Closed
Bug 731798
Opened 12 years ago
Closed 6 months ago
Add a function to report whether the last handshake on a socket resumed a previous SSL session
Categories
(NSS :: Libraries, enhancement, P5)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: wtc, Unassigned)
Details
Attachments
(1 file)
|
2.28 KB,
patch
|
briansmith
:
superreview+
mcmanus
:
feedback+
|
Details | Diff | Splinter Review |
Add a function to report whether the last handshake on a socket resumed a previous SSL session. The attached patch adds a SSL_HandshakeResumedSession function to do this. An alternative design is to export this info in SSL_GetChannelInfo. Bob, Brian, which do you prefer?
|
||
Comment 1•12 years ago
|
||
Right now, you can tell whether the handshake resumed a session by remembering whether or not your auth. certificate hook was called since the last time your handshake callback was called. So, currently, this function isn't strictly needed. However, I think it is a good idea to add it, as I would like to add the option to have the auth certificate hook called during resumption handshakes too in the future.
It is only safe to call this function from within a callback function or when access to the socket is serialized. (Otherwise, another thread could do a renegotiation on the same socket at the same time, potentially making the result incorrect.) You should document this.
> SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
The brace should be on its own line.
|
||
Comment 2•11 years ago
|
||
I'd be interested in using this in a psm patch. Wan-Teh - can we set some review flags and get it going again? Thanks!
|
Reporter | |
Updated•11 years ago
|
Attachment #601772 -
Flags: superreview?(bsmith)
Attachment #601772 -
Flags: review?(mcmanus)
|
|
||
Comment 3•11 years ago
|
||
Comment on attachment 601772 [details] [diff] [review] Add SSL_HandshakeResumedSession I'm not a peer so my review doesn't help process wise - but I certainly support this. I just wrote a psm patch based on the "did callback on a cert" logic but I would be happy to follow it up to use this if it were merged. it would certainly be more clear.
Attachment #601772 -
Flags: review?(mcmanus) → feedback+
|
|
||
Comment 4•10 years ago
|
||
Comment on attachment 601772 [details] [diff] [review] Add SSL_HandshakeResumedSession Review of attachment 601772 [details] [diff] [review]: ----------------------------------------------------------------- ::: mozilla/security/nss/lib/ssl/sslsock.c @@ +1507,5 @@ > return SECSuccess; > } > > +SECStatus > +SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) { The brace should be on its own line. Since you're not acquiring any locks here, that must mean you are assuming that the locks are already acquired because this is being called only in a callback, and/or the locks are not needed. Please document in the header file when it is safe to call this function. (Only in the handshake callback?)
Attachment #601772 -
Flags: superreview?(brian) → superreview+
|
||
Comment 5•2 years ago
|
||
The bug assignee is inactive on Bugzilla, so the assignee is being reset.
Assignee: wtc → nobody
Status: ASSIGNED → NEW
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•6 months ago
|
Severity: S3 → N/A
Status: NEW → RESOLVED
Closed: 6 months ago
Priority: -- → P5
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•