Closed
Bug 153380
Opened 23 years ago
Closed 23 years ago
SSL_ENABLE_TLS comments in ssl.h is wrong
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.6
People
(Reporter: mcs, Assigned: wtc)
References
Details
Attachments
(1 file, 1 obsolete file)
|
1.24 KB,
patch
|
Details | Diff | Splinter Review |
I noticed this in ssl.h:
#define SSL_ENABLE_TLS 13 /* enable TLS (off by default) */
But TLS is enabled by default now.
Also, it would be great to include comments in ssl.h for each option that says
whether it is ON or OFF by default. Some include that information and some do not.
|
Assignee | |
Comment 1•23 years ago
|
||
Fixed on the tip, in rev. 13 of ssl.h.
I found that the "factory" default settings of the various
SSL options are not documented in the SSL Reference
(http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html).
It is not clear whether we should document the factory
default settings (which means they won't change, at least
not until the next major version upgrade) or we should
state that the factory default settings are implementation
defined and users need to call SSL_OptionGetDefault to get
them. Nelson, what do you think?
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.6
|
||
Comment 2•23 years ago
|
||
We should document the factory default settings (which means they
won't change, at least not until the next major version upgrade).
That is and has been the policy for the default settings of all ssl
options for a long time.
TLS was off by default in all the 2.x releases (since it was implemented),
and is on by default beginning in NSS 3.0, which was a major version.
The comment is wrong, and should be fixed.
|
|
Assignee | |
Comment 3•23 years ago
|
||
How does this look, Nelson and Mark?
|
Reporter | |
Comment 4•23 years ago
|
||
Comment on attachment 88698 [details]
Proposed comments in ssl.h
Looks OK to me, but now I want to know what the difference is between 2 and
other values that might be used for SSL_REQUIRE_CERTIFICATE.
|
|
Assignee | |
Comment 5•23 years ago
|
||
The values that might be used for SSL_REQUIRE_CERTIFICATE are
the topic of bug 135261. We plan to add a new value (3) and
add symbolic constants for these values.
Until the patch for bug 135261 is checked in, I have to use the
(undocumented) value 2 in the comments in ssl.h.
|
|
Assignee | |
Comment 7•23 years ago
|
||
Replaced 2 by the symbolic constant SSL_REQUIRE_FIRST_HANDSHAKE.
Nelson, could you add some comments explaining the four possible
values for the SSL_REQUIRE_FIRST_HANDSHAKE option?
Attachment #88698 -
Attachment is obsolete: true
|
|
||
Comment 8•23 years ago
|
||
I agree with the change you've proposed to the comments in ssl.h.
The differences between some of the 4 values for SSL_REQUIRE_FIRST_HANDSHAKE
are very subtle. I don't think I could describe them adequately in one or
two lines of text per option. Perhaps it is best to add a reference to
the SSL "reference manual" web page on mozilla.org, and clarify the
definitions of those 4 values in that page.
|
|
Assignee | |
Comment 9•23 years ago
|
||
Nelson, that makes sense. Then I'm going to mark
this bug fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•