summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add a morph file for building nss.baserock/morphMark Doffman2013-09-261-0/+10
|
* Add a make and install script for nss.Mark Doffman2013-09-263-2/+26
|
* Apply LFS patch to the nss build system.Mark Doffman2013-09-255-2/+207
| | | | http://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
* Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the ↵Wan-Teh Chang2013-09-231-8/+1
| | | | handshake is finished, r=brian@briansmith.org
* Added tag NSS_3_15_2_BETA2 for changeset 827c64ac482fKai Engert2013-09-120-0/+0
|
* Bug 912844: Make values of CERT_REV_* constants unsigned, r=rsleeviNSS_3_15_2_BETA2Brian Smith2013-09-111-16/+16
|
* Bug 912847: Add const modifier to several SECKEY_* functions, r=rsleeviBrian Smith2013-09-116-32/+34
|
* bug 908617, address review comments, r=wtcKai Engert2013-08-232-8/+12
|
* Added tag NSS_3_15_2_BETA1 for changeset 2ab64817f703Wan-Teh Chang2013-08-230-0/+0
|
* Bug 880543: Add the following AES-GCM cipher suites:Wan-Teh Chang2013-08-231-0/+3
| | | | | | | CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9C} CipherSuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9E} CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = {0xC0,0x2F} r=kaie.
* Bug 908617, Add tstclnt option to enforce the use of either IPv4 or IPv6, ↵Kai Engert2013-08-232-20/+31
| | | | and use it to work around a test failure. r=emaldona
* Bug 900971 - nssutil_ReadSecmodDB() leaks memory, r=rrelyeaElio Maldonado2013-08-231-0/+1
|
* Bug 734007: sizeof(SSL3_MASTER_SECRET_LENGTH) was incorrectly used inNSS_3_15_2_BETA1Wan-Teh Chang2013-08-211-1/+1
| | | | ssl3_ServerHandleSessionTicketXtn. r=sleevi.
* Bug 880543: Remove two unused macros that were added by mistake in theWan-Teh Chang2013-08-201-2/+0
| | | | previous checkin.
* Bug 880543: Make the AES-GCM cipher suites work in DTLS, by moving theWan-Teh Chang2013-08-205-130/+91
| | | | | | ssl3_BuildRecordPseudoHeader calls to where the isDTLS boolean is available. Make the three MAC-related fields of the SSLCipherSuiteInfo structure report reasonable values for AEAD ciphers, which don't use a MAC. r=sleevi.
* Bug 848384: Resurrect the SSL cipher policy framework, but change theWan-Teh Chang2013-08-196-139/+329
| | | | default 'policy' setting to SSL_ALLOWED for all ciphers. TBR=rrelyea.
* BUG 663313: Treat OCSP signatures with the same algorithm policies as CRL ↵Ryan Sleevi2013-08-151-17/+14
| | | | | | | | and Certificate signatures. This effectively disables MD2, MD4, and MD5 for OCSP signatures. r=rrelyea
* BUG 905387: Fix a typo in a comment by renaming "pk" to "privKey"Ryan Sleevi2013-08-141-1/+1
|
* Bug 905366: Fix a comment typo by renaming "key" to "cx"Ryan Sleevi2013-08-141-1/+1
|
* Bug 880543: Implement the AES GCM cipher suites in RFC 5288 and RFC 5289.Adam Langley2013-08-1411-231/+543
| | | | Small portions of this patch were rewritten by Wan-Teh Chang. r=sleevi,wtc.
* Bug 848384: Remove vestigial cipher suite policy code. r=wtc.Adam Langley2013-08-126-416/+138
|
* Bug 903565: Don't attempt to initialize the socket protocol variant whenRyan Sleevi2013-08-091-1/+1
| | | | | | ssl_NewSocket fails to initialize the socket. r=wtc
* Bug 894370: avoid uninitialised data warning in the event of aAdam Langley2013-08-021-13/+14
| | | | decryption failure. r=sleevi,wtc.
