Merge 95179 - net: fix caching of peer's cert chain in session objects.

net/third_party/nss/ssl/ssl3con.c

 /*
  * SSL3 Protocol
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
@@ skipping 8238 matching lines @@
         anyRestrictedEnabled(ss) &&
         SECSuccess == CERT_VerifyCertNow(cert->dbhandle, cert,
                                          PR_FALSE, /* checkSig */
                                          certUsageSSLServerWithStepUp,
 /*XXX*/                                  ss->authCertificateArg) ) {
         ss->ssl3.policy         = SSL_RESTRICTED;
         ss->ssl3.hs.rehandshake = PR_TRUE;
     }
 
     ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
-    ssl3_CopyPeerCertsToSID(certs, ss->sec.ci.sid);
+    ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid);
 
     if (!ss->sec.isServer) {
         /* set the server authentication and key exchange types and sizes
         ** from the value in the cert.  If the key exchange key is different,
         ** it will get fixed when we handle the server key exchange message.
         */
         SECKEYPublicKey * pubKey  = CERT_ExtractPublicKey(cert);
         ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType;
         ss->sec.keaType       = ss->ssl3.hs.kea_def->exchKeyType;
         if (pubKey) {
@@ skipping 1679 matching lines @@
 
     ss->ssl3.initialized = PR_FALSE;
 
     if (ss->ssl3.nextProto.data) {
         PORT_Free(ss->ssl3.nextProto.data);
         ss->ssl3.nextProto.data = NULL;
     }
 }
 
 /* End of ssl3con.c */