Update NSS libSSL to NSS_3_15_BETA2.

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 1837 matching lines @@
       PostOrRunCallback(
           FROM_HERE,
           base::Bind(&AddLogEventWithCallback, weak_net_log_,
                      NetLog::TYPE_SSL_HANDSHAKE_ERROR,
                      CreateNetLogSSLErrorCallback(net_error, 0)));
     } else {
   #if defined(SSL_ENABLE_OCSP_STAPLING)
       // TODO(agl): figure out how to plumb an OCSP response into the Mac
       // system library and update IsOCSPStaplingSupported for Mac.
       if (IsOCSPStaplingSupported()) {
-        unsigned int len = 0;
-        SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len);
-        if (len) {
-          const unsigned int orig_len = len;
-          scoped_ptr<uint8[]> ocsp_response(new uint8[orig_len]);
-          SSL_GetStapledOCSPResponse(nss_fd_, ocsp_response.get(), &len);
-          DCHECK_EQ(orig_len, len);
-
+        const SECItemArray *ocsp_responses =

[Ryan Sleevi, 2013/05/01 19:06:08]

nit: "const SECItemArray *" -> "const SECItemArray* " 

[wtc, 2013/05/01 21:52:16]

Done.

+            SSL_PeerStapledOCSPResponses(nss_fd_);
+        if (ocsp_responses->len) {
   #if defined(OS_WIN)
           if (nss_handshake_state_.server_cert) {
             CRYPT_DATA_BLOB ocsp_response_blob;
-            ocsp_response_blob.cbData = len;
-            ocsp_response_blob.pbData = ocsp_response.get();
+            ocsp_response_blob.cbData = ocsp_responses->items[0].len;
+            ocsp_response_blob.pbData = ocsp_responses->items[0].data;
             BOOL ok = CertSetCertificateContextProperty(
                 nss_handshake_state_.server_cert->os_cert_handle(),
                 CERT_OCSP_RESPONSE_PROP_ID,
                 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG,
                 &ocsp_response_blob);
             if (!ok) {
               VLOG(1) << "Failed to set OCSP response property: "
                       << GetLastError();
             }
           }
   #elif defined(USE_NSS)
           CacheOCSPResponseFromSideChannelFunction cache_ocsp_response =
               GetCacheOCSPResponseFromSideChannelFunction();
-          SECItem ocsp_response_item;
-          ocsp_response_item.type = siBuffer;
-          ocsp_response_item.data = ocsp_response.get();
-          ocsp_response_item.len = len;
 
           cache_ocsp_response(
               CERT_GetDefaultCertDB(),
               nss_handshake_state_.server_cert_chain[0], PR_Now(),
-              &ocsp_response_item, NULL);
+              &ocsp_responses->items[0], NULL);
   #endif
         }
       }
   #endif
     }
     // Done!
   } else {
     PRErrorCode prerr = PR_GetError();
     net_error = HandleNSSError(prerr, true);
 
@@ skipping 1619 matching lines @@
   EnsureThreadIdAssigned();
   base::AutoLock auto_lock(lock_);
   return valid_thread_id_ == base::PlatformThread::CurrentId();
 }
 
 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
   return server_bound_cert_service_;
 }
 
 }  // namespace net