Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1349)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/ssl/ssl3ext.c

Issue 240633006: Move signature_algorithm extension to the end in NSS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Match other patches Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/patches/reorderextensions.patch ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/ssl3ext.c
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index 6f3fe2fa65191b6fd667c991e8c2c7df3381e063..a17d864c720b187905a76df554e18a8779a3919e 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
+++ b/net/third_party/nss/ssl/ssl3ext.c
@@ -285,10 +285,6 @@ static const
ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_server_name_xtn, &ssl3_SendServerNameXtn },
{ ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
-#ifdef NSS_ENABLE_ECC
- { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
- { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
-#endif
{ ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
{ ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
@@ -297,7 +293,14 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
{ ssl_signed_certificate_timestamp_xtn,
- &ssl3_ClientSendSignedCertTimestampXtn }
+ &ssl3_ClientSendSignedCertTimestampXtn },
+ /* Some servers are intolerant to the last extension being zero-length. ECC
wtc 2014/04/22 21:50:49 Please replace "Some servers" with the name and ve
davidben 2014/04/28 19:52:26 Done.
+ * extensions are non-empty and not dropped until fallback to SSL3, at which
+ * point all extensions are gone. */
+#ifdef NSS_ENABLE_ECC
+ { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
+ { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
+#endif
/* any extra entries will appear as { 0, NULL } */
};
@@ -2347,9 +2350,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
}
extensionLength = 512 - recordLength;
- /* Extensions take at least four bytes to encode. */
- if (extensionLength < 4) {
- extensionLength = 4;
+ /* Extensions take at least four bytes to encode. Always include at least
+ * one byte of data if including the extension. Some servers are intolerant
+ * to the last extension being empty. */
wtc 2014/04/22 21:50:49 Good catch! I missed this in my workaround for thi
+ if (extensionLength < 4 + 1) {
+ extensionLength = 4 + 1;
}
return extensionLength;
« no previous file with comments | « net/third_party/nss/patches/reorderextensions.patch ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698