Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/cachecerts.patch

Issue 1511123006: Uprev NSS (in libssl) to NSS 3.21 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Updated deps Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/patches/cachelocks.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c 1 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
2 index 163572c..60af5b0 100644 2 index 8f1c547..9aaf601 100644
3 --- a/ssl/ssl3con.c 3 --- a/lib/ssl/ssl3con.c
4 +++ b/ssl/ssl3con.c 4 +++ b/lib/ssl/ssl3con.c
5 @@ -43,6 +43,7 @@ 5 @@ -45,6 +45,7 @@
6 6
7 static SECStatus ssl3_AuthCertificate(sslSocket *ss); 7 static SECStatus ssl3_AuthCertificate(sslSocket *ss);
8 static void ssl3_CleanupPeerCerts(sslSocket *ss); 8 static void ssl3_CleanupPeerCerts(sslSocket *ss);
9 +static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid); 9 +static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid);
10 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, 10 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
11 PK11SlotInfo * serverKeySlot); 11 PK11SlotInfo * serverKeySlot);
12 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); 12 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
13 @@ -6549,6 +6550,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUin t32 length) 13 @@ -6751,6 +6752,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUin t32 length)
14 /* copy the peer cert from the SID */ 14 /* copy the peer cert from the SID */
15 if (sid->peerCert != NULL) { 15 if (sid->peerCert != NULL) {
16 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); 16 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
17 + ssl3_CopyPeerCertsFromSID(ss, sid); 17 + ssl3_CopyPeerCertsFromSID(ss, sid);
18 } 18 }
19 19
20 » /* NULL value for PMS signifies re-use of the old MS */ 20 » /* NULL value for PMS because we are reusing the old MS */
21 @@ -8140,6 +8142,7 @@ compression_found: 21 @@ -8405,6 +8407,7 @@ compression_found:
22 ss->sec.ci.sid = sid; 22 ss->sec.ci.sid = sid;
23 if (sid->peerCert != NULL) { 23 if (sid->peerCert != NULL) {
24 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); 24 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
25 + ssl3_CopyPeerCertsFromSID(ss, sid); 25 + ssl3_CopyPeerCertsFromSID(ss, sid);
26 } 26 }
27 27
28 /* 28 /*
29 @@ -9763,6 +9766,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss) 29 @@ -10389,6 +10392,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
30 ss->ssl3.peerCertChain = NULL; 30 ss->ssl3.peerCertChain = NULL;
31 } 31 }
32 32
33 +static void 33 +static void
34 +ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid) 34 +ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid)
35 +{ 35 +{
36 + PLArenaPool *arena; 36 + PLArenaPool *arena;
37 + ssl3CertNode *lastCert = NULL; 37 + ssl3CertNode *lastCert = NULL;
38 + ssl3CertNode *certs = NULL; 38 + ssl3CertNode *certs = NULL;
39 + int i; 39 + int i;
(...skipping 24 matching lines...) Expand all
64 + ssl3CertNode *c = certs; 64 + ssl3CertNode *c = certs;
65 + for (; i < MAX_PEER_CERT_CHAIN_SIZE && c; i++, c = c->next) { 65 + for (; i < MAX_PEER_CERT_CHAIN_SIZE && c; i++, c = c->next) {
66 + PORT_Assert(!sid->peerCertChain[i]); 66 + PORT_Assert(!sid->peerCertChain[i]);
67 + sid->peerCertChain[i] = CERT_DupCertificate(c->cert); 67 + sid->peerCertChain[i] = CERT_DupCertificate(c->cert);
68 + } 68 + }
69 +} 69 +}
70 + 70 +
71 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete 71 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
72 * ssl3 CertificateStatus message. 72 * ssl3 CertificateStatus message.
73 * Caller must hold Handshake and RecvBuf locks. 73 * Caller must hold Handshake and RecvBuf locks.
