Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(446)

Unified Diff: net/third_party/nss/patches/origin_bound_certs.patch

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/patches/ocspstapling.patch ('k') | net/third_party/nss/patches/peercertchain.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/patches/origin_bound_certs.patch
===================================================================
--- net/third_party/nss/patches/origin_bound_certs.patch (revision 124804)
+++ net/third_party/nss/patches/origin_bound_certs.patch (working copy)
@@ -1,59 +1,44 @@
-From 68d651bb679cd9da8f162774c5dcf40aad5ae3f1 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Mon, 3 Oct 2011 12:25:10 -0400
-Subject: [PATCH] origin_bound_certs.patch
-
----
- mozilla/security/nss/lib/ssl/ssl.h | 1 +
- mozilla/security/nss/lib/ssl/ssl3ext.c | 82 +++++++++++++++++++++++++++++++-
- mozilla/security/nss/lib/ssl/sslimpl.h | 7 +++
- mozilla/security/nss/lib/ssl/sslsock.c | 13 +++++-
- mozilla/security/nss/lib/ssl/sslt.h | 5 +-
- 5 files changed, 104 insertions(+), 4 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index c32438d..1115fa9 100644
---- a/mozilla/security/nss/lib/ssl/ssl.h
-+++ b/mozilla/security/nss/lib/ssl/ssl.h
-@@ -142,6 +142,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
- #define SSL_ENABLE_OCSP_STAPLING 23 /* Request OCSP stapling (client) */
- #define SSL_ENABLE_CACHED_INFO 24 /* Enable TLS cached information */
- /* extension, off by default. */
+diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
+--- a/src/net/third_party/nss/ssl/ssl.h 2012-02-29 14:41:25.755295547 -0800
++++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-29 16:45:47.368569394 -0800
+@@ -168,6 +168,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi
+ */
+ #define SSL_CBC_RANDOM_IV 23
+ #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
+#define SSL_ENABLE_OB_CERTS 25 /* Enable origin bound certs. */
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
-diff --git a/mozilla/security/nss/lib/ssl/ssl3ext.c b/mozilla/security/nss/lib/ssl/ssl3ext.c
-index 17898fb..887344b 100644
---- a/mozilla/security/nss/lib/ssl/ssl3ext.c
-+++ b/mozilla/security/nss/lib/ssl/ssl3ext.c
-@@ -237,6 +237,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
+diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c
+--- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-28 20:34:50.114663722 -0800
++++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-29 17:05:21.684414824 -0800
+@@ -242,6 +242,7 @@ static const ssl3HelloExtensionHandler c
+ { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
{ ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
- { ssl_next_proto_neg_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
- { ssl_cached_info_xtn, &ssl3_ServerHandleCachedInfoXtn },
+ { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
+ { ssl_ob_cert_xtn, &ssl3_ServerHandleOBCertXtn },
{ -1, NULL }
};
-@@ -250,6 +251,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
- { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
- { ssl_cached_info_xtn, &ssl3_ClientHandleCachedInfoXtn },
+@@ -254,6 +255,7 @@ static const ssl3HelloExtensionHandler s
+ { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
+ { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
{ ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
+ { ssl_ob_cert_xtn, &ssl3_ClientHandleOBCertXtn },
{ -1, NULL }
};
-@@ -275,7 +277,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
+@@ -278,7 +280,8 @@ ssl3HelloExtensionSender clientHelloSend
+ #endif
{ ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
- { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn },
- { ssl_cached_info_xtn, &ssl3_ClientSendCachedInfoXtn },
+ { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
- { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }
+ { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
+ { ssl_ob_cert_xtn, &ssl3_SendOBCertXtn }
/* any extra entries will appear as { 0, NULL } */
};
-@@ -1973,3 +1976,80 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
+@@ -1723,3 +1726,80 @@ ssl3_HandleRenegotiationInfoXtn(sslSocke
return rv;
}
@@ -134,19 +119,18 @@
+
+ return SECSuccess;
+}
-diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
-index f1e9a3e..973a3c9 100644
---- a/mozilla/security/nss/lib/ssl/sslimpl.h
-+++ b/mozilla/security/nss/lib/ssl/sslimpl.h
-@@ -341,6 +341,7 @@ typedef struct sslOptionsStr {
+diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
+--- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-28 20:34:50.114663722 -0800
++++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 16:57:21.097919853 -0800
+@@ -349,6 +349,7 @@ typedef struct sslOptionsStr {
unsigned int enableFalseStart : 1; /* 23 */
- unsigned int enableOCSPStapling : 1; /* 24 */
- unsigned int enableCachedInfo : 1; /* 25 */
+ unsigned int cbcRandomIV : 1; /* 24 */
+ unsigned int enableOCSPStapling : 1; /* 25 */
+ unsigned int enableOBCerts : 1; /* 26 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
-@@ -1547,10 +1548,14 @@ extern SECStatus ssl3_ClientHandleCachedInfoXtn(sslSocket *ss,
+@@ -1563,8 +1564,12 @@ extern SECStatus ssl3_ClientHandleSessio
PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
@@ -154,36 +138,33 @@
+ PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
- extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
+extern SECStatus ssl3_ServerHandleOBCertXtn(sslSocket *ss,
+ PRUint16 ex_type, SECItem *data);
/* ClientHello and ServerHello extension senders.
