Index: net/third_party/nss/ssl/ssl3con.c |
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c |
index 7b93a63c5ebf3e692dd2fe70a6b841b525da49c1..ceb31bc101420af931b86a216a9ab5525e8a7257 100644 |
--- a/net/third_party/nss/ssl/ssl3con.c |
+++ b/net/third_party/nss/ssl/ssl3con.c |
@@ -6612,6 +6612,18 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
sid->u.ssl3.sessionIDLength = sidBytes.len; |
PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); |
+ /* Copy Signed Certificate Timestamps, if any. */ |
wtc
2013/11/08 19:51:31
So if session resumption succeeds, we ignore any S
ekasper
2013/11/18 17:47:18
Correct.
|
+ if (ss->xtnData.signedCertTimestamps.data) { |
+ rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps, |
+ &ss->xtnData.signedCertTimestamps); |
+ if (rv != SECSuccess) |
+ goto loser; |
+ } |
+ |
+ /* Clean up the temporary pointer to the handshake buffer. */ |
+ ss->xtnData.signedCertTimestamps.data = NULL; |
+ ss->xtnData.signedCertTimestamps.len = 0; |
wtc
2013/11/08 19:51:31
Nit: these three lines can be moved into the prece
ekasper
2013/11/18 17:47:18
Actually, uh, they belong to the winner: block bel
|
+ |
ss->ssl3.hs.isResuming = PR_FALSE; |
ss->ssl3.hs.ws = wait_server_cert; |
@@ -6641,6 +6653,9 @@ alert_loser: |
(void)SSL3_SendAlert(ss, alert_fatal, desc); |
loser: |
+ /* Clean up the temporary pointer to the handshake buffer. */ |
+ ss->xtnData.signedCertTimestamps.data = NULL; |
+ ss->xtnData.signedCertTimestamps.len = 0; |
errCode = ssl_MapLowLevelError(errCode); |
return SECFailure; |
} |