1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef _NSNSSIOLAYER_H
8 #define _NSNSSIOLAYER_H
10 #include "TransportSecurityInfo.h"
11 #include "nsISSLSocketControl.h"
12 #include "nsIClientAuthDialogs.h"
13 #include "nsAutoPtr.h"
14 #include "nsNSSCertificate.h"
15 #include "nsDataHashtable.h"
16 #include "nsTHashtable.h"
18 class nsNSSSocketInfo
: public mozilla::psm::TransportSecurityInfo
,
19 public nsISSLSocketControl
,
20 public nsIClientAuthUserDecision
25 NS_DECL_ISUPPORTS_INHERITED
26 NS_DECL_NSISSLSOCKETCONTROL
27 NS_DECL_NSICLIENTAUTHUSERDECISION
29 nsresult
SetForSTARTTLS(bool aForSTARTTLS
);
30 nsresult
GetForSTARTTLS(bool *aForSTARTTLS
);
32 nsresult
GetFileDescPtr(PRFileDesc
** aFilePtr
);
33 nsresult
SetFileDescPtr(PRFileDesc
* aFilePtr
);
35 nsresult
GetHandshakePending(bool *aHandshakePending
);
36 nsresult
SetHandshakePending(bool aHandshakePending
);
38 void GetPreviousCert(nsIX509Cert
** _result
);
40 void SetHasCleartextPhase(bool aHasCleartextPhase
);
41 bool GetHasCleartextPhase();
43 void SetHandshakeInProgress(bool aIsIn
);
44 bool GetHandshakeInProgress() { return mHandshakeInProgress
; }
45 void SetFirstServerHelloReceived() { mFirstServerHelloReceived
= true; }
46 bool HandshakeTimeout();
48 void SetAllowTLSIntoleranceTimeout(bool aAllow
);
50 PRStatus
CloseSocketAndDestroy(
51 const nsNSSShutDownPreventionLock
& proofOfLock
);
53 void SetNegotiatedNPN(const char *value
, PRUint32 length
);
54 void SetHandshakeCompleted() { mHandshakeCompleted
= true; }
56 bool GetJoined() { return mJoined
; }
57 void SetSentClientCert() { mSentClientCert
= true; }
59 // XXX: These are only used on for diagnostic purposes
60 enum CertVerificationState
{
61 before_cert_verification
,
62 waiting_for_cert_verification
,
63 after_cert_verification
65 void SetCertVerificationWaiting();
66 // Use errorCode == 0 to indicate success; in that case, errorMessageType is
68 void SetCertVerificationResult(PRErrorCode errorCode
,
69 ::mozilla::psm::SSLErrorMessageType errorMessageType
);
72 PRBool
IsWaitingForCertVerification() const
74 return mCertVerificationState
== waiting_for_cert_verification
;
77 bool IsSSL3Enabled() const { return mSSL3Enabled
; }
78 void SetSSL3Enabled(bool enabled
) { mSSL3Enabled
= enabled
; }
79 bool IsTLSEnabled() const { return mTLSEnabled
; }
80 void SetTLSEnabled(bool enabled
) { mTLSEnabled
= enabled
; }
84 CertVerificationState mCertVerificationState
;
89 bool mHandshakePending
;
90 bool mHasCleartextPhase
;
91 bool mHandshakeInProgress
;
92 bool mAllowTLSIntoleranceTimeout
;
93 bool mRememberClientAuthCertificate
;
94 PRIntervalTime mHandshakeStartTime
;
95 bool mFirstServerHelloReceived
;
97 nsresult
ActivateSSL();
99 nsCString mNegotiatedNPN
;
101 bool mHandshakeCompleted
;
103 bool mSentClientCert
;
106 class nsSSLIOLayerHelpers
109 static nsresult
Init();
110 static void Cleanup();
112 static bool nsSSLIOLayerInitialized
;
113 static PRDescIdentity nsSSLIOLayerIdentity
;
114 static PRIOMethods nsSSLIOLayerMethods
;
116 static mozilla::Mutex
*mutex
;
117 static nsTHashtable
<nsCStringHashKey
> *mTLSIntolerantSites
;
118 static nsTHashtable
<nsCStringHashKey
> *mTLSTolerantSites
;
120 static nsTHashtable
<nsCStringHashKey
> *mRenegoUnrestrictedSites
;
121 static bool mTreatUnsafeNegotiationAsBroken
;
122 static PRInt32 mWarnLevelMissingRFC5746
;
124 static void setTreatUnsafeNegotiationAsBroken(bool broken
);
125 static bool treatUnsafeNegotiationAsBroken();
127 static void setWarnLevelMissingRFC5746(PRInt32 level
);
128 static PRInt32
getWarnLevelMissingRFC5746();
130 static void getSiteKey(nsNSSSocketInfo
*socketInfo
, nsCSubstring
&key
);
131 static bool rememberPossibleTLSProblemSite(nsNSSSocketInfo
*socketInfo
);
132 static void rememberTolerantSite(nsNSSSocketInfo
*socketInfo
);
134 static void addIntolerantSite(const nsCString
&str
);
135 static void removeIntolerantSite(const nsCString
&str
);
136 static bool isKnownAsIntolerantSite(const nsCString
&str
);
138 static void setRenegoUnrestrictedSites(const nsCString
&str
);
139 static bool isRenegoUnrestrictedSite(const nsCString
&str
);
142 nsresult
nsSSLIOLayerNewSocket(PRInt32 family
,
145 const char *proxyHost
,
148 nsISupports
**securityInfo
,
152 nsresult
nsSSLIOLayerAddToSocket(PRInt32 family
,
155 const char *proxyHost
,
158 nsISupports
**securityInfo
,
162 nsresult
nsSSLIOLayerFreeTLSIntolerantSites();
163 nsresult
displayUnknownCertErrorAlert(nsNSSSocketInfo
*infoObject
, int error
);
165 #endif /* _NSNSSIOLAYER_H */