Wan-Teh Chang
22ffa7d3b6
Bug 504080: Update NSS from NSS_3_12_4_FIPS1_WITH_CKBI_1_75 to
...
NSS_3_12_4_FIPS4 in mozilla-central. r=kaie.
2009-07-28 17:01:39 -07:00
Kai Engert
42410d9bcf
Bug 487721, deliver NSS 3.12.4 RC0 to mozilla-central
...
r=wtc
2009-04-21 03:51:56 +02:00
Kai Engert
a5de37788a
Bug 487712, Pick up NSS_HEAD_20090409 to fix WINCE
...
Got r=nelson and r=rrelyea in today's NSS conference call.
CLOSED TREE
2009-04-10 02:00:56 +02:00
Kai Engert
a29c237bb0
Bug 486182, Land NSS 3.12.3 final in mozilla-central
...
r=nelson
2009-04-07 03:36:45 +02:00
Kai Engert
004b63cc3f
Bug 473837, land NSS_3_12_3_BETA2
...
r=wtc
2009-01-21 04:43:31 +01:00
Kai Engert
2093e3d883
Backout 6c571dc80a99, bug 473837
2009-01-16 20:15:28 +01:00
Kai Engert
e61b3c01be
Bug 473837, Import NSS_3_12_3_BETA1
...
r=wtc
2009-01-16 20:01:34 +01:00
Kai Engert
77debeca59
Bug 461082, Deliver NSS 3.12.2 and NSPR 4.7.2 to Mozilla
...
r=wtc
2008-10-23 02:38:29 +02:00
Kai Engert
7bde85d8aa
Bug 450646, Upgrade Mozilla to NSS 3.12.1 release candidate 1
...
r=rrelyea
2008-08-15 06:12:54 +02:00
Benjamin Smedberg
381f8d9c63
Import NSS_3_12_RC4
2008-06-06 08:40:11 -04:00
hg@mozilla.com
05e5d33a57
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rrelyea%redhat.com
75c2698ee0
Add Camilla cipher suites TLS RFC4132 bug 361025
...
code supplied by okazaki@kick.gr.jp
2007-02-28 19:47:40 +00:00
nelson%bolyard.com
fe33cd4708
Bug 366803 - Improve SSL tracing, make it work in browsers, to help with
...
debugging bug 356470. r=neil.williams,alexei.volkov
2007-01-31 04:20:26 +00:00
nelson%bolyard.com
d0fdcbf71c
Improve checking of received SSL2 records.
...
Bug 364319, bug 364323. r=rrelyea, wtchang
2007-01-03 05:30:33 +00:00
wtchang%redhat.com
6defe87ad2
Bugzilla Bug 363073: verify that the peer's ephemeral public key is the
...
type we expect before using it. r=nelsonb
Modified Files: ssl3con.c ssl3ecc.c
2006-12-08 22:37:29 +00:00
wtchang%redhat.com
5a40d49a00
Bug 332350: fixed a typo in the comment.
2006-12-06 23:00:17 +00:00
wtchang%redhat.com
f43e37d11b
Bugzilla Bug 342795: the call-once functions need to store the error code
...
on failure so that the error code can be retrieved later. r=nelsonb and
alexei.volkov.
2006-12-06 21:50:40 +00:00
wtchang%redhat.com
6fcff517e0
Bugzilla Bug 358248: SSL_ShutdownServerSessionIDCache should stop the
...
LockPoller thread. r=nelsonb,relyea
2006-12-06 01:36:08 +00:00
nelson%bolyard.com
3ce134cf12
Export two new functions that were added in NSS 3.11:
...
