net/third_party/nss/ssl/sslauth.c - Issue 9558017: Update net/third_party/nss to NSS 3.13.3.

Side by Side Diff: net/third_party/nss/ssl/sslauth.c

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Upload before checkin Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /* *** BEGIN LICENSE BLOCK ***	1 /* *** BEGIN LICENSE BLOCK ***

2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1	2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

3 *	3 *

4 * The contents of this file are subject to the Mozilla Public License Version	4 * The contents of this file are subject to the Mozilla Public License Version

5 * 1.1 (the "License"); you may not use this file except in compliance with	5 * 1.1 (the "License"); you may not use this file except in compliance with

6 * the License. You may obtain a copy of the License at	6 * the License. You may obtain a copy of the License at

7 * http://www.mozilla.org/MPL/	7 * http://www.mozilla.org/MPL/

8 *	8 *

9 * Software distributed under the License is distributed on an "AS IS" basis,	9 * Software distributed under the License is distributed on an "AS IS" basis,

10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License	10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License

(...skipping 15 matching lines...) Expand all Loading...
26 * in which case the provisions of the GPL or the LGPL are applicable instead	26 * in which case the provisions of the GPL or the LGPL are applicable instead

27 * of those above. If you wish to allow use of your version of this file only	27 * of those above. If you wish to allow use of your version of this file only

28 * under the terms of either the GPL or the LGPL, and not to allow others to	28 * under the terms of either the GPL or the LGPL, and not to allow others to

29 * use your version of this file under the terms of the MPL, indicate your	29 * use your version of this file under the terms of the MPL, indicate your

30 * decision by deleting the provisions above and replace them with the notice	30 * decision by deleting the provisions above and replace them with the notice

31 * and other provisions required by the GPL or the LGPL. If you do not delete	31 * and other provisions required by the GPL or the LGPL. If you do not delete

32 * the provisions above, a recipient may use your version of this file under	32 * the provisions above, a recipient may use your version of this file under

33 * the terms of any one of the MPL, the GPL or the LGPL.	33 * the terms of any one of the MPL, the GPL or the LGPL.

34 *	34 *

35 * *** END LICENSE BLOCK *** */	35 * *** END LICENSE BLOCK *** */

36 /* $Id: sslauth.c,v 1.16.66.1 2010/08/03 18:52:13 wtc%google.com Exp $ */	36 /* $Id: sslauth.c,v 1.17 2010/08/03 18:48:45 wtc%google.com Exp $ */

37 #include "cert.h"	37 #include "cert.h"

38 #include "secitem.h"	38 #include "secitem.h"

39 #include "ssl.h"	39 #include "ssl.h"

40 #include "sslimpl.h"	40 #include "sslimpl.h"

41 #include "sslproto.h"	41 #include "sslproto.h"

42 #include "pk11func.h"	42 #include "pk11func.h"

43	43

44 /* NEED LOCKS IN HERE. */	44 /* NEED LOCKS IN HERE. */

45 CERTCertificate *	45 CERTCertificate *

46 SSL_PeerCertificate(PRFileDesc *fd)	46 SSL_PeerCertificate(PRFileDesc *fd)

47 {	47 {

48 sslSocket *ss;	48 sslSocket *ss;

49	49

50 ss = ssl_FindSocket(fd);	50 ss = ssl_FindSocket(fd);

51 if (!ss) {	51 if (!ss) {

52 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",	52 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",

53 SSL_GETPID(), fd));	53 SSL_GETPID(), fd));

54 return 0;	54 return 0;

55 }	55 }

56 if (ss->opt.useSecurity && ss->sec.peerCert) {	56 if (ss->opt.useSecurity && ss->sec.peerCert) {

57 return CERT_DupCertificate(ss->sec.peerCert);	57 return CERT_DupCertificate(ss->sec.peerCert);

58 }	58 }

59 return 0;	59 return 0;

60 }	60 }

61	61

62 /* NEED LOCKS IN HERE. */	62 /* NEED LOCKS IN HERE. */

63 SECStatus	63 SECStatus

64 SSL_PeerCertificateChain(PRFileDesc fd, CERTCertificate *certs,	64 SSL_PeerCertificateChain(PRFileDesc fd, CERTCertificate *certs,

65 » » » unsigned int *certsSize)	65 » » » unsigned int *numCerts, unsigned int maxNumCerts)

66 {	66 {

67 sslSocket *ss;	67 sslSocket *ss;

