| OLD | NEW |
| (Empty) | |
| 1 diff --git a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs
.h |
| 2 index e3f9a1c..2d92514 100644 |
| 3 --- a/net/third_party/nss/ssl/SSLerrs.h |
| 4 +++ b/net/third_party/nss/ssl/SSLerrs.h |
| 5 @@ -429,3 +429,12 @@ ER3(SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST, (SSL_ERROR
_BASE + 122), |
| 6 |
| 7 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 123), |
| 8 "SSL received an unexpected Hello Verify Request handshake message.") |
| 9 + |
| 10 +ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 124), |
| 11 +"SSL received a malformed TLS Channel ID extension.") |
| 12 + |
| 13 +ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 125), |
| 14 +"The application provided an invalid TLS Channel ID key.") |
| 15 + |
| 16 +ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 126), |
| 17 +"The application could not get a TLS Channel ID.") |
| 18 diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h |
| 19 index 1368e2f..3d8fdcb 100644 |
| 20 --- a/net/third_party/nss/ssl/ssl.h |
| 21 +++ b/net/third_party/nss/ssl/ssl.h |
| 22 @@ -945,6 +945,25 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFil
eDesc * socket, |
| 23 SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd, |
| 24 PRBool *last_handshake_resumed
); |
| 25 |
| 26 +/* See SSL_SetClientChannelIDCallback for usage. The callback must return |
| 27 + * SECFailure or SECSuccess (not SECWouldBlock). On SECSuccess, the callback |
| 28 + * must have written a P-256, EC key pair to |*out_public_key| and |
| 29 + * |*out_private_key|. */ |
| 30 +typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)( |
| 31 + void *arg, |
| 32 + PRFileDesc *fd, |
| 33 + SECKEYPublicKey **out_public_key, |
| 34 + SECKEYPrivateKey **out_private_key); |
| 35 + |
| 36 +/* SSL_SetClientChannelIDCallback sets a callback function that will be called |
| 37 + * just before a Channel ID is sent. This is only applicable to a client socket |
| 38 + * and setting this callback causes the TLS Channel ID extension to be |
| 39 + * advertised. */ |
| 40 +SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback( |
| 41 + PRFileDesc *fd, |
| 42 + SSLClientChannelIDCallback callback, |
| 43 + void *arg); |
| 44 + |
| 45 /* |
| 46 ** How long should we wait before retransmitting the next flight of |
| 47 ** the DTLS handshake? Returns SECFailure if not DTLS or not in a |
| 48 diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con
.c |
| 49 index db9fad3..f714a98 100644 |
| 50 --- a/net/third_party/nss/ssl/ssl3con.c |
| 51 +++ b/net/third_party/nss/ssl/ssl3con.c |
| 52 @@ -86,6 +86,7 @@ static SECStatus ssl3_SendCertificate( sslSocket *ss); |
| 53 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); |
| 54 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); |
| 55 static SECStatus ssl3_SendNextProto( sslSocket *ss); |
| 56 +static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); |
| 57 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); |
| 58 static SECStatus ssl3_SendServerHello( sslSocket *ss); |
| 59 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); |
| 60 @@ -6239,6 +6240,10 @@ ssl3_SendClientSecondRound(sslSocket *ss) |
| 61 goto loser; /* err code was set. */ |
| 62 } |
| 63 } |
| 64 + rv = ssl3_SendEncryptedExtensions(ss); |
| 65 + if (rv != SECSuccess) { |
| 66 + goto loser; /* err code was set. */ |
| 67 + } |
| 68 |
| 69 rv = ssl3_SendFinished(ss, 0); |
| 70 if (rv != SECSuccess) { |
| 71 @@ -8855,6 +8860,130 @@ ssl3_SendNextProto(sslSocket *ss) |
| 72 return rv; |
| 73 } |
| 74 |
| 75 +/* called from ssl3_SendClientSecondRound |
| 76 + * ssl3_HandleFinished |
| 77 + */ |
| 78 +static SECStatus |
| 79 +ssl3_SendEncryptedExtensions(sslSocket *ss) |
| 80 +{ |
| 81 + static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature"; |
| 82 + /* This is the ASN.1 prefix for a P-256 public key. Specifically it's: |
| 83 + * SEQUENCE |
| 84 + * SEQUENCE |
| 85 + * OID id-ecPublicKey |
| 86 + * OID prime256v1 |
| 87 + * BIT STRING, length 66, 0 trailing bits: 0x04 |
| 88 + * |
| 89 + * The 0x04 in the BIT STRING is the prefix for an uncompressed, X9.62 |
| 90 + * public key. Following that are the two field elements as 32-byte, |
| 91 + * big-endian numbers, as required by the Channel ID. */ |
| 92 + static const unsigned char P256_SPKI_PREFIX[] = { |
