Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(63)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/getrequestedclientcerttypes.patch

Issue 1053903002: Update libssl to NSS 3.18 RTM (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix typo Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/patches/fallbackscsv.patch ('k') | net/third_party/nss/patches/nssrwlock.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c 1 diff --git a/ssl/ssl.h b/ssl/ssl.h
2 --- a/nss/lib/ssl/ssl3con.c» 2014-01-17 17:52:46.705854118 -0800 2 index 34142fc..e2d1b09 100644
3 +++ b/nss/lib/ssl/ssl3con.c» 2014-01-17 17:54:27.087523439 -0800 3 --- a/ssl/ssl.h
4 @@ -6985,6 +6985,9 @@ ssl3_HandleCertificateRequest(sslSocket 4 +++ b/ssl/ssl.h
5 if (rv != SECSuccess) 5 @@ -803,6 +803,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
6 » goto loser;» » /* malformed, alert has been sent */
7
8 + PORT_Assert(!ss->requestedCertTypes);
9 + ss->requestedCertTypes = &cert_types;
10 +
11 if (isTLS12) {
12 » rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
13 » if (rv != SECSuccess)
14 @@ -7186,6 +7189,7 @@ loser:
15 PORT_SetError(errCode);
16 rv = SECFailure;
17 done:
18 + ss->requestedCertTypes = NULL;
19 if (arena != NULL)
20 » PORT_FreeArena(arena, PR_FALSE);
21 #ifdef NSS_PLATFORM_CLIENT_AUTH
22 diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
23 --- a/nss/lib/ssl/ssl.h»2014-01-17 17:53:39.726735852 -0800
24 +++ b/nss/lib/ssl/ssl.h»2014-01-17 17:54:27.087523439 -0800
25 @@ -793,6 +793,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWith
26 PRBool flushCache, 6 PRBool flushCache,
27 PRIntervalTime timeout); 7 PRIntervalTime timeout);
28 8
29 +/* Returns a SECItem containing the certificate_types field of the 9 +/* Returns a SECItem containing the certificate_types field of the
30 +** CertificateRequest message. Each byte of the data is a TLS 10 +** CertificateRequest message. Each byte of the data is a TLS
31 +** ClientCertificateType value, and they are ordered from most preferred to 11 +** ClientCertificateType value, and they are ordered from most preferred to
32 +** least. This function should only be called from the 12 +** least. This function should only be called from the
33 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any 13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any
34 +** other time. The returned value is valid only until the callback returns, an d 14 +** other time. The returned value is valid only until the callback returns, an d
35 +** should not be freed. 15 +** should not be freed.
36 +*/ 16 +*/
37 +SSL_IMPORT const SECItem * 17 +SSL_IMPORT const SECItem *
38 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); 18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd);
39 19
40 #ifdef SSL_DEPRECATED_FUNCTION 20 #ifdef SSL_DEPRECATED_FUNCTION
41 /* deprecated! 21 /* deprecated!
42 diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h 22 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
43 --- a/nss/lib/ssl/sslimpl.h» 2014-01-17 17:52:46.715854283 -0800 23 index 40ae885..cb59cc1 100644
44 +++ b/nss/lib/ssl/sslimpl.h» 2014-01-17 17:54:27.087523439 -0800 24 --- a/ssl/ssl3con.c
45 @@ -1229,6 +1229,10 @@ struct sslSocketStr { 25 +++ b/ssl/ssl3con.c
26 @@ -7045,6 +7045,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b , PRUint32 length)
27 if (rv != SECSuccess)
28 » goto loser;» » /* malformed, alert has been sent */
29
30 + PORT_Assert(!ss->requestedCertTypes);
31 + ss->requestedCertTypes = &cert_types;
32 +
33 if (isTLS12) {
34 » rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
35 » if (rv != SECSuccess)
36 @@ -7246,6 +7249,7 @@ loser:
37 PORT_SetError(errCode);
38 rv = SECFailure;
39 done:
40 + ss->requestedCertTypes = NULL;
41 if (arena != NULL)
42 » PORT_FreeArena(arena, PR_FALSE);
43 #ifdef NSS_PLATFORM_CLIENT_AUTH
44 diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
45 index cda1869..9f59f5a 100644
46 --- a/ssl/sslimpl.h
47 +++ b/ssl/sslimpl.h
48 @@ -1231,6 +1231,10 @@ struct sslSocketStr {
46 unsigned int sizeCipherSpecs; 49 unsigned int sizeCipherSpecs;
47 const unsigned char * preferredCipher; 50 const unsigned char * preferredCipher;
48 51
49 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ 52 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */
50 + /* Will be NULL at all other times. */ 53 + /* Will be NULL at all other times. */
51 + const SECItem *requestedCertTypes; 54 + const SECItem *requestedCertTypes;
52 + 55 +
53 ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ 56 ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
54 57
55 /* Callbacks */ 58 /* Callbacks */
56 diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c 59 diff --git a/ssl/sslsock.c b/ssl/sslsock.c
57 --- a/nss/lib/ssl/sslsock.c» 2014-01-17 17:53:39.726735852 -0800 60 index 688f399..a939781 100644
58 +++ b/nss/lib/ssl/sslsock.c» 2014-01-17 17:54:27.097523605 -0800 61 --- a/ssl/sslsock.c
59 @@ -1869,6 +1869,20 @@ SSL_HandshakeResumedSession(PRFileDesc * 62 +++ b/ssl/sslsock.c
63 @@ -1911,6 +1911,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands hake_resumed) {
60 return SECSuccess; 64 return SECSuccess;
61 } 65 }
62 66
63 +const SECItem * 67 +const SECItem *
64 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) 68 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd)
65 +{ 69 +{
66 + sslSocket *ss = ssl_FindSocket(fd); 70 + sslSocket *ss = ssl_FindSocket(fd);
67 + 71 +
68 + if (!ss) { 72 + if (!ss) {
69 + SSL_DBG(("%d: SSL[%d]: bad socket in " 73 + SSL_DBG(("%d: SSL[%d]: bad socket in "
70 + "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd)); 74 + "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd));
71 + return NULL; 75 + return NULL;
72 + } 76 + }
73 + 77 +
74 + return ss->requestedCertTypes; 78 + return ss->requestedCertTypes;
75 +} 79 +}
76 + 80 +
77 /************************************************************************/ 81 /************************************************************************/
78 /* The following functions are the TOP LEVEL SSL functions. 82 /* The following functions are the TOP LEVEL SSL functions.
79 ** They all get called through the NSPRIOMethods table below. 83 ** They all get called through the NSPRIOMethods table below.
80 @@ -2936,6 +2950,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProto 84 @@ -2989,6 +3003,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco lVariant)
81 » sc->serverKeyBits = 0; 85 sc->serverKeyBits = 0;
82 » ss->certStatusArray[i] = NULL; 86 ss->certStatusArray[i] = NULL;
83 » } 87 }
84 +» ss->requestedCertTypes = NULL; 88 + ss->requestedCertTypes = NULL;
85 » ss->stepDownKeyPair = NULL; 89 ss->stepDownKeyPair = NULL;
86 » ss->dbHandle = CERT_GetDefaultCertDB(); 90 ss->dbHandle = CERT_GetDefaultCertDB();
87 91
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/fallbackscsv.patch ('k') | net/third_party/nss/patches/nssrwlock.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698