summaryrefslogtreecommitdiffstats
path: root/net/third_party
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-10-25 18:18:59 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-10-25 18:18:59 +0000
commit1771b557d1e9589adf28165dc29332b73e6c1966 (patch)
tree4eafdb49461d000ec3f890550db59ef2c8b6ae5e /net/third_party
parent37cd64d34bc3dbf2385a3c312c92bb3c7c65664a (diff)
downloadchromium_src-1771b557d1e9589adf28165dc29332b73e6c1966.zip
chromium_src-1771b557d1e9589adf28165dc29332b73e6c1966.tar.gz
chromium_src-1771b557d1e9589adf28165dc29332b73e6c1966.tar.bz2
net: add SSL_PeerCertificatesChain function to NSS.
SSL_PeerCertificatesChain returns the intermediate certificates as presented by a TLS server. Previously, we have been extracting chains built by validation, which may differ from the chain presented by the server. BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63750 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
-rw-r--r--net/third_party/nss/ssl/ssl.def1
-rw-r--r--net/third_party/nss/ssl/ssl.h11
-rw-r--r--net/third_party/nss/ssl/sslauth.c36
3 files changed, 48 insertions, 0 deletions
diff --git a/net/third_party/nss/ssl/ssl.def b/net/third_party/nss/ssl/ssl.def
index effc35d..60ebbb1 100644
--- a/net/third_party/nss/ssl/ssl.def
+++ b/net/third_party/nss/ssl/ssl.def
@@ -163,6 +163,7 @@ SSL_SetNextProtoNego;
;+ global:
SSL_GetPredictedServerHelloData;
SSL_GetSnapStartResult;
+SSL_PeerCertificateChain;
SSL_SetPredictedPeerCertificates;
SSL_SetPredictedServerHelloData;
SSL_SetSnapStartApplicationData;
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index 8217d2e..aac1aae 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -273,6 +273,17 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
/*
+** Return references to the certificates presented by the SSL peer. On entry,
+** |*certs_size| must contain the size of the |certs| array. On successful
+** return, |*certs_size| contains the number of certificates available and
+** |certs| will contain references to as many certificates as would fit.
+** Therefore if, on exit, |*certs_size| contains a value less than, or equal to,
+** the entry value then all certificates were returned.
+*/
+SSL_IMPORT SECStatus SSL_PeerCertificateChain(
+ PRFileDesc *fd, CERTCertificate **certs, unsigned int *certs_size);
+
+/*
** Authenticate certificate hook. Called when a certificate comes in
** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
** certificate.
diff --git a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslauth.c
index 39c630d..e14bcc1 100644
--- a/net/third_party/nss/ssl/sslauth.c
+++ b/net/third_party/nss/ssl/sslauth.c
@@ -60,6 +60,42 @@ SSL_PeerCertificate(PRFileDesc *fd)
}
/* NEED LOCKS IN HERE. */
+SECStatus
+SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs,
+ unsigned int *certsSize)
+{
+ sslSocket *ss;
+ unsigned int inSize = *certsSize;
+ ssl3CertNode* cur;
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
+ SSL_GETPID(), fd));
+ return SECFailure;
+ }
+ if (!ss->opt.useSecurity)
+ return SECFailure;
+
+ if (ss->sec.peerCert == NULL) {
+ *certsSize = 0;
+ return SECSuccess;
+ }
+
+ *certsSize = 1; /* for the leaf certificate */
+ if (inSize > 0)
+ certs[0] = CERT_DupCertificate(ss->sec.peerCert);
+
+ for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
+ if (*certsSize < inSize)
+ certs[*certsSize] = CERT_DupCertificate(cur->cert);
+ (*certsSize)++;
+ }
+
+ return SECSuccess;
+}
+
+/* NEED LOCKS IN HERE. */
CERTCertificate *
SSL_LocalCertificate(PRFileDesc *fd)
{
generated by cgit v1.1 at 2025-01-29 14:55:45 +0000