summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/base/ssl_config_service.h3
-rw-r--r--net/third_party/nss/patches/nextproto.patch49
-rw-r--r--net/third_party/nss/ssl/ssl3con.c8
3 files changed, 41 insertions, 19 deletions
diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index 45c1fc6..0213f1f 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -18,8 +18,7 @@ struct SSLConfig {
// Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on.
SSLConfig()
: rev_checking_enabled(true), ssl2_enabled(false), ssl3_enabled(true),
- tls1_enabled(true), send_client_cert(false), verify_ev_cert(false),
- next_protos("\007http1.1") {
+ tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) {
}
bool rev_checking_enabled; // True if server certificate revocation
diff --git a/net/third_party/nss/patches/nextproto.patch b/net/third_party/nss/patches/nextproto.patch
index dbca92a..837295e 100644
--- a/net/third_party/nss/patches/nextproto.patch
+++ b/net/third_party/nss/patches/nextproto.patch
@@ -1,5 +1,5 @@
diff --git a/mozilla/security/nss/cmd/tstclnt/tstclnt.c b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
-index f0b5701..e795b33 100644
+index c15a0ad..b6210bf 100644
--- a/mozilla/security/nss/cmd/tstclnt/tstclnt.c
+++ b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
@@ -863,7 +863,13 @@ int main(int argc, char **argv)
@@ -18,10 +18,10 @@ index f0b5701..e795b33 100644
SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle);
diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl/ssl.def
-index a5b2767..287505f 100644
+index d3f455c..a1f4b51 100644
--- a/mozilla/security/nss/lib/ssl/ssl.def
+++ b/mozilla/security/nss/lib/ssl/ssl.def
-@@ -150,3 +150,10 @@ SSL_SNISocketConfigHook;
+@@ -152,3 +152,10 @@ SSL_SNISocketConfigHook;
;+ local:
;+*;
;+};
@@ -33,10 +33,10 @@ index a5b2767..287505f 100644
+;+*;
+;+};
diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index d0b5aa7..5b572b2 100644
+index d60a73c..00c250b 100644
--- a/mozilla/security/nss/lib/ssl/ssl.h
+++ b/mozilla/security/nss/lib/ssl/ssl.h
-@@ -136,6 +136,18 @@ SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
+@@ -142,6 +142,18 @@ SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);
SSL_IMPORT SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle);
@@ -56,7 +56,7 @@ index d0b5aa7..5b572b2 100644
** Control ciphers that SSL uses. If on is non-zero then the named cipher
** is enabled, otherwise it is disabled.
diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index 6b37c4f..545e51e 100644
+index 083248d..5c14672 100644
--- a/mozilla/security/nss/lib/ssl/ssl3con.c
+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
@@ -81,6 +81,7 @@ static SECStatus ssl3_InitState( sslSocket *ss);
@@ -121,7 +121,22 @@ index 6b37c4f..545e51e 100644
* ssl3_HandleClientHello
* ssl3_HandleFinished
*/
-@@ -9457,6 +9498,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -8390,6 +8431,14 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
+ if (doStepUp || ss->writerThread == PR_GetCurrentThread()) {
+ flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
+ }
++
++ if (!isServer) {
++ rv = ssl3_SendNextProto(ss);
++ if (rv != SECSuccess) {
++ goto xmit_loser; /* err code was set. */
++ }
++ }
++
+ rv = ssl3_SendFinished(ss, flags);
+ if (rv != SECSuccess) {
+ goto xmit_loser; /* err is set. */
+@@ -9455,6 +9504,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/);
ss->ssl3.initialized = PR_FALSE;
@@ -134,7 +149,7 @@ index 6b37c4f..545e51e 100644
/* End of ssl3con.c */
diff --git a/mozilla/security/nss/lib/ssl/ssl3ext.c b/mozilla/security/nss/lib/ssl/ssl3ext.c
-index fd0d9b9..4269028 100644
+index ac2b067..04f45a4 100644
--- a/mozilla/security/nss/lib/ssl/ssl3ext.c
+++ b/mozilla/security/nss/lib/ssl/ssl3ext.c
@@ -235,6 +235,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
@@ -272,8 +287,8 @@ index fd0d9b9..4269028 100644
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+ if (rv != SECSuccess)
+ goto loser;
-+ TLSExtensionData *xtnData = &ss->xtnData;
-+ xtnData->advertised[xtnData->numAdvertised++] = ssl_next_proto_neg_xtn;
++ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
++ ssl_next_proto_neg_xtn;
+ } else if (maxBytes < extension_length) {
+ return 0;
+ }
@@ -302,10 +317,10 @@ index 0fc1675..c82c891 100644
typedef struct {
diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
-index ea36cfb..0ec579d 100644
+index 7581b98..0658d2c 100644
--- a/mozilla/security/nss/lib/ssl/sslimpl.h
+++ b/mozilla/security/nss/lib/ssl/sslimpl.h
-@@ -317,6 +317,11 @@ typedef struct {
+@@ -313,6 +313,11 @@ typedef struct {
#endif /* NSS_ENABLE_ECC */
typedef struct sslOptionsStr {
@@ -317,7 +332,7 @@ index ea36cfb..0ec579d 100644
unsigned int useSecurity : 1; /* 1 */
unsigned int useSocks : 1; /* 2 */
unsigned int requestCertificate : 1; /* 3 */
-@@ -789,6 +794,7 @@ const ssl3CipherSuiteDef *suite_def;
+@@ -785,6 +790,7 @@ const ssl3CipherSuiteDef *suite_def;
#ifdef NSS_ENABLE_ECC
PRUint32 negotiatedECCurves; /* bit mask */
#endif /* NSS_ENABLE_ECC */
@@ -325,7 +340,7 @@ index ea36cfb..0ec579d 100644
} SSL3HandshakeState;
-@@ -830,6 +836,16 @@ struct ssl3StateStr {
+@@ -826,6 +832,16 @@ struct ssl3StateStr {
PRBool initialized;
SSL3HandshakeState hs;
ssl3CipherSpec specs[2]; /* one is current, one is pending. */
@@ -342,7 +357,7 @@ index ea36cfb..0ec579d 100644
};
typedef struct {
-@@ -1495,8 +1511,12 @@ extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
+@@ -1491,8 +1507,12 @@ extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
@@ -355,7 +370,7 @@ index ea36cfb..0ec579d 100644
/* ClientHello and ServerHello extension senders.
* Note that not all extension senders are exposed here; only those that
-@@ -1527,6 +1547,10 @@ extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
+@@ -1523,6 +1543,10 @@ extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
PRBool append, PRUint32 maxBytes);
#endif
@@ -367,7 +382,7 @@ index ea36cfb..0ec579d 100644
/* call the registered extension handlers. */
extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss,
diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
-index aab48d6..2ff2992 100644
+index f1d1921..6536354 100644
--- a/mozilla/security/nss/lib/ssl/sslsock.c
+++ b/mozilla/security/nss/lib/ssl/sslsock.c
@@ -163,6 +163,7 @@ static const sslSocketOps ssl_secure_ops = { /* SSL. */
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index d2227a6..45bf853 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -8447,6 +8447,14 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
if (doStepUp || ss->writerThread == PR_GetCurrentThread()) {
flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
}
+
+ if (!isServer) {
+ rv = ssl3_SendNextProto(ss);
+ if (rv != SECSuccess) {
+ goto xmit_loser; /* err code was set. */
+ }
+ }
+
rv = ssl3_SendFinished(ss, flags);
if (rv != SECSuccess) {
goto xmit_loser; /* err is set. */