| Index: net/third_party/nss/patches/channelid.patch
|
| ===================================================================
|
| --- net/third_party/nss/patches/channelid.patch (revision 242942)
|
| +++ net/third_party/nss/patches/channelid.patch (working copy)
|
| @@ -1,6 +1,6 @@
|
| diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
|
| ---- a/nss/lib/ssl/ssl3con.c 2013-07-31 12:45:11.497944276 -0700
|
| -+++ b/nss/lib/ssl/ssl3con.c 2013-07-31 12:51:32.663550380 -0700
|
| +--- a/nss/lib/ssl/ssl3con.c 2014-01-03 19:36:09.938766379 -0800
|
| ++++ b/nss/lib/ssl/ssl3con.c 2014-01-03 19:37:50.360408300 -0800
|
| @@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateSta
|
| static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
|
| static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
|
| @@ -9,7 +9,7 @@
|
| static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
|
| static SECStatus ssl3_SendServerHello( sslSocket *ss);
|
| static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
|
| -@@ -5891,6 +5892,15 @@ ssl3_HandleServerHello(sslSocket *ss, SS
|
| +@@ -6198,6 +6199,15 @@ ssl3_HandleServerHello(sslSocket *ss, SS
|
| }
|
| #endif /* NSS_PLATFORM_CLIENT_AUTH */
|
|
|
| @@ -25,7 +25,7 @@
|
| temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
|
| if (temp < 0) {
|
| goto loser; /* alert has been sent */
|
| -@@ -6170,7 +6180,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
|
| +@@ -6480,7 +6490,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
|
| if (rv != SECSuccess) {
|
| goto alert_loser; /* err code was set */
|
| }
|
| @@ -34,7 +34,7 @@
|
| } while (0);
|
|
|
| if (sid_match)
|
| -@@ -6196,6 +6206,27 @@ ssl3_HandleServerHello(sslSocket *ss, SS
|
| +@@ -6506,6 +6516,27 @@ ssl3_HandleServerHello(sslSocket *ss, SS
|
|
|
| ss->ssl3.hs.isResuming = PR_FALSE;
|
| ss->ssl3.hs.ws = wait_server_cert;
|
| @@ -62,28 +62,66 @@
|
| return SECSuccess;
|
|
|
| alert_loser:
|
| -@@ -6993,6 +7024,10 @@ ssl3_SendClientSecondRound(sslSocket *ss
|
| +@@ -7467,7 +7498,14 @@ ssl3_SendClientSecondRound(sslSocket *ss
|
| + if (rv != SECSuccess) {
|
| goto loser; /* err code was set. */
|
| }
|
| - }
|
| ++ }
|
| +
|
| + rv = ssl3_SendEncryptedExtensions(ss);
|
| + if (rv != SECSuccess) {
|
| + goto loser; /* err code was set. */
|
| + }
|
| ++
|
| ++ if (!ss->firstHsDone) {
|
| + if (ss->opt.enableFalseStart) {
|
| + if (!ss->ssl3.hs.authCertificatePending) {
|
| + /* When we fix bug 589047, we will need to know whether we are
|
| +@@ -7504,6 +7542,33 @@ ssl3_SendClientSecondRound(sslSocket *ss
|
|
|
| - rv = ssl3_SendFinished(ss, 0);
|
| - if (rv != SECSuccess) {
|
| -@@ -9947,6 +9982,165 @@ ssl3_RecordKeyLog(sslSocket *ss)
|
| - return;
|
| + ssl_ReleaseXmitBufLock(ss); /*******************************/
|
| +
|
| ++ if (!ss->ssl3.hs.isResuming &&
|
| ++ ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
|
| ++ /* If we are negotiating ChannelID on a full handshake then we record
|
| ++ * the handshake hashes in |sid| at this point. They will be needed in
|
| ++ * the event that we resume this session and use ChannelID on the
|
| ++ * resumption handshake. */
|
| ++ SSL3Hashes hashes;
|
| ++ SECItem *originalHandshakeHash =
|
| ++ &ss->sec.ci.sid->u.ssl3.originalHandshakeHash;
|
| ++ PORT_Assert(ss->sec.ci.sid->cached == never_cached);
|
| ++
|
| ++ ssl_GetSpecReadLock(ss);
|
| ++ PORT_Assert(ss->version > SSL_LIBRARY_VERSION_3_0);
|
| ++ rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0);
|
| ++ ssl_ReleaseSpecReadLock(ss);
|
| ++ if (rv != SECSuccess) {
|
| ++ return rv;
|
| ++ }
|
| ++
|
| ++ PORT_Assert(originalHandshakeHash->len == 0);
|
| ++ originalHandshakeHash->data = PORT_Alloc(hashes.len);
