Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(567)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/fallbackscsv.patch

Issue 111853013: Update net/third_party/nss to NSS 3.15.4. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Add CT TLS extension bug number Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/ecpointform.patch ('k') | net/third_party/nss/patches/getrequestedclientcerttypes.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h 1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2 index c0d26cc..4ff0b7d 100644 2 --- a/nss/lib/ssl/ssl3con.c» 2014-01-03 19:44:44.807185186 -0800
3 --- a/nss/lib/ssl/SSLerrs.h 3 +++ b/nss/lib/ssl/ssl3con.c» 2014-01-03 19:44:54.857349534 -0800
4 +++ b/nss/lib/ssl/SSLerrs.h 4 @@ -3473,6 +3473,9 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffe
5 @@ -421,3 +421,8 @@ ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 130) ,
6
7 ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
8 "The application could not get a TLS Channel ID.")
9 +
10 +ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 132),
11 +"The connection was using a lesser TLS version as a result of a previous"
12 +" handshake failure, but the server indicated that it should not have been"
13 +" needed.")
14 diff --git a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
15 index 24627ed..067938c 100644
16 --- a/nss/lib/ssl/ssl.h
17 +++ b/nss/lib/ssl/ssl.h
18 @@ -163,6 +163,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFi leDesc *fd);
19 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
20 /* Request Signed Certificate Timestamps via TLS extension (client) */
21 #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 25
22 +#define SSL_ENABLE_FALLBACK_SCSV 26 /* Send fallback SCSV in
23 + * handshakes. */
24
25 #ifdef SSL_DEPRECATED_FUNCTION
26 /* Old deprecated function names */
27 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
28 index cf7ef32..946f780 100644
29 --- a/nss/lib/ssl/ssl3con.c
30 +++ b/nss/lib/ssl/ssl3con.c
31 @@ -3469,6 +3469,9 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf)
32 case certificate_unknown: error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT; 5 case certificate_unknown: error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT;
33 break; 6 break;
34 case illegal_parameter: error = SSL_ERROR_ILLEGAL_PARAMETER_ALERT;break; 7 case illegal_parameter: error = SSL_ERROR_ILLEGAL_PARAMETER_ALERT;break;
35 + case inappropriate_fallback: 8 + case inappropriate_fallback:
36 + error = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT; 9 + error = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
37 + break; 10 + break;
38 11
39 /* All alerts below are TLS only. */ 12 /* All alerts below are TLS only. */
40 case unknown_ca: error = SSL_ERROR_UNKNOWN_CA_ALERT; break; 13 case unknown_ca: error = SSL_ERROR_UNKNOWN_CA_ALERT; break;
41 @@ -4973,7 +4976,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) 14 @@ -4986,6 +4989,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
42 int num_suites; 15 int num_suites;
43 int actual_count = 0; 16 int actual_count = 0;
44 PRBool isTLS = PR_FALSE; 17 PRBool isTLS = PR_FALSE;
45 - PRBool requestingResume = PR_FALSE;
46 + PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE; 18 + PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE;
47 PRInt32 total_exten_len = 0; 19 PRInt32 total_exten_len = 0;
48 unsigned paddingExtensionLen; 20 unsigned paddingExtensionLen;
49 unsigned numCompressionMethods; 21 unsigned numCompressionMethods;
50 @@ -5223,8 +5226,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) 22 @@ -5128,6 +5132,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
51 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); 23 }
52 if (!num_suites) 24
25 if (sid) {
26 +» requestingResume = PR_TRUE;
27 » SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits );
28
29 » PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
30 @@ -5246,8 +5251,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
31 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
53 return SECFailure; /* count_cipher_suites has set error code. */ 32 return SECFailure; /* count_cipher_suites has set error code. */
33 }
54 + 34 +
55 + fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume || 35 + fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume ||
56 + ss->version < sid->version); 36 + ss->version < sid->version);
57 + /* make room for SCSV */ 37 + /* make room for SCSV */
58 if (ss->ssl3.hs.sendingSCSV) { 38 if (ss->ssl3.hs.sendingSCSV) {
59 - ++num_suites; /* make room for SCSV */ 39 - ++num_suites; /* make room for SCSV */
60 + ++num_suites; 40 + ++num_suites;
61 + } 41 + }
62 + if (fallbackSCSV) { 42 + if (fallbackSCSV) {
63 + ++num_suites; 43 + ++num_suites;
64 } 44 }
65 45
66 /* count compression methods */ 46 /* count compression methods */
67 @@ -5322,6 +5332,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) 47 @@ -5353,6 +5365,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
68 } 48 }
69 actual_count++; 49 actual_count++;
70 } 50 }
71 + if (fallbackSCSV) { 51 + if (fallbackSCSV) {
72 + rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV, 52 + rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
