| Index: net/third_party/nss/patches/clientauth.patch
|
| diff --git a/net/third_party/nss/patches/clientauth.patch b/net/third_party/nss/patches/clientauth.patch
|
| deleted file mode 100644
|
| index 17539d16322037a175aa9a1679da2bd15519a3b0..0000000000000000000000000000000000000000
|
| --- a/net/third_party/nss/patches/clientauth.patch
|
| +++ /dev/null
|
| @@ -1,457 +0,0 @@
|
| -diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
| -index 2a52769..48fa018 100644
|
| ---- a/lib/ssl/ssl.h
|
| -+++ b/lib/ssl/ssl.h
|
| -@@ -636,6 +636,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
|
| - SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
|
| - SSLGetClientAuthData f, void *a);
|
| -
|
| -+/*
|
| -+ * Prototype for SSL callback to get client auth data from the application,
|
| -+ * optionally using the underlying platform's cryptographic primitives.
|
| -+ * To use the platform cryptographic primitives, caNames and pRetCerts
|
| -+ * should be set. To use NSS, pRetNSSCert and pRetNSSKey should be set.
|
| -+ * Returning SECFailure will cause the socket to send no client certificate.
|
| -+ * arg - application passed argument
|
| -+ * caNames - pointer to distinguished names of CAs that the server likes
|
| -+ * pRetCerts - pointer to pointer to list of certs, with the first being
|
| -+ * the client cert, and any following being used for chain
|
| -+ * building
|
| -+ * pRetKey - pointer to native key pointer, for return of key
|
| -+ * - Windows: A pointer to a PCERT_KEY_CONTEXT that was allocated
|
| -+ * via PORT_Alloc(). Ownership of the PCERT_KEY_CONTEXT
|
| -+ * is transferred to NSS, which will free via
|
| -+ * PORT_Free().
|
| -+ * - Mac OS X: A pointer to a SecKeyRef. Ownership is
|
| -+ * transferred to NSS, which will free via CFRelease().
|
| -+ * pRetNSSCert - pointer to pointer to NSS cert, for return of cert.
|
| -+ * pRetNSSKey - pointer to NSS key pointer, for return of key.
|
| -+ */
|
| -+typedef SECStatus (PR_CALLBACK *SSLGetPlatformClientAuthData)(void *arg,
|
| -+ PRFileDesc *fd,
|
| -+ CERTDistNames *caNames,
|
| -+ CERTCertList **pRetCerts,/*return */
|
| -+ void **pRetKey,/* return */
|
| -+ CERTCertificate **pRetNSSCert,/*return */
|
| -+ SECKEYPrivateKey **pRetNSSKey);/* return */
|
| -+
|
| -+/*
|
| -+ * Set the client side callback for SSL to retrieve user's private key
|
| -+ * and certificate.
|
| -+ * Note: If a platform client auth callback is set, the callback configured by
|
| -+ * SSL_GetClientAuthDataHook, if any, will not be called.
|
| -+ *
|
| -+ * fd - the file descriptor for the connection in question
|
| -+ * f - the application's callback that delivers the key and cert
|
| -+ * a - application specific data
|
| -+ */
|
| -+SSL_IMPORT SECStatus
|
| -+SSL_GetPlatformClientAuthDataHook(PRFileDesc *fd,
|
| -+ SSLGetPlatformClientAuthData f, void *a);
|
| -
|
| - /*
|
| - ** SNI extension processing callback function.
|
| -diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
| -index 9aaf601..cc193cd 100644
|
| ---- a/lib/ssl/ssl3con.c
|
| -+++ b/lib/ssl/ssl3con.c
|
| -@@ -2530,6 +2530,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
|
| - PRBool isPresent = PR_TRUE;
|
| -
|
| - /* we only care if we are doing client auth */
|
| -+ /* If NSS_PLATFORM_CLIENT_AUTH is defined and a platformClientKey is being
|
| -+ * used, u.ssl3.clAuthValid will be false and this function will always
|
| -+ * return PR_TRUE. */
|
| - if (!sid || !sid->u.ssl3.clAuthValid) {
|
| - return PR_TRUE;
|
| - }
|
| -@@ -6352,25 +6355,36 @@ ssl3_SendCertificateVerify(sslSocket *ss)
|
| -
|
| - isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
|
| - isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
| -- keyType = ss->ssl3.clientPrivateKey->keyType;
|
| -- rv = ssl3_SignHashes(&hashes, ss->ssl3.clientPrivateKey, &buf, isTLS);
|
| -- if (rv == SECSuccess) {
|
| -- PK11SlotInfo * slot;
|
| -- sslSessionID * sid = ss->sec.ci.sid;
|
| -+ if (ss->ssl3.platformClientKey) {
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ keyType = CERT_GetCertKeyType(
|
| -+ &ss->ssl3.clientCertificate->subjectPublicKeyInfo);
|
| -+ rv = ssl3_PlatformSignHashes(
|
| -+ &hashes, ss->ssl3.platformClientKey, &buf, isTLS, keyType);
|
| -+ ssl_FreePlatformKey(ss->ssl3.platformClientKey);
|
| -+ ss->ssl3.platformClientKey = (PlatformKey)NULL;
|
| -+#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
| -+ } else {
|
| -+ keyType = ss->ssl3.clientPrivateKey->keyType;
|
| -+ rv = ssl3_SignHashes(&hashes, ss->ssl3.clientPrivateKey, &buf, isTLS);
|
| -+ if (rv == SECSuccess) {
|
| -+ PK11SlotInfo * slot;
|
| -+ sslSessionID * sid = ss->sec.ci.sid;
|
| -
|
| -- /* Remember the info about the slot that did the signing.
