Index: net/third_party/nss/patches/nobypass.patch |
diff --git a/net/third_party/nss/patches/nobypass.patch b/net/third_party/nss/patches/nobypass.patch |
new file mode 100644 |
index 0000000000000000000000000000000000000000..8896d36e15959cb4bbefd5ef7d6d1c31490da337 |
--- /dev/null |
+++ b/net/third_party/nss/patches/nobypass.patch |
@@ -0,0 +1,20 @@ |
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c |
+index 7649abe..b6f4987 100644 |
+--- a/lib/ssl/ssl3con.c |
++++ b/lib/ssl/ssl3con.c |
+@@ -2297,6 +2297,7 @@ fail: |
+ return SECFailure; |
+ } |
+ |
++#ifndef NO_PKCS11_BYPASS |
+ /* Returns whether we can bypass PKCS#11 for a given cipher algorithm. |
+ * |
+ * We do not support PKCS#11 bypass for ChaCha20/Poly1305. |
+@@ -2311,6 +2312,7 @@ ssl3_CanBypassCipher(SSLCipherAlgorithm calg) |
+ return PR_TRUE; |
+ } |
+ } |
++#endif |
+ |
+ /* Complete the initialization of all keys, ciphers, MACs and their contexts |
+ * for the pending Cipher Spec. |