| OLD | NEW |
|---|
| 1 diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c | 1 diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c |
| 2 index 9cfd541..eb3fb70 100644 | 2 index 2ffe77b..3b48c9e 100644 |
| 3 --- a/lib/ssl/ssl3ext.c | 3 --- a/lib/ssl/ssl3ext.c |
| 4 +++ b/lib/ssl/ssl3ext.c | 4 +++ b/lib/ssl/ssl3ext.c |
| 5 @@ -321,6 +321,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTE
NSIONS] = { | 5 @@ -336,10 +336,14 @@ static const ssl3HelloExtensionSender clientHelloSendersTL
S[SSL_MAX_EXTENSIONS] |
| 6 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, | 6 { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, |
| 7 { ssl_signed_certificate_timestamp_xtn, | 7 { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, |
| 8 &ssl3_ClientSendSignedCertTimestampXtn }, | 8 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, |
| 9 + /* WebSphere Application Server 7.0 is intolerant to the last extension | 9 - { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, |
| 10 + * being zero-length. It is not intolerant of TLS 1.2, so ensure that | 10 { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, |
| 11 + * signature_algorithms is at the end to guarantee a non-empty | 11 { ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn }
, |
| 12 + * extension. */ | 12 { ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn }, |
| 13 { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, | 13 + /* Some servers (e.g. WebSphere Application Server 7.0 and Tomcat) will |
| 14 { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, | 14 + * time out or terminate the connection if the last extension in the |
| 15 { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn}, | 15 + * client hello is empty. They are not intolerant of TLS 1.2, so list |
| 16 @@ -2546,9 +2550,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientH
elloLength) | 16 + * signature_algorithms at the end. See bug 1243641. */ |
| 17 + { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, |
| 18 /* any extra entries will appear as { 0, NULL } */ |
| 19 }; |
| 20 |
| 21 @@ -2690,9 +2694,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientH
elloLength) |
| 17 } | 22 } |
| 18 | 23 |
| 19 extensionLength = 512 - recordLength; | 24 extensionLength = 512 - recordLength; |
| 20 - /* Extensions take at least four bytes to encode. */ | 25 - /* Extensions take at least four bytes to encode. */ |
| 21 - if (extensionLength < 4) { | 26 - if (extensionLength < 4) { |
| 22 - extensionLength = 4; | 27 - extensionLength = 4; |
| 23 + /* Extensions take at least four bytes to encode. Always include at least | 28 + /* Extensions take at least four bytes to encode. Always include at least |
| 24 + * one byte of data if including the extension. WebSphere Application | 29 + * one byte of data if including the extension. WebSphere Application |
| 25 + * Server 7.0 is intolerant to the last extension being zero-length. */ | 30 + * Server 7.0 is intolerant to the last extension being zero-length. */ |
| 26 + if (extensionLength < 4 + 1) { | 31 + if (extensionLength < 4 + 1) { |
| 27 + extensionLength = 4 + 1; | 32 + extensionLength = 4 + 1; |
| 28 } | 33 } |
| 29 | 34 |
| 30 return extensionLength; | 35 return extensionLength; |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1844813002:
Uprev NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master