зеркало из https://github.com/mozilla/gecko-dev.git
Bug 967153: Update to NSS 3.16 beta 5 (NSS_3_16_BETA5), r=me
--HG-- extra : rebase_source : 8dfdcd121214b084acc01025a2cd989ccf6a603c
This commit is contained in:
Родитель
35063af92d
Коммит
6a9ed9a302
|
@ -61,6 +61,9 @@ endif
|
|||
ifdef BUILD_OPT
|
||||
NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize
|
||||
endif
|
||||
ifdef USE_X32
|
||||
NSPR_CONFIGURE_OPTS += --enable-x32
|
||||
endif
|
||||
ifdef USE_64
|
||||
NSPR_CONFIGURE_OPTS += --enable-64bit
|
||||
endif
|
||||
|
|
|
@ -1 +1 @@
|
|||
NSS_3_16_BETA4
|
||||
NSS_3_16_BETA5
|
||||
|
|
|
@ -777,7 +777,7 @@ loser:
|
|||
if(tempname) {
|
||||
PRFileInfo info;
|
||||
if(PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
|
||||
if((info.type == PR_FILE_DIRECTORY)) {
|
||||
if(info.type == PR_FILE_DIRECTORY) {
|
||||
/* Recursively remove temporary directory */
|
||||
if(rm_dash_r(tempname)) {
|
||||
error(PK11_INSTALL_REMOVE_DIR,
|
||||
|
|
|
@ -107,30 +107,30 @@ const int ssl2CipherSuites[] = {
|
|||
const int ssl3CipherSuites[] = {
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
|
||||
SSL_RSA_WITH_RC4_128_MD5, /* c */
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
|
||||
SSL_RSA_WITH_DES_CBC_SHA, /* e */
|
||||
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
|
||||
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
|
||||
TLS_RSA_WITH_RC4_128_MD5, /* c */
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
|
||||
TLS_RSA_WITH_DES_CBC_SHA, /* e */
|
||||
TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
|
||||
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
|
||||
SSL_RSA_WITH_NULL_MD5, /* i */
|
||||
TLS_RSA_WITH_NULL_MD5, /* i */
|
||||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
|
||||
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
|
||||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
|
||||
SSL_RSA_WITH_RC4_128_SHA, /* n */
|
||||
TLS_RSA_WITH_RC4_128_SHA, /* n */
|
||||
-1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, * o */
|
||||
-1, /* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */
|
||||
-1, /* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */
|
||||
-1, /* SSL_DHE_RSA_WITH_DES_CBC_SHA, * r */
|
||||
-1, /* SSL_DHE_DSS_WITH_DES_CBC_SHA, * s */
|
||||
-1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */
|
||||
-1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */
|
||||
-1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA, * r */
|
||||
-1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA, * s */
|
||||
-1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA, * t */
|
||||
-1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA, * u */
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
|
||||
-1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA, * w */
|
||||
-1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA, * x */
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
|
||||
SSL_RSA_WITH_NULL_SHA, /* z */
|
||||
TLS_RSA_WITH_NULL_SHA, /* z */
|
||||
0
|
||||
};
|
||||
|
||||
|
@ -1932,9 +1932,9 @@ server_main(
|
|||
* would like it to be. Turn this cipher on.
