after including zlib.h. Rename compress to compressor and decompress to
decompressor to avoid the compress macro that may be defined by zconf.h.
r=nelson.
Modified Files:
ssl3con.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@259050 18797224-902f-48f8-a5cc-f745e15eee43
desirability so that servers that simply pick the first mutually supported
compression method will pick the best compression method. Add compression
method info to the SSLChannelInfo structure. Rename SSL3CompressionMethod
to SSLCompressionMethod and add the ssl_ prefix to the enum constants.
Remove an extra comma in strsclnt.c that breaks the concatenation of two
string literals. r=agl,rrelyea,nelson.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c lib/ssl/ssl3con.c lib/ssl/ssl3ext.c
lib/ssl/ssl3prot.h lib/ssl/sslimpl.h lib/ssl/sslinfo.c
lib/ssl/sslsnce.c lib/ssl/sslt.h tests/ssl/sslstress.txt
git-svn-id: svn://10.0.0.236/trunk@258919 18797224-902f-48f8-a5cc-f745e15eee43
Disable SSL 3.x renegotiation by default. Add new options to re-enable.
r=wtc,rrelyea
git-svn-id: svn://10.0.0.236/trunk@258888 18797224-902f-48f8-a5cc-f745e15eee43
SSL option and the -z command-line option for tstclnt, strsclnt, and
selfserv for enabling the DEFLATE compression method. The patch is
contributed by Adam Langley <agl@chromium.org> of Google. r=nelson.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c lib/ssl/Makefile lib/ssl/ssl.h
lib/ssl/ssl3con.c lib/ssl/ssl3prot.h lib/ssl/sslerr.h
lib/ssl/sslimpl.h lib/ssl/sslsock.c
git-svn-id: svn://10.0.0.236/trunk@258862 18797224-902f-48f8-a5cc-f745e15eee43
and not TLS, they should not negotiate ECC ciphersuites at all.
Bug 341707. r=rrelyea.
git-svn-id: svn://10.0.0.236/trunk@203068 18797224-902f-48f8-a5cc-f745e15eee43
1) it adds a new ifdef which enables SSL to limit itself to the 3 Suite B
curves.
2) it corrects the creation and parsing of the Supported Curve extension to
conform with the lastest definition, by using 2 bytes to encode the list
length,
3) it changes the algorithm that picks the curve for ECDHE to choose a curve
that is at least as strong as the "weakest link", is mutually supported
by client and server, and is the fastest for its size.
git-svn-id: svn://10.0.0.236/trunk@195173 18797224-902f-48f8-a5cc-f745e15eee43
SSL now follows NSPR socket semantics and never returns a short write
count on a blocking socket. On a blocking socket, it returns either
the full count or -1 (with an error code set).
For non-blocking sockets, SSL no longer returns a full write count
when some of the data remains buffered in the SSL record layer.
Instead it returns a number is that always at least 1 byte short of a
full write count, so that the caller will keep retrying until it is done.
SSL makes sure that the first byte sent by the caller in the retry
matches the last byte previously buffered. r=rrelyea.
Modified Files: ssl3con.c sslcon.c ssldef.c sslimpl.h sslsecur.c
git-svn-id: svn://10.0.0.236/trunk@194962 18797224-902f-48f8-a5cc-f745e15eee43
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@194359 18797224-902f-48f8-a5cc-f745e15eee43
r=nelson r=thomas.
patch in bug + white space changes suggested by nelson.
git-svn-id: svn://10.0.0.236/trunk@192798 18797224-902f-48f8-a5cc-f745e15eee43
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c. derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
lib/ssl/sslimpl.h lib/ssl/sslsnce.c
git-svn-id: svn://10.0.0.236/trunk@140305 18797224-902f-48f8-a5cc-f745e15eee43
in favor of a slot specific latency test (already done by pk11wrap code).
git-svn-id: svn://10.0.0.236/trunk@137837 18797224-902f-48f8-a5cc-f745e15eee43
rather than being pointed to by the sslSocket. This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks. sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.
git-svn-id: svn://10.0.0.236/trunk@115407 18797224-902f-48f8-a5cc-f745e15eee43
