| Index: net/third_party/nss/patches/signedcertificatetimestamps.patch
|
| diff --git a/net/third_party/nss/patches/signedcertificatetimestamps.patch b/net/third_party/nss/patches/signedcertificatetimestamps.patch
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..8ac3079f19f042387a022299bfcb098447db122f
|
| --- /dev/null
|
| +++ b/net/third_party/nss/patches/signedcertificatetimestamps.patch
|
| @@ -0,0 +1,421 @@
|
| +diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
|
| +index 67cc3a7..4cf02aa 100644
|
| +--- a/net/third_party/nss/ssl/ssl.h
|
| ++++ b/net/third_party/nss/ssl/ssl.h
|
| +@@ -161,6 +161,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
|
| + */
|
| + #define SSL_CBC_RANDOM_IV 23
|
| + #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
|
| ++/* Request Signed Certificate Timestamps via TLS extension (client) */
|
| ++#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 25
|
| +
|
| + #ifdef SSL_DEPRECATED_FUNCTION
|
| + /* Old deprecated function names */
|
| +@@ -464,6 +466,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
|
| + */
|
| + SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
|
| +
|
| ++/* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp
|
| ++ * extension data provided by the TLS server. The return value is a pointer
|
| ++ * to an internal SECItem that contains the returned response (as a serialized
|
| ++ * SignedCertificateTimestampList, see RFC 6962). The returned pointer is only
|
| ++ * valid until the callback function that calls SSL_PeerSignedCertTimestamps
|
| ++ * (e.g. the authenticate certificate hook, or the handshake callback) returns.
|
| ++ *
|
| ++ * If no Signed Certificate Timestamps were given by the server then the result
|
| ++ * will be empty. If there was an error, then the result will be NULL.
|
| ++ *
|
| ++ * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to indicate support
|
| ++ * for Signed Certificate Timestamps to a server.
|
| ++ *
|
| ++ * libssl does not do any parsing or validation of the response itself.
|
| ++ */
|
| ++SSL_IMPORT const SECItem * SSL_PeerSignedCertTimestamps(PRFileDesc *fd);
|
| ++
|
| + /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
|
| + * in the fd's data, which may be sent as part of a server side cert_status
|
| + * handshake message. Parameter |responses| is for the server certificate of
|
| +diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
|
| +index 0f1eea4..c2d9eeb 100644
|
| +--- a/net/third_party/nss/ssl/ssl3con.c
|
| ++++ b/net/third_party/nss/ssl/ssl3con.c
|
| +@@ -6639,10 +6639,22 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
| + sid->u.ssl3.sessionIDLength = sidBytes.len;
|
| + PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
|
| +
|
| ++ /* Copy Signed Certificate Timestamps, if any. */
|
| ++ if (ss->xtnData.signedCertTimestamps.data) {
|
| ++ rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,
|
| ++ &ss->xtnData.signedCertTimestamps);
|
| ++ if (rv != SECSuccess)
|
| ++ goto loser;
|
| ++ }
|
| ++
|
| + ss->ssl3.hs.isResuming = PR_FALSE;
|
| + ss->ssl3.hs.ws = wait_server_cert;
|
| +
|
| + winner:
|
| ++ /* Clean up the temporary pointer to the handshake buffer. */
|
| ++ ss->xtnData.signedCertTimestamps.data = NULL;
|
| ++ ss->xtnData.signedCertTimestamps.len = 0;
|
| ++
|
| + /* If we will need a ChannelID key then we make the callback now. This
|
| + * allows the handshake to be restarted cleanly if the callback returns
|
| + * SECWouldBlock. */
|
| +@@ -6668,6 +6680,9 @@ alert_loser:
|
| + (void)SSL3_SendAlert(ss, alert_fatal, desc);
|
| +
|
| + loser:
|
| ++ /* Clean up the temporary pointer to the handshake buffer. */
