| Index: net/third_party/nss/ssl/authcert.c
|
| diff --git a/net/third_party/nss/ssl/authcert.c b/net/third_party/nss/ssl/authcert.c
|
| index bd0f6ed49a2befc803e379aaff10992ad8c0cb0c..88c7c084ae4d0ad6a9e0c8e52739464e3e298986 100644
|
| --- a/net/third_party/nss/ssl/authcert.c
|
| +++ b/net/third_party/nss/ssl/authcert.c
|
| @@ -16,74 +16,74 @@
|
| #include "key.h"
|
| #include "nss.h"
|
| #include "ssl.h"
|
| -#include "pk11func.h" /* for PK11_ function calls */
|
| +#include "pk11func.h" /* for PK11_ function calls */
|
|
|
| /*
|
| * This callback used by SSL to pull client sertificate upon
|
| * server request
|
| */
|
| -SECStatus
|
| -NSS_GetClientAuthData(void * arg,
|
| - PRFileDesc * socket,
|
| - struct CERTDistNamesStr * caNames,
|
| - struct CERTCertificateStr ** pRetCert,
|
| - struct SECKEYPrivateKeyStr **pRetKey)
|
| +SECStatus
|
| +NSS_GetClientAuthData(void *arg,
|
| + PRFileDesc *socket,
|
| + struct CERTDistNamesStr *caNames,
|
| + struct CERTCertificateStr **pRetCert,
|
| + struct SECKEYPrivateKeyStr **pRetKey)
|
| {
|
| - CERTCertificate * cert = NULL;
|
| - SECKEYPrivateKey * privkey = NULL;
|
| - char * chosenNickName = (char *)arg; /* CONST */
|
| - void * proto_win = NULL;
|
| - SECStatus rv = SECFailure;
|
| -
|
| - proto_win = SSL_RevealPinArg(socket);
|
| -
|
| - if (chosenNickName) {
|
| - cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
|
| - chosenNickName, certUsageSSLClient,
|
| - PR_FALSE, proto_win);
|
| - if ( cert ) {
|
| - privkey = PK11_FindKeyByAnyCert(cert, proto_win);
|
| - if ( privkey ) {
|
| - rv = SECSuccess;
|
| - } else {
|
| - CERT_DestroyCertificate(cert);
|
| - }
|
| + CERTCertificate *cert = NULL;
|
| + SECKEYPrivateKey *privkey = NULL;
|
| + char *chosenNickName = (char *)arg; /* CONST */
|
| + void *proto_win = NULL;
|
| + SECStatus rv = SECFailure;
|
| +
|
| + proto_win = SSL_RevealPinArg(socket);
|
| +
|
| + if (chosenNickName) {
|
| + cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
|
| + chosenNickName, certUsageSSLClient,
|
| + PR_FALSE, proto_win);
|
| + if (cert) {
|
| + privkey = PK11_FindKeyByAnyCert(cert, proto_win);
|
| + if (privkey) {
|
| + rv = SECSuccess;
|
| + } else {
|
| + CERT_DestroyCertificate(cert);
|
| + }
|
| + }
|
| + } else { /* no name given, automatically find the right cert. */
|
| + CERTCertNicknames *names;
|
| + int i;
|
| +
|
| + names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
|
| + SEC_CERT_NICKNAMES_USER, proto_win);
|
| + if (names != NULL) {
|
| + for (i = 0; i < names->numnicknames; i++) {
|
| + cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
|
| + names->nicknames[i], certUsageSSLClient,
|
| + PR_FALSE, proto_win);
|
| + if (!cert)
|
| + continue;
|
| + /* Only check unexpired certs */
|
| + if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
|
| + secCertTimeValid) {
|
| + CERT_DestroyCertificate(cert);
|
| + continue;
|
| + }
|
| + rv = NSS_CmpCertChainWCANames(cert, caNames);
|
| + if (rv == SECSuccess) {
|
| + privkey =
|
| + PK11_FindKeyByAnyCert(cert, proto_win);
|
| + if (privkey)
|
| + break;
|
| + }
|
| + rv = SECFailure;
|
| + CERT_DestroyCertificate(cert);
|
| + }
|
| + CERT_FreeNicknames(names);
|
| + }
|
| }
|
| - } else { /* no name given, automatically find the right cert. */
|
| - CERTCertNicknames * names;
|
| - int i;
|
| -
|
| - names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
|
| - SEC_CERT_NICKNAMES_USER, proto_win);
|
| - if (names != NULL) {
|
| - for (i = 0; i < names->numnicknames; i++) {
|
| - cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
|
| - names->nicknames[i], certUsageSSLClient,
|
| - PR_FALSE, proto_win);
|
| - if ( !cert )
|
| - continue;
|
| - /* Only check unexpired certs */
|
| - if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
|
| - secCertTimeValid ) {
|
| - CERT_DestroyCertificate(cert);
|
| - continue;
|
| - }
|
| - rv = NSS_CmpCertChainWCANames(cert, caNames);
|
| - if ( rv == SECSuccess ) {
|
| - privkey = PK11_FindKeyByAnyCert(cert, proto_win);
|
| - if ( privkey )
|
| - break;
|
| - }
|
| - rv = SECFailure;
|
| - CERT_DestroyCertificate(cert);
|
| - }
|
| - CERT_FreeNicknames(names);
|
| + if (rv == SECSuccess) {
|
| + *pRetCert = cert;
|
| + *pRetKey = privkey;
|
| }
|
| - }
|
| - if (rv == SECSuccess) {
|
| - *pRetCert = cert;
|
| - *pRetKey = privkey;
|
| - }
|
| - return rv;
|
| + return rv;
|
| }
|
| -
|
|
|
Chromium Code Reviews
Issue 1844813002:
Uprev NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master