| Index: net/third_party/nss/ssl/ssl3ext.c
|
| diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
|
| index 6d5866bd95c8d6fd9042f8c003008170722d3071..b9fd6e7f7ef1e439349f36d4a0f02e309dd3680a 100644
|
| --- a/net/third_party/nss/ssl/ssl3ext.c
|
| +++ b/net/third_party/nss/ssl/ssl3ext.c
|
| @@ -84,12 +84,6 @@ static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
|
| PRUint16 ex_type, SECItem *data);
|
| static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
|
| PRUint32 maxBytes);
|
| -static SECStatus ssl3_ServerHandleEncryptedClientCertsXtn(sslSocket *ss,
|
| - PRUint16 ex_type, SECItem *data);
|
| -static SECStatus ssl3_ClientHandleEncryptedClientCertsXtn(sslSocket *ss,
|
| - PRUint16 ex_type, SECItem *data);
|
| -static PRInt32 ssl3_SendEncryptedClientCertsXtn(sslSocket *ss,
|
| - PRBool append, PRUint32 maxBytes);
|
|
|
| /*
|
| * Write bytes. Using this function means the SECItem structure
|
| @@ -246,10 +240,8 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
|
| { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn },
|
| #endif
|
| { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
|
| - { ssl_encrypted_client_certs, &ssl3_ServerHandleEncryptedClientCertsXtn },
|
| { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
|
| { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
|
| - { ssl_ob_cert_xtn, &ssl3_ServerHandleOBCertXtn },
|
| { -1, NULL }
|
| };
|
|
|
| @@ -259,11 +251,9 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
|
| { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
|
| /* TODO: add a handler for ssl_ec_point_formats_xtn */
|
| { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
|
| - { ssl_encrypted_client_certs, &ssl3_ClientHandleEncryptedClientCertsXtn },
|
| { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
|
| { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
|
| { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
|
| - { ssl_ob_cert_xtn, &ssl3_ClientHandleOBCertXtn },
|
| { -1, NULL }
|
| };
|
|
|
| @@ -287,10 +277,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
| { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
|
| #endif
|
| { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
|
| - { ssl_encrypted_client_certs, &ssl3_SendEncryptedClientCertsXtn },
|
| { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
|
| - { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
|
| - { ssl_ob_cert_xtn, &ssl3_SendOBCertXtn }
|
| + { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }
|
| /* any extra entries will appear as { 0, NULL } */
|
| };
|
|
|
| @@ -1099,18 +1087,6 @@ ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
|
| return SECSuccess;
|
| }
|
|
|
| -static SECStatus
|
| -ssl3_ClientHandleEncryptedClientCertsXtn(sslSocket *ss, PRUint16 ex_type,
|
| - SECItem *data)
|
| -{
|
| - if (data->len != 0)
|
| - return SECFailure;
|
| -
|
| - /* Keep track of negotiated extensions. */
|
| - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
|
| - return SECSuccess;
|
| -}
|
| -
|
| SECStatus
|
| ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
|
| SECItem *data)
|
| @@ -1524,24 +1500,6 @@ loser:
|
| return rv;
|
| }
|
|
|
| -static SECStatus
|
| -ssl3_ServerHandleEncryptedClientCertsXtn(sslSocket *ss, PRUint16 ex_type,
|
| - SECItem *data)
|
| -{
|
| - SECStatus rv = SECSuccess;
|
| -
|
| - if (data->len != 0)
|
| - return SECFailure;
|
| -
|
| - if (ss->opt.encryptClientCerts) {
|
| - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
|
| - rv = ssl3_RegisterServerHelloExtensionSender(
|
