Closed
Bug 153380
Opened 22 years ago
Closed 22 years ago
SSL_ENABLE_TLS comments in ssl.h is wrong
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.6
People
(Reporter: mcs, Assigned: wtc)
References
Details
Attachments
(1 file, 1 obsolete file)
|
1.24 KB,
patch
|
Details | Diff | Splinter Review |
I noticed this in ssl.h: #define SSL_ENABLE_TLS 13 /* enable TLS (off by default) */ But TLS is enabled by default now. Also, it would be great to include comments in ssl.h for each option that says whether it is ON or OFF by default. Some include that information and some do not.
|
Assignee | |
Comment 1•22 years ago
|
||
Fixed on the tip, in rev. 13 of ssl.h. I found that the "factory" default settings of the various SSL options are not documented in the SSL Reference (http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html). It is not clear whether we should document the factory default settings (which means they won't change, at least not until the next major version upgrade) or we should state that the factory default settings are implementation defined and users need to call SSL_OptionGetDefault to get them. Nelson, what do you think?
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.6
|
||
Comment 2•22 years ago
|
||
We should document the factory default settings (which means they won't change, at least not until the next major version upgrade). That is and has been the policy for the default settings of all ssl options for a long time. TLS was off by default in all the 2.x releases (since it was implemented), and is on by default beginning in NSS 3.0, which was a major version. The comment is wrong, and should be fixed.
|
|
Assignee | |
Comment 3•22 years ago
|
||
How does this look, Nelson and Mark?
|
Reporter | |
Comment 4•22 years ago
|
||
Comment on attachment 88698 [details]
Proposed comments in ssl.h
Looks OK to me, but now I want to know what the difference is between 2 and
other values that might be used for SSL_REQUIRE_CERTIFICATE.|
|
Assignee | |
Comment 5•22 years ago
|
||
The values that might be used for SSL_REQUIRE_CERTIFICATE are the topic of bug 135261. We plan to add a new value (3) and add symbolic constants for these values. Until the patch for bug 135261 is checked in, I have to use the (undocumented) value 2 in the comments in ssl.h.
|
|
Assignee | |
Comment 7•22 years ago
|
||
Replaced 2 by the symbolic constant SSL_REQUIRE_FIRST_HANDSHAKE. Nelson, could you add some comments explaining the four possible values for the SSL_REQUIRE_FIRST_HANDSHAKE option?
Attachment #88698 -
Attachment is obsolete: true
|
|
||
Comment 8•22 years ago
|
||
I agree with the change you've proposed to the comments in ssl.h. The differences between some of the 4 values for SSL_REQUIRE_FIRST_HANDSHAKE are very subtle. I don't think I could describe them adequately in one or two lines of text per option. Perhaps it is best to add a reference to the SSL "reference manual" web page on mozilla.org, and clarify the definitions of those 4 values in that page.
|
|
Assignee | |
Comment 9•22 years ago
|
||
Nelson, that makes sense. Then I'm going to mark this bug fixed.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•