| OLD | NEW |
|---|
| 1 commit 58913147a052b19246ac946077484d033d309287 | 1 commit c92170f883e6cfdc2c2dc6dbb49d3e6b8e9928f1 |
| 2 Author: Adam Langley <agl@chromium.org> | 2 Author: Adam Langley <agl@chromium.org> |
| 3 Date: Thu Jul 21 11:34:32 2011 -0400 | 3 Date: Thu Jul 21 11:34:32 2011 -0400 |
| 4 | 4 |
| 5 secret_extractor.patch | 5 secret_extractor.patch |
| 6 | 6 |
| 7 diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl
/ssl.def | 7 diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl
/ssl.def |
| 8 index 7ef15db..1993d3e 100644 | 8 index 7ef15db..1993d3e 100644 |
| 9 --- a/mozilla/security/nss/lib/ssl/ssl.def | 9 --- a/mozilla/security/nss/lib/ssl/ssl.def |
| 10 +++ b/mozilla/security/nss/lib/ssl/ssl.def | 10 +++ b/mozilla/security/nss/lib/ssl/ssl.def |
| 11 @@ -154,6 +154,7 @@ SSL_SNISocketConfigHook; | 11 @@ -154,6 +154,7 @@ SSL_SNISocketConfigHook; |
| 12 ;+}; | 12 ;+}; |
| 13 ;+NSS_CHROMIUM { | 13 ;+NSS_CHROMIUM { |
| 14 ;+ global: | 14 ;+ global: |
| 15 +SSL_ExportKeyingMaterial; | 15 +SSL_ExportKeyingMaterial; |
| 16 SSL_GetNextProto; | 16 SSL_GetNextProto; |
| 17 SSL_GetStapledOCSPResponse; | 17 SSL_GetStapledOCSPResponse; |
| 18 SSL_HandshakeResumedSession; | 18 SSL_HandshakeResumedSession; |
| 19 diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/s
sl.h | 19 diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/s
sl.h |
| 20 index 53ca301..1537aae 100644 | 20 index 53ca301..6b364bb 100644 |
| 21 --- a/mozilla/security/nss/lib/ssl/ssl.h | 21 --- a/mozilla/security/nss/lib/ssl/ssl.h |
| 22 +++ b/mozilla/security/nss/lib/ssl/ssl.h | 22 +++ b/mozilla/security/nss/lib/ssl/ssl.h |
| 23 @@ -686,6 +686,17 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipher
Suite, | 23 @@ -686,6 +686,19 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipher
Suite, |
| 24 /* Returnes negotiated through SNI host info. */ | 24 /* Returnes negotiated through SNI host info. */ |
| 25 SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd); | 25 SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd); |
| 26 | 26 |
| 27 +/* Export keying material according to RFC 5705. | 27 +/* Export keying material according to RFC 5705. |
| 28 +** fd must correspond to a TLS 1.0 or higher socket and out must | 28 +** fd must correspond to a TLS 1.0 or higher socket and out must |
| 29 +** already be allocated. | 29 +** already be allocated. If contextLen is zero it uses the no-context |
| 30 +** construction from the RFC. |
| 30 +*/ | 31 +*/ |
| 31 +SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd, | 32 +SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd, |
| 32 + const char *label, | 33 + const char *label, |
| 34 + unsigned int labelLen, |
| 33 + const unsigned char *context, | 35 + const unsigned char *context, |
| 34 + unsigned int contextlen, | 36 + unsigned int contextLen, |
| 35 + unsigned char *out, | 37 + unsigned char *out, |
| 36 + unsigned int outlen); | 38 + unsigned int outLen); |
| 37 + | 39 + |
| 38 /* | 40 /* |
| 39 ** Return a new reference to the certificate that was most recently sent | 41 ** Return a new reference to the certificate that was most recently sent |
| 40 ** to the peer on this SSL/TLS connection, or NULL if none has been sent. | 42 ** to the peer on this SSL/TLS connection, or NULL if none has been sent. |
| 41 diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/s
sl/ssl3con.c | 43 diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/s
sl/ssl3con.c |
| 42 index c39b8f8..dee5555 100644 | 44 index 66071d2..3bda2f3 100644 |
| 43 --- a/mozilla/security/nss/lib/ssl/ssl3con.c | 45 --- a/mozilla/security/nss/lib/ssl/ssl3con.c |
