257860 - Incorrect comment for SSL_SecurityStatus in ssl.h

Status: RESOLVED FIXED

(NSS :: Documentation, defect, P3)

Description

[Wan-Teh Chang]

The comment before the declaration for SSL_SecurityStatus
in ssl.h says:

/*
** Query security status of socket. *on is set to one if security is
** enabled. *keySize will contain the stream key size used. *issuer will
** contain the RFC1485 verison of the name of the issuer of the
** certificate at the other end of the connection. For a client, this is
** the issuer of the server's certificate; for a server, this is the
** issuer of the client's certificate (if any). Subject is the subject of
** the other end's certificate. The pointers can be zero if the desired
** data is not needed.  All strings returned by this function are owned
** by SSL, and will be freed when the socket is closed.
*/
SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
                                        int *keySize, int *secretKeySize,
                                        char **issuer, char **subject);

I believe that the last sentence in the comment is wrong.
The caller needs to free *issuer and *subject with PORT_Free.
Nelson, could you confirm this?

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

I confirm.  The last sentence in that comment has never been correct.
There are actually 3 returned strings that need to be freed by the caller:
*cipher, *issuer, and *subject.  
The correct use is shown in 
http://lxr.mozilla.org/mozilla/source/security/nss/cmd/vfyserv/vfyutil.c#410

Comment 2

[Julien Pierre]

Attachment: Fix comment

Comment 3

[Nelson Bolyard (seldom reads bugmail)]

Comment on attachment 271765 [details] [diff] [review]
Fix comment

r=nelson

Comment 4

[Julien Pierre]

Nelson,

Thanks for the review. I checked in the fix to the trunk.

Checking in ssl.h;
/cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v  <--  ssl.h
new revision: 1.25; previous revision: 1.24
done