|
| ++ if (!originalHandshakeHash->data)
|
| ++ return SECFailure;
|
| ++ originalHandshakeHash->len = hashes.len;
|
| ++ memcpy(originalHandshakeHash->data, hashes.u.raw, hashes.len);
|
| ++ }
|
| ++
|
| + if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
|
| + ss->ssl3.hs.ws = wait_new_session_ticket;
|
| + else
|
| +@@ -10469,6 +10534,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
|
| }
|
|
|
| -+/* called from ssl3_SendClientSecondRound
|
| + /* called from ssl3_SendClientSecondRound
|
| + * ssl3_HandleFinished
|
| + */
|
| +static SECStatus
|
| +ssl3_SendEncryptedExtensions(sslSocket *ss)
|
| +{
|
| + static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature";
|
| ++ static const char CHANNEL_ID_RESUMPTION_MAGIC[] = "Resumption";
|
| + /* This is the ASN.1 prefix for a P-256 public key. Specifically it's:
|
| + * SEQUENCE
|
| + * SEQUENCE
|
| @@ -109,7 +147,10 @@
|
| + SECItem *spki = NULL;
|
| + SSL3Hashes hashes;
|
| + const unsigned char *pub_bytes;
|
| -+ unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)];
|
| ++ unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) +
|
| ++ sizeof(CHANNEL_ID_RESUMPTION_MAGIC) +
|
| ++ sizeof(SSL3Hashes)*2];
|
| ++ size_t signed_data_len;
|
| + unsigned char digest[SHA256_LENGTH];
|
| + SECItem digest_item;
|
| + unsigned char signature[64];
|
| @@ -159,11 +200,26 @@
|
| +
|
| + pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX);
|
| +
|
| -+ memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC));
|
| -+ memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), hashes.u.raw, hashes.len);
|
| ++ signed_data_len = 0;
|
| ++ memcpy(signed_data + signed_data_len, CHANNEL_ID_MAGIC,
|
| ++ sizeof(CHANNEL_ID_MAGIC));
|
| ++ signed_data_len += sizeof(CHANNEL_ID_MAGIC);
|
| ++ if (ss->ssl3.hs.isResuming) {
|
| ++ SECItem *originalHandshakeHash =
|
| ++ &ss->sec.ci.sid->u.ssl3.originalHandshakeHash;
|
| ++ PORT_Assert(originalHandshakeHash->len > 0);
|
| +
|
| -+ rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data,
|
| -+ sizeof(CHANNEL_ID_MAGIC) + hashes.len);
|
| ++ memcpy(signed_data + signed_data_len, CHANNEL_ID_RESUMPTION_MAGIC,
|
| ++ sizeof(CHANNEL_ID_RESUMPTION_MAGIC));
|
| ++ signed_data_len += sizeof(CHANNEL_ID_RESUMPTION_MAGIC);
|
| ++ memcpy(signed_data + signed_data_len, originalHandshakeHash->data,
|
| ++ originalHandshakeHash->len);
|
| ++ signed_data_len += originalHandshakeHash->len;
|
| ++ }
|
| ++ memcpy(signed_data + signed_data_len, hashes.u.raw, hashes.len);
|
| ++ signed_data_len += hashes.len;
|
| ++
|
| ++ rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, signed_data_len);
|
| + if (rv != SECSuccess)
|
| + goto loser;
|
| +
|
| @@ -236,10 +292,11 @@
|
| + return SECSuccess;
|
| +}
|
| +
|
| - /* called from ssl3_HandleServerHelloDone
|
| ++/* called from ssl3_SendClientSecondRound
|
| * ssl3_HandleClientHello
|
| * ssl3_HandleFinished
|
| -@@ -10202,11 +10396,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
|
| + */
|
| +@@ -10728,11 +10971,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
|
| flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
|
| }
|
|
|
| @@ -260,7 +317,7 @@
|
| }
|
|
|
| if (IS_DTLS(ss)) {
|
| -@@ -11635,6 +11834,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
|
| +@@ -12212,6 +12460,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
|
| ssl_FreePlatformKey(ss->ssl3.platformClientKey);
|
| #endif /* NSS_PLATFORM_CLIENT_AUTH */
|
|
|
| @@ -273,8 +330,8 @@
|
| ssl3_CleanupPeerCerts(ss);
|
|
|
| diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
|
| ---- a/nss/lib/ssl/ssl3ext.c 2013-07-31 12:40:14.493586151 -0700
|