| 44 +++ b/mozilla/security/nss/lib/ssl/ssl3con.c | 46 +++ b/mozilla/security/nss/lib/ssl/ssl3con.c |
| 45 @@ -8442,18 +8442,17 @@ ssl3_RestartHandshakeAfterServerCert(sslSocket *ss) | 47 @@ -8443,33 +8443,33 @@ ssl3_RestartHandshakeAfterServerCert(sslSocket *ss) |
| 46 return rv; | 48 return rv; |
| 47 } | 49 } |
| 48 | 50 |
| 49 -static SECStatus | 51 -static SECStatus |
| 50 -ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, | 52 -ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, |
| 51 - PRBool isServer, | 53 - PRBool isServer, |
| 52 - const SSL3Finished * hashes, | 54 - const SSL3Finished * hashes, |
| 53 - TLSFinished * tlsFinished) | 55 - TLSFinished * tlsFinished) |
| 54 +/* The calling function must acquire and release the appropriate lock (i.e., | 56 +/* The calling function must acquire and release the appropriate lock (i.e., |
| 55 + * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any | 57 + * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any |
| 56 + * label must already be concatenated onto the beginning of val. | 58 + * label must already be concatenated onto the beginning of val. |
| 57 + */ | 59 + */ |
| 58 +SECStatus | 60 +SECStatus |
| 59 +ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, | 61 +ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, |
| 60 + unsigned int labelLen, const unsigned char *val, unsigned int valLen, | 62 + unsigned int labelLen, const unsigned char *val, unsigned int valLen, |
| 61 + unsigned char *out, unsigned int outLen) | 63 + unsigned char *out, unsigned int outLen) |
| 62 { | 64 { |
| 63 - const char * label; | 65 - const char * label; |
| 64 - unsigned int len; | 66 - unsigned int len; |
| 65 - SECStatus rv; | 67 - SECStatus rv; |
| 66 - | 68 - |
| 67 - label = isServer ? "server finished" : "client finished"; | 69 - label = isServer ? "server finished" : "client finished"; |
| 68 - len = 15; | 70 - len = 15; |
| 69 + SECStatus rv = SECSuccess; | 71 + SECStatus rv = SECSuccess; |
| 70 + unsigned int retLen; | |
| 71 | 72 |
| 72 if (spec->master_secret && !spec->bypassCiphers) { | 73 if (spec->master_secret && !spec->bypassCiphers) { |
| 73 SECItem param = {siBuffer, NULL, 0}; | 74 SECItem param = {siBuffer, NULL, 0}; |
| 74 @@ -8464,11 +8463,11 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, | 75 » PK11Context *prf_context = |
| 76 » PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN, |
| 77 » » » » spec->master_secret, ¶m); |
| 78 +» unsigned int retLen; |
| 79 + |
| 80 » if (!prf_context) |
| 75 return SECFailure; | 81 return SECFailure; |
| 76 | 82 |
| 77 rv = PK11_DigestBegin(prf_context); | 83 rv = PK11_DigestBegin(prf_context); |
| 78 - rv |= PK11_DigestOp(prf_context, (const unsigned char *) label, len); | 84 - rv |= PK11_DigestOp(prf_context, (const unsigned char *) label, len); |
| 79 - rv |= PK11_DigestOp(prf_context, hashes->md5, sizeof *hashes); | 85 - rv |= PK11_DigestOp(prf_context, hashes->md5, sizeof *hashes); |
| 80 - rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, | 86 - rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, |
| 81 - &len, sizeof tlsFinished->verify_data); | 87 - &len, sizeof tlsFinished->verify_data); |
| 82 - PORT_Assert(rv != SECSuccess || len == sizeof *tlsFinished); | 88 - PORT_Assert(rv != SECSuccess || len == sizeof *tlsFinished); |
| 83 + rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen); | 89 + rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen); |
| 84 + rv |= PK11_DigestOp(prf_context, val, valLen); | 90 + rv |= PK11_DigestOp(prf_context, val, valLen); |
| 85 + rv |= PK11_DigestFinal(prf_context, out, | 91 + rv |= PK11_DigestFinal(prf_context, out, |