SSL_ForceHandshakeWithTimeout and SSL_ReHandshakeWithTimeout
Bug 127960. r=alexei.volkov,wtchang
2006-11-15 00:14:42 +00:00
wtchang%redhat.com
f6144cb805
Bugzilla Bug 359484: made the fix for bug 341707 work for the SSL2 client
...
hello case. r=nelsonb,alexei.volkov
2006-11-14 01:09:54 +00:00
alexei.volkov.bugs%sun.com
f4e98c2852
353888: klockwork IDs for ssl3con.c. r=nelson
2006-10-09 22:26:44 +00:00
julien.pierre.bugs%sun.com
81bb832c8f
Fix for bug 115951 . Separate BL_Cleanup and BL_Unload . r=wtchang,nelson
2006-10-02 21:15:46 +00:00
julien.pierre.bugs%sun.com
24aa200d7b
Fix for bug 115951 . Unload freebl dynamic library . Also fix tiny one-time leak of library name . r=nelson,wtchang
2006-09-28 00:40:55 +00:00
nelson%bolyard.com
135dffb589
Also trace the DH(E) PMS. bug 349966. r=julien.pierre, wtchang
2006-09-02 18:53:54 +00:00
nelson%bolyard.com
e356cbee97
re-enable SSLTRACE for keys and (pre)master secrets. Bug 349966. r=rrelyea
2006-08-24 22:10:03 +00:00
nelson%bolyard.com
e923291d6e
Correct ifdefs so that non-ECC builds will continue to build correctly.
...
r=wtchang bug 341707.
2006-07-20 00:17:23 +00:00
nelson%bolyard.com
aa48d36259
Curve-limited clients must not negotiate ECC ciphersuites unless they send the supported curve extension. This means that when they are nogotiating SSL 3.0
...
and not TLS, they should not negotiate ECC ciphersuites at all.
Bug 341707. r=rrelyea.
2006-07-19 01:40:17 +00:00
alexei.volkov.bugs%sun.com
664d338da2
334459: Variable "(cache)->sharedCache" tracked as NULL was passed to a function that dereferences it. [@ CloseCache - InitCache]. r=nelson
2006-07-17 22:14:48 +00:00
alexei.volkov.bugs%sun.com
9ea0404651
341291: Coverity 689 - potential NULL ptr crash in ssl3_SendCertificate. r=nelson
2006-07-17 22:08:03 +00:00
julien.pierre.bugs%sun.com
1bf725b1cb
Fix for bug 341708 . Have client send alert if it detects an invalid server key exchange. r=nelson
2006-06-28 21:15:04 +00:00
wtchang%redhat.com
ab411b37bd
Bugzilla Bug 338798: in C89, local struct variables can only be initialized
...
by constant expressions. HP C compiler version B.11.11.08 generates
incorrect code silently if the initializers are non-constant expressions.
r=alexei.volkov,julien.pierre.
Modified files: cmd/crmftest/testcrmf.c lib/ssl/ssl3con.c
2006-06-26 23:32:19 +00:00
rrelyea%redhat.com
3f13baf101
bug 335748 ECC support for Mozilla. r=wtc
2006-06-23 17:01:38 +00:00
nelson%bolyard.com
5b368c8808
Remove dead code. Coverity 506. r=nelson,wtchang. Bug 337027.
...
Patch by Jon Smirl <jonsmirl@yahoo.com>
2006-06-07 18:36:26 +00:00
nelson%bolyard.com
995213d2df
Fix bug 337104 and bug 337105. Don't crash if we run out of memory
...
in ssl2_ConstructCipherSpecs(). r=Alexei.Volkov Coverity 442 & 443.
2006-06-07 17:53:19 +00:00
wtchang%redhat.com
cdd64c7beb
Bugzilla bug 338599: added new function SECKEY_SignatureLen and use it
...
instead of SECKEY_PublicKeyStrength to get ECDSA signature lengths.
Removed the 'type' member from the VFYContextStr structure because that
info is in the 'key->keyType' field. Set error codes when functions
fail (return 0). r=nelsonb.
Modified Files:
cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secvfy.c
nss/nss.def ssl/ssl3con.c
2006-05-31 23:54:52 +00:00
nelson%bolyard.com
43d0a92ac7
Promote the use of curve secp192r1 for client auth, since it is faster
...
than most. Bug 332350. r=rrelyea.
