mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-26 22:32:46 +00:00
Bug 1899431 - Use SSL_PeerCertificateChainDER in SSLServerCertVerification. r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D211944
This commit is contained in:
parent
817395a295
commit
b5df830a0d
@ -697,12 +697,12 @@ PRErrorCode AuthCertificateParseResults(
|
||||
}
|
||||
|
||||
static nsTArray<nsTArray<uint8_t>> CreateCertBytesArray(
|
||||
const UniqueCERTCertList& aCertChain) {
|
||||
const UniqueSECItemArray& aCertChain) {
|
||||
nsTArray<nsTArray<uint8_t>> certsBytes;
|
||||
for (CERTCertListNode* n = CERT_LIST_HEAD(aCertChain);
|
||||
!CERT_LIST_END(n, aCertChain); n = CERT_LIST_NEXT(n)) {
|
||||
for (size_t i = 0; i < aCertChain->len; i++) {
|
||||
nsTArray<uint8_t> certBytes;
|
||||
certBytes.AppendElements(n->cert->derCert.data, n->cert->derCert.len);
|
||||
certBytes.AppendElements(aCertChain->items[i].data,
|
||||
aCertChain->items[i].len);
|
||||
certsBytes.AppendElement(std::move(certBytes));
|
||||
}
|
||||
return certsBytes;
|
||||
@ -921,11 +921,15 @@ SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig,
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
UniqueCERTCertList peerCertChain(SSL_PeerCertificateChain(fd));
|
||||
if (!peerCertChain) {
|
||||
UniqueSECItemArray peerCertChain;
|
||||
SECStatus rv =
|
||||
SSL_PeerCertificateChainDER(fd, TempPtrToSetter(&peerCertChain));
|
||||
if (rv != SECSuccess) {
|
||||
PR_SetError(PR_INVALID_STATE_ERROR, 0);
|
||||
return SECFailure;
|
||||
}
|
||||
MOZ_ASSERT(peerCertChain,
|
||||
"AuthCertificateHook: peerCertChain unexpectedly null");
|
||||
|
||||
nsTArray<nsTArray<uint8_t>> peerCertsBytes =
|
||||
CreateCertBytesArray(peerCertChain);
|
||||
@ -964,8 +968,8 @@ SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig,
|
||||
// Get DC information
|
||||
Maybe<DelegatedCredentialInfo> dcInfo;
|
||||
SSLPreliminaryChannelInfo channelPreInfo;
|
||||
SECStatus rv = SSL_GetPreliminaryChannelInfo(fd, &channelPreInfo,
|
||||
sizeof(channelPreInfo));
|
||||
rv = SSL_GetPreliminaryChannelInfo(fd, &channelPreInfo,
|
||||
sizeof(channelPreInfo));
|
||||
if (rv != SECSuccess) {
|
||||
PR_SetError(PR_INVALID_STATE_ERROR, 0);
|
||||
return SECFailure;
|
||||
|
@ -369,6 +369,10 @@ inline void SECITEM_FreeItem_true(SECItem* s) {
|
||||
return SECITEM_FreeItem(s, true);
|
||||
}
|
||||
|
||||
inline void SECITEM_FreeArray_true(SECItemArray* s) {
|
||||
return SECITEM_FreeArray(s, true);
|
||||
}
|
||||
|
||||
inline void SECOID_DestroyAlgorithmID_true(SECAlgorithmID* a) {
|
||||
return SECOID_DestroyAlgorithmID(a, true);
|
||||
}
|
||||
@ -432,6 +436,8 @@ MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECAlgorithmID, SECAlgorithmID,
|
||||
internal::SECOID_DestroyAlgorithmID_true)
|
||||
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECItem, SECItem,
|
||||
internal::SECITEM_FreeItem_true)
|
||||
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECItemArray, SECItemArray,
|
||||
internal::SECITEM_FreeArray_true)
|
||||
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPrivateKey, SECKEYPrivateKey,
|
||||
SECKEY_DestroyPrivateKey)
|
||||
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPrivateKeyList,
|
||||
|
@ -531,6 +531,7 @@ SECITEM_CopyItem_Util
|
||||
SECITEM_DupArray
|
||||
SECITEM_DupItem
|
||||
SECITEM_DupItem_Util
|
||||
SECITEM_FreeArray
|
||||
SECITEM_FreeItem
|
||||
SECITEM_FreeItem_Util
|
||||
SECITEM_HashCompare
|
||||
|
Loading…
Reference in New Issue
Block a user