| Index: net/third_party/nss/patches/sslprotocolvariant.patch
|
| ===================================================================
|
| --- net/third_party/nss/patches/sslprotocolvariant.patch (revision 0)
|
| +++ net/third_party/nss/patches/sslprotocolvariant.patch (revision 0)
|
| @@ -0,0 +1,52 @@
|
| +Index: mozilla/security/nss/lib/ssl/ssl3con.c
|
| +===================================================================
|
| +RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
|
| +retrieving revision 1.186
|
| +diff -u -p -8 -r1.186 ssl3con.c
|
| +--- mozilla/security/nss/lib/ssl/ssl3con.c 30 Jul 2012 00:47:36 -0000 1.186
|
| ++++ mozilla/security/nss/lib/ssl/ssl3con.c 15 Aug 2012 00:29:49 -0000
|
| +@@ -770,17 +770,17 @@ ssl3_NegotiateVersion(sslSocket *ss, SSL
|
| +
|
| + if (peerVersion < ss->vrange.min ||
|
| + (peerVersion > ss->vrange.max && !allowLargerPeerVersion)) {
|
| + PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
|
| + return SECFailure;
|
| + }
|
| +
|
| + ss->version = PR_MIN(peerVersion, ss->vrange.max);
|
| +- PORT_Assert(ssl3_VersionIsSupported(ssl_variant_stream, ss->version));
|
| ++ PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, ss->version));
|
| +
|
| + return SECSuccess;
|
| + }
|
| +
|
| + static SECStatus
|
| + ssl3_GetNewRandom(SSL3Random *random)
|
| + {
|
| + PRUint32 gmt = ssl_Time();
|
| +Index: mozilla/security/nss/lib/ssl/sslsock.c
|
| +===================================================================
|
| +RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
|
| +retrieving revision 1.93
|
| +diff -u -p -8 -r1.93 sslsock.c
|
| +--- mozilla/security/nss/lib/ssl/sslsock.c 14 Jun 2012 19:03:29 -0000 1.93
|
| ++++ mozilla/security/nss/lib/ssl/sslsock.c 15 Aug 2012 00:29:49 -0000
|
| +@@ -1843,17 +1843,17 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons
|
| + sslSocket *ss = ssl_FindSocket(fd);
|
| +
|
| + if (!ss) {
|
| + SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
|
| + SSL_GETPID(), fd));
|
| + return SECFailure;
|
| + }
|
| +
|
| +- if (!ssl3_VersionRangeIsValid(ssl_variant_stream, vrange)) {
|
| ++ if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
|
| + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
|
| + return SECFailure;
|
| + }
|
| +
|
| + ssl_Get1stHandshakeLock(ss);
|
| + ssl_GetSSL3HandshakeLock(ss);
|
| +
|
| + ss->vrange = *vrange;
|
|
|