Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add a morph file for building nss.baserock/morph | Mark Doffman | 2013-09-26 | 1 | -0/+10 |
| | |||||
* | Add a make and install script for nss. | Mark Doffman | 2013-09-26 | 3 | -2/+26 |
| | |||||
* | Apply LFS patch to the nss build system. | Mark Doffman | 2013-09-25 | 5 | -2/+207 |
| | | | | http://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html | ||||
* | Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the ↵ | Wan-Teh Chang | 2013-09-23 | 1 | -8/+1 |
| | | | | handshake is finished, r=brian@briansmith.org | ||||
* | Added tag NSS_3_15_2_BETA2 for changeset 827c64ac482f | Kai Engert | 2013-09-12 | 0 | -0/+0 |
| | |||||
* | Bug 912844: Make values of CERT_REV_* constants unsigned, r=rsleeviNSS_3_15_2_BETA2 | Brian Smith | 2013-09-11 | 1 | -16/+16 |
| | |||||
* | Bug 912847: Add const modifier to several SECKEY_* functions, r=rsleevi | Brian Smith | 2013-09-11 | 6 | -32/+34 |
| | |||||
* | bug 908617, address review comments, r=wtc | Kai Engert | 2013-08-23 | 2 | -8/+12 |
| | |||||
* | Added tag NSS_3_15_2_BETA1 for changeset 2ab64817f703 | Wan-Teh Chang | 2013-08-23 | 0 | -0/+0 |
| | |||||
* | Bug 880543: Add the following AES-GCM cipher suites: | Wan-Teh Chang | 2013-08-23 | 1 | -0/+3 |
| | | | | | | | CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9C} CipherSuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9E} CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = {0xC0,0x2F} r=kaie. | ||||
* | Bug 908617, Add tstclnt option to enforce the use of either IPv4 or IPv6, ↵ | Kai Engert | 2013-08-23 | 2 | -20/+31 |
| | | | | and use it to work around a test failure. r=emaldona | ||||
* | Bug 900971 - nssutil_ReadSecmodDB() leaks memory, r=rrelyea | Elio Maldonado | 2013-08-23 | 1 | -0/+1 |
| | |||||
* | Bug 734007: sizeof(SSL3_MASTER_SECRET_LENGTH) was incorrectly used inNSS_3_15_2_BETA1 | Wan-Teh Chang | 2013-08-21 | 1 | -1/+1 |
| | | | | ssl3_ServerHandleSessionTicketXtn. r=sleevi. | ||||
* | Bug 880543: Remove two unused macros that were added by mistake in the | Wan-Teh Chang | 2013-08-20 | 1 | -2/+0 |
| | | | | previous checkin. | ||||
* | Bug 880543: Make the AES-GCM cipher suites work in DTLS, by moving the | Wan-Teh Chang | 2013-08-20 | 5 | -130/+91 |
| | | | | | | ssl3_BuildRecordPseudoHeader calls to where the isDTLS boolean is available. Make the three MAC-related fields of the SSLCipherSuiteInfo structure report reasonable values for AEAD ciphers, which don't use a MAC. r=sleevi. | ||||
* | Bug 848384: Resurrect the SSL cipher policy framework, but change the | Wan-Teh Chang | 2013-08-19 | 6 | -139/+329 |
| | | | | default 'policy' setting to SSL_ALLOWED for all ciphers. TBR=rrelyea. | ||||
* | BUG 663313: Treat OCSP signatures with the same algorithm policies as CRL ↵ | Ryan Sleevi | 2013-08-15 | 1 | -17/+14 |
| | | | | | | | | and Certificate signatures. This effectively disables MD2, MD4, and MD5 for OCSP signatures. r=rrelyea | ||||
