| Index: net/third_party/nss/patches/signedcertificatetimestamps.patch
|
| diff --git a/net/third_party/nss/patches/signedcertificatetimestamps.patch b/net/third_party/nss/patches/signedcertificatetimestamps.patch
|
| index 98643725561830bd14db606eeb7f0de35c5d2e76..5c514487db98d120433699381e4fc6cb42256723 100644
|
| --- a/net/third_party/nss/patches/signedcertificatetimestamps.patch
|
| +++ b/net/third_party/nss/patches/signedcertificatetimestamps.patch
|
| @@ -1,7 +1,46 @@
|
| -diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
|
| ---- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:11:28.314468184 -0800
|
| -+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:23:17.946207727 -0800
|
| -@@ -6682,10 +6682,22 @@ ssl3_HandleServerHello(sslSocket *ss, SS
|
| +diff --git a/ssl/ssl.h b/ssl/ssl.h
|
| +index 80717db..e9f5fb0 100644
|
| +--- a/ssl/ssl.h
|
| ++++ b/ssl/ssl.h
|
| +@@ -191,6 +191,9 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
|
| + #define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
|
| + * handshakes. */
|
| +
|
| ++/* Request Signed Certificate Timestamps via TLS extension (client) */
|
| ++#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 29
|
| ++
|
| + #ifdef SSL_DEPRECATED_FUNCTION
|
| + /* Old deprecated function names */
|
| + SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
|
| +@@ -493,6 +496,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
|
| + */
|
| + SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
|
| +
|
| ++/* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp
|
| ++ * extension data provided by the TLS server. The return value is a pointer
|
| ++ * to an internal SECItem that contains the returned response (as a serialized
|
| ++ * SignedCertificateTimestampList, see RFC 6962). The returned pointer is only
|
| ++ * valid until the callback function that calls SSL_PeerSignedCertTimestamps
|
| ++ * (e.g. the authenticate certificate hook, or the handshake callback) returns.
|
| ++ *
|
| ++ * If no Signed Certificate Timestamps were given by the server then the result
|
| ++ * will be empty. If there was an error, then the result will be NULL.
|
| ++ *
|
| ++ * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to indicate support
|
| ++ * for Signed Certificate Timestamps to a server.
|
| ++ *
|
| ++ * libssl does not do any parsing or validation of the response itself.
|
| ++ */
|
| ++SSL_IMPORT const SECItem * SSL_PeerSignedCertTimestamps(PRFileDesc *fd);
|
| ++
|
| + /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
|
| + * in the fd's data, which may be sent as part of a server side cert_status
|
| + * handshake message. Parameter |responses| is for the server certificate of
|
| +diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
| +index 40951b7..75739df 100644
|
| +--- a/ssl/ssl3con.c
|
| ++++ b/ssl/ssl3con.c
|
| +@@ -6737,10 +6737,22 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| sid->u.ssl3.sessionIDLength = sidBytes.len;
|
| PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
|
|
|
| @@ -24,7 +63,7 @@ diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
|
| /* If we will need a ChannelID key then we make the callback now. This
|
| * allows the handshake to be restarted cleanly if the callback returns
|
| * SECWouldBlock. */
|
| -@@ -6711,6 +6723,9 @@ alert_loser:
|
| +@@ -6766,6 +6778,9 @@ alert_loser:
|
| (void)SSL3_SendAlert(ss, alert_fatal, desc);
|
|
|
| loser:
|
| @@ -34,23 +73,24 @@ diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
|
| errCode = ssl_MapLowLevelError(errCode);
|
| return SECFailure;
|
| }
|
| -diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
|
| ---- a/nss/lib/ssl/ssl3ext.c 2014-01-17 18:22:54.945827814 -0800
|
| -+++ b/nss/lib/ssl/ssl3ext.c 2014-01-17 18:35:21.798168722 -0800
|
| -@@ -81,6 +81,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn
|
| +diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
|
| +index b6ed17d..6c120ff 100644
|
| +--- a/ssl/ssl3ext.c
|
| ++++ b/ssl/ssl3ext.c
|
| +@@ -85,6 +85,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
|
| PRUint32 maxBytes);
|
| static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
|
| SECItem *data);
|
| +static PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
|
| -+ PRBool append,
|
| -+ PRUint32 maxBytes);
|
| ++ PRBool append,
|
| ++ PRUint32 maxBytes);
|
| +static SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
|
| -+ PRUint16 ex_type,
|
| -+ SECItem *data);
|
| ++ PRUint16 ex_type,
|
| ++ SECItem *data);
|
|
|
| - /*
|
| - * Write bytes. Using this function means the SECItem structure
|
| -@@ -259,6 +265,8 @@ static const ssl3HelloExtensionHandler s
|
| + static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
|
| + PRUint32 maxBytes);
|
| +@@ -270,6 +276,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
|
| { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
|
| { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
|
| { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
|
| @@ -59,52 +99,49 @@ diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
|
| { -1, NULL }
|
| };
|
|
|
| -@@ -287,7 +295,9 @@ ssl3HelloExtensionSender clientHelloSend
|
| +@@ -298,6 +306,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
| { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
|
| { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
|
| { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
|
| -- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
|
| -+ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
|
| + { ssl_signed_certificate_timestamp_xtn,
|
| -+ &ssl3_ClientSendSignedCertTimestampXtn }
|
| ++ &ssl3_ClientSendSignedCertTimestampXtn },
|
| + { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
|
| + { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
|
| /* any extra entries will appear as { 0, NULL } */
|
| - };
|
| -
|
| -@@ -2379,3 +2389,65 @@ ssl3_AppendPaddingExtension(sslSocket *s
|
| -
|
| - return extensionLen;
|
| +@@ -2582,3 +2592,64 @@ loser:
|
| + return SECSuccess;
|
| }
|
| -+
|
| +
|
| +/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
|
| + * extension for TLS ClientHellos. */
|
| +static PRInt32
|
| +ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
|
| -+ PRUint32 maxBytes)
|
| ++ PRUint32 maxBytes)
|
| +{
|
| + PRInt32 extension_length = 2 /* extension_type */ +
|
| -+ 2 /* length(extension_data) */;
|
| ++ 2 /* length(extension_data) */;
|
| +
|
| + /* Only send the extension if processing is enabled. */
|
| + if (!ss->opt.enableSignedCertTimestamps)
|
| -+ return 0;
|
| ++ return 0;
|
| +
|
| + if (append && maxBytes >= extension_length) {
|
| -+ SECStatus rv;
|
| -+ /* extension_type */
|
| -+ rv = ssl3_AppendHandshakeNumber(ss,
|
| -+ ssl_signed_certificate_timestamp_xtn,
|
| -+ 2);
|
| -+ if (rv != SECSuccess)
|
| -+ goto loser;
|
| -+ /* zero length */
|
| -+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
|
| -+ if (rv != SECSuccess)
|
| -+ goto loser;
|
| -+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
| -+ ssl_signed_certificate_timestamp_xtn;
|
| ++ SECStatus rv;
|
| ++ /* extension_type */
|
| ++ rv = ssl3_AppendHandshakeNumber(ss,
|
| ++ ssl_signed_certificate_timestamp_xtn,
|
| ++ 2);
|
| ++ if (rv != SECSuccess)
|
| ++ goto loser;
|
| ++ /* zero length */
|
| ++ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
|
| ++ if (rv != SECSuccess)
|
| ++ goto loser;
|
| ++ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
| ++ ssl_signed_certificate_timestamp_xtn;
|
| + } else if (maxBytes < extension_length) {
|
| -+ PORT_Assert(0);
|
| -+ return 0;
|
| ++ PORT_Assert(0);
|
| ++ return 0;
|
| + }
|
| +
|
| + return extension_length;
|
| @@ -114,7 +151,7 @@ diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
|
| +
|
| +static SECStatus
|
| +ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
|
| -+ SECItem *data)
|
| ++ SECItem *data)
|
| +{
|
| + /* We do not yet know whether we'll be resuming a session or creating
|
| + * a new one, so we keep a pointer to the data in the TLSExtensionData
|
| @@ -128,63 +165,27 @@ diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
|
| + PORT_Assert(!scts->data && !scts->len);
|
| +
|
| + if (!data->len) {
|
| -+ /* Empty extension data: RFC 6962 mandates non-empty contents. */
|
| -+ return SECFailure;
|
| ++ /* Empty extension data: RFC 6962 mandates non-empty contents. */
|
| ++ return SECFailure;
|
| + }
|
| + *scts = *data;
|
| + /* Keep track of negotiated extensions. */
|
| + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
|
| + return SECSuccess;
|
| +}
|
| -diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
|
| ---- a/nss/lib/ssl/ssl.h 2014-01-17 18:00:11.213237373 -0800
|
| -+++ b/nss/lib/ssl/ssl.h 2014-01-17 18:38:15.791045050 -0800
|
| -@@ -181,6 +181,9 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
|
| - */
|
| - #define SSL_ENABLE_ALPN 26
|
| -
|
| -+/* Request Signed Certificate Timestamps via TLS extension (client) */
|
| -+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27
|
| -+
|
| - #ifdef SSL_DEPRECATED_FUNCTION
|
| - /* Old deprecated function names */
|
| - SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
|
| -@@ -483,6 +486,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertifi
|
| - */
|
| - SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
|
| -
|
| -+/* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp
|
| -+ * extension data provided by the TLS server. The return value is a pointer
|
| -+ * to an internal SECItem that contains the returned response (as a serialized
|
| -+ * SignedCertificateTimestampList, see RFC 6962). The returned pointer is only
|
| -+ * valid until the callback function that calls SSL_PeerSignedCertTimestamps
|
| -+ * (e.g. the authenticate certificate hook, or the handshake callback) returns.
