| Index: net/third_party/nss/patches/channelid.patch
|
| diff --git a/net/third_party/nss/patches/channelid.patch b/net/third_party/nss/patches/channelid.patch
|
| index e2b985470cf6912f6768559d45da8632cdb8bb9d..58b0ae7d1aede8eaa212df6d697c849d96b1bce7 100644
|
| --- a/net/third_party/nss/patches/channelid.patch
|
| +++ b/net/third_party/nss/patches/channelid.patch
|
| @@ -1,25 +1,25 @@
|
| -diff --git a/ssl/SSLerrs.h b/ssl/SSLerrs.h
|
| -index 174037b..81da41c 100644
|
| ---- a/ssl/SSLerrs.h
|
| -+++ b/ssl/SSLerrs.h
|
| -@@ -422,3 +422,12 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
|
| - ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
|
| - "The server rejected the handshake because the client downgraded to a lower "
|
| - "TLS version than the server supports.")
|
| -+
|
| -+ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
|
| +diff --git a/lib/ssl/SSLerrs.h b/lib/ssl/SSLerrs.h
|
| +index 6028396..3d21ab8 100644
|
| +--- a/lib/ssl/SSLerrs.h
|
| ++++ b/lib/ssl/SSLerrs.h
|
| +@@ -440,3 +440,12 @@ ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136),
|
| +
|
| + ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137),
|
| + "The peer tried to resume with an unexpected extended_master_secret extension")
|
| ++
|
| ++ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 138),
|
| +"SSL received a malformed TLS Channel ID extension.")
|
| +
|
| -+ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 133),
|
| ++ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 139),
|
| +"The application provided an invalid TLS Channel ID key.")
|
| +
|
| -+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 134),
|
| ++ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 140),
|
| +"The application could not get a TLS Channel ID.")
|
| -diff --git a/ssl/ssl.h b/ssl/ssl.h
|
| -index 593dd00..716537d 100644
|
| ---- a/ssl/ssl.h
|
| -+++ b/ssl/ssl.h
|
| -@@ -1025,6 +1025,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
|
| +diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
| +index 85ced8a..120c257 100644
|
| +--- a/lib/ssl/ssl.h
|
| ++++ b/lib/ssl/ssl.h
|
| +@@ -1135,6 +1135,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
|
| SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
|
| PRBool *last_handshake_resumed);
|
|
|
| @@ -54,11 +54,11 @@ index 593dd00..716537d 100644
|
| /*
|
| ** How long should we wait before retransmitting the next flight of
|
| ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
|
| -diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
| -index 29e8f1c..c0e8e79 100644
|
| ---- a/ssl/ssl3con.c
|
| -+++ b/ssl/ssl3con.c
|
| -@@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateStatus( sslSocket *ss);
|
| +diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
| +index 304e03b..2ae8ce9 100644
|
| +--- a/lib/ssl/ssl3con.c
|
| ++++ b/lib/ssl/ssl3con.c
|
| +@@ -57,6 +57,7 @@ static SECStatus ssl3_SendCertificateStatus( sslSocket *ss);
|
| static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
|
| static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
|
| static SECStatus ssl3_SendNextProto( sslSocket *ss);
|
| @@ -66,7 +66,7 @@ index 29e8f1c..c0e8e79 100644
|
| static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
|
| static SECStatus ssl3_SendServerHello( sslSocket *ss);
|
| static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
|
| -@@ -6296,6 +6297,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| +@@ -6470,6 +6471,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| }
|
| #endif /* NSS_PLATFORM_CLIENT_AUTH */
|
|
|
| @@ -82,7 +82,7 @@ index 29e8f1c..c0e8e79 100644
|
| temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
|
| if (temp < 0) {
|
| goto loser; /* alert has been sent */
|
| -@@ -6578,7 +6588,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| +@@ -6780,7 +6790,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| if (rv != SECSuccess) {
|
| goto alert_loser; /* err code was set */
|
| }
|
| @@ -91,9 +91,9 @@ index 29e8f1c..c0e8e79 100644
|
| } while (0);
|
|
|
| if (sid_match)
|
| -@@ -6613,6 +6623,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| - } else {
|
| - ss->ssl3.hs.ws = wait_cert_request;
|
| +@@ -6819,6 +6829,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| + PORT_Assert(ss->ssl3.hs.kea_def->ephemeral);
|
| + ss->ssl3.hs.ws = wait_server_key;
|
| }
|
| +
|
| +winner:
|
| @@ -119,7 +119,7 @@ index 29e8f1c..c0e8e79 100644
|
| return SECSuccess;
|
|
|
| alert_loser:
|
| -@@ -7565,7 +7596,14 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