* | BUG 905387: Fix a typo in a comment by renaming "pk" to "privKey" | Ryan Sleevi | 2013-08-14 | 1 | -1/+1 |
| | |||||
* | Bug 905366: Fix a comment typo by renaming "key" to "cx" | Ryan Sleevi | 2013-08-14 | 1 | -1/+1 |
| | |||||
* | Bug 880543: Implement the AES GCM cipher suites in RFC 5288 and RFC 5289. | Adam Langley | 2013-08-14 | 11 | -231/+543 |
| | | | | Small portions of this patch were rewritten by Wan-Teh Chang. r=sleevi,wtc. | ||||
* | Bug 848384: Remove vestigial cipher suite policy code. r=wtc. | Adam Langley | 2013-08-12 | 6 | -416/+138 |
| | |||||
* | Bug 903565: Don't attempt to initialize the socket protocol variant when | Ryan Sleevi | 2013-08-09 | 1 | -1/+1 |
| | | | | | | ssl_NewSocket fails to initialize the socket. r=wtc | ||||
* | Bug 894370: avoid uninitialised data warning in the event of a | Adam Langley | 2013-08-02 | 1 | -13/+14 |
| | | | | decryption failure. r=sleevi,wtc. | ||||
* | Bug 890714 - Fix mixed line endings. r=wtc | Emanuel Hoogeveen | 2013-08-01 | 1 | -1/+1 |
| | |||||
* | Bug 826201 - Use sufficiently large integer when left shifting bits in ↵ | Nickolai Zeldovich | 2013-07-22 | 1 | -7/+7 |
| | | | | security/nss/lib/util/utilpars.c, r=kaie | ||||
* | Bug 836477 - Complete the initial review of the docbook documentation for ↵ | Elio Maldonado | 2013-07-19 | 24 | -318/+433 |
| | | | | | | | NSS command line tools, r=kaie - Supply missing option descriptions for certutil, cmsutil, and crlutil - Regenerate the html and man pages files | ||||
* | Bug 884178 - add PK11_CipherFinal function wrapper, r=rrelyea | Milan Bartos | 2013-07-03 | 1 | -0/+1 |
| | |||||
* | Bug 618803 - Add /* fall through */ comments to NSC_GenerateKey() switch v1, ↵ | Cykesiopka | 2013-07-03 | 1 | -0/+2 |
| | | | | r=rrelyea | ||||
* | Backed out changeset a47bc2881ba4 | Kai Engert | 2013-07-02 | 2 | -2/+0 |
| | |||||
* | Bug 884178 - add PK11_CipherFinal function wrapper, r=rrelyea | Milan Bartos | 2013-07-02 | 2 | -0/+2 |
| | |||||
* | Bug 618798 - add fall through comment, r=rrelyea, DONTBUILD | cykesiopka bmo | 2013-06-28 | 1 | -0/+1 |
| | |||||
* | Bug 650997: Remove garbage in lib/freebl/mpi/README. r=wtc. | Cykesiopka | 2013-06-28 | 1 | -4/+0 |
| | |||||
* | Set version to 3.15.2 beta, DONTBUILD | Kai Engert | 2013-06-27 | 3 | -9/+9 |
| | |||||
* | Added tag NSS_3_15_1_RTM for changeset 05ffc38de8b4 | Kai Engert | 2013-06-27 | 0 | -0/+0 |
| | |||||
* | setting version to 3.15.1 RTMNSS_3_15_1_RTM | Kai Engert | 2013-06-27 | 3 | -6/+6 |
| | |||||
* | Bug 877798, revert my accidental change to secoid.c, thanks to Wan-Teh for ↵ | Kai Engert | 2013-06-26 | 1 | -0/+3 |
| | | | | noticing, r=wtc | ||||
* | Added tag NSS_3_15_1_BETA2 for changeset 17df3000588a | Wan-Teh Chang | 2013-06-18 | 0 | -0/+0 |
| | |||||
* | Bug 882829: RNG_SystemRNG should fail rather than falling back onNSS_3_15_1_BETA2 | Wan-Teh Chang | 2013-06-17 | 1 | -69/+4 |
| | | | | | | rng_systemFromNoise if it cannot call RtlGenRandom on Windows. Remove the obsolete code for Windows versions older than Windows XP. r=sleevi. | ||||
