diff options
| -rw-r--r-- | net/third_party/nss/ssl/ssl3con.c | 34 |
1 files changed, 14 insertions, 20 deletions
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index 13d91507..16ef9df 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -2791,16 +2791,6 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending", SSL_GETPID(), ss->fd )); - if (ss->ssl3.hs.snapStartType == snap_start_resume) { - /* If the server sent us a ChangeCipherSpec message then our Snap Start - * resume handshake was successful and we need to switch our current - * write cipher spec to reflect the ChangeCipherSpec message embedded - * in the ClientHello that the server has now processed. */ - ssl3_DestroyCipherSpec(ss->ssl3.cwSpec, PR_TRUE/*freeSrvName*/); - ss->ssl3.cwSpec = ss->ssl3.pwSpec; - ss->ssl3.pwSpec = NULL; - } - /* If we are really through with the old cipher prSpec * (Both the read and write sides have changed) destroy it. */ @@ -7597,15 +7587,6 @@ ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length) return SECFailure; } - if (ss->ssl3.hs.snapStartType == snap_start_full) { - /* Snap Start handshake was successful. Switch the cipher spec. */ - ssl_GetSpecWriteLock(ss); - ssl3_DestroyCipherSpec(ss->ssl3.cwSpec, PR_TRUE/*freeSrvName*/); - ss->ssl3.cwSpec = ss->ssl3.pwSpec; - ss->ssl3.pwSpec = NULL; - ssl_ReleaseSpecWriteLock(ss); - } - session_ticket.received_timestamp = ssl_Time(); if (length < 4) { (void)SSL3_SendAlert(ss, alert_fatal, decode_error); @@ -8491,6 +8472,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, return SECFailure; } + if (ss->ssl3.hs.snapStartType == snap_start_full || + ss->ssl3.hs.snapStartType == snap_start_resume) { + /* Snap Start handshake was successful. Switch the cipher spec. */ + ssl_GetSpecWriteLock(ss); + ssl3_DestroyCipherSpec(ss->ssl3.cwSpec, PR_TRUE/*freeSrvName*/); + ss->ssl3.cwSpec = ss->ssl3.pwSpec; + ss->ssl3.pwSpec = NULL; + ssl_ReleaseSpecWriteLock(ss); + } + isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0); if (isTLS) { TLSFinished tlsFinished; @@ -8663,7 +8654,10 @@ xmit_loser: ss->ssl3.hs.ws = idle_handshake; /* Do the handshake callback for sslv3 here, if we cannot false start. */ - if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { + if (ss->handshakeCallback != NULL && + (!ssl3_CanFalseStart(ss) || + ss->ssl3.hs.snapStartType == snap_start_full || + ss->ssl3.hs.snapStartType == snap_start_resume)) { (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); } |