|
||||
*/
|
||||
|
||||
secStatus = SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE);
|
||||
secStatus = SSL_CipherPrefSetDefault( TLS_RSA_WITH_NULL_MD5, PR_TRUE);
|
||||
if ( secStatus != SECSuccess ) {
|
||||
errExit("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
|
||||
errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5");
|
||||
}
|
||||
|
||||
if (expectedHostNameVal) {
|
||||
|
|
|
@ -493,13 +493,13 @@ const char * helloExtensionNameString(int ex_num)
|
|||
|
||||
static int isNULLmac(int cs_int)
|
||||
{
|
||||
return (cs_int == SSL_NULL_WITH_NULL_NULL);
|
||||
return (cs_int == TLS_NULL_WITH_NULL_NULL);
|
||||
}
|
||||
|
||||
static int isNULLcipher(int cs_int)
|
||||
{
|
||||
return ((cs_int == SSL_RSA_WITH_NULL_MD5) ||
|
||||
(cs_int == SSL_RSA_WITH_NULL_SHA) ||
|
||||
return ((cs_int == TLS_RSA_WITH_NULL_MD5) ||
|
||||
(cs_int == TLS_RSA_WITH_NULL_SHA) ||
|
||||
(cs_int == SSL_FORTEZZA_DMS_WITH_NULL_SHA) ||
|
||||
(cs_int == TLS_ECDH_ECDSA_WITH_NULL_SHA) ||
|
||||
(cs_int == TLS_ECDHE_ECDSA_WITH_NULL_SHA) ||
|
||||
|
|
|
@ -59,30 +59,30 @@ int ssl2CipherSuites[] = {
|
|||
int ssl3CipherSuites[] = {
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
|
||||
SSL_RSA_WITH_RC4_128_MD5, /* c */
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
|
||||
SSL_RSA_WITH_DES_CBC_SHA, /* e */
|
||||
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
|
||||
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
|
||||
TLS_RSA_WITH_RC4_128_MD5, /* c */
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
|
||||
TLS_RSA_WITH_DES_CBC_SHA, /* e */
|
||||
TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
|
||||
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA * h */
|
||||
SSL_RSA_WITH_NULL_MD5, /* i */
|
||||
TLS_RSA_WITH_NULL_MD5, /* i */
|
||||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
|
||||
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
|
||||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
|
||||
SSL_RSA_WITH_RC4_128_SHA, /* n */
|
||||
TLS_RSA_WITH_RC4_128_SHA, /* n */
|
||||
TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
|
||||
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
|
||||
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
|
||||
SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */
|
||||
SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */
|
||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
|
||||
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
|
||||
TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
|
||||
TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
|
||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
|
||||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
|
||||
SSL_RSA_WITH_NULL_SHA, /* z */
|
||||
TLS_RSA_WITH_NULL_SHA, /* z */
|
||||
0
|
||||
};
|
||||
|
||||
|
|
|
@ -68,30 +68,30 @@ int ssl2CipherSuites[] = {
|
|||
int ssl3CipherSuites[] = {
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
|
||||
SSL_RSA_WITH_RC4_128_MD5, /* c */
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
|
||||
SSL_RSA_WITH_DES_CBC_SHA, /* e */
|
||||
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
|
||||
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
|
||||
TLS_RSA_WITH_RC4_128_MD5, /* c */
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
|
||||
TLS_RSA_WITH_DES_CBC_SHA, /* e */
|
||||
TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
|
||||
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
|
||||
SSL_RSA_WITH_NULL_MD5, /* i */
|
||||
TLS_RSA_WITH_NULL_MD5, /* i */
|
||||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
|
||||
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
|
||||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
|
||||
SSL_RSA_WITH_RC4_128_SHA, /* n */
|
||||
TLS_RSA_WITH_RC4_128_SHA, /* n */
|
||||
TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
|
||||
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
|
||||
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
|
||||
SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */
|
||||
SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */
|
||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
|
||||
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
|
||||
TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
|
||||
TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
|
||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
|
||||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
|
||||
SSL_RSA_WITH_NULL_SHA, /* z */
|
||||
TLS_RSA_WITH_NULL_SHA, /* z */
|
||||
0
|
||||
};
|
||||
|
||||
|
|
|
@ -497,7 +497,7 @@ main(int argc, char **argv)
|
|||
/* All cipher suites except RSA_NULL_MD5 are enabled by
|
||||
* Domestic Policy. */
|
||||