74 @@ -10041,6 +10082,7 @@ ssl3_AuthCertificate(sslSocket *ss) 74 @@ -10669,6 +10710,7 @@ ssl3_AuthCertificate(sslSocket *ss)
75 } 75 }
76 76
77 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert); 77 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
78 + ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid); 78 + ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid);
79 79
80 if (!ss->sec.isServer) { 80 if (!ss->sec.isServer) {
81 CERTCertificate *cert = ss->sec.peerCert; 81 CERTCertificate *cert = ss->sec.peerCert;
82 diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h 82 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
83 index 1b38a52..086f6d2 100644 83 index ad31aae..9dcc29e 100644
84 --- a/ssl/sslimpl.h 84 --- a/lib/ssl/sslimpl.h
85 +++ b/ssl/sslimpl.h 85 +++ b/lib/ssl/sslimpl.h
86 @@ -597,6 +597,8 @@ typedef enum {» never_cached, 86 @@ -608,6 +608,8 @@ typedef enum {» never_cached,
87 invalid_cache /* no longer in any cache. */ 87 invalid_cache /* no longer in any cache. */
88 } Cached; 88 } Cached;
89 89
90 +#define MAX_PEER_CERT_CHAIN_SIZE 8 90 +#define MAX_PEER_CERT_CHAIN_SIZE 8
91 + 91 +
92 struct sslSessionIDStr { 92 struct sslSessionIDStr {
93 /* The global cache lock must be held when accessing these members when the 93 /* The global cache lock must be held when accessing these members when the
94 * sid is in any cache. 94 * sid is in any cache.
95 @@ -611,6 +613,7 @@ struct sslSessionIDStr { 95 @@ -622,6 +624,7 @@ struct sslSessionIDStr {
96 */ 96 */
97 97
98 CERTCertificate * peerCert; 98 CERTCertificate * peerCert;
99 + CERTCertificate * peerCertChain[MAX_PEER_CERT_CHAIN_SIZE]; 99 + CERTCertificate * peerCertChain[MAX_PEER_CERT_CHAIN_SIZE];
100 SECItemArray peerCertStatus; /* client only */ 100 SECItemArray peerCertStatus; /* client only */
101 const char * peerID; /* client only */ 101 const char * peerID; /* client only */
102 const char * urlSvrName; /* client only */ 102 const char * urlSvrName; /* client only */
103 diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c 103 diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
104 index 2e861f1..be11008 100644 104 index 2e861f1..be11008 100644
105 --- a/ssl/sslnonce.c 105 --- a/lib/ssl/sslnonce.c
106 +++ b/ssl/sslnonce.c 106 +++ b/lib/ssl/sslnonce.c
107 @@ -164,6 +164,7 @@ lock_cache(void) 107 @@ -164,6 +164,7 @@ lock_cache(void)
108 static void 108 static void
109 ssl_DestroySID(sslSessionID *sid) 109 ssl_DestroySID(sslSessionID *sid)
110 { 110 {
111 + int i; 111 + int i;
112 SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached)); 112 SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
113 PORT_Assert(sid->references == 0); 113 PORT_Assert(sid->references == 0);
114 PORT_Assert(sid->cached != in_client_cache); 114 PORT_Assert(sid->cached != in_client_cache);
115 @@ -194,6 +195,9 @@ ssl_DestroySID(sslSessionID *sid) 115 @@ -194,6 +195,9 @@ ssl_DestroySID(sslSessionID *sid)
116 if ( sid->peerCert ) { 116 if ( sid->peerCert ) {
117 CERT_DestroyCertificate(sid->peerCert); 117 CERT_DestroyCertificate(sid->peerCert);
118 } 118 }
119 + for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) { 119 + for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
120 + CERT_DestroyCertificate(sid->peerCertChain[i]); 120 + CERT_DestroyCertificate(sid->peerCertChain[i]);
121 + } 121 + }
122 if (sid->peerCertStatus.items) { 122 if (sid->peerCertStatus.items) {
123 SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE); 123 SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);
124 } 124 }
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/patches/cachelocks.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698