Update net/third_party/nss to NSS 3.15.4.

net/third_party/nss/patches/peercertchain2.patch

Index: net/third_party/nss/patches/peercertchain2.patch
===================================================================
--- net/third_party/nss/patches/peercertchain2.patch	(revision 242942)
+++ net/third_party/nss/patches/peercertchain2.patch	(working copy)
@@ -1,107 +0,0 @@
-Index: net/third_party/nss/ssl/ssl.h
-===================================================================
---- net/third_party/nss/ssl/ssl.h	(revision 225295)
-+++ net/third_party/nss/ssl/ssl.h	(working copy)
-@@ -434,6 +434,15 @@
- */
- SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
- 
-+/*
-+** Return the certificates presented by the SSL peer. If the SSL peer
-+** did not present certificates, return NULL with the
-+** SSL_ERROR_NO_CERTIFICATE error. On failure, return NULL with an error
-+** code other than SSL_ERROR_NO_CERTIFICATE.
-+**	"fd" the socket "file" descriptor
-+*/
-+SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
-+
- /* SSL_PeerStapledOCSPResponses returns the OCSP responses that were provided
-  * by the TLS server. The return value is a pointer to an internal SECItemArray
-  * that contains the returned OCSP responses; it is only valid until the
-@@ -463,18 +472,6 @@
- 			    SSLKEAType kea);
- 
- /*
--** Return references to the certificates presented by the SSL peer.
--** |maxNumCerts| must contain the size of the |certs| array. On successful
--** return, |*numCerts| contains the number of certificates available and
--** |certs| will contain references to as many certificates as would fit.
--** Therefore if |*numCerts| contains a value less than or equal to
--** |maxNumCerts|, then all certificates were returned.
--*/
--SSL_IMPORT SECStatus SSL_PeerCertificateChain(
--	PRFileDesc *fd, CERTCertificate **certs,
--	unsigned int *numCerts, unsigned int maxNumCerts);
--
--/*
- ** Authenticate certificate hook. Called when a certificate comes in
- ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
- ** certificate.
-Index: net/third_party/nss/ssl/sslauth.c
-===================================================================
---- net/third_party/nss/ssl/sslauth.c	(revision 225295)
-+++ net/third_party/nss/ssl/sslauth.c	(working copy)
-@@ -28,38 +28,43 @@
- }
- 
- /* NEED LOCKS IN HERE.  */
--SECStatus
--SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs,
--			 unsigned int *numCerts, unsigned int maxNumCerts)
-+CERTCertList *
-+SSL_PeerCertificateChain(PRFileDesc *fd)
- {
-     sslSocket *ss;
--    ssl3CertNode* cur;
-+    CERTCertList *chain = NULL;
-+    CERTCertificate *cert;
-+    ssl3CertNode *cur;
- 
-     ss = ssl_FindSocket(fd);
-     if (!ss) {
- 	SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
- 		 SSL_GETPID(), fd));
--	return SECFailure;
-+	return NULL;
-     }
--    if (!ss->opt.useSecurity)
--	return SECFailure;
--
--    if (ss->sec.peerCert == NULL) {
--      *numCerts = 0;
--      return SECSuccess;
-+    if (!ss->opt.useSecurity || !ss->sec.peerCert) {
-+	PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
-+	return NULL;
-     }
--
--    *numCerts = 1;  /* for the leaf certificate */
--    if (maxNumCerts > 0)
--	certs[0] = CERT_DupCertificate(ss->sec.peerCert);
--
-+    chain = CERT_NewCertList();
-+    if (!chain) {
-+	return NULL;
-+    }
-+    cert = CERT_DupCertificate(ss->sec.peerCert);
-+    if (CERT_AddCertToListTail(chain, cert) != SECSuccess) {
-+	goto loser;
-+    }
-     for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
--	if (*numCerts < maxNumCerts)
--	    certs[*numCerts] = CERT_DupCertificate(cur->cert);
--	(*numCerts)++;
-+	cert = CERT_DupCertificate(cur->cert);
-+	if (CERT_AddCertToListTail(chain, cert) != SECSuccess) {
-+	    goto loser;
-+	}
-     }
-+    return chain;
- 
--    return SECSuccess;
-+loser:
-+    CERT_DestroyCertList(chain);
-+    return NULL;
- }
- 
- /* NEED LOCKS IN HERE.  */