Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(109)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/ssl/sslsock.c

Issue 64553002: Certificate Transparency TLS extension patch for NSS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/third_party/nss/ssl/sslnonce.c ('K') | « net/third_party/nss/ssl/sslnonce.c ('k') | net/third_party/nss/ssl/sslt.h » ('j') | net/third_party/nss/ssl/sslt.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/sslsock.c
diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
index 072fad5ba0b3fdcab9368d8326dda4f1eb332232..8072f2334cfbf66d23ee95a30b181d030357b84e 100644
--- a/net/third_party/nss/ssl/sslsock.c
+++ b/net/third_party/nss/ssl/sslsock.c
@@ -173,7 +173,8 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
PR_TRUE, /* cbcRandomIV */
- PR_FALSE /* enableOCSPStapling */
+ PR_FALSE, /* enableOCSPStapling */
+ PR_FALSE /* enableSignedCertTimestamps */
};
/*
@@ -863,6 +864,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
ss->opt.enableOCSPStapling = on;
break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+ ss->opt.enableSignedCertTimestamps = on;
+ break;
+
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
@@ -933,6 +938,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+ on = ss->opt.enableSignedCertTimestamps;
+ break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -994,6 +1002,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
case SSL_ENABLE_OCSP_STAPLING:
on = ssl_defaults.enableOCSPStapling;
break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+ ssl_defaults.enableSignedCertTimestamps = on;
wtc 2013/11/08 19:51:31 BUG: this should be on = ssl_defaults.enableSi
ekasper 2013/11/18 17:47:18 Yikes, I appear to have completely botched this fi
+ break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -1991,6 +2002,28 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
return &ss->sec.ci.sid->peerCertStatus;
}
+const SECItem *
+SSL_PeerSignedCertTimestamps(PRFileDesc *fd)
+{
+ sslSocket *ss = ssl_FindSocket(fd);
+
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps",
+ SSL_GETPID(), fd));
+ return NULL;
+ }
+
+ if (!ss->sec.ci.sid) {
+ PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+ return NULL;
+ }
+
+ if (ss->version < SSL_LIBRARY_VERSION_3_0) {
+ return NULL;
wtc 2013/11/08 19:51:31 Please add: PORT_SetError(SSL_ERROR_FEATURE_NO
ekasper 2013/11/18 17:47:18 Strictly speaking yes, but I think it's nicer to a
wtc 2013/11/19 23:52:28 Yes, it does. Thanks. To make it clear it's the u
ekasper 2013/11/20 16:06:27 Done.
+ }
+ return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps;
+}
+
SECStatus
SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
sslSocket *ss = ssl_FindSocket(fd);
@@ -3131,4 +3164,3 @@ loser:
}
return ss;
}
-
« net/third_party/nss/ssl/sslnonce.c ('K') | « net/third_party/nss/ssl/sslnonce.c ('k') | net/third_party/nss/ssl/sslt.h » ('j') | net/third_party/nss/ssl/sslt.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698