src/net/third_party/nss/patches/getrequestedclientcerttypes.patch

   1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
   2 --- a/nss/lib/ssl/ssl3con.c     2013-07-31 12:40:14.493586151 -0700
   3 +++ b/nss/lib/ssl/ssl3con.c     2013-07-31 12:42:42.035748760 -0700
   4 @@ -6544,6 +6544,9 @@ ssl3_HandleCertificateRequest(sslSocket
   5      if (rv != SECSuccess)
   6         goto loser;             /* malformed, alert has been sent */
   7
   8 +    PORT_Assert(!ss->requestedCertTypes);
   9 +    ss->requestedCertTypes = &cert_types;
  10 +
  11      if (isTLS12) {
  12         rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
  13         if (rv != SECSuccess)
  14 @@ -6743,6 +6746,7 @@ loser:
  15      PORT_SetError(errCode);
  16      rv = SECFailure;
  17  done:
  18 +    ss->requestedCertTypes = NULL;
  19      if (arena != NULL)
  20         PORT_FreeArena(arena, PR_FALSE);
  21  #ifdef NSS_PLATFORM_CLIENT_AUTH
  22 diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
  23 --- a/nss/lib/ssl/ssl.h 2013-07-31 12:40:53.784162112 -0700
  24 +++ b/nss/lib/ssl/ssl.h 2013-07-31 12:41:57.515096255 -0700
  25 @@ -732,6 +732,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWith
  26                                                  PRBool flushCache,
  27                                                  PRIntervalTime timeout);
  28
  29 +/* Returns a SECItem containing the certificate_types field of the
  30 +** CertificateRequest message.  Each byte of the data is a TLS
  31 +** ClientCertificateType value, and they are ordered from most preferred to
  32 +** least.  This function should only be called from the
  33 +** SSL_GetClientAuthDataHook callback, and will return NULL if called at any
  34 +** other time.  The returned value is valid only until the callback returns, and
  35 +** should not be freed.
  36 +*/
  37 +SSL_IMPORT const SECItem *
  38 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd);
  39
  40  #ifdef SSL_DEPRECATED_FUNCTION
  41  /* deprecated!
  42 diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
  43 --- a/nss/lib/ssl/sslimpl.h     2013-07-31 12:40:14.503586299 -0700
  44 +++ b/nss/lib/ssl/sslimpl.h     2013-07-31 12:41:57.515096255 -0700
  45 @@ -1168,6 +1168,10 @@ struct sslSocketStr {
  46      unsigned int     sizeCipherSpecs;
  47  const unsigned char *  preferredCipher;
  48
  49 +    /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */
  50 +    /* Will be NULL at all other times. */
  51 +    const SECItem      *requestedCertTypes;
  52 +
  53      ssl3KeyPair *         stepDownKeyPair;     /* RSA step down keys */
  54
  55      /* Callbacks */
  56 diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
  57 --- a/nss/lib/ssl/sslsock.c     2013-07-31 12:40:53.784162112 -0700
  58 +++ b/nss/lib/ssl/sslsock.c     2013-07-31 12:41:57.515096255 -0700
  59 @@ -1933,6 +1933,20 @@ SSL_HandshakeResumedSession(PRFileDesc *
  60      return SECSuccess;
  61  }
  62
  63 +const SECItem *
  64 +SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd)
  65 +{
  66 +  sslSocket *ss = ssl_FindSocket(fd);
  67 +
  68 +  if (!ss) {
  69 +      SSL_DBG(("%d: SSL[%d]: bad socket in "
  70 +               "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd));
  71 +      return NULL;
  72 +  }
  73 +
  74 +  return ss->requestedCertTypes;
  75 +}
  76 +
  77  /************************************************************************/
  78  /* The following functions are the TOP LEVEL SSL functions.
  79  ** They all get called through the NSPRIOMethods table below.
  80 @@ -2995,6 +3009,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
  81             sc->serverKeyBits   = 0;
  82             ss->certStatusArray[i] = NULL;
  83         }
  84 +       ss->requestedCertTypes = NULL;
  85         ss->stepDownKeyPair    = NULL;
  86         ss->dbHandle           = CERT_GetDefaultCertDB();
  87