зеркало из https://github.com/mozilla/gecko-dev.git
Bug 713936: Update to NSS_3_13_2_RTM (NSS 3.13.2), r=kai
This commit is contained in:
Родитель
5bd860a38e
Коммит
c951c5c472
|
@ -42,3 +42,4 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -1 +1 @@
|
|||
NSS_3_13_2_RC0
|
||||
NSS_3_13_2_RTM
|
||||
|
|
|
@ -325,7 +325,8 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
|
|||
{
|
||||
ServerCertAuth * serverCertAuth = (ServerCertAuth *) arg;
|
||||
|
||||
FPRINTF(stderr, "using asynchronous certificate validation\n");
|
||||
FPRINTF(stderr, "%s: using asynchronous certificate validation\n",
|
||||
progName);
|
||||
|
||||
PORT_Assert(serverCertAuth->shouldPause);
|
||||
PORT_Assert(!serverCertAuth->isPaused);
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: nss.h,v 1.88 2012/02/13 21:34:08 kaie%kuix.de Exp $ */
|
||||
/* $Id: nss.h,v 1.89 2012/02/15 21:56:55 kaie%kuix.de Exp $ */
|
||||
|
||||
#ifndef __nss_h_
|
||||
#define __nss_h_
|
||||
|
@ -66,11 +66,11 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define NSS_VERSION "3.13.2.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
|
||||
#define NSS_VERSION "3.13.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
|
||||
#define NSS_VMAJOR 3
|
||||
#define NSS_VMINOR 13
|
||||
#define NSS_VPATCH 2
|
||||
#define NSS_VBUILD 0
|
||||
#define NSS_VBUILD 1
|
||||
#define NSS_BETA PR_FALSE
|
||||
|
||||
#ifndef RC_INVOKED
|
||||
|
|
|
@ -57,11 +57,11 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define SOFTOKEN_VERSION "3.13.2.0" SOFTOKEN_ECC_STRING
|
||||
#define SOFTOKEN_VERSION "3.13.2.1" SOFTOKEN_ECC_STRING
|
||||
#define SOFTOKEN_VMAJOR 3
|
||||
#define SOFTOKEN_VMINOR 13
|
||||
#define SOFTOKEN_VPATCH 2
|
||||
#define SOFTOKEN_VBUILD 0
|
||||
#define SOFTOKEN_VBUILD 1
|
||||
#define SOFTOKEN_BETA PR_FALSE
|
||||
|
||||
#endif /* _SOFTKVER_H_ */
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: ssl.h,v 1.48 2012/02/11 12:58:47 kaie%kuix.de Exp $ */
|
||||
/* $Id: ssl.h,v 1.49 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
|
||||
|
||||
#ifndef __ssl_h_
|
||||
#define __ssl_h_
|
||||
|
@ -347,11 +347,14 @@ SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
|
|||
**
|
||||
** If the authenticate certificate hook returns SECFailure, then the bad cert
|
||||
** hook will be called. The bad cert handler is NEVER called if the
|
||||
** authenticate certificate hook returns SECWouldBlock.
|
||||
** authenticate certificate hook returns SECWouldBlock. If the application
|
||||
** needs to handle and/or override a bad cert, it should do so before it
|
||||
** calls SSL_AuthCertificateComplete (modifying the error it passes to
|
||||
** SSL_AuthCertificateComplete as needed).
|
||||
**
|
||||
** See the documentation for SSL_AuthCertificateComplete for more information
|
||||
** about the asynchronous behavior that occurs when the authenticate
|
||||
** certificate hook returns SECWouldBlock
|
||||
** certificate hook returns SECWouldBlock.
|
||||
*/
|
||||
typedef SECStatus (PR_CALLBACK *SSLAuthCertificate)(void *arg, PRFileDesc *fd,
|
||||
PRBool checkSig,
|
||||
|
@ -772,11 +775,11 @@ extern const char *NSSSSL_GetVersion(void);
|
|||
* a connection; it does not work for the server role.
|
||||
*
|
||||
* The application must call SSL_AuthCertificateComplete with 0 as the value of
|
||||
* status parameter after it has successfully validated the peer's certificate,
|
||||
* in order to continue the SSL handshake.
|
||||
* the error parameter after it has successfully validated the peer's
|
||||
* certificate, in order to continue the SSL handshake.