NSS_SetDomesticPolicy();
|
||||
SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
|
||||
SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
|
||||
|
||||
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
|
||||
if (cipherString) {
|
||||
|
|
|
@ -27,30 +27,30 @@ int ssl2CipherSuites[] = {
|
|||
int ssl3CipherSuites[] = {
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
|
||||
SSL_RSA_WITH_RC4_128_MD5, /* c */
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
|
||||
SSL_RSA_WITH_DES_CBC_SHA, /* e */
|
||||
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
|
||||
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
|
||||
TLS_RSA_WITH_RC4_128_MD5, /* c */
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
|
||||
TLS_RSA_WITH_DES_CBC_SHA, /* e */
|
||||
TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
|
||||
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
|
||||
SSL_RSA_WITH_NULL_MD5, /* i */
|
||||
TLS_RSA_WITH_NULL_MD5, /* i */
|
||||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
|
||||
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
|
||||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
|
||||
SSL_RSA_WITH_RC4_128_SHA, /* n */
|
||||
TLS_RSA_WITH_RC4_128_SHA, /* n */
|
||||
TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
|
||||
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
|
||||
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
|
||||
SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */
|
||||
SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */
|
||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
|
||||
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
|
||||
TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
|
||||
TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
|
||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
|
||||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
|
||||
SSL_RSA_WITH_NULL_SHA, /* z */
|
||||
TLS_RSA_WITH_NULL_SHA, /* z */
|
||||
0
|
||||
};
|
||||
|
||||
|
|
|
@ -55,11 +55,18 @@ else
|
|||
ifeq ($(OS_TEST),x86_64)
|
||||
ifeq ($(USE_64),1)
|
||||
CPU_ARCH = x86_64
|
||||
ARCHFLAG = -m64
|
||||
else
|
||||
ifeq ($(USE_X32),1)
|
||||
CPU_ARCH = x86_64
|
||||
ARCHFLAG = -mx32
|
||||
64BIT_TAG = _x32
|
||||
else
|
||||
OS_REL_CFLAGS = -Di386
|
||||
CPU_ARCH = x86
|
||||
ARCHFLAG = -m32
|
||||
endif
|
||||
endif
|
||||
else
|
||||
ifeq ($(OS_TEST),sparc64)
|
||||
CPU_ARCH = sparc
|
||||
|
@ -123,12 +130,7 @@ ifeq ($(USE_PTHREADS),1)
|
|||
OS_PTHREAD = -lpthread
|
||||
endif
|
||||
|
||||
# See bug 537829, in particular comment 23.
|
||||
# Place -ansi and *_SOURCE before $(DSO_CFLAGS) so DSO_CFLAGS can override
|
||||
# -ansi on platforms like Android where the system headers are C99 and do
|
||||
# not build with -ansi.
|
||||
STANDARDS_CFLAGS = -D_POSIX_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE
|
||||
OS_CFLAGS = $(STANDARDS_CFLAGS) $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR
|
||||
OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR
|
||||
OS_LIBS = $(OS_PTHREAD) -ldl -lc
|
||||
|
||||
ifdef USE_PTHREADS
|
||||
|
|
|
@ -185,3 +185,6 @@ USE_UTIL_DIRECTLY = 1
|
|||
|
||||
# Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
|
||||
DEFINES += -DNO_NSPR_10_SUPPORT
|
||||
|
||||
# Hide old, deprecated, TLS cipher suite names when building NSS
|
||||
DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
|
||||
|
|
|
@ -10,3 +10,4 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -1394,8 +1394,8 @@ cert_TestHostName(char * cn, const char * hn)
|
|||
* - must not be preceded by an IDNA ACE prefix (xn--)
|
||||
*/
|
||||
if (wildcard && secondcndot && secondcndot[1] && firsthndot
|
||||
&& firstcndot - wildcard == 1 /* no chars between * and . */
|
||||
&& secondcndot - firstcndot > 1 /* not .. */
|
||||
&& firstcndot - wildcard == 1 /* wildcard is last char in first component */
|
||||
&& secondcndot - firstcndot > 1 /* second component is non-empty */
|
||||
&& PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
|
||||
&& !PORT_Strncasecmp(cn, hn, wildcard - cn)
|
||||
&& !PORT_Strcasecmp(firstcndot, firsthndot)
|
||||
|
|
|
@ -607,7 +607,7 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
|||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements.""
|
||||
# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
|
||||
# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
|
||||
# Serial Number: 1407252 (0x157914)
|
||||
# Subject: CN=*.pb.com,OU=Meters,O=Pitney Bowes,L=Danbury,ST=Connecticut,C=US
|
||||
|
@ -619,7 +619,7 @@ CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
|||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements.""
|
||||
CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements."
