[Date Prev][Date Next]
(ITS#6714) Patch - Mozilla NSS - implement full non-blocking semantics
Full_Name: Rich Megginson
Version: 2.4.23 (current CVS HEAD)
Submission from: (NULL) (18.104.22.168)
This patch implements full non-blocking semantics for the MozNSS crypto
implementation in the same manner as the openssl and gnutls implementations.
SSL_ForceHandshake can be called repeatedly until it gets enough data to
complete. One wrinkle is that, when SSL_ForceHandshake returns
PR_WOULD_BLOCK_ERROR, we have no way of knowing if it needs data for a read or a
write (a la openssl SSL_ERROR_WANT_WRITE and SSL_ERROR_WANT_READ). In order to
keep track of that, we use the io_flag in the tls_data object - if the last
operation called was a read/recv, we set the io_flag to TLSM_READ, and similar
for send/write and TLSM_WRITE. This way, the upflags function knows how to set
the sbiod needs_read and needs_write flags appropriately.
I also added special handling for the common case where the client uses ldapTOOL
-Z and the TLS fails from the client side (e.g. bogus CA cert file). In this
case, tlsm_session_accept will get a plain LDAP message beginning with
LBER_SEQUENCE instead of a valid SSL header. The code can short circuit the
process and return a more meaningful error message.
The tlsm_is_io_ready() function is now obsolete - keeping track of the io_flag,
plus using the function SSL_DataPending(), removes the need for the former
I added a convenience function tlsm_get_pvt_tls_data() to get the tls_data
associated with the tlsm_session (secure PRFileDesc).
This patch file is derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following
patch(es) were developed by Red Hat. Red Hat has not assigned rights
and/or interest in this work to any party. I, Rich Megginson am
authorized by Red Hat, my employer, to release this work under the
Red Hat hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose
with or without attribution and/or other notice.