| Index: net/third_party/nss/patches/weakserverkey.patch
|
| ===================================================================
|
| --- net/third_party/nss/patches/weakserverkey.patch (revision 75311)
|
| +++ net/third_party/nss/patches/weakserverkey.patch (working copy)
|
| @@ -1,52 +0,0 @@
|
| -Index: mozilla/security/nss/lib/ssl/ssl3con.c
|
| -===================================================================
|
| -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
|
| -retrieving revision 1.144
|
| -diff -p -u -8 -r1.144 ssl3con.c
|
| ---- mozilla/security/nss/lib/ssl/ssl3con.c 12 Aug 2010 01:15:38 -0000 1.144
|
| -+++ mozilla/security/nss/lib/ssl/ssl3con.c 13 Aug 2010 23:23:40 -0000
|
| -@@ -5299,18 +5299,20 @@ ssl3_HandleServerKeyExchange(sslSocket *
|
| - SECItem dh_p = {siBuffer, NULL, 0};
|
| - SECItem dh_g = {siBuffer, NULL, 0};
|
| - SECItem dh_Ys = {siBuffer, NULL, 0};
|
| -
|
| - rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
|
| - if (rv != SECSuccess) {
|
| - goto loser; /* malformed. */
|
| - }
|
| -- if (dh_p.len < 512/8)
|
| -+ if (dh_p.len < 512/8) {
|
| -+ errCode = SSL_ERROR_WEAK_SERVER_KEY;
|
| - goto alert_loser;
|
| -+ }
|
| - rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
|
| - if (rv != SECSuccess) {
|
| - goto loser; /* malformed. */
|
| - }
|
| - if (dh_g.len == 0 || dh_g.len > dh_p.len + 1 ||
|
| - (dh_g.len == 1 && dh_g.data[0] == 0))
|
| - goto alert_loser;
|
| - rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length);
|
| -Index: mozilla/security/nss/lib/ssl/sslerr.h
|
| -===================================================================
|
| -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslerr.h,v
|
| -retrieving revision 1.11
|
| -diff -p -u -8 -r1.11 sslerr.h
|
| ---- mozilla/security/nss/lib/ssl/sslerr.h 24 Jun 2010 09:24:18 -0000 1.11
|
| -+++ mozilla/security/nss/lib/ssl/sslerr.h 13 Aug 2010 23:23:40 -0000
|
| -@@ -196,13 +196,15 @@ SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICK
|
| - SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110),
|
| -
|
| - SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111),
|
| - SSL_ERROR_RENEGOTIATION_NOT_ALLOWED = (SSL_ERROR_BASE + 112),
|
| - SSL_ERROR_UNSAFE_NEGOTIATION = (SSL_ERROR_BASE + 113),
|
| -
|
| - SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114),
|
| -
|
| -+SSL_ERROR_WEAK_SERVER_KEY = (SSL_ERROR_BASE + 115),
|
| -+
|
| - SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
|
| - } SSLErrorCodes;
|
| - #endif /* NO_SECURITY_ERROR_ENUM */
|
| -
|
| - #endif /* __SSL_ERR_H_ */
|
|
|
Chromium Code Reviews
Issue 6487026:
Update to NSS 3.12.9. falsestart.patch, falsestart2.patch, and... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/