Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(575)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/getrequestedclientcerttypes.patch

Issue 1844813002: Uprev NSS to 3.23 on iOS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: One more GN fix Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/patches/didhandshakeresume.patch ('k') | net/third_party/nss/patches/nobypass.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h 1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
2 index 0983b5f..cf9f6db 100644 2 index e905aab..9e57220 100644
3 --- a/lib/ssl/ssl.h 3 --- a/lib/ssl/ssl.h
4 +++ b/lib/ssl/ssl.h 4 +++ b/lib/ssl/ssl.h
5 @@ -896,6 +896,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd, 5 @@ -896,6 +896,17 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
6 PRBool flushCache, 6 PRBool flushCache,
7 PRIntervalTime timeout); 7 PRIntervalTime timeout);
8 8
9 +/* Returns a SECItem containing the certificate_types field of the 9 +/* Returns a SECItem containing the certificate_types field of the
10 +** CertificateRequest message. Each byte of the data is a TLS 10 +** CertificateRequest message. Each byte of the data is a TLS
11 +** ClientCertificateType value, and they are ordered from most preferred to 11 +** ClientCertificateType value, and they are ordered from most preferred to
12 +** least. This function should only be called from the 12 +** least. This function should only be called from the
13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any 13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any
14 +** other time. The returned value is valid only until the callback returns, an d 14 +** other time. The returned value is valid only until the callback returns, an d
15 +** should not be freed. 15 +** should not be freed.
16 +*/ 16 +*/
17 +SSL_IMPORT const SECItem * 17 +SSL_IMPORT const SECItem *
18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); 18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd);
19 19 +
20 #ifdef SSL_DEPRECATED_FUNCTION 20 #ifdef SSL_DEPRECATED_FUNCTION
21 /* deprecated! 21 /* deprecated!
22 ** For the server, request a new handshake. For the client, begin a new
22 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c 23 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
23 index cc193cd..27038f3 100644 24 index b8d4784..784f59b 100644
24 --- a/lib/ssl/ssl3con.c 25 --- a/lib/ssl/ssl3con.c
25 +++ b/lib/ssl/ssl3con.c 26 +++ b/lib/ssl/ssl3con.c
26 @@ -7266,6 +7266,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b , PRUint32 length) 27 @@ -7674,6 +7674,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b , PRUint32 length)
27 if (rv != SECSuccess) 28 if (rv != SECSuccess)
28 » goto loser;» » /* malformed, alert has been sent */ 29 goto loser; /* malformed, alert has been sent */
29 30
30 + PORT_Assert(!ss->requestedCertTypes); 31 + PORT_Assert(!ss->requestedCertTypes);
31 + ss->requestedCertTypes = &cert_types; 32 + ss->requestedCertTypes = &cert_types;
32 + 33 +
33 if (isTLS12) { 34 if (isTLS12) {
34 » rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); 35 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
35 » if (rv != SECSuccess) 36 if (rv != SECSuccess)
36 @@ -7469,6 +7472,7 @@ loser: 37 @@ -7723,6 +7726,7 @@ loser:
37 PORT_SetError(errCode); 38 PORT_SetError(errCode);
38 rv = SECFailure; 39 rv = SECFailure;
39 done: 40 done:
40 + ss->requestedCertTypes = NULL; 41 + ss->requestedCertTypes = NULL;
41 if (arena != NULL) 42 if (arena != NULL)
42 » PORT_FreeArena(arena, PR_FALSE); 43 PORT_FreeArena(arena, PR_FALSE);
43 #ifdef NSS_PLATFORM_CLIENT_AUTH 44 return rv;
44 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h 45 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
45 index 94bb9f4..c7231a7 100644 46 index 10361a0..5f0e6c9 100644
46 --- a/lib/ssl/sslimpl.h 47 --- a/lib/ssl/sslimpl.h
47 +++ b/lib/ssl/sslimpl.h 48 +++ b/lib/ssl/sslimpl.h
48 @@ -1265,6 +1265,10 @@ struct sslSocketStr { 49 @@ -1296,6 +1296,10 @@ struct sslSocketStr {
49 unsigned int sizeCipherSpecs; 50 unsigned int sizeCipherSpecs;
50 const unsigned char * preferredCipher; 51 const unsigned char *preferredCipher;
51 52
52 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ 53 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */
53 + /* Will be NULL at all other times. */ 54 + /* Will be NULL at all other times. */
54 + const SECItem *requestedCertTypes; 55 + const SECItem *requestedCertTypes;
55 + 56 +
56 ssl3KeyPair * stepDownKeyPair;» /* RSA step down keys */ 57 ssl3KeyPair *stepDownKeyPair; /* RSA step down keys */
57 58
58 const ssl3DHParams *dheParams; /* DHE param */ 59 const ssl3DHParams *dheParams; /* DHE param */
59 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c 60 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
60 index b73f8f6..11e66f2 100644 61 index 601df2a..7f97b14 100644
61 --- a/lib/ssl/sslsock.c 62 --- a/lib/ssl/sslsock.c
62 +++ b/lib/ssl/sslsock.c 63 +++ b/lib/ssl/sslsock.c
63 @@ -2165,6 +2165,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands hake_resumed) { 64 @@ -2496,6 +2496,21 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands hake_resumed)
64 return SECSuccess; 65 return SECSuccess;
65 } 66 }
66 67
67 +const SECItem * 68 +const SECItem *
68 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) 69 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd)
69 +{ 70 +{
70 + sslSocket *ss = ssl_FindSocket(fd); 71 + sslSocket *ss = ssl_FindSocket(fd);
71 + 72 +
72 + if (!ss) { 73 + if (!ss) {
73 + SSL_DBG(("%d: SSL[%d]: bad socket in " 74 + SSL_DBG(("%d: SSL[%d]: bad socket in "
74 + "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd)); 75 + "SSL_GetRequestedClientCertificateTypes",
75 + return NULL; 76 + SSL_GETPID(), fd));
76 + } 77 + return NULL;
78 + }
77 + 79 +
78 + return ss->requestedCertTypes; 80 + return ss->requestedCertTypes;
79 +} 81 +}
80 + 82 +
81 /************************************************************************/ 83 /************************************************************************/
82 /* The following functions are the TOP LEVEL SSL functions. 84 /* The following functions are the TOP LEVEL SSL functions.
83 ** They all get called through the NSPRIOMethods table below. 85 ** They all get called through the NSPRIOMethods table below.
84 @@ -3243,6 +3257,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco lVariant) 86 @@ -3610,6 +3625,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco lVariant)
85 sc->serverKeyBits = 0; 87 sc->serverKeyBits = 0;
86 ss->certStatusArray[i] = NULL; 88 ss->certStatusArray[i] = NULL;
87 } 89 }
88 + ss->requestedCertTypes = NULL; 90 + ss->requestedCertTypes = NULL;
89 ss->stepDownKeyPair = NULL; 91 ss->stepDownKeyPair = NULL;
90 92
91 ss->dheParams = NULL; 93 ss->dheParams = NULL;
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/didhandshakeresume.patch ('k') | net/third_party/nss/patches/nobypass.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698