Bug 1388616 - Custom extension support for certificate_authorities, r=ttaubert NSS_TLS13_DRAFT19_BRANCH
authorMartin Thomson <martin.thomson@gmail.com>
Wed, 09 Aug 2017 14:25:24 +1000
branchNSS_TLS13_DRAFT19_BRANCH
changeset 13517 383a7d533d0357624b29f454b2b4dbc18c698f58
parent 13516 f8e20a7a01b8b709f10e19660c20d2dab601e28a
child 13518 481dd1cb873c4abe0cea3dd12cd1572a46ddaeee
push id2312
push usermartin.thomson@gmail.com
push dateWed, 09 Aug 2017 07:14:02 +0000
reviewersttaubert
bugs1388616
Bug 1388616 - Custom extension support for certificate_authorities, r=ttaubert
gtests/ssl_gtest/ssl_custext_unittest.cc
lib/ssl/ssl3ext.c
--- a/gtests/ssl_gtest/ssl_custext_unittest.cc
+++ b/gtests/ssl_gtest/ssl_custext_unittest.cc
@@ -39,40 +39,41 @@ PRBool EmptyExtensionWriter(PRFileDesc *
 
 SECStatus NoopExtensionHandler(PRFileDesc *fd, SSLHandshakeType message,
                                const PRUint8 *data, unsigned int len,
                                SSLAlertDescription *alert, void *arg) {
   return SECSuccess;
 }
 
 // All of the (current) set of supported extensions, plus a few extra.
-static const uint16_t kManyExtensions[] = {ssl_server_name_xtn,
-                                           ssl_cert_status_xtn,
-                                           ssl_supported_groups_xtn,
-                                           ssl_ec_point_formats_xtn,
-                                           ssl_signature_algorithms_xtn,
-                                           ssl_use_srtp_xtn,
-                                           ssl_app_layer_protocol_xtn,
-                                           ssl_signed_cert_timestamp_xtn,
-                                           ssl_padding_xtn,
-                                           ssl_extended_master_secret_xtn,
-                                           ssl_session_ticket_xtn,
-                                           ssl_tls13_key_share_xtn,
-                                           ssl_tls13_pre_shared_key_xtn,
-                                           ssl_tls13_early_data_xtn,
-                                           ssl_tls13_supported_versions_xtn,
-                                           ssl_tls13_cookie_xtn,
-                                           ssl_tls13_psk_key_exchange_modes_xtn,
-                                           ssl_tls13_ticket_early_data_info_xtn,
-                                           ssl_renegotiation_info_xtn,
-                                           ssl_next_proto_nego_xtn,
-                                           ssl_tls13_ticket_early_data_info_xtn,
-                                           ssl_tls13_short_header_xtn,
-                                           1,
-                                           0xffff};
+static const uint16_t kManyExtensions[] = {
+    ssl_server_name_xtn,
+    ssl_cert_status_xtn,
+    ssl_supported_groups_xtn,
+    ssl_ec_point_formats_xtn,
+    ssl_signature_algorithms_xtn,
+    ssl_use_srtp_xtn,
+    ssl_app_layer_protocol_xtn,
+    ssl_signed_cert_timestamp_xtn,
+    ssl_padding_xtn,
+    ssl_extended_master_secret_xtn,
+    ssl_session_ticket_xtn,
+    ssl_tls13_key_share_xtn,
+    ssl_tls13_pre_shared_key_xtn,
+    ssl_tls13_early_data_xtn,
+    ssl_tls13_supported_versions_xtn,
+    ssl_tls13_cookie_xtn,
+    ssl_tls13_psk_key_exchange_modes_xtn,
+    ssl_tls13_ticket_early_data_info_xtn,
+    ssl_tls13_certificate_authorities_xtn,
+    ssl_next_proto_nego_xtn,
+    ssl_renegotiation_info_xtn,
+    ssl_tls13_short_header_xtn,
+    1,
+    0xffff};
 // The list here includes all extensions we expect to use (SSL_MAX_EXTENSIONS),
 // plus the deprecated values (see sslt.h), and two extra dummy values.
 PR_STATIC_ASSERT((SSL_MAX_EXTENSIONS + 5) == PR_ARRAY_SIZE(kManyExtensions));
 
 void InstallManyWriters(std::shared_ptr<TlsAgent> agent,
                         SSLExtensionWriter writer, size_t *installed = nullptr,
                         size_t *called = nullptr) {
   for (size_t i = 0; i < PR_ARRAY_SIZE(kManyExtensions); ++i) {
--- a/lib/ssl/ssl3ext.c
+++ b/lib/ssl/ssl3ext.c
@@ -176,16 +176,17 @@ static const struct {
     { ssl_session_ticket_xtn, ssl_ext_native_only },
     { ssl_tls13_key_share_xtn, ssl_ext_native_only },
     { ssl_tls13_pre_shared_key_xtn, ssl_ext_native_only },
     { ssl_tls13_early_data_xtn, ssl_ext_native_only },
     { ssl_tls13_supported_versions_xtn, ssl_ext_native_only },
     { ssl_tls13_cookie_xtn, ssl_ext_native_only },
     { ssl_tls13_psk_key_exchange_modes_xtn, ssl_ext_native_only },
     { ssl_tls13_ticket_early_data_info_xtn, ssl_ext_native_only },
+    { ssl_tls13_certificate_authorities_xtn, ssl_ext_native },
     { ssl_next_proto_nego_xtn, ssl_ext_none },
     { ssl_renegotiation_info_xtn, ssl_ext_native }
 };
 
 static SSLExtensionSupport
 ssl_GetExtensionSupport(PRUint16 type)
 {
     unsigned int i;