| 86 + &retLen, outLen); | 92 + &retLen, outLen); |
| 87 + PORT_Assert(rv != SECSuccess || retLen == outLen); | 93 + PORT_Assert(rv != SECSuccess || retLen == outLen); |
| 88 | 94 |
| 89 PK11_DestroyContext(prf_context, PR_TRUE); | 95 PK11_DestroyContext(prf_context, PR_TRUE); |
| 90 } else { | 96 } else { |
| 91 @@ -8477,17 +8476,34 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, | 97 @@ -8478,17 +8478,36 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, |
| 92 SECItem outData = { siBuffer, }; | 98 SECItem outData = { siBuffer, }; |
| 93 PRBool isFIPS = PR_FALSE; | 99 PRBool isFIPS = PR_FALSE; |
| 94 | 100 |
| 95 - inData.data = (unsigned char *)hashes->md5; | 101 - inData.data = (unsigned char *)hashes->md5; |
| 96 - inData.len = sizeof hashes[0]; | 102 - inData.len = sizeof hashes[0]; |
| 97 - outData.data = tlsFinished->verify_data; | 103 - outData.data = tlsFinished->verify_data; |
| 98 - outData.len = sizeof tlsFinished->verify_data; | 104 - outData.len = sizeof tlsFinished->verify_data; |
| 99 + inData.data = (unsigned char *) val; | 105 + inData.data = (unsigned char *) val; |
| 100 + inData.len = valLen; | 106 + inData.len = valLen; |
| 101 + outData.data = out; | 107 + outData.data = out; |
| 102 + outData.len = outLen; | 108 + outData.len = outLen; |
| 103 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); | 109 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); |
| 104 - PORT_Assert(rv != SECSuccess || \ | 110 - PORT_Assert(rv != SECSuccess || \ |
| 105 - outData.len == sizeof tlsFinished->verify_data); | 111 - outData.len == sizeof tlsFinished->verify_data); |
| 106 + PORT_Assert(rv != SECSuccess || outData.len == outLen); | 112 + PORT_Assert(rv != SECSuccess || outData.len == outLen); |
| 107 } | 113 } |
| 108 return rv; | 114 return rv; |
| 109 } | 115 } |
| 110 | 116 |
| 111 +static SECStatus | 117 +static SECStatus |
| 112 +ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, | 118 +ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, |
| 113 + PRBool isServer, | 119 + PRBool isServer, |
| 114 + const SSL3Finished * hashes, | 120 + const SSL3Finished * hashes, |
| 115 + TLSFinished * tlsFinished) | 121 + TLSFinished * tlsFinished) |
| 116 +{ | 122 +{ |
| 117 + const char * label; | 123 + const char * label; |
| 118 + SECStatus rv; | 124 + SECStatus rv; |
| 125 + unsigned int len; |
| 119 + | 126 + |
| 120 + label = isServer ? "server finished" : "client finished"; | 127 + label = isServer ? "server finished" : "client finished"; |
| 128 + len = 15; |
| 121 + | 129 + |
| 122 + rv = ssl3_TLSPRFWithMasterSecret(spec, label, 15, hashes->md5, | 130 + rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5, |
| 123 + sizeof *hashes, tlsFinished->verify_data, | 131 + sizeof *hashes, tlsFinished->verify_data, |
| 124 + sizeof tlsFinished->verify_data); | 132 + sizeof tlsFinished->verify_data); |
| 125 + | 133 + |
| 126 + return rv; | 134 + return rv; |
| 127 +} | 135 +} |
| 128 + | 136 + |
| 129 /* called from ssl3_HandleServerHelloDone | 137 /* called from ssl3_HandleServerHelloDone |
| 130 */ | 138 */ |
| 131 static SECStatus | 139 static SECStatus |
| 132 diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/s
sl/sslimpl.h | 140 diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/s
sl/sslimpl.h |
| 133 index df30029..073616f 100644 | 141 index df30029..073616f 100644 |
| 134 --- a/mozilla/security/nss/lib/ssl/sslimpl.h | 142 --- a/mozilla/security/nss/lib/ssl/sslimpl.h |
| 135 +++ b/mozilla/security/nss/lib/ssl/sslimpl.h | 143 +++ b/mozilla/security/nss/lib/ssl/sslimpl.h |
