| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * SSL3 Protocol | 2 * SSL3 Protocol |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 77 static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss, | 77 static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss, |
| 78 PRBool append, PRUint32 maxBytes); | 78 PRBool append, PRUint32 maxBytes); |
| 79 static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, | 79 static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, |
| 80 PRUint16 ex_type, SECItem *data); | 80 PRUint16 ex_type, SECItem *data); |
| 81 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, | 81 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, |
| 82 PRUint16 ex_type, SECItem *data); | 82 PRUint16 ex_type, SECItem *data); |
| 83 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, | 83 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, |
| 84 PRUint16 ex_type, SECItem *data); | 84 PRUint16 ex_type, SECItem *data); |
| 85 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, | 85 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, |
| 86 PRUint32 maxBytes); | 86 PRUint32 maxBytes); |
| 87 static SECStatus ssl3_ServerHandleEncryptedClientCertsXtn(sslSocket *ss, | |
| 88 PRUint16 ex_type, SECItem *data); | |
| 89 static SECStatus ssl3_ClientHandleEncryptedClientCertsXtn(sslSocket *ss, | |
| 90 PRUint16 ex_type, SECItem *data); | |
| 91 static PRInt32 ssl3_SendEncryptedClientCertsXtn(sslSocket *ss, | |
| 92 PRBool append, PRUint32 maxBytes); | |
| 93 | 87 |
| 94 /* | 88 /* |
| 95 * Write bytes. Using this function means the SECItem structure | 89 * Write bytes. Using this function means the SECItem structure |
| 96 * cannot be freed. The caller is expected to call this function | 90 * cannot be freed. The caller is expected to call this function |
| 97 * on a shallow copy of the structure. | 91 * on a shallow copy of the structure. |
| 98 */ | 92 */ |
| 99 static SECStatus | 93 static SECStatus |
| 100 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes) | 94 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes) |
| 101 { | 95 { |
| 102 if (bytes > item->len) | 96 if (bytes > item->len) |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 239 * will be registered here. | 233 * will be registered here. |
| 240 */ | 234 */ |
| 241 /* This table is used by the server, to handle client hello extensions. */ | 235 /* This table is used by the server, to handle client hello extensions. */ |
| 242 static const ssl3HelloExtensionHandler clientHelloHandlers[] = { | 236 static const ssl3HelloExtensionHandler clientHelloHandlers[] = { |
| 243 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, | 237 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
| 244 #ifdef NSS_ENABLE_ECC | 238 #ifdef NSS_ENABLE_ECC |
| 245 { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn }, | 239 { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn }, |
| 246 { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn }, | 240 { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn }, |
| 247 #endif | 241 #endif |
| 248 { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, | 242 { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, |
| 249 { ssl_encrypted_client_certs, &ssl3_ServerHandleEncryptedClientCertsXtn }, | |
| 250 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 243 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 251 { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, | 244 { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, |
| 252 { ssl_ob_cert_xtn, &ssl3_ServerHandleOBCertXtn }, | |
| 253 { -1, NULL } | 245 { -1, NULL } |
| 254 }; | 246 }; |
| 255 | 247 |
| 256 /* These two tables are used by the client, to handle server hello | 248 /* These two tables are used by the client, to handle server hello |
| 257 * extensions. */ | 249 * extensions. */ |
| 258 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { | 250 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { |
| 259 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, | 251 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
| 260 /* TODO: add a handler for ssl_ec_point_formats_xtn */ | 252 /* TODO: add a handler for ssl_ec_point_formats_xtn */ |
