Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(664)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/dheclientauth.patch

Issue 5611005: Workaround a bug in NSS when using DHE+client authentication. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Add the extra cast Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/README.chromium ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 Index: mozilla/security/nss/lib/ssl/ssl3con.c
2 ===================================================================
3 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
4 retrieving revision 1.142.2.4
5 diff -u -p -u -8 -r1.142.2.4 ssl3con.c
6 --- mozilla/security/nss/lib/ssl/ssl3con.c 1 Sep 2010 19:47:11 -0000 1.142.2.4
7 +++ mozilla/security/nss/lib/ssl/ssl3con.c 8 Dec 2010 06:55:49 -0000
8 @@ -4832,24 +4832,18 @@ ssl3_SendCertificateVerify(sslSocket *ss
9 */
10 slot = PK11_GetSlotFromPrivateKey(ss->ssl3.clientPrivateKey);
11 sid->u.ssl3.clAuthSeries = PK11_GetSlotSeries(slot);
12 sid->u.ssl3.clAuthSlotID = PK11_GetSlotID(slot);
13 sid->u.ssl3.clAuthModuleID = PK11_GetModuleID(slot);
14 sid->u.ssl3.clAuthValid = PR_TRUE;
15 PK11_FreeSlot(slot);
16 }
17 - /* If we're doing RSA key exchange, we're all done with the private key
18 - * here. Diffie-Hellman key exchanges need the client's
19 - * private key for the key exchange.
20 - */
21 - if (ss->ssl3.hs.kea_def->exchKeyType == kt_rsa) {
22 - SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
23 - ss->ssl3.clientPrivateKey = NULL;
24 - }
25 + SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
26 + ss->ssl3.clientPrivateKey = NULL;
27 if (rv != SECSuccess) {
28 goto done; /* err code was set by ssl3_SignHashes */
29 }
30
31 rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, buf.len + 2);
32 if (rv != SECSuccess) {
33 goto done; /* error code set by AppendHandshake */
34 }
35 @@ -4894,16 +4888,30 @@ ssl3_HandleServerHello(sslSocket *ss, SS
36 goto alert_loser;
37 }
38 if (ss->ssl3.hs.ws != wait_server_hello) {
39 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO;
40 desc = unexpected_message;
41 goto alert_loser;
42 }
43
44 + /* clean up anything left from previous handshake. */
45 + if (ss->ssl3.clientCertChain != NULL) {
46 + CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
47 + ss->ssl3.clientCertChain = NULL;
48 + }
49 + if (ss->ssl3.clientCertificate != NULL) {
50 + CERT_DestroyCertificate(ss->ssl3.clientCertificate);
51 + ss->ssl3.clientCertificate = NULL;
52 + }
53 + if (ss->ssl3.clientPrivateKey != NULL) {
54 + SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
55 + ss->ssl3.clientPrivateKey = NULL;
56 + }
57 +
58 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
59 if (temp < 0) {
60 goto loser; /* alert has been sent */
61 }
62 version = (SSL3ProtocolVersion)temp;
63
64 /* this is appropriate since the negotiation is complete, and we only
65 ** know SSL 3.x.
66 @@ -5449,29 +5457,19 @@ ssl3_HandleCertificateRequest(sslSocket
67
68 if (ss->ssl3.hs.ws != wait_cert_request &&
69 ss->ssl3.hs.ws != wait_server_key) {
70 desc = unexpected_message;
71 errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST;
72 goto alert_loser;
73 }
74
75 - /* clean up anything left from previous handshake. */
76 - if (ss->ssl3.clientCertChain != NULL) {
77 - CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
78 - ss->ssl3.clientCertChain = NULL;
79 - }
80 - if (ss->ssl3.clientCertificate != NULL) {
81 - CERT_DestroyCertificate(ss->ssl3.clientCertificate);
82 - ss->ssl3.clientCertificate = NULL;
83 - }
84 - if (ss->ssl3.clientPrivateKey != NULL) {
85 - SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
86 - ss->ssl3.clientPrivateKey = NULL;
87 - }
88 + PORT_Assert(ss->ssl3.clientCertChain == NULL);
89 + PORT_Assert(ss->ssl3.clientCertificate == NULL);
90 + PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
91
92 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
93 rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length);
94 if (rv != SECSuccess)
95 goto loser; /* malformed, alert has been sent */
96
97 arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
98 if (arena == NULL)
OLDNEW
« no previous file with comments | « net/third_party/nss/README.chromium ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698