|
| -- ** Later, when doing an SSL restart handshake, verify this.
|
| -- ** These calls are mere accessors, and can't fail.
|
| -- */
|
| -- slot = PK11_GetSlotFromPrivateKey(ss->ssl3.clientPrivateKey);
|
| -- sid->u.ssl3.clAuthSeries = PK11_GetSlotSeries(slot);
|
| -- sid->u.ssl3.clAuthSlotID = PK11_GetSlotID(slot);
|
| -- sid->u.ssl3.clAuthModuleID = PK11_GetModuleID(slot);
|
| -- sid->u.ssl3.clAuthValid = PR_TRUE;
|
| -- PK11_FreeSlot(slot);
|
| -+ /* Remember the info about the slot that did the signing.
|
| -+ ** Later, when doing an SSL restart handshake, verify this.
|
| -+ ** These calls are mere accessors, and can't fail.
|
| -+ */
|
| -+ slot = PK11_GetSlotFromPrivateKey(ss->ssl3.clientPrivateKey);
|
| -+ sid->u.ssl3.clAuthSeries = PK11_GetSlotSeries(slot);
|
| -+ sid->u.ssl3.clAuthSlotID = PK11_GetSlotID(slot);
|
| -+ sid->u.ssl3.clAuthModuleID = PK11_GetModuleID(slot);
|
| -+ sid->u.ssl3.clAuthValid = PR_TRUE;
|
| -+ PK11_FreeSlot(slot);
|
| -+ }
|
| -+ SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
|
| -+ ss->ssl3.clientPrivateKey = NULL;
|
| - }
|
| -- SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
|
| -- ss->ssl3.clientPrivateKey = NULL;
|
| - if (rv != SECSuccess) {
|
| - goto done; /* err code was set by ssl3_SignHashes */
|
| - }
|
| -@@ -6449,6 +6463,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| - SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
|
| - ss->ssl3.clientPrivateKey = NULL;
|
| - }
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ if (ss->ssl3.platformClientKey) {
|
| -+ ssl_FreePlatformKey(ss->ssl3.platformClientKey);
|
| -+ ss->ssl3.platformClientKey = (PlatformKey)NULL;
|
| -+ }
|
| -+#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
| -
|
| - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
|
| - if (temp < 0) {
|
| -@@ -7109,6 +7129,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss,
|
| - goto done;
|
| - }
|
| -
|
| -+#if defined(NSS_PLATFORM_CLIENT_AUTH) && defined(_WIN32)
|
| -+ /* If the key is in CAPI, assume conservatively that the CAPI service
|
| -+ * provider may be unable to sign SHA-256 hashes.