| 261 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, | 253 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
| 262 { ssl_encrypted_client_certs, &ssl3_ClientHandleEncryptedClientCertsXtn }, | |
| 263 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 254 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 264 { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, | 255 { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
| 265 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, | 256 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
| 266 { ssl_ob_cert_xtn, &ssl3_ClientHandleOBCertXtn }, | |
| 267 { -1, NULL } | 257 { -1, NULL } |
| 268 }; | 258 }; |
| 269 | 259 |
| 270 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { | 260 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { |
| 271 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 261 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 272 { -1, NULL } | 262 { -1, NULL } |
| 273 }; | 263 }; |
| 274 | 264 |
| 275 /* Tables of functions to format TLS hello extensions, one function per | 265 /* Tables of functions to format TLS hello extensions, one function per |
| 276 * extension. | 266 * extension. |
| 277 * These static tables are for the formatting of client hello extensions. | 267 * These static tables are for the formatting of client hello extensions. |
| 278 * The server's table of hello senders is dynamic, in the socket struct, | 268 * The server's table of hello senders is dynamic, in the socket struct, |
| 279 * and sender functions are registered there. | 269 * and sender functions are registered there. |
| 280 */ | 270 */ |
| 281 static const | 271 static const |
| 282 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { | 272 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { |
| 283 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, | 273 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, |
| 284 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, | 274 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, |
| 285 #ifdef NSS_ENABLE_ECC | 275 #ifdef NSS_ENABLE_ECC |
| 286 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, | 276 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, |
| 287 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, | 277 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, |
| 288 #endif | 278 #endif |
| 289 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, | 279 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
| 290 { ssl_encrypted_client_certs, &ssl3_SendEncryptedClientCertsXtn }, | |
| 291 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, | 280 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
| 292 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, | 281 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } |
| 293 { ssl_ob_cert_xtn, &ssl3_SendOBCertXtn } | |
| 294 /* any extra entries will appear as { 0, NULL } */ | 282 /* any extra entries will appear as { 0, NULL } */ |
| 295 }; | 283 }; |
| 296 | 284 |
| 297 static const | 285 static const |
| 298 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { | 286 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { |
| 299 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } | 287 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } |
| 300 /* any extra entries will appear as { 0, NULL } */ | 288 /* any extra entries will appear as { 0, NULL } */ |
| 301 }; | 289 }; |
| 302 | 290 |
| 303 static PRBool | 291 static PRBool |
| (...skipping 788 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1092 SECItem *data) | 1080 SECItem *data) |
| 1093 { | 1081 { |
| 1094 if (data->len != 0) | 1082 if (data->len != 0) |
| 1095 return SECFailure; | 1083 return SECFailure; |
| 1096 | 1084 |
| 1097 /* Keep track of negotiated extensions. */ | 1085 /* Keep track of negotiated extensions. */ |
| 1098 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 1086 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
| 1099 return SECSuccess; | 1087 return SECSuccess; |
| 1100 } | 1088 } |
| 1101 | 1089 |
| 1102 static SECStatus | |
| 1103 ssl3_ClientHandleEncryptedClientCertsXtn(sslSocket *ss, PRUint16 ex_type, | |
| 1104 SECItem *data) | |
| 1105 { | |
