OLD | NEW |
1 diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
on.c | 1 diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
on.c |
2 --- a/net/third_party/nss/ssl/ssl3con.c 2012-11-09 15:34:12.258133766 -0800 | 2 --- a/net/third_party/nss/ssl/ssl3con.c 2012-11-09 15:34:12.258133766 -0800 |
3 +++ b/net/third_party/nss/ssl/ssl3con.c 2012-11-09 15:35:08.488958561 -0800 | 3 +++ b/net/third_party/nss/ssl/ssl3con.c 2012-11-09 15:35:08.488958561 -0800 |
4 @@ -2033,6 +2033,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID | 4 @@ -2033,6 +2033,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID |
5 PRBool isPresent = PR_TRUE; | 5 PRBool isPresent = PR_TRUE; |
6 | 6 |
7 /* we only care if we are doing client auth */ | 7 /* we only care if we are doing client auth */ |
8 + /* If NSS_PLATFORM_CLIENT_AUTH is defined and a platformClientKey is being | 8 + /* If NSS_PLATFORM_CLIENT_AUTH is defined and a platformClientKey is being |
9 + * used, u.ssl3.clAuthValid will be false and this function will always | 9 + * used, u.ssl3.clAuthValid will be false and this function will always |
10 + * return PR_TRUE. */ | 10 + * return PR_TRUE. */ |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
86 SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake", | 86 SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake", |
87 SSL_GETPID(), ss->fd)); | 87 SSL_GETPID(), ss->fd)); |
88 @@ -5917,6 +5939,7 @@ ssl3_HandleCertificateRequest(sslSocket | 88 @@ -5917,6 +5939,7 @@ ssl3_HandleCertificateRequest(sslSocket |
89 PORT_Assert(ss->ssl3.clientCertChain == NULL); | 89 PORT_Assert(ss->ssl3.clientCertChain == NULL); |
90 PORT_Assert(ss->ssl3.clientCertificate == NULL); | 90 PORT_Assert(ss->ssl3.clientCertificate == NULL); |
91 PORT_Assert(ss->ssl3.clientPrivateKey == NULL); | 91 PORT_Assert(ss->ssl3.clientPrivateKey == NULL); |
92 + PORT_Assert(ss->ssl3.platformClientKey == (PlatformKey)NULL); | 92 + PORT_Assert(ss->ssl3.platformClientKey == (PlatformKey)NULL); |
93 | 93 |
94 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); | 94 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); |
95 rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length); | 95 rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length); |
96 @@ -5983,6 +6006,20 @@ ssl3_HandleCertificateRequest(sslSocket | 96 @@ -5983,6 +6006,18 @@ ssl3_HandleCertificateRequest(sslSocket |
97 desc = no_certificate; | 97 desc = no_certificate; |
98 ss->ssl3.hs.ws = wait_hello_done; | 98 ss->ssl3.hs.ws = wait_hello_done; |
99 | 99 |
100 +#ifdef NSS_PLATFORM_CLIENT_AUTH | 100 +#ifdef NSS_PLATFORM_CLIENT_AUTH |
101 + if (ss->getPlatformClientAuthData == NULL) { | 101 + if (ss->getPlatformClientAuthData != NULL) { |
102 +» rv = SECFailure; /* force it to send a no_certificate alert */ | |
103 + } else { | |
104 + /* XXX Should pass cert_types in this call!! */ | 102 + /* XXX Should pass cert_types in this call!! */ |
105 + rv = (SECStatus)(*ss->getPlatformClientAuthData)( | 103 + rv = (SECStatus)(*ss->getPlatformClientAuthData)( |
106 + ss->getPlatformClientAuthDataArg, | 104 + ss->getPlatformClientAuthDataArg, |
107 + ss->fd, &ca_list, | 105 + ss->fd, &ca_list, |
108 + &platform_cert_list, | 106 + &platform_cert_list, |
109 + (void**)&ss->ssl3.platformClientKey, | 107 + (void**)&ss->ssl3.platformClientKey, |
110 + &ss->ssl3.clientCertificate, | 108 + &ss->ssl3.clientCertificate, |
111 + &ss->ssl3.clientPrivateKey); | 109 + &ss->ssl3.clientPrivateKey); |
112 + } | 110 + } else |
113 +#else | 111 +#endif |
114 if (ss->getClientAuthData == NULL) { | 112 if (ss->getClientAuthData == NULL) { |
115 rv = SECFailure; /* force it to send a no_certificate alert */ | 113 rv = SECFailure; /* force it to send a no_certificate alert */ |
116 } else { | 114 } else { |
117 @@ -5992,12 +6029,52 @@ ssl3_HandleCertificateRequest(sslSocket | 115 @@ -5992,12 +6029,52 @@ ssl3_HandleCertificateRequest(sslSocket |
118 &ss->ssl3.clientCertificate, | 116 &ss->ssl3.clientCertificate, |
119 &ss->ssl3.clientPrivateKey); | 117 &ss->ssl3.clientPrivateKey); |
120 } | 118 } |
121 +#endif /* NSS_PLATFORM_CLIENT_AUTH */ | 119 + |
122 switch (rv) { | 120 switch (rv) { |
123 case SECWouldBlock: /* getClientAuthData has put up a dialog box. */ | 121 case SECWouldBlock: /* getClientAuthData has put up a dialog box. */ |
124 ssl3_SetAlwaysBlock(ss); | 122 ssl3_SetAlwaysBlock(ss); |
125 break; /* not an error */ | 123 break; /* not an error */ |
126 | 124 |
127 case SECSuccess: | 125 case SECSuccess: |
128 +#ifdef NSS_PLATFORM_CLIENT_AUTH | 126 +#ifdef NSS_PLATFORM_CLIENT_AUTH |
129 + if (!platform_cert_list || CERT_LIST_EMPTY(platform_cert_list) || | 127 + if (!platform_cert_list || CERT_LIST_EMPTY(platform_cert_list) || |
130 + !ss->ssl3.platformClientKey) { | 128 + !ss->ssl3.platformClientKey) { |
