Move signature_algorithm extension to the end in NSS.

net/third_party/nss/patches/reorderextensions.patch

Index: net/third_party/nss/patches/reorderextensions.patch
diff --git a/net/third_party/nss/patches/reorderextensions.patch b/net/third_party/nss/patches/reorderextensions.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5537bf6d4c3cd0fa242a884a25f7907f689c3ef3
--- /dev/null
+++ b/net/third_party/nss/patches/reorderextensions.patch
@@ -0,0 +1,46 @@
+diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
+index 6f3fe2f..a17d864 100644
+--- a/nss/lib/ssl/ssl3ext.c
++++ b/nss/lib/ssl/ssl3ext.c
+@@ -285,10 +285,6 @@ static const
+ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
+     { ssl_server_name_xtn,        &ssl3_SendServerNameXtn        },
+     { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
+-#ifdef NSS_ENABLE_ECC
+-    { ssl_elliptic_curves_xtn,    &ssl3_SendSupportedCurvesXtn },
+-    { ssl_ec_point_formats_xtn,   &ssl3_SendSupportedPointFormatsXtn },
+-#endif
+     { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn },
+     { ssl_next_proto_nego_xtn,    &ssl3_ClientSendNextProtoNegoXtn },
+     { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
+@@ -297,7 +293,14 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
+     { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
+     { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+     { ssl_signed_certificate_timestamp_xtn,
+-      &ssl3_ClientSendSignedCertTimestampXtn }
++      &ssl3_ClientSendSignedCertTimestampXtn },
++    /* Some servers are intolerant to the last extension being zero-length. ECC
++     * extensions are non-empty and not dropped until fallback to SSL3, at which
++     * point all extensions are gone. */
++#ifdef NSS_ENABLE_ECC
++    { ssl_elliptic_curves_xtn,    &ssl3_SendSupportedCurvesXtn },
++    { ssl_ec_point_formats_xtn,   &ssl3_SendSupportedPointFormatsXtn },
++#endif
+     /* any extra entries will appear as { 0, NULL }    */
+ };
+ 
+@@ -2347,9 +2350,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
+     }
+ 
+     extensionLength = 512 - recordLength;
+-    /* Extensions take at least four bytes to encode. */
+-    if (extensionLength < 4) {
+-	extensionLength = 4;
++    /* Extensions take at least four bytes to encode. Always include at least
++     * one byte of data if including the extension. Some servers are intolerant
++     * to the last extension being empty. */
++    if (extensionLength < 4 + 1) {
++	extensionLength = 4 + 1;
+     }
+ 
+     return extensionLength;