|
||||
*
|
||||
* The application may call SSL_AuthCertificateComplete with a non-zero value
|
||||
* for status (e.g. SEC_ERROR_REVOKED_CERTIFICATE) when certificate validation
|
||||
* for error (e.g. SEC_ERROR_REVOKED_CERTIFICATE) when certificate validation
|
||||
* fails, before it closes the connection. If the application does so, an
|
||||
* alert corresponding to the error (e.g. certificate_revoked) will be sent to
|
||||
* the peer. See the source code of the internal function
|
||||
|
@ -816,10 +819,16 @@ extern const char *NSSSSL_GetVersion(void);
|
|||
* Returns SECFailure on failure, SECSuccess on success. Never returns
|
||||
* SECWouldBlock. Note that SSL_AuthCertificateComplete will (usually) return
|
||||
* SECSuccess; do not interpret the return value of SSL_AuthCertificateComplete
|
||||
* as an indicator of whether it is OK to continue using the connection.
|
||||
* as an indicator of whether it is OK to continue using the connection. For
|
||||
* example, SSL_AuthCertificateComplete(fd, SEC_ERROR_REVOKED_CERTIFICATE) will
|
||||
* return SECSuccess (normally), but that does not mean that the application
|
||||
* should continue using the connection. If the application passes a non-zero
|
||||
* value for second argument (error), or if SSL_AuthCertificateComplete returns
|
||||
* anything other than SECSuccess, then the application should close the
|
||||
* connection.
|
||||
*/
|
||||
SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
|
||||
PRErrorCode status);
|
||||
PRErrorCode error);
|
||||
SEC_END_PROTOS
|
||||
|
||||
#endif /* __ssl_h_ */
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: ssl3con.c,v 1.162 2012/02/11 13:03:08 kaie%kuix.de Exp $ */
|
||||
/* $Id: ssl3con.c,v 1.163 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
|
||||
|
||||
#include "cert.h"
|
||||
#include "ssl.h"
|
||||
|
@ -8146,7 +8146,7 @@ ssl3_AlwaysFail(sslSocket * ss)
|
|||
/* Caller must hold 1stHandshakeLock.
|
||||
*/
|
||||
SECStatus
|
||||
ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode status)
|
||||
ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error)
|
||||
{
|
||||
SECStatus rv;
|
||||
|
||||
|
@ -8168,9 +8168,9 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode status)
|
|||
|
||||
ss->ssl3.hs.authCertificatePending = PR_FALSE;
|
||||
|
||||
if (status != 0) {
|
||||
if (error != 0) {
|
||||
ss->ssl3.hs.restartTarget = ssl3_AlwaysFail;
|
||||
ssl3_SendAlertForCertError(ss, status);
|
||||
ssl3_SendAlertForCertError(ss, error);
|
||||
rv = SECSuccess;
|
||||
} else if (ss->ssl3.hs.restartTarget != NULL) {
|
||||
sslRestartTarget target = ss->ssl3.hs.restartTarget;
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/* TLS extension code moved here from ssl3ecc.c */
|
||||
/* $Id: ssl3ext.c,v 1.20 2011/11/16 19:12:35 kaie%kuix.de Exp $ */
|
||||
/* $Id: ssl3ext.c,v 1.21 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
|
||||
|
||||
#include "nssrenam.h"
|
||||
#include "nss.h"
|
||||
|
@ -241,7 +241,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
|
|||
#endif
|
||||
{ ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
|
||||
{ ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
|
||||
{ ssl_next_proto_neg_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
|
||||
{ ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
|
||||
{ -1, NULL }
|
||||
};
|
||||
|
||||
|
@ -252,7 +252,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
|
|||
/* TODO: add a handler for ssl_ec_point_formats_xtn */
|
||||
{ ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
|
||||
{ ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
|
||||
{ ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
|
||||
{ ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
|
||||
{ -1, NULL }
|
||||
};
|
||||
|
||||
|
@ -276,7 +276,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
|||
{ ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
|
||||
#endif
|
||||
{ ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
|
||||
{ ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }
|
||||
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }
|
||||
/* any extra entries will appear as { 0, NULL } */
|
||||
};
|
||||
|
||||
|
@ -641,14 +641,14 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append,
|
|||
|
||||
if (append && maxBytes >= extension_length) {
|
||||
