зеркало из https://github.com/mozilla/gecko-dev.git
Bug 738458 - Upgrade Mozilla to NSS 3.13.5 - starting with BETA1, r=wtc
This commit is contained in:
Родитель
6bd2c4f144
Коммит
b60bdce8f8
|
@ -43,3 +43,4 @@
|
|||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
||||
|
|
|
@ -1 +1 @@
|
|||
NSS_3_13_4_RTM
|
||||
NSS_3_13_5_BETA1
|
||||
|
|
|
@ -1 +1 @@
|
|||
NSS_3_13_4_RTM
|
||||
NSS_3_13_5_BETA1
|
||||
|
|
|
@ -96,7 +96,7 @@ CERT_VerifySignedDataWithPublicKey(CERTSignedData *sd,
|
|||
rv = NSS_GetAlgorithmPolicy(hashAlg, &policyFlags);
|
||||
if (rv == SECSuccess &&
|
||||
!(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
|
||||
PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
|
||||
rv = SECFailure;
|
||||
}
|
||||
}
|
||||
|
@ -496,7 +496,10 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
|
||||
LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
|
||||
} else {
|
||||
if (PORT_GetError() !=
|
||||
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
}
|
||||
LOG_ERROR_OR_EXIT(log,subjectCert,count,0);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -997,7 +997,7 @@ PKIX_ERRORENTRY(SETPOLICIESFAILED,Fail to set cert validation policies,0),
|
|||
PKIX_ERRORENTRY(SHUTDOWNFAILED,PKIX_PL_Shutdown failed,0),
|
||||
PKIX_ERRORENTRY(SIGNATURECHECKERINITIALIZEFAILED,pkix_SignatureChecker_Initialize failed,0),
|
||||
PKIX_ERRORENTRY(SIGNATURECHECKERSTATECREATEFAILED,pkix_SignatureCheckerState_Create failed,0),
|
||||
PKIX_ERRORENTRY(SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY,Signature did not verify with the public key,SEC_ERROR_BAD_SIGNATURE),
|
||||
PKIX_ERRORENTRY(SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY,Signature did not verify with the public key,0),
|
||||
PKIX_ERRORENTRY(SINGLEPOLICYNODEEQUALSFAILED,PKIX_PL_SinglePolicyNode_Equals failed,0),
|
||||
PKIX_ERRORENTRY(SINGLEPOLICYNODEHASHCODEFAILED,pkix_SinglePolicyNode_Hashcode failed,0),
|
||||
PKIX_ERRORENTRY(SINGLEPOLICYNODETOSTRINGFAILED,pkix_SinglePolicyNode_ToString failed,0),
|
||||
|
@ -1100,7 +1100,7 @@ PKIX_ERRORENTRY(VALIDATEPARAMSGETPROCESSINGPARAMSFAILED,PKIX_ValidateParams_GetP
|
|||
PKIX_ERRORENTRY(VALIDATERESULTCREATEFAILED,pkix_ValidateResult_Create failed,0),
|
||||
PKIX_ERRORENTRY(VALIDATERESULTGETPOLICYTREEFAILED,PKIX_ValidateResult_GetPolicyTree failed,0),
|
||||
PKIX_ERRORENTRY(VALIDATERESULTGETTRUSTANCHORFAILED,PKIX_ValidateResult_GetTrustAnchor failed,0),
|
||||
PKIX_ERRORENTRY(VALIDATIONFAILEDCERTSIGNATURECHECKING,Validation failed: Cert Signature checking,SEC_ERROR_BAD_SIGNATURE),
|
||||
PKIX_ERRORENTRY(VALIDATIONFAILEDCERTSIGNATURECHECKING,Validation failed: Cert Signature checking,0),
|
||||
PKIX_ERRORENTRY(VALIDATIONFAILEDNULLCERTPOINTER,Validation failed: NULL Cert pointer,0),
|
||||
PKIX_ERRORENTRY(VALIDATIONFAILEDPATHTONAMECHECKFAILED,Validation failed: PathToName check failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
|
||||
PKIX_ERRORENTRY(VALUEINESCAPEDASCII,value in EscapedASCII,0),
|
||||
|
|
|
@ -245,7 +245,6 @@ pkix_SignatureChecker_Check(
|
|||
certVerified = PKIX_TRUE;
|
||||
} else {
|
||||
certVerified = PKIX_FALSE;
|
||||
PKIX_DECREF(verifyFail);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -292,6 +291,7 @@ pkix_SignatureChecker_Check(
|
|||
plContext),
|
||||
PKIX_LISTGETITEMFAILED);
|
||||
|
||||
PKIX_DECREF(verifyFail);
|
||||
verifyFail = PKIX_PL_Cert_VerifySignature
|
||||
(cert, pKey, plContext);
|
||||
|
||||
|
@ -300,7 +300,6 @@ pkix_SignatureChecker_Check(
|
|||
break;
|
||||
} else {
|
||||
certVerified = PKIX_FALSE;
|
||||
PKIX_DECREF(verifyFail);
|
||||
}
|
||||
|
||||
PKIX_DECREF(pKey);
|
||||
|
@ -309,6 +308,8 @@ pkix_SignatureChecker_Check(
|
|||
#endif
|
||||
|
||||
if (certVerified == PKIX_FALSE) {
|
||||
pkixErrorResult = verifyFail;
|
||||
verifyFail = NULL;
|
||||
PKIX_ERROR(PKIX_VALIDATIONFAILEDCERTSIGNATURECHECKING);
|
||||
}
|
||||
|
||||
|
|
|
@ -2889,6 +2889,9 @@ PKIX_PL_Cert_VerifySignature(
|
|||
status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, wincx);
|
||||
|
||||
if (status != SECSuccess) {