| - ss, ex_type, ssl3_SendEncryptedClientCertsXtn);
|
| - }
|
| -
|
| - return rv;
|
| -}
|
| -
|
| /*
|
| * Read bytes. Using this function means the SECItem structure
|
| * cannot be freed. The caller is expected to call this function
|
| @@ -1741,33 +1699,6 @@ ssl3_SendRenegotiationInfoXtn(
|
| return needed;
|
| }
|
|
|
| -static PRInt32
|
| -ssl3_SendEncryptedClientCertsXtn(
|
| - sslSocket * ss,
|
| - PRBool append,
|
| - PRUint32 maxBytes)
|
| -{
|
| - PRInt32 needed;
|
| -
|
| - if (!ss->opt.encryptClientCerts)
|
| - return 0;
|
| -
|
| - needed = 4; /* two bytes of type and two of length. */
|
| - if (append && maxBytes >= needed) {
|
| - SECStatus rv;
|
| - rv = ssl3_AppendHandshakeNumber(ss, ssl_encrypted_client_certs, 2);
|
| - if (rv != SECSuccess)
|
| - return -1;
|
| - rv = ssl3_AppendHandshakeNumber(ss, 0 /* length */, 2);
|
| - if (rv != SECSuccess)
|
| - return -1;
|
| - ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
| - ssl_encrypted_client_certs;
|
| - }
|
| -
|
| - return needed;
|
| -}
|
| -
|
| /* This function runs in both the client and server. */
|
| static SECStatus
|
| ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
|
| @@ -1799,80 +1730,3 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
|
| return rv;
|
| }
|
|
|
| -/* This sender is used by both the client and server. */
|
| -PRInt32
|
| -ssl3_SendOBCertXtn(sslSocket * ss, PRBool append,
|
| - PRUint32 maxBytes)
|
| -{
|
| - SECStatus rv;
|
| - PRUint32 extension_length;
|
| -
|
| - if (!ss)
|
| - return 0;
|
| -
|
| - if (!ss->opt.enableOBCerts)
|
| - return 0;
|
| -
|
| - /* extension length = extension_type (2-bytes) +
|
| - * length(extension_data) (2-bytes) +
|
| - */
|
| -
|
| - extension_length = 4;
|
| -
|
| - if (append && maxBytes >= extension_length) {
|
| - /* extension_type */
|
| - rv = ssl3_AppendHandshakeNumber(ss, ssl_ob_cert_xtn, 2);
|
| - if (rv != SECSuccess) return -1;
|
| - /* length of extension_data */
|
| - rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
|
| - if (rv != SECSuccess) return -1;
|
| -
|
| - if (!ss->sec.isServer) {
|
| - TLSExtensionData *xtnData = &ss->xtnData;
|
| - xtnData->advertised[xtnData->numAdvertised++] = ssl_ob_cert_xtn;
|
| - }
|
| - }
|
| -
|
| - return extension_length;
|
| -}
|
| -
|
| -SECStatus
|
| -ssl3_ServerHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type,
|
| - SECItem *data)
|
| -{
|
| - SECStatus rv;
|
| -
|
| - /* Ignore the OBCert extension if it is disabled. */
|
| - if (!ss->opt.enableOBCerts)
|
| - return SECSuccess;
|
| -
|
| - /* The echoed extension must be empty. */
|
| - if (data->len != 0)
|
| - return SECFailure;
|
| -
|
| - /* Keep track of negotiated extensions. */
|
| - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
|
| -
|
| - rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
|
| - ssl3_SendOBCertXtn);
|
| -
|
| - return SECSuccess;
|
| -}
|
| -
|
| -SECStatus
|
| -ssl3_ClientHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type,
|
| - SECItem *data)
|
| -{
|
| - /* If we didn't request this extension, then the server may not echo it. */
|
| - if (!ss->opt.enableOBCerts)
|
| - return SECFailure;
|
| -
|
| - /* The echoed extension must be empty. */
|
| - if (data->len != 0)
|
| - return SECFailure;
|
| -
|
| - /* Keep track of negotiated extensions. */
|
| - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
|
| -
|
| - return SECSuccess;
|
| -}
|
|
|
Chromium Code Reviews
Issue 10387222:
nss: revert encrypted and origin bound certificates support. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src