summaryrefslogtreecommitdiffstats
path: root/net/third_party
diff options
context:
space:
mode:
Diffstat (limited to 'net/third_party')
-rw-r--r--net/third_party/nss/ssl/ssl.def1
-rw-r--r--net/third_party/nss/ssl/ssl.h11
-rw-r--r--net/third_party/nss/ssl/sslauth.c36
3 files changed, 48 insertions, 0 deletions
diff --git a/net/third_party/nss/ssl/ssl.def b/net/third_party/nss/ssl/ssl.def
index effc35d..60ebbb1 100644
--- a/net/third_party/nss/ssl/ssl.def
+++ b/net/third_party/nss/ssl/ssl.def
@@ -163,6 +163,7 @@ SSL_SetNextProtoNego;
;+ global:
SSL_GetPredictedServerHelloData;
SSL_GetSnapStartResult;
+SSL_PeerCertificateChain;
SSL_SetPredictedPeerCertificates;
SSL_SetPredictedServerHelloData;
SSL_SetSnapStartApplicationData;
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index 8217d2e..aac1aae 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -273,6 +273,17 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
/*
+** Return references to the certificates presented by the SSL peer. On entry,
+** |*certs_size| must contain the size of the |certs| array. On successful
+** return, |*certs_size| contains the number of certificates available and
+** |certs| will contain references to as many certificates as would fit.
+** Therefore if, on exit, |*certs_size| contains a value less than, or equal to,
+** the entry value then all certificates were returned.
+*/
+SSL_IMPORT SECStatus SSL_PeerCertificateChain(
+ PRFileDesc *fd, CERTCertificate **certs, unsigned int *certs_size);
+
+/*
** Authenticate certificate hook. Called when a certificate comes in
** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
** certificate.
diff --git a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslauth.c
index 39c630d..e14bcc1 100644
--- a/net/third_party/nss/ssl/sslauth.c
+++ b/net/third_party/nss/ssl/sslauth.c
@@ -60,6 +60,42 @@ SSL_PeerCertificate(PRFileDesc *fd)
}
/* NEED LOCKS IN HERE. */
+SECStatus
+SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs,
+ unsigned int *certsSize)
+{
+ sslSocket *ss;
+ unsigned int inSize = *certsSize;
+ ssl3CertNode* cur;
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
+ SSL_GETPID(), fd));
+ return SECFailure;
+ }
+ if (!ss->opt.useSecurity)
+ return SECFailure;
+
+ if (ss->sec.peerCert == NULL) {
+ *certsSize = 0;
+ return SECSuccess;
+ }
+
+ *certsSize = 1; /* for the leaf certificate */
+ if (inSize > 0)
+ certs[0] = CERT_DupCertificate(ss->sec.peerCert);
+
+ for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
+ if (*certsSize < inSize)
+ certs[*certsSize] = CERT_DupCertificate(cur->cert);
+ (*certsSize)++;
+ }
+
+ return SECSuccess;
+}
+
+/* NEED LOCKS IN HERE. */
CERTCertificate *
SSL_LocalCertificate(PRFileDesc *fd)
{