2006-05-19 03:59:06 +00:00
nelson%bolyard.com
5c56ef5776
Fix several Coverity bugs. Bug 336982. NULL ptr check after ptr deref'ed.
...
Bug 337080. Dead code. r=alexei.volkov
2006-05-18 20:39:19 +00:00
nelson%bolyard.com
9dc19d4fe0
Correct the amount returned by ssl_Writev for short writes on non-blocking
...
sockets. Bug 338325. patch by Chris Newman <chris.newman@sun.com>
r=nelson
2006-05-18 01:10:21 +00:00
wtchang%redhat.com
942eb77419
Bug 305835: Remove NSS_ENABLE_ECC ifdefs in libssl. r=wtc,nelsonb
2006-05-16 01:14:43 +00:00
alexei.volkov.bugs%sun.com
d76295c913
Patch contributed by jonsmirl@yahoo.com
...
[Bug 336932] Coverity 163, dead code in mozilla/security/nss/lib/ssl/ssl3con.c. r=nelson
2006-05-13 00:15:43 +00:00
nelson%bolyard.com
0c05899fa2
Bug 323350. sr=rrelyea. This patch makes 3 changes:
...
1) it adds a new ifdef which enables SSL to limit itself to the 3 Suite B
curves.
2) it corrects the creation and parsing of the Supported Curve extension to
conform with the lastest definition, by using 2 bytes to encode the list
length,
3) it changes the algorithm that picks the curve for ECDHE to choose a curve
that is at least as strong as the "weakest link", is mutually supported
by client and server, and is the fastest for its size.
2006-04-23 00:17:18 +00:00
wtchang%redhat.com
d0604ba735
Bugzilla Bug 236245: Use a stack buffer for ec_params.data in
...
ssl3_SendECDHServerKeyExchange. r=nelson.
2006-04-21 16:19:48 +00:00
nelson%bolyard.com
fe04651c77
Bug 80092: SSL write indicates all data sent when some is buffered.
...
SSL now follows NSPR socket semantics and never returns a short write
count on a blocking socket. On a blocking socket, it returns either
the full count or -1 (with an error code set).
For non-blocking sockets, SSL no longer returns a full write count
when some of the data remains buffered in the SSL record layer.
Instead it returns a number is that always at least 1 byte short of a
full write count, so that the caller will keep retrying until it is done.
SSL makes sure that the first byte sent by the caller in the retry
matches the last byte previously buffered. r=rrelyea.
Modified Files: ssl3con.c sslcon.c ssldef.c sslimpl.h sslsecur.c
2006-04-20 08:46:34 +00:00
nelson%bolyard.com
43a7c5e950
Fix buffer overflow regression. Bug 236245. sr=wtchang
2006-04-20 06:57:54 +00:00
alexei.volkov.bugs%sun.com
b67f75bc05
Patch contributed by timeless@bemail.org
...
[Bug 334459] Variable "cipherName" tracked as NULL was passed to a
function that dereferences it. [@ PORT_Strdup - SSL_SecurityStatus]. r=nelson
2006-04-20 00:20:45 +00:00
nelson%bolyard.com
efdb126901
Fix broken optimized builds, caused by last checkin. Bug 236245.
2006-04-14 00:43:19 +00:00
nelson%bolyard.com
c4fb4fa280
Implement TLS Hello extensions for ECC. Bug 236245. r=rrelyea.
...
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
2006-04-13 23:08:18 +00:00
nelson%bolyard.com
1f32c2cf8f
Implement generic support for TLS Hello Extensions. Bug 226271. r=vipul
2006-04-07 06:24:07 +00:00
nelson%bolyard.com
acfe04a6dd
Don't negotiate an ECDH_RSA cipher suite when the server's only ECDH cert
...
has an ECDSA signature. bug 332350. r=vipul.gupta.
2006-04-06 04:40:49 +00:00
nelson%bolyard.com
fecbcf26d6
Define alerts and error codes for TLS Hello extensions. Bug 226271.
...
r=julien.pierre
2006-04-04 00:32:27 +00:00