Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1048)

Unified Diff: net/third_party/nss/patches/peercertchain.patch

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/third_party/nss/patches/peercertchain.patch
===================================================================
--- net/third_party/nss/patches/peercertchain.patch (revision 124804)
+++ net/third_party/nss/patches/peercertchain.patch (working copy)
@@ -1,62 +1,60 @@
-From 40714671513378227413d1542c2911c2f62e3840 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Mon, 3 Oct 2011 12:20:43 -0400
-Subject: [PATCH] peercertchain.patch
-
----
- mozilla/security/nss/lib/ssl/ssl.def | 1 +
- mozilla/security/nss/lib/ssl/ssl.h | 11 +++++++++
- mozilla/security/nss/lib/ssl/sslauth.c | 36 ++++++++++++++++++++++++++++++++
- 3 files changed, 48 insertions(+), 0 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl/ssl.def
-index a1f4b51..0fa8777 100644
---- a/mozilla/security/nss/lib/ssl/ssl.def
-+++ b/mozilla/security/nss/lib/ssl/ssl.def
-@@ -155,6 +155,7 @@ SSL_SNISocketConfigHook;
- ;+NSS_CHROMIUM {
- ;+ global:
- SSL_GetNextProto;
-+SSL_PeerCertificateChain;
- SSL_SetNextProtoNego;
- ;+ local:
- ;+*;
-diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index ffa973c..cccb49a 100644
---- a/mozilla/security/nss/lib/ssl/ssl.h
-+++ b/mozilla/security/nss/lib/ssl/ssl.h
-@@ -264,6 +264,17 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
+Index: mozilla/security/nss/lib/ssl/ssl.h
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v
+retrieving revision 1.49
+diff -u -p -8 -r1.49 ssl.h
+--- mozilla/security/nss/lib/ssl/ssl.h 15 Feb 2012 21:52:08 -0000 1.49
++++ mozilla/security/nss/lib/ssl/ssl.h 29 Feb 2012 02:12:05 -0000
+@@ -331,16 +331,28 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(
+ ** it will always return the server's certificate. If the server calls
+ ** this, it may return NULL if client authentication is not enabled or
+ ** if the client had no certificate when asked.
+ ** "fd" the socket "file" descriptor
+ */
SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
/*
-+** Return references to the certificates presented by the SSL peer. On entry,
-+** |*certs_size| must contain the size of the |certs| array. On successful
-+** return, |*certs_size| contains the number of certificates available and
++** Return references to the certificates presented by the SSL peer.
++** |maxNumCerts| must contain the size of the |certs| array. On successful
++** return, |*numCerts| contains the number of certificates available and
+** |certs| will contain references to as many certificates as would fit.
-+** Therefore if, on exit, |*certs_size| contains a value less than, or equal to,
-+** the entry value then all certificates were returned.
++** Therefore if |*numCerts| contains a value less than or equal to
++** |maxNumCerts|, then all certificates were returned.
+*/
+SSL_IMPORT SECStatus SSL_PeerCertificateChain(
-+ PRFileDesc *fd, CERTCertificate **certs, unsigned int *certs_size);
++ PRFileDesc *fd, CERTCertificate **certs,
++ unsigned int *numCerts, unsigned int maxNumCerts);
+
+/*
** Authenticate certificate hook. Called when a certificate comes in
** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
** certificate.
-diff --git a/mozilla/security/nss/lib/ssl/sslauth.c b/mozilla/security/nss/lib/ssl/sslauth.c
-index 6d1eab0..df40f30 100644
---- a/mozilla/security/nss/lib/ssl/sslauth.c
-+++ b/mozilla/security/nss/lib/ssl/sslauth.c
-@@ -60,6 +60,42 @@ SSL_PeerCertificate(PRFileDesc *fd)
+ **
+ ** The authenticate certificate hook must return SECSuccess to indicate the
+ ** certificate is valid, SECFailure to indicate the certificate is invalid,
+ ** or SECWouldBlock if the application will authenticate the certificate
+ ** asynchronously. SECWouldBlock is only supported for non-blocking sockets.
+Index: mozilla/security/nss/lib/ssl/sslauth.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v
+retrieving revision 1.17
+diff -u -p -8 -r1.17 sslauth.c
+--- mozilla/security/nss/lib/ssl/sslauth.c 3 Aug 2010 18:48:45 -0000 1.17
++++ mozilla/security/nss/lib/ssl/sslauth.c 29 Feb 2012 02:12:05 -0000
+@@ -55,16 +55,51 @@ SSL_PeerCertificate(PRFileDesc *fd)
+ }
+ if (ss->opt.useSecurity && ss->sec.peerCert) {
+ return CERT_DupCertificate(ss->sec.peerCert);
+ }
+ return 0;
}
/* NEED LOCKS IN HERE. */
+SECStatus
+SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs,
-+ unsigned int *certsSize)
++ unsigned int *numCerts, unsigned int maxNumCerts)
+{
+ sslSocket *ss;
-+ unsigned int inSize = *certsSize;
+ ssl3CertNode* cur;
+
+ ss = ssl_FindSocket(fd);
@@ -69,18 +67,18 @@
+ return SECFailure;
+
+ if (ss->sec.peerCert == NULL) {
-+ *certsSize = 0;
++ *numCerts = 0;
+ return SECSuccess;
+ }
+
-+ *certsSize = 1; /* for the leaf certificate */
-+ if (inSize > 0)
++ *numCerts = 1; /* for the leaf certificate */
++ if (maxNumCerts > 0)
+ certs[0] = CERT_DupCertificate(ss->sec.peerCert);
+
+ for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
-+ if (*certsSize < inSize)
-+ certs[*certsSize] = CERT_DupCertificate(cur->cert);
-+ (*certsSize)++;
++ if (*numCerts < maxNumCerts)
++ certs[*numCerts] = CERT_DupCertificate(cur->cert);
++ (*numCerts)++;
+ }
+
+ return SECSuccess;
@@ -90,3 +88,8 @@
CERTCertificate *
SSL_LocalCertificate(PRFileDesc *fd)
{
+ sslSocket *ss;
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",
« no previous file with comments | « net/third_party/nss/patches/origin_bound_certs.patch ('k') | net/third_party/nss/patches/restartclientauth.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698