|
| -+ *
|
| -+ * If no Signed Certificate Timestamps were given by the server then the result
|
| -+ * will be empty. If there was an error, then the result will be NULL.
|
| -+ *
|
| -+ * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to indicate support
|
| -+ * for Signed Certificate Timestamps to a server.
|
| -+ *
|
| -+ * libssl does not do any parsing or validation of the response itself.
|
| -+ */
|
| -+SSL_IMPORT const SECItem * SSL_PeerSignedCertTimestamps(PRFileDesc *fd);
|
| -+
|
| - /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
|
| - * in the fd's data, which may be sent as part of a server side cert_status
|
| - * handshake message. Parameter |responses| is for the server certificate of
|
| -diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
|
| ---- a/nss/lib/ssl/sslimpl.h 2014-01-17 18:11:28.314468184 -0800
|
| -+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 18:27:22.540248428 -0800
|
| -@@ -337,6 +337,7 @@ typedef struct sslOptionsStr {
|
| - unsigned int enableOCSPStapling : 1; /* 25 */
|
| - unsigned int enableNPN : 1; /* 26 */
|
| +diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
| +index 62f822a..2f61a46 100644
|
| +--- a/ssl/sslimpl.h
|
| ++++ b/ssl/sslimpl.h
|
| +@@ -339,6 +339,7 @@ typedef struct sslOptionsStr {
|
| unsigned int enableALPN : 1; /* 27 */
|
| -+ unsigned int enableSignedCertTimestamps : 1; /* 28 */
|
| + unsigned int reuseServerECDHEKey : 1; /* 28 */
|
| + unsigned int enableFallbackSCSV : 1; /* 29 */
|
| ++ unsigned int enableSignedCertTimestamps : 1; /* 30 */
|
| } sslOptions;
|
|
|
| typedef enum { sslHandshakingUndetermined = 0,
|
| -@@ -719,6 +720,11 @@ struct sslSessionIDStr {
|
| +@@ -721,6 +722,11 @@ struct sslSessionIDStr {
|
| * resumption handshake to the original handshake. */
|
| SECItem originalHandshakeHash;
|
|
|
| @@ -196,7 +197,7 @@ diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
|
| /* This lock is lazily initialized by CacheSID when a sid is first
|
| * cached. Before then, there is no need to lock anything because
|
| * the sid isn't being shared by anything.
|
| -@@ -827,6 +833,18 @@ struct TLSExtensionDataStr {
|
| +@@ -829,6 +835,18 @@ struct TLSExtensionDataStr {
|
| * is beyond ssl3_HandleClientHello function. */
|
| SECItem *sniNameArr;
|
| PRUint32 sniNameArrSize;
|
| @@ -215,9 +216,10 @@ diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
|
| };
|
|
|
| typedef SECStatus (*sslRestartTarget)(sslSocket *);
|
| -diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
|
| ---- a/nss/lib/ssl/sslnonce.c 2014-01-17 18:11:28.314468184 -0800
|
| -+++ b/nss/lib/ssl/sslnonce.c 2014-01-17 18:23:17.956207890 -0800
|
| +diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
|
| +index c45849d..cefdda6 100644
|
| +--- a/ssl/sslnonce.c
|
| ++++ b/ssl/sslnonce.c
|
| @@ -131,6 +131,9 @@ ssl_DestroySID(sslSessionID *sid)
|
| if (sid->u.ssl3.originalHandshakeHash.data) {
|
| SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
|
| @@ -228,62 +230,63 @@ diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
|
|
|
| if (sid->u.ssl3.lock) {
|
| PR_DestroyRWLock(sid->u.ssl3.lock);
|
| -diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
|
| ---- a/nss/lib/ssl/sslsock.c 2014-01-17 18:04:43.127747463 -0800
|
| -+++ b/nss/lib/ssl/sslsock.c 2014-01-17 18:44:09.246889487 -0800
|
| -@@ -87,7 +87,8 @@ static sslOptions ssl_defaults = {
|
| - PR_TRUE, /* cbcRandomIV */
|
| - PR_FALSE, /* enableOCSPStapling */
|
| +diff --git a/ssl/sslsock.c b/ssl/sslsock.c
|
| +index 0d12273..80f4e67 100644
|
| +--- a/ssl/sslsock.c
|
| ++++ b/ssl/sslsock.c
|
| +@@ -89,7 +89,8 @@ static sslOptions ssl_defaults = {
|
| PR_TRUE, /* enableNPN */
|
| -- PR_FALSE /* enableALPN */
|
| -+ PR_FALSE, /* enableALPN */
|
| -+ PR_FALSE /* enableSignedCertTimestamps */
|
| + PR_FALSE, /* enableALPN */
|
| + PR_TRUE, /* reuseServerECDHEKey */
|
| +- PR_FALSE /* enableFallbackSCSV */
|
| ++ PR_FALSE, /* enableFallbackSCSV */
|
| ++ PR_FALSE, /* enableSignedCertTimestamps */
|
| };
|
|
|
| /*
|
| -@@ -787,6 +788,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
| - ss->opt.enableALPN = on;
|
| - break;
|
| +@@ -807,6 +808,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
|
| + ss->opt.enableFallbackSCSV = on;
