Peter Djalaliev wrote: > Hello, > > I have a question about something I don't understand in the SSL > implementation of NSS. > > When ssl_Do1stHandshake is called, it checks three handshake function > pointers in the sslSocket struct: handshake, nextHandshake and > securityHandshake. What is the difference between the three?
SSL stands for "Secure Sockets LAYER". the Layer originally included other protocols besides the protocol that became known as the SSL protocol. It also included SOCKS. The SOCKS code and the original SSL2 code were implemented as nested state machines. These variables held the state values of the various nested machines. The SOCKS implementation is NSS was abandoned long ago. It was superseded by a separate pushable NSPR module, which allows its implementation to be completely decoupled from the implementation of the SSL protocol. The SSL2 protocol implementations in NSS still uses two separate state machines, one to parse SSL2 records and another to handle the succession of records which is the SSL2 protocol. > I can see that the ss->handshake pointer is set in the beginning of the SSL > handshake by either ssl_SecureConnect or by SSL_ResetHandshake (if the > socket is already connected) to either ssl_BeginClientHandshake or > ssl_BeginServerHandshake. ssl_BeginClientHandshake, in turn, sets that > pointer to ssl_GatherRecord1stHandshake, which wil receive the server_hello > record from the server. > > Is the ss->nextHandshake used only for the SSL v2 implementaion? Yes, I think so. > What is the ss->securityHandshake used for? I think it may now be unused. I think it was part of the old SOCKS implementation that was abandoned. > Regards, > Peter -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