| 93 + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, |
| 94 + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, |
| 95 + 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, |
| 96 + 0x42, 0x00, 0x04 |
| 97 + }; |
| 98 + /* ChannelIDs are always 128 bytes long: 64 bytes of P-256 public key and 6
4 |
| 99 + * bytes of ECDSA signature. */ |
| 100 + static const int CHANNEL_ID_PUBLIC_KEY_LENGTH = 64; |
| 101 + static const int CHANNEL_ID_LENGTH = 128; |
| 102 + |
| 103 + SECStatus rv = SECFailure; |
| 104 + SECItem *spki = NULL; |
| 105 + SSL3Hashes hashes; |
| 106 + const unsigned char *pub_bytes; |
| 107 + unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)]; |
| 108 + unsigned char digest[SHA256_LENGTH]; |
| 109 + SECItem digest_item; |
| 110 + unsigned char signature[64]; |
| 111 + SECItem signature_item; |
| 112 + SECKEYPrivateKey *channelID = NULL; |
| 113 + SECKEYPublicKey *channelIDPub = NULL; |
| 114 + |
| 115 + PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
| 116 + PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
| 117 + |
| 118 + if (ss->getChannelID == NULL || |
| 119 + !ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { |
| 120 + return SECSuccess; |
| 121 + } |
| 122 + |
| 123 + rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, |
| 124 + &channelIDPub, &channelID); |
| 125 + if (rv != SECSuccess) { |
| 126 + PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); |
| 127 + goto loser; |
| 128 + } |
| 129 + |
| 130 + if (SECKEY_GetPrivateKeyType(channelID) != ecKey || |
| 131 + PK11_SignatureLen(channelID) != sizeof(signature)) { |
| 132 + PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); |
| 133 + rv = SECFailure; |
| 134 + goto loser; |
| 135 + } |
| 136 + |
| 137 + ssl_GetSpecReadLock(ss); |
| 138 + rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0); |
| 139 + ssl_ReleaseSpecReadLock(ss); |
| 140 + |
| 141 + if (rv != SECSuccess) |
| 142 + goto loser; |
| 143 + |
| 144 + rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions, |
| 145 + 2 + 2 + CHANNEL_ID_LENGTH); |
| 146 + if (rv != SECSuccess) |
| 147 + goto loser; /* error code set by AppendHandshakeHeader */ |
| 148 + rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); |
| 149 + if (rv != SECSuccess) |
| 150 + goto loser; /* error code set by AppendHandshake */ |
| 151 + rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2); |
| 152 + if (rv != SECSuccess) |
| 153 + goto loser; /* error code set by AppendHandshake */ |
| 154 + |
| 155 + spki = SECKEY_EncodeDERSubjectPublicKeyInfo(channelIDPub); |
| 156 + |
| 157 + if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH || |
| 158 + memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) { |
| 159 + PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); |
| 160 + rv = SECFailure; |
| 161 + goto loser; |
| 162 + } |
| 163 + |
| 164 + pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); |
| 165 + |
| 166 + memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC)); |
| 167 + memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), &hashes, sizeof(hashes)); |
| 168 + |
| 169 + rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, sizeof(signed_data))
; |
| 170 + if (rv != SECSuccess) |
| 171 + goto loser; |
| 172 + |
| 173 + digest_item.data = digest; |
| 174 + digest_item.len = sizeof(digest); |
| 175 + |
| 176 + signature_item.data = signature; |
| 177 + signature_item.len = sizeof(signature); |
| 178 + |
| 179 + rv = PK11_Sign(channelID, &signature_item, &digest_item); |
| 180 + if (rv != SECSuccess) |
| 181 + goto loser; |
| 182 + |
| 183 + rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH); |
| 184 + if (rv != SECSuccess) |
| 185 + goto loser; |
| 186 + rv = ssl3_AppendHandshake(ss, signature, sizeof(signature)); |
| 187 + |
| 188 +loser: |
| 189 + if (spki) |
| 190 + SECITEM_FreeItem(spki, PR_TRUE); |
| 191 + if (channelID) |
| 192 + SECKEY_DestroyPrivateKey(channelID); |
| 193 + if (channelIDPub) |
| 194 + SECKEY_DestroyPublicKey(channelIDPub); |
| 195 + |
| 196 + return rv; |
| 197 +} |
| 198 + |
| 199 /* called from ssl3_HandleServerHelloDone |
| 200 * ssl3_HandleClientHello |
| 201 * ssl3_HandleFinished |
| 202 @@ -9105,11 +9234,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint
32 length, |
| 203 flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER; |
