| Index: net/third_party/nss/ssl/sslsock.c
|
| diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
|
| index 072fad5ba0b3fdcab9368d8326dda4f1eb332232..70f072b0d8f2c853efd62d81a0796c0c9fc7ddd7 100644
|
| --- a/net/third_party/nss/ssl/sslsock.c
|
| +++ b/net/third_party/nss/ssl/sslsock.c
|
| @@ -173,7 +173,8 @@ static sslOptions ssl_defaults = {
|
| PR_FALSE, /* requireSafeNegotiation */
|
| PR_FALSE, /* enableFalseStart */
|
| PR_TRUE, /* cbcRandomIV */
|
| - PR_FALSE /* enableOCSPStapling */
|
| + PR_FALSE, /* enableOCSPStapling */
|
| + PR_FALSE /* enableSignedCertTimestamps */
|
| };
|
|
|
| /*
|
| @@ -863,6 +864,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
|
| ss->opt.enableOCSPStapling = on;
|
| break;
|
|
|
| + case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| + ss->opt.enableSignedCertTimestamps = on;
|
| + break;
|
| +
|
| default:
|
| PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| rv = SECFailure;
|
| @@ -933,6 +938,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
|
| case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
|
| case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
|
| case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
|
| + case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| + on = ss->opt.enableSignedCertTimestamps;
|
| + break;
|
|
|
| default:
|
| PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| @@ -994,6 +1002,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
|
| case SSL_ENABLE_OCSP_STAPLING:
|
| on = ssl_defaults.enableOCSPStapling;
|
| break;
|
| + case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| + on = ssl_defaults.enableSignedCertTimestamps;
|
| + break;
|
|
|
| default:
|
| PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| @@ -1161,6 +1172,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
|
| ssl_defaults.enableOCSPStapling = on;
|
| break;
|
|
|
| + case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| + ssl_defaults.enableSignedCertTimestamps = on;
|
| + break;
|
| +
|
| default:
|
| PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| return SECFailure;
|
| @@ -1991,6 +2006,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
|
| return &ss->sec.ci.sid->peerCertStatus;
|
| }
|
|
|
| +const SECItem *
|
| +SSL_PeerSignedCertTimestamps(PRFileDesc *fd)
|
| +{
|
| + sslSocket *ss = ssl_FindSocket(fd);
|
| +
|
| + if (!ss) {
|
| + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps",
|
| + SSL_GETPID(), fd));
|
| + return NULL;
|
| + }
|
| +
|
| + if (!ss->sec.ci.sid) {
|
| + PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
|
| + return NULL;
|
| + }
|
| +
|
| + if (ss->version < SSL_LIBRARY_VERSION_3_0) {
|
| + PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
|
| + return NULL;
|
| + }
|
| + return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps;
|
| +}
|
| +
|
| SECStatus
|
| SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
|
| sslSocket *ss = ssl_FindSocket(fd);
|
| @@ -3131,4 +3169,3 @@ loser:
|
| }
|
| return ss;
|
| }
|
| -
|
|
|
Chromium Code Reviews
Issue 64553002:
Certificate Transparency TLS extension patch for NSS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master