Merge Chromium + Blink git repositories

[chromium-blink-merge.git] / net / third_party / nss / patches / reorderextensions.patch

diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
index c18d6f6..9214a2e 100644
--- a/ssl/ssl3ext.c
+++ b/ssl/ssl3ext.c
@@ -313,6 +313,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
     { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
     { ssl_signed_certificate_timestamp_xtn,
       &ssl3_ClientSendSignedCertTimestampXtn },
+    /* WebSphere Application Server 7.0 is intolerant to the last extension
+     * being zero-length. It is not intolerant of TLS 1.2, so ensure that
+     * signature_algorithms is at the end to guarantee a non-empty
+     * extension. */
     { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
     { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
     /* any extra entries will appear as { 0, NULL }    */
@@ -2507,9 +2511,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
     }
 
     extensionLength = 512 - recordLength;
-    /* Extensions take at least four bytes to encode. */
-    if (extensionLength < 4) {
-        extensionLength = 4;
+    /* Extensions take at least four bytes to encode. Always include at least
+     * one byte of data if including the extension. WebSphere Application
+     * Server 7.0 is intolerant to the last extension being zero-length. */
+    if (extensionLength < 4 + 1) {
+        extensionLength = 4 + 1;
     }
 
     return extensionLength;