| Index: net/third_party/nss/patches/falsestart2.patch
|
| ===================================================================
|
| --- net/third_party/nss/patches/falsestart2.patch (revision 75311)
|
| +++ net/third_party/nss/patches/falsestart2.patch (working copy)
|
| @@ -1,146 +0,0 @@
|
| -Index: mozilla/security/nss/lib/ssl/sslauth.c
|
| -===================================================================
|
| -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v
|
| -retrieving revision 1.16
|
| -diff -p -u -8 -r1.16 sslauth.c
|
| ---- mozilla/security/nss/lib/ssl/sslauth.c 20 Apr 2006 00:20:45 -0000 1.16
|
| -+++ mozilla/security/nss/lib/ssl/sslauth.c 27 Aug 2010 02:01:44 -0000
|
| -@@ -87,16 +87,17 @@ SSL_LocalCertificate(PRFileDesc *fd)
|
| - /* NEED LOCKS IN HERE. */
|
| - SECStatus
|
| - SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
|
| - char **ip, char **sp)
|
| - {
|
| - sslSocket *ss;
|
| - const char *cipherName;
|
| - PRBool isDes = PR_FALSE;
|
| -+ PRBool enoughFirstHsDone = PR_FALSE;
|
| -
|
| - ss = ssl_FindSocket(fd);
|
| - if (!ss) {
|
| - SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus",
|
| - SSL_GETPID(), fd));
|
| - return SECFailure;
|
| - }
|
| -
|
| -@@ -104,18 +105,24 @@ SSL_SecurityStatus(PRFileDesc *fd, int *
|
| - if (kp0) *kp0 = 0;
|
| - if (kp1) *kp1 = 0;
|
| - if (ip) *ip = 0;
|
| - if (sp) *sp = 0;
|
| - if (op) {
|
| - *op = SSL_SECURITY_STATUS_OFF;
|
| - }
|
| -
|
| -- if (ss->opt.useSecurity && ss->firstHsDone) {
|
| -+ if (ss->firstHsDone) {
|
| -+ enoughFirstHsDone = PR_TRUE;
|
| -+ } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
|
| -+ ssl3_CanFalseStart(ss)) {
|
| -+ enoughFirstHsDone = PR_TRUE;
|
| -+ }
|
| -
|
| -+ if (ss->opt.useSecurity && enoughFirstHsDone) {
|
| - if (ss->version < SSL_LIBRARY_VERSION_3_0) {
|
| - cipherName = ssl_cipherName[ss->sec.cipherType];
|
| - } else {
|
| - cipherName = ssl3_cipherName[ss->sec.cipherType];
|
| - }
|
| - PORT_Assert(cipherName);
|
| - if (cipherName) {
|
| - if (PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE;
|
| -Index: mozilla/security/nss/lib/ssl/sslinfo.c
|
| -===================================================================
|
| -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslinfo.c,v
|
| -retrieving revision 1.23
|
| -diff -p -u -8 -r1.23 sslinfo.c
|
| ---- mozilla/security/nss/lib/ssl/sslinfo.c 15 Jan 2010 01:49:33 -0000 1.23
|
| -+++ mozilla/security/nss/lib/ssl/sslinfo.c 27 Aug 2010 02:01:44 -0000
|
| -@@ -55,33 +55,41 @@ ssl_GetCompressionMethodName(SSLCompress
|
| - }
|
| -
|
| - SECStatus
|
| - SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
|
| - {
|
| - sslSocket * ss;
|
| - SSLChannelInfo inf;
|
| - sslSessionID * sid;
|
| -+ PRBool enoughFirstHsDone = PR_FALSE;
|
| -
|
| - if (!info || len < sizeof inf.length) {
|
| - PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| - return SECFailure;
|
| - }
|
| -
|
| - ss = ssl_FindSocket(fd);
|
| - if (!ss) {
|
| - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo",
|
| - SSL_GETPID(), fd));
|
| - return SECFailure;
|
| - }
|
| -
|
| - memset(&inf, 0, sizeof inf);
|
| - inf.length = PR_MIN(sizeof inf, len);
|
| -
|
| -- if (ss->opt.useSecurity && ss->firstHsDone) {
|
| -+ if (ss->firstHsDone) {
|
| -+ enoughFirstHsDone = PR_TRUE;
|
| -+ } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
|
| -+ ssl3_CanFalseStart(ss)) {
|
| -+ enoughFirstHsDone = PR_TRUE;
|
| -+ }
|
| -+
|
| -+ if (ss->opt.useSecurity && enoughFirstHsDone) {
|
| - sid = ss->sec.ci.sid;
|
| - inf.protocolVersion = ss->version;
|
| - inf.authKeyBits = ss->sec.authKeyBits;
|
| - inf.keaKeyBits = ss->sec.keaKeyBits;
|
| - if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
|
| - inf.cipherSuite = ss->sec.cipherType | 0xff00;
|
| - inf.compressionMethod = ssl_compression_null;
|
| - inf.compressionMethodName = "N/A";
|
| -Index: mozilla/security/nss/lib/ssl/sslreveal.c
|
| -===================================================================
|
| -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslreveal.c,v
|
| -retrieving revision 1.7
|
| -diff -p -u -8 -r1.7 sslreveal.c
|
| ---- mozilla/security/nss/lib/ssl/sslreveal.c 4 Feb 2010 03:21:11 -0000 1.7
|
| -+++ mozilla/security/nss/lib/ssl/sslreveal.c 27 Aug 2010 02:01:44 -0000
|
| -@@ -106,24 +106,36 @@ SSL_RevealURL(PRFileDesc * fd)
|
| - SECStatus
|
| - SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
|
| - SSLExtensionType extId,
|
| - PRBool *pYes)
|
| - {
|
| - /* some decisions derived from SSL_GetChannelInfo */
|
| - sslSocket * sslsocket = NULL;
|
| - SECStatus rv = SECFailure;
|
| -+ PRBool enoughFirstHsDone = PR_FALSE;
|
| -
|
| - if (!pYes)
|
| - return rv;
|
| -
|
| - sslsocket = ssl_FindSocket(socket);
|
| -+ if (!sslsocket) {
|
| -+ SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
|
| -+ SSL_GETPID(), socket));
|
| -+ return rv;
|
| -+ }
|
| -+
|
| -+ if (sslsocket->firstHsDone) {
|
| -+ enoughFirstHsDone = PR_TRUE;
|
| -+ } else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) {
|
| -+ enoughFirstHsDone = PR_TRUE;
|
| -+ }
|
| -
|
| - /* according to public API SSL_GetChannelInfo, this doesn't need a lock */
|
| -- if (sslsocket && sslsocket->opt.useSecurity && sslsocket->firstHsDone) {
|
| -+ if (sslsocket->opt.useSecurity && enoughFirstHsDone) {
|
| - if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
|
| - /* now we know this socket went through ssl3_InitState() and
|
| - * ss->xtnData got initialized, which is the only member accessed by
|
| - * ssl3_ExtensionNegotiated();
|
| - * Member xtnData appears to get accessed in functions that handle
|
| - * the handshake (hello messages and extension sending),
|
| - * therefore the handshake lock should be sufficient.
|
| - */
|
|
|
Chromium Code Reviews
Issue 6487026:
Update to NSS 3.12.9. falsestart.patch, falsestart2.patch, and... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/