Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2782)

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | net/third_party/nss/README.chromium » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
===================================================================
--- net/socket/ssl_client_socket_nss.cc (revision 124804)
+++ net/socket/ssl_client_socket_nss.cc (working copy)
@@ -261,12 +261,13 @@
explicit PeerCertificateChain(PRFileDesc* nss_fd)
: num_certs_(0),
certs_(NULL) {
- SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs_);
+ SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs_, 0);
DCHECK_EQ(rv, SECSuccess);
certs_ = new CERTCertificate*[num_certs_];
const unsigned expected_num_certs = num_certs_;
- rv = SSL_PeerCertificateChain(nss_fd, certs_, &num_certs_);
+ rv = SSL_PeerCertificateChain(nss_fd, certs_, &num_certs_,
+ expected_num_certs);
DCHECK_EQ(rv, SECSuccess);
DCHECK_EQ(num_certs_, expected_num_certs);
}
@@ -913,12 +914,12 @@
LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_DEFLATE");
#endif
-#ifdef SSL_ENABLE_FALSE_START
- rv = SSL_OptionSet(
- nss_fd_, SSL_ENABLE_FALSE_START,
+ PRBool false_start_enabled =
ssl_config_.false_start_enabled &&
!SSLConfigService::IsKnownFalseStartIncompatibleServer(
- host_and_port_.host()));
+ host_and_port_.host());
+#ifdef SSL_ENABLE_FALSE_START
+ rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, false_start_enabled);
if (rv != SECSuccess)
LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START");
#endif
@@ -937,13 +938,17 @@
}
#endif // SSL_ENABLE_RENEGOTIATION
-#ifdef SSL_NEXT_PROTO_NEGOTIATED
if (!ssl_config_.next_protos.empty()) {
rv = SSL_SetNextProtoCallback(
nss_fd_, SSLClientSocketNSS::NextProtoCallback, this);
if (rv != SECSuccess)
LogFailedNSSFunction(net_log_, "SSL_SetNextProtoCallback", "");
}
+
+#ifdef SSL_CBC_RANDOM_IV
+ rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, false_start_enabled);
+ if (rv != SECSuccess)
+ LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV");
#endif
#ifdef SSL_ENABLE_OCSP_STAPLING
@@ -1370,7 +1375,6 @@
if (state.certs.empty())
return true;
- SECStatus rv;
const std::vector<std::string>& certs_in = state.certs;
scoped_array<CERTCertificate*> certs(new CERTCertificate*[certs_in.size()]);
@@ -1389,11 +1393,16 @@
}
}
+ SECStatus rv;
+#ifdef SSL_ENABLE_CACHED_INFO
rv = SSL_SetPredictedPeerCertificates(nss_fd_, certs.get(), certs_in.size());
+ DCHECK_EQ(SECSuccess, rv);
+#else
+ rv = SECFailure; // Not implemented.
+#endif
DestroyCertificates(&certs[0], certs_in.size());
- DCHECK_EQ(SECSuccess, rv);
- return true;
+ return rv == SECSuccess;
}
int SSLClientSocketNSS::DoLoadSSLHostInfo() {
@@ -2637,7 +2646,8 @@
const unsigned char* protos,
unsigned int protos_len,
unsigned char* proto_out,
- unsigned int* proto_out_len) {
+ unsigned int* proto_out_len,
+ unsigned int proto_max_len) {
SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
// For each protocol in server preference, see if we support it.
@@ -2676,6 +2686,10 @@
that->next_proto_ = that->ssl_config_.next_protos[0];
}
+ if (that->next_proto_.size() > proto_max_len) {
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
+ }
memcpy(proto_out, that->next_proto_.data(), that->next_proto_.size());
*proto_out_len = that->next_proto_.size();
return SECSuccess;
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | net/third_party/nss/README.chromium » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698