Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
217,686 Commits 3,986 Branches 0 Tags
Commit Graph

62 Commits

Author SHA1 Message Date
kaie%kuix.de
6fe835fb35 Bug 811331 / Bug 360420, OCSP Stapling, TLS server side implementation; add ability to produce invalid OCSP responses for testing purposes, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@264736 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-15 17:56:19 +00:00
kaie%kuix.de
7d2a505113 Bug 360420, OCSP Stapling, allow multiple status items, in an attempt to be prepared for future multi-stapling implementation. Introducing SECItemArray. r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@264735 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-15 17:55:42 +00:00
kaie%kuix.de
96ed6ee6a5 Bug 360420, OCSP Stapling, TLS client side implementation, based on work by Adam Langley, with tweaks from me and bsmith. r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@264732 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-15 17:52:45 +00:00
wtc%google.com
7efcfbe561 Bug 542741: Change NSS_VersionCheck to not call PR_VersionCheck because 
system NSS packages are sometimes incorrectly built against an NSPR version
newer than the required NSPR version specified in the NSS package metainfo.
Modified Files:
	lib/ssl/ssl.h lib/nss/nss.h lib/nss/nssinit.c
	lib/smime/smime.h


git-svn-id: svn://10.0.0.236/trunk@264234 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-21 21:58:44 +00:00
wtc%google.com
92d5d06c81 Bug 681065: Rename DTLS_GetTimeout to DTLS_GetHandshakeTimeout. r=ekr. 
Modified Files:
	dtlscon.c ssl.def ssl.h


git-svn-id: svn://10.0.0.236/trunk@263966 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-19 21:56:10 +00:00
wtc%google.com
678de9d175 Bug 737178: Implement RFC 5764 (DTLS-SRTP). Add the SSL_SetSRTPCiphers and 
SSL_GetSRTPCipher functions.  The patch is contributed by Eric Rescorla
<ekr@rtfm.com>.  r=wtc,rsleevi.
Modified Files:
	ssl.h ssl3ext.c sslimpl.h sslproto.h sslsock.c sslt.h


git-svn-id: svn://10.0.0.236/trunk@263911 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-07 02:06:19 +00:00
gerv%gerv.net
f465fa7d7e Bug 716563 - update license to MPL 2. r=rrelyea. 
git-svn-id: svn://10.0.0.236/trunk@263750 18797224-902f-48f8-a5cc-f745e15eee43
 2012-04-25 14:50:19 +00:00
wtc%google.com
39e8820abe Bug 681065: Implement DTLS (Datagram TLS) 1.0. The patch is contributed by 
Eric Rescorla <ekr@rtfm.com>.  r=wtc.
Modified Files:
	SSLerrs.h derive.c manifest.mn ssl.def ssl.h ssl3con.c
	ssl3gthr.c ssl3prot.h sslcon.c ssldef.c sslerr.h sslgathr.c
	sslimpl.h sslproto.h sslsecur.c sslsock.c sslt.h
Added Files:
	dtls1con.c


git-svn-id: svn://10.0.0.236/trunk@263637 18797224-902f-48f8-a5cc-f745e15eee43
 2012-04-04 03:37:07 +00:00
wtc%google.com
ca681fddad Bug 571722: merge with the "Implement SSL Version Range API [v5]" patch by 
Brian Smith <bsmith@mozilla.com>.  Comment changes only.  Export
SSL_VersionRangeGetDefault, SSL_VersionRangeGetSupported, and
SSL_VersionRangeSetDefault.  r=wtc.
Modified Files:
	ssl.def ssl.h ssl3con.c sslcon.c sslimpl.h sslsock.c


git-svn-id: svn://10.0.0.236/trunk@263579 18797224-902f-48f8-a5cc-f745e15eee43
 2012-03-18 00:31:20 +00:00
wtc%google.com
e32a1aeb5a Bug 571722: add the SSLProtocolVariant enum type to indicate the byte 
stream and datagram variants of SSL/TLS.  Add an SSLProtocolVariant
argument to the version range functions that don't take an fd.  The patch
is written by Brian Smith <bsmith@mozilla.com> and Eric Rescorla
<ekr@rtfm.com>.  r=wtc.
Modified Files:
	ssl.h ssl3con.c sslimpl.h sslsock.c sslt.h