SECStatus rv;
|
||||
rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_neg_xtn, 2);
|
||||
rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
||||
ssl_next_proto_neg_xtn;
|
||||
ssl_next_proto_nego_xtn;
|
||||
} else if (maxBytes < extension_length) {
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslimpl.h,v 1.93 2012/02/11 12:58:47 kaie%kuix.de Exp $ */
|
||||
/* $Id: sslimpl.h,v 1.94 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
|
||||
|
||||
#ifndef __sslimpl_h_
|
||||
#define __sslimpl_h_
|
||||
|
@ -1359,7 +1359,7 @@ extern void ssl_FreeSocket(struct sslSocketStr *ssl);
|
|||
extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
|
||||
SSL3AlertDescription desc);
|
||||
|
||||
extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode status);
|
||||
extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
|
||||
|
||||
/*
|
||||
* for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslsecur.c,v 1.56 2012/02/11 12:58:47 kaie%kuix.de Exp $ */
|
||||
/* $Id: sslsecur.c,v 1.57 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
|
||||
#include "cert.h"
|
||||
#include "secitem.h"
|
||||
#include "keyhi.h"
|
||||
|
@ -1488,7 +1488,7 @@ SSL_RestartHandshakeAfterServerCert(sslSocket * ss)
|
|||
|
||||
/* See documentation in ssl.h */
|
||||
SECStatus
|
||||
SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode status)
|
||||
SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error)
|
||||
{
|
||||
SECStatus rv;
|
||||
sslSocket *ss = ssl_FindSocket(fd);
|
||||
|
@ -1508,7 +1508,7 @@ SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode status)
|
|||
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
|
||||
rv = SECFailure;
|
||||
} else {
|
||||
rv = ssl3_AuthCertificateComplete(ss, status);
|
||||
rv = ssl3_AuthCertificateComplete(ss, error);
|
||||
}
|
||||
|
||||
ssl_Release1stHandshakeLock(ss);
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslsock.c,v 1.81 2012/02/11 13:20:53 kaie%kuix.de Exp $ */
|
||||
/* $Id: sslsock.c,v 1.82 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
|
||||
#include "seccomon.h"
|
||||
#include "cert.h"
|
||||
#include "keyhi.h"
|
||||
|
@ -1964,8 +1964,23 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
|
|||
* the caller to poll the socket unless there is pending write data.
|
||||
*/
|
||||
if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
|
||||
/* Ignore any newly-received data on the socket, but do wait for
|
||||
* the socket to become writable again. Here, it is OK for an error
|
||||
* to be detected, because our logic for sending pending write data
|
||||
* will allow us to report the error to the caller without the risk
|
||||
* of the application spinning.
|
||||
*/
|
||||
new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
|
||||
} else {
|
||||
/* Unfortunately, clearing new_flags will make it impossible for
|
||||
* the application to detect errors that it would otherwise be
|
||||
* able to detect with PR_POLL_EXCEPT, until the asynchronous
|
||||
* callback completes. However, we must clear all the flags to
|
||||
* prevent the application from spinning (alternating between
|
||||
* calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
|
||||
* which won't actually report the I/O error while we are waiting
|
||||
* for the asynchronous callback to complete).
|
||||
*/
|
||||
new_flags = 0;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslt.h,v 1.17 2011/10/29 00:29:11 bsmith%mozilla.com Exp $ */
|
||||
/* $Id: sslt.h,v 1.18 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
|
||||
|
||||
#ifndef __sslt_h_
|
||||
#define __sslt_h_
|
||||
|
@ -203,7 +203,7 @@ typedef enum {
|
|||
ssl_ec_point_formats_xtn = 11,
|
||||
#endif
|
||||
ssl_session_ticket_xtn = 35,
|
||||
ssl_next_proto_neg_xtn = 13172,
|
||||
ssl_next_proto_nego_xtn = 13172,
|
||||
ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
|
||||
} SSLExtensionType;
|
||||
|
||||
|
|
|
@ -51,11 +51,11 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
|
||||
*/
|
||||
#define NSSUTIL_VERSION "3.13.2.0"
|
||||
#define NSSUTIL_VERSION "3.13.2.1"
|
||||
#define NSSUTIL_VMAJOR 3
|
||||
#define NSSUTIL_VMINOR 13
|
||||
#define NSSUTIL_VPATCH 2
|
||||
#define NSSUTIL_VBUILD 0
|
||||
#define NSSUTIL_VBUILD 1
|
||||
#define NSSUTIL_BETA PR_FALSE
|
||||
|
||||
SEC_BEGIN_PROTOS
|
||||
|
|
Загрузка…
Ссылка в новой задаче