OLD | NEW |
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c | 1 diff --git a/ssl/ssl.h b/ssl/ssl.h |
2 --- a/nss/lib/ssl/ssl3con.c» 2014-01-17 17:52:46.705854118 -0800 | 2 index 34142fc..e2d1b09 100644 |
3 +++ b/nss/lib/ssl/ssl3con.c» 2014-01-17 17:54:27.087523439 -0800 | 3 --- a/ssl/ssl.h |
4 @@ -6985,6 +6985,9 @@ ssl3_HandleCertificateRequest(sslSocket | 4 +++ b/ssl/ssl.h |
5 if (rv != SECSuccess) | 5 @@ -803,6 +803,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc
*fd, |
6 » goto loser;» » /* malformed, alert has been sent */ | |
7 | |
8 + PORT_Assert(!ss->requestedCertTypes); | |
9 + ss->requestedCertTypes = &cert_types; | |
10 + | |
11 if (isTLS12) { | |
12 » rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); | |
13 » if (rv != SECSuccess) | |
14 @@ -7186,6 +7189,7 @@ loser: | |
15 PORT_SetError(errCode); | |
16 rv = SECFailure; | |
17 done: | |
18 + ss->requestedCertTypes = NULL; | |
19 if (arena != NULL) | |
20 » PORT_FreeArena(arena, PR_FALSE); | |
21 #ifdef NSS_PLATFORM_CLIENT_AUTH | |
22 diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h | |
23 --- a/nss/lib/ssl/ssl.h»2014-01-17 17:53:39.726735852 -0800 | |
24 +++ b/nss/lib/ssl/ssl.h»2014-01-17 17:54:27.087523439 -0800 | |
25 @@ -793,6 +793,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWith | |
26 PRBool flushCache, | 6 PRBool flushCache, |
27 PRIntervalTime timeout); | 7 PRIntervalTime timeout); |
28 | 8 |
29 +/* Returns a SECItem containing the certificate_types field of the | 9 +/* Returns a SECItem containing the certificate_types field of the |
30 +** CertificateRequest message. Each byte of the data is a TLS | 10 +** CertificateRequest message. Each byte of the data is a TLS |
31 +** ClientCertificateType value, and they are ordered from most preferred to | 11 +** ClientCertificateType value, and they are ordered from most preferred to |
32 +** least. This function should only be called from the | 12 +** least. This function should only be called from the |
33 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any | 13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any |
34 +** other time. The returned value is valid only until the callback returns, an
d | 14 +** other time. The returned value is valid only until the callback returns, an
d |
35 +** should not be freed. | 15 +** should not be freed. |
36 +*/ | 16 +*/ |
37 +SSL_IMPORT const SECItem * | 17 +SSL_IMPORT const SECItem * |
38 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); | 18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); |
39 | 19 |
40 #ifdef SSL_DEPRECATED_FUNCTION | 20 #ifdef SSL_DEPRECATED_FUNCTION |
41 /* deprecated! | 21 /* deprecated! |
42 diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h | 22 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c |
43 --- a/nss/lib/ssl/sslimpl.h» 2014-01-17 17:52:46.715854283 -0800 | 23 index 40ae885..cb59cc1 100644 |
44 +++ b/nss/lib/ssl/sslimpl.h» 2014-01-17 17:54:27.087523439 -0800 | 24 --- a/ssl/ssl3con.c |
45 @@ -1229,6 +1229,10 @@ struct sslSocketStr { | 25 +++ b/ssl/ssl3con.c |
| 26 @@ -7045,6 +7045,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b
, PRUint32 length) |
| 27 if (rv != SECSuccess) |
| 28 » goto loser;» » /* malformed, alert has been sent */ |
| 29 |
| 30 + PORT_Assert(!ss->requestedCertTypes); |
| 31 + ss->requestedCertTypes = &cert_types; |
| 32 + |
| 33 if (isTLS12) { |
| 34 » rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); |