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141
|
||||
|
|
|
@ -45,7 +45,11 @@ typedef PRUintn uint;
|
|||
#endif
|
||||
typedef PRUint8 uint8;
|
||||
typedef PRUint16 uint16;
|
||||
/* On AIX 5.2, sys/inttypes.h (which is included by sys/types.h)
|
||||
* defines the types int8, int16, int32, and int64. */
|
||||
#if !defined(AIX)
|
||||
typedef PRInt32 int32;
|
||||
#endif
|
||||
typedef PRUint32 uint32;
|
||||
|
||||
#include <limits.h>
|
||||
|
|
|
@ -95,7 +95,7 @@ endif
|
|||
# NSS_X86_OR_X64 means the target is either x86 or x64
|
||||
ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
|
||||
DEFINES += -DNSS_X86_OR_X64
|
||||
ifdef USE_64
|
||||
ifneq (,$(USE_64)$(USE_X32))
|
||||
DEFINES += -DNSS_X64
|
||||
else
|
||||
DEFINES += -DNSS_X86
|
||||
|
@ -180,7 +180,7 @@ endif # Darwin
|
|||
ifeq ($(OS_TARGET),Linux)
|
||||
ifeq ($(CPU_ARCH),x86_64)
|
||||
ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s
|
||||
ASFLAGS += -m64 -fPIC -Wa,--noexecstack
|
||||
ASFLAGS += -fPIC -Wa,--noexecstack
|
||||
DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
|
||||
DEFINES += -DNSS_USE_COMBA
|
||||
DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
#define USE_WORD
|
||||
#endif
|
||||
|
||||
#if (defined(IS_64))
|
||||
#if defined(IS_64) || defined(NSS_BEVAND_ARCFOUR)
|
||||
typedef PRUint64 WORD;
|
||||
#else
|
||||
typedef PRUint32 WORD;
|
||||
|
|
|
@ -56,11 +56,11 @@ typedef int mp_err;
|
|||
#error "USHRT_MAX not defined"
|
||||
#endif
|
||||
|
||||
#if defined(ULONG_LONG_MAX) /* GCC, HPUX */
|
||||
#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
|
||||
#elif defined(ULLONG_MAX) /* Solaris */
|
||||
#if defined(ULLONG_MAX) /* C99, Solaris */
|
||||
#define MP_ULONG_LONG_MAX ULLONG_MAX
|
||||
/* MP_ULONG_LONG_MAX was defined to be ULLONG_MAX */
|
||||
#elif defined(ULONG_LONG_MAX) /* HPUX */
|
||||
#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
|
||||
#elif defined(ULONGLONG_MAX) /* IRIX, AIX */
|
||||
#define MP_ULONG_LONG_MAX ULONGLONG_MAX
|
||||
#endif
|
||||
|
|
|
@ -1515,7 +1515,7 @@ typedef enum PKIX_PL_TrustAnchorModeEnum {
|
|||
* explicitly untrustworthy, explicitly configured trust anchors
|
||||
* MAY be ignored/rejected.
