| OLD | NEW |
|---|
| (Empty) |
| 1 Index: net/third_party/nss/ssl/ssl.h | |
| 2 =================================================================== | |
| 3 --- net/third_party/nss/ssl/ssl.h (revision 140534) | |
| 4 +++ net/third_party/nss/ssl/ssl.h (revision 140535) | |
| 5 @@ -834,6 +834,28 @@ | |
| 6 struct SECKEYPrivateKeyStr **pRetKey); | |
| 7 | |
| 8 /* | |
| 9 +** Configure DTLS-SRTP (RFC 5764) cipher suite preferences. | |
| 10 +** Input is a list of ciphers in descending preference order and a length | |
| 11 +** of the list. As a side effect, this causes the use_srtp extension to be | |
| 12 +** negotiated. | |
| 13 +** | |
| 14 +** Invalid or unimplemented cipher suites in |ciphers| are ignored. If at | |
| 15 +** least one cipher suite in |ciphers| is implemented, returns SECSuccess. | |
| 16 +** Otherwise returns SECFailure. | |
| 17 +*/ | |
| 18 +SSL_IMPORT SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd, | |
| 19 + const PRUint16 *ciphers, | |
| 20 + unsigned int numCiphers); | |
| 21 + | |
| 22 +/* | |
| 23 +** Get the selected DTLS-SRTP cipher suite (if any). | |
| 24 +** To be called after the handshake completes. | |
| 25 +** Returns SECFailure if not negotiated. | |
| 26 +*/ | |
| 27 +SSL_IMPORT SECStatus SSL_GetSRTPCipher(PRFileDesc *fd, | |
| 28 + PRUint16 *cipher); | |
| 29 + | |
| 30 +/* | |
| 31 * Look to see if any of the signers in the cert chain for "cert" are found | |
| 32 * in the list of caNames. | |
| 33 * Returns SECSuccess if so, SECFailure if not. | |
| 34 Index: net/third_party/nss/ssl/sslimpl.h | |
| 35 =================================================================== | |
| 36 --- net/third_party/nss/ssl/sslimpl.h (revision 140534) | |
| 37 +++ net/third_party/nss/ssl/sslimpl.h (revision 140535) | |
| 38 @@ -328,6 +328,8 @@ | |
| 39 #define ssl_V3_SUITES_IMPLEMENTED 30 | |
| 40 #endif /* NSS_ENABLE_ECC */ | |
| 41 | |
| 42 +#define MAX_DTLS_SRTP_CIPHER_SUITES 4 | |
| 43 + | |
| 44 typedef struct sslOptionsStr { | |
| 45 /* If SSL_SetNextProtoNego has been called, then this contains the | |
| 46 * list of supported protocols. */ | |
| 47 @@ -951,6 +953,11 @@ | |
| 48 SSLNextProtoState nextProtoState; | |
| 49 | |
| 50 PRUint16 mtu; /* Our estimate of the MTU */ | |
| 51 + | |
| 52 + /* DTLS-SRTP cipher suite preferences (if any) */ | |
| 53 + PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES]; | |
| 54 + PRUint16 dtlsSRTPCipherCount; | |
| 55 + PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ | |
| 56 }; | |
| 57 | |
| 58 #define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the | |
| 59 Index: net/third_party/nss/ssl/ssl3ext.c | |
| 60 =================================================================== | |
| 61 --- net/third_party/nss/ssl/ssl3ext.c (revision 140534) | |
| 62 +++ net/third_party/nss/ssl/ssl3ext.c (revision 140535) | |
| 63 @@ -88,6 +88,10 @@ | |
| 64 PRUint32 maxBytes); | |
| 65 static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append, | |
| 66 PRUint32 maxBytes); | |
| 67 +static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, | |
| 68 + PRUint32 maxBytes); | |
| 69 +static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, | |
| 70 + SECItem *data); | |
| 71 | |
| 72 /* | |
| 73 * Write bytes. Using this function means the SECItem structure | |
| 74 @@ -246,6 +250,7 @@ | |
| 75 { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, | |
| 76 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | |
| 77 { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, | |
| 78 + { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, | |
| 79 { -1, NULL } | |
| 80 }; | |
| 81 | |
| 82 @@ -259,6 +264,7 @@ | |
