summaryrefslogtreecommitdiffstats
path: root/net/third_party/nss/patches/checkuncache.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net/third_party/nss/patches/checkuncache.patch')
-rw-r--r--net/third_party/nss/patches/checkuncache.patch164
1 files changed, 164 insertions, 0 deletions
diff --git a/net/third_party/nss/patches/checkuncache.patch b/net/third_party/nss/patches/checkuncache.patch
new file mode 100644
index 0000000..eb928bb
--- /dev/null
+++ b/net/third_party/nss/patches/checkuncache.patch
@@ -0,0 +1,164 @@
+Index: net/third_party/nss/ssl/sslcon.c
+===================================================================
+--- net/third_party/nss/ssl/sslcon.c (revision 166543)
++++ net/third_party/nss/ssl/sslcon.c (working copy)
+@@ -658,7 +658,8 @@
+
+ if (sent < 0) {
+ /* If send failed, it is now a bogus session-id */
+- (*ss->sec.uncache)(sid);
++ if (ss->sec.uncache)
++ (*ss->sec.uncache)(sid);
+ rv = (SECStatus)sent;
+ } else if (!ss->opt.noCache) {
+ /* Put the sid in session-id cache, (may already be there) */
+@@ -2891,7 +2892,8 @@
+ /* Forget our session-id - server didn't like it */
+ SSL_TRC(7, ("%d: SSL[%d]: server forgot me, uncaching session-id",
+ SSL_GETPID(), ss->fd));
+- (*ss->sec.uncache)(sid);
++ if (ss->sec.uncache)
++ (*ss->sec.uncache)(sid);
+ ssl_FreeSID(sid);
+ ss->sec.ci.sid = sid = (sslSessionID*) PORT_ZAlloc(sizeof(sslSessionID));
+ if (!sid) {
+@@ -3065,7 +3067,8 @@
+
+ /* if we're not doing this SID's protocol any more, drop it. */
+ if (!sidVersionEnabled) {
+- ss->sec.uncache(sid);
++ if (ss->sec.uncache)
++ ss->sec.uncache(sid);
+ ssl_FreeSID(sid);
+ sid = NULL;
+ break;
+@@ -3077,7 +3080,8 @@
+ break;
+ }
+ if (i >= ss->sizeCipherSpecs) {
+- ss->sec.uncache(sid);
++ if (ss->sec.uncache)
++ ss->sec.uncache(sid);
+ ssl_FreeSID(sid);
+ sid = NULL;
+ break;
+Index: net/third_party/nss/ssl/ssl3ext.c
+===================================================================
+--- net/third_party/nss/ssl/ssl3ext.c (revision 166543)
++++ net/third_party/nss/ssl/ssl3ext.c (working copy)
+@@ -1204,7 +1204,8 @@
+ * renegotiation.)
+ */
+ if (ss->sec.ci.sid != NULL) {
+- ss->sec.uncache(ss->sec.ci.sid);
++ if (ss->sec.uncache)
++ ss->sec.uncache(ss->sec.ci.sid);
+ ssl_FreeSID(ss->sec.ci.sid);
+ ss->sec.ci.sid = NULL;
+ }
+Index: net/third_party/nss/ssl/ssl3con.c
+===================================================================
+--- net/third_party/nss/ssl/ssl3con.c (revision 166543)
++++ net/third_party/nss/ssl/ssl3con.c (working copy)
+@@ -2666,7 +2666,8 @@
+ (ss->opt.requireCertificate == SSL_REQUIRE_FIRST_HANDSHAKE))) {
+ PRFileDesc * lower;
+
+- ss->sec.uncache(ss->sec.ci.sid);
++ if (ss->sec.uncache)
++ ss->sec.uncache(ss->sec.ci.sid);
+ SSL3_SendAlert(ss, alert_fatal, bad_certificate);
+
+ lower = ss->fd->lower;
+@@ -2721,7 +2722,7 @@
+
+ ssl_GetSSL3HandshakeLock(ss);
+ if (level == alert_fatal) {
+- if (ss->sec.ci.sid) {
++ if (!ss->opt.noCache && ss->sec.ci.sid && ss->sec.uncache) {
+ ss->sec.uncache(ss->sec.ci.sid);
+ }
+ }
+@@ -2891,8 +2892,10 @@
+ default: error = SSL_ERROR_RX_UNKNOWN_ALERT; break;
+ }
+ if (level == alert_fatal) {
+- if (!ss->opt.noCache)
+- ss->sec.uncache(ss->sec.ci.sid);
++ if (!ss->opt.noCache) {
++ if (ss->sec.uncache)
++ ss->sec.uncache(ss->sec.ci.sid);
++ }
+ if ((ss->ssl3.hs.ws == wait_server_hello) &&
+ (desc == handshake_failure)) {
+ /* XXX This is a hack. We're assuming that any handshake failure
+@@ -4152,7 +4155,8 @@
+
+ if (!sidOK) {
+ SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_not_ok );
+- (*ss->sec.uncache)(sid);
++ if (ss->sec.uncache)
++ (*ss->sec.uncache)(sid);
+ ssl_FreeSID(sid);
+ sid = NULL;
+ }
+@@ -4457,7 +4461,8 @@
+ }
+
+ if (sid) {
+- ss->sec.uncache(sid);
++ if (ss->sec.uncache)
++ ss->sec.uncache(sid);
+ ssl_FreeSID(sid);
+ ss->sec.ci.sid = NULL;
+ }
+@@ -5588,7 +5593,8 @@
+
+ /* throw the old one away */
+ sid->u.ssl3.keys.resumable = PR_FALSE;
+- (*ss->sec.uncache)(sid);
++ if (ss->sec.uncache)
++ (*ss->sec.uncache)(sid);
+ ssl_FreeSID(sid);
+
+ /* get a new sid */
+@@ -6851,7 +6857,8 @@
+ && !ss->firstHsDone))) {
+
+ SSL_AtomicIncrementLong(& ssl3stats.hch_sid_cache_not_ok );
+- ss->sec.uncache(sid);
++ if (ss->sec.uncache)
++ ss->sec.uncache(sid);
+ ssl_FreeSID(sid);
+ sid = NULL;
+ }
+@@ -6998,7 +7005,8 @@
+ }
+
+ if (ss->sec.ci.sid) {
+- ss->sec.uncache(ss->sec.ci.sid);
++ if (ss->sec.uncache)
++ ss->sec.uncache(ss->sec.ci.sid);
+ PORT_Assert(ss->sec.ci.sid != sid); /* should be impossible, but ... */
+ if (ss->sec.ci.sid != sid) {
+ ssl_FreeSID(ss->sec.ci.sid);
+@@ -7167,7 +7175,8 @@
+
+ if (sid) { /* we had a sid, but it's no longer valid, free it */
+ SSL_AtomicIncrementLong(& ssl3stats.hch_sid_cache_not_ok );
+- ss->sec.uncache(sid);
++ if (ss->sec.uncache)
++ ss->sec.uncache(sid);
+ ssl_FreeSID(sid);
+ sid = NULL;
+ }
+@@ -10782,7 +10791,8 @@
+ return SECFailure;
+ }
+ if (sid && flushCache) {
+- ss->sec.uncache(sid); /* remove it from whichever cache it's in. */
++ if (ss->sec.uncache)
++ ss->sec.uncache(sid); /* remove it from whichever cache it's in. */
+ ssl_FreeSID(sid); /* dec ref count and free if zero. */
+ ss->sec.ci.sid = NULL;
+ }
generated by cgit v1.1 at 2025-05-11 19:24:00 +0000