Index: net/third_party/nss/patches/dheclientauth.patch |
=================================================================== |
--- net/third_party/nss/patches/dheclientauth.patch (revision 75048) |
+++ net/third_party/nss/patches/dheclientauth.patch (working copy) |
@@ -1,98 +0,0 @@ |
-Index: mozilla/security/nss/lib/ssl/ssl3con.c |
-=================================================================== |
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v |
-retrieving revision 1.142.2.4 |
-diff -u -p -u -8 -r1.142.2.4 ssl3con.c |
---- mozilla/security/nss/lib/ssl/ssl3con.c 1 Sep 2010 19:47:11 -0000 1.142.2.4 |
-+++ mozilla/security/nss/lib/ssl/ssl3con.c 8 Dec 2010 06:55:49 -0000 |
-@@ -4832,24 +4832,18 @@ ssl3_SendCertificateVerify(sslSocket *ss |
- */ |
- slot = PK11_GetSlotFromPrivateKey(ss->ssl3.clientPrivateKey); |
- sid->u.ssl3.clAuthSeries = PK11_GetSlotSeries(slot); |
- sid->u.ssl3.clAuthSlotID = PK11_GetSlotID(slot); |
- sid->u.ssl3.clAuthModuleID = PK11_GetModuleID(slot); |
- sid->u.ssl3.clAuthValid = PR_TRUE; |
- PK11_FreeSlot(slot); |
- } |
-- /* If we're doing RSA key exchange, we're all done with the private key |
-- * here. Diffie-Hellman key exchanges need the client's |
-- * private key for the key exchange. |
-- */ |
-- if (ss->ssl3.hs.kea_def->exchKeyType == kt_rsa) { |
-- SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); |
-- ss->ssl3.clientPrivateKey = NULL; |
-- } |
-+ SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); |
-+ ss->ssl3.clientPrivateKey = NULL; |
- if (rv != SECSuccess) { |
- goto done; /* err code was set by ssl3_SignHashes */ |
- } |
- |
- rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, buf.len + 2); |
- if (rv != SECSuccess) { |
- goto done; /* error code set by AppendHandshake */ |
- } |
-@@ -4894,16 +4888,30 @@ ssl3_HandleServerHello(sslSocket *ss, SS |
- goto alert_loser; |
- } |
- if (ss->ssl3.hs.ws != wait_server_hello) { |
- errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; |
- desc = unexpected_message; |
- goto alert_loser; |
- } |
- |
-+ /* clean up anything left from previous handshake. */ |
-+ if (ss->ssl3.clientCertChain != NULL) { |
-+ CERT_DestroyCertificateList(ss->ssl3.clientCertChain); |
-+ ss->ssl3.clientCertChain = NULL; |
-+ } |
-+ if (ss->ssl3.clientCertificate != NULL) { |
-+ CERT_DestroyCertificate(ss->ssl3.clientCertificate); |
-+ ss->ssl3.clientCertificate = NULL; |
-+ } |
-+ if (ss->ssl3.clientPrivateKey != NULL) { |
-+ SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); |
-+ ss->ssl3.clientPrivateKey = NULL; |
-+ } |
-+ |
- temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
- if (temp < 0) { |
- goto loser; /* alert has been sent */ |
- } |
- version = (SSL3ProtocolVersion)temp; |
- |
- /* this is appropriate since the negotiation is complete, and we only |
- ** know SSL 3.x. |
-@@ -5449,29 +5457,19 @@ ssl3_HandleCertificateRequest(sslSocket |
- |
- if (ss->ssl3.hs.ws != wait_cert_request && |
- ss->ssl3.hs.ws != wait_server_key) { |
- desc = unexpected_message; |
- errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; |
- goto alert_loser; |
- } |
- |
-- /* clean up anything left from previous handshake. */ |
-- if (ss->ssl3.clientCertChain != NULL) { |
-- CERT_DestroyCertificateList(ss->ssl3.clientCertChain); |
-- ss->ssl3.clientCertChain = NULL; |
-- } |
-- if (ss->ssl3.clientCertificate != NULL) { |
-- CERT_DestroyCertificate(ss->ssl3.clientCertificate); |
-- ss->ssl3.clientCertificate = NULL; |
-- } |
-- if (ss->ssl3.clientPrivateKey != NULL) { |
-- SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); |
-- ss->ssl3.clientPrivateKey = NULL; |
-- } |
-+ PORT_Assert(ss->ssl3.clientCertChain == NULL); |
-+ PORT_Assert(ss->ssl3.clientCertificate == NULL); |
-+ PORT_Assert(ss->ssl3.clientPrivateKey == NULL); |
- |
- isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); |
- rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length); |
- if (rv != SECSuccess) |
- goto loser; /* malformed, alert has been sent */ |
- |
- arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
- if (arena == NULL) |