summaryrefslogtreecommitdiffstats
path: root/net/third_party/nss/ssl
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-11-03 19:46:24 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-11-03 19:46:24 +0000
commitff730e5e58980d3b854a77de6b4cb618299c607e (patch)
tree1e30e1feefe2c04746581f2d5d03568f77e91daa /net/third_party/nss/ssl
parente7bd2703253855ebe7addb569a4b6c5549168cff (diff)
downloadchromium_src-ff730e5e58980d3b854a77de6b4cb618299c607e.zip
chromium_src-ff730e5e58980d3b854a77de6b4cb618299c607e.tar.gz
chromium_src-ff730e5e58980d3b854a77de6b4cb618299c607e.tar.bz2
Don't resend payload after Snap Start misprediction.
The Snap Start code in NSS worked like the prototype implementation in tlsclient. This had the library take care of resending the application data in the event of a mispredict. However, that was safe because it did certificate verification as the message was received. However, in Chrome, it's possible that a mispret could be triggered by the server having a different certificate and NSS would resend the application data before Chrome verified the certificate. This change removes that behaviour from NSS and makes the retransmission the job of ssl_client_socket_nss.cc. BUG=none TEST=none http://codereview.chromium.org/4213003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64953 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party/nss/ssl')
-rw-r--r--net/third_party/nss/ssl/snapstart.c5
-rw-r--r--net/third_party/nss/ssl/ssl3con.c14
2 files changed, 1 insertions, 18 deletions
diff --git a/net/third_party/nss/ssl/snapstart.c b/net/third_party/nss/ssl/snapstart.c
index ca2cafa..a2ad7f3 100644
--- a/net/third_party/nss/ssl/snapstart.c
+++ b/net/third_party/nss/ssl/snapstart.c
@@ -48,10 +48,6 @@
/* TODO(agl): Add support for snap starting with compression. */
-/* TODO(agl): Free snapStartApplicationData as soon as the handshake has
-** completed.
-*/
-
#include "pk11pub.h"
#include "ssl.h"
#include "sslimpl.h"
@@ -821,6 +817,7 @@ ssl3_SendSnapStartXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
rv = ssl3_AppendSnapStartApplicationData(
ss, ss->ssl3.snapStartApplicationData.data,
ss->ssl3.snapStartApplicationData.len);
+ SECITEM_FreeItem(&ss->ssl3.snapStartApplicationData, PR_FALSE);
if (rv != SECSuccess)
goto loser;
}
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 1a6612f..9343b2b 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -8366,20 +8366,6 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
}
}
- if ((ss->ssl3.hs.snapStartType == snap_start_recovery ||
- ss->ssl3.hs.snapStartType == snap_start_resume_recovery) &&
- ss->ssl3.snapStartApplicationData.data) {
- /* In the event that the server ignored the application data in our
- * snap start extension, we need to retransmit it now. */
- PRInt32 sent = ssl3_SendRecord(ss, content_application_data,
- ss->ssl3.snapStartApplicationData.data,
- ss->ssl3.snapStartApplicationData.len,
- flags);
- SECITEM_FreeItem(&ss->ssl3.snapStartApplicationData, PR_FALSE);
- if (sent < 0)
- return (SECStatus)sent; /* error code set by ssl3_SendRecord */
- }
-
return SECSuccess;
fail:
generated by cgit v1.1 at 2025-05-08 03:38:57 +0000