Index: net/third_party/nss/patches/paddingextension.patch |
diff --git a/net/third_party/nss/patches/paddingextension.patch b/net/third_party/nss/patches/paddingextension.patch |
index 8ea388cfc5ce365114e1ea3dcf5fe841c085bba3..9f225a5095103cca06a4c39a1e3a1a964ab2e4fd 100644 |
--- a/net/third_party/nss/patches/paddingextension.patch |
+++ b/net/third_party/nss/patches/paddingextension.patch |
@@ -1,5 +1,5 @@ |
diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c |
-index 8b8b758..567d481 100644 |
+index 8b8b758..25709b2 100644 |
--- a/nss/lib/ssl/ssl3con.c |
+++ b/nss/lib/ssl/ssl3con.c |
@@ -4975,6 +4975,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
@@ -10,7 +10,7 @@ index 8b8b758..567d481 100644 |
unsigned numCompressionMethods; |
PRInt32 flags; |
-@@ -5241,6 +5242,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
+@@ -5241,6 +5242,22 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
length += 1 + ss->ssl3.hs.cookieLen; |
} |
@@ -20,7 +20,9 @@ index 8b8b758..567d481 100644 |
+ * in F5 devices. |
+ * |
+ * This is not done for DTLS nor for renegotiation. */ |
-+ if (!IS_DTLS(ss) && !ss->firstHsDone) { |
++ if (!IS_DTLS(ss) && |
++ ss->version > SSL_LIBRARY_VERSION_3_0 && |
++ !ss->firstHsDone) { |
+ paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length); |
+ total_exten_len += paddingExtensionLen; |
+ length += paddingExtensionLen; |
@@ -31,7 +33,7 @@ index 8b8b758..567d481 100644 |
rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); |
if (rv != SECSuccess) { |
return rv; /* err set by ssl3_AppendHandshake* */ |
-@@ -5360,6 +5375,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
+@@ -5360,6 +5377,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
return SECFailure; |
} |
maxBytes -= extLen; |