|
| ++ ss->xtnData.signedCertTimestamps.data = NULL;
|
| ++ ss->xtnData.signedCertTimestamps.len = 0;
|
| + errCode = ssl_MapLowLevelError(errCode);
|
| + return SECFailure;
|
| + }
|
| +diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
|
| +index adb81ed..02e104d 100644
|
| +--- a/net/third_party/nss/ssl/ssl3ext.c
|
| ++++ b/net/third_party/nss/ssl/ssl3ext.c
|
| +@@ -81,6 +81,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
|
| + PRUint32 maxBytes);
|
| + static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
|
| + SECItem *data);
|
| ++static PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
|
| ++ PRBool append,
|
| ++ PRUint32 maxBytes);
|
| ++static SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
|
| ++ PRUint16 ex_type,
|
| ++ SECItem *data);
|
| +
|
| + /*
|
| + * Write bytes. Using this function means the SECItem structure
|
| +@@ -259,6 +265,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
|
| + { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
|
| + { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
|
| + { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
|
| ++ { ssl_signed_certificate_timestamp_xtn,
|
| ++ &ssl3_ClientHandleSignedCertTimestampXtn },
|
| + { -1, NULL }
|
| + };
|
| +
|
| +@@ -287,7 +295,9 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
| + { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
|
| + { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
|
| + { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
|
| +- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
|
| ++ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
|
| ++ { ssl_signed_certificate_timestamp_xtn,
|
| ++ &ssl3_ClientSendSignedCertTimestampXtn }
|
| + /* any extra entries will appear as { 0, NULL } */
|
| + };
|
| +
|
| +@@ -2364,3 +2374,65 @@ ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
|
| +
|
| + return extensionLen;
|
| + }
|
| ++
|
| ++/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
|
| ++ * extension for TLS ClientHellos. */
|
| ++static PRInt32
|
| ++ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
|
| ++ PRUint32 maxBytes)
|
| ++{
|
| ++ PRInt32 extension_length = 2 /* extension_type */ +
|
| ++ 2 /* length(extension_data) */;
|
| ++
|
| ++ /* Only send the extension if processing is enabled. */
|
| ++ if (!ss->opt.enableSignedCertTimestamps)
|
| ++ return 0;
|
| ++
|
| ++ if (append && maxBytes >= extension_length) {
|
| ++ SECStatus rv;
|
| ++ /* extension_type */
|
| ++ rv = ssl3_AppendHandshakeNumber(ss,
|
| ++ ssl_signed_certificate_timestamp_xtn,
|
| ++ 2);
|
| ++ if (rv != SECSuccess)
|
| ++ goto loser;
|
| ++ /* zero length */
|
| ++ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
|
| ++ if (rv != SECSuccess)
|
| ++ goto loser;
|
| ++ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
| ++ ssl_signed_certificate_timestamp_xtn;
|
| ++ } else if (maxBytes < extension_length) {
|
| ++ PORT_Assert(0);
|
| ++ return 0;
|
| ++ }
|
| ++
|
| ++ return extension_length;
|
| ++loser:
|
| ++ return -1;
|
| ++}
|
| ++
|
| ++static SECStatus
|
| ++ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
|
| ++ SECItem *data)
|
| ++{
|
| ++ /* We do not yet know whether we'll be resuming a session or creating
|
| ++ * a new one, so we keep a pointer to the data in the TLSExtensionData
|
| ++ * structure. This pointer is only valid in the scope of
|
| ++ * ssl3_HandleServerHello, and, if not resuming a session, the data is
|
| ++ * copied once a new session structure has been set up.
|
| ++ * All parsing is currently left to the application and we accept
|
| ++ * everything, including empty data.
