diff options
author | Sergei Chernov <sergei.cv@ndivi.com> | 2015-12-08 17:11:24 -0500 |
---|---|---|
committer | Sergei Chernov <sergei.cv@ndivi.com> | 2015-12-08 17:11:24 -0500 |
commit | d38cf7ddfbc3f615f2af916dba06c8e87f2b0c61 (patch) | |
tree | 675ef6045d3ba6b138103c529359fb46f63f8d98 /lib/ssl/ssl3con.c | |
parent | 4aab1ad9f2863caf05e8358a9bbb317abd72116f (diff) | |
download | nss-hg-d38cf7ddfbc3f615f2af916dba06c8e87f2b0c61.tar.gz |
Bug 944175 - Implement Certificate Transparency [part 1, client side]. r=wtc
Diffstat (limited to 'lib/ssl/ssl3con.c')
-rw-r--r-- | lib/ssl/ssl3con.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 67f58d403..93e7d53ed 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -6787,6 +6787,17 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) sid->u.ssl3.keys.extendedMasterSecretUsed = ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn); + /* Copy Signed Certificate Timestamps, if any. */ + if (ss->xtnData.signedCertTimestamps.data) { + rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps, + &ss->xtnData.signedCertTimestamps); + if (rv != SECSuccess) + goto loser; + /* Clean up the temporary pointer to the handshake buffer. */ + ss->xtnData.signedCertTimestamps.data = NULL; + ss->xtnData.signedCertTimestamps.len = 0; + } + ss->ssl3.hs.isResuming = PR_FALSE; if (ss->ssl3.hs.kea_def->signKeyType != sign_null) { /* All current cipher suites other than those with sign_null (i.e., @@ -6805,6 +6816,9 @@ alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); loser: + /* Clean up the temporary pointer to the handshake buffer. */ + ss->xtnData.signedCertTimestamps.data = NULL; + ss->xtnData.signedCertTimestamps.len = 0; ssl_MapLowLevelError(errCode); return SECFailure; } |