Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
215,180 Commits 3,986 Branches 0 Tags
Commit Graph

69 Commits

Author SHA1 Message Date
nelson%bolyard.com
82ffdf2e33 Bug 606209 ssl_PushIOLayer does not handle failure from PR_CallOnce 
Patch contributed by timeless@mozdev.org, r=nelson


git-svn-id: svn://10.0.0.236/trunk@261757 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-15 19:58:41 +00:00
wtc%google.com
1e99b8cb20 Bug 525092: Support TLS false start. The patch is contributed by Adam 
Langley of Google <agl@chromium.org>.  r=wtc.
Modified Files:
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.h
	lib/ssl/ssl3con.c lib/ssl/ssl3gthr.c lib/ssl/sslimpl.h
	lib/ssl/sslsecur.c lib/ssl/sslsock.c tests/ssl/sslstress.txt


git-svn-id: svn://10.0.0.236/trunk@260919 18797224-902f-48f8-a5cc-f745e15eee43
 2010-07-30 03:00:17 +00:00
nelson%bolyard.com
25cae7d289 Bug 506041: Correct misspellings in source code comments 
Patch contributed by Michael Kohler <michaelkohler@live.com>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@260229 18797224-902f-48f8-a5cc-f745e15eee43
 2010-04-25 23:37:40 +00:00
alexei.volkov.bugs%sun.com
9ac9e59801 537356 - Implement new safe SSL3 & TLS renegotiation. Change renegotiation default to be SSL_RENEGOTIATE_REQUIRES_XTN. r=wtc. 
git-svn-id: svn://10.0.0.236/trunk@259821 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-26 20:44:54 +00:00
wtc%google.com
88282f31d8 Bug 537356: Redefine SSL_RENEGOTIATE_CLIENT_ONLY as 
SSL_RENEGOTIATE_TRANSITIONAL, changing its meaning for server sockets,  and
make it the default.  r=rrelyea.
Modified Files:
	ssl.h ssl3con.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@259722 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-17 02:29:08 +00:00
nelson%bolyard.com
0bc55de11a Bug 537356: Implement new safe SSL3 & TLS renegotiation, r=wtc 
git-svn-id: svn://10.0.0.236/trunk@259500 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-28 06:19:13 +00:00
wtc%google.com
66dfd7adba Bug 536474: Add support for logging pre-master secrets. The patch is 
contributed by Adam Langley <agl@chromium.org>.  r=nelson,wtc.
Modified Files:
	ssl3con.c sslimpl.h sslsock.c


git-svn-id: svn://10.0.0.236/trunk@259455 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-22 03:47:42 +00:00
alexei.volkov.bugs%sun.com
9cbdff6813 additional fix for bug 360421 - Implement TLS Server Name Indication for servers. 
git-svn-id: svn://10.0.0.236/trunk@259404 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-15 01:49:34 +00:00
alexei.volkov.bugs%sun.com
d26b36b737 360421 - Implement TLS Server Name Indication for servers. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@259396 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-14 22:15:26 +00:00
wtc%google.com
d73ba345fb Bug 530907: The peerID argument to SSL_SetSockPeerID should be declared 
const.  Removed an unnecessary PR_CALLBACK qualifier.  r=nelson.


git-svn-id: svn://10.0.0.236/trunk@259084 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-25 05:24:25 +00:00
nelson%bolyard.com
089608da06 Bug 526689: (CVE-2009-3555) SSL3 & TLS Renegotiation Vulnerability 
Disable SSL 3.x renegotiation by default.  Add new options to re-enable.
r=wtc,rrelyea


git-svn-id: svn://10.0.0.236/trunk@258888 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-06 20:11:29 +00:00
wtc%google.com
7904b372b3 Bug 275744: Implement TLS compression RFC 3749. Add the SSL_ENABLE_DEFLATE 
SSL option and the -z command-line option for tstclnt, strsclnt, and
selfserv for enabling the DEFLATE compression method.  The patch is
contributed by Adam Langley <agl@chromium.org> of Google.  r=nelson.
Modified Files:
	cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c lib/ssl/Makefile lib/ssl/ssl.h
	lib/ssl/ssl3con.c lib/ssl/ssl3prot.h lib/ssl/sslerr.h
	lib/ssl/sslimpl.h lib/ssl/sslsock.c


