diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-25 20:12:44 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-25 20:12:44 +0000 |
| commit | 43a16c3e00423d1b655a64bbabd0db37db3c111b (patch) | |
| tree | a3c041e5bb7a5cb545e8011d04386a3432503863 /net/third_party | |
| parent | 9c3faf875fba614245f82810e504b7e99b0bf4bf (diff) | |
| download | chromium_src-43a16c3e00423d1b655a64bbabd0db37db3c111b.zip chromium_src-43a16c3e00423d1b655a64bbabd0db37db3c111b.tar.gz chromium_src-43a16c3e00423d1b655a64bbabd0db37db3c111b.tar.bz2 | |
Allow SSL_HandshakeNegotiatedExtension to be called before the handshake
is finished.
R=agl@chromium.org,mattm@chromium.org
BUG=88782
TEST=none
Review URL: http://codereview.chromium.org/7746010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98277 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
| -rw-r--r-- | net/third_party/nss/README.chromium | 5 | ||||
| -rwxr-xr-x | net/third_party/nss/patches/applypatches.sh | 2 | ||||
| -rw-r--r-- | net/third_party/nss/patches/negotiatedextension.patch | 45 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslreveal.c | 9 |
4 files changed, 53 insertions, 8 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium index 1c6f604..b81dd9e 100644 --- a/net/third_party/nss/README.chromium +++ b/net/third_party/nss/README.chromium @@ -73,6 +73,11 @@ Patches: * Add a function to restart a handshake after a client certificate request. patches/restartclientauth.patch + * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake + is finished.. + https://bugzilla.mozilla.org/show_bug.cgi?id=681839 + patches/negotiatedextension.patch + Apply the patches to NSS by running the patches/applypatches.sh script. Read the comments at the top of patches/applypatches.sh for instructions. diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh index d39e441..b1052c0 100755 --- a/net/third_party/nss/patches/applypatches.sh +++ b/net/third_party/nss/patches/applypatches.sh @@ -32,3 +32,5 @@ patch -p6 < $patches_dir/secret_exporter.patch patch -p5 < $patches_dir/handshakeshortwrite.patch patch -p5 < $patches_dir/restartclientauth.patch + +patch -p5 < $patches_dir/negotiatedextension.patch diff --git a/net/third_party/nss/patches/negotiatedextension.patch b/net/third_party/nss/patches/negotiatedextension.patch new file mode 100644 index 0000000..cba4baa --- /dev/null +++ b/net/third_party/nss/patches/negotiatedextension.patch @@ -0,0 +1,45 @@ +Index: mozilla/security/nss/lib/ssl/sslreveal.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslreveal.c,v +retrieving revision 1.8 +diff -u -p -u -8 -r1.8 sslreveal.c +--- mozilla/security/nss/lib/ssl/sslreveal.c 3 Aug 2010 18:48:45 -0000 1.8 ++++ mozilla/security/nss/lib/ssl/sslreveal.c 25 Aug 2011 00:48:18 -0000 +@@ -106,36 +106,29 @@ SSL_RevealURL(PRFileDesc * fd) + SECStatus + SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, + SSLExtensionType extId, + PRBool *pYes) + { + /* some decisions derived from SSL_GetChannelInfo */ + sslSocket * sslsocket = NULL; + SECStatus rv = SECFailure; +- PRBool enoughFirstHsDone = PR_FALSE; + + if (!pYes) + return rv; + + sslsocket = ssl_FindSocket(socket); + if (!sslsocket) { + SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension", + SSL_GETPID(), socket)); + return rv; + } + +- if (sslsocket->firstHsDone) { +- enoughFirstHsDone = PR_TRUE; +- } else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) { +- enoughFirstHsDone = PR_TRUE; +- } +- + /* according to public API SSL_GetChannelInfo, this doesn't need a lock */ +- if (sslsocket->opt.useSecurity && enoughFirstHsDone) { ++ if (sslsocket->opt.useSecurity) { + if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */ + /* now we know this socket went through ssl3_InitState() and + * ss->xtnData got initialized, which is the only member accessed by + * ssl3_ExtensionNegotiated(); + * Member xtnData appears to get accessed in functions that handle + * the handshake (hello messages and extension sending), + * therefore the handshake lock should be sufficient. + */ diff --git a/net/third_party/nss/ssl/sslreveal.c b/net/third_party/nss/ssl/sslreveal.c index 94b2c2fd..0b9bb82 100644 --- a/net/third_party/nss/ssl/sslreveal.c +++ b/net/third_party/nss/ssl/sslreveal.c @@ -111,7 +111,6 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, /* some decisions derived from SSL_GetChannelInfo */ sslSocket * sslsocket = NULL; SECStatus rv = SECFailure; - PRBool enoughFirstHsDone = PR_FALSE; if (!pYes) return rv; @@ -123,14 +122,8 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, return rv; } - if (sslsocket->firstHsDone) { - enoughFirstHsDone = PR_TRUE; - } else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) { - enoughFirstHsDone = PR_TRUE; - } - /* according to public API SSL_GetChannelInfo, this doesn't need a lock */ - if (sslsocket->opt.useSecurity && enoughFirstHsDone) { + if (sslsocket->opt.useSecurity) { if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */ /* now we know this socket went through ssl3_InitState() and * ss->xtnData got initialized, which is the only member accessed by |