| +@@ -7774,7 +7805,14 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
| if (rv != SECSuccess) {
|
| goto loser; /* err code was set. */
|
| }
|
| @@ -134,7 +134,7 @@ index 29e8f1c..c0e8e79 100644
|
| if (ss->opt.enableFalseStart) {
|
| if (!ss->ssl3.hs.authCertificatePending) {
|
| /* When we fix bug 589047, we will need to know whether we are
|
| -@@ -7602,6 +7640,33 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
| +@@ -7811,6 +7849,33 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
|
|
| ssl_ReleaseXmitBufLock(ss); /*******************************/
|
|
|
| @@ -168,7 +168,7 @@ index 29e8f1c..c0e8e79 100644
|
| if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
|
| ss->ssl3.hs.ws = wait_new_session_ticket;
|
| else
|
| -@@ -10590,6 +10655,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
|
| +@@ -11264,6 +11329,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
|
| }
|
|
|
| /* called from ssl3_SendClientSecondRound
|
| @@ -353,7 +353,7 @@ index 29e8f1c..c0e8e79 100644
|
| * ssl3_HandleClientHello
|
| * ssl3_HandleFinished
|
| */
|
| -@@ -10849,11 +11092,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
|
| +@@ -11531,11 +11774,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
|
| flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
|
| }
|
|
|
| @@ -374,7 +374,7 @@ index 29e8f1c..c0e8e79 100644
|
| }
|
|
|
| if (IS_DTLS(ss)) {
|
| -@@ -12333,6 +12581,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
|
| +@@ -13095,6 +13343,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
|
| ssl_FreePlatformKey(ss->ssl3.platformClientKey);
|
| #endif /* NSS_PLATFORM_CLIENT_AUTH */
|
|
|
| @@ -386,10 +386,10 @@ index 29e8f1c..c0e8e79 100644
|
| if (ss->ssl3.peerCertArena != NULL)
|
| ssl3_CleanupPeerCerts(ss);
|
|
|
| -diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
|
| -index 0a2288a..4d17587 100644
|
| ---- a/ssl/ssl3ext.c
|
| -+++ b/ssl/ssl3ext.c
|
| +diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
|
| +index 5661a5c..78825cb 100644
|
| +--- a/lib/ssl/ssl3ext.c
|
| ++++ b/lib/ssl/ssl3ext.c
|
| @@ -73,6 +73,10 @@ static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
|
| SECItem *data);
|
| static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
|
| @@ -401,15 +401,15 @@ index 0a2288a..4d17587 100644
|
| static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
|
| PRBool append, PRUint32 maxBytes);
|
| static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
|
| -@@ -269,6 +273,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
|
| +@@ -276,6 +280,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
|
| { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
|
| { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn },
|
| { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
|
| + { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
|
| { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
|
| + { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
|
| { -1, NULL }
|
| - };
|
| -@@ -296,6 +301,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
| +@@ -304,6 +309,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
| { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
|
| { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
|
| { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
|
| @@ -417,7 +417,7 @@ index 0a2288a..4d17587 100644
|
| { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
|
| { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
|
| { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
|
| -@@ -930,6 +936,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
|
| +@@ -945,6 +951,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
|
| }
|
|
|
| static SECStatus
|
| @@ -479,10 +479,10 @@ index 0a2288a..4d17587 100644
|
| ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
|
| SECItem *data)
|
| {
|
| -diff --git a/ssl/ssl3prot.h b/ssl/ssl3prot.h
|
| -index 485d7dd..78fbcaa 100644
|
| ---- a/ssl/ssl3prot.h
|
| -+++ b/ssl/ssl3prot.h
|
| +diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h
|
| +index a93bef1..848bdee 100644
|
| +--- a/lib/ssl/ssl3prot.h
|
| ++++ b/lib/ssl/ssl3prot.h
|
| @@ -136,7 +136,8 @@ typedef enum {
|
| client_key_exchange = 16,
|
| finished = 20,
|
| @@ -493,10 +493,10 @@ index 485d7dd..78fbcaa 100644
|
| } SSL3HandshakeType;
|
|
|
| typedef struct {
|
| -diff --git a/ssl/sslauth.c b/ssl/sslauth.c
|
| -index 7f9c43b..c2d9201 100644
|
| ---- a/ssl/sslauth.c
|
| -+++ b/ssl/sslauth.c
|
| +diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c