|
||||
*/
|
||||
PKIX_PL_TrustAnchorMode_Exclusive,
|
||||
PKIX_PL_TrustAnchorMode_Exclusive
|
||||
} PKIX_PL_TrustAnchorMode;
|
||||
|
||||
/*
|
||||
|
|
|
@ -772,7 +772,8 @@ PK11_GetPBECryptoMechanism(SECAlgorithmID *algid,
|
|||
**********************************************************************/
|
||||
PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size);
|
||||
SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
|
||||
PK11DefaultArrayEntry *entry, PRBool add);
|
||||
const PK11DefaultArrayEntry *entry,
|
||||
PRBool add);
|
||||
|
||||
/**********************************************************************
|
||||
* Functions to look at PKCS #11 dependent data
|
||||
|
|
|
@ -948,9 +948,10 @@ PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count)
|
|||
* returns: SECSuccess if nothing to do or add/delete is successful
|
||||
*/
|
||||
SECStatus
|
||||
PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry,
|
||||
PRBool add)
|
||||
/* add: PR_TRUE if want to turn on */
|
||||
PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
|
||||
const PK11DefaultArrayEntry *entry,
|
||||
PRBool add)
|
||||
/* add: PR_TRUE if want to turn on */
|
||||
{
|
||||
SECStatus result = SECSuccess;
|
||||
PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism);
|
||||
|
|
|
@ -634,7 +634,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
|||
rv = SECFailure;
|
||||
|
||||
/* determine which KEAs to test */
|
||||
/* 0 (SSL_NULL_WITH_NULL_NULL) is used as a list terminator because
|
||||
/* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
|
||||
* SSL3 and TLS specs forbid negotiating that cipher suite number.
|
||||
*/
|
||||
for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
|
||||
|
@ -647,8 +647,8 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
|||
switch (csdef.cipherSuite) {
|
||||
case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
|
||||
case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
|
||||
case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
|
||||
case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
|
||||
case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
|
||||
case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
|
||||
testrsa_export = PR_TRUE;
|
||||
}
|
||||
if (!testrsa_export)
|
||||
|
|
|
@ -39,10 +39,10 @@ static const ssl3CipherSuite nonDTLSSuites[] = {
|
|||
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
SSL_RSA_WITH_RC4_128_MD5,
|
||||
SSL_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_WITH_RC4_128_MD5,
|
||||
TLS_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
||||
SSL_RSA_EXPORT_WITH_RC4_40_MD5,
|
||||
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
|
||||
0 /* End of list marker */
|
||||
};
|
||||
|
||||
|
|
|
@ -118,8 +118,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
|||
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
|
@ -143,23 +143,23 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
|||
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ SSL_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ SSL_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
|
||||
/* 56-bit DES "domestic" cipher suites */
|
||||
{ SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ SSL_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
|
||||
/* export ciphersuites with 1024-bit public key exchange keys */
|
||||
{ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
|
||||
/* export ciphersuites with 512-bit public key exchange keys */
|
||||
{ SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
|
||||
/* ciphersuites with no encryption */
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
|
@ -168,9 +168,9 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
|||
{ TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
{ SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
};
|
||||
|
||||
/* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
|
||||
|
@ -313,49 +313,49 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
|
|||
{
|
||||
/* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */
|
||||
|
||||
{SSL_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null},
|
||||
{SSL_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa},
|
||||
{SSL_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa},
|
||||
{TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null},
|
||||
{TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa},
|
||||
{TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa},
|
||||
{TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa},
|
||||
{SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
|
||||
{SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
|
||||
{SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
|
||||
{SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
{TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
|
||||
{TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
|
||||
{TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
|
||||
{TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
cipher_rc2_40, mac_md5, kea_rsa_export},
|
||||
#if 0 /* not implemented */
|
||||
{SSL_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa},
|
||||
{SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
{TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa},
|
||||
{TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
cipher_des40, mac_sha, kea_rsa_export},
|
||||
#endif
|
||||
{SSL_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa},
|
||||
{SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},
|
||||
{SSL_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss},
|
||||
{SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
||||
{TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa},
|
||||
{TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},
|
||||
{TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss},
|
||||
{TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
||||
cipher_3des, mac_sha, kea_dhe_dss},
|