|
| -+ */
|
| -+ if (ss->ssl3.platformClientKey->dwKeySpec != CERT_NCRYPT_KEY_SPEC) {
|
| -+ /* CAPI only supports RSA and DSA signatures, so we don't need to
|
| -+ * check the key type. */
|
| -+ *preferSha1 = PR_TRUE;
|
| -+ goto done;
|
| -+ }
|
| -+#endif /* NSS_PLATFORM_CLIENT_AUTH && _WIN32 */
|
| -+
|
| - /* If the key is a 1024-bit RSA or DSA key, assume conservatively that
|
| - * it may be unable to sign SHA-256 hashes. This is the case for older
|
| - * Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and
|
| -@@ -7207,6 +7239,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| - SECItem cert_types = {siBuffer, NULL, 0};
|
| - SECItem algorithms = {siBuffer, NULL, 0};
|
| - CERTDistNames ca_list;
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ CERTCertList * platform_cert_list = NULL;
|
| -+ CERTCertListNode * certNode = NULL;
|
| -+#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
| -
|
| - SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
|
| - SSL_GETPID(), ss->fd));
|
| -@@ -7222,6 +7258,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| - PORT_Assert(ss->ssl3.clientCertChain == NULL);
|
| - PORT_Assert(ss->ssl3.clientCertificate == NULL);
|
| - PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
|
| -+ PORT_Assert(ss->ssl3.platformClientKey == (PlatformKey)NULL);
|
| -
|
| - isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
|
| - isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
| -@@ -7301,6 +7338,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| - desc = no_certificate;
|
| - ss->ssl3.hs.ws = wait_hello_done;
|
| -
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ if (ss->getPlatformClientAuthData != NULL) {
|
| -+ /* XXX Should pass cert_types and algorithms in this call!! */
|
| -+ rv = (SECStatus)(*ss->getPlatformClientAuthData)(
|
| -+ ss->getPlatformClientAuthDataArg,
|
| -+ ss->fd, &ca_list,
|
| -+ &platform_cert_list,
|
| -+ (void**)&ss->ssl3.platformClientKey,
|
| -+ &ss->ssl3.clientCertificate,
|
| -+ &ss->ssl3.clientPrivateKey);
|
| -+ } else
|
| -+#endif
|
| - if (ss->getClientAuthData != NULL) {
|
| - PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
|
| - ssl_preinfo_all);
|
| -@@ -7312,12 +7361,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| - } else {
|
| - rv = SECFailure; /* force it to send a no_certificate alert */
|
| - }
|
| -+
|
| - switch (rv) {
|
| - case SECWouldBlock: /* getClientAuthData has put up a dialog box. */
|
| - ssl3_SetAlwaysBlock(ss);
|
| - break; /* not an error */
|
| -
|
| - case SECSuccess:
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ if (!platform_cert_list || CERT_LIST_EMPTY(platform_cert_list) ||
|
| -+ !ss->ssl3.platformClientKey) {
|
| -+ if (platform_cert_list) {
|
| -+ CERT_DestroyCertList(platform_cert_list);
|
| -+ platform_cert_list = NULL;
|
| -+ }
|
| -+ if (ss->ssl3.platformClientKey) {
|
| -+ ssl_FreePlatformKey(ss->ssl3.platformClientKey);
|
| -+ ss->ssl3.platformClientKey = (PlatformKey)NULL;
|
| -+ }
|
| -+ /* Fall through to NSS client auth check */
|
| -+ } else {
|
| -+ certNode = CERT_LIST_HEAD(platform_cert_list);
|
| -+ ss->ssl3.clientCertificate = CERT_DupCertificate(certNode->cert);
|
| -+
|
| -+ /* Setting ssl3.clientCertChain non-NULL will cause
|
| -+ * ssl3_HandleServerHelloDone to call SendCertificate.
|
| -+ * Note: clientCertChain should include the EE cert as
|
| -+ * clientCertificate is ignored during the actual sending
|
| -+ */
|
| -+ ss->ssl3.clientCertChain =
|
| -+ hack_NewCertificateListFromCertList(platform_cert_list);
|
| -+ CERT_DestroyCertList(platform_cert_list);
|
| -+ platform_cert_list = NULL;
|
| -+ if (ss->ssl3.clientCertChain == NULL) {
|
| -+ if (ss->ssl3.clientCertificate != NULL) {
|
| -+ CERT_DestroyCertificate(ss->ssl3.clientCertificate);
|
| -+ ss->ssl3.clientCertificate = NULL;
|
| -+ }
|
| -+ if (ss->ssl3.platformClientKey) {
|
| -+ ssl_FreePlatformKey(ss->ssl3.platformClientKey);
|
| -+ ss->ssl3.platformClientKey = (PlatformKey)NULL;
|
| -+ }
|
| -+ goto send_no_certificate;
|
| -+ }
|
| -+ if (ss->ssl3.hs.hashType == handshake_hash_single) {
|
| -+ ssl3_DestroyBackupHandshakeHashIfNotNeeded(ss, &algorithms);
|
| -+ }
|
| -+ break; /* not an error */
|
| -+ }
|
| -+#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
| - /* check what the callback function returned */