| 83 { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, | |
| 84 { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, | |
| 85 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, | |
| 86 + { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn}, | |
| 87 { -1, NULL } | |
| 88 }; | |
| 89 | |
| 90 @@ -284,7 +290,8 @@ | |
| 91 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, | |
| 92 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, | |
| 93 { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, | |
| 94 - { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } | |
| 95 + { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, | |
| 96 + { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn } | |
| 97 /* any extra entries will appear as { 0, NULL } */ | |
| 98 }; | |
| 99 | |
| 100 @@ -1782,3 +1789,206 @@ | |
| 101 return rv; | |
| 102 } | |
| 103 | |
| 104 +static PRInt32 | |
| 105 +ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) | |
| 106 +{ | |
| 107 + PRUint32 ext_data_len; | |
| 108 + PRInt16 i; | |
| 109 + SECStatus rv; | |
| 110 + | |
| 111 + if (!ss) | |
| 112 + return 0; | |
| 113 + | |
| 114 + if (!ss->sec.isServer) { | |
| 115 + /* Client side */ | |
| 116 + | |
| 117 + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) | |
| 118 + return 0; /* Not relevant */ | |
| 119 + | |
| 120 + ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; | |
| 121 + | |
| 122 + if (append && maxBytes >= 4 + ext_data_len) { | |
| 123 + /* Extension type */ | |
| 124 + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); | |
| 125 + if (rv != SECSuccess) return -1; | |
| 126 + /* Length of extension data */ | |
| 127 + rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); | |
| 128 + if (rv != SECSuccess) return -1; | |
| 129 + /* Length of the SRTP cipher list */ | |
| 130 + rv = ssl3_AppendHandshakeNumber(ss, | |
| 131 + 2 * ss->ssl3.dtlsSRTPCipherCount, | |
| 132 + 2); | |
| 133 + if (rv != SECSuccess) return -1; | |
| 134 + /* The SRTP ciphers */ | |
| 135 + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { | |
| 136 + rv = ssl3_AppendHandshakeNumber(ss, | |
| 137 + ss->ssl3.dtlsSRTPCiphers[i], | |
| 138 + 2); | |
| 139 + } | |
| 140 + /* Empty MKI value */ | |
| 141 + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); | |
| 142 + | |
| 143 + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = | |
| 144 + ssl_use_srtp_xtn; | |
| 145 + } | |
| 146 + | |
| 147 + return 4 + ext_data_len; | |
| 148 + } | |
| 149 + | |
| 150 + /* Server side */ | |
| 151 + if (append && maxBytes >= 9) { | |
| 152 + /* Extension type */ | |
| 153 + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); | |
| 154 + if (rv != SECSuccess) return -1; | |
| 155 + /* Length of extension data */ | |
| 156 + rv = ssl3_AppendHandshakeNumber(ss, 5, 2); | |
| 157 + if (rv != SECSuccess) return -1; | |
| 158 + /* Length of the SRTP cipher list */ | |
| 159 + rv = ssl3_AppendHandshakeNumber(ss, 2, 2); | |
| 160 + if (rv != SECSuccess) return -1; | |
| 161 + /* The selected cipher */ | |
| 162 + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); | |
| 163 + if (rv != SECSuccess) return -1; | |
| 164 + /* Empty MKI value */ | |
| 165 + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); | |
| 166 + } | |
| 167 + | |
| 168 + return 9; | |
| 169 +} | |
| 170 + | |
| 171 +static SECStatus | |
| 172 +ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) | |
| 173 +{ | |
| 174 + SECStatus rv; | |
| 175 + SECItem ciphers = {siBuffer, NULL, 0}; | |
| 176 + PRInt16 i; | |
| 177 + PRInt16 j; | |
| 178 + PRUint16 cipher = 0; | |
| 179 + PRBool found = PR_FALSE; | |