git-svn-id: svn://10.0.0.236/trunk@263575 18797224-902f-48f8-a5cc-f745e15eee43
 2012-03-16 01:23:55 +00:00
wtc%google.com
c40d150f71 Bug 571722: Implement SSL Version Range API. The patch is written by 
Brian Smith <bsmith@mozilla.com>.  r=wtc.
Modified Files:
	SSLerrs.h ssl.def ssl.h ssl3con.c sslcon.c sslerr.h sslgathr.c
	sslimpl.h sslproto.h sslsock.c sslt.h


git-svn-id: svn://10.0.0.236/trunk@263554 18797224-902f-48f8-a5cc-f745e15eee43
 2012-03-11 04:32:35 +00:00
wtc%google.com
72837f0506 Bug 507359: add the hasContext parameter to SSL_ExportKeyingMaterial 
to support both nonexistent and zero-length context unambiguously.
The patch is contributed by Douglas Stebila <douglas@stebila.ca>.  r=wtc.
Modified Files:
	ssl.h sslinfo.c


git-svn-id: svn://10.0.0.236/trunk@263543 18797224-902f-48f8-a5cc-f745e15eee43
 2012-03-10 02:34:45 +00:00
wtc%google.com
ade9335c30 Bug 507359: Implement TLS keying material exporters. The patch is written 
by Douglas Stebila <douglas@stebila.ca> and improved by Adam Langley
<agl@chromium.org>.  r=wtc.
Modified Files:
	ssl.def ssl.h ssl3con.c sslimpl.h sslinfo.c


git-svn-id: svn://10.0.0.236/trunk@263533 18797224-902f-48f8-a5cc-f745e15eee43
 2012-03-07 01:27:40 +00:00
kaie%kuix.de
6c980c7018 Bug 726315, followup from bug 542832, Patch contributed by Brian Smith, r=kaie 
git-svn-id: svn://10.0.0.236/trunk@263415 18797224-902f-48f8-a5cc-f745e15eee43
 2012-02-15 21:52:08 +00:00
kaie%kuix.de
a80bdaa107 Bug 542832 - SSL_RestartHandshakeAfterServerCert is broken, patch by Brian Smith, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263385 18797224-902f-48f8-a5cc-f745e15eee43
 2012-02-11 12:58:48 +00:00
kaie%kuix.de
1d479025ca Bug 542832 - SSL_RestartHandshakeAfterServerCert is broken, patch by Brian Smith, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263383 18797224-902f-48f8-a5cc-f745e15eee43
 2012-02-11 12:57:28 +00:00
kaie%kuix.de
9d33576904 Bug 542832 - SSL_RestartHandshakeAfterServerCert is broken, patch by Brian Smith, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263382 18797224-902f-48f8-a5cc-f745e15eee43
 2012-02-11 12:55:58 +00:00
bsmith%mozilla.com
0601ca68ad Bug 547312: Implement client-side support for NPN; original patch by agl r=wtc; changes by bsmith r=agl 
git-svn-id: svn://10.0.0.236/trunk@263024 18797224-902f-48f8-a5cc-f745e15eee43
 2011-10-29 00:29:11 +00:00
wtc%google.com
eeafd4b2de Bug 593080: change the default of the SSL_ENABLE_SSL2 and 
SSL_V2_COMPATIBLE_HELLO options to PR_FALSE.  r=rrelyea.
Modified Files:
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.h
	lib/ssl/sslsock.c


git-svn-id: svn://10.0.0.236/trunk@262964 18797224-902f-48f8-a5cc-f745e15eee43
 2011-10-06 22:42:34 +00:00
bsmith%mozilla.com
2e2793892a Bug 665814: Prevent chosen plaintext attacks on SSL 3.0 and TLS 1.0 connections, r=wtc, sr=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@262945 18797224-902f-48f8-a5cc-f745e15eee43
 2011-10-01 03:59:54 +00:00
kaie%kuix.de
2d50bc73fe Bug 673115 - Add function to obtain version of NSS at runtime, r=wtc, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@262560 18797224-902f-48f8-a5cc-f745e15eee43
 2011-08-01 07:08:10 +00:00
wtc%google.com
daa3cd26f4 Bug 635778: Rename SSL_ConfigSecureServerWithChainOpt to 
SSL_ConfigSecureServerWithCertChain.  List the certChainOpt argument
immediately after the cert argument.  Improve comments.
Modified Files:
	ssl.def ssl.h sslsecur.c


