Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(69)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/peercertchain.patch

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/origin_bound_certs.patch ('k') | net/third_party/nss/patches/restartclientauth.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 From 40714671513378227413d1542c2911c2f62e3840 Mon Sep 17 00:00:00 2001 1 Index: mozilla/security/nss/lib/ssl/ssl.h
2 From: Adam Langley <agl@chromium.org> 2 ===================================================================
3 Date: Mon, 3 Oct 2011 12:20:43 -0400 3 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v
4 Subject: [PATCH] peercertchain.patch 4 retrieving revision 1.49
5 5 diff -u -p -8 -r1.49 ssl.h
6 --- 6 --- mozilla/security/nss/lib/ssl/ssl.h» 15 Feb 2012 21:52:08 -0000» 1.49
7 mozilla/security/nss/lib/ssl/ssl.def | 1 + 7 +++ mozilla/security/nss/lib/ssl/ssl.h» 29 Feb 2012 02:12:05 -0000
8 mozilla/security/nss/lib/ssl/ssl.h | 11 +++++++++ 8 @@ -331,16 +331,28 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(
9 mozilla/security/nss/lib/ssl/sslauth.c | 36 ++++++++++++++++++++++++++++++++ 9 ** it will always return the server's certificate. If the server calls
10 3 files changed, 48 insertions(+), 0 deletions(-) 10 ** this, it may return NULL if client authentication is not enabled or
11 11 ** if the client had no certificate when asked.
12 diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl /ssl.def 12 **» "fd" the socket "file" descriptor
13 index a1f4b51..0fa8777 100644 13 */
14 --- a/mozilla/security/nss/lib/ssl/ssl.def
15 +++ b/mozilla/security/nss/lib/ssl/ssl.def
16 @@ -155,6 +155,7 @@ SSL_SNISocketConfigHook;
17 ;+NSS_CHROMIUM {
18 ;+ global:
19 SSL_GetNextProto;
20 +SSL_PeerCertificateChain;
21 SSL_SetNextProtoNego;
22 ;+ local:
23 ;+*;
24 diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/s sl.h
25 index ffa973c..cccb49a 100644
26 --- a/mozilla/security/nss/lib/ssl/ssl.h
27 +++ b/mozilla/security/nss/lib/ssl/ssl.h
28 @@ -264,6 +264,17 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
29 SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd); 14 SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
30 15
31 /* 16 /*
32 +** Return references to the certificates presented by the SSL peer. On entry, 17 +** Return references to the certificates presented by the SSL peer.
33 +** |*certs_size| must contain the size of the |certs| array. On successful 18 +** |maxNumCerts| must contain the size of the |certs| array. On successful
34 +** return, |*certs_size| contains the number of certificates available and 19 +** return, |*numCerts| contains the number of certificates available and
35 +** |certs| will contain references to as many certificates as would fit. 20 +** |certs| will contain references to as many certificates as would fit.
36 +** Therefore if, on exit, |*certs_size| contains a value less than, or equal to , 21 +** Therefore if |*numCerts| contains a value less than or equal to
37 +** the entry value then all certificates were returned. 22 +** |maxNumCerts|, then all certificates were returned.
38 +*/ 23 +*/
39 +SSL_IMPORT SECStatus SSL_PeerCertificateChain( 24 +SSL_IMPORT SECStatus SSL_PeerCertificateChain(
40 +» PRFileDesc *fd, CERTCertificate **certs, unsigned int *certs_size); 25 +» PRFileDesc *fd, CERTCertificate **certs,
26 +» unsigned int *numCerts, unsigned int maxNumCerts);
41 + 27 +
42 +/* 28 +/*
43 ** Authenticate certificate hook. Called when a certificate comes in 29 ** Authenticate certificate hook. Called when a certificate comes in
44 ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the 30 ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
45 ** certificate. 31 ** certificate.