* Note that not all extension senders are exposed here; only those that
-@@ -1570,6 +1575,8 @@ extern PRInt32 ssl3_ClientSendCachedInfoXtn(sslSocket *ss, PRBool append,
+@@ -1580,6 +1585,8 @@ extern PRInt32 ssl3_ClientSendStatusRequ
+ */
+ extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
- extern PRInt32 ssl3_ServerSendCachedInfoXtn(sslSocket *ss, PRBool append,
- PRUint32 maxBytes);
+extern PRInt32 ssl3_SendOBCertXtn(sslSocket *ss, PRBool append,
+ PRUint32 maxBytes);
/* Assigns new cert, cert chain and keys to ss->serverCerts
* struct. If certChain is NULL, tries to find one. Aborts if
-diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
-index 11b53da..7d12bfe 100644
---- a/mozilla/security/nss/lib/ssl/sslsock.c
-+++ b/mozilla/security/nss/lib/ssl/sslsock.c
+diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c
+--- a/src/net/third_party/nss/ssl/sslsock.c 2012-02-29 14:41:25.755295547 -0800
++++ b/src/net/third_party/nss/ssl/sslsock.c 2012-02-29 17:03:16.272715683 -0800
@@ -187,6 +187,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* enableFalseStart */
+ PR_TRUE, /* cbcRandomIV */
PR_FALSE, /* enableOCSPStapling */
- PR_FALSE, /* enableCachedInfo */
+ PR_FALSE, /* enableOBCerts */
};
sslSessionIDLookupFunc ssl_sid_lookup;
-@@ -748,6 +749,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
- ss->opt.enableCachedInfo = on;
+@@ -750,6 +751,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ ss->opt.enableOCSPStapling = on;
break;
+ case SSL_ENABLE_OB_CERTS:
@@ -193,26 +174,24 @@
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
-@@ -813,7 +818,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
- on = ss->opt.requireSafeNegotiation; break;
+@@ -816,6 +821,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
+ case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
-- case SSL_ENABLE_CACHED_INFO: on = ss->opt.enableCachedInfo; break;
-+ case SSL_ENABLE_CACHED_INFO: on = ss->opt.enableCachedInfo; break;
+ case SSL_ENABLE_OB_CERTS: on = ss->opt.enableOBCerts; break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -869,6 +875,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
+@@ -873,6 +879,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
+ case SSL_ENABLE_OCSP_STAPLING:
on = ssl_defaults.enableOCSPStapling;
break;
- case SSL_ENABLE_CACHED_INFO: on = ssl_defaults.enableCachedInfo; break;
+ case SSL_ENABLE_OB_CERTS: on = ssl_defaults.enableOBCerts; break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1024,6 +1031,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
- ssl_defaults.enableCachedInfo = on;
+@@ -1036,6 +1043,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+ ssl_defaults.enableOCSPStapling = on;
break;
+ case SSL_ENABLE_OB_CERTS:
@@ -222,20 +201,19 @@
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
-diff --git a/mozilla/security/nss/lib/ssl/sslt.h b/mozilla/security/nss/lib/ssl/sslt.h
-index bca7496..5f852fe 100644
---- a/mozilla/security/nss/lib/ssl/sslt.h
-+++ b/mozilla/security/nss/lib/ssl/sslt.h
-@@ -206,9 +206,10 @@ typedef enum {
+diff -up a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h
+--- a/src/net/third_party/nss/ssl/sslt.h 2012-02-28 19:26:04.057351342 -0800
++++ b/src/net/third_party/nss/ssl/sslt.h 2012-02-29 17:05:03.744171015 -0800
+@@ -205,9 +205,10 @@ typedef enum {
+ #endif
ssl_session_ticket_xtn = 35,
- ssl_next_proto_neg_xtn = 13172,
- ssl_cached_info_xtn = 13173,
+ ssl_next_proto_nego_xtn = 13172,
- ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
+ ssl_renegotiation_info_xtn = 0xff01, /* experimental number */
+ ssl_ob_cert_xtn = 13175 /* experimental number */
} SSLExtensionType;
--#define SSL_MAX_EXTENSIONS 8
-+#define SSL_MAX_EXTENSIONS 9
+-#define SSL_MAX_EXTENSIONS 7
++#define SSL_MAX_EXTENSIONS 8
#endif /* __sslt_h_ */
« no previous file with comments | « net/third_party/nss/patches/ocspstapling.patch ('k') | net/third_party/nss/patches/peercertchain.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698