* Bug 890714 - Fix mixed line endings. r=wtcEmanuel Hoogeveen2013-08-011-1/+1
|
* Bug 826201 - Use sufficiently large integer when left shifting bits in ↵Nickolai Zeldovich2013-07-221-7/+7
| | | | security/nss/lib/util/utilpars.c, r=kaie
* Bug 836477 - Complete the initial review of the docbook documentation for ↵Elio Maldonado2013-07-1924-318/+433
| | | | | | | NSS command line tools, r=kaie - Supply missing option descriptions for certutil, cmsutil, and crlutil - Regenerate the html and man pages files
* Bug 884178 - add PK11_CipherFinal function wrapper, r=rrelyeaMilan Bartos2013-07-031-0/+1
|
* Bug 618803 - Add /* fall through */ comments to NSC_GenerateKey() switch v1, ↵Cykesiopka2013-07-031-0/+2
| | | | r=rrelyea
* Backed out changeset a47bc2881ba4Kai Engert2013-07-022-2/+0
|
* Bug 884178 - add PK11_CipherFinal function wrapper, r=rrelyeaMilan Bartos2013-07-022-0/+2
|
* Bug 618798 - add fall through comment, r=rrelyea, DONTBUILDcykesiopka bmo2013-06-281-0/+1
|
* Bug 650997: Remove garbage in lib/freebl/mpi/README. r=wtc.Cykesiopka2013-06-281-4/+0
|
* Set version to 3.15.2 beta, DONTBUILDKai Engert2013-06-273-9/+9
|
* Added tag NSS_3_15_1_RTM for changeset 05ffc38de8b4Kai Engert2013-06-270-0/+0
|
* setting version to 3.15.1 RTMNSS_3_15_1_RTMKai Engert2013-06-273-6/+6
|
* Bug 877798, revert my accidental change to secoid.c, thanks to Wan-Teh for ↵Kai Engert2013-06-261-0/+3
| | | | noticing, r=wtc
* Added tag NSS_3_15_1_BETA2 for changeset 17df3000588aWan-Teh Chang2013-06-180-0/+0
|
* Bug 882829: RNG_SystemRNG should fail rather than falling back onNSS_3_15_1_BETA2Wan-Teh Chang2013-06-171-69/+4
| | | | | | rng_systemFromNoise if it cannot call RtlGenRandom on Windows. Remove the obsolete code for Windows versions older than Windows XP. r=sleevi.
* Bug 884072: Fix a typo in the header include guard, reported by a newNico Weber2013-06-171-1/+1
| | | | clang warning. r=wtc.
* Fix uninitialized variable.Bob Relyea2013-06-171-1/+1
| | | | | | patch by mbartos@redhat.com r+ bsmith Bug 872447 - [patch] cmd/p7sign/p7sign.c:260 use of unitialized variable cert
* Bug 480514: Support TLS 1.2 in the PKCS #11 bypass mode. Delay theWan-Teh Chang2013-06-175-203/+247
| | | | | | | creation of handshake hash contexts and buffer handshake messages until we have established the handshake hash functions. Remove redundant ssl3_InitState calls. Remove NSS_SURVIVE_DOUBLE_BYPASS_FAILURE support. r=agl.
* BUG 856060: Enforce nameConstraints on the commonName in libpkix mode when ↵Ryan Sleevi2013-06-119-1/+148
| | | | | | | | | no SAN is present. Strictly speaking, this is not required by RFC 3280/5280, but reflects a common approach of ensuring that "DNS-like" names are appropriately constrained by nameConstraints. This should never happen in the real world, due to the CA/Browser Forum's Baseline Requirements always requiring a SAN.
* Bug 876352 - certutil: (a) Warn if importing PEM file with private key (b) ↵Kai Engert2013-06-1121-27/+42
| | | | fail if user attempts to import cert with requested "u" trust, r=rrelyea
* Bug 565296 - shlibsign returns 0 although it fails, r=rrelyeaKai Engert2013-06-111-1/+7
|
* Added tag NSS_3_15_1_BETA1 for changeset 5577feb2791aKai Engert2013-06-110-0/+0
|
* Bug 881427: Clean up the runtime check for ECC curve capabilities.NSS_3_15_1_BETA1Wan-Teh Chang2013-06-104-22/+23
| | | | | Fix typos in comments and minor variable and function name issues. r=rrelyea.
* BUG 875601: SECMOD_CloseUserDB should reset the token delay when removing a ↵Ryan Sleevi2013-06-101-0/+7
| | | | user token. This ensures that the token will be immediately recognized as removed and not selected for any ephemeral operations. r=wtc,rrelyea
* Bug 480514: Prune the supported_signature_algorithms field of ourWan-Teh Chang2013-06-073-30/+30
| | | | | | TLS 1.2 CertificateRequest message to reflect the limitation that we only support TLS 1.2 CertificateVerify messages that use the handshake hash (which is always SHA256). r=agl.
* Bug 872745: SSL_HandshakeNegotiatedExtension should call PR_SetErrorWan-Teh Chang2013-06-061-6/+8
| | | | before returning SECFailure. r=bsmith.
* Bug 480514: Implement the new HMAC-SHA256 cipher suites specified in RFCWan-Teh Chang2013-06-0511-26/+98
| | | | | | | 5246 and RFC 5289. Do not generate client_write_IV and server_write_IV in TLS 1.1+. Do not downgrade to TLS 1.1 silently when SSL_BYPASS_PKCS11 mode is requested. Instead, silently turn off PKCS #11 bypass if TLS 1.2 is enabled. r=agl.
View Lorry Controller Status