1 Index: net/third_party/nss/ssl/ssl.h
2 ===================================================================
3 --- net/third_party/nss/ssl/ssl.h (revision 225295)
4 +++ net/third_party/nss/ssl/ssl.h (working copy)
7 SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
10 +** Return the certificates presented by the SSL peer. If the SSL peer
11 +** did not present certificates, return NULL with the
12 +** SSL_ERROR_NO_CERTIFICATE error. On failure, return NULL with an error
13 +** code other than SSL_ERROR_NO_CERTIFICATE.
14 +** "fd" the socket "file" descriptor
16 +SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
18 /* SSL_PeerStapledOCSPResponses returns the OCSP responses that were provided
19 * by the TLS server. The return value is a pointer to an internal SECItemArray
20 * that contains the returned OCSP responses; it is only valid until the
25 -** Return references to the certificates presented by the SSL peer.
26 -** |maxNumCerts| must contain the size of the |certs| array. On successful
27 -** return, |*numCerts| contains the number of certificates available and
28 -** |certs| will contain references to as many certificates as would fit.
29 -** Therefore if |*numCerts| contains a value less than or equal to
30 -** |maxNumCerts|, then all certificates were returned.
32 -SSL_IMPORT SECStatus SSL_PeerCertificateChain(
33 - PRFileDesc *fd, CERTCertificate **certs,
34 - unsigned int *numCerts, unsigned int maxNumCerts);
37 ** Authenticate certificate hook. Called when a certificate comes in
38 ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
40 Index: net/third_party/nss/ssl/sslauth.c
41 ===================================================================
42 --- net/third_party/nss/ssl/sslauth.c (revision 225295)
43 +++ net/third_party/nss/ssl/sslauth.c (working copy)
47 /* NEED LOCKS IN HERE. */
49 -SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs,
50 - unsigned int *numCerts, unsigned int maxNumCerts)
52 +SSL_PeerCertificateChain(PRFileDesc *fd)
56 + CERTCertList *chain = NULL;
57 + CERTCertificate *cert;
60 ss = ssl_FindSocket(fd);
62 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
67 - if (!ss->opt.useSecurity)
70 - if (ss->sec.peerCert == NULL) {
73 + if (!ss->opt.useSecurity || !ss->sec.peerCert) {
74 + PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
78 - *numCerts = 1; /* for the leaf certificate */
79 - if (maxNumCerts > 0)
80 - certs[0] = CERT_DupCertificate(ss->sec.peerCert);
82 + chain = CERT_NewCertList();
86 + cert = CERT_DupCertificate(ss->sec.peerCert);
87 + if (CERT_AddCertToListTail(chain, cert) != SECSuccess) {
90 for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
91 - if (*numCerts < maxNumCerts)
92 - certs[*numCerts] = CERT_DupCertificate(cur->cert);
94 + cert = CERT_DupCertificate(cur->cert);
95 + if (CERT_AddCertToListTail(chain, cert) != SECSuccess) {
103 + CERT_DestroyCertList(chain);
107 /* NEED LOCKS IN HERE. */