68 unsigned int inSize = *certsSize;

69 ssl3CertNode* cur;	68 ssl3CertNode* cur;

70	69

71 ss = ssl_FindSocket(fd);	70 ss = ssl_FindSocket(fd);

72 if (!ss) {	71 if (!ss) {

73 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",	72 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",

74 SSL_GETPID(), fd));	73 SSL_GETPID(), fd));

75 return SECFailure;	74 return SECFailure;

76 }	75 }

77 if (!ss->opt.useSecurity)	76 if (!ss->opt.useSecurity)

78 return SECFailure;	77 return SECFailure;

79	78

80 if (ss->sec.peerCert == NULL) {	79 if (ss->sec.peerCert == NULL) {

81 *certsSize = 0;	80 *numCerts = 0;

82 return SECSuccess;	81 return SECSuccess;

83 }	82 }

84	83

85 certsSize = 1; / for the leaf certificate */	84 numCerts = 1; / for the leaf certificate */

86 if (inSize > 0)	85 if (maxNumCerts > 0)

87 certs[0] = CERT_DupCertificate(ss->sec.peerCert);	86 certs[0] = CERT_DupCertificate(ss->sec.peerCert);

88	87

89 for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {	88 for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {

90 » if (*certsSize < inSize)	89 » if (*numCerts < maxNumCerts)

91 » certs[*certsSize] = CERT_DupCertificate(cur->cert);	90 » certs[*numCerts] = CERT_DupCertificate(cur->cert);

92 » (*certsSize)++;	91 » (*numCerts)++;

93 }	92 }

94	93

95 return SECSuccess;	94 return SECSuccess;

96 }	95 }

97	96

98 SECStatus

99 SSL_SetPredictedPeerCertificates(PRFileDesc fd, CERTCertificate *certs,

100 unsigned int numCerts)

101 {

102 sslSocket *ss;

103 unsigned int i;

104

105 ss = ssl_FindSocket(fd);

106 if (!ss) {

107 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetPredictedPeerCertificates",

108 SSL_GETPID(), fd));

109 return SECFailure;

110 }

111

112 ss->ssl3.predictedCertChain =

113 PORT_NewArray(CERTCertificate*, numCerts + 1);

114 if (!ss->ssl3.predictedCertChain)

115 return SECFailure; /* error code was set */

116 for (i = 0; i < numCerts; i++)

117 ss->ssl3.predictedCertChain[i] = CERT_DupCertificate(certs[i]);

118 ss->ssl3.predictedCertChain[numCerts] = NULL;

119

120 return SECSuccess;

121 }

122

123 PRBool

124 SSL_CertChainDigestReceived(PRFileDesc *fd)

125 {

126 sslSocket *ss;

127

128 ss = ssl_FindSocket(fd);

129 if (!ss) {

130 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_CertChainDigestReceived",

131 SSL_GETPID(), fd));

132 return SECFailure;

133 }

134

135 return ss->ssl3.cachedInfoCertChainDigestReceived;

136 }

137

138 /* NEED LOCKS IN HERE. */	97 /* NEED LOCKS IN HERE. */

139 CERTCertificate *	98 CERTCertificate *

140 SSL_LocalCertificate(PRFileDesc *fd)	99 SSL_LocalCertificate(PRFileDesc *fd)

141 {	100 {

142 sslSocket *ss;	101 sslSocket *ss;

143	102

144 ss = ssl_FindSocket(fd);	103 ss = ssl_FindSocket(fd);

145 if (!ss) {	104 if (!ss) {

146 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",	105 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",

147 SSL_GETPID(), fd));	106 SSL_GETPID(), fd));

(...skipping 221 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
369 hostname = ss->url;	328 hostname = ss->url;

370 if (hostname && hostname[0])	329 if (hostname && hostname[0])

371 rv = CERT_VerifyCertName(ss->sec.peerCert, hostname);	330 rv = CERT_VerifyCertName(ss->sec.peerCert, hostname);

372 else	331 else

373 rv = SECFailure;	332 rv = SECFailure;

374 if (rv != SECSuccess)	333 if (rv != SECSuccess)

375 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);	334 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);

376	335

377 return rv;	336 return rv;

378 }	337 }

OLD	NEW

« no previous file with comments | « net/third_party/nss/ssl/ssl3prot.h ('k') | net/third_party/nss/ssl/sslcon.c » ('j') | no next file with comments »