net/third_party/nss/ssl/sslnonce.c - Issue 64553002: Certificate Transparency TLS extension patch for NSS

Side by Side Diff: net/third_party/nss/ssl/sslnonce.c

Issue 64553002: Certificate Transparency TLS extension patch for NSS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * This file implements the CLIENT Session ID cache.	2 * This file implements the CLIENT Session ID cache.

3 *	3 *

4 * This Source Code Form is subject to the terms of the Mozilla Public	4 * This Source Code Form is subject to the terms of the Mozilla Public

5 * License, v. 2.0. If a copy of the MPL was not distributed with this	5 * License, v. 2.0. If a copy of the MPL was not distributed with this

6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */	6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

7	7

8 #include "cert.h"	8 #include "cert.h"

9 #include "pk11pub.h"	9 #include "pk11pub.h"

10 #include "secitem.h"	10 #include "secitem.h"

(...skipping 124 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
135 for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {	135 for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {

136 CERT_DestroyCertificate(sid->peerCertChain[i]);	136 CERT_DestroyCertificate(sid->peerCertChain[i]);

137 }	137 }

138 if (sid->peerCertStatus.items) {	138 if (sid->peerCertStatus.items) {

139 SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);	139 SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);

140 }	140 }

141	141

142 if ( sid->localCert ) {	142 if ( sid->localCert ) {

143 CERT_DestroyCertificate(sid->localCert);	143 CERT_DestroyCertificate(sid->localCert);

144 }	144 }

145 if (sid->u.ssl3.sessionTicket.ticket.data) {	145

146 » SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE);	146 if (sid->version >= SSL_LIBRARY_VERSION_3_0) {
	wtc 2013/11/08 19:51:31 We are planning to remove the SSL 2.0 code within We are planning to remove the SSL 2.0 code within twelve months, so I suggest we not add this sid->version check. ekasper 2013/11/18 17:47:18 u is a union and u.ssl3 is only valid for a 3.0 se Show quoted text On 2013/11/08 19:51:31, wtc wrote: > > We are planning to remove the SSL 2.0 code within twelve months, so I suggest we > not add this sid->version check. u is a union and u.ssl3 is only valid for a 3.0 session, so I think we need this check. (In practice this is tail end of the union so should be zeroed for ssl2, but still.) wtc 2013/11/19 23:52:28 I see. This makes sense, thanks. I suggest that w Show quoted text On 2013/11/18 17:47:18, ekasper wrote: > > u is a union and u.ssl3 is only valid for a 3.0 session, so I think we need this > check. (In practice this is tail end of the union so should be zeroed for ssl2, > but still.) I see. This makes sense, thanks. I suggest that we combine this with the if statement on lines 122-125. ekasper 2013/11/20 16:06:27 Done. Show quoted text On 2013/11/19 23:52:28, wtc wrote: > > On 2013/11/18 17:47:18, ekasper wrote: > > > > u is a union and u.ssl3 is only valid for a 3.0 session, so I think we need > this > > check. (In practice this is tail end of the union so should be zeroed for > ssl2, > > but still.) > > I see. This makes sense, thanks. > > I suggest that we combine this with the if statement on lines 122-125. Done.
	147 » if (sid->u.ssl3.sessionTicket.ticket.data) {

	148 » SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE);

	149 » }

	150 » if (sid->u.ssl3.srvName.data) {

	151 » SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);

	152 » }

	153 » if (sid->u.ssl3.signedCertTimestamps.data) {

	154 » SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE);

	155 » }

147 }	156 }

148 if (sid->u.ssl3.srvName.data) {	157

149 » SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);

150 }

151

152 PORT_ZFree(sid, sizeof(sslSessionID));	158 PORT_ZFree(sid, sizeof(sslSessionID));

153 }	159 }

154	160

155 /* BEWARE: This function gets called for both client and server SIDs !!	161 /* BEWARE: This function gets called for both client and server SIDs !!

156 * Decrement reference count, and	162 * Decrement reference count, and

157 * free sid if ref count is zero, and sid is not in the cache.	163 * free sid if ref count is zero, and sid is not in the cache.

158 * Does NOT remove from the cache first.	164 * Does NOT remove from the cache first.

159 * If the sid is still in the cache, it is left there until next time	165 * If the sid is still in the cache, it is left there until next time

160 * the cache list is traversed.	166 * the cache list is traversed.

161 */	167 */

(...skipping 285 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
447 sid->u.ssl3.sessionTicket.ticket.len = 0;	453 sid->u.ssl3.sessionTicket.ticket.len = 0;

448 }	454 }

449 sid->u.ssl3.sessionTicket.received_timestamp =	455 sid->u.ssl3.sessionTicket.received_timestamp =

450 session_ticket->received_timestamp;	456 session_ticket->received_timestamp;

451 sid->u.ssl3.sessionTicket.ticket_lifetime_hint =	457 sid->u.ssl3.sessionTicket.ticket_lifetime_hint =

452 session_ticket->ticket_lifetime_hint;	458 session_ticket->ticket_lifetime_hint;

453	459

454 UNLOCK_CACHE;	460 UNLOCK_CACHE;

455 return SECSuccess;	461 return SECSuccess;

456 }	462 }

OLD	NEW

« net/third_party/nss/ssl/sslimpl.h ('K') | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslsock.c » ('j') | net/third_party/nss/ssl/sslsock.c » ('J')