net/third_party/nss/patches/peercertchain.patch - Issue 111853013: Update net/third_party/nss to NSS 3.15.4.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/third_party/nss/patches/peercertchain.patch

Issue 111853013: Update net/third_party/nss to NSS 3.15.4. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Add CT TLS extension bug number Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c

2 --- a/nss/lib/ssl/sslauth.c 2013-07-31 12:07:10.974699609 -0700

3 +++ b/nss/lib/ssl/sslauth.c 2013-07-31 12:32:07.996451064 -0700

4 @@ -28,6 +28,41 @@ SSL_PeerCertificate(PRFileDesc *fd)

5 }

6

7 /* NEED LOCKS IN HERE. */

8 +SECStatus

9 +SSL_PeerCertificateChain(PRFileDesc fd, CERTCertificate *certs,

10 + unsigned int *numCerts, unsigned int maxNumCerts)

11 +{

12 + sslSocket *ss;

13 + ssl3CertNode* cur;

14 +

15 + ss = ssl_FindSocket(fd);

16 + if (!ss) {

17 + SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",

18 + SSL_GETPID(), fd));

19 + return SECFailure;

20 + }

21 + if (!ss->opt.useSecurity)

22 + return SECFailure;

23 +

24 + if (ss->sec.peerCert == NULL) {

25 + *numCerts = 0;

26 + return SECSuccess;

27 + }

28 +

29 + numCerts = 1; / for the leaf certificate */

30 + if (maxNumCerts > 0)

31 + certs[0] = CERT_DupCertificate(ss->sec.peerCert);

32 +

33 + for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {

34 + if (*numCerts < maxNumCerts)

35 + certs[*numCerts] = CERT_DupCertificate(cur->cert);

36 + (*numCerts)++;

37 + }

38 +

39 + return SECSuccess;

40 +}

41 +

42 +/* NEED LOCKS IN HERE. */

43 CERTCertificate *

44 SSL_LocalCertificate(PRFileDesc *fd)

45 {

46 diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h

47 --- a/nss/lib/ssl/ssl.h 2013-07-31 12:07:10.964699464 -0700

48 +++ b/nss/lib/ssl/ssl.h 2013-07-31 12:32:07.996451065 -0700

49 @@ -426,6 +426,18 @@ SSL_SetStapledOCSPResponses(PRFileDesc *

50 SSLKEAType kea);

51

52 /*

53 +** Return references to the certificates presented by the SSL peer.

54 +** \|maxNumCerts\| must contain the size of the \|certs\| array. On successful

55 +** return, \|*numCerts\| contains the number of certificates available and

56 +** \|certs\| will contain references to as many certificates as would fit.

57 +** Therefore if \|*numCerts\| contains a value less than or equal to

58 +** \|maxNumCerts\|, then all certificates were returned.

59 +*/

60 +SSL_IMPORT SECStatus SSL_PeerCertificateChain(

61 + PRFileDesc fd, CERTCertificate *certs,

62 + unsigned int *numCerts, unsigned int maxNumCerts);

63 +

64 +/*

65 ** Authenticate certificate hook. Called when a certificate comes in

66 ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the

67 ** certificate.

OLD	NEW