| 204 } |
| 205 |
| 206 - if (!isServer && !ss->firstHsDone) { |
| 207 - rv = ssl3_SendNextProto(ss); |
| 208 - if (rv != SECSuccess) { |
| 209 - goto xmit_loser; /* err code was set. */ |
| 210 + if (!isServer) { |
| 211 + if (!ss->firstHsDone) { |
| 212 + rv = ssl3_SendNextProto(ss); |
| 213 + if (rv != SECSuccess) { |
| 214 + goto xmit_loser; /* err code was set. */ |
| 215 + } |
| 216 } |
| 217 + rv = ssl3_SendEncryptedExtensions(ss); |
| 218 + if (rv != SECSuccess) |
| 219 + goto xmit_loser; /* err code was set. */ |
| 220 } |
| 221 |
| 222 if (IS_DTLS(ss)) { |
| 223 diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext
.c |
| 224 index b9fd6e7..029487e 100644 |
| 225 --- a/net/third_party/nss/ssl/ssl3ext.c |
| 226 +++ b/net/third_party/nss/ssl/ssl3ext.c |
| 227 @@ -80,10 +80,14 @@ static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *
ss, |
| 228 PRUint16 ex_type, SECItem *data); |
| 229 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, |
| 230 PRUint16 ex_type, SECItem *data); |
| 231 +static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss, |
| 232 + PRUint16 ex_type, SECItem *data); |
| 233 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, |
| 234 PRUint16 ex_type, SECItem *data); |
| 235 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, |
| 236 PRUint32 maxBytes); |
| 237 +static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append, |
| 238 + PRUint32 maxBytes); |
| 239 |
| 240 /* |
| 241 * Write bytes. Using this function means the SECItem structure |
| 242 @@ -253,6 +257,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTL
S[] = { |
| 243 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
| 244 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 245 { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
| 246 + { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, |
| 247 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
| 248 { -1, NULL } |
| 249 }; |
| 250 @@ -278,6 +283,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTEN
SIONS] = { |
| 251 #endif |
| 252 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
| 253 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
| 254 + { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, |
| 255 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } |
| 256 /* any extra entries will appear as { 0, NULL } */ |
| 257 }; |
| 258 @@ -668,6 +674,52 @@ loser: |
| 259 return -1; |
| 260 } |
| 261 |
| 262 +static SECStatus |
| 263 +ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type, |
| 264 + SECItem *data) |
| 265 +{ |
| 266 + PORT_Assert(ss->getChannelID != NULL); |
| 267 + |
| 268 + if (data->len) { |
| 269 + PORT_SetError(SSL_ERROR_BAD_CHANNEL_ID_DATA); |
| 270 + return SECFailure; |
| 271 + } |
| 272 + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
| 273 + return SECSuccess; |
| 274 +} |
| 275 + |
| 276 +static PRInt32 |
| 277 +ssl3_ClientSendChannelIDXtn(sslSocket * ss, PRBool append, |
| 278 + PRUint32 maxBytes) |
| 279 +{ |
| 280 + PRInt32 extension_length = 4; |
| 281 + |
| 282 + if (!ss->getChannelID) |
| 283 + return 0; |
| 284 + |
| 285 + if (maxBytes < extension_length) { |
| 286 + PORT_Assert(0); |
| 287 + return 0; |
| 288 + } |
| 289 + |
| 290 + if (append) { |
| 291 + SECStatus rv; |
| 292 + rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); |
| 293 + if (rv != SECSuccess) |
| 294 + goto loser; |
| 295 + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); |
| 296 + if (rv != SECSuccess) |
| 297 + goto loser; |
| 298 + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = |
| 299 + ssl_channel_id_xtn; |
| 300 + } |
| 301 + |
| 302 + return extension_length; |
| 303 + |
| 304 +loser: |
| 305 + return -1; |
| 306 +} |
| 307 + |
| 308 SECStatus |
| 309 ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, |
| 310 SECItem *data) |
| 311 diff --git a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3pr
ot.h |
| 312 index 550c341..11f9624 100644 |
| 313 --- a/net/third_party/nss/ssl/ssl3prot.h |
| 314 +++ b/net/third_party/nss/ssl/ssl3prot.h |
| 315 @@ -163,7 +163,8 @@ typedef enum { |
| 316 client_key_exchange = 16, |
| 317 finished = 20, |
| 318 certificate_status = 22, |
| 319 - next_proto = 67 |
| 320 + next_proto = 67, |
| 321 + encrypted_extensions= 203 |
| 322 } SSL3HandshakeType; |
| 323 |
| 324 typedef struct { |