|
| ++ */
|
| ++ SECItem *scts = &ss->xtnData.signedCertTimestamps;
|
| ++ PORT_Assert(!scts->data && !scts->len);
|
| ++
|
| ++ if (!data->len) {
|
| ++ /* Empty extension data: RFC 6962 mandates non-empty contents. */
|
| ++ return SECFailure;
|
| ++ }
|
| ++ *scts = *data;
|
| ++ /* Keep track of negotiated extensions. */
|
| ++ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
|
| ++ return SECSuccess;
|
| ++}
|
| +diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
|
| +index 79aca60..1e4655f 100644
|
| +--- a/net/third_party/nss/ssl/sslimpl.h
|
| ++++ b/net/third_party/nss/ssl/sslimpl.h
|
| +@@ -312,29 +312,30 @@ typedef struct sslOptionsStr {
|
| + * list of supported protocols. */
|
| + SECItem nextProtoNego;
|
| +
|
| +- unsigned int useSecurity : 1; /* 1 */
|
| +- unsigned int useSocks : 1; /* 2 */
|
| +- unsigned int requestCertificate : 1; /* 3 */
|
| +- unsigned int requireCertificate : 2; /* 4-5 */
|
| +- unsigned int handshakeAsClient : 1; /* 6 */
|
| +- unsigned int handshakeAsServer : 1; /* 7 */
|
| +- unsigned int enableSSL2 : 1; /* 8 */
|
| +- unsigned int unusedBit9 : 1; /* 9 */
|
| +- unsigned int unusedBit10 : 1; /* 10 */
|
| +- unsigned int noCache : 1; /* 11 */
|
| +- unsigned int fdx : 1; /* 12 */
|
| +- unsigned int v2CompatibleHello : 1; /* 13 */
|
| +- unsigned int detectRollBack : 1; /* 14 */
|
| +- unsigned int noStepDown : 1; /* 15 */
|
| +- unsigned int bypassPKCS11 : 1; /* 16 */
|
| +- unsigned int noLocks : 1; /* 17 */
|
| +- unsigned int enableSessionTickets : 1; /* 18 */
|
| +- unsigned int enableDeflate : 1; /* 19 */
|
| +- unsigned int enableRenegotiation : 2; /* 20-21 */
|
| +- unsigned int requireSafeNegotiation : 1; /* 22 */
|
| +- unsigned int enableFalseStart : 1; /* 23 */
|
| +- unsigned int cbcRandomIV : 1; /* 24 */
|
| +- unsigned int enableOCSPStapling : 1; /* 25 */
|
| ++ unsigned int useSecurity : 1; /* 1 */
|
| ++ unsigned int useSocks : 1; /* 2 */
|
| ++ unsigned int requestCertificate : 1; /* 3 */
|
| ++ unsigned int requireCertificate : 2; /* 4-5 */
|
| ++ unsigned int handshakeAsClient : 1; /* 6 */
|
| ++ unsigned int handshakeAsServer : 1; /* 7 */
|
| ++ unsigned int enableSSL2 : 1; /* 8 */
|
| ++ unsigned int unusedBit9 : 1; /* 9 */
|
| ++ unsigned int unusedBit10 : 1; /* 10 */
|
| ++ unsigned int noCache : 1; /* 11 */
|
| ++ unsigned int fdx : 1; /* 12 */
|
| ++ unsigned int v2CompatibleHello : 1; /* 13 */
|
| ++ unsigned int detectRollBack : 1; /* 14 */
|
| ++ unsigned int noStepDown : 1; /* 15 */
|
| ++ unsigned int bypassPKCS11 : 1; /* 16 */
|
| ++ unsigned int noLocks : 1; /* 17 */
|
| ++ unsigned int enableSessionTickets : 1; /* 18 */
|
| ++ unsigned int enableDeflate : 1; /* 19 */
|
| ++ unsigned int enableRenegotiation : 2; /* 20-21 */
|
| ++ unsigned int requireSafeNegotiation : 1; /* 22 */
|
| ++ unsigned int enableFalseStart : 1; /* 23 */
|
| ++ unsigned int cbcRandomIV : 1; /* 24 */
|
| ++ unsigned int enableOCSPStapling : 1; /* 25 */
|
| ++ unsigned int enableSignedCertTimestamps : 1; /* 26 */
|
| + } sslOptions;
|
| +
|
| + typedef enum { sslHandshakingUndetermined = 0,
|
| +@@ -713,6 +714,11 @@ struct sslSessionIDStr {
|
| + * negotiated as it's used to bind the ChannelID signature on the
|
| + * resumption handshake to the original handshake. */
|
| + SECItem originalHandshakeHash;
|
| ++
|
| ++ /* Signed certificate timestamps received in a TLS extension.