| 180 + SECItem litem; | |
| 181 + | |
| 182 + if (!ss->sec.isServer) { | |
| 183 + /* Client side */ | |
| 184 + if (!data->data || !data->len) { | |
| 185 + /* malformed */ | |
| 186 + return SECFailure; | |
| 187 + } | |
| 188 + | |
| 189 + /* Get the cipher list */ | |
| 190 + rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, | |
| 191 + &data->data, &data->len); | |
| 192 + if (rv != SECSuccess) { | |
| 193 + return SECFailure; | |
| 194 + } | |
| 195 + /* Now check that the number of ciphers listed is 1 (len = 2) */ | |
| 196 + if (ciphers.len != 2) { | |
| 197 + return SECFailure; | |
| 198 + } | |
| 199 + | |
| 200 + /* Get the selected cipher */ | |
| 201 + cipher = (ciphers.data[0] << 8) | ciphers.data[1]; | |
| 202 + | |
| 203 + /* Now check that this is one of the ciphers we offered */ | |
| 204 + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { | |
| 205 + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { | |
| 206 + found = PR_TRUE; | |
| 207 + break; | |
| 208 + } | |
| 209 + } | |
| 210 + | |
| 211 + if (!found) { | |
| 212 + return SECFailure; | |
| 213 + } | |
| 214 + | |
| 215 + /* Get the srtp_mki value */ | |
| 216 + rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, | |
| 217 + &data->data, &data->len); | |
| 218 + if (rv != SECSuccess) { | |
| 219 + return SECFailure; | |
| 220 + } | |
| 221 + | |
| 222 + /* We didn't offer an MKI, so this must be 0 length */ | |
| 223 + /* XXX RFC 5764 Section 4.1.3 says: | |
| 224 + * If the client detects a nonzero-length MKI in the server's | |
| 225 + * response that is different than the one the client offered, | |
| 226 + * then the client MUST abort the handshake and SHOULD send an | |
| 227 + * invalid_parameter alert. | |
| 228 + * | |
| 229 + * Due to a limitation of the ssl3_HandleHelloExtensions function, | |
| 230 + * returning SECFailure here won't abort the handshake. It will | |
| 231 + * merely cause the use_srtp extension to be not negotiated. We | |
| 232 + * should fix this. See NSS bug 753136. | |
| 233 + */ | |
| 234 + if (litem.len != 0) { | |
| 235 + return SECFailure; | |
| 236 + } | |
| 237 + | |
| 238 + if (data->len != 0) { | |
| 239 + /* malformed */ | |
| 240 + return SECFailure; | |
| 241 + } | |
| 242 + | |
| 243 + /* OK, this looks fine. */ | |
| 244 + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; | |
| 245 + ss->ssl3.dtlsSRTPCipherSuite = cipher; | |
| 246 + return SECSuccess; | |
| 247 + } | |
| 248 + | |
| 249 + /* Server side */ | |
| 250 + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) { | |
| 251 + /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP | |
| 252 + * preferences have been set. */ | |
| 253 + return SECSuccess; | |
| 254 + } | |
| 255 + | |
| 256 + if (!data->data || data->len < 5) { | |
| 257 + /* malformed */ | |
| 258 + return SECFailure; | |
| 259 + } | |
| 260 + | |
| 261 + /* Get the cipher list */ | |
| 262 + rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, | |
| 263 + &data->data, &data->len); | |
| 264 + if (rv != SECSuccess) { | |
| 265 + return SECFailure; | |
| 266 + } | |
| 267 + /* Check that the list is even length */ | |
| 268 + if (ciphers.len % 2) { | |
| 269 + return SECFailure; | |
| 270 + } | |
| 271 + | |
| 272 + /* Walk through the offered list and pick the most preferred of our | |
| 273 + * ciphers, if any */ | |
| 274 + for (i = 0; !found && i < ss->ssl3.dtlsSRTPCipherCount; i++) { | |
| 275 + for (j = 0; j + 1 < ciphers.len; j += 2) { | |
| 276 + cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1]; | |
| 277 + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { | |
| 278 + found = PR_TRUE; | |
| 279 + break; | |
