Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/peercertchain.patch

Issue 6538005: Update the NSS patches. Add snapstart2.patch and peercertchain.patch.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/clientauth.patch ('k') | net/third_party/nss/patches/snapstart2.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 Index: net/third_party/nss/ssl/ssl.h
2 ===================================================================
3 --- net/third_party/nss/ssl/ssl.h (revision 63749)
4 +++ net/third_party/nss/ssl/ssl.h (revision 63750)
5 @@ -273,6 +273,17 @@
6 SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
7
8 /*
9 +** Return references to the certificates presented by the SSL peer. On entry,
10 +** |*certs_size| must contain the size of the |certs| array. On successful
11 +** return, |*certs_size| contains the number of certificates available and
12 +** |certs| will contain references to as many certificates as would fit.
13 +** Therefore if, on exit, |*certs_size| contains a value less than, or equal to ,
14 +** the entry value then all certificates were returned.
15 +*/
16 +SSL_IMPORT SECStatus SSL_PeerCertificateChain(
17 + PRFileDesc *fd, CERTCertificate **certs, unsigned int *certs_size);
18 +
19 +/*
20 ** Authenticate certificate hook. Called when a certificate comes in
21 ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
22 ** certificate.
23 Index: net/third_party/nss/ssl/sslauth.c
24 ===================================================================
25 --- net/third_party/nss/ssl/sslauth.c (revision 63749)
26 +++ net/third_party/nss/ssl/sslauth.c (revision 63750)
27 @@ -60,6 +60,42 @@
28 }
29
30 /* NEED LOCKS IN HERE. */
31 +SECStatus
32 +SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs,
33 + unsigned int *certsSize)
34 +{
35 + sslSocket *ss;
36 + unsigned int inSize = *certsSize;
37 + ssl3CertNode* cur;
38 +
39 + ss = ssl_FindSocket(fd);
40 + if (!ss) {
41 + SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
42 + SSL_GETPID(), fd));
43 + return SECFailure;
44 + }
45 + if (!ss->opt.useSecurity)
46 + return SECFailure;
47 +
48 + if (ss->sec.peerCert == NULL) {
49 + *certsSize = 0;
50 + return SECSuccess;
51 + }
52 +
53 + *certsSize = 1; /* for the leaf certificate */
54 + if (inSize > 0)
55 + certs[0] = CERT_DupCertificate(ss->sec.peerCert);
56 +
57 + for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
58 + if (*certsSize < inSize)
59 + certs[*certsSize] = CERT_DupCertificate(cur->cert);
60 + (*certsSize)++;
61 + }
62 +
63 + return SECSuccess;
64 +}
65 +
66 +/* NEED LOCKS IN HERE. */
67 CERTCertificate *
68 SSL_LocalCertificate(PRFileDesc *fd)
69 {
70 Index: net/third_party/nss/ssl/ssl.def
71 ===================================================================
72 --- net/third_party/nss/ssl/ssl.def (revision 63749)
73 +++ net/third_party/nss/ssl/ssl.def (revision 63750)
74 @@ -163,6 +163,7 @@
75 ;+ global:
76 SSL_GetPredictedServerHelloData;
77 SSL_GetSnapStartResult;
78 +SSL_PeerCertificateChain;
79 SSL_SetPredictedPeerCertificates;
80 SSL_SetPredictedServerHelloData;
81 SSL_SetSnapStartApplicationData;
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/clientauth.patch ('k') | net/third_party/nss/patches/snapstart2.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698