| -+++ b/nss/lib/ssl/ssl3ext.c 2013-07-31 12:45:50.338515793 -0700
|
| +--- a/nss/lib/ssl/ssl3ext.c 2014-01-03 19:31:09.783859095 -0800
|
| ++++ b/nss/lib/ssl/ssl3ext.c 2014-01-03 19:36:25.379018825 -0800
|
| @@ -60,6 +60,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSo
|
| PRUint32 maxBytes);
|
| static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
|
| @@ -302,7 +359,7 @@
|
| { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
|
| { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
|
| /* any extra entries will appear as { 0, NULL } */
|
| -@@ -660,6 +666,52 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocke
|
| +@@ -669,6 +675,61 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocke
|
| }
|
|
|
| return extension_length;
|
| @@ -339,6 +396,15 @@
|
| + return 0;
|
| + }
|
| +
|
| ++ if (ss->sec.ci.sid->cached != never_cached &&
|
| ++ ss->sec.ci.sid->u.ssl3.originalHandshakeHash.len == 0) {
|
| ++ /* We can't do ChannelID on a connection if we're resuming and didn't
|
| ++ * do ChannelID on the original connection: without ChannelID on the
|
| ++ * original connection we didn't record the handshake hashes needed for
|
| ++ * the signature. */
|
| ++ return 0;
|
| ++ }
|
| ++
|
| + if (append) {
|
| + SECStatus rv;
|
| + rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2);
|
| @@ -356,8 +422,8 @@
|
| loser:
|
| return -1;
|
| diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h
|
| ---- a/nss/lib/ssl/ssl3prot.h 2013-07-31 12:07:10.974699609 -0700
|
| -+++ b/nss/lib/ssl/ssl3prot.h 2013-07-31 12:45:50.338515793 -0700
|
| +--- a/nss/lib/ssl/ssl3prot.h 2014-01-03 19:28:03.550814608 -0800
|
| ++++ b/nss/lib/ssl/ssl3prot.h 2014-01-03 19:36:25.379018825 -0800
|
| @@ -129,7 +129,8 @@ typedef enum {
|
| client_key_exchange = 16,
|
| finished = 20,
|
| @@ -369,9 +435,9 @@
|
|
|
| typedef struct {
|
| diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c
|
| ---- a/nss/lib/ssl/sslauth.c 2013-07-31 12:40:14.503586299 -0700
|
| -+++ b/nss/lib/ssl/sslauth.c 2013-07-31 12:45:50.338515793 -0700
|
| -@@ -219,6 +219,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
|
| +--- a/nss/lib/ssl/sslauth.c 2014-01-03 19:31:09.783859095 -0800
|
| ++++ b/nss/lib/ssl/sslauth.c 2014-01-03 19:36:25.379018825 -0800
|
| +@@ -216,6 +216,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
|
| return SECSuccess;
|
| }
|
|
|
| @@ -397,8 +463,8 @@
|
| /* NEED LOCKS IN HERE. */
|
| SECStatus
|
| diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h
|
| ---- a/nss/lib/ssl/sslerr.h 2013-07-31 12:07:10.974699609 -0700
|
| -+++ b/nss/lib/ssl/sslerr.h 2013-07-31 12:45:50.338515793 -0700
|
| +--- a/nss/lib/ssl/sslerr.h 2014-01-03 19:28:03.550814608 -0800
|
| ++++ b/nss/lib/ssl/sslerr.h 2014-01-03 19:36:25.379018825 -0800
|
| @@ -193,6 +193,10 @@ SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (
|
| SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
|
| SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
|
| @@ -411,8 +477,8 @@
|
| } SSLErrorCodes;
|
| #endif /* NO_SECURITY_ERROR_ENUM */
|
| diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h
|
| ---- a/nss/lib/ssl/SSLerrs.h 2013-07-31 12:07:10.964699464 -0700
|
| -+++ b/nss/lib/ssl/SSLerrs.h 2013-07-31 12:45:50.338515793 -0700
|
| +--- a/nss/lib/ssl/SSLerrs.h 2014-01-03 19:28:03.540814444 -0800
|
| ++++ b/nss/lib/ssl/SSLerrs.h 2014-01-03 19:36:25.379018825 -0800
|
| @@ -412,3 +412,12 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR
|
|
|
| ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
|
| @@ -427,9 +493,9 @@
|
| +ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
|
| +"The application could not get a TLS Channel ID.")