| 136 @@ -1726,6 +1726,12 @@ SECStatus SSL_DisableDefaultExportCipherSuites(void); | 144 @@ -1726,6 +1726,12 @@ SECStatus SSL_DisableDefaultExportCipherSuites(void); |
| 137 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); | 145 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); |
| 138 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); | 146 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); |
| 139 | 147 |
| 140 +SECStatus ssl3_TLSPRFWithMasterSecret( | 148 +SECStatus ssl3_TLSPRFWithMasterSecret( |
| 141 + ssl3CipherSpec *spec, const char *label, | 149 + ssl3CipherSpec *spec, const char *label, |
| 142 + unsigned int labelLen, const unsigned char *val, | 150 + unsigned int labelLen, const unsigned char *val, |
| 143 + unsigned int valLen, unsigned char *out, | 151 + unsigned int valLen, unsigned char *out, |
| 144 + unsigned int outLen); | 152 + unsigned int outLen); |
| 145 + | 153 + |
| 146 /********************** FNV hash *********************/ | 154 /********************** FNV hash *********************/ |
| 147 | 155 |
| 148 void FNV1A64_Init(PRUint64 *digest); | 156 void FNV1A64_Init(PRUint64 *digest); |
| 149 diff --git a/mozilla/security/nss/lib/ssl/sslinfo.c b/mozilla/security/nss/lib/s
sl/sslinfo.c | 157 diff --git a/mozilla/security/nss/lib/ssl/sslinfo.c b/mozilla/security/nss/lib/s
sl/sslinfo.c |
| 150 index 96377b0..9a58b4d 100644 | 158 index 96377b0..cf870c7 100644 |
| 151 --- a/mozilla/security/nss/lib/ssl/sslinfo.c | 159 --- a/mozilla/security/nss/lib/ssl/sslinfo.c |
| 152 +++ b/mozilla/security/nss/lib/ssl/sslinfo.c | 160 +++ b/mozilla/security/nss/lib/ssl/sslinfo.c |
| 153 @@ -20,6 +20,7 @@ | 161 @@ -20,6 +20,7 @@ |
| 154 * | 162 * |
| 155 * Contributor(s): | 163 * Contributor(s): |
| 156 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories | 164 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories |
| 157 + * Douglas Stebila <douglas@stebila.ca> | 165 + * Douglas Stebila <douglas@stebila.ca> |
| 158 * | 166 * |
| 159 * Alternatively, the contents of this file may be used under the terms of | 167 * Alternatively, the contents of this file may be used under the terms of |
| 160 * either the GNU General Public License Version 2 or later (the "GPL"), or | 168 * either the GNU General Public License Version 2 or later (the "GPL"), or |
| 161 @@ -38,6 +39,7 @@ | 169 @@ -316,6 +317,69 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite) |
| 162 #include "ssl.h" | |
| 163 #include "sslimpl.h" | |
| 164 #include "sslproto.h" | |
| 165 +#include "pk11func.h" | |
| 166 | |
| 167 static const char * | |
| 168 ssl_GetCompressionMethodName(SSLCompressionMethod compression) | |
| 169 @@ -316,6 +318,67 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite) | |
| 170 return PR_FALSE; | 170 return PR_FALSE; |
| 171 } | 171 } |
| 172 | 172 |
| 173 +/* Export keying material according to draft-ietf-tls-extractor-06. | 173 +/* Export keying material according to RFC 5705. |
| 174 +** fd must correspond to a TLS 1.0 or higher socket, out must | 174 +** fd must correspond to a TLS 1.0 or higher socket, out must |
| 175 +** be already allocated. | 175 +** be already allocated. |
| 176 +*/ | 176 +*/ |
| 177 +SECStatus | 177 +SECStatus |
| 178 +SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label, | 178 +SSL_ExportKeyingMaterial(PRFileDesc *fd, |
| 179 +» » » const char *label, |
| 180 +» » » unsigned int labelLen, |
| 179 + const unsigned char *context, | 181 + const unsigned char *context, |
| 180 + unsigned int contextLen, | 182 + unsigned int contextLen, |
| 181 + unsigned char *out, | 183 + unsigned char *out, |