|
||||
if (PORT_GetError() != SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
}
|
||||
PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
|
||||
}
|
||||
|
||||
|
|
|
@ -1043,6 +1043,7 @@ PKIX_PL_CRL_VerifySignature(
|
|||
status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, wincx);
|
||||
|
||||
if (status != SECSuccess) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
|
||||
}
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: nss.h,v 1.92.2.1 2012/04/06 15:20:43 kaie%kuix.de Exp $ */
|
||||
/* $Id: nss.h,v 1.92.2.2 2012/04/24 01:22:22 kaie%kuix.de Exp $ */
|
||||
|
||||
#ifndef __nss_h_
|
||||
#define __nss_h_
|
||||
|
@ -66,12 +66,12 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define NSS_VERSION "3.13.4.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
|
||||
#define NSS_VERSION "3.13.5.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
|
||||
#define NSS_VMAJOR 3
|
||||
#define NSS_VMINOR 13
|
||||
#define NSS_VPATCH 4
|
||||
#define NSS_VPATCH 5
|
||||
#define NSS_VBUILD 0
|
||||
#define NSS_BETA PR_FALSE
|
||||
#define NSS_BETA PR_TRUE
|
||||
|
||||
#ifndef RC_INVOKED
|
||||
|
||||
|
|
|
@ -57,11 +57,11 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define SOFTOKEN_VERSION "3.13.4.0" SOFTOKEN_ECC_STRING
|
||||
#define SOFTOKEN_VERSION "3.13.5.0" SOFTOKEN_ECC_STRING
|
||||
#define SOFTOKEN_VMAJOR 3
|
||||
#define SOFTOKEN_VMINOR 13
|
||||
#define SOFTOKEN_VPATCH 4
|
||||
#define SOFTOKEN_VPATCH 5
|
||||
#define SOFTOKEN_VBUILD 0
|
||||
#define SOFTOKEN_BETA PR_FALSE
|
||||
#define SOFTOKEN_BETA PR_TRUE
|
||||
|
||||
#endif /* _SOFTKVER_H_ */
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: derive.c,v 1.13 2011/03/22 22:15:22 alexei.volkov.bugs%sun.com Exp $ */
|
||||
/* $Id: derive.c,v 1.13.2.2 2012/04/20 00:37:53 emaldona%redhat.com Exp $ */
|
||||
|
||||
#include "ssl.h" /* prereq to sslimpl.h */
|
||||
#include "certt.h" /* prereq to sslimpl.h */
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: ssl3con.c,v 1.167 2012/03/06 02:23:25 wtc%google.com Exp $ */
|
||||
/* $Id: ssl3con.c,v 1.167.2.2 2012/04/20 00:37:53 emaldona%redhat.com Exp $ */
|
||||
|
||||
#include "cert.h"
|
||||
#include "ssl.h"
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/* TLS extension code moved here from ssl3ecc.c */
|
||||
/* $Id: ssl3ext.c,v 1.22 2012/03/12 19:14:12 wtc%google.com Exp $ */
|
||||
/* $Id: ssl3ext.c,v 1.22.2.2 2012/04/20 00:37:53 emaldona%redhat.com Exp $ */
|
||||
|
||||
#include "nssrenam.h"
|
||||
#include "nss.h"
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslsock.c,v 1.82.2.1 2012/03/31 23:16:38 wtc%google.com Exp $ */
|
||||
/* $Id: sslsock.c,v 1.82.2.3 2012/04/20 00:37:53 emaldona%redhat.com Exp $ */
|
||||
#include "seccomon.h"
|
||||
#include "cert.h"
|
||||
#include "keyhi.h"
|
||||
|
|
|
@ -573,3 +573,6 @@ ER3(SEC_ERROR_UNKNOWN_PKCS11_ERROR, (SEC_ERROR_BASE + 174),
|
|||
|
||||
ER3(SEC_ERROR_BAD_CRL_DP_URL, (SEC_ERROR_BASE + 175),
|
||||
"Invalid or unsupported URL in CRL distribution point name.")
|
||||
|
||||
ER3(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, (SEC_ERROR_BASE + 176),
|
||||
"The certificate was signed using an signature algorithm that is disabled because it is not secure.")
|
||||
|
|
|
@ -51,12 +51,12 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
|
||||
*/
|
||||
#define NSSUTIL_VERSION "3.13.4.0"
|
||||
#define NSSUTIL_VERSION "3.13.5.0"
|
||||
#define NSSUTIL_VMAJOR 3
|
||||
#define NSSUTIL_VMINOR 13
|
||||
#define NSSUTIL_VPATCH 4
|
||||
#define NSSUTIL_VPATCH 5
|
||||
#define NSSUTIL_VBUILD 0
|
||||
#define NSSUTIL_BETA PR_FALSE
|
||||
#define NSSUTIL_BETA PR_TRUE
|
||||
|
||||
SEC_BEGIN_PROTOS
|
||||
|
||||
|
|
|
@ -236,6 +236,8 @@ SEC_ERROR_UNKNOWN_PKCS11_ERROR = (SEC_ERROR_BASE + 174),
|
|||
|
||||
SEC_ERROR_BAD_CRL_DP_URL = (SEC_ERROR_BASE + 175),
|
||||
|
||||
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 176),
|
||||
|
||||
/* Add new error codes above here. */
|
||||
SEC_ERROR_END_OF_LIST
|
||||
} SECErrorCodes;
|
||||
|
|
Загрузка…
Ссылка в новой задаче