Bug 937721, Part 2: Back out cset 61fb80e560de (NSS_3_15_4_BETA2, bug 898431), r=kaie

--HG--
extra : rebase_source : 9b588bc5ba6e6a8ddd630e22ddf27667d6951edd
This commit is contained in:
Brian Smith 2013-11-12 11:27:59 -08:00
Родитель 4dc0340481
Коммит 49389a02a4
5 изменённых файлов: 18 добавлений и 16 удалений

Просмотреть файл

@ -3668,7 +3668,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
_USE_SYSTEM_NSS=1 )
if test -n "$_USE_SYSTEM_NSS"; then
AM_PATH_NSS(3.15.4, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
AM_PATH_NSS(3.15.3, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
fi
if test -n "$MOZ_NATIVE_NSS"; then

Просмотреть файл

@ -1 +1 @@
NSS_3_15_4_BETA2
NSS_3_15_4_BETA1

Просмотреть файл

@ -10,4 +10,3 @@
*/
#error "Do not include this header file."

Просмотреть файл

@ -7043,7 +7043,7 @@ ssl3_CheckFalseStart(sslSocket *ss)
PRBool
ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss)
{
PRBool result;
PRBool result = PR_FALSE;
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
@ -7054,9 +7054,10 @@ ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss)
case wait_change_cipher:
result = !ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn);
break;
default:
result = PR_FALSE;
case wait_finished:
break;
default:
PR_NOT_REACHED("ssl3_WaitingForStartOfServerSecondRound");
}
return result;
@ -9966,17 +9967,19 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error)
PORT_Assert(!ss->firstHsDone);
PORT_Assert(!ss->sec.isServer);
PORT_Assert(!ss->ssl3.hs.isResuming);
PORT_Assert(ss->ssl3.hs.ws != idle_handshake);
PORT_Assert(ss->ssl3.hs.ws == wait_new_session_ticket ||
ss->ssl3.hs.ws == wait_change_cipher ||
ss->ssl3.hs.ws == wait_finished);
/* ssl3_SendClientSecondRound deferred the false start check because
* certificate authentication was pending, so we do it now if we still
* haven't received any of the server's second round yet.
*/
if (ss->opt.enableFalseStart &&
!ss->firstHsDone &&
!ss->sec.isServer &&
!ss->ssl3.hs.isResuming &&
ssl3_WaitingForStartOfServerSecondRound(ss)) {
/* ssl3_SendClientSecondRound deferred the false start check because
* certificate authentication was pending, so we do it now if we still
* haven't received any of the server's second round yet.
*/
rv = ssl3_CheckFalseStart(ss);
} else {
rv = SECSuccess;

Просмотреть файл

@ -60,11 +60,11 @@ ocsp_stapling()
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}
html_msg $? 0 "$TESTNAME"
# TESTNAME="startssl revoked, supports OCSP stapling"
# echo "$SCRIPTNAME: $TESTNAME"
# echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}"
# ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}
# html_msg $? 3 "$TESTNAME"
TESTNAME="startssl revoked, supports OCSP stapling"
echo "$SCRIPTNAME: $TESTNAME"
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}"
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}
html_msg $? 3 "$TESTNAME"
TESTNAME="comodo trial test expired revoked, supports OCSP stapling"
echo "$SCRIPTNAME: $TESTNAME"