|
| ++ ** (used only in client).
|
| ++ */
|
| ++ SECItem signedCertTimestamps;
|
| + } ssl3;
|
| + } u;
|
| + };
|
| +@@ -804,6 +810,18 @@ struct TLSExtensionDataStr {
|
| + * is beyond ssl3_HandleClientHello function. */
|
| + SECItem *sniNameArr;
|
| + PRUint32 sniNameArrSize;
|
| ++
|
| ++ /* Signed Certificate Timestamps extracted from the TLS extension.
|
| ++ * (client only).
|
| ++ * This container holds a temporary pointer to the extension data,
|
| ++ * until a session structure (the sec.ci.sid of an sslSocket) is setup
|
| ++ * that can hold a permanent copy of the data
|
| ++ * (in sec.ci.sid.u.ssl3.signedCertTimestamps).
|
| ++ * The data pointed to by this structure is neither explicitly allocated
|
| ++ * nor copied: the pointer points to the handshake message buffer and is
|
| ++ * only valid in the scope of ssl3_HandleServerHello.
|
| ++ */
|
| ++ SECItem signedCertTimestamps;
|
| + };
|
| +
|
| + typedef SECStatus (*sslRestartTarget)(sslSocket *);
|
| +diff --git a/net/third_party/nss/ssl/sslnonce.c b/net/third_party/nss/ssl/sslnonce.c
|
| +index eb5004c..1ca19ca 100644
|
| +--- a/net/third_party/nss/ssl/sslnonce.c
|
| ++++ b/net/third_party/nss/ssl/sslnonce.c
|
| +@@ -122,7 +122,21 @@ ssl_DestroySID(sslSessionID *sid)
|
| + if (sid->version < SSL_LIBRARY_VERSION_3_0) {
|
| + SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
|
| + SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
|
| ++ } else {
|
| ++ if (sid->u.ssl3.sessionTicket.ticket.data) {
|
| ++ SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE);
|
| ++ }
|
| ++ if (sid->u.ssl3.srvName.data) {
|
| ++ SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
|
| ++ }
|
| ++ if (sid->u.ssl3.signedCertTimestamps.data) {
|
| ++ SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE);
|
| ++ }
|
| ++ if (sid->u.ssl3.originalHandshakeHash.data) {
|
| ++ SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
|
| ++ }
|
| + }
|
| ++
|
| + if (sid->peerID != NULL)
|
| + PORT_Free((void *)sid->peerID); /* CONST */
|
| +
|
| +@@ -142,16 +156,7 @@ ssl_DestroySID(sslSessionID *sid)
|
| + if ( sid->localCert ) {
|
| + CERT_DestroyCertificate(sid->localCert);
|
| + }
|
| +- if (sid->u.ssl3.sessionTicket.ticket.data) {
|
| +- SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE);
|
| +- }
|
| +- if (sid->u.ssl3.srvName.data) {
|
| +- SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
|
| +- }
|
| +- if (sid->u.ssl3.originalHandshakeHash.data) {
|
| +- SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
|
| +- }
|
| +-
|
| ++
|
| + PORT_ZFree(sid, sizeof(sslSessionID));
|
| + }
|
| +
|
| +diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
|
| +index b5c17f0..965215d 100644
|
| +--- a/net/third_party/nss/ssl/sslsock.c
|
| ++++ b/net/third_party/nss/ssl/sslsock.c
|
| +@@ -173,7 +173,8 @@ static sslOptions ssl_defaults = {
|
| + PR_FALSE, /* requireSafeNegotiation */
|
| + PR_FALSE, /* enableFalseStart */
|
| + PR_TRUE, /* cbcRandomIV */
|
| +- PR_FALSE /* enableOCSPStapling */
|
| ++ PR_FALSE, /* enableOCSPStapling */
|
| ++ PR_FALSE /* enableSignedCertTimestamps */
|
| + };
|
| +
|
| + /*
|
| +@@ -865,6 +866,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
|
| + ss->opt.enableOCSPStapling = on;
|
| + break;
|
| +
|
