1282088a1f
Bug 527659, Update Mozilla-central to NSS 3.12.6 RTM (RC2)
...
=== pushing final release, r=wtc
=== adding a directory with on-top-patches, r=wtc
=== also, update to NSPR 4.8.4 final, r=wtc
2010-03-05 14:44:10 +01:00
d0cf766c37
Bug 527659, Update Mozilla-central to NSS 3.12.6
...
=== r=rrelyea for upgrading to release candidate 1
=== reapplying bug 519550 on top
=== includes PSM makefile tweak to keep TLS disabled (variables changed in the updated NSS snapshot)
=== change configure.in to require the newer system NSS, r=wtc
2010-02-12 09:47:51 +01:00
d6c30005d8
Bug 527659, Update mozilla-central to NSS 3.12.6 (beta)
...
== NSS portion
== r=rrelyea/wtc for upgrading mozilla-central to cvs tag NSS_3_12_6_BETA1
== This includes reapplying the (merged) patch from bug 519550 on top of NSS.
== PSM portion
== Includes the patch to disable TLS compression, r=kaie
== Include the patch to disable zlib test programs, which don't work on maemo, r=kaie
2010-02-07 12:54:28 +01:00
22ffa7d3b6
Bug 504080: Update NSS from NSS_3_12_4_FIPS1_WITH_CKBI_1_75 to
...
NSS_3_12_4_FIPS4 in mozilla-central. r=kaie.
2009-07-28 17:01:39 -07:00
42410d9bcf
Bug 487721, deliver NSS 3.12.4 RC0 to mozilla-central
...
r=wtc
2009-04-21 03:51:56 +02:00
a5de37788a
Bug 487712, Pick up NSS_HEAD_20090409 to fix WINCE
...
Got r=nelson and r=rrelyea in today's NSS conference call.
CLOSED TREE
2009-04-10 02:00:56 +02:00
a29c237bb0
Bug 486182, Land NSS 3.12.3 final in mozilla-central
...
r=nelson
2009-04-07 03:36:45 +02:00
004b63cc3f
Bug 473837, land NSS_3_12_3_BETA2
...
r=wtc
2009-01-21 04:43:31 +01:00
2093e3d883
Backout 6c571dc80a99, bug 473837
2009-01-16 20:15:28 +01:00
e61b3c01be
Bug 473837, Import NSS_3_12_3_BETA1
...
r=wtc
2009-01-16 20:01:34 +01:00
77debeca59
Bug 461082, Deliver NSS 3.12.2 and NSPR 4.7.2 to Mozilla
...
r=wtc
2008-10-23 02:38:29 +02:00
7bde85d8aa
Bug 450646, Upgrade Mozilla to NSS 3.12.1 release candidate 1
...
r=rrelyea
2008-08-15 06:12:54 +02:00
381f8d9c63
Import NSS_3_12_RC4
2008-06-06 08:40:11 -04:00
05e5d33a57
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
75c2698ee0
Add Camilla cipher suites TLS RFC4132 bug 361025
...
code supplied by okazaki@kick.gr.jp
2007-02-28 19:47:40 +00:00
fe33cd4708
Bug 366803 - Improve SSL tracing, make it work in browsers, to help with
...
debugging bug 356470. r=neil.williams,alexei.volkov
2007-01-31 04:20:26 +00:00
d0fdcbf71c
Improve checking of received SSL2 records.
...
Bug 364319, bug 364323. r=rrelyea, wtchang
2007-01-03 05:30:33 +00:00
6defe87ad2
Bugzilla Bug 363073: verify that the peer's ephemeral public key is the
...
type we expect before using it. r=nelsonb
Modified Files: ssl3con.c ssl3ecc.c
2006-12-08 22:37:29 +00:00
5a40d49a00
Bug 332350: fixed a typo in the comment.
2006-12-06 23:00:17 +00:00
f43e37d11b
Bugzilla Bug 342795: the call-once functions need to store the error code
...
on failure so that the error code can be retrieved later. r=nelsonb and
alexei.volkov.
2006-12-06 21:50:40 +00:00
6fcff517e0
Bugzilla Bug 358248: SSL_ShutdownServerSessionIDCache should stop the
...
LockPoller thread. r=nelsonb,relyea
2006-12-06 01:36:08 +00:00
3ce134cf12
Export two new functions that were added in NSS 3.11:
...
SSL_ForceHandshakeWithTimeout and SSL_ReHandshakeWithTimeout
Bug 127960. r=alexei.volkov,wtchang
2006-11-15 00:14:42 +00:00
f6144cb805
Bugzilla Bug 359484: made the fix for bug 341707 work for the SSL2 client
...
hello case. r=nelsonb,alexei.volkov
2006-11-14 01:09:54 +00:00
f4e98c2852
353888: klockwork IDs for ssl3con.c. r=nelson
2006-10-09 22:26:44 +00:00
81bb832c8f
Fix for bug 115951 . Separate BL_Cleanup and BL_Unload . r=wtchang,nelson
2006-10-02 21:15:46 +00:00
24aa200d7b
Fix for bug 115951 . Unload freebl dynamic library . Also fix tiny one-time leak of library name . r=nelson,wtchang
2006-09-28 00:40:55 +00:00
135dffb589
Also trace the DH(E) PMS. bug 349966. r=julien.pierre, wtchang
2006-09-02 18:53:54 +00:00
e356cbee97
re-enable SSLTRACE for keys and (pre)master secrets. Bug 349966. r=rrelyea
2006-08-24 22:10:03 +00:00
e923291d6e
Correct ifdefs so that non-ECC builds will continue to build correctly.
...
r=wtchang bug 341707.