|
| - if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) {
|
| - /* we are missing either the key or cert */
|
| -@@ -7379,6 +7471,10 @@ loser:
|
| - done:
|
| - if (arena != NULL)
|
| - PORT_FreeArena(arena, PR_FALSE);
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ if (platform_cert_list)
|
| -+ CERT_DestroyCertList(platform_cert_list);
|
| -+#endif
|
| - return rv;
|
| - }
|
| -
|
| -@@ -7497,7 +7593,8 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
| -
|
| - sendClientCert = !ss->ssl3.sendEmptyCert &&
|
| - ss->ssl3.clientCertChain != NULL &&
|
| -- ss->ssl3.clientPrivateKey != NULL;
|
| -+ (ss->ssl3.platformClientKey ||
|
| -+ ss->ssl3.clientPrivateKey != NULL);
|
| -
|
| - if (!sendClientCert &&
|
| - ss->ssl3.hs.hashType == handshake_hash_single &&
|
| -@@ -12910,6 +13007,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
|
| -
|
| - if (ss->ssl3.clientPrivateKey != NULL)
|
| - SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ if (ss->ssl3.platformClientKey)
|
| -+ ssl_FreePlatformKey(ss->ssl3.platformClientKey);
|
| -+#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
| -
|
| - if (ss->ssl3.peerCertArena != NULL)
|
| - ssl3_CleanupPeerCerts(ss);
|
| -diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
|
| -index cf04aba..5661a5c 100644
|
| ---- a/lib/ssl/ssl3ext.c
|
| -+++ b/lib/ssl/ssl3ext.c
|
| -@@ -11,8 +11,8 @@
|
| - #include "nssrenam.h"
|
| - #include "nss.h"
|
| - #include "ssl.h"
|
| --#include "sslproto.h"
|
| - #include "sslimpl.h"
|
| -+#include "sslproto.h"
|
| - #include "pk11pub.h"
|
| - #ifdef NO_PKCS11_BYPASS
|
| - #include "blapit.h"
|
| -diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c
|
| -index b144336..e6981f0 100644
|
| ---- a/lib/ssl/sslauth.c
|
| -+++ b/lib/ssl/sslauth.c
|
| -@@ -216,6 +216,28 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
|
| - return SECSuccess;
|
| - }
|
| -
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+/* NEED LOCKS IN HERE. */
|
| -+SECStatus
|
| -+SSL_GetPlatformClientAuthDataHook(PRFileDesc *s,
|
| -+ SSLGetPlatformClientAuthData func,
|
| -+ void *arg)
|
| -+{
|
| -+ sslSocket *ss;
|
| -+
|
| -+ ss = ssl_FindSocket(s);
|
| -+ if (!ss) {
|
| -+ SSL_DBG(("%d: SSL[%d]: bad socket in GetPlatformClientAuthDataHook",
|
| -+ SSL_GETPID(), s));
|
| -+ return SECFailure;
|
| -+ }
|
| -+
|
| -+ ss->getPlatformClientAuthData = func;
|
| -+ ss->getPlatformClientAuthDataArg = arg;
|
| -+ return SECSuccess;
|
| -+}
|
| -+#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
| -+
|
| - /* NEED LOCKS IN HERE. */
|
| - SECStatus
|
| - SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
|
| -diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
| -index 9dcc29e..94bb9f4 100644
|
| ---- a/lib/ssl/sslimpl.h
|
| -+++ b/lib/ssl/sslimpl.h
|
| -@@ -21,6 +21,7 @@
|
| - #include "sslerr.h"
|
| - #include "ssl3prot.h"
|
| - #include "hasht.h"
|
| -+#include "keythi.h"
|
| - #include "nssilock.h"
|
| - #include "pkcs11t.h"
|
| - #if defined(XP_UNIX) || defined(XP_BEOS)
|
| -@@ -32,6 +33,15 @@
|
| -
|
| - #include "sslt.h" /* for some formerly private types, now public */
|
| -
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+#if defined(XP_WIN32)
|
| -+#include <windows.h>
|
| -+#include <wincrypt.h>
|
| -+#elif defined(XP_MACOSX)
|
| -+#include <Security/Security.h>
|
| -+#endif
|
| -+#endif
|
| -+
|
| - /* to make some of these old enums public without namespace pollution,
|
| - ** it was necessary to prepend ssl_ to the names.
|
| - ** These #defines preserve compatibility with the old code here in libssl.
|
| -@@ -453,6 +463,14 @@ struct sslGatherStr {
|
| - #define GS_DATA 3
|
| - #define GS_PAD 4
|
| -
|
| -+#if defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_WIN32)
|
| -+typedef PCERT_KEY_CONTEXT PlatformKey;
|
| -+#elif defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_MACOSX)
|
| -+typedef SecKeyRef PlatformKey;
|
| -+#else
|
| -+typedef void *PlatformKey;
|
| -+#endif
|
| -+
|
| -
|
| -
|
| - /*
|
| -@@ -974,6 +992,10 @@ struct ssl3StateStr {
|
| -
|
| - CERTCertificate * clientCertificate; /* used by client */
|
| - SECKEYPrivateKey * clientPrivateKey; /* used by client */
|
| -+ /* platformClientKey is present even when NSS_PLATFORM_CLIENT_AUTH is not
|
| -+ * defined in order to allow cleaner conditional code.