|
| +index e6981f0..03b23b4 100644
|
| +--- a/lib/ssl/sslauth.c
|
| ++++ b/lib/ssl/sslauth.c
|
| @@ -216,6 +216,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
|
| return SECSuccess;
|
| }
|
| @@ -522,26 +522,26 @@ index 7f9c43b..c2d9201 100644
|
| #ifdef NSS_PLATFORM_CLIENT_AUTH
|
| /* NEED LOCKS IN HERE. */
|
| SECStatus
|
| -diff --git a/ssl/sslerr.h b/ssl/sslerr.h
|
| -index 12dbb1d..24bf893 100644
|
| ---- a/ssl/sslerr.h
|
| -+++ b/ssl/sslerr.h
|
| -@@ -198,6 +198,10 @@ SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130),
|
| -
|
| - SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
|
| +diff --git a/lib/ssl/sslerr.h b/lib/ssl/sslerr.h
|
| +index 192a107..835b812 100644
|
| +--- a/lib/ssl/sslerr.h
|
| ++++ b/lib/ssl/sslerr.h
|
| +@@ -208,6 +208,10 @@ SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135),
|
| + SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 136),
|
| + SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 137),
|
|
|
| -+SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
|
| -+SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
|
| -+SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
|
| ++SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 138),
|
| ++SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 139),
|
| ++SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 140),
|
| +
|
| SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
|
| } SSLErrorCodes;
|
| #endif /* NO_SECURITY_ERROR_ENUM */
|
| -diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
| -index 2cf0b3a..e11860e 100644
|
| ---- a/ssl/sslimpl.h
|
| -+++ b/ssl/sslimpl.h
|
| -@@ -711,6 +711,14 @@ struct sslSessionIDStr {
|
| +diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
| +index c089889..c286518 100644
|
| +--- a/lib/ssl/sslimpl.h
|
| ++++ b/lib/ssl/sslimpl.h
|
| +@@ -722,6 +722,14 @@ struct sslSessionIDStr {
|
|
|
| SECItem srvName;
|
|
|
| @@ -556,7 +556,7 @@ index 2cf0b3a..e11860e 100644
|
| /* This lock is lazily initialized by CacheSID when a sid is first
|
| * cached. Before then, there is no need to lock anything because
|
| * the sid isn't being shared by anything.
|
| -@@ -986,6 +994,9 @@ struct ssl3StateStr {
|
| +@@ -999,6 +1007,9 @@ struct ssl3StateStr {
|
| CERTCertificateList *clientCertChain; /* used by client */
|
| PRBool sendEmptyCert; /* used by client */
|
|
|
| @@ -566,7 +566,7 @@ index 2cf0b3a..e11860e 100644
|
| int policy;
|
| /* This says what cipher suites we can do, and should
|
| * be either SSL_ALLOWED or SSL_RESTRICTED
|
| -@@ -1264,6 +1275,8 @@ const unsigned char * preferredCipher;
|
| +@@ -1294,6 +1305,8 @@ const unsigned char * preferredCipher;
|
| void *pkcs11PinArg;
|
| SSLNextProtoCallback nextProtoCallback;
|
| void *nextProtoArg;
|
| @@ -575,7 +575,7 @@ index 2cf0b3a..e11860e 100644
|
|
|
| PRIntervalTime rTimeout; /* timeout for NSPR I/O */
|
| PRIntervalTime wTimeout; /* timeout for NSPR I/O */
|
| -@@ -1610,6 +1623,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
|
| +@@ -1640,6 +1653,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
|
| SECKEYPrivateKey * key,
|
| CERTCertificateList *certChain);
|
|
|
| @@ -587,10 +587,10 @@ index 2cf0b3a..e11860e 100644
|
| extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
|
|
|
| /*
|
| -diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
|
| +diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
|
| index be11008..1326a8b 100644
|
| ---- a/ssl/sslnonce.c
|
| -+++ b/ssl/sslnonce.c
|
| +--- a/lib/ssl/sslnonce.c
|
| ++++ b/lib/ssl/sslnonce.c
|
| @@ -180,6 +180,9 @@ ssl_DestroySID(sslSessionID *sid)
|
| if (sid->u.ssl3.srvName.data) {
|
| SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
|
| @@ -601,11 +601,11 @@ index be11008..1326a8b 100644
|
|
|
| if (sid->u.ssl3.lock) {
|
| PR_DestroyRWLock(sid->u.ssl3.lock);
|
| -diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
|
| -index d44336e..5c6751a 100644
|
| ---- a/ssl/sslsecur.c
|
| -+++ b/ssl/sslsecur.c
|
| -@@ -1582,6 +1582,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc * fd,
|
| +diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
|
| +index f77d6fa..cca55bb 100644
|
| +--- a/lib/ssl/sslsecur.c
|
| ++++ b/lib/ssl/sslsecur.c
|
| +@@ -1598,6 +1598,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc * fd,
|
| return ret;
|
| }
|
|
|
| @@ -648,11 +648,11 @@ index d44336e..5c6751a 100644
|
| /* DO NOT USE. This function was exported in ssl.def with the wrong signature;
|
| * this implementation exists to maintain link-time compatibility.