2006-07-20 00:17:23 +00:00
aa48d36259
Curve-limited clients must not negotiate ECC ciphersuites unless they send the supported curve extension. This means that when they are nogotiating SSL 3.0
...
and not TLS, they should not negotiate ECC ciphersuites at all.
Bug 341707. r=rrelyea.
2006-07-19 01:40:17 +00:00
664d338da2
334459: Variable "(cache)->sharedCache" tracked as NULL was passed to a function that dereferences it. [@ CloseCache - InitCache]. r=nelson
2006-07-17 22:14:48 +00:00
9ea0404651
341291: Coverity 689 - potential NULL ptr crash in ssl3_SendCertificate. r=nelson
2006-07-17 22:08:03 +00:00
1bf725b1cb
Fix for bug 341708 . Have client send alert if it detects an invalid server key exchange. r=nelson
2006-06-28 21:15:04 +00:00
ab411b37bd
Bugzilla Bug 338798: in C89, local struct variables can only be initialized
...
by constant expressions. HP C compiler version B.11.11.08 generates
incorrect code silently if the initializers are non-constant expressions.
r=alexei.volkov,julien.pierre.
Modified files: cmd/crmftest/testcrmf.c lib/ssl/ssl3con.c
2006-06-26 23:32:19 +00:00
3f13baf101
bug 335748 ECC support for Mozilla. r=wtc
2006-06-23 17:01:38 +00:00
5b368c8808
Remove dead code. Coverity 506. r=nelson,wtchang. Bug 337027.
...
Patch by Jon Smirl <jonsmirl@yahoo.com>
2006-06-07 18:36:26 +00:00
995213d2df
Fix bug 337104 and bug 337105. Don't crash if we run out of memory
...
in ssl2_ConstructCipherSpecs(). r=Alexei.Volkov Coverity 442 & 443.
2006-06-07 17:53:19 +00:00
cdd64c7beb
Bugzilla bug 338599: added new function SECKEY_SignatureLen and use it
...
instead of SECKEY_PublicKeyStrength to get ECDSA signature lengths.
Removed the 'type' member from the VFYContextStr structure because that
info is in the 'key->keyType' field. Set error codes when functions
fail (return 0). r=nelsonb.
Modified Files:
cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secvfy.c
nss/nss.def ssl/ssl3con.c
2006-05-31 23:54:52 +00:00
43d0a92ac7
Promote the use of curve secp192r1 for client auth, since it is faster
...
than most. Bug 332350. r=rrelyea.
2006-05-19 03:59:06 +00:00
5c56ef5776
Fix several Coverity bugs. Bug 336982. NULL ptr check after ptr deref'ed.
...
Bug 337080. Dead code. r=alexei.volkov
2006-05-18 20:39:19 +00:00
9dc19d4fe0
Correct the amount returned by ssl_Writev for short writes on non-blocking
...
sockets. Bug 338325. patch by Chris Newman <chris.newman@sun.com>
r=nelson
2006-05-18 01:10:21 +00:00
942eb77419
Bug 305835: Remove NSS_ENABLE_ECC ifdefs in libssl. r=wtc,nelsonb
2006-05-16 01:14:43 +00:00
d76295c913
Patch contributed by jonsmirl@yahoo.com
...
[Bug 336932] Coverity 163, dead code in mozilla/security/nss/lib/ssl/ssl3con.c. r=nelson
2006-05-13 00:15:43 +00:00
0c05899fa2
Bug 323350. sr=rrelyea. This patch makes 3 changes:
...
1) it adds a new ifdef which enables SSL to limit itself to the 3 Suite B
curves.
2) it corrects the creation and parsing of the Supported Curve extension to
conform with the lastest definition, by using 2 bytes to encode the list
length,
3) it changes the algorithm that picks the curve for ECDHE to choose a curve
that is at least as strong as the "weakest link", is mutually supported
by client and server, and is the fastest for its size.
2006-04-23 00:17:18 +00:00
d0604ba735
Bugzilla Bug 236245: Use a stack buffer for ec_params.data in
...
ssl3_SendECDHServerKeyExchange. r=nelson.
2006-04-21 16:19:48 +00:00
fe04651c77
Bug 80092: SSL write indicates all data sent when some is buffered.
...
SSL now follows NSPR socket semantics and never returns a short write
count on a blocking socket. On a blocking socket, it returns either
the full count or -1 (with an error code set).
For non-blocking sockets, SSL no longer returns a full write count
when some of the data remains buffered in the SSL record layer.
Instead it returns a number is that always at least 1 byte short of a
full write count, so that the caller will keep retrying until it is done.
SSL makes sure that the first byte sent by the caller in the retry
matches the last byte previously buffered. r=rrelyea.
Modified Files: ssl3con.c sslcon.c ssldef.c sslimpl.h sslsecur.c
2006-04-20 08:46:34 +00:00
43a7c5e950
Fix buffer overflow regression. Bug 236245. sr=wtchang
2006-04-20 06:57:54 +00:00
b67f75bc05
Patch contributed by timeless@bemail.org
...
[Bug 334459] Variable "cipherName" tracked as NULL was passed to a
function that dereferences it. [@ PORT_Strdup - SSL_SecurityStatus]. r=nelson
2006-04-20 00:20:45 +00:00
efdb126901
Fix broken optimized builds, caused by last checkin. Bug 236245.
2006-04-14 00:43:19 +00:00
c4fb4fa280
Implement TLS Hello extensions for ECC. Bug 236245. r=rrelyea.
...
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
2006-04-13 23:08:18 +00:00
Kai Engert
Wan-Teh Chang
Benjamin Smedberg
hg@mozilla.com
rrelyea%redhat.com
nelson%bolyard.com
wtchang%redhat.com
alexei.volkov.bugs%sun.com
julien.pierre.bugs%sun.com