Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(275)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/ssl/sslsock.c

Issue 14522022: Update NSS libSSL to NSS_3_15_BETA2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Make the changes rsleevi suggested Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/third_party/nss/ssl/sslauth.c ('K') | « net/third_party/nss/ssl/sslsnce.c ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/sslsock.c
===================================================================
--- net/third_party/nss/ssl/sslsock.c (revision 196870)
+++ net/third_party/nss/ssl/sslsock.c (working copy)
@@ -6,7 +6,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslsock.c,v 1.96 2012/09/24 23:57:42 wtc%google.com Exp $ */
+/* $Id$ */
#include "seccomon.h"
#include "cert.h"
#include "keyhi.h"
@@ -154,7 +154,7 @@
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
PR_TRUE, /* cbcRandomIV */
- PR_FALSE, /* enableOCSPStapling */
+ PR_FALSE /* enableOCSPStapling */
};
/*
@@ -327,6 +327,8 @@
ssl3_GetKeyPairRef(os->stepDownKeyPair);
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
+ ss->certStatusArray = !os->certStatusArray ? NULL :
+ SECITEM_DupArray(NULL, os->certStatusArray);
/*
* XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
* XXX We should detect this, and not just march on with NULL pointers.
@@ -444,6 +446,10 @@
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
ss->ephemeralECDHKeyPair = NULL;
}
+ if (ss->certStatusArray) {
+ SECITEM_FreeArray(ss->certStatusArray, PR_TRUE);
+ ss->certStatusArray = NULL;
+ }
SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
PORT_Assert(!ss->xtnData.sniNameArr);
if (ss->xtnData.sniNameArr) {
@@ -835,8 +841,8 @@
break;
case SSL_ENABLE_OCSP_STAPLING:
- ss->opt.enableOCSPStapling = on;
- break;
+ ss->opt.enableOCSPStapling = on;
+ break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -967,8 +973,8 @@
case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break;
case SSL_ENABLE_OCSP_STAPLING:
- on = ssl_defaults.enableOCSPStapling;
- break;
+ on = ssl_defaults.enableOCSPStapling;
+ break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -1133,8 +1139,8 @@
break;
case SSL_ENABLE_OCSP_STAPLING:
- ssl_defaults.enableOCSPStapling = on;
- break;
+ ssl_defaults.enableOCSPStapling = on;
+ break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -1720,6 +1726,13 @@
ss->ephemeralECDHKeyPair =
ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair);
}
+ if (sm->certStatusArray) {
+ if (ss->certStatusArray) {
+ SECITEM_FreeArray(ss->certStatusArray, PR_TRUE);
+ ss->certStatusArray = NULL;
+ }
+ ss->certStatusArray = SECITEM_DupArray(NULL, sm->certStatusArray);
+ }
/* copy trust anchor names */
if (sm->ssl3.ca_list) {
if (ss->ssl3.ca_list) {
@@ -1909,34 +1922,23 @@
return SECSuccess;
}
-SECStatus
-SSL_GetStapledOCSPResponse(PRFileDesc *fd, unsigned char *out_data,
- unsigned int *len) {
+const SECItemArray *
+SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
+{
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetStapledOCSPResponse",
- SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses",
+ SSL_GETPID(), fd));
+ return NULL;
}
- ssl_Get1stHandshakeLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
-
- if (ss->ssl3.hs.cert_status.data) {
- unsigned int todo = ss->ssl3.hs.cert_status.len;
- if (todo > *len)
- todo = *len;
- *len = ss->ssl3.hs.cert_status.len;
- PORT_Memcpy(out_data, ss->ssl3.hs.cert_status.data, todo);
- } else {
- *len = 0;
+ if (!ss->sec.ci.sid) {
+ PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+ return NULL;
}
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_Release1stHandshakeLock(ss);
-
- return SECSuccess;
+
+ return &ss->sec.ci.sid->peerCertStatus;
}
SECStatus
@@ -2305,13 +2307,41 @@
}
SECStatus
+SSL_SetStapledOCSPResponses(PRFileDesc *fd, SECItemArray *responses,
+ PRBool takeOwnership)
+{
+ sslSocket *ss;
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
+ SSL_GETPID(), fd));
+ return SECFailure;
+ }
+
+ if (ss->certStatusArray) {
+ SECITEM_FreeArray(ss->certStatusArray, PR_TRUE);
+ ss->certStatusArray = NULL;
+ }
+ if (responses) {
+ if (takeOwnership) {
+ ss->certStatusArray = responses;
+ }
+ else {
+ ss->certStatusArray = SECITEM_DupArray(NULL, responses);
+ }
+ }
+ return (ss->certStatusArray || !responses) ? SECSuccess : SECFailure;
+}
+
+SECStatus
SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
{
sslSocket *ss;
ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCacheIndex",
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
SSL_GETPID(), fd));
return SECFailure;
}
@@ -2867,7 +2897,7 @@
return SECFailure;
}
-#if (defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)) && !defined(_WIN32_WCE)
+#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
#define NSS_HAVE_GETENV 1
#endif
@@ -2907,7 +2937,7 @@
if (ev && ev[0]) {
ssl_keylog_iob = fopen(ev, "a");
if (!ssl_keylog_iob) {
- SSL_TRACE(("Failed to open key log file"));
+ SSL_TRACE(("SSL: failed to open key log file"));
} else {
if (ftell(ssl_keylog_iob) == 0) {
fputs("# SSL/TLS secrets log file, generated by NSS\n",
@@ -3005,6 +3035,7 @@
ss->requestedCertTypes = NULL;
ss->stepDownKeyPair = NULL;
ss->dbHandle = CERT_GetDefaultCertDB();
+ ss->certStatusArray = NULL;
/* Provide default implementation of hooks */
ss->authCertificate = SSL_AuthCertificate;
@@ -3019,6 +3050,7 @@
ss->handleBadCert = NULL;
ss->badCertArg = NULL;
ss->pkcs11PinArg = NULL;
+ ss->ephemeralECDHKeyPair = NULL;
ss->getChannelID = NULL;
ss->getChannelIDArg = NULL;
« net/third_party/nss/ssl/sslauth.c ('K') | « net/third_party/nss/ssl/sslsnce.c ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698