46 diff --git a/mozilla/security/nss/lib/ssl/sslauth.c b/mozilla/security/nss/lib/s sl/sslauth.c 32 **
47 index 6d1eab0..df40f30 100644 33 ** The authenticate certificate hook must return SECSuccess to indicate the
48 --- a/mozilla/security/nss/lib/ssl/sslauth.c 34 ** certificate is valid, SECFailure to indicate the certificate is invalid,
49 +++ b/mozilla/security/nss/lib/ssl/sslauth.c 35 ** or SECWouldBlock if the application will authenticate the certificate
50 @@ -60,6 +60,42 @@ SSL_PeerCertificate(PRFileDesc *fd) 36 ** asynchronously. SECWouldBlock is only supported for non-blocking sockets.
37 Index: mozilla/security/nss/lib/ssl/sslauth.c
38 ===================================================================
39 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v
40 retrieving revision 1.17
41 diff -u -p -8 -r1.17 sslauth.c
42 --- mozilla/security/nss/lib/ssl/sslauth.c» 3 Aug 2010 18:48:45 -0000» 1.17
43 +++ mozilla/security/nss/lib/ssl/sslauth.c» 29 Feb 2012 02:12:05 -0000
44 @@ -55,16 +55,51 @@ SSL_PeerCertificate(PRFileDesc *fd)
45 }
46 if (ss->opt.useSecurity && ss->sec.peerCert) {
47 » return CERT_DupCertificate(ss->sec.peerCert);
48 }
49 return 0;
51 } 50 }
52 51
53 /* NEED LOCKS IN HERE. */ 52 /* NEED LOCKS IN HERE. */
54 +SECStatus 53 +SECStatus
55 +SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs, 54 +SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs,
56 +» » » unsigned int *certsSize) 55 +» » » unsigned int *numCerts, unsigned int maxNumCerts)
57 +{ 56 +{
58 + sslSocket *ss; 57 + sslSocket *ss;
59 + unsigned int inSize = *certsSize;
60 + ssl3CertNode* cur; 58 + ssl3CertNode* cur;
61 + 59 +
62 + ss = ssl_FindSocket(fd); 60 + ss = ssl_FindSocket(fd);
63 + if (!ss) { 61 + if (!ss) {
64 + SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain", 62 + SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
65 + SSL_GETPID(), fd)); 63 + SSL_GETPID(), fd));
66 + return SECFailure; 64 + return SECFailure;
67 + } 65 + }
68 + if (!ss->opt.useSecurity) 66 + if (!ss->opt.useSecurity)
69 + return SECFailure; 67 + return SECFailure;
70 + 68 +
71 + if (ss->sec.peerCert == NULL) { 69 + if (ss->sec.peerCert == NULL) {
72 + *certsSize = 0; 70 + *numCerts = 0;
73 + return SECSuccess; 71 + return SECSuccess;
74 + } 72 + }
75 + 73 +
76 + *certsSize = 1; /* for the leaf certificate */ 74 + *numCerts = 1; /* for the leaf certificate */
77 + if (inSize > 0) 75 + if (maxNumCerts > 0)
78 + certs[0] = CERT_DupCertificate(ss->sec.peerCert); 76 + certs[0] = CERT_DupCertificate(ss->sec.peerCert);
79 + 77 +
80 + for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) { 78 + for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
81 +» if (*certsSize < inSize) 79 +» if (*numCerts < maxNumCerts)
82 +» certs[*certsSize] = CERT_DupCertificate(cur->cert); 80 +» certs[*numCerts] = CERT_DupCertificate(cur->cert);
83 +» (*certsSize)++; 81 +» (*numCerts)++;
84 + } 82 + }
85 + 83 +
86 + return SECSuccess; 84 + return SECSuccess;
87 +} 85 +}
88 + 86 +
89 +/* NEED LOCKS IN HERE. */ 87 +/* NEED LOCKS IN HERE. */
90 CERTCertificate * 88 CERTCertificate *
91 SSL_LocalCertificate(PRFileDesc *fd) 89 SSL_LocalCertificate(PRFileDesc *fd)
92 { 90 {
91 sslSocket *ss;
92
93 ss = ssl_FindSocket(fd);
94 if (!ss) {
95 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/origin_bound_certs.patch ('k') | net/third_party/nss/patches/restartclientauth.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698