| OLD | NEW |
|---|
| 1 diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
n.c | 1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c |
| 2 --- a/net/third_party/nss/ssl/ssl3con.c»2012-11-09 15:19:29.665155332 -0800 | 2 --- a/nss/lib/ssl/ssl3con.c» 2013-04-27 09:19:50.358559102 -0700 |
| 3 +++ b/net/third_party/nss/ssl/ssl3con.c»2012-11-09 15:20:08.835732728 -0800 | 3 +++ b/nss/lib/ssl/ssl3con.c» 2013-04-27 09:19:58.798678612 -0700 |
| 4 @@ -42,6 +42,7 @@ | 4 @@ -42,6 +42,7 @@ |
| 5 #endif | 5 #endif |
| 6 | 6 |
| 7 static void ssl3_CleanupPeerCerts(sslSocket *ss); | 7 static void ssl3_CleanupPeerCerts(sslSocket *ss); |
| 8 +static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid); | 8 +static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid); |
| 9 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, | 9 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, |
| 10 PK11SlotInfo * serverKeySlot); | 10 PK11SlotInfo * serverKeySlot); |
| 11 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); | 11 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); |
| 12 @@ -5575,6 +5576,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS | 12 @@ -5697,6 +5698,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS |
| 13 /* copy the peer cert from the SID */ | 13 /* copy the peer cert from the SID */ |
| 14 if (sid->peerCert != NULL) { | 14 if (sid->peerCert != NULL) { |
| 15 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); | 15 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); |
| 16 + ssl3_CopyPeerCertsFromSID(ss, sid); | 16 + ssl3_CopyPeerCertsFromSID(ss, sid); |
| 17 } | 17 } |
| 18 | 18 |
| 19 | 19 » /* NULL value for PMS signifies re-use of the old MS */ |
| 20 @@ -6916,6 +6918,7 @@ compression_found: | 20 @@ -7048,6 +7050,7 @@ compression_found: |
| 21 ss->sec.ci.sid = sid; | 21 ss->sec.ci.sid = sid; |
| 22 if (sid->peerCert != NULL) { | 22 if (sid->peerCert != NULL) { |
| 23 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); | 23 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); |
| 24 + ssl3_CopyPeerCertsFromSID(ss, sid); | 24 + ssl3_CopyPeerCertsFromSID(ss, sid); |
| 25 } | 25 } |
| 26 | 26 |
| 27 /* | 27 /* |
| 28 @@ -8323,6 +8326,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss) | 28 @@ -8501,6 +8504,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss) |
| 29 ss->ssl3.peerCertChain = NULL; | 29 ss->ssl3.peerCertChain = NULL; |
| 30 } | 30 } |
| 31 | 31 |
| 32 +static void | 32 +static void |
| 33 +ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid) | 33 +ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid) |
| 34 +{ | 34 +{ |
| 35 + PRArenaPool *arena; | 35 + PRArenaPool *arena; |
| 36 + ssl3CertNode *lastCert = NULL; | 36 + ssl3CertNode *lastCert = NULL; |
| 37 + ssl3CertNode *certs = NULL; | 37 + ssl3CertNode *certs = NULL; |
| 38 + int i; | 38 + int i; |
| (...skipping 22 matching lines...) Expand all Loading... |
| 61 +{ | 61 +{ |
| 62 + int i = 0; | 62 + int i = 0; |
| 63 + ssl3CertNode *c = certs; | 63 + ssl3CertNode *c = certs; |
| 64 + for (; i < MAX_PEER_CERT_CHAIN_SIZE && c; i++, c = c->next) { | 64 + for (; i < MAX_PEER_CERT_CHAIN_SIZE && c; i++, c = c->next) { |
| 65 + PORT_Assert(!sid->peerCertChain[i]); | 65 + PORT_Assert(!sid->peerCertChain[i]); |
| 66 + sid->peerCertChain[i] = CERT_DupCertificate(c->cert); | 66 + sid->peerCertChain[i] = CERT_DupCertificate(c->cert); |
| 67 + } | 67 + } |
| 68 +} | 68 +} |
| 69 + | 69 + |
| 70 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | 70 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
| 71 * ssl3 Certificate message. | 71 * ssl3 CertificateStatus message. |
| 72 * Caller must hold Handshake and RecvBuf locks. | 72 * Caller must hold Handshake and RecvBuf locks. |
| 73 @@ -8510,6 +8551,7 @@ ssl3_HandleCertificate(sslSocket *ss, SS | 73 @@ -8780,6 +8821,7 @@ ssl3_AuthCertificate(sslSocket *ss) |