* | Bug 884072: Fix a typo in the header include guard, reported by a new | Nico Weber | 2013-06-17 | 1 | -1/+1 |
| | | | | clang warning. r=wtc. | ||||
* | Fix uninitialized variable. | Bob Relyea | 2013-06-17 | 1 | -1/+1 |
| | | | | | | patch by mbartos@redhat.com r+ bsmith Bug 872447 - [patch] cmd/p7sign/p7sign.c:260 use of unitialized variable cert | ||||
* | Bug 480514: Support TLS 1.2 in the PKCS #11 bypass mode. Delay the | Wan-Teh Chang | 2013-06-17 | 5 | -203/+247 |
| | | | | | | | creation of handshake hash contexts and buffer handshake messages until we have established the handshake hash functions. Remove redundant ssl3_InitState calls. Remove NSS_SURVIVE_DOUBLE_BYPASS_FAILURE support. r=agl. | ||||
* | BUG 856060: Enforce nameConstraints on the commonName in libpkix mode when ↵ | Ryan Sleevi | 2013-06-11 | 9 | -1/+148 |
| | | | | | | | | | no SAN is present. Strictly speaking, this is not required by RFC 3280/5280, but reflects a common approach of ensuring that "DNS-like" names are appropriately constrained by nameConstraints. This should never happen in the real world, due to the CA/Browser Forum's Baseline Requirements always requiring a SAN. | ||||
* | Bug 876352 - certutil: (a) Warn if importing PEM file with private key (b) ↵ | Kai Engert | 2013-06-11 | 21 | -27/+42 |
| | | | | fail if user attempts to import cert with requested "u" trust, r=rrelyea | ||||
* | Bug 565296 - shlibsign returns 0 although it fails, r=rrelyea | Kai Engert | 2013-06-11 | 1 | -1/+7 |
| | |||||
* | Added tag NSS_3_15_1_BETA1 for changeset 5577feb2791a | Kai Engert | 2013-06-11 | 0 | -0/+0 |
| | |||||
* | Bug 881427: Clean up the runtime check for ECC curve capabilities.NSS_3_15_1_BETA1 | Wan-Teh Chang | 2013-06-10 | 4 | -22/+23 |
| | | | | | Fix typos in comments and minor variable and function name issues. r=rrelyea. | ||||
* | BUG 875601: SECMOD_CloseUserDB should reset the token delay when removing a ↵ | Ryan Sleevi | 2013-06-10 | 1 | -0/+7 |
| | | | | user token. This ensures that the token will be immediately recognized as removed and not selected for any ephemeral operations. r=wtc,rrelyea | ||||
* | Bug 480514: Prune the supported_signature_algorithms field of our | Wan-Teh Chang | 2013-06-07 | 3 | -30/+30 |
| | | | | | | TLS 1.2 CertificateRequest message to reflect the limitation that we only support TLS 1.2 CertificateVerify messages that use the handshake hash (which is always SHA256). r=agl. | ||||
* | Bug 872745: SSL_HandshakeNegotiatedExtension should call PR_SetError | Wan-Teh Chang | 2013-06-06 | 1 | -6/+8 |
| | | | | before returning SECFailure. r=bsmith. | ||||
* | Bug 480514: Implement the new HMAC-SHA256 cipher suites specified in RFC | Wan-Teh Chang | 2013-06-05 | 11 | -26/+98 |
| | | | | | | | 5246 and RFC 5289. Do not generate client_write_IV and server_write_IV in TLS 1.1+. Do not downgrade to TLS 1.1 silently when SSL_BYPASS_PKCS11 mode is requested. Instead, silently turn off PKCS #11 bypass if TLS 1.2 is enabled. r=agl. |