|
| diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
|
| ---- a/nss/lib/ssl/ssl.h 2013-07-31 12:45:11.497944276 -0700
|
| -+++ b/nss/lib/ssl/ssl.h 2013-07-31 12:45:50.338515793 -0700
|
| -@@ -958,6 +958,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
|
| +--- a/nss/lib/ssl/ssl.h 2014-01-03 19:36:09.938766379 -0800
|
| ++++ b/nss/lib/ssl/ssl.h 2014-01-03 19:36:25.379018825 -0800
|
| +@@ -985,6 +985,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
|
| SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
|
| PRBool *last_handshake_resumed);
|
|
|
| @@ -465,9 +531,24 @@
|
| ** How long should we wait before retransmitting the next flight of
|
| ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
|
| diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
|
| ---- a/nss/lib/ssl/sslimpl.h 2013-07-31 12:45:11.497944276 -0700
|
| -+++ b/nss/lib/ssl/sslimpl.h 2013-07-31 12:45:50.338515793 -0700
|
| -@@ -921,6 +921,9 @@ struct ssl3StateStr {
|
| +--- a/nss/lib/ssl/sslimpl.h 2014-01-03 19:36:09.938766379 -0800
|
| ++++ b/nss/lib/ssl/sslimpl.h 2014-01-03 19:36:25.379018825 -0800
|
| +@@ -700,6 +700,14 @@ struct sslSessionIDStr {
|
| +
|
| + SECItem srvName;
|
| +
|
| ++ /* originalHandshakeHash contains the hash of the original, full
|
| ++ * handshake prior to the server's final flow. This is either a
|
| ++ * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for
|
| ++ * TLS 1.2). This is recorded and used only when ChannelID is
|
| ++ * negotiated as it's used to bind the ChannelID signature on the
|
| ++ * resumption handshake to the original handshake. */
|
| ++ SECItem originalHandshakeHash;
|
| ++
|
| + /* This lock is lazily initialized by CacheSID when a sid is first
|
| + * cached. Before then, there is no need to lock anything because
|
| + * the sid isn't being shared by anything.
|
| +@@ -969,6 +977,9 @@ struct ssl3StateStr {
|
| CERTCertificateList *clientCertChain; /* used by client */
|
| PRBool sendEmptyCert; /* used by client */
|
|
|
| @@ -477,7 +558,7 @@
|
| int policy;
|
| /* This says what cipher suites we can do, and should
|
| * be either SSL_ALLOWED or SSL_RESTRICTED
|
| -@@ -1192,6 +1195,8 @@ const unsigned char * preferredCipher;
|
| +@@ -1246,6 +1257,8 @@ const unsigned char * preferredCipher;
|
| void *pkcs11PinArg;
|
| SSLNextProtoCallback nextProtoCallback;
|
| void *nextProtoArg;
|
| @@ -486,7 +567,7 @@
|
|
|
| PRIntervalTime rTimeout; /* timeout for NSPR I/O */
|
| PRIntervalTime wTimeout; /* timeout for NSPR I/O */
|
| -@@ -1524,6 +1529,11 @@ extern SECStatus ssl3_RestartHandshakeAf
|
| +@@ -1590,6 +1603,11 @@ extern SECStatus ssl3_RestartHandshakeAf
|
| SECKEYPrivateKey * key,
|
| CERTCertificateList *certChain);
|
|
|
| @@ -498,10 +579,23 @@
|
| extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
|
|
|
| /*
|
| +diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
|
| +--- a/nss/lib/ssl/sslnonce.c 2014-01-03 19:30:40.073373382 -0800
|
| ++++ b/nss/lib/ssl/sslnonce.c 2014-01-03 19:36:25.379018825 -0800
|
| +@@ -182,6 +182,9 @@ ssl_DestroySID(sslSessionID *sid)
|
| + if (sid->u.ssl3.srvName.data) {
|
| + SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
|
| + }
|
| ++ if (sid->u.ssl3.originalHandshakeHash.data) {
|
| ++ SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
|
| ++ }
|
| +
|
| + if (sid->u.ssl3.lock) {
|
| + PR_DestroyRWLock(sid->u.ssl3.lock);
|
| diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
|
| ---- a/nss/lib/ssl/sslsecur.c 2013-07-31 12:45:11.497944276 -0700
|
| -+++ b/nss/lib/ssl/sslsecur.c 2013-07-31 12:45:50.338515793 -0700
|
| -@@ -1502,6 +1502,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileD
|
| +--- a/nss/lib/ssl/sslsecur.c 2014-01-03 19:36:09.938766379 -0800
|
| ++++ b/nss/lib/ssl/sslsecur.c 2014-01-03 19:36:25.379018825 -0800
|
| +@@ -1584,6 +1584,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileD
|
| return ret;
|
| }
|
|
|
| @@ -545,18 +639,18 @@
|
| * this implementation exists to maintain link-time compatibility.
