net/third_party/nss/ssl/ssl3con.c - Issue 5611005: Workaround a bug in NSS when using DHE+client authentication.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/third_party/nss/ssl/ssl3con.c

Issue 5611005: Workaround a bug in NSS when using DHE+client authentication. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Feedback from wtc Created 10 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/third_party/nss/ssl/ssl3con.c

diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c

index d56bb97b802b4b5fd094480bd33b37d44ab831cf..d9b602fe6b4eaa6eef70705388e23fb022de5939 100644

--- a/net/third_party/nss/ssl/ssl3con.c

+++ b/net/third_party/nss/ssl/ssl3con.c

@@ -5022,6 +5022,26 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)

desc = unexpected_message;

goto alert_loser;

}

+ /* clean up anything left from previous handshake. */

+ if (ss->ssl3.clientCertChain != NULL) {

+ CERT_DestroyCertificateList(ss->ssl3.clientCertChain);

+ ss->ssl3.clientCertChain = NULL;

+ }

+ if (ss->ssl3.clientCertificate != NULL) {

+ CERT_DestroyCertificate(ss->ssl3.clientCertificate);

+ ss->ssl3.clientCertificate = NULL;

+ }

+ if (ss->ssl3.clientPrivateKey != NULL) {

+ SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);

+ ss->ssl3.clientPrivateKey = NULL;

+ }

+#ifdef NSS_PLATFORM_CLIENT_AUTH

+ if (ss->ssl3.platformClientKey) {

+ ssl_FreePlatformKey(ss->ssl3.platformClientKey);

+ ss->ssl3.platformClientKey = (PlatformKey)NULL;

+ }

+#endif /* NSS_PLATFORM_CLIENT_AUTH */

if (ss->ssl3.serverHelloPredictionData.data)

SECITEM_FreeItem(&ss->ssl3.serverHelloPredictionData, PR_FALSE);

@@ -5520,26 +5540,6 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)

goto alert_loser;

}

- /* clean up anything left from previous handshake. */

wtc 2010/12/08 03:04:14 You can replace these with PORT_Assert assertions

- if (ss->ssl3.clientCertChain != NULL) {

- CERT_DestroyCertificateList(ss->ssl3.clientCertChain);

- ss->ssl3.clientCertChain = NULL;

- }

- if (ss->ssl3.clientCertificate != NULL) {

- CERT_DestroyCertificate(ss->ssl3.clientCertificate);

- ss->ssl3.clientCertificate = NULL;

- }

- if (ss->ssl3.clientPrivateKey != NULL) {

- SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);

- ss->ssl3.clientPrivateKey = NULL;

- }

-#ifdef NSS_PLATFORM_CLIENT_AUTH

- if (ss->ssl3.platformClientKey) {

- ssl_FreePlatformKey(ss->ssl3.platformClientKey);

- ss->ssl3.platformClientKey = (PlatformKey)NULL;

- }

-#endif /* NSS_PLATFORM_CLIENT_AUTH */

isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);

rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length);

if (rv != SECSuccess)

« no previous file with comments | « no previous file | no next file » | no next file with comments »