| 325 diff --git a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslauth
.c |
| 326 index 8ccd1a4..e8b4acb 100644 |
| 327 --- a/net/third_party/nss/ssl/sslauth.c |
| 328 +++ b/net/third_party/nss/ssl/sslauth.c |
| 329 @@ -251,6 +251,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthDa
ta func, |
| 330 return SECSuccess; |
| 331 } |
| 332 |
| 333 +SECStatus |
| 334 +SSL_SetClientChannelIDCallback(PRFileDesc *fd, |
| 335 + SSLClientChannelIDCallback callback, |
| 336 + void *arg) { |
| 337 + sslSocket *ss = ssl_FindSocket(fd); |
| 338 + |
| 339 + if (!ss) { |
| 340 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetClientChannelIDCallback", |
| 341 + SSL_GETPID(), fd)); |
| 342 + return SECFailure; |
| 343 + } |
| 344 + |
| 345 + ss->getChannelID = callback; |
| 346 + ss->getChannelIDArg = arg; |
| 347 + |
| 348 + return SECSuccess; |
| 349 +} |
| 350 + |
| 351 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 352 /* NEED LOCKS IN HERE. */ |
| 353 SECStatus |
| 354 diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h |
| 355 index 9d3bebc..53c897c 100644 |
| 356 --- a/net/third_party/nss/ssl/sslerr.h |
| 357 +++ b/net/third_party/nss/ssl/sslerr.h |
| 358 @@ -218,6 +218,10 @@ SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE +
121), |
| 359 SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 122), |
| 360 SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123), |
| 361 |
| 362 +SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 124), |
| 363 +SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 125), |
| 364 +SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 126), |
| 365 + |
| 366 SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ |
| 367 } SSLErrorCodes; |
| 368 #endif /* NO_SECURITY_ERROR_ENUM */ |
| 369 diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl
.h |
| 370 index 8ab865a..7cd2298 100644 |
| 371 --- a/net/third_party/nss/ssl/sslimpl.h |
| 372 +++ b/net/third_party/nss/ssl/sslimpl.h |
| 373 @@ -1198,6 +1198,8 @@ const unsigned char * preferredCipher; |
| 374 void *pkcs11PinArg; |
| 375 SSLNextProtoCallback nextProtoCallback; |
| 376 void *nextProtoArg; |
| 377 + SSLClientChannelIDCallback getChannelID; |
| 378 + void *getChannelIDArg; |
| 379 |
| 380 PRIntervalTime rTimeout; /* timeout for NSPR I/O */ |
| 381 PRIntervalTime wTimeout; /* timeout for NSPR I/O */ |
| 382 diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock
.c |
| 383 index ebc245a..9498828 100644 |
| 384 --- a/net/third_party/nss/ssl/sslsock.c |
| 385 +++ b/net/third_party/nss/ssl/sslsock.c |
| 386 @@ -374,6 +374,8 @@ ssl_DupSocket(sslSocket *os) |
| 387 ss->handshakeCallback = os->handshakeCallback; |
| 388 ss->handshakeCallbackData = os->handshakeCallbackData; |
| 389 ss->pkcs11PinArg = os->pkcs11PinArg; |
| 390 + ss->getChannelID = os->getChannelID; |
| 391 + ss->getChannelIDArg = os->getChannelIDArg; |
| 392 |
| 393 /* Create security data */ |
| 394 rv = ssl_CopySecurityInfo(ss, os); |
| 395 @@ -1688,6 +1690,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) |
| 396 ss->handshakeCallbackData = sm->handshakeCallbackData; |
| 397 if (sm->pkcs11PinArg) |
| 398 ss->pkcs11PinArg = sm->pkcs11PinArg; |
| 399 + if (sm->getChannelID) |
| 400 + ss->getChannelID = sm->getChannelID; |
| 401 + if (sm->getChannelIDArg) |
| 402 + ss->getChannelIDArg = sm->getChannelIDArg; |
| 403 return fd; |
| 404 loser: |
| 405 return NULL; |
| 406 @@ -2938,6 +2944,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco
lVariant) |
| 407 ss->handleBadCert = NULL; |
| 408 ss->badCertArg = NULL; |
| 409 ss->pkcs11PinArg = NULL; |
| 410 + ss->getChannelID = NULL; |
| 411 + ss->getChannelIDArg = NULL; |
| 412 |
| 413 ssl_ChooseOps(ss); |
| 414 ssl2_InitSocketPolicy(ss); |
| 415 diff --git a/net/third_party/nss/ssl/sslt.h b/net/third_party/nss/ssl/sslt.h |
| 416 index 0636570..978b1cb 100644 |
| 417 --- a/net/third_party/nss/ssl/sslt.h |
| 418 +++ b/net/third_party/nss/ssl/sslt.h |
| 419 @@ -215,9 +215,10 @@ typedef enum { |
| 420 #endif |
| 421 ssl_session_ticket_xtn = 35, |
| 422 ssl_next_proto_nego_xtn = 13172, |
| 423 + ssl_channel_id_xtn = 30031, |
| 424 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ |
| 425 } SSLExtensionType; |
| 426 |
| 427 -#define SSL_MAX_EXTENSIONS 7 |
| 428 +#define SSL_MAX_EXTENSIONS 8 |
| 429 |
| 430 #endif /* __sslt_h_ */ |
| OLD | NEW |