diff options
Diffstat (limited to 'chromium/net/third_party/nss/patches/reorderextensions.patch')
-rw-r--r-- | chromium/net/third_party/nss/patches/reorderextensions.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/chromium/net/third_party/nss/patches/reorderextensions.patch b/chromium/net/third_party/nss/patches/reorderextensions.patch new file mode 100644 index 00000000000..3572fb157d2 --- /dev/null +++ b/chromium/net/third_party/nss/patches/reorderextensions.patch @@ -0,0 +1,34 @@ +diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c +index 6f3fe2f..523e49a 100644 +--- a/nss/lib/ssl/ssl3ext.c ++++ b/nss/lib/ssl/ssl3ext.c +@@ -295,9 +295,12 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { + { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, + { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, + { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, +- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, + { ssl_signed_certificate_timestamp_xtn, +- &ssl3_ClientSendSignedCertTimestampXtn } ++ &ssl3_ClientSendSignedCertTimestampXtn }, ++ /* WebSphere Application Server 7.0 is intolerant to the last extension ++ * being zero-length. It is not intolerant of TLS 1.2, so move ++ * signature_algorithms to the end. */ ++ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn } + /* any extra entries will appear as { 0, NULL } */ + }; + +@@ -2347,9 +2350,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) + } + + extensionLength = 512 - recordLength; +- /* Extensions take at least four bytes to encode. */ +- if (extensionLength < 4) { +- extensionLength = 4; ++ /* Extensions take at least four bytes to encode. Always include at least ++ * one byte of data if including the extension. WebSphere Application Server ++ * 7.0 is intolerant to the last extension being zero-length. */ ++ if (extensionLength < 4 + 1) { ++ extensionLength = 4 + 1; + } + + return extensionLength; |