| 280 + } | |
| 281 + } | |
| 282 + } | |
| 283 + | |
| 284 + /* Get the srtp_mki value */ | |
| 285 + rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, &data->data, &data->len); | |
| 286 + if (rv != SECSuccess) { | |
| 287 + return SECFailure; | |
| 288 + } | |
| 289 + | |
| 290 + if (data->len != 0) { | |
| 291 + return SECFailure; /* Malformed */ | |
| 292 + } | |
| 293 + | |
| 294 + /* Now figure out what to do */ | |
| 295 + if (!found) { | |
| 296 + /* No matching ciphers */ | |
| 297 + return SECSuccess; | |
| 298 + } | |
| 299 + | |
| 300 + /* OK, we have a valid cipher and we've selected it */ | |
| 301 + ss->ssl3.dtlsSRTPCipherSuite = cipher; | |
| 302 + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; | |
| 303 + | |
| 304 + return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn, | |
| 305 + ssl3_SendUseSRTPXtn); | |
| 306 +} | |
| 307 Index: net/third_party/nss/ssl/sslsock.c | |
| 308 =================================================================== | |
| 309 --- net/third_party/nss/ssl/sslsock.c (revision 140534) | |
| 310 +++ net/third_party/nss/ssl/sslsock.c (revision 140535) | |
| 311 @@ -223,6 +223,13 @@ | |
| 312 char lockStatus[] = "Locks are ENABLED. "; | |
| 313 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */ | |
| 314 | |
| 315 +/* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */ | |
| 316 +static const PRUint16 srtpCiphers[] = { | |
| 317 + SRTP_AES128_CM_HMAC_SHA1_80, | |
| 318 + SRTP_AES128_CM_HMAC_SHA1_32, | |
| 319 + 0 | |
| 320 +}; | |
| 321 + | |
| 322 /* forward declarations. */ | |
| 323 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant); | |
| 324 static SECStatus ssl_MakeLocks(sslSocket *ss); | |
| 325 @@ -288,12 +295,6 @@ | |
| 326 sslSocket *ss; | |
| 327 SECStatus rv; | |
| 328 | |
| 329 - /* Not implemented for datagram */ | |
| 330 - if (IS_DTLS(os)) { | |
| 331 - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); | |
| 332 - return NULL; | |
| 333 - } | |
| 334 - | |
| 335 ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant); | |
| 336 if (ss) { | |
| 337 ss->opt = os->opt; | |
| 338 @@ -314,6 +315,9 @@ | |
| 339 ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; | |
| 340 ss->chosenPreference = os->chosenPreference; | |
| 341 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites)
; | |
| 342 + PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, | |
| 343 + sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); | |
| 344 + ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; | |
| 345 | |
| 346 if (os->cipherSpecs) { | |
| 347 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); | |
| 348 @@ -1574,6 +1578,75 @@ | |
| 349 return SECSuccess; | |
| 350 } | |
| 351 | |
| 352 +SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd, | |
| 353 + const PRUint16 *ciphers, | |
| 354 + unsigned int numCiphers) | |
| 355 +{ | |
| 356 + sslSocket *ss; | |
| 357 + int i; | |
| 358 + | |
| 359 + ss = ssl_FindSocket(fd); | |
| 360 + if (!ss || !IS_DTLS(ss)) { | |
| 361 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers", | |
| 362 + SSL_GETPID(), fd)); | |
| 363 + PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 364 + return SECFailure; | |
| 365 + } | |
| 366 + | |
| 367 + if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) { | |
| 368 + PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 369 + return SECFailure; | |
| 370 + } | |
| 371 + | |
| 372 + ss->ssl3.dtlsSRTPCipherCount = 0; | |
| 373 + for (i = 0; i < numCiphers; i++) { | |
| 374 + const PRUint16 *srtpCipher = srtpCiphers; | |
| 375 + | |
| 376 + while (*srtpCipher) { | |
| 377 + if (ciphers[i] == *srtpCipher) | |
| 378 + break; | |
