diff options
-rw-r--r-- | README.chromium | 3 | ||||
-rw-r--r-- | openssl/include/openssl/ssl.h | 3 | ||||
-rw-r--r-- | openssl/include/openssl/ssl3.h | 2 | ||||
-rw-r--r-- | openssl/ssl/ssl.h | 3 | ||||
-rw-r--r-- | openssl/ssl/ssl3.h | 2 | ||||
-rw-r--r-- | openssl/ssl/ssl_cert.c | 15 | ||||
-rw-r--r-- | patches.chromium/0015-export_certificate_types.patch | 80 |
7 files changed, 106 insertions, 2 deletions
diff --git a/README.chromium b/README.chromium index 443a75d..8ffa5ea 100644 --- a/README.chromium +++ b/README.chromium @@ -212,6 +212,9 @@ located in patches.chromium/. Currently this consists of: server bug. Some servers are intolerant to the last extension being empty. See https://crbug.com/363583 + export_certificate_types.patch + Export the certificate_types field in CertificateRequest. + ************************************************************************** Adding new Chromium patches: diff --git a/openssl/include/openssl/ssl.h b/openssl/include/openssl/ssl.h index fe92ccf..5faae95 100644 --- a/openssl/include/openssl/ssl.h +++ b/openssl/include/openssl/ssl.h @@ -1989,6 +1989,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); int SSL_add_client_CA(SSL *ssl,X509 *x); int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); +void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, + size_t *ctype_num); + void SSL_set_connect_state(SSL *s); void SSL_set_accept_state(SSL *s); diff --git a/openssl/include/openssl/ssl3.h b/openssl/include/openssl/ssl3.h index 899c8a8..019e8d8 100644 --- a/openssl/include/openssl/ssl3.h +++ b/openssl/include/openssl/ssl3.h @@ -508,7 +508,7 @@ typedef struct ssl3_state_st /* used for certificate requests */ int cert_req; int ctype_num; - char ctype[SSL3_CT_NUMBER]; + unsigned char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; int use_rsa_tmp; diff --git a/openssl/ssl/ssl.h b/openssl/ssl/ssl.h index fe92ccf..5faae95 100644 --- a/openssl/ssl/ssl.h +++ b/openssl/ssl/ssl.h @@ -1989,6 +1989,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); int SSL_add_client_CA(SSL *ssl,X509 *x); int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); +void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, + size_t *ctype_num); + void SSL_set_connect_state(SSL *s); void SSL_set_accept_state(SSL *s); diff --git a/openssl/ssl/ssl3.h b/openssl/ssl/ssl3.h index 899c8a8..019e8d8 100644 --- a/openssl/ssl/ssl3.h +++ b/openssl/ssl/ssl3.h @@ -508,7 +508,7 @@ typedef struct ssl3_state_st /* used for certificate requests */ int cert_req; int ctype_num; - char ctype[SSL3_CT_NUMBER]; + unsigned char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; int use_rsa_tmp; diff --git a/openssl/ssl/ssl_cert.c b/openssl/ssl/ssl_cert.c index 5123a89..8a61650 100644 --- a/openssl/ssl/ssl_cert.c +++ b/openssl/ssl/ssl_cert.c @@ -655,6 +655,21 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) return(add_client_CA(&(ctx->client_CA),x)); } +void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, + size_t *ctype_num) + { + if (s->s3 == NULL) + { + *ctype = NULL; + *ctype_num = 0; + return; + } + + /* This always returns nothing for the server. */ + *ctype = s->s3->tmp.ctype; + *ctype_num = s->s3->tmp.ctype_num; + } + static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) { return(X509_NAME_cmp(*a,*b)); diff --git a/patches.chromium/0015-export_certificate_types.patch b/patches.chromium/0015-export_certificate_types.patch new file mode 100644 index 0000000..e5c7f76 --- /dev/null +++ b/patches.chromium/0015-export_certificate_types.patch @@ -0,0 +1,80 @@ +diff --git android-openssl.orig/include/openssl/ssl.h android-openssl/include/openssl/ssl.h +index a3944f1..e559608 100644 +--- android-openssl.orig/include/openssl/ssl.h ++++ android-openssl/include/openssl/ssl.h +@@ -1982,6 +1982,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); + int SSL_add_client_CA(SSL *ssl,X509 *x); + int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); + ++void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, ++ size_t *ctype_num); ++ + void SSL_set_connect_state(SSL *s); + void SSL_set_accept_state(SSL *s); + +diff --git android-openssl.orig/include/openssl/ssl3.h android-openssl/include/openssl/ssl3.h +index 899c8a8..019e8d8 100644 +--- android-openssl.orig/include/openssl/ssl3.h ++++ android-openssl/include/openssl/ssl3.h +@@ -508,7 +508,7 @@ typedef struct ssl3_state_st + /* used for certificate requests */ + int cert_req; + int ctype_num; +- char ctype[SSL3_CT_NUMBER]; ++ unsigned char ctype[SSL3_CT_NUMBER]; + STACK_OF(X509_NAME) *ca_names; + + int use_rsa_tmp; +diff --git android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h +index a3944f1..e559608 100644 +--- android-openssl.orig/ssl/ssl.h ++++ android-openssl/ssl/ssl.h +@@ -1982,6 +1982,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); + int SSL_add_client_CA(SSL *ssl,X509 *x); + int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); + ++void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, ++ size_t *ctype_num); ++ + void SSL_set_connect_state(SSL *s); + void SSL_set_accept_state(SSL *s); + +diff --git android-openssl.orig/ssl/ssl3.h android-openssl/ssl/ssl3.h +index 899c8a8..019e8d8 100644 +--- android-openssl.orig/ssl/ssl3.h ++++ android-openssl/ssl/ssl3.h +@@ -508,7 +508,7 @@ typedef struct ssl3_state_st + /* used for certificate requests */ + int cert_req; + int ctype_num; +- char ctype[SSL3_CT_NUMBER]; ++ unsigned char ctype[SSL3_CT_NUMBER]; + STACK_OF(X509_NAME) *ca_names; + + int use_rsa_tmp; +diff --git android-openssl.orig/ssl/ssl_cert.c android-openssl/ssl/ssl_cert.c +index 5123a89..8a61650 100644 +--- android-openssl.orig/ssl/ssl_cert.c ++++ android-openssl/ssl/ssl_cert.c +@@ -655,6 +655,21 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) + return(add_client_CA(&(ctx->client_CA),x)); + } + ++void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, ++ size_t *ctype_num) ++ { ++ if (s->s3 == NULL) ++ { ++ *ctype = NULL; ++ *ctype_num = 0; ++ return; ++ } ++ ++ /* This always returns nothing for the server. */ ++ *ctype = s->s3->tmp.ctype; ++ *ctype_num = s->s3->tmp.ctype_num; ++ } ++ + static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) + { + return(X509_NAME_cmp(*a,*b)); |