Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(689)

Unified Diff: net/third_party/nss/patches/encryptedclientcerts.patch

Issue 9733012: Update NSS to NSS 3.13.4 pre-release snapshot 20120319. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Forgot to update the sslerr.h and SSLerrs.h files Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/third_party/nss/patches/encryptedclientcerts.patch
===================================================================
--- net/third_party/nss/patches/encryptedclientcerts.patch (revision 127513)
+++ net/third_party/nss/patches/encryptedclientcerts.patch (working copy)
@@ -1,7 +1,7 @@
-diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
---- a/src/net/third_party/nss/ssl/ssl.h 2012-02-29 19:15:20.975171099 -0800
-+++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-29 19:18:21.947702106 -0800
-@@ -169,6 +169,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi
+diff -pu -r a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
+--- a/src/net/third_party/nss/ssl/ssl.h 2012-03-19 13:49:12.517522610 -0700
++++ b/src/net/third_party/nss/ssl/ssl.h 2012-03-19 13:49:29.507749795 -0700
+@@ -186,6 +186,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi
#define SSL_CBC_RANDOM_IV 23
#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
#define SSL_ENABLE_OB_CERTS 25 /* Enable origin bound certs. */
@@ -9,9 +9,9 @@
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
-diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
---- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 19:15:20.975171099 -0800
-+++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 19:19:26.478604857 -0800
+diff -pu -r a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
+--- a/src/net/third_party/nss/ssl/sslimpl.h 2012-03-19 13:49:12.557523144 -0700
++++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-03-19 13:49:29.507749795 -0700
@@ -350,6 +350,7 @@ typedef struct sslOptionsStr {
unsigned int cbcRandomIV : 1; /* 24 */
unsigned int enableOCSPStapling : 1; /* 25 */
@@ -20,10 +20,10 @@
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
-diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c
---- a/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 19:15:20.975171099 -0800
-+++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 20:00:15.851981917 -0800
-@@ -2863,7 +2863,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *
+diff -pu -r a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c
+--- a/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 13:49:12.527522744 -0700
++++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 13:49:29.507749795 -0700
+@@ -2882,7 +2882,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *
ss->ssl3.prSpec = ss->ssl3.crSpec;
ss->ssl3.crSpec = prSpec;
@@ -39,7 +39,7 @@
SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending",
SSL_GETPID(), ss->fd ));
-@@ -4877,10 +4884,11 @@ loser:
+@@ -4898,10 +4905,11 @@ loser:
static SECStatus
ssl3_SendCertificateVerify(sslSocket *ss)
{
@@ -55,7 +55,7 @@
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-@@ -4889,13 +4897,17 @@ ssl3_SendCertificateVerify(sslSocket *ss
+@@ -4910,13 +4918,17 @@ ssl3_SendCertificateVerify(sslSocket *ss
SSL_GETPID(), ss->fd));
ssl_GetSpecReadLock(ss);
@@ -75,7 +75,7 @@
if (ss->ssl3.platformClientKey) {
#ifdef NSS_PLATFORM_CLIENT_AUTH
rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey,
-@@ -5912,6 +5924,10 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -5924,6 +5936,10 @@ ssl3_SendClientSecondRound(sslSocket *ss
{
SECStatus rv;
PRBool sendClientCert;
@@ -86,7 +86,7 @@
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
-@@ -5958,35 +5974,40 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -5970,35 +5986,40 @@ ssl3_SendClientSecondRound(sslSocket *ss
ssl_GetXmitBufLock(ss); /*******************************/
@@ -152,7 +152,7 @@
}
/* XXX: If the server's certificate hasn't been authenticated by this
-@@ -6201,8 +6222,13 @@ ssl3_SendServerHelloSequence(sslSocket *
+@@ -6213,8 +6234,13 @@ ssl3_SendServerHelloSequence(sslSocket *
return rv; /* err code is set. */
}
@@ -168,7 +168,7 @@
return SECSuccess;
}
-@@ -7446,7 +7472,11 @@ ssl3_HandleCertificateVerify(sslSocket *
+@@ -7458,7 +7484,11 @@ ssl3_HandleCertificateVerify(sslSocket *
desc = isTLS ? decode_error : illegal_parameter;
goto alert_loser; /* malformed */
}
@@ -181,7 +181,7 @@