| 379 + srtpCipher++; | |
| 380 + } | |
| 381 + if (*srtpCipher) { | |
| 382 + ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] = | |
| 383 + ciphers[i]; | |
| 384 + } else { | |
| 385 + SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher " | |
| 386 + "suite specified: 0x%04hx", SSL_GETPID(), fd, | |
| 387 + ciphers[i])); | |
| 388 + } | |
| 389 + } | |
| 390 + | |
| 391 + if (ss->ssl3.dtlsSRTPCipherCount == 0) { | |
| 392 + PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 393 + return SECFailure; | |
| 394 + } | |
| 395 + | |
| 396 + return SECSuccess; | |
| 397 +} | |
| 398 + | |
| 399 +SECStatus | |
| 400 +SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher) | |
| 401 +{ | |
| 402 + sslSocket * ss; | |
| 403 + | |
| 404 + ss = ssl_FindSocket(fd); | |
| 405 + if (!ss) { | |
| 406 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher", | |
| 407 + SSL_GETPID(), fd)); | |
| 408 + PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 409 + return SECFailure; | |
| 410 + } | |
| 411 + | |
| 412 + if (!ss->ssl3.dtlsSRTPCipherSuite) { | |
| 413 + PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 414 + return SECFailure; | |
| 415 + } | |
| 416 + | |
| 417 + *cipher = ss->ssl3.dtlsSRTPCipherSuite; | |
| 418 + return SECSuccess; | |
| 419 +} | |
| 420 + | |
| 421 PRFileDesc * | |
| 422 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) | |
| 423 { | |
| 424 @@ -1607,6 +1680,9 @@ | |
| 425 ss->opt = sm->opt; | |
| 426 ss->vrange = sm->vrange; | |
| 427 PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites); | |
| 428 + PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers, | |
| 429 + sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount); | |
| 430 + ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount; | |
| 431 | |
| 432 if (!ss->opt.useSecurity) { | |
| 433 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 434 Index: net/third_party/nss/ssl/sslproto.h | |
| 435 =================================================================== | |
| 436 --- net/third_party/nss/ssl/sslproto.h (revision 140534) | |
| 437 +++ net/third_party/nss/ssl/sslproto.h (revision 140535) | |
| 438 @@ -237,4 +237,11 @@ | |
| 439 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff | |
| 440 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe | |
| 441 | |
| 442 +/* DTLS-SRTP cipher suites from RFC 5764 */ | |
| 443 +/* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ | |
| 444 +#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 | |
| 445 +#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 | |
| 446 +#define SRTP_NULL_HMAC_SHA1_80 0x0005 | |
| 447 +#define SRTP_NULL_HMAC_SHA1_32 0x0006 | |
| 448 + | |
| 449 #endif /* __sslproto_h_ */ | |
| 450 Index: net/third_party/nss/ssl/sslt.h | |
| 451 =================================================================== | |
| 452 --- net/third_party/nss/ssl/sslt.h (revision 140534) | |
| 453 +++ net/third_party/nss/ssl/sslt.h (revision 140535) | |
| 454 @@ -213,12 +213,13 @@ | |
| 455 ssl_elliptic_curves_xtn = 10, | |
| 456 ssl_ec_point_formats_xtn = 11, | |
| 457 #endif | |
| 458 + ssl_use_srtp_xtn = 14, | |
| 459 ssl_session_ticket_xtn = 35, | |
| 460 ssl_next_proto_nego_xtn = 13172, | |
| 461 ssl_channel_id_xtn = 30031, | |
| 462 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ | |
| 463 } SSLExtensionType; | |
| 464 | |
| 465 -#define SSL_MAX_EXTENSIONS 8 | |
| 466 +#define SSL_MAX_EXTENSIONS 9 | |
| 467 | |
| 468 #endif /* __sslt_h_ */ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11275240:
Update net/third_party/nss/ssl to NSS 3.14. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/