|
| -+ * At most one of clientPrivateKey and platformClientKey may be set. */
|
| -+ PlatformKey platformClientKey; /* used by client */
|
| - CERTCertificateList *clientCertChain; /* used by client */
|
| - PRBool sendEmptyCert; /* used by client */
|
| -
|
| -@@ -1253,6 +1275,10 @@ const unsigned char * preferredCipher;
|
| - void *authCertificateArg;
|
| - SSLGetClientAuthData getClientAuthData;
|
| - void *getClientAuthDataArg;
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ SSLGetPlatformClientAuthData getPlatformClientAuthData;
|
| -+ void *getPlatformClientAuthDataArg;
|
| -+#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
| - SSLSNISocketConfig sniSocketConfig;
|
| - void *sniSocketConfigArg;
|
| - SSLBadCertHandler handleBadCert;
|
| -@@ -1896,6 +1922,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
|
| -
|
| - extern SECStatus ssl_FreeSessionCacheLocks(void);
|
| -
|
| -+/***************** platform client auth ****************/
|
| -+
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+// Releases the platform key.
|
| -+extern void ssl_FreePlatformKey(PlatformKey key);
|
| -+
|
| -+// Implement the client CertificateVerify message for SSL3/TLS1.0
|
| -+extern SECStatus ssl3_PlatformSignHashes(SSL3Hashes *hash,
|
| -+ PlatformKey key, SECItem *buf,
|
| -+ PRBool isTLS, KeyType keyType);
|
| -+
|
| -+// Converts a CERTCertList* (A collection of CERTCertificates) into a
|
| -+// CERTCertificateList* (A collection of SECItems), or returns NULL if
|
| -+// it cannot be converted.
|
| -+// This is to allow the platform-supplied chain to be created with purely
|
| -+// public API functions, using the preferred CERTCertList mutators, rather
|
| -+// pushing this hack to clients.
|
| -+extern CERTCertificateList* hack_NewCertificateListFromCertList(
|
| -+ CERTCertList* list);
|
| -+#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
| -
|
| - /**************** DTLS-specific functions **************/
|
| - extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg);
|
| -diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
| -index f735009..21754d6 100644
|
| ---- a/lib/ssl/sslsock.c
|
| -+++ b/lib/ssl/sslsock.c
|
| -@@ -300,6 +300,10 @@ ssl_DupSocket(sslSocket *os)
|
| - ss->authCertificateArg = os->authCertificateArg;
|
| - ss->getClientAuthData = os->getClientAuthData;
|
| - ss->getClientAuthDataArg = os->getClientAuthDataArg;
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ ss->getPlatformClientAuthData = os->getPlatformClientAuthData;
|
| -+ ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
|
| -+#endif
|
| - ss->sniSocketConfig = os->sniSocketConfig;
|
| - ss->sniSocketConfigArg = os->sniSocketConfigArg;
|
| - ss->handleBadCert = os->handleBadCert;
|
| -@@ -1963,6 +1967,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
|
| - ss->getClientAuthData = sm->getClientAuthData;
|
| - if (sm->getClientAuthDataArg)
|
| - ss->getClientAuthDataArg = sm->getClientAuthDataArg;
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ if (sm->getPlatformClientAuthData)
|
| -+ ss->getPlatformClientAuthData = sm->getPlatformClientAuthData;
|
| -+ if (sm->getPlatformClientAuthDataArg)
|
| -+ ss->getPlatformClientAuthDataArg = sm->getPlatformClientAuthDataArg;
|
| -+#endif
|
| - if (sm->sniSocketConfig)
|
| - ss->sniSocketConfig = sm->sniSocketConfig;
|
| - if (sm->sniSocketConfigArg)
|
| -@@ -3232,6 +3242,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
| - ss->sniSocketConfig = NULL;
|
| - ss->sniSocketConfigArg = NULL;
|
| - ss->getClientAuthData = NULL;
|
| -+#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -+ ss->getPlatformClientAuthData = NULL;
|
| -+ ss->getPlatformClientAuthDataArg = NULL;
|
| -+#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
| - ss->handleBadCert = NULL;
|
| - ss->badCertArg = NULL;
|
| - ss->pkcs11PinArg = NULL;
|
|
|
Chromium Code Reviews
Issue 1844813002:
Uprev NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master