| 35 » if (rv != SECSuccess) |
| 36 @@ -7246,6 +7249,7 @@ loser: |
| 37 PORT_SetError(errCode); |
| 38 rv = SECFailure; |
| 39 done: |
| 40 + ss->requestedCertTypes = NULL; |
| 41 if (arena != NULL) |
| 42 » PORT_FreeArena(arena, PR_FALSE); |
| 43 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 44 diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h |
| 45 index cda1869..9f59f5a 100644 |
| 46 --- a/ssl/sslimpl.h |
| 47 +++ b/ssl/sslimpl.h |
| 48 @@ -1231,6 +1231,10 @@ struct sslSocketStr { |
46 unsigned int sizeCipherSpecs; | 49 unsigned int sizeCipherSpecs; |
47 const unsigned char * preferredCipher; | 50 const unsigned char * preferredCipher; |
48 | 51 |
49 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ | 52 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ |
50 + /* Will be NULL at all other times. */ | 53 + /* Will be NULL at all other times. */ |
51 + const SECItem *requestedCertTypes; | 54 + const SECItem *requestedCertTypes; |
52 + | 55 + |
53 ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ | 56 ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ |
54 | 57 |
55 /* Callbacks */ | 58 /* Callbacks */ |
56 diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c | 59 diff --git a/ssl/sslsock.c b/ssl/sslsock.c |
57 --- a/nss/lib/ssl/sslsock.c» 2014-01-17 17:53:39.726735852 -0800 | 60 index 688f399..a939781 100644 |
58 +++ b/nss/lib/ssl/sslsock.c» 2014-01-17 17:54:27.097523605 -0800 | 61 --- a/ssl/sslsock.c |
59 @@ -1869,6 +1869,20 @@ SSL_HandshakeResumedSession(PRFileDesc * | 62 +++ b/ssl/sslsock.c |
| 63 @@ -1911,6 +1911,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands
hake_resumed) { |
60 return SECSuccess; | 64 return SECSuccess; |
61 } | 65 } |
62 | 66 |
63 +const SECItem * | 67 +const SECItem * |
64 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) | 68 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) |
65 +{ | 69 +{ |
66 + sslSocket *ss = ssl_FindSocket(fd); | 70 + sslSocket *ss = ssl_FindSocket(fd); |
67 + | 71 + |
68 + if (!ss) { | 72 + if (!ss) { |
69 + SSL_DBG(("%d: SSL[%d]: bad socket in " | 73 + SSL_DBG(("%d: SSL[%d]: bad socket in " |
70 + "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd)); | 74 + "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd)); |
71 + return NULL; | 75 + return NULL; |
72 + } | 76 + } |
73 + | 77 + |
74 + return ss->requestedCertTypes; | 78 + return ss->requestedCertTypes; |
75 +} | 79 +} |
76 + | 80 + |
77 /************************************************************************/ | 81 /************************************************************************/ |
78 /* The following functions are the TOP LEVEL SSL functions. | 82 /* The following functions are the TOP LEVEL SSL functions. |
79 ** They all get called through the NSPRIOMethods table below. | 83 ** They all get called through the NSPRIOMethods table below. |
80 @@ -2936,6 +2950,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProto | 84 @@ -2989,6 +3003,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco
lVariant) |
81 » sc->serverKeyBits = 0; | 85 sc->serverKeyBits = 0; |
82 » ss->certStatusArray[i] = NULL; | 86 ss->certStatusArray[i] = NULL; |
83 » } | 87 } |
84 +» ss->requestedCertTypes = NULL; | 88 + ss->requestedCertTypes = NULL; |
85 » ss->stepDownKeyPair = NULL; | 89 ss->stepDownKeyPair = NULL; |
86 » ss->dbHandle = CERT_GetDefaultCertDB(); | 90 ss->dbHandle = CERT_GetDefaultCertDB(); |
87 | 91 |
OLD | NEW |