Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(231)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/getrequestedclientcerttypes.patch

Issue 1511123006: Uprev NSS (in libssl) to NSS 3.21 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Updated deps Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/patches/didhandshakeresume.patch ('k') | net/third_party/nss/patches/norenegotiatelock.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/ssl/ssl.h b/ssl/ssl.h 1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
2 index 34142fc..e2d1b09 100644 2 index 0983b5f..cf9f6db 100644
3 --- a/ssl/ssl.h 3 --- a/lib/ssl/ssl.h
4 +++ b/ssl/ssl.h 4 +++ b/lib/ssl/ssl.h
5 @@ -803,6 +803,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd, 5 @@ -896,6 +896,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
6 PRBool flushCache, 6 PRBool flushCache,
7 PRIntervalTime timeout); 7 PRIntervalTime timeout);
8 8
9 +/* Returns a SECItem containing the certificate_types field of the 9 +/* Returns a SECItem containing the certificate_types field of the
10 +** CertificateRequest message. Each byte of the data is a TLS 10 +** CertificateRequest message. Each byte of the data is a TLS
11 +** ClientCertificateType value, and they are ordered from most preferred to 11 +** ClientCertificateType value, and they are ordered from most preferred to
12 +** least. This function should only be called from the 12 +** least. This function should only be called from the
13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any 13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any
14 +** other time. The returned value is valid only until the callback returns, an d 14 +** other time. The returned value is valid only until the callback returns, an d
15 +** should not be freed. 15 +** should not be freed.
16 +*/ 16 +*/
17 +SSL_IMPORT const SECItem * 17 +SSL_IMPORT const SECItem *
18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); 18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd);
19 19
20 #ifdef SSL_DEPRECATED_FUNCTION 20 #ifdef SSL_DEPRECATED_FUNCTION
21 /* deprecated! 21 /* deprecated!
22 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c 22 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
23 index b9014ef..800c28e 100644 23 index cc193cd..27038f3 100644
24 --- a/ssl/ssl3con.c 24 --- a/lib/ssl/ssl3con.c
25 +++ b/ssl/ssl3con.c 25 +++ b/lib/ssl/ssl3con.c
26 @@ -7061,6 +7061,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b , PRUint32 length) 26 @@ -7266,6 +7266,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b , PRUint32 length)
27 if (rv != SECSuccess) 27 if (rv != SECSuccess)
28 goto loser; /* malformed, alert has been sent */ 28 goto loser; /* malformed, alert has been sent */
29 29
30 + PORT_Assert(!ss->requestedCertTypes); 30 + PORT_Assert(!ss->requestedCertTypes);
31 + ss->requestedCertTypes = &cert_types; 31 + ss->requestedCertTypes = &cert_types;
32 + 32 +
33 if (isTLS12) { 33 if (isTLS12) {
34 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); 34 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
35 if (rv != SECSuccess) 35 if (rv != SECSuccess)
36 @@ -7262,6 +7265,7 @@ loser: 36 @@ -7469,6 +7472,7 @@ loser:
37 PORT_SetError(errCode); 37 PORT_SetError(errCode);
38 rv = SECFailure; 38 rv = SECFailure;
39 done: 39 done:
40 + ss->requestedCertTypes = NULL; 40 + ss->requestedCertTypes = NULL;
41 if (arena != NULL) 41 if (arena != NULL)
42 PORT_FreeArena(arena, PR_FALSE); 42 PORT_FreeArena(arena, PR_FALSE);
43 #ifdef NSS_PLATFORM_CLIENT_AUTH 43 #ifdef NSS_PLATFORM_CLIENT_AUTH
44 diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h 44 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
45 index bbc9bd2..46e618a 100644 45 index 94bb9f4..c7231a7 100644
46 --- a/ssl/sslimpl.h 46 --- a/lib/ssl/sslimpl.h
47 +++ b/ssl/sslimpl.h 47 +++ b/lib/ssl/sslimpl.h
48 @@ -1238,6 +1238,10 @@ struct sslSocketStr { 48 @@ -1265,6 +1265,10 @@ struct sslSocketStr {
49 unsigned int sizeCipherSpecs; 49 unsigned int sizeCipherSpecs;
50 const unsigned char * preferredCipher; 50 const unsigned char * preferredCipher;
51 51
52 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ 52 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */
53 + /* Will be NULL at all other times. */ 53 + /* Will be NULL at all other times. */
54 + const SECItem *requestedCertTypes; 54 + const SECItem *requestedCertTypes;
55 + 55 +
56 ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ 56 ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
57 57
58 /* Callbacks */ 58 const ssl3DHParams *dheParams; /* DHE param */
59 diff --git a/ssl/sslsock.c b/ssl/sslsock.c 59 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
60 index 1a9c584..9431fe4 100644 60 index b73f8f6..11e66f2 100644
61 --- a/ssl/sslsock.c 61 --- a/lib/ssl/sslsock.c
62 +++ b/ssl/sslsock.c 62 +++ b/lib/ssl/sslsock.c
63 @@ -1911,6 +1911,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands hake_resumed) { 63 @@ -2165,6 +2165,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands hake_resumed) {
64 return SECSuccess; 64 return SECSuccess;
65 } 65 }
66 66
67 +const SECItem * 67 +const SECItem *
68 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) 68 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd)
69 +{ 69 +{
70 + sslSocket *ss = ssl_FindSocket(fd); 70 + sslSocket *ss = ssl_FindSocket(fd);
71 + 71 +
72 + if (!ss) { 72 + if (!ss) {
73 + SSL_DBG(("%d: SSL[%d]: bad socket in " 73 + SSL_DBG(("%d: SSL[%d]: bad socket in "
74 + "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd)); 74 + "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd));
75 + return NULL; 75 + return NULL;
76 + } 76 + }
77 + 77 +
78 + return ss->requestedCertTypes; 78 + return ss->requestedCertTypes;
79 +} 79 +}
80 + 80 +
81 /************************************************************************/ 81 /************************************************************************/
82 /* The following functions are the TOP LEVEL SSL functions. 82 /* The following functions are the TOP LEVEL SSL functions.
83 ** They all get called through the NSPRIOMethods table below. 83 ** They all get called through the NSPRIOMethods table below.
84 @@ -2989,6 +3003,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco lVariant) 84 @@ -3243,6 +3257,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco lVariant)
85 sc->serverKeyBits = 0; 85 sc->serverKeyBits = 0;
86 ss->certStatusArray[i] = NULL; 86 ss->certStatusArray[i] = NULL;
87 } 87 }
88 + ss->requestedCertTypes = NULL; 88 + ss->requestedCertTypes = NULL;
89 ss->stepDownKeyPair = NULL; 89 ss->stepDownKeyPair = NULL;
90 ss->dbHandle = CERT_GetDefaultCertDB();
91 90
91 ss->dheParams = NULL;
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/didhandshakeresume.patch ('k') | net/third_party/nss/patches/norenegotiatelock.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698