git-svn-id: svn://10.0.0.236/trunk@258862 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-04 17:19:25 +00:00
nelson%bolyard.com
18113d7a39 Bug 486999: Calling SSL_SetSockPeerID a second time leaks the previous value 
r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@256861 18797224-902f-48f8-a5cc-f745e15eee43
 2009-04-09 01:46:22 +00:00
nelson%bolyard.com
3bf81e175c Bug 453234: Support for SEED Cipher Suites to TLS RFC 4010 
patch by Yeonjung Kang <kang.yeonjung@gmail.com>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@255547 18797224-902f-48f8-a5cc-f745e15eee43
 2008-12-17 06:09:22 +00:00
wtc%google.com
6289ace530 Bug 403563: implement the TLS session ticket extension (rfc4507bis). The 
patch is contributed by Nagendra Modadugu <ngm+mozilla@google.com>.  A
small portion (PKCS #11 code and tests) was written by Wan-Teh Chang
<wtc@google.com>.  r=nelson,wtc
Modified Files:
	cmd/lib/SSLerrs.h cmd/selfserv/selfserv.c
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
	lib/ssl/manifest.mn lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslerr.h
	lib/ssl/sslimpl.h lib/ssl/sslnonce.c lib/ssl/sslsnce.c
	lib/ssl/sslsock.c lib/ssl/sslt.h tests/ssl/sslstress.txt
Added Files:
	lib/ssl/ssl3ext.c


git-svn-id: svn://10.0.0.236/trunk@247232 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-06 20:16:24 +00:00
nelson%bolyard.com
31b2141cf5 Bug 394271 - two public SSL functions require PRFD* to point to SSL layer 
r=julien,wtc


git-svn-id: svn://10.0.0.236/trunk@233531 18797224-902f-48f8-a5cc-f745e15eee43
 2007-09-01 00:53:52 +00:00
nelson%bolyard.com
641a71d017 Bug 394202 - ssl_GetPrivate can corrupt non-SSL private structures 
r=julien,wtc


git-svn-id: svn://10.0.0.236/trunk@233530 18797224-902f-48f8-a5cc-f745e15eee43
 2007-09-01 00:49:47 +00:00
rrelyea%redhat.com
5e97cf8097 Add Camilla cipher suites TLS RFC4132 bug 361025 
code supplied by okazaki@kick.gr.jp


git-svn-id: svn://10.0.0.236/trunk@221086 18797224-902f-48f8-a5cc-f745e15eee43
 2007-02-28 19:47:40 +00:00
nelson%bolyard.com
5b3a170bba Bug 366803 - Improve SSL tracing, make it work in browsers, to help with 
debugging bug 356470.  r=neil.williams,alexei.volkov


git-svn-id: svn://10.0.0.236/trunk@219222 18797224-902f-48f8-a5cc-f745e15eee43
 2007-01-31 04:20:26 +00:00
julien.pierre.bugs%sun.com
a030f3283d Fix for bug 115951 . Separate BL_Cleanup and BL_Unload . r=wtchang,nelson 
git-svn-id: svn://10.0.0.236/trunk@213017 18797224-902f-48f8-a5cc-f745e15eee43
 2006-10-02 21:17:59 +00:00
julien.pierre.bugs%sun.com
50720ed113 Fix for bug 115951 . Unload freebl dynamic library . Also fix tiny one-time leak of library name . r=nelson,wtchang 
git-svn-id: svn://10.0.0.236/trunk@212769 18797224-902f-48f8-a5cc-f745e15eee43
 2006-09-28 00:40:55 +00:00
nelson%bolyard.com
d201e5eca4 Correct the amount returned by ssl_Writev for short writes on non-blocking 
sockets.  Bug 338325. patch by Chris Newman <chris.newman@sun.com>
r=nelson


git-svn-id: svn://10.0.0.236/trunk@197897 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-18 01:10:21 +00:00
rrelyea%redhat.com
3df0eb0674 From Bug 331279. 
Free ECDHE Ephemeral key. Fixes server-side leak.
r=julien r=alexei


git-svn-id: svn://10.0.0.236/trunk@193280 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-30 21:07:22 +00:00
wtchang%redhat.com
9a9352d0f2 Bugzilla Bug 318217: use the new NSPR functions PR_EmulateAcceptRead and 
PR_EmulateSendFile added in NSPR 4.1.  r=nelsonb.
Modified files: manifest.mn sslimpl.h sslsock.c
Removed file: emulate.c