73 + sizeof(ssl3CipherSuite)); 53 + sizeof(ssl3CipherSuite));
74 + if (rv != SECSuccess) { 54 + if (rv != SECSuccess) {
55 + if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
75 + return rv; /* err set by ssl3_AppendHandshake* */ 56 + return rv; /* err set by ssl3_AppendHandshake* */
76 + } 57 + }
77 + actual_count++; 58 + actual_count++;
78 + } 59 + }
79 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { 60 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
80 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; 61 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
81 if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { 62 if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
82 @@ -8037,6 +8055,19 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUi nt32 length) 63 @@ -5416,6 +5437,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
64
65 » extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
66 » if (extLen < 0) {
67 +» if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
68 » return SECFailure;
69 » }
70 » maxBytes -= extLen;
71 @@ -8083,6 +8105,19 @@ ssl3_HandleClientHello(sslSocket *ss, SS
83 goto loser; /* malformed */ 72 goto loser; /* malformed */
84 } 73 }
85 74
86 + /* If the ClientHello version is less than our maximum version, check for a 75 + /* If the ClientHello version is less than our maximum version, check for a
87 + * TLS_FALLBACK_SCSV and reject the connection if found. */ 76 + * TLS_FALLBACK_SCSV and reject the connection if found. */
88 + if (ss->vrange.max > ss->clientHelloVersion) { 77 + if (ss->vrange.max > ss->clientHelloVersion) {
89 + for (i = 0; i + 1 < suites.len; i += 2) { 78 + for (i = 0; i + 1 < suites.len; i += 2) {
90 + PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; 79 + PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
91 + if (suite_i != TLS_FALLBACK_SCSV) 80 + if (suite_i != TLS_FALLBACK_SCSV)
92 + continue; 81 + continue;
93 + desc = inappropriate_fallback; 82 + desc = inappropriate_fallback;
94 + errCode = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT; 83 + errCode = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
95 + goto alert_loser; 84 + goto alert_loser;
96 + } 85 + }
97 + } 86 + }
98 + 87 +
99 /* grab the list of compression methods. */ 88 /* grab the list of compression methods. */
100 rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length); 89 rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length);
101 if (rv != SECSuccess) { 90 if (rv != SECSuccess) {
102 diff --git a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h 91 diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h
103 index 0eab970..4c19ade 100644 92 --- a/nss/lib/ssl/ssl3prot.h» 2014-01-03 19:39:28.442012014 -0800
104 --- a/nss/lib/ssl/ssl3prot.h 93 +++ b/nss/lib/ssl/ssl3prot.h» 2014-01-03 19:44:54.857349534 -0800
105 +++ b/nss/lib/ssl/ssl3prot.h
106 @@ -98,6 +98,7 @@ typedef enum { 94 @@ -98,6 +98,7 @@ typedef enum {
107 protocol_version = 70, 95 protocol_version = 70,
108 insufficient_security = 71, 96 insufficient_security = 71,
109 internal_error = 80, 97 internal_error = 80,
110 + inappropriate_fallback = 86, /* could also be sent for SSLv3 */ 98 + inappropriate_fallback = 86, /* could also be sent for SSLv3 */
111 user_canceled = 90, 99 user_canceled = 90,
112 no_renegotiation = 100, 100 no_renegotiation = 100,
113 101
114 diff --git a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h 102 diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h
115 index 5a949c9..82ae7df 100644 103 --- a/nss/lib/ssl/sslerr.h» 2014-01-03 19:39:28.442012014 -0800
116 --- a/nss/lib/ssl/sslerr.h 104 +++ b/nss/lib/ssl/sslerr.h» 2014-01-03 19:44:54.877349862 -0800
117 +++ b/nss/lib/ssl/sslerr.h 105 @@ -196,6 +196,7 @@ SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM
118 @@ -196,6 +196,7 @@ SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
119 SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 129), 106 SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 129),
120 SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 130), 107 SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 130),
121 SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 131), 108 SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 131),
122 +SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 132), 109 +SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 132),
123 110
124 SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ 111 SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
125 } SSLErrorCodes; 112 } SSLErrorCodes;
126 diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h 113 diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h
127 index 7521dba..6d0bc15 100644 114 --- a/nss/lib/ssl/SSLerrs.h» 2014-01-03 19:39:28.442012014 -0800
128 --- a/nss/lib/ssl/sslimpl.h 115 +++ b/nss/lib/ssl/SSLerrs.h» 2014-01-03 19:44:54.907350351 -0800
129 +++ b/nss/lib/ssl/sslimpl.h 116 @@ -421,3 +421,8 @@ ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (S
117
118 ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
119 "The application could not get a TLS Channel ID.")