131 + if (platform_cert_list) { | 129 + if (platform_cert_list) { |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
240 + return SECSuccess; | 238 + return SECSuccess; |
241 +} | 239 +} |
242 +#endif /* NSS_PLATFORM_CLIENT_AUTH */ | 240 +#endif /* NSS_PLATFORM_CLIENT_AUTH */ |
243 + | 241 + |
244 /* NEED LOCKS IN HERE. */ | 242 /* NEED LOCKS IN HERE. */ |
245 SECStatus | 243 SECStatus |
246 SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg) | 244 SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg) |
247 diff -puN -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h | 245 diff -puN -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h |
248 --- a/net/third_party/nss/ssl/ssl.h 2012-11-09 15:34:12.258133766 -0800 | 246 --- a/net/third_party/nss/ssl/ssl.h 2012-11-09 15:34:12.258133766 -0800 |
249 +++ b/net/third_party/nss/ssl/ssl.h 2012-11-09 15:35:08.488958561 -0800 | 247 +++ b/net/third_party/nss/ssl/ssl.h 2012-11-09 15:35:08.488958561 -0800 |
250 @@ -483,6 +483,45 @@ typedef SECStatus (PR_CALLBACK *SSLGetCl | 248 @@ -483,6 +483,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetCl |
251 SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd, | 249 SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd, |
252 SSLGetClientAuthData f, void *a); | 250 SSLGetClientAuthData f, void *a); |
253 | 251 |
254 +/* | 252 +/* |
255 + * Prototype for SSL callback to get client auth data from the application, | 253 + * Prototype for SSL callback to get client auth data from the application, |
256 + * optionally using the underlying platform's cryptographic primitives. | 254 + * optionally using the underlying platform's cryptographic primitives. |
257 + * To use the platform cryptographic primitives, caNames and pRetCerts | 255 + * To use the platform cryptographic primitives, caNames and pRetCerts |
258 + * should be set. To use NSS, pRetNSSCert and pRetNSSKey should be set. | 256 + * should be set. To use NSS, pRetNSSCert and pRetNSSKey should be set. |
259 + * Returning SECFailure will cause the socket to send no client certificate. | 257 + * Returning SECFailure will cause the socket to send no client certificate. |
260 + * arg - application passed argument | 258 + * arg - application passed argument |
(...skipping 15 matching lines...) Expand all Loading... |
276 + PRFileDesc *fd, | 274 + PRFileDesc *fd, |
277 + CERTDistNames *caNames, | 275 + CERTDistNames *caNames, |
278 + CERTCertList **pRetCerts,/*return */ | 276 + CERTCertList **pRetCerts,/*return */ |
279 + void **pRetKey,/* return */ | 277 + void **pRetKey,/* return */ |
280 + CERTCertificate **pRetNSSCert,/*return */ | 278 + CERTCertificate **pRetNSSCert,/*return */ |
281 + SECKEYPrivateKey **pRetNSSKey);/* return */ | 279 + SECKEYPrivateKey **pRetNSSKey);/* return */ |
282 + | 280 + |
283 +/* | 281 +/* |
284 + * Set the client side callback for SSL to retrieve user's private key | 282 + * Set the client side callback for SSL to retrieve user's private key |
285 + * and certificate. | 283 + * and certificate. |
| 284 + * Note: If a platform client auth callback is set, the callback configured by |
| 285 + * SSL_GetClientAuthDataHook, if any, will not be called. |
| 286 + * |
286 + * fd - the file descriptor for the connection in question | 287 + * fd - the file descriptor for the connection in question |
287 + * f - the application's callback that delivers the key and cert | 288 + * f - the application's callback that delivers the key and cert |
288 + * a - application specific data | 289 + * a - application specific data |
289 + */ | 290 + */ |
290 +SSL_IMPORT SECStatus | 291 +SSL_IMPORT SECStatus |
291 +SSL_GetPlatformClientAuthDataHook(PRFileDesc *fd, | 292 +SSL_GetPlatformClientAuthDataHook(PRFileDesc *fd, |
292 + SSLGetPlatformClientAuthData f, void *a); | 293 + SSLGetPlatformClientAuthData f, void *a); |
293 | 294 |
294 /* | 295 /* |
295 ** SNI extension processing callback function. | 296 ** SNI extension processing callback function. |
(...skipping 522 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
818 ss->sniSocketConfig = NULL; | 819 ss->sniSocketConfig = NULL; |
819 ss->sniSocketConfigArg = NULL; | 820 ss->sniSocketConfigArg = NULL; |
820 ss->getClientAuthData = NULL; | 821 ss->getClientAuthData = NULL; |
821 +#ifdef NSS_PLATFORM_CLIENT_AUTH | 822 +#ifdef NSS_PLATFORM_CLIENT_AUTH |
822 + ss->getPlatformClientAuthData = NULL; | 823 + ss->getPlatformClientAuthData = NULL; |
823 + ss->getPlatformClientAuthDataArg = NULL; | 824 + ss->getPlatformClientAuthDataArg = NULL; |
824 +#endif /* NSS_PLATFORM_CLIENT_AUTH */ | 825 +#endif /* NSS_PLATFORM_CLIENT_AUTH */ |
825 ss->handleBadCert = NULL; | 826 ss->handleBadCert = NULL; |
826 ss->badCertArg = NULL; | 827 ss->badCertArg = NULL; |
827 ss->pkcs11PinArg = NULL; | 828 ss->pkcs11PinArg = NULL; |
OLD | NEW |