| 74 } | 74 } |
| 75 | 75 |
| 76 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert); | 76 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert); |
| 77 + ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid); | 77 + ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid); |
| 78 | 78 |
| 79 if (!ss->sec.isServer) { | 79 if (!ss->sec.isServer) { |
| 80 CERTCertificate *cert = ss->sec.peerCert; | 80 CERTCertificate *cert = ss->sec.peerCert; |
| 81 diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimp
l.h | 81 diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h |
| 82 --- a/net/third_party/nss/ssl/sslimpl.h»2012-09-27 18:46:45.000000000 -0700 | 82 --- a/nss/lib/ssl/sslimpl.h» 2013-04-27 09:17:17.216390477 -0700 |
| 83 +++ b/net/third_party/nss/ssl/sslimpl.h»2012-11-09 15:20:08.835732728 -0800 | 83 +++ b/nss/lib/ssl/sslimpl.h» 2013-04-27 09:19:58.798678612 -0700 |
| 84 @@ -571,10 +571,13 @@ typedef enum {» never_cached, | 84 @@ -570,10 +570,13 @@ typedef enum {» never_cached, |
| 85 invalid_cache /* no longer in any cache. */ | 85 invalid_cache /* no longer in any cache. */ |
| 86 } Cached; | 86 } Cached; |
| 87 | 87 |
| 88 +#define MAX_PEER_CERT_CHAIN_SIZE 8 | 88 +#define MAX_PEER_CERT_CHAIN_SIZE 8 |
| 89 + | 89 + |
| 90 struct sslSessionIDStr { | 90 struct sslSessionIDStr { |
| 91 sslSessionID * next; /* chain used for client sockets, only */ | 91 sslSessionID * next; /* chain used for client sockets, only */ |
| 92 | 92 |
| 93 CERTCertificate * peerCert; | 93 CERTCertificate * peerCert; |
| 94 + CERTCertificate * peerCertChain[MAX_PEER_CERT_CHAIN_SIZE]; | 94 + CERTCertificate * peerCertChain[MAX_PEER_CERT_CHAIN_SIZE]; |
| 95 SECItemArray peerCertStatus; /* client only */ |
| 95 const char * peerID; /* client only */ | 96 const char * peerID; /* client only */ |
| 96 const char * urlSvrName; /* client only */ | 97 const char * urlSvrName; /* client only */ |
| 97 CERTCertificate * localCert; | 98 diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c |
| 98 diff -pu -r a/net/third_party/nss/ssl/sslnonce.c b/net/third_party/nss/ssl/sslno
nce.c | 99 --- a/nss/lib/ssl/sslnonce.c» 2013-04-27 09:17:17.216390477 -0700 |
| 99 --- a/net/third_party/nss/ssl/sslnonce.c» 2012-04-25 07:50:12.000000000 -0
700 | 100 +++ b/nss/lib/ssl/sslnonce.c» 2013-04-27 09:19:58.798678612 -0700 |
| 100 +++ b/net/third_party/nss/ssl/sslnonce.c» 2012-11-09 15:20:08.835732728 -0
800 | |
| 101 @@ -165,6 +165,7 @@ lock_cache(void) | 101 @@ -165,6 +165,7 @@ lock_cache(void) |
| 102 static void | 102 static void |
| 103 ssl_DestroySID(sslSessionID *sid) | 103 ssl_DestroySID(sslSessionID *sid) |
| 104 { | 104 { |
| 105 + int i; | 105 + int i; |
| 106 SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached)); | 106 SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached)); |
| 107 PORT_Assert((sid->references == 0)); | 107 PORT_Assert((sid->references == 0)); |
| 108 | 108 |
| 109 @@ -184,6 +185,9 @@ ssl_DestroySID(sslSessionID *sid) | 109 @@ -184,6 +185,9 @@ ssl_DestroySID(sslSessionID *sid) |
| 110 if ( sid->peerCert ) { | 110 if ( sid->peerCert ) { |
| 111 CERT_DestroyCertificate(sid->peerCert); | 111 CERT_DestroyCertificate(sid->peerCert); |
| 112 } | 112 } |
| 113 + for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) { | 113 + for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) { |
| 114 + CERT_DestroyCertificate(sid->peerCertChain[i]); | 114 + CERT_DestroyCertificate(sid->peerCertChain[i]); |
| 115 + } | 115 + } |
| 116 if ( sid->localCert ) { | 116 if (sid->peerCertStatus.len) { |
| 117 » CERT_DestroyCertificate(sid->localCert); | 117 SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE); |
| 118 } | 118 sid->peerCertStatus.items = NULL; |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14522022:
Update NSS libSSL to NSS_3_15_BETA2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/