Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2964)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/patches/dheclientauth.patch

Issue 6528039: Add the NSS patch for SSL client auth with native crypto APIs on Mac... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Remove the question mark line from the patch Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/patches/clientauth.patch ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/patches/dheclientauth.patch
===================================================================
--- net/third_party/nss/patches/dheclientauth.patch (revision 75048)
+++ net/third_party/nss/patches/dheclientauth.patch (working copy)
@@ -1,98 +0,0 @@
-Index: mozilla/security/nss/lib/ssl/ssl3con.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
-retrieving revision 1.142.2.4
-diff -u -p -u -8 -r1.142.2.4 ssl3con.c
---- mozilla/security/nss/lib/ssl/ssl3con.c 1 Sep 2010 19:47:11 -0000 1.142.2.4
-+++ mozilla/security/nss/lib/ssl/ssl3con.c 8 Dec 2010 06:55:49 -0000
-@@ -4832,24 +4832,18 @@ ssl3_SendCertificateVerify(sslSocket *ss
- */
- slot = PK11_GetSlotFromPrivateKey(ss->ssl3.clientPrivateKey);
- sid->u.ssl3.clAuthSeries = PK11_GetSlotSeries(slot);
- sid->u.ssl3.clAuthSlotID = PK11_GetSlotID(slot);
- sid->u.ssl3.clAuthModuleID = PK11_GetModuleID(slot);
- sid->u.ssl3.clAuthValid = PR_TRUE;
- PK11_FreeSlot(slot);
- }
-- /* If we're doing RSA key exchange, we're all done with the private key
-- * here. Diffie-Hellman key exchanges need the client's
-- * private key for the key exchange.
-- */
-- if (ss->ssl3.hs.kea_def->exchKeyType == kt_rsa) {
-- SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-- ss->ssl3.clientPrivateKey = NULL;
-- }
-+ SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-+ ss->ssl3.clientPrivateKey = NULL;
- if (rv != SECSuccess) {
- goto done; /* err code was set by ssl3_SignHashes */
- }
-
- rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, buf.len + 2);
- if (rv != SECSuccess) {
- goto done; /* error code set by AppendHandshake */
- }
-@@ -4894,16 +4888,30 @@ ssl3_HandleServerHello(sslSocket *ss, SS
- goto alert_loser;
- }
- if (ss->ssl3.hs.ws != wait_server_hello) {
- errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO;
- desc = unexpected_message;
- goto alert_loser;
- }
-
-+ /* clean up anything left from previous handshake. */
-+ if (ss->ssl3.clientCertChain != NULL) {
-+ CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
-+ ss->ssl3.clientCertChain = NULL;
-+ }
-+ if (ss->ssl3.clientCertificate != NULL) {
-+ CERT_DestroyCertificate(ss->ssl3.clientCertificate);
-+ ss->ssl3.clientCertificate = NULL;
-+ }
-+ if (ss->ssl3.clientPrivateKey != NULL) {
-+ SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-+ ss->ssl3.clientPrivateKey = NULL;
-+ }
-+
- temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
- if (temp < 0) {
- goto loser; /* alert has been sent */
- }
- version = (SSL3ProtocolVersion)temp;
-
- /* this is appropriate since the negotiation is complete, and we only
- ** know SSL 3.x.
-@@ -5449,29 +5457,19 @@ ssl3_HandleCertificateRequest(sslSocket
-
- if (ss->ssl3.hs.ws != wait_cert_request &&
- ss->ssl3.hs.ws != wait_server_key) {
- desc = unexpected_message;
- errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST;
- goto alert_loser;
- }
-
-- /* clean up anything left from previous handshake. */
-- if (ss->ssl3.clientCertChain != NULL) {
-- CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
-- ss->ssl3.clientCertChain = NULL;
-- }
-- if (ss->ssl3.clientCertificate != NULL) {
-- CERT_DestroyCertificate(ss->ssl3.clientCertificate);
-- ss->ssl3.clientCertificate = NULL;
-- }
-- if (ss->ssl3.clientPrivateKey != NULL) {
-- SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-- ss->ssl3.clientPrivateKey = NULL;
-- }
-+ PORT_Assert(ss->ssl3.clientCertChain == NULL);
-+ PORT_Assert(ss->ssl3.clientCertificate == NULL);
-+ PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
-
- isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
- rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length);
- if (rv != SECSuccess)
- goto loser; /* malformed, alert has been sent */
-
- arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL)
« no previous file with comments | « net/third_party/nss/patches/clientauth.patch ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698