git-svn-id: svn://10.0.0.236/trunk@262164 18797224-902f-48f8-a5cc-f745e15eee43
 2011-04-08 05:37:44 +00:00
alexei.volkov.bugs%sun.com
e3d68d7de7 635778 - Need an API to pass user defined cert chain when SSL socket is set up. r=nelson, rreleya 
git-svn-id: svn://10.0.0.236/trunk@262033 18797224-902f-48f8-a5cc-f745e15eee43
 2011-03-10 04:29:04 +00:00
wtc%google.com
1e99b8cb20 Bug 525092: Support TLS false start. The patch is contributed by Adam 
Langley of Google <agl@chromium.org>.  r=wtc.
Modified Files:
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.h
	lib/ssl/ssl3con.c lib/ssl/ssl3gthr.c lib/ssl/sslimpl.h
	lib/ssl/sslsecur.c lib/ssl/sslsock.c tests/ssl/sslstress.txt


git-svn-id: svn://10.0.0.236/trunk@260919 18797224-902f-48f8-a5cc-f745e15eee43
 2010-07-30 03:00:17 +00:00
wtc%google.com
88282f31d8 Bug 537356: Redefine SSL_RENEGOTIATE_CLIENT_ONLY as 
SSL_RENEGOTIATE_TRANSITIONAL, changing its meaning for server sockets,  and
make it the default.  r=rrelyea.
Modified Files:
	ssl.h ssl3con.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@259722 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-17 02:29:08 +00:00
wtc%google.com
7438b8e95a Bug 537356: Rename SCSV. In the final RFC, the symbolic name of the SCSV 
changed to TLS_EMPTY_RENEGOTIATION_INFO_SCSV.  r=christophe,rrelyea.
Modified Files:
	cmd/ssltap/ssltap.c lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslproto.h


git-svn-id: svn://10.0.0.236/trunk@259715 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-16 18:56:48 +00:00
wtc%google.com
1aa1b407a5 Bug 496993: Add accessor functions for SSL_ImplementedCiphers and 
SSL_NumImplementedCiphers.  r=nelson.
Modified Files:
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.def
	lib/ssl/ssl.h lib/ssl/sslenum.c


git-svn-id: svn://10.0.0.236/trunk@259676 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-10 18:07:21 +00:00
wtc%google.com
4ad6a3c20d Bug 540304: Rename ExtensionType to SSLExtensionType. The patch is 
contributed by Kai Engert <kaie@kuix.de>.  r=wtc.
Modified Files:
	ssl.h sslreveal.c sslt.h


git-svn-id: svn://10.0.0.236/trunk@259597 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-04 03:21:11 +00:00
kaie%kuix.de
bd4c4b9fa4 Bug 540304, Implement SSL_HandshakeNegotiatedExtension 
r=nelson


git-svn-id: svn://10.0.0.236/trunk@259501 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-28 16:14:25 +00:00
nelson%bolyard.com
0bc55de11a Bug 537356: Implement new safe SSL3 & TLS renegotiation, r=wtc 
git-svn-id: svn://10.0.0.236/trunk@259500 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-28 06:19:13 +00:00
alexei.volkov.bugs%sun.com
d26b36b737 360421 - Implement TLS Server Name Indication for servers. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@259396 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-14 22:15:26 +00:00
wtc%google.com
d73ba345fb Bug 530907: The peerID argument to SSL_SetSockPeerID should be declared 
const.  Removed an unnecessary PR_CALLBACK qualifier.  r=nelson.


git-svn-id: svn://10.0.0.236/trunk@259084 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-25 05:24:25 +00:00
nelson%bolyard.com
089608da06 Bug 526689: (CVE-2009-3555) SSL3 & TLS Renegotiation Vulnerability 
Disable SSL 3.x renegotiation by default.  Add new options to re-enable.
r=wtc,rrelyea


git-svn-id: svn://10.0.0.236/trunk@258888 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-06 20:11:29 +00:00
wtc%google.com
7904b372b3 Bug 275744: Implement TLS compression RFC 3749. Add the SSL_ENABLE_DEFLATE 
SSL option and the -z command-line option for tstclnt, strsclnt, and
selfserv for enabling the DEFLATE compression method.  The patch is
contributed by Adam Langley <agl@chromium.org> of Google.  r=nelson.
Modified Files:
	cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c lib/ssl/Makefile lib/ssl/ssl.h
	lib/ssl/ssl3con.c lib/ssl/ssl3prot.h lib/ssl/sslerr.h
	lib/ssl/sslimpl.h lib/ssl/sslsock.c