| 182 + unsigned int outLen) | 184 + unsigned int outLen) |
| 183 +{ | 185 +{ |
| 184 + sslSocket *ss; | 186 + sslSocket *ss; |
| 185 + unsigned char *val = NULL; | 187 + unsigned char *val = NULL; |
| 186 + unsigned int valLen, i; | 188 + unsigned int valLen, i; |
| 187 + SECStatus rv = SECFailure; | 189 + SECStatus rv = SECFailure; |
| 188 + | 190 + |
| 189 + ss = ssl_FindSocket(fd); | 191 + ss = ssl_FindSocket(fd); |
| 190 + if (!ss) { | 192 + if (!ss) { |
| 191 + SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial", | 193 + SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial", |
| 192 + SSL_GETPID(), fd)); | 194 + SSL_GETPID(), fd)); |
| 193 + return SECFailure; | 195 + return SECFailure; |
| 194 + } | 196 + } |
| 195 + | 197 + |
| 196 + if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) { | 198 + if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) { |
| 197 + PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); | 199 + PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); |
| 198 + return SECFailure; | 200 + return SECFailure; |
| 199 + } | 201 + } |
| 200 + | 202 + |
| 201 + if (ss->ssl3.hs.ws != idle_handshake) { | |
| 202 + PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); | |
| 203 + return SECFailure; | |
| 204 + } | |
| 205 + | |
| 206 + valLen = SSL3_RANDOM_LENGTH * 2; | 203 + valLen = SSL3_RANDOM_LENGTH * 2; |
| 207 + if (contextLen > 0) | 204 + if (contextLen > 0) |
| 208 + valLen += 2 /* uint16 length */ + contextLen; | 205 + valLen += 2 /* uint16 length */ + contextLen; |
| 209 + val = PORT_Alloc(valLen); | 206 + val = PORT_Alloc(valLen); |
| 210 + if (val == NULL) | 207 + if (val == NULL) |
| 211 + return SECFailure; | 208 + return SECFailure; |
| 212 + i = 0; | 209 + i = 0; |
| 213 + PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); | 210 + PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); |
| 214 + i += SSL3_RANDOM_LENGTH; | 211 + i += SSL3_RANDOM_LENGTH; |
| 215 + PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); | 212 + PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); |
| 216 + i += SSL3_RANDOM_LENGTH; | 213 + i += SSL3_RANDOM_LENGTH; |
| 217 + if (contextLen > 0) { | 214 + if (contextLen > 0) { |
| 218 + val[i++] = contextLen >> 8; | 215 + val[i++] = contextLen >> 8; |
| 219 + val[i++] = contextLen; | 216 + val[i++] = contextLen; |
| 220 + PORT_Memcpy(val + i, context, contextLen); | 217 + PORT_Memcpy(val + i, context, contextLen); |
| 221 + i += contextLen; | 218 + i += contextLen; |
| 222 + } | 219 + } |
| 223 + PORT_Assert(i == valLen); | 220 + PORT_Assert(i == valLen); |
| 224 + | 221 + |
| 225 + ssl_GetSpecReadLock(ss); | 222 + ssl_GetSpecReadLock(ss); |
| 226 + rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val
, valLen, out, outLen); | 223 + if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) { |
| 224 +» PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); |
| 225 +» rv = SECFailure; |
| 226 + } else { |
| 227 +» rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, |
| 228 +» » » » » valLen, out, outLen); |
| 229 + } |
| 227 + ssl_ReleaseSpecReadLock(ss); | 230 + ssl_ReleaseSpecReadLock(ss); |
| 228 + | 231 + |
| 229 + if (val != NULL) | 232 + PORT_ZFree(val, valLen); |
| 230 +» PORT_ZFree(val, valLen); | |
| 231 + return rv; | 233 + return rv; |
| 232 +} | 234 +} |
| 233 + | 235 + |
| 234 SECItem* | 236 SECItem* |
| 235 SSL_GetNegotiatedHostInfo(PRFileDesc *fd) | 237 SSL_GetNegotiatedHostInfo(PRFileDesc *fd) |
| 236 { | 238 { |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7493056:
net: allow SSL secrets to be exported sooner. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src