Add certificates to the ss->ssl3.peerCertChain linked list

in the right order. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/3984003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63366 0039d316-1c4b-4281-b951-d872f2087c98
author: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-10-21 16:21:00 +0000
committer: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-10-21 16:21:00 +0000
commit: 985454a327e5907caf0d5f32ed37de9f6f2abda4 (patch)
tree: 379ee94f672bfdda9dafe820ae55685046c5ccc8 /net
parent: 6cd4179446a0e041c69ded7e08cb93797938a567 (diff)
download: chromium_src-985454a327e5907caf0d5f32ed37de9f6f2abda4.zip
chromium_src-985454a327e5907caf0d5f32ed37de9f6f2abda4.tar.gz
chromium_src-985454a327e5907caf0d5f32ed37de9f6f2abda4.tar.bz2
3 files changed, 78 insertions, 25 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index db082e5..d7f242f 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -27,8 +27,10 @@ Patches:
     https://bugzilla.mozilla.org/show_bug.cgi?id=549042
 
   * Cache the peer's intermediate CA certificates in session ID, so that
-    they're available when we resume a session.
+    they're available when we resume a session.  Add certificates to
+    ss->ssl3.peerCertChain in the right order.
     patches/cachecerts.patch
+    https://bugzilla.mozilla.org/show_bug.cgi?id=606049
 
   * Add the SSL_ERROR_WEAK_SERVER_KEY error code for a weak server key in 
     the Server Key Exchange handshake message.
diff --git a/net/third_party/nss/patches/cachecerts.patch b/net/third_party/nss/patches/cachecerts.patch
index c91ad60..e0720ac 100644
--- a/net/third_party/nss/patches/cachecerts.patch
+++ b/net/third_party/nss/patches/cachecerts.patch
@@ -1,7 +1,10 @@
-diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index 45bf853..e3f9a9a 100644
---- a/mozilla/security/nss/lib/ssl/ssl3con.c
-+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
+Index: mozilla/security/nss/lib/ssl/ssl3con.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
+retrieving revision 1.142
+diff -p -u -r1.142 ssl3con.c
+--- mozilla/security/nss/lib/ssl/ssl3con.c	24 Jun 2010 19:53:20 -0000	1.142
++++ mozilla/security/nss/lib/ssl/ssl3con.c	21 Oct 2010 02:24:18 -0000
 @@ -72,6 +72,7 @@
  #endif
  
@@ -10,7 +13,7 @@ index 45bf853..e3f9a9a 100644
  static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
                                         PK11SlotInfo * serverKeySlot);
  static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
-@@ -5136,6 +5137,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -5136,6 +5137,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
  	/* copy the peer cert from the SID */
  	if (sid->peerCert != NULL) {
  	    ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
@@ -18,7 +21,7 @@ index 45bf853..e3f9a9a 100644
  	}
  
  
-@@ -6378,6 +6380,7 @@ compression_found:
+@@ -6364,6 +6366,7 @@ compression_found:
  	ss->sec.ci.sid = sid;
  	if (sid->peerCert != NULL) {
  	    ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
@@ -26,7 +29,7 @@ index 45bf853..e3f9a9a 100644
  	}
  
  	/*
-@@ -7746,6 +7749,38 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
+@@ -7732,6 +7735,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
      ss->ssl3.peerCertChain = NULL;
  }
  
@@ -34,6 +37,7 @@ index 45bf853..e3f9a9a 100644
 +ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid)
 +{
 +    PRArenaPool *arena;
++    ssl3CertNode *lastCert = NULL;
 +    ssl3CertNode *certs = NULL;
 +    int i;
 +
@@ -45,8 +49,13 @@ index 45bf853..e3f9a9a 100644
 +    for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
 +	ssl3CertNode *c = PORT_ArenaNew(arena, ssl3CertNode);
 +	c->cert = CERT_DupCertificate(sid->peerCertChain[i]);
-+	c->next = certs;
-+	certs = c;
++	c->next = NULL;
++	if (lastCert) {
++	    lastCert->next = c;
++	} else {
++	    certs = c;
++	}
++	lastCert = c;
 +    }
 +    ss->ssl3.peerCertChain = certs;
 +}
@@ -65,7 +74,31 @@ index 45bf853..e3f9a9a 100644
  /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
   * ssl3 Certificate message.
   * Caller must hold Handshake and RecvBuf locks.
-@@ -7932,6 +7967,7 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -7740,6 +7781,7 @@ static SECStatus
+ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+ {
+     ssl3CertNode *   c;
++    ssl3CertNode *   lastCert 	= NULL;
+     ssl3CertNode *   certs 	= NULL;
+     PRArenaPool *    arena 	= NULL;
+     CERTCertificate *cert;
+@@ -7867,8 +7909,13 @@ ssl3_HandleCertificate(sslSocket *ss, SS
+ 	if (c->cert->trust)
+ 	    trusted = PR_TRUE;
+ 
+-	c->next = certs;
+-	certs = c;
++	c->next = NULL;
++	if (lastCert) {
++	    lastCert->next = c;
++	} else {
++	    certs = c;
++	}
++	lastCert = c;
+     }
+ 
+     if (remaining != 0)
+@@ -7918,6 +7965,7 @@ ssl3_HandleCertificate(sslSocket *ss, SS
      }
  
      ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
@@ -73,7 +106,7 @@ index 45bf853..e3f9a9a 100644
  
      if (!ss->sec.isServer) {
  	/* set the server authentication and key exchange types and sizes
-@@ -8103,6 +8139,8 @@ ssl3_RestartHandshakeAfterServerCert(sslSocket *ss)
+@@ -8089,6 +8137,8 @@ ssl3_RestartHandshakeAfterServerCert(ssl
      if (ss->handshake != NULL) {
  	ss->handshake = ssl_GatherRecord1stHandshake;
  	ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
@@ -82,11 +115,14 @@ index 45bf853..e3f9a9a 100644
  
  	ssl_GetRecvBufLock(ss);
  	if (ss->ssl3.hs.msgState.buf != NULL) {
-diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
-index a800d56..fe7ac7a 100644
---- a/mozilla/security/nss/lib/ssl/sslimpl.h
-+++ b/mozilla/security/nss/lib/ssl/sslimpl.h
-@@ -569,10 +569,13 @@ typedef enum {	never_cached,
+Index: mozilla/security/nss/lib/ssl/sslimpl.h
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v
+retrieving revision 1.77
+diff -p -u -r1.77 sslimpl.h
+--- mozilla/security/nss/lib/ssl/sslimpl.h	10 Feb 2010 00:33:50 -0000	1.77
++++ mozilla/security/nss/lib/ssl/sslimpl.h	21 Oct 2010 02:24:18 -0000
+@@ -563,10 +563,13 @@ typedef enum {	never_cached, 
  		invalid_cache		/* no longer in any cache. */
  } Cached;
  
@@ -100,10 +136,13 @@ index a800d56..fe7ac7a 100644
      const char *          peerID;     /* client only */
      const char *          urlSvrName; /* client only */
      CERTCertificate *     localCert;
-diff --git a/mozilla/security/nss/lib/ssl/sslnonce.c b/mozilla/security/nss/lib/ssl/sslnonce.c
-index 63dc5a2..64adc1f 100644
---- a/mozilla/security/nss/lib/ssl/sslnonce.c
-+++ b/mozilla/security/nss/lib/ssl/sslnonce.c
+Index: mozilla/security/nss/lib/ssl/sslnonce.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslnonce.c,v
+retrieving revision 1.25
+diff -p -u -r1.25 sslnonce.c
+--- mozilla/security/nss/lib/ssl/sslnonce.c	10 Mar 2008 00:01:28 -0000	1.25
++++ mozilla/security/nss/lib/ssl/sslnonce.c	21 Oct 2010 02:24:18 -0000
 @@ -197,6 +197,7 @@ lock_cache(void)
  static void
  ssl_DestroySID(sslSessionID *sid)
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 9ab2a1c..1a6612f 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -7811,6 +7811,7 @@ void
 ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid)
 {
     PRArenaPool *arena;
+    ssl3CertNode *lastCert = NULL;
     ssl3CertNode *certs = NULL;
     int i;
 
@@ -7822,8 +7823,13 @@ ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid)
     for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
 	ssl3CertNode *c = PORT_ArenaNew(arena, ssl3CertNode);
 	c->cert = CERT_DupCertificate(sid->peerCertChain[i]);
-	c->next = certs;
-	certs = c;
+	c->next = NULL;
+	if (lastCert) {
+	    lastCert->next = c;
+	} else {
+	    certs = c;
+	}
+	lastCert = c;
     }
     ss->ssl3.peerCertChain = certs;
 }
@@ -7847,6 +7853,7 @@ static SECStatus
 ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 {
     ssl3CertNode *   c;
+    ssl3CertNode *   lastCert 	= NULL;
     ssl3CertNode *   certs 	= NULL;
     PRArenaPool *    arena 	= NULL;
     CERTCertificate *cert;
@@ -7974,8 +7981,13 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	if (c->cert->trust)
 	    trusted = PR_TRUE;
 
-	c->next = certs;
-	certs = c;
+	c->next = NULL;
+	if (lastCert) {
+	    lastCert->next = c;
+	} else {
+	    certs = c;
+	}
+	lastCert = c;
     }
 
     if (remaining != 0)
author	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-10-21 16:21:00 +0000
committer	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-10-21 16:21:00 +0000
commit	985454a327e5907caf0d5f32ed37de9f6f2abda4 (patch)
tree	379ee94f672bfdda9dafe820ae55685046c5ccc8 /net
parent	6cd4179446a0e041c69ded7e08cb93797938a567 (diff)
download	chromium_src-985454a327e5907caf0d5f32ed37de9f6f2abda4.zip chromium_src-985454a327e5907caf0d5f32ed37de9f6f2abda4.tar.gz chromium_src-985454a327e5907caf0d5f32ed37de9f6f2abda4.tar.bz2