|
| + break;
|
|
|
| + case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| -+ ss->opt.enableSignedCertTimestamps = on;
|
| -+ break;
|
| ++ ss->opt.enableSignedCertTimestamps = on;
|
| ++ break;
|
| +
|
| default:
|
| - PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| - rv = SECFailure;
|
| -@@ -859,6 +864,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
|
| - case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
|
| - case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break;
|
| - case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;
|
| + PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| + rv = SECFailure;
|
| +@@ -882,6 +887,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
|
| + case SSL_REUSE_SERVER_ECDHE_KEY:
|
| + on = ss->opt.reuseServerECDHEKey; break;
|
| + case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
|
| + case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| -+ on = ss->opt.enableSignedCertTimestamps;
|
| -+ break;
|
| ++ on = ss->opt.enableSignedCertTimestamps;
|
| ++ break;
|
|
|
| default:
|
| - PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| -@@ -922,6 +930,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
|
| + PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| +@@ -951,6 +959,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
|
| + case SSL_ENABLE_FALLBACK_SCSV:
|
| + on = ssl_defaults.enableFallbackSCSV;
|
| break;
|
| - case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break;
|
| - case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break;
|
| + case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| -+ on = ssl_defaults.enableSignedCertTimestamps;
|
| -+ break;
|
| ++ on = ssl_defaults.enableSignedCertTimestamps;
|
| ++ break;
|
|
|
| default:
|
| - PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| -@@ -1097,6 +1108,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
|
| - ssl_defaults.enableALPN = on;
|
| - break;
|
| + PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| +@@ -1134,6 +1145,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
|
| + ssl_defaults.enableFallbackSCSV = on;
|
| + break;
|
|
|
| + case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| -+ ssl_defaults.enableSignedCertTimestamps = on;
|
| -+ break;
|
| ++ ssl_defaults.enableSignedCertTimestamps = on;
|
| ++ break;
|
| +
|
| default:
|
| - PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| - return SECFailure;
|
| -@@ -1921,6 +1936,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc
|
| + PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| + return SECFailure;
|
| +@@ -1963,6 +1978,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
|
| return &ss->sec.ci.sid->peerCertStatus;
|
| }
|
|
|
| @@ -313,22 +316,23 @@ diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
|
| SECStatus
|
| SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
|
| sslSocket *ss = ssl_FindSocket(fd);
|
| -diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
|
| ---- a/nss/lib/ssl/sslt.h 2014-01-17 18:10:16.793281867 -0800
|
| -+++ b/nss/lib/ssl/sslt.h 2014-01-17 18:23:17.956207890 -0800
|
| +diff --git a/ssl/sslt.h b/ssl/sslt.h
|
| +index fe0ad07..c36b8c7 100644
|
| +--- a/ssl/sslt.h
|
| ++++ b/ssl/sslt.h
|
| @@ -202,6 +202,7 @@ typedef enum {
|
| ssl_signature_algorithms_xtn = 13,
|
| ssl_use_srtp_xtn = 14,
|
| ssl_app_layer_protocol_xtn = 16,
|
| + ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */
|
| + ssl_padding_xtn = 21,
|
| ssl_session_ticket_xtn = 35,
|
| ssl_next_proto_nego_xtn = 13172,
|
| - ssl_channel_id_xtn = 30032,
|
| -@@ -209,6 +210,6 @@ typedef enum {
|
| - ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
|
| +@@ -210,6 +211,6 @@ typedef enum {
|
| + ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
|
| } SSLExtensionType;
|
|
|
| --#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
|
| -+#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
|
| +-#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
|
| ++#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
|
|
|
| #endif /* __sslt_h_ */
|
|
|
Chromium Code Reviews
Issue 1053903002:
Update libssl to NSS 3.18 RTM (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master