| 1106 if (data->len != 0) | |
| 1107 return SECFailure; | |
| 1108 | |
| 1109 /* Keep track of negotiated extensions. */ | |
| 1110 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
| 1111 return SECSuccess; | |
| 1112 } | |
| 1113 | |
| 1114 SECStatus | 1090 SECStatus |
| 1115 ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, | 1091 ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, |
| 1116 SECItem *data) | 1092 SECItem *data) |
| 1117 { | 1093 { |
| 1118 SECStatus rv; | 1094 SECStatus rv; |
| 1119 SECItem *decrypted_state = NULL; | 1095 SECItem *decrypted_state = NULL; |
| 1120 SessionTicket *parsed_session_ticket = NULL; | 1096 SessionTicket *parsed_session_ticket = NULL; |
| 1121 sslSessionID *sid = NULL; | 1097 sslSessionID *sid = NULL; |
| 1122 SSL3Statistics *ssl3stats; | 1098 SSL3Statistics *ssl3stats; |
| 1123 | 1099 |
| (...skipping 393 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1517 if (parsed_session_ticket != NULL) { | 1493 if (parsed_session_ticket != NULL) { |
| 1518 if (parsed_session_ticket->peer_cert.data) { | 1494 if (parsed_session_ticket->peer_cert.data) { |
| 1519 SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE); | 1495 SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE); |
| 1520 } | 1496 } |
| 1521 PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket)); | 1497 PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket)); |
| 1522 } | 1498 } |
| 1523 | 1499 |
| 1524 return rv; | 1500 return rv; |
| 1525 } | 1501 } |
| 1526 | 1502 |
| 1527 static SECStatus | |
| 1528 ssl3_ServerHandleEncryptedClientCertsXtn(sslSocket *ss, PRUint16 ex_type, | |
| 1529 SECItem *data) | |
| 1530 { | |
| 1531 SECStatus rv = SECSuccess; | |
| 1532 | |
| 1533 if (data->len != 0) | |
| 1534 return SECFailure; | |
| 1535 | |
| 1536 if (ss->opt.encryptClientCerts) { | |
| 1537 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
| 1538 rv = ssl3_RegisterServerHelloExtensionSender( | |
| 1539 ss, ex_type, ssl3_SendEncryptedClientCertsXtn); | |
| 1540 } | |
| 1541 | |
| 1542 return rv; | |
| 1543 } | |
| 1544 | |
| 1545 /* | 1503 /* |
| 1546 * Read bytes. Using this function means the SECItem structure | 1504 * Read bytes. Using this function means the SECItem structure |
| 1547 * cannot be freed. The caller is expected to call this function | 1505 * cannot be freed. The caller is expected to call this function |
| 1548 * on a shallow copy of the structure. | 1506 * on a shallow copy of the structure. |
| 1549 */ | 1507 */ |
| 1550 static SECStatus | 1508 static SECStatus |
| 1551 ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes) | 1509 ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes) |
| 1552 { | 1510 { |
| 1553 if (bytes > item->len) | 1511 if (bytes > item->len) |
| 1554 return SECFailure; | 1512 return SECFailure; |
| (...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1734 if (rv != SECSuccess) return -1; | 1692 if (rv != SECSuccess) return -1; |
| 1735 if (!ss->sec.isServer) { | 1693 if (!ss->sec.isServer) { |
| 1736 TLSExtensionData *xtnData = &ss->xtnData; | 1694 TLSExtensionData *xtnData = &ss->xtnData; |
| 1737 xtnData->advertised[xtnData->numAdvertised++] = | 1695 xtnData->advertised[xtnData->numAdvertised++] = |
| 1738 ssl_renegotiation_info_xtn; | 1696 ssl_renegotiation_info_xtn; |
| 1739 } | 1697 } |
| 1740 } | 1698 } |
| 1741 return needed; | 1699 return needed; |
| 1742 } | 1700 } |
| 1743 | 1701 |
| 1744 static PRInt32 | |
| 1745 ssl3_SendEncryptedClientCertsXtn( | |
| 1746 sslSocket * ss, | |
| 1747 PRBool append, | |
| 1748 PRUint32 maxBytes) | |
| 1749 { | |
| 1750 PRInt32 needed; | |
| 1751 | |
| 1752 if (!ss->opt.encryptClientCerts) | |
| 1753 return 0; | |
| 1754 | |
| 1755 needed = 4; /* two bytes of type and two of length. */ | |
| 1756 if (append && maxBytes >= needed) { | |
| 1757 SECStatus rv; | |
| 1758 rv = ssl3_AppendHandshakeNumber(ss, ssl_encrypted_client_certs, 2); | |
| 1759 if (rv != SECSuccess) | |
| 1760 return -1; | |
| 1761 rv = ssl3_AppendHandshakeNumber(ss, 0 /* length */, 2); | |
| 1762 if (rv != SECSuccess) | |
| 1763 return -1; | |
| 1764 ss->xtnData.advertised[ss->xtnData.numAdvertised++] = | |
| 1765 ssl_encrypted_client_certs; | |
| 1766 } | |
| 1767 | |
| 1768 return needed; | |
