net/third_party/nss/patches/reorderextensions.patch - Issue 1844813002: Uprev NSS to 3.23 on iOS

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/third_party/nss/patches/reorderextensions.patch

Issue 1844813002: Uprev NSS to 3.23 on iOS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: One more GN fix Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/third_party/nss/patches/reorderextensions.patch

diff --git a/net/third_party/nss/patches/reorderextensions.patch b/net/third_party/nss/patches/reorderextensions.patch

index c522822506ef770717c549c25118f7ce364bfd8c..0779e6971ac06ea27375858ed900c1c9ea5aa0c4 100644

--- a/net/third_party/nss/patches/reorderextensions.patch

+++ b/net/third_party/nss/patches/reorderextensions.patch

@@ -1,19 +1,24 @@

diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c

-index 9cfd541..eb3fb70 100644

+index 2ffe77b..3b48c9e 100644

--- a/lib/ssl/ssl3ext.c

+++ b/lib/ssl/ssl3ext.c

-@@ -321,6 +321,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {

- { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },

- { ssl_signed_certificate_timestamp_xtn,

- &ssl3_ClientSendSignedCertTimestampXtn },

-+ /* WebSphere Application Server 7.0 is intolerant to the last extension

-+ * being zero-length. It is not intolerant of TLS 1.2, so ensure that

-+ * signature_algorithms is at the end to guarantee a non-empty

-+ * extension. */

- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },

- { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },

- { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn},

-@@ -2546,9 +2550,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)

+@@ -336,10 +336,14 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS]

+ { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },

+ { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },

+ { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },

+- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },

+ { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },

+ { ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn },

+ { ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn },

++ /* Some servers (e.g. WebSphere Application Server 7.0 and Tomcat) will

++ * time out or terminate the connection if the last extension in the

++ * client hello is empty. They are not intolerant of TLS 1.2, so list

++ * signature_algorithms at the end. See bug 1243641. */

++ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },

+ /* any extra entries will appear as { 0, NULL } */

+ };

+@@ -2690,9 +2694,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)

}

extensionLength = 512 - recordLength;

« no previous file with comments | « net/third_party/nss/patches/nssrwlock.patch ('k') | net/third_party/nss/patches/restartclientauth.patch » ('j') | no next file with comments »