Index: net/third_party/nss/ssl/sslsock.c |
diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c |
index b5c17f070308986d2a2a0bf4f4d6ed1714846f66..965215d4b46d62dbc90de9653b12e5e997a21626 100644 |
--- a/net/third_party/nss/ssl/sslsock.c |
+++ b/net/third_party/nss/ssl/sslsock.c |
@@ -173,7 +173,8 @@ static sslOptions ssl_defaults = { |
PR_FALSE, /* requireSafeNegotiation */ |
PR_FALSE, /* enableFalseStart */ |
PR_TRUE, /* cbcRandomIV */ |
- PR_FALSE /* enableOCSPStapling */ |
+ PR_FALSE, /* enableOCSPStapling */ |
+ PR_FALSE /* enableSignedCertTimestamps */ |
}; |
/* |
@@ -865,6 +866,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) |
ss->opt.enableOCSPStapling = on; |
break; |
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
+ ss->opt.enableSignedCertTimestamps = on; |
+ break; |
+ |
default: |
PORT_SetError(SEC_ERROR_INVALID_ARGS); |
rv = SECFailure; |
@@ -935,6 +940,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) |
case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; |
case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; |
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; |
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
+ on = ss->opt.enableSignedCertTimestamps; |
+ break; |
default: |
PORT_SetError(SEC_ERROR_INVALID_ARGS); |
@@ -996,6 +1004,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) |
case SSL_ENABLE_OCSP_STAPLING: |
on = ssl_defaults.enableOCSPStapling; |
break; |
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
+ on = ssl_defaults.enableSignedCertTimestamps; |
+ break; |
default: |
PORT_SetError(SEC_ERROR_INVALID_ARGS); |
@@ -1163,6 +1174,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) |
ssl_defaults.enableOCSPStapling = on; |
break; |
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
+ ssl_defaults.enableSignedCertTimestamps = on; |
+ break; |
+ |
default: |
PORT_SetError(SEC_ERROR_INVALID_ARGS); |
return SECFailure; |
@@ -1993,6 +2008,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd) |
return &ss->sec.ci.sid->peerCertStatus; |
} |
+const SECItem * |
+SSL_PeerSignedCertTimestamps(PRFileDesc *fd) |
+{ |
+ sslSocket *ss = ssl_FindSocket(fd); |
+ |
+ if (!ss) { |
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps", |
+ SSL_GETPID(), fd)); |
+ return NULL; |
+ } |
+ |
+ if (!ss->sec.ci.sid) { |
+ PORT_SetError(SEC_ERROR_NOT_INITIALIZED); |
+ return NULL; |
+ } |
+ |
+ if (ss->sec.ci.sid->version < SSL_LIBRARY_VERSION_3_0) { |
+ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); |
+ return NULL; |
+ } |
+ return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps; |
+} |
+ |
SECStatus |
SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) { |
sslSocket *ss = ssl_FindSocket(fd); |
@@ -3133,4 +3171,3 @@ loser: |
} |
return ss; |
} |
- |