||||
{TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss},
|
||||
#if 0 /* not implemented */
|
||||
{SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
||||
{TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
||||
cipher_des40, mac_sha, kea_dh_dss_export},
|
||||
{SSL_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss},
|
||||
{SSL_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss},
|
||||
{SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
{TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss},
|
||||
{TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss},
|
||||
{TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
cipher_des40, mac_sha, kea_dh_rsa_export},
|
||||
{SSL_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
|
||||
{SSL_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa},
|
||||
{SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
||||
{TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
|
||||
{TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa},
|
||||
{TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
||||
cipher_des40, mac_sha, kea_dh_dss_export},
|
||||
{SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
{TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
cipher_des40, mac_sha, kea_dh_rsa_export},
|
||||
#endif
|
||||
{SSL_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa},
|
||||
{SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
{TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa},
|
||||
{TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
cipher_3des, mac_sha, kea_dhe_rsa},
|
||||
#if 0
|
||||
{SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
|
||||
{SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
|
||||
{TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
|
||||
cipher_des40, mac_sha, kea_dh_anon_export},
|
||||
{SSL_DH_ANON_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon},
|
||||
{SSL_DH_ANON_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon},
|
||||
{TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon},
|
||||
{TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon},
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -373,10 +373,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
|
|||
#if 0
|
||||
{TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss},
|
||||
{TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa},
|
||||
{TLS_DH_ANON_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon},
|
||||
{TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon},
|
||||
{TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss},
|
||||
{TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa},
|
||||
{TLS_DH_ANON_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon},
|
||||
{TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon},
|
||||
#endif
|
||||
|
||||
{TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa},
|
||||
|
@ -622,15 +622,15 @@ ssl3_CipherSuiteAllowedForVersionRange(
|
|||
* later. This set of cipher suites is similar to, but different from, the
|
||||
* set of cipher suites considered exportable by SSL_IsExportCipherSuite.
|
||||
*/
|
||||
case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
|
||||
case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
|
||||
/* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
* SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
* SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
* SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
* SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
* SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented
|
||||
* SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
|
||||
case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
|
||||
/* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: never implemented
|
||||
* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: never implemented
|
||||
*/
|
||||
return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
|
||||
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
|
||||
|
@ -9409,17 +9409,21 @@ ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|||
(PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length);
|
||||
|
||||
rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length);
|
||||
if (length != 0 || rv != SECSuccess) {
|
||||
if (rv != SECSuccess || length != 0) {
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
|
||||
return SECFailure; /* malformed */
|
||||
}
|
||||
rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
|
||||
&ticketData);
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
/* If the server sent a zero-length ticket, ignore it and keep the
|
||||
* existing ticket. */
|
||||
if (ticketData.len != 0) {
|
||||
rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
|
||||
&ticketData);
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
}
|
||||
ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
|
||||
}
|
||||
ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
|
||||
|
||||
ss->ssl3.hs.ws = wait_change_cipher;
|
||||
return SECSuccess;
|
||||
|
|
|
@ -76,8 +76,8 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
|||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
||||
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_RC4_128_SHA,
|
||||
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
|
@ -100,23 +100,23 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
|||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS_RSA_WITH_SEED_CBC_SHA,
|
||||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
SSL_RSA_WITH_RC4_128_SHA,
|
||||
SSL_RSA_WITH_RC4_128_MD5,
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_WITH_RC4_128_MD5,
|
||||
|
||||
/* 56-bit DES "domestic" cipher suites */
|
||||
SSL_DHE_RSA_WITH_DES_CBC_SHA,
|
||||
SSL_DHE_DSS_WITH_DES_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_DES_CBC_SHA,
|
||||
SSL_RSA_FIPS_WITH_DES_CBC_SHA,
|
||||
SSL_RSA_WITH_DES_CBC_SHA,
|
||||
TLS_RSA_WITH_DES_CBC_SHA,
|
||||
|
||||
