Bug 958916: Update to NSS 3.15.5 release candidate 0, (NSS_3_15_5_RC0), r=me

--HG-- extra : rebase_source : 03eeda2f9f6968811d69c1e44eb8dc00472d7558
2014-02-05 19:32:56 -08:00 · 2014-02-05 19:32:56 -08:00 · 0414c8c017
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@ -1 +1 @@
-NSS_3_15_5_BETA3
+NSS_3_15_5_RC0
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@ -10,3 +10,4 @@
 */

 #error "Do not include this header file."
+
--- a/security/nss/lib/ssl/ssl.h
+++ b/security/nss/lib/ssl/ssl.h
@ -163,21 +163,22 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
 #define SSL_ENABLE_OCSP_STAPLING       24 /* Request OCSP stapling (client) */

 /* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial
- * handshake when protocol negotiation is used. SSL_SetNextProtoCallback
- * or SSL_SetNextProtoNego must be used to control the protocol negotiation;
- * otherwise, the NPN extension will not be negotiated. SSL_ENABLE_NPN is
- * currently enabled by default but this may change in future versions.
+ * handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the
+ * application layer protocol negotiation; otherwise, the NPN extension will
+ * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this
+ * may change in future versions.
 */
 #define SSL_ENABLE_NPN 25

 /* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the
- * initial handshake when protocol negotiation is used. SSL_SetNextProtoNego
- * (not SSL_SetNextProtoCallback) must be used to control the protocol
- * negotiation; otherwise, the ALPN extension will not be negotiated. ALPN is
- * not negotiated for renegotiation handshakes, even though the ALPN
- * specification defines a way to use ALPN during renegotiations.
- * SSL_ENABLE_ALPN is currently disabled by default, but this may change in
- * future versions.
+ * initial handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control
+ * the application layer protocol negotiation; otherwise, the ALPN extension
+ * will not be negotiated. ALPN is not negotiated for renegotiation handshakes,
+ * even though the ALPN specification defines a way to use ALPN during
+ * renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this
+ * may change in future versions.
 */
 #define SSL_ENABLE_ALPN 26

--- a/security/nss/lib/ssl/ssl3ext.c
+++ b/security/nss/lib/ssl/ssl3ext.c
@ -615,11 +615,12 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
    PORT_Assert(!ss->firstHsDone);

    if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {
-	/* If the server negotiated ALPN then it has already told us what protocol
-	 * to use, so it doesn't make sense for us to try to negotiate a different
-	 * one by sending the NPN handshake message. However, if we've negotiated
-	 * NPN then we're required to send the NPN handshake message. Thus, these
-	 * two extensions cannot both be negotiated on the same connection. */
+	/* If the server negotiated ALPN then it has already told us what
+	 * protocol to use, so it doesn't make sense for us to try to negotiate
+	 * a different one by sending the NPN handshake message. However, if
+	 * we've negotiated NPN then we're required to send the NPN handshake
+	 * message. Thus, these two extensions cannot both be negotiated on the
+	 * same connection. */
 	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
 	return SECFailure;
    }