|
| */
|
| -diff --git a/ssl/sslsock.c b/ssl/sslsock.c
|
| -index 9431fe4..042f24f 100644
|
| ---- a/ssl/sslsock.c
|
| -+++ b/ssl/sslsock.c
|
| -@@ -288,6 +288,8 @@ ssl_DupSocket(sslSocket *os)
|
| +diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
| +index 11e66f2..efba686 100644
|
| +--- a/lib/ssl/sslsock.c
|
| ++++ b/lib/ssl/sslsock.c
|
| +@@ -313,6 +313,8 @@ ssl_DupSocket(sslSocket *os)
|
| ss->canFalseStartCallback = os->canFalseStartCallback;
|
| ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
|
| ss->pkcs11PinArg = os->pkcs11PinArg;
|
| @@ -661,7 +661,7 @@ index 9431fe4..042f24f 100644
|
|
|
| /* Create security data */
|
| rv = ssl_CopySecurityInfo(ss, os);
|
| -@@ -1733,6 +1735,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
|
| +@@ -1987,6 +1989,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
|
| ss->handshakeCallbackData = sm->handshakeCallbackData;
|
| if (sm->pkcs11PinArg)
|
| ss->pkcs11PinArg = sm->pkcs11PinArg;
|
| @@ -672,7 +672,7 @@ index 9431fe4..042f24f 100644
|
| return fd;
|
| loser:
|
| return NULL;
|
| -@@ -3021,6 +3027,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
| +@@ -3279,6 +3285,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
| ss->badCertArg = NULL;
|
| ss->pkcs11PinArg = NULL;
|
| ss->ephemeralECDHKeyPair = NULL;
|
| @@ -681,12 +681,12 @@ index 9431fe4..042f24f 100644
|
|
|
| ssl_ChooseOps(ss);
|
| ssl2_InitSocketPolicy(ss);
|
| -diff --git a/ssl/sslt.h b/ssl/sslt.h
|
| -index 1d28feb..0900f28 100644
|
| ---- a/ssl/sslt.h
|
| -+++ b/ssl/sslt.h
|
| -@@ -191,10 +191,11 @@ typedef enum {
|
| - ssl_padding_xtn = 21,
|
| +diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
|
| +index cd742bb..b6616e2 100644
|
| +--- a/lib/ssl/sslt.h
|
| ++++ b/lib/ssl/sslt.h
|
| +@@ -238,11 +238,12 @@ typedef enum {
|
| + ssl_extended_master_secret_xtn = 23,
|
| ssl_session_ticket_xtn = 35,
|
| ssl_next_proto_nego_xtn = 13172,
|
| + ssl_channel_id_xtn = 30032,
|
| @@ -694,7 +694,8 @@ index 1d28feb..0900f28 100644
|
| ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
|
| } SSLExtensionType;
|
|
|
| --#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
|
| -+#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
|
| +-#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
|
| ++#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
|
|
|
| - #endif /* __sslt_h_ */
|
| + typedef enum {
|
| + ssl_dhe_group_none = 0,
|
|
|
Chromium Code Reviews
Issue 1511123006:
Uprev NSS (in libssl) to NSS 3.21 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master