git-svn-id: svn://10.0.0.236/trunk@187784 18797224-902f-48f8-a5cc-f745e15eee43
 2006-01-18 23:06:57 +00:00
wtchang%redhat.com
67e2b4967d Bugzilla Bug 236245: Updated NSS to "ECC Cipher Suites for TLS" draft 12 
plus upcoming revisions.  The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
	cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
	lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
	lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
	lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
	tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
	tests/ssl/ssl.sh


git-svn-id: svn://10.0.0.236/trunk@186032 18797224-902f-48f8-a5cc-f745e15eee43
 2005-12-14 01:49:40 +00:00
nelsonb%netscape.com
27841c7a9e Restore binary compatilibity for old Fortezza cipher suites. 
Bug 316640. r-glen.beasley


git-svn-id: svn://10.0.0.236/trunk@184876 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-18 01:21:22 +00:00
nelsonb%netscape.com
e5258a5137 Eliminate environment variable SSLNOLOCKS, add environment variable 
SSLFORCELOCKS. Make SSL_FDX option mutually exclusive with SSL_NOLOCKS
option.  Bug 305147. r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@180840 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-23 01:04:32 +00:00
julien.pierre.bugs%sun.com
b35f511ca1 Fix hoarked build from previous checkin. Doh. 
git-svn-id: svn://10.0.0.236/trunk@180439 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-16 21:28:20 +00:00
julien.pierre.bugs%sun.com
219677d209 Fix for bug 127960 . Add SSL force handshake APIs which take a timeout . r=nelson 
git-svn-id: svn://10.0.0.236/trunk@180433 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-16 20:33:09 +00:00
nelsonb%netscape.com
3a10973679 Fix regression introduced in last checkin. If the caller disables the 
use of locks while locks are in use, don't forget to unlock the locks
already locked on the stack.  bug 305147. r=julien.pierre


git-svn-id: svn://10.0.0.236/trunk@179937 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-10 01:18:40 +00:00
nelsonb%netscape.com
66cf75f421 Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS. 
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c.  derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
    ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
    ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
    ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c


git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-09 03:02:16 +00:00
nelsonb%netscape.com
00749853c3 Remove fortezza code from libSSL and from the SSL test programs. 
Stop building fortezza's special software token, and fortezza specific
test programs.   Bug 239960. r=rrelyea.
Modified Files:
    cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
    cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
    cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
    cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
    cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
    lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
    lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
    lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
    lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
    lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
    lib/ssl/sslt.h


git-svn-id: svn://10.0.0.236/trunk@177810 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-16 03:42:26 +00:00
nelsonb%netscape.com
663db84c36 Back out the preceeding fortezza removal patch, which was accidentally 
applied to the trunk, not to the intended branch.


git-svn-id: svn://10.0.0.236/trunk@171823 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
b62572db42 Remove fortezza support from libSSL and related commands. Bug 239960. 
ON PERFORMANCE_HACKS_BRANCH.  r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@171820 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 19:43:19 +00:00
nelsonb%netscape.com
0137ccc6f8 Fix implementation of SSL_NO_STEP_DOWN. Bug 148452. r=julien.pierre. 
Modified Files:  sslimpl.h sslinfo.c sslsecur.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@171630 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-05 03:48:20 +00:00
jpierre%netscape.com
bc5774d577 Fix for 242984 - crash with application having incomplete PRIOMethods. r=nelsonb,wtc 
git-svn-id: svn://10.0.0.236/trunk@156222 18797224-902f-48f8-a5cc-f745e15eee43
 2004-05-11 03:48:25 +00:00
gerv%gerv.net
62b0f34e77 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 
git-svn-id: svn://10.0.0.236/trunk@155606 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-27 23:04:40 +00:00
gerv%gerv.net
43cb9e1492 Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155484 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
db2f1140de Add support for Elliptic Curve Cryptography. Bug 195135. 
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c


git-svn-id: svn://10.0.0.236/trunk@138574 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
a621affedc Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 
git-svn-id: svn://10.0.0.236/trunk@126906 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-09 21:53:17 +00:00
bishakhabanerjee%netscape.com
dbb33a4181 Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 
git-svn-id: svn://10.0.0.236/trunk@126078 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-30 20:57:44 +00:00
nelsonb%netscape.com
a36887f58a Make libSSL build for WinCE. 
git-svn-id: svn://10.0.0.236/trunk@118061 