Index: lib/ssl/sslsock.c |
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c |
index 7b91392ca354b34b35fdff7060f74bf6c6d6f3b0..24a39ffbc0ad52229dfa0f220c6609cc077a3666 100644 |
--- a/lib/ssl/sslsock.c |
+++ b/lib/ssl/sslsock.c |
@@ -72,7 +72,7 @@ static sslOptions ssl_defaults = { |
PR_FALSE, |
/* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */ |
PR_TRUE, /* detectRollBack */ |
- PR_FALSE, /* noStepDown */ |
+ PR_FALSE, /* unusedBit15 */ |
PR_FALSE, /* bypassPKCS11 */ |
PR_FALSE, /* noLocks */ |
PR_FALSE, /* enableSessionTickets */ |
@@ -278,7 +278,6 @@ ssl_DupSocket(sslSocket *os) |
sc->serverKeyBits = oc->serverKeyBits; |
ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : SECITEM_DupArray(NULL, os->certStatusArray[i]); |
} |
- ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : ssl3_GetKeyPairRef(os->stepDownKeyPair); |
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); |
ss->dheKeyPair = !os->dheKeyPair ? NULL : ssl3_GetKeyPairRef(os->dheKeyPair); |
ss->dheParams = os->dheParams; |
@@ -390,10 +389,6 @@ ssl_DestroySocketContents(sslSocket *ss) |
SECITEM_FreeItem(&ss->signedCertTimestamps[i], PR_FALSE); |
} |
} |
- if (ss->stepDownKeyPair) { |
- ssl3_FreeKeyPair(ss->stepDownKeyPair); |
- ss->stepDownKeyPair = NULL; |
- } |
if (ss->ephemeralECDHKeyPair) { |
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); |
ss->ephemeralECDHKeyPair = NULL; |
@@ -695,12 +690,6 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) |
ss->opt.detectRollBack = on; |
break; |
- case SSL_NO_STEP_DOWN: |
- ss->opt.noStepDown = on; |
- if (on) |
- SSL_DisableExportCipherSuites(fd); |
- break; |
- |
case SSL_BYPASS_PKCS11: |
if (ss->handshakeBegun) { |
PORT_SetError(PR_INVALID_STATE_ERROR); |
@@ -869,9 +858,6 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) |
case SSL_ROLLBACK_DETECTION: |
on = ss->opt.detectRollBack; |
break; |
- case SSL_NO_STEP_DOWN: |
- on = ss->opt.noStepDown; |
- break; |
case SSL_BYPASS_PKCS11: |
on = ss->opt.bypassPKCS11; |
break; |
@@ -980,9 +966,6 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) |
case SSL_ROLLBACK_DETECTION: |
on = ssl_defaults.detectRollBack; |
break; |
- case SSL_NO_STEP_DOWN: |
- on = ssl_defaults.noStepDown; |
- break; |
case SSL_BYPASS_PKCS11: |
on = ssl_defaults.bypassPKCS11; |
break; |
@@ -1120,12 +1103,6 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) |
ssl_defaults.detectRollBack = on; |
break; |
- case SSL_NO_STEP_DOWN: |
- ssl_defaults.noStepDown = on; |
- if (on) |
- SSL_DisableDefaultExportCipherSuites(); |
- break; |
- |
case SSL_BYPASS_PKCS11: |
if (PR_FALSE != on) { |
if (PR_SUCCESS == SSL_BypassSetup()) { |
@@ -1318,10 +1295,6 @@ ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled) |
{ |
if (ssl_IsRemovedCipherSuite(which)) |
return SECSuccess; |
- if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) { |
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
- return SECFailure; |
- } |
return ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled); |
} |
@@ -1365,10 +1338,6 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) |
} |
if (ssl_IsRemovedCipherSuite(which)) |
return SECSuccess; |
- if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) { |
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
- return SECFailure; |
- } |
return ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled); |
} |
@@ -1982,12 +1951,6 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) |
sc->serverKeyBits = mc->serverKeyBits; |
} |
} |
- if (sm->stepDownKeyPair) { |
- if (ss->stepDownKeyPair) { |
- ssl3_FreeKeyPair(ss->stepDownKeyPair); |
- } |
- ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair); |
- } |
if (sm->ephemeralECDHKeyPair) { |
if (ss->ephemeralECDHKeyPair) { |
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); |
@@ -3459,7 +3422,6 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant) |
sc->serverKeyBits = 0; |
ss->certStatusArray[i] = NULL; |
} |
- ss->stepDownKeyPair = NULL; |
ss->dheParams = NULL; |
ss->dheKeyPair = NULL; |