net/third_party/nss/ssl/ssl3con.c - Issue 64553002: Certificate Transparency TLS extension patch for NSS

Unified Diff: net/third_party/nss/ssl/ssl3con.c

Issue 64553002: Certificate Transparency TLS extension patch for NSS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: net/third_party/nss/ssl/ssl3con.c

diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c

index 7b93a63c5ebf3e692dd2fe70a6b841b525da49c1..ceb31bc101420af931b86a216a9ab5525e8a7257 100644

--- a/net/third_party/nss/ssl/ssl3con.c

+++ b/net/third_party/nss/ssl/ssl3con.c

@@ -6612,6 +6612,18 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)

sid->u.ssl3.sessionIDLength = sidBytes.len;

PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);

+ /* Copy Signed Certificate Timestamps, if any. */

wtc 2013/11/08 19:51:31 So if session resumption succeeds, we ignore any S

ekasper 2013/11/18 17:47:18 Correct.

+ if (ss->xtnData.signedCertTimestamps.data) {

+ rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,

+ &ss->xtnData.signedCertTimestamps);

+ if (rv != SECSuccess)

+ goto loser;

+ }

+ /* Clean up the temporary pointer to the handshake buffer. */

+ ss->xtnData.signedCertTimestamps.data = NULL;

+ ss->xtnData.signedCertTimestamps.len = 0;

wtc 2013/11/08 19:51:31 Nit: these three lines can be moved into the prece

ekasper 2013/11/18 17:47:18 Actually, uh, they belong to the winner: block bel

ss->ssl3.hs.isResuming = PR_FALSE;

ss->ssl3.hs.ws = wait_server_cert;

@@ -6641,6 +6653,9 @@ alert_loser:

(void)SSL3_SendAlert(ss, alert_fatal, desc);

loser:

+ /* Clean up the temporary pointer to the handshake buffer. */

+ ss->xtnData.signedCertTimestamps.data = NULL;

+ ss->xtnData.signedCertTimestamps.len = 0;

errCode = ssl_MapLowLevelError(errCode);

return SECFailure;

}