return SECSuccess;
alert_loser:
-@@ -8346,7 +8376,11 @@ ssl3_HandleCertificate(sslSocket *ss, SS
+@@ -8358,7 +8388,11 @@ ssl3_HandleCertificate(sslSocket *ss, SS
}
} else {
server_no_cert:
@@ -194,7 +194,7 @@
}
PORT_Assert(rv == SECSuccess);
-@@ -8959,6 +8993,8 @@ ssl3_HandleHandshakeMessage(sslSocket *s
+@@ -8968,6 +9002,8 @@ ssl3_HandleHandshakeMessage(sslSocket *s
if (type == finished) {
sender = ss->sec.isServer ? sender_client : sender_server;
rSpec = ss->ssl3.crSpec;
@@ -203,9 +203,9 @@
}
rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender);
}
-diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c
---- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-29 17:12:15.720044263 -0800
-+++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-29 20:00:15.851981917 -0800
+diff -pu -r a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c
+--- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-03-19 12:50:32.610015524 -0700
++++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-03-19 13:49:29.507749795 -0700
@@ -84,6 +84,12 @@ static SECStatus ssl3_ServerHandleNextPr
PRUint16 ex_type, SECItem *data);
static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
@@ -243,7 +243,7 @@
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_ob_cert_xtn, &ssl3_SendOBCertXtn }
-@@ -1083,6 +1092,18 @@ ssl3_ClientHandleSessionTicketXtn(sslSoc
+@@ -1082,6 +1091,18 @@ ssl3_ClientHandleSessionTicketXtn(sslSoc
return SECSuccess;
}
@@ -262,7 +262,7 @@
SECStatus
ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data)
-@@ -1496,6 +1517,24 @@ loser:
+@@ -1495,6 +1516,24 @@ loser:
return rv;
}
@@ -287,7 +287,7 @@
/*
* Read bytes. Using this function means the SECItem structure
* cannot be freed. The caller is expected to call this function
-@@ -1695,6 +1734,33 @@ ssl3_SendRenegotiationInfoXtn(
+@@ -1694,6 +1733,33 @@ ssl3_SendRenegotiationInfoXtn(
return needed;
}
@@ -321,9 +321,9 @@
/* This function runs in both the client and server. */
static SECStatus
ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c
---- a/src/net/third_party/nss/ssl/sslsock.c 2012-02-29 17:49:08.431530583 -0800
-+++ b/src/net/third_party/nss/ssl/sslsock.c 2012-02-29 20:00:15.851981917 -0800
+diff -pu -r a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c
+--- a/src/net/third_party/nss/ssl/sslsock.c 2012-03-19 12:59:07.586991902 -0700
++++ b/src/net/third_party/nss/ssl/sslsock.c 2012-03-19 13:49:29.517749929 -0700
@@ -188,6 +188,7 @@ static sslOptions ssl_defaults = {
PR_TRUE, /* cbcRandomIV */
PR_FALSE, /* enableOCSPStapling */
@@ -331,8 +331,8 @@
+ PR_FALSE, /* encryptClientCerts */
};
- sslSessionIDLookupFunc ssl_sid_lookup;
-@@ -755,6 +756,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ /*
+@@ -826,6 +827,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
ss->opt.enableOBCerts = on;
break;
@@ -343,7 +343,7 @@
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
-@@ -822,6 +827,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
+@@ -897,6 +902,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
case SSL_ENABLE_OB_CERTS: on = ss->opt.enableOBCerts; break;
@@ -352,7 +352,7 @@
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -880,6 +887,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
+@@ -959,6 +966,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
on = ssl_defaults.enableOCSPStapling;
break;
case SSL_ENABLE_OB_CERTS: on = ssl_defaults.enableOBCerts; break;
@@ -361,7 +361,7 @@
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1047,6 +1056,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+@@ -1126,6 +1135,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
ssl_defaults.enableOBCerts = on;
break;
@@ -372,10 +372,10 @@
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
-diff -up a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h
---- a/src/net/third_party/nss/ssl/sslt.h 2012-02-29 17:12:15.780045080 -0800
-+++ b/src/net/third_party/nss/ssl/sslt.h 2012-02-29 19:34:43.921452065 -0800
-@@ -205,10 +205,11 @@ typedef enum {
+diff -pu -r a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h
+--- a/src/net/third_party/nss/ssl/sslt.h 2012-03-19 12:50:32.610015524 -0700
++++ b/src/net/third_party/nss/ssl/sslt.h 2012-03-19 13:49:29.517749929 -0700
+@@ -214,10 +214,11 @@ typedef enum {
#endif
ssl_session_ticket_xtn = 35,
ssl_next_proto_nego_xtn = 13172,

Powered by Google App Engine
This is Rietveld 408576698