/* export ciphersuites with 1024-bit public key exchange keys */
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
||||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
|
||||
/* export ciphersuites with 512-bit public key exchange keys */
|
||||
SSL_RSA_EXPORT_WITH_RC4_40_MD5,
|
||||
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
|
||||
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
|
||||
/* ciphersuites with no encryption */
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
|
@ -125,9 +125,9 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
|||
TLS_ECDH_RSA_WITH_NULL_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
SSL_RSA_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_SHA256,
|
||||
SSL_RSA_WITH_NULL_MD5,
|
||||
TLS_RSA_WITH_NULL_MD5,
|
||||
|
||||
/* SSL2 cipher suites. */
|
||||
SSL_EN_RC4_128_WITH_MD5,
|
||||
|
|
|
@ -148,28 +148,28 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
|||
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
|
||||
{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
|
||||
{0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
|
||||
{0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
|
||||
{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
|
||||
|
||||
{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
|
||||
{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
|
||||
{0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, },
|
||||
{0,CS(SSL_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
|
||||
|
||||
{0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA, 0, 1, 0, },
|
||||
{0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
|
||||
{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
|
||||
{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
|
||||
{0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
|
||||
{0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
|
||||
{0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA256, 0, 1, 0, },
|
||||
{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
|
||||
{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
|
||||
{0,CS(TLS_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
|
||||
{0,CS(TLS_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
|
||||
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* ECC cipher suites */
|
||||
|
|
|
@ -483,6 +483,8 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
|
|||
{
|
||||
PORT_Assert(sid);
|
||||
PORT_Assert(newSessionTicket);
|
||||
PORT_Assert(newSessionTicket->ticket.data);
|
||||
PORT_Assert(newSessionTicket->ticket.len != 0);
|
||||
|
||||
/* if sid->u.ssl3.lock, we are updating an existing entry that is already
|
||||
* cached or was once cached, so we need to acquire and release the write
|
||||
|
@ -491,10 +493,6 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
|
|||
*/
|
||||
if (sid->u.ssl3.lock) {
|
||||
PR_RWLock_Wlock(sid->u.ssl3.lock);
|
||||
|
||||
/* A server might have sent us an empty ticket, which has the
|
||||
* effect of clearing the previously known ticket.
|
||||
*/
|
||||
if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
|
||||
SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
|
||||
PR_FALSE);
|
||||
|
|
|
@ -81,58 +81,92 @@
|
|||
#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06
|
||||
#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07
|
||||
|
||||
/* SSL v3 Cipher Suites */
|
||||
#define SSL_NULL_WITH_NULL_NULL 0x0000
|
||||
/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
|
||||
#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
|
||||
#define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL
|
||||
#define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5
|
||||
#define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA
|
||||
#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5
|
||||
#define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5
|
||||
#define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA
|
||||
#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
|
||||
#define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA
|
||||
#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
|
||||
#define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA
|
||||
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
|
||||
#define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA
|
||||
#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
|
||||
#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
|
||||
#define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA
|
||||
#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
|
||||
#define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA
|
||||
#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
|
||||
#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
|
||||
#define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||
#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5
|
||||
#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
|
||||
#define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA
|
||||
#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
|
||||
#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
|
||||
#define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA
|
||||
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA
|
||||
#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
|
||||
#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
|
||||
#endif
|
||||
|
||||
#define SSL_RSA_WITH_NULL_MD5 0x0001
|
||||
#define SSL_RSA_WITH_NULL_SHA 0x0002
|
||||
#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
|
||||
#define SSL_RSA_WITH_RC4_128_MD5 0x0004
|
||||
#define SSL_RSA_WITH_RC4_128_SHA 0x0005
|
||||
#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
|
||||
#define SSL_RSA_WITH_IDEA_CBC_SHA 0x0007
|
||||
#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
|
||||
#define SSL_RSA_WITH_DES_CBC_SHA 0x0009
|
||||
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
|
||||
|
||||