git-svn-id: svn://10.0.0.236/trunk@258862 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-04 17:19:25 +00:00
wtc%google.com
6289ace530 Bug 403563: implement the TLS session ticket extension (rfc4507bis). The 
patch is contributed by Nagendra Modadugu <ngm+mozilla@google.com>.  A
small portion (PKCS #11 code and tests) was written by Wan-Teh Chang
<wtc@google.com>.  r=nelson,wtc
Modified Files:
	cmd/lib/SSLerrs.h cmd/selfserv/selfserv.c
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
	lib/ssl/manifest.mn lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslerr.h
	lib/ssl/sslimpl.h lib/ssl/sslnonce.c lib/ssl/sslsnce.c
	lib/ssl/sslsock.c lib/ssl/sslt.h tests/ssl/sslstress.txt
Added Files:
	lib/ssl/ssl3ext.c


git-svn-id: svn://10.0.0.236/trunk@247232 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-06 20:16:24 +00:00
wtc%google.com
d31369b999 Bug 403563: reserve an SSL option for TLS session tickets. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@246235 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-21 21:44:09 +00:00
neil.williams%sun.com
f4f094b47f Bug 325672, Create CanBypass function 
r=Nelson


git-svn-id: svn://10.0.0.236/trunk@230235 18797224-902f-48f8-a5cc-f745e15eee43
 2007-07-18 21:38:55 +00:00
julien.pierre.bugs%sun.com
efa0597919 Fix for bug 257860 . Correct doc for SSL_SecurityStatus . r=nelson 
git-svn-id: svn://10.0.0.236/trunk@229660 18797224-902f-48f8-a5cc-f745e15eee43
 2007-07-11 03:09:14 +00:00
julien.pierre.bugs%sun.com
219677d209 Fix for bug 127960 . Add SSL force handshake APIs which take a timeout . r=nelson 
git-svn-id: svn://10.0.0.236/trunk@180433 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-16 20:33:09 +00:00
nelsonb%netscape.com
66cf75f421 Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS. 
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c.  derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
    ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
    ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
    ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c


git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-09 03:02:16 +00:00
nelsonb%netscape.com
00749853c3 Remove fortezza code from libSSL and from the SSL test programs. 
Stop building fortezza's special software token, and fortezza specific
test programs.   Bug 239960. r=rrelyea.
Modified Files:
    cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
    cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
    cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
    cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
    cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
    lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
    lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
    lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
    lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
    lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
    lib/ssl/sslt.h


git-svn-id: svn://10.0.0.236/trunk@177810 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-16 03:42:26 +00:00
nelsonb%netscape.com
663db84c36 Back out the preceeding fortezza removal patch, which was accidentally 
applied to the trunk, not to the intended branch.


git-svn-id: svn://10.0.0.236/trunk@171823 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
b62572db42 Remove fortezza support from libSSL and related commands. Bug 239960. 
ON PERFORMANCE_HACKS_BRANCH.  r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@171820 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 19:43:19 +00:00
gerv%gerv.net
62b0f34e77 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 
git-svn-id: svn://10.0.0.236/trunk@155606 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-27 23:04:40 +00:00
gerv%gerv.net
43cb9e1492 Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155484 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
3e437a3d4d Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452. 
git-svn-id: svn://10.0.0.236/trunk@148118 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-19 01:31:41 +00:00
wtc%netscape.com
ede99124e6 Bug 199082: checked in Nelson's patch, which 
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c


git-svn-id: svn://10.0.0.236/trunk@140305 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-26 00:31:13 +00:00
wtc%netscape.com
91b98bac0f Bug 153380: document the default values for the SSL options. 
git-svn-id: svn://10.0.0.236/trunk@129970 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-18 22:32:19 +00:00
nelsonb%netscape.com
9b6375ccb6 Fix bug 135261. Create symbolic names for the values 2 and 3 for the 
SSL_REQUIRE_CERTIFICATE option.  Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.


git-svn-id: svn://10.0.0.236/trunk@123859 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-22 01:40:32 +00:00
wtc%netscape.com
c1bd73527f Bug 153380: TLS is enabled by default now. 
git-svn-id: svn://10.0.0.236/trunk@123794 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-21 18:25:46 +00:00