Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(290)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/peercertchain.patch

Issue 11275240: Update net/third_party/nss/ssl to NSS 3.14. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before commit Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/ocspstapling.patch ('k') | net/third_party/nss/patches/recordlayerversion.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Index: mozilla/security/nss/lib/ssl/ssl.h 1 diff -pu -r a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslaut h.c
2 =================================================================== 2 --- a/net/third_party/nss/ssl/sslauth.c»2012-04-25 07:50:12.000000000 -0700
3 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v 3 +++ b/net/third_party/nss/ssl/sslauth.c»2012-11-09 15:22:49.448098805 -0800
4 retrieving revision 1.49 4 @@ -28,6 +28,41 @@ SSL_PeerCertificate(PRFileDesc *fd)
5 diff -u -p -8 -r1.49 ssl.h
6 --- mozilla/security/nss/lib/ssl/ssl.h» 15 Feb 2012 21:52:08 -0000» 1.49
7 +++ mozilla/security/nss/lib/ssl/ssl.h» 29 Feb 2012 02:12:05 -0000
8 @@ -331,16 +331,28 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(
9 ** it will always return the server's certificate. If the server calls
10 ** this, it may return NULL if client authentication is not enabled or
11 ** if the client had no certificate when asked.
12 **» "fd" the socket "file" descriptor
13 */
14 SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
15
16 /*
17 +** Return references to the certificates presented by the SSL peer.
18 +** |maxNumCerts| must contain the size of the |certs| array. On successful
19 +** return, |*numCerts| contains the number of certificates available and
20 +** |certs| will contain references to as many certificates as would fit.
21 +** Therefore if |*numCerts| contains a value less than or equal to
22 +** |maxNumCerts|, then all certificates were returned.
23 +*/
24 +SSL_IMPORT SECStatus SSL_PeerCertificateChain(
25 +» PRFileDesc *fd, CERTCertificate **certs,
26 +» unsigned int *numCerts, unsigned int maxNumCerts);
27 +
28 +/*
29 ** Authenticate certificate hook. Called when a certificate comes in
30 ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
31 ** certificate.
32 **
33 ** The authenticate certificate hook must return SECSuccess to indicate the
34 ** certificate is valid, SECFailure to indicate the certificate is invalid,
35 ** or SECWouldBlock if the application will authenticate the certificate
36 ** asynchronously. SECWouldBlock is only supported for non-blocking sockets.
37 Index: mozilla/security/nss/lib/ssl/sslauth.c
38 ===================================================================
39 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v
40 retrieving revision 1.17
41 diff -u -p -8 -r1.17 sslauth.c
42 --- mozilla/security/nss/lib/ssl/sslauth.c» 3 Aug 2010 18:48:45 -0000» 1.17
43 +++ mozilla/security/nss/lib/ssl/sslauth.c» 29 Feb 2012 02:12:05 -0000
44 @@ -55,16 +55,51 @@ SSL_PeerCertificate(PRFileDesc *fd)
45 }
46 if (ss->opt.useSecurity && ss->sec.peerCert) {
47 » return CERT_DupCertificate(ss->sec.peerCert);
48 }
49 return 0;
50 } 5 }
51 6
52 /* NEED LOCKS IN HERE. */ 7 /* NEED LOCKS IN HERE. */
53 +SECStatus 8 +SECStatus
54 +SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs, 9 +SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs,
55 + unsigned int *numCerts, unsigned int maxNumCerts) 10 + unsigned int *numCerts, unsigned int maxNumCerts)
56 +{ 11 +{
57 + sslSocket *ss; 12 + sslSocket *ss;
58 + ssl3CertNode* cur; 13 + ssl3CertNode* cur;
59 + 14 +
(...skipping 21 matching lines...) Expand all
81 + (*numCerts)++; 36 + (*numCerts)++;
82 + } 37 + }
83 + 38 +
84 + return SECSuccess; 39 + return SECSuccess;
85 +} 40 +}
86 + 41 +
87 +/* NEED LOCKS IN HERE. */ 42 +/* NEED LOCKS IN HERE. */
88 CERTCertificate * 43 CERTCertificate *
89 SSL_LocalCertificate(PRFileDesc *fd) 44 SSL_LocalCertificate(PRFileDesc *fd)
90 { 45 {
91 sslSocket *ss; 46 diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
47 --- a/net/third_party/nss/ssl/ssl.h» 2012-09-21 14:58:43.000000000 -0700
48 +++ b/net/third_party/nss/ssl/ssl.h» 2012-11-09 15:22:49.448098805 -0800
49 @@ -398,6 +398,18 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(
50 SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
92 51
93 ss = ssl_FindSocket(fd); 52 /*
94 if (!ss) { 53 +** Return references to the certificates presented by the SSL peer.
95 » SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate", 54 +** |maxNumCerts| must contain the size of the |certs| array. On successful
55 +** return, |*numCerts| contains the number of certificates available and
56 +** |certs| will contain references to as many certificates as would fit.
57 +** Therefore if |*numCerts| contains a value less than or equal to
58 +** |maxNumCerts|, then all certificates were returned.
59 +*/
60 +SSL_IMPORT SECStatus SSL_PeerCertificateChain(
61 +» PRFileDesc *fd, CERTCertificate **certs,
62 +» unsigned int *numCerts, unsigned int maxNumCerts);
63 +
64 +/*
65 ** Authenticate certificate hook. Called when a certificate comes in
66 ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
67 ** certificate.
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/ocspstapling.patch ('k') | net/third_party/nss/patches/recordlayerversion.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698