#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
|
||||
#define SSL_DH_DSS_WITH_DES_CBC_SHA 0x000c
|
||||
#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
|
||||
#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
|
||||
#define SSL_DH_RSA_WITH_DES_CBC_SHA 0x000f
|
||||
#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
|
||||
|
||||
#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
|
||||
#define SSL_DHE_DSS_WITH_DES_CBC_SHA 0x0012
|
||||
#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
|
||||
#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
|
||||
#define SSL_DHE_RSA_WITH_DES_CBC_SHA 0x0015
|
||||
#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
|
||||
|
||||
#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 0x0017
|
||||
#define SSL_DH_ANON_WITH_RC4_128_MD5 0x0018
|
||||
#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA 0x0019
|
||||
#define SSL_DH_ANON_WITH_DES_CBC_SHA 0x001a
|
||||
#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA 0x001b
|
||||
#define TLS_NULL_WITH_NULL_NULL 0x0000
|
||||
|
||||
#define TLS_RSA_WITH_NULL_MD5 0x0001
|
||||
#define TLS_RSA_WITH_NULL_SHA 0x0002
|
||||
#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
|
||||
#define TLS_RSA_WITH_RC4_128_MD5 0x0004
|
||||
#define TLS_RSA_WITH_RC4_128_SHA 0x0005
|
||||
#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
|
||||
#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007
|
||||
#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
|
||||
#define TLS_RSA_WITH_DES_CBC_SHA 0x0009
|
||||
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
|
||||
|
||||
#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
|
||||
#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c
|
||||
#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
|
||||
#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
|
||||
#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f
|
||||
#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
|
||||
|
||||
#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
|
||||
#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012
|
||||
#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
|
||||
#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
|
||||
#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015
|
||||
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
|
||||
|
||||
#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017
|
||||
#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018
|
||||
#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019
|
||||
#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a
|
||||
#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b
|
||||
|
||||
#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */
|
||||
#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */
|
||||
#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */
|
||||
|
||||
/* New TLS cipher suites */
|
||||
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
|
||||
#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030
|
||||
#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031
|
||||
#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032
|
||||
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
|
||||
#define TLS_DH_ANON_WITH_AES_128_CBC_SHA 0x0034
|
||||
#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034
|
||||
|
||||
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
|
||||
#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036
|
||||
#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037
|
||||
#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
|
||||
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
|
||||
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A
|
||||
#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A
|
||||
#define TLS_RSA_WITH_NULL_SHA256 0x003B
|
||||
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
|
||||
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
|
||||
|
@ -142,7 +176,7 @@
|
|||
#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
|
||||
#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044
|
||||
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045
|
||||
#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA 0x0046
|
||||
#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046
|
||||
|
||||
#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062
|
||||
#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064
|
||||
|
@ -158,7 +192,7 @@
|
|||
#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086
|
||||
#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087
|
||||
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088
|
||||
#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA 0x0089
|
||||
#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089
|
||||
|
||||
#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096
|
||||
|
||||
|
|
|
@ -14,3 +14,7 @@ IMPORT_LIBRARY =
|
|||
PROGRAM =
|
||||
|
||||
EXTRA_LIBS = $(LIBRARY)
|
||||
|
||||
ifeq ($(OS_TARGET),Linux)
|
||||
DEFINES += -DHAVE_UNISTD_H
|
||||
endif
|
||||
|
|
|
@ -940,8 +940,8 @@ cert_ssl()
|
|||
fi
|
||||
|
||||
echo "$SCRIPTNAME: Creating database for OCSP stapling tests ==============="
|
||||
echo "cp -rv ${SERVERDIR} ${STAPLINGDIR}"
|
||||
cp -rv ${R_SERVERDIR} ${R_STAPLINGDIR}
|
||||
echo "cp -r ${SERVERDIR} ${STAPLINGDIR}"
|
||||
cp -r ${R_SERVERDIR} ${R_STAPLINGDIR}
|
||||
pk12u -o ${R_STAPLINGDIR}/ca.p12 -n TestCA -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_CADIR}
|
||||
pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
|
||||
}
|
||||
|
|
|
@ -14,6 +14,9 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then
|
|||
echo "HOST=${HOST}"
|
||||
echo "DOMSUF=${DOMSUF}"
|
||||
echo "BUILD_OPT=${BUILD_OPT}"
|
||||
if [ "${OS_ARCH}" = "Linux" ]; then
|
||||
echo "USE_X32=${USE_X32}"
|
||||
fi
|
||||
echo "USE_64=${USE_64}"
|
||||
echo "NSS_CYCLES=\"${NSS_CYCLES}\""
|
||||
echo "NSS_TESTS=\"${NSS_TESTS}\""
|
||||
|
|
Загрузка…
Ссылка в новой задаче