Bug 1899431 - Use SSL_PeerCertificateChainDER in SSLServerCertVerification. r=keeler

Differential Revision: https://phabricator.services.mozilla.com/D211944
This commit is contained in:
John Schanck 2024-07-18 16:53:57 +00:00
parent 817395a295
commit b5df830a0d
3 changed files with 19 additions and 8 deletions

View File

@ -697,12 +697,12 @@ PRErrorCode AuthCertificateParseResults(
}
static nsTArray<nsTArray<uint8_t>> CreateCertBytesArray(
const UniqueCERTCertList& aCertChain) {
const UniqueSECItemArray& aCertChain) {
nsTArray<nsTArray<uint8_t>> certsBytes;
for (CERTCertListNode* n = CERT_LIST_HEAD(aCertChain);
!CERT_LIST_END(n, aCertChain); n = CERT_LIST_NEXT(n)) {
for (size_t i = 0; i < aCertChain->len; i++) {
nsTArray<uint8_t> certBytes;
certBytes.AppendElements(n->cert->derCert.data, n->cert->derCert.len);
certBytes.AppendElements(aCertChain->items[i].data,
aCertChain->items[i].len);
certsBytes.AppendElement(std::move(certBytes));
}
return certsBytes;
@ -921,11 +921,15 @@ SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig,
return SECFailure;
}
UniqueCERTCertList peerCertChain(SSL_PeerCertificateChain(fd));
if (!peerCertChain) {
UniqueSECItemArray peerCertChain;
SECStatus rv =
SSL_PeerCertificateChainDER(fd, TempPtrToSetter(&peerCertChain));
if (rv != SECSuccess) {
PR_SetError(PR_INVALID_STATE_ERROR, 0);
return SECFailure;
}
MOZ_ASSERT(peerCertChain,
"AuthCertificateHook: peerCertChain unexpectedly null");
nsTArray<nsTArray<uint8_t>> peerCertsBytes =
CreateCertBytesArray(peerCertChain);
@ -964,8 +968,8 @@ SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig,
// Get DC information
Maybe<DelegatedCredentialInfo> dcInfo;
SSLPreliminaryChannelInfo channelPreInfo;
SECStatus rv = SSL_GetPreliminaryChannelInfo(fd, &channelPreInfo,
sizeof(channelPreInfo));
rv = SSL_GetPreliminaryChannelInfo(fd, &channelPreInfo,
sizeof(channelPreInfo));
if (rv != SECSuccess) {
PR_SetError(PR_INVALID_STATE_ERROR, 0);
return SECFailure;

View File

@ -369,6 +369,10 @@ inline void SECITEM_FreeItem_true(SECItem* s) {
return SECITEM_FreeItem(s, true);
}
inline void SECITEM_FreeArray_true(SECItemArray* s) {
return SECITEM_FreeArray(s, true);
}
inline void SECOID_DestroyAlgorithmID_true(SECAlgorithmID* a) {
return SECOID_DestroyAlgorithmID(a, true);
}
@ -432,6 +436,8 @@ MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECAlgorithmID, SECAlgorithmID,
internal::SECOID_DestroyAlgorithmID_true)
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECItem, SECItem,
internal::SECITEM_FreeItem_true)
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECItemArray, SECItemArray,
internal::SECITEM_FreeArray_true)
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPrivateKey, SECKEYPrivateKey,
SECKEY_DestroyPrivateKey)
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPrivateKeyList,

View File

@ -531,6 +531,7 @@ SECITEM_CopyItem_Util
SECITEM_DupArray
SECITEM_DupItem
SECITEM_DupItem_Util
SECITEM_FreeArray
SECITEM_FreeItem
SECITEM_FreeItem_Util
SECITEM_HashCompare