Closed Bug 257860 Opened 16 years ago Closed 13 years ago
Incorrect comment for SSL
_Security Status in ssl .h
The comment before the declaration for SSL_SecurityStatus in ssl.h says: /* ** Query security status of socket. *on is set to one if security is ** enabled. *keySize will contain the stream key size used. *issuer will ** contain the RFC1485 verison of the name of the issuer of the ** certificate at the other end of the connection. For a client, this is ** the issuer of the server's certificate; for a server, this is the ** issuer of the client's certificate (if any). Subject is the subject of ** the other end's certificate. The pointers can be zero if the desired ** data is not needed. All strings returned by this function are owned ** by SSL, and will be freed when the socket is closed. */ SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher, int *keySize, int *secretKeySize, char **issuer, char **subject); I believe that the last sentence in the comment is wrong. The caller needs to free *issuer and *subject with PORT_Free. Nelson, could you confirm this?
I confirm. The last sentence in that comment has never been correct. There are actually 3 returned strings that need to be freed by the caller: *cipher, *issuer, and *subject. The correct use is shown in http://lxr.mozilla.org/mozilla/source/security/nss/cmd/vfyserv/vfyutil.c#410
Severity: major → normal
Priority: -- → P3
Target Milestone: --- → 3.12
Comment on attachment 271765 [details] [diff] [review] Fix comment r=nelson
Attachment #271765 - Flags: review?(nelson) → review+
Nelson, Thanks for the review. I checked in the fix to the trunk. Checking in ssl.h; /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v <-- ssl.h new revision: 1.25; previous revision: 1.24 done
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.