| 1769 } | |
| 1770 | |
| 1771 /* This function runs in both the client and server. */ | 1702 /* This function runs in both the client and server. */ |
| 1772 static SECStatus | 1703 static SECStatus |
| 1773 ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) | 1704 ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) |
| 1774 { | 1705 { |
| 1775 SECStatus rv = SECSuccess; | 1706 SECStatus rv = SECSuccess; |
| 1776 PRUint32 len = 0; | 1707 PRUint32 len = 0; |
| 1777 | 1708 |
| 1778 if (ss->firstHsDone) { | 1709 if (ss->firstHsDone) { |
| 1779 len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes | 1710 len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes |
| 1780 : ss->ssl3.hs.finishedBytes * 2; | 1711 : ss->ssl3.hs.finishedBytes * 2; |
| (...skipping 11 matching lines...) Expand all Loading... |
| 1792 ss->peerRequestedProtection = 1; | 1723 ss->peerRequestedProtection = 1; |
| 1793 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 1724 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
| 1794 if (ss->sec.isServer) { | 1725 if (ss->sec.isServer) { |
| 1795 /* prepare to send back the appropriate response */ | 1726 /* prepare to send back the appropriate response */ |
| 1796 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, | 1727 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, |
| 1797 ssl3_SendRenegotiationInfoXtn); | 1728 ssl3_SendRenegotiationInfoXtn); |
| 1798 } | 1729 } |
| 1799 return rv; | 1730 return rv; |
| 1800 } | 1731 } |
| 1801 | 1732 |
| 1802 /* This sender is used by both the client and server. */ | |
| 1803 PRInt32 | |
| 1804 ssl3_SendOBCertXtn(sslSocket * ss, PRBool append, | |
| 1805 PRUint32 maxBytes) | |
| 1806 { | |
| 1807 SECStatus rv; | |
| 1808 PRUint32 extension_length; | |
| 1809 | |
| 1810 if (!ss) | |
| 1811 return 0; | |
| 1812 | |
| 1813 if (!ss->opt.enableOBCerts) | |
| 1814 return 0; | |
| 1815 | |
| 1816 /* extension length = extension_type (2-bytes) + | |
| 1817 * length(extension_data) (2-bytes) + | |
| 1818 */ | |
| 1819 | |
| 1820 extension_length = 4; | |
| 1821 | |
| 1822 if (append && maxBytes >= extension_length) { | |
| 1823 /* extension_type */ | |
| 1824 rv = ssl3_AppendHandshakeNumber(ss, ssl_ob_cert_xtn, 2); | |
| 1825 if (rv != SECSuccess) return -1; | |
| 1826 /* length of extension_data */ | |
| 1827 rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); | |
| 1828 if (rv != SECSuccess) return -1; | |
| 1829 | |
| 1830 if (!ss->sec.isServer) { | |
| 1831 TLSExtensionData *xtnData = &ss->xtnData; | |
| 1832 xtnData->advertised[xtnData->numAdvertised++] = ssl_ob_cert_xtn; | |
| 1833 } | |
| 1834 } | |
| 1835 | |
| 1836 return extension_length; | |
| 1837 } | |
| 1838 | |
| 1839 SECStatus | |
| 1840 ssl3_ServerHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type, | |
| 1841 SECItem *data) | |
| 1842 { | |
| 1843 SECStatus rv; | |
| 1844 | |
| 1845 /* Ignore the OBCert extension if it is disabled. */ | |
| 1846 if (!ss->opt.enableOBCerts) | |
| 1847 return SECSuccess; | |
| 1848 | |
| 1849 /* The echoed extension must be empty. */ | |
| 1850 if (data->len != 0) | |
| 1851 return SECFailure; | |
| 1852 | |
| 1853 /* Keep track of negotiated extensions. */ | |
| 1854 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
| 1855 | |
| 1856 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, | |
| 1857 ssl3_SendOBCertXtn); | |
| 1858 | |
| 1859 return SECSuccess; | |
| 1860 } | |
| 1861 | |
| 1862 SECStatus | |
| 1863 ssl3_ClientHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type, | |
| 1864 SECItem *data) | |
| 1865 { | |
| 1866 /* If we didn't request this extension, then the server may not echo it. */ | |
| 1867 if (!ss->opt.enableOBCerts) | |
| 1868 return SECFailure; | |
| 1869 | |
| 1870 /* The echoed extension must be empty. */ | |
| 1871 if (data->len != 0) | |
| 1872 return SECFailure; | |
| 1873 | |
| 1874 /* Keep track of negotiated extensions. */ | |
| 1875 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
| 1876 | |
| 1877 return SECSuccess; | |
| 1878 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10451012:
Revert 138795 - Revert "nss: revert encrypted and origin bound certificates support." (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/