Bug 525092: Allow SSL_GetChannelInfo to be called as soon as a TLS false NSS_3_12_BRANCH NSS_3_12_8_BETA3
authorwtc%google.com
Thu, 02 Sep 2010 01:13:46 +0000
branchNSS_3_12_BRANCH
changeset 9805 fb18545e94eb6ae9c49e1b62a90e465f3b85d0ea
parent 9803 e80961719331bad2c569ae7166772ca69faf09a7
child 9818 e8aa744fcf94070bf7034aec18d6f968d1d157c9
push idunknown
push userunknown
push dateunknown
bugs525092
Bug 525092: Allow SSL_GetChannelInfo to be called as soon as a TLS false start handshake is done. r=agl. Tag: NSS_3_12_BRANCH
security/nss/lib/ssl/sslinfo.c
--- a/security/nss/lib/ssl/sslinfo.c
+++ b/security/nss/lib/ssl/sslinfo.c
@@ -55,33 +55,41 @@ ssl_GetCompressionMethodName(SSLCompress
 }
 
 SECStatus 
 SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
 {
     sslSocket *      ss;
     SSLChannelInfo   inf;
     sslSessionID *   sid;
+    PRBool           enoughFirstHsDone = PR_FALSE;
 
     if (!info || len < sizeof inf.length) { 
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
 	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo",
 		 SSL_GETPID(), fd));
 	return SECFailure;
     }
 
     memset(&inf, 0, sizeof inf);
     inf.length = PR_MIN(sizeof inf, len);
 
-    if (ss->opt.useSecurity && ss->firstHsDone) {
+    if (ss->firstHsDone) {
+	enoughFirstHsDone = PR_TRUE;
+    } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
+	       ssl3_CanFalseStart(ss)) {
+	enoughFirstHsDone = PR_TRUE;
+    }
+
+    if (ss->opt.useSecurity && enoughFirstHsDone) {
         sid = ss->sec.ci.sid;
 	inf.protocolVersion  = ss->version;
 	inf.authKeyBits      = ss->sec.authKeyBits;
 	inf.keaKeyBits       = ss->sec.keaKeyBits;
 	if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
 	    inf.cipherSuite           = ss->sec.cipherType | 0xff00;
 	    inf.compressionMethod     = ssl_compression_null;
 	    inf.compressionMethodName = "N/A";