|
| */
|
| diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
|
| ---- a/nss/lib/ssl/sslsock.c 2013-07-31 12:44:32.017363288 -0700
|
| -+++ b/nss/lib/ssl/sslsock.c 2013-07-31 12:45:50.348515937 -0700
|
| -@@ -354,6 +354,8 @@ ssl_DupSocket(sslSocket *os)
|
| - ss->handshakeCallback = os->handshakeCallback;
|
| - ss->handshakeCallbackData = os->handshakeCallbackData;
|
| +--- a/nss/lib/ssl/sslsock.c 2014-01-03 19:32:06.914793097 -0800
|
| ++++ b/nss/lib/ssl/sslsock.c 2014-01-03 19:36:25.379018825 -0800
|
| +@@ -274,6 +274,8 @@ ssl_DupSocket(sslSocket *os)
|
| + ss->canFalseStartCallback = os->canFalseStartCallback;
|
| + ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
|
| ss->pkcs11PinArg = os->pkcs11PinArg;
|
| + ss->getChannelID = os->getChannelID;
|
| + ss->getChannelIDArg = os->getChannelIDArg;
|
|
|
| /* Create security data */
|
| rv = ssl_CopySecurityInfo(ss, os);
|
| -@@ -1754,6 +1756,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
|
| +@@ -1669,6 +1671,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
|
| ss->handshakeCallbackData = sm->handshakeCallbackData;
|
| if (sm->pkcs11PinArg)
|
| ss->pkcs11PinArg = sm->pkcs11PinArg;
|
| @@ -567,7 +661,7 @@
|
| return fd;
|
| loser:
|
| return NULL;
|
| -@@ -3027,6 +3033,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
|
| +@@ -2946,6 +2952,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
|
| ss->badCertArg = NULL;
|
| ss->pkcs11PinArg = NULL;
|
| ss->ephemeralECDHKeyPair = NULL;
|
| @@ -577,13 +671,13 @@
|
| ssl_ChooseOps(ss);
|
| ssl2_InitSocketPolicy(ss);
|
| diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
|
| ---- a/nss/lib/ssl/sslt.h 2013-07-31 12:07:10.974699609 -0700
|
| -+++ b/nss/lib/ssl/sslt.h 2013-07-31 12:45:50.348515937 -0700
|
| -@@ -184,9 +184,10 @@ typedef enum {
|
| +--- a/nss/lib/ssl/sslt.h 2014-01-03 19:28:03.560814773 -0800
|
| ++++ b/nss/lib/ssl/sslt.h 2014-01-03 19:36:25.379018825 -0800
|
| +@@ -189,9 +189,10 @@ typedef enum {
|
| ssl_use_srtp_xtn = 14,
|
| ssl_session_ticket_xtn = 35,
|
| ssl_next_proto_nego_xtn = 13172,
|
| -+ ssl_channel_id_xtn = 30031,
|
| ++ ssl_channel_id_xtn = 30032,
|
| ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
|
| } SSLExtensionType;
|
|
|
|
|
Chromium Code Reviews
Issue 111853013:
Update net/third_party/nss to NSS 3.15.4. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/