| ++ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| ++ ss->opt.enableSignedCertTimestamps = on;
|
| ++ break;
|
| ++
|
| + default:
|
| + PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| + rv = SECFailure;
|
| +@@ -935,6 +940,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
|
| + case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
|
| + case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
|
| + case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
|
| ++ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| ++ on = ss->opt.enableSignedCertTimestamps;
|
| ++ break;
|
| +
|
| + default:
|
| + PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| +@@ -996,6 +1004,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
|
| + case SSL_ENABLE_OCSP_STAPLING:
|
| + on = ssl_defaults.enableOCSPStapling;
|
| + break;
|
| ++ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| ++ on = ssl_defaults.enableSignedCertTimestamps;
|
| ++ break;
|
| +
|
| + default:
|
| + PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| +@@ -1163,6 +1174,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
|
| + ssl_defaults.enableOCSPStapling = on;
|
| + break;
|
| +
|
| ++ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
| ++ ssl_defaults.enableSignedCertTimestamps = on;
|
| ++ break;
|
| ++
|
| + default:
|
| + PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| + return SECFailure;
|
| +@@ -1993,6 +2008,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
|
| + return &ss->sec.ci.sid->peerCertStatus;
|
| + }
|
| +
|
| ++const SECItem *
|
| ++SSL_PeerSignedCertTimestamps(PRFileDesc *fd)
|
| ++{
|
| ++ sslSocket *ss = ssl_FindSocket(fd);
|
| ++
|
| ++ if (!ss) {
|
| ++ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps",
|
| ++ SSL_GETPID(), fd));
|
| ++ return NULL;
|
| ++ }
|
| ++
|
| ++ if (!ss->sec.ci.sid) {
|
| ++ PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
|
| ++ return NULL;
|
| ++ }
|
| ++
|
| ++ if (ss->sec.ci.sid->version < SSL_LIBRARY_VERSION_3_0) {
|
| ++ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
|
| ++ return NULL;
|
| ++ }
|
| ++ return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps;
|
| ++}
|
| ++
|
| + SECStatus
|
| + SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
|
| + sslSocket *ss = ssl_FindSocket(fd);
|
| +@@ -3133,4 +3171,3 @@ loser:
|
| + }
|
| + return ss;
|
| + }
|
| +-
|
| +diff --git a/net/third_party/nss/ssl/sslt.h b/net/third_party/nss/ssl/sslt.h
|
| +index b813c04..1f5e2c6 100644
|
| +--- a/net/third_party/nss/ssl/sslt.h
|
| ++++ b/net/third_party/nss/ssl/sslt.h
|
| +@@ -202,6 +202,7 @@ typedef enum {
|
| + ssl_signature_algorithms_xtn = 13,
|
| + ssl_use_srtp_xtn = 14,
|
| + ssl_app_layer_protocol_xtn = 16,
|
| ++ ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */
|
| + ssl_session_ticket_xtn = 35,
|
| + ssl_next_proto_nego_xtn = 13172,
|
| + ssl_channel_id_xtn = 30032,
|
| +@@ -209,6 +210,6 @@ typedef enum {
|
| + ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
|
| + } SSLExtensionType;
|
| +
|
| +-#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
|
| ++#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
|
| +
|
| + #endif /* __sslt_h_ */
|
|
|
Chromium Code Reviews
Issue 64553002:
Certificate Transparency TLS extension patch for NSS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master