summaryrefslogtreecommitdiffstats
path: root/net/third_party
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-04-30 20:25:19 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-04-30 20:25:19 +0000
commit4e4793913217b92577f0a0b80efd6377182bb8c3 (patch)
treeea2e4c71a8ef703d352b8ddc6a0c5b847f334e3e /net/third_party
parent7b8132a31af3037cb634f5aed088c2050e69197b (diff)
downloadchromium_src-4e4793913217b92577f0a0b80efd6377182bb8c3.zip
chromium_src-4e4793913217b92577f0a0b80efd6377182bb8c3.tar.gz
chromium_src-4e4793913217b92577f0a0b80efd6377182bb8c3.tar.bz2
net: don't set NSS options in a callback.
This debugger traps in debug mode due to the locks held at the time that the callback is made. BUG=125299 TEST=none Review URL: http://codereview.chromium.org/10221018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@134584 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
-rw-r--r--net/third_party/nss/README.chromium6
-rwxr-xr-xnet/third_party/nss/patches/applypatches.sh2
-rw-r--r--net/third_party/nss/patches/falsestartnpn2.patch15
-rw-r--r--net/third_party/nss/ssl/ssl3con.c4
4 files changed, 26 insertions, 1 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index b5105a0..22e7a15 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -65,9 +65,13 @@ Patches:
https://bugzilla.mozilla.org/show_bug.cgi?id=681065
patches/dtls.patch
- * Enable False Start only when the server supports NPN.
+ * Enable False Start only when the server supports forward secrecy.
patches/falsestartnpn.patch
+ * Enable False Start only when the server supports NPN. (Not for
+ upstreaming.)
+ patches/falsestartnpn2.patch
+
* Reject DH generators and public values equal to zero or one.
patches/dhvalues.patch
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index 55167bf..e3c00eb 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -38,4 +38,6 @@ patch -p4 < $patches_dir/dtls.patch
patch -p5 < $patches_dir/falsestartnpn.patch
+patch -p5 < $patches_dir/falsestartnpn2.patch
+
patch -p5 < $patches_dir/dhvalues.patch
diff --git a/net/third_party/nss/patches/falsestartnpn2.patch b/net/third_party/nss/patches/falsestartnpn2.patch
new file mode 100644
index 0000000..00b2934
--- /dev/null
+++ b/net/third_party/nss/patches/falsestartnpn2.patch
@@ -0,0 +1,15 @@
+diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
+index 5476fa5..1465558 100644
+--- a/net/third_party/nss/ssl/ssl3con.c
++++ b/net/third_party/nss/ssl/ssl3con.c
+@@ -6108,6 +6108,10 @@ ssl3_CanFalseStart(sslSocket *ss) {
+ rv = ss->opt.enableFalseStart &&
+ !ss->sec.isServer &&
+ !ss->ssl3.hs.isResuming &&
++ /* This check for NPN is performed here because we can't call
++ * SSL_HandshakeNegotiatedExtension in the auth callback because of
++ * lock ordering issues. See crbug.com/125299 */
++ ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn) &&
+ ss->ssl3.cwSpec &&
+
+ /* An attacker can control the selected ciphersuite so we only wish to
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 5476fa5..1465558 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -6108,6 +6108,10 @@ ssl3_CanFalseStart(sslSocket *ss) {
rv = ss->opt.enableFalseStart &&
!ss->sec.isServer &&
!ss->ssl3.hs.isResuming &&
+ /* This check for NPN is performed here because we can't call
+ * SSL_HandshakeNegotiatedExtension in the auth callback because of
+ * lock ordering issues. See crbug.com/125299 */
+ ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn) &&
ss->ssl3.cwSpec &&
/* An attacker can control the selected ciphersuite so we only wish to