| OLD | NEW |
|---|
| (Empty) |
| 1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h | |
| 2 index e905aab..9e57220 100644 | |
| 3 --- a/lib/ssl/ssl.h | |
| 4 +++ b/lib/ssl/ssl.h | |
| 5 @@ -896,6 +896,17 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc
*fd, | |
| 6 PRBool flushCache, | |
| 7 PRIntervalTime timeout); | |
| 8 | |
| 9 +/* Returns a SECItem containing the certificate_types field of the | |
| 10 +** CertificateRequest message. Each byte of the data is a TLS | |
| 11 +** ClientCertificateType value, and they are ordered from most preferred to | |
| 12 +** least. This function should only be called from the | |
| 13 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any | |
| 14 +** other time. The returned value is valid only until the callback returns, an
d | |
| 15 +** should not be freed. | |
| 16 +*/ | |
| 17 +SSL_IMPORT const SECItem * | |
| 18 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd); | |
| 19 + | |
| 20 #ifdef SSL_DEPRECATED_FUNCTION | |
| 21 /* deprecated! | |
| 22 ** For the server, request a new handshake. For the client, begin a new | |
| 23 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c | |
| 24 index b8d4784..784f59b 100644 | |
| 25 --- a/lib/ssl/ssl3con.c | |
| 26 +++ b/lib/ssl/ssl3con.c | |
| 27 @@ -7674,6 +7674,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b
, PRUint32 length) | |
| 28 if (rv != SECSuccess) | |
| 29 goto loser; /* malformed, alert has been sent */ | |
| 30 | |
| 31 + PORT_Assert(!ss->requestedCertTypes); | |
| 32 + ss->requestedCertTypes = &cert_types; | |
| 33 + | |
| 34 if (isTLS12) { | |
| 35 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); | |
| 36 if (rv != SECSuccess) | |
| 37 @@ -7723,6 +7726,7 @@ loser: | |
| 38 PORT_SetError(errCode); | |
| 39 rv = SECFailure; | |
| 40 done: | |
| 41 + ss->requestedCertTypes = NULL; | |
| 42 if (arena != NULL) | |
| 43 PORT_FreeArena(arena, PR_FALSE); | |
| 44 return rv; | |
| 45 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h | |
| 46 index 10361a0..5f0e6c9 100644 | |
| 47 --- a/lib/ssl/sslimpl.h | |
| 48 +++ b/lib/ssl/sslimpl.h | |
| 49 @@ -1296,6 +1296,10 @@ struct sslSocketStr { | |
| 50 unsigned int sizeCipherSpecs; | |
| 51 const unsigned char *preferredCipher; | |
| 52 | |
| 53 + /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ | |
| 54 + /* Will be NULL at all other times. */ | |
| 55 + const SECItem *requestedCertTypes; | |
| 56 + | |
| 57 ssl3KeyPair *stepDownKeyPair; /* RSA step down keys */ | |
| 58 | |
| 59 const ssl3DHParams *dheParams; /* DHE param */ | |
| 60 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c | |
| 61 index 601df2a..7f97b14 100644 | |
| 62 --- a/lib/ssl/sslsock.c | |
| 63 +++ b/lib/ssl/sslsock.c | |
| 64 @@ -2496,6 +2496,21 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *hands
hake_resumed) | |
| 65 return SECSuccess; | |
| 66 } | |
| 67 | |
| 68 +const SECItem * | |
| 69 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd) | |
| 70 +{ | |
| 71 + sslSocket *ss = ssl_FindSocket(fd); | |
| 72 + | |
| 73 + if (!ss) { | |
| 74 + SSL_DBG(("%d: SSL[%d]: bad socket in " | |
| 75 + "SSL_GetRequestedClientCertificateTypes", | |
| 76 + SSL_GETPID(), fd)); | |
| 77 + return NULL; | |
| 78 + } | |
| 79 + | |
| 80 + return ss->requestedCertTypes; | |
| 81 +} | |
| 82 + | |
| 83 /************************************************************************/ | |
| 84 /* The following functions are the TOP LEVEL SSL functions. | |
| 85 ** They all get called through the NSPRIOMethods table below. | |
| 86 @@ -3610,6 +3625,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco
lVariant) | |
| 87 sc->serverKeyBits = 0; | |
| 88 ss->certStatusArray[i] = NULL; | |
| 89 } | |
| 90 + ss->requestedCertTypes = NULL; | |
| 91 ss->stepDownKeyPair = NULL; | |
| 92 | |
| 93 ss->dheParams = NULL; | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master