSocket(socket);
     87   if (!sslsocket) {
     88     SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
     89              SSL_GETPID(), socket));
     90     return SECFailure;
     91   }
     92 
     93   *pYes = PR_FALSE;
     94 
     95   /* according to public API SSL_GetChannelInfo, this doesn't need a lock */
     96   if (sslsocket->opt.useSecurity) {
     97     if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
     98       /* now we know this socket went through ssl3_InitState() and
     99        * ss->xtnData got initialized, which is the only member accessed by
    100        * ssl3_ExtensionNegotiated();
    101        * Member xtnData appears to get accessed in functions that handle
    102        * the handshake (hello messages and extension sending),
    103        * therefore the handshake lock should be sufficient.
    104        */
    105       ssl_GetSSL3HandshakeLock(sslsocket);
    106       *pYes = ssl3_ExtensionNegotiated(sslsocket, extId);
    107       ssl_ReleaseSSL3HandshakeLock(sslsocket);
    108     }
    109   }
    110 
    111   return SECSuccess;
    112 }
    113