120 +
121 +ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 132),
122 +"The connection was using a lesser TLS version as a result of a previous"
123 +" handshake failure, but the server indicated that it should not have been"
124 +" needed.")
125 diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
126 --- a/nss/lib/ssl/ssl.h»2014-01-03 19:44:44.807185186 -0800
127 +++ b/nss/lib/ssl/ssl.h»2014-01-03 19:44:54.907350351 -0800
128 @@ -163,6 +163,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
129 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
130 /* Request Signed Certificate Timestamps via TLS extension (client) */
131 #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 25
132 +#define SSL_ENABLE_FALLBACK_SCSV 26 /* Send fallback SCSV in
133 + * handshakes. */
134
135 #ifdef SSL_DEPRECATED_FUNCTION
136 /* Old deprecated function names */
137 diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
138 --- a/nss/lib/ssl/sslimpl.h» 2014-01-03 19:44:44.807185186 -0800
139 +++ b/nss/lib/ssl/sslimpl.h» 2014-01-03 19:44:54.907350351 -0800
130 @@ -336,6 +336,7 @@ typedef struct sslOptionsStr { 140 @@ -336,6 +336,7 @@ typedef struct sslOptionsStr {
131 unsigned int cbcRandomIV : 1; /* 24 */ 141 unsigned int cbcRandomIV : 1; /* 24 */
132 unsigned int enableOCSPStapling : 1; /* 25 */ 142 unsigned int enableOCSPStapling : 1; /* 25 */
133 unsigned int enableSignedCertTimestamps : 1; /* 26 */ 143 unsigned int enableSignedCertTimestamps : 1; /* 26 */
134 + unsigned int enableFallbackSCSV : 1; /* 27 */ 144 + unsigned int enableFallbackSCSV : 1; /* 27 */
135 } sslOptions; 145 } sslOptions;
136 146
137 typedef enum { sslHandshakingUndetermined = 0, 147 typedef enum { sslHandshakingUndetermined = 0,
138 diff --git a/nss/lib/ssl/sslproto.h b/nss/lib/ssl/sslproto.h 148 diff -pu a/nss/lib/ssl/sslproto.h b/nss/lib/ssl/sslproto.h
139 index 6b60a28..621ef37 100644 149 --- a/nss/lib/ssl/sslproto.h» 2014-01-03 19:43:07.025586219 -0800
140 --- a/nss/lib/ssl/sslproto.h 150 +++ b/nss/lib/ssl/sslproto.h» 2014-01-03 19:44:54.907350351 -0800
141 +++ b/nss/lib/ssl/sslproto.h
142 @@ -172,6 +172,11 @@ 151 @@ -172,6 +172,11 @@
143 */ 152 */
144 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF 153 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
145 154
146 +/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a 155 +/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
147 + * handshake is the result of TLS version fallback. This value is not IANA 156 + * handshake is the result of TLS version fallback. This value is not IANA
148 + * assigned. */ 157 + * assigned. */
149 +#define TLS_FALLBACK_SCSV 0x5600 158 +#define TLS_FALLBACK_SCSV 0x5600
150 + 159 +
151 /* Cipher Suite Values starting with 0xC000 are defined in informational 160 /* Cipher Suite Values starting with 0xC000 are defined in informational
152 * RFCs. 161 * RFCs.
153 */ 162 */
154 diff --git a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c 163 diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
155 index 9f8286c..f7d44d4 100644 164 --- a/nss/lib/ssl/sslsock.c» 2014-01-03 19:44:44.807185186 -0800
156 --- a/nss/lib/ssl/sslsock.c 165 +++ b/nss/lib/ssl/sslsock.c» 2014-01-03 19:44:54.907350351 -0800
157 +++ b/nss/lib/ssl/sslsock.c 166 @@ -86,7 +86,8 @@ static sslOptions ssl_defaults = {
158 @@ -174,7 +174,8 @@ static sslOptions ssl_defaults = {
159 PR_FALSE, /* enableFalseStart */ 167 PR_FALSE, /* enableFalseStart */
160 PR_TRUE, /* cbcRandomIV */ 168 PR_TRUE, /* cbcRandomIV */
161 PR_FALSE, /* enableOCSPStapling */ 169 PR_FALSE, /* enableOCSPStapling */
162 - PR_FALSE /* enableSignedCertTimestamps */ 170 - PR_FALSE /* enableSignedCertTimestamps */
163 + PR_FALSE, /* enableSignedCertTimestamps */ 171 + PR_FALSE, /* enableSignedCertTimestamps */
164 + PR_FALSE /* enableFallbackSCSV */ 172 + PR_FALSE /* enableFallbackSCSV */
165 }; 173 };
166 174
167 /* 175 /*
168 @@ -870,6 +871,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) 176 @@ -782,6 +783,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
169 ss->opt.enableSignedCertTimestamps = on; 177 ss->opt.enableSignedCertTimestamps = on;
170 break; 178 break;
171 179
172 + case SSL_ENABLE_FALLBACK_SCSV: 180 + case SSL_ENABLE_FALLBACK_SCSV:
173 + ss->opt.enableFallbackSCSV = on; 181 + ss->opt.enableFallbackSCSV = on;
174 + break; 182 + break;
175 + 183 +
176 default: 184 default:
177 PORT_SetError(SEC_ERROR_INVALID_ARGS); 185 PORT_SetError(SEC_ERROR_INVALID_ARGS);
178 rv = SECFailure; 186 rv = SECFailure;
179 @@ -943,6 +948,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) 187 @@ -855,6 +860,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
180 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: 188 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
181 on = ss->opt.enableSignedCertTimestamps; 189 on = ss->opt.enableSignedCertTimestamps;
182 break; 190 break;
183 + case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; 191 + case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
184 192
185 default: 193 default:
186 PORT_SetError(SEC_ERROR_INVALID_ARGS); 194 PORT_SetError(SEC_ERROR_INVALID_ARGS);
187 @@ -1007,6 +1013,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) 195 @@ -919,6 +925,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
188 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: 196 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
189 on = ssl_defaults.enableSignedCertTimestamps; 197 on = ssl_defaults.enableSignedCertTimestamps;
190 break; 198 break;
191 + case SSL_ENABLE_FALLBACK_SCSV: 199 + case SSL_ENABLE_FALLBACK_SCSV:
192 + on = ssl_defaults.enableFallbackSCSV; 200 + on = ssl_defaults.enableFallbackSCSV;
193 + break; 201 + break;
194 202
195 default: 203 default:
196 PORT_SetError(SEC_ERROR_INVALID_ARGS); 204 PORT_SetError(SEC_ERROR_INVALID_ARGS);
197 @@ -1178,6 +1187,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) 205 @@ -1090,6 +1099,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
198 ssl_defaults.enableSignedCertTimestamps = on; 206 ssl_defaults.enableSignedCertTimestamps = on;
199 break; 207 break;
200 208
201 + case SSL_ENABLE_FALLBACK_SCSV: 209 + case SSL_ENABLE_FALLBACK_SCSV:
202 + ssl_defaults.enableFallbackSCSV = on; 210 + ssl_defaults.enableFallbackSCSV = on;
203 + break; 211 + break;
204 + 212 +
205 default: 213 default:
206 PORT_SetError(SEC_ERROR_INVALID_ARGS); 214 PORT_SetError(SEC_ERROR_INVALID_ARGS);
207 return SECFailure; 215 return SECFailure;
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/ecpointform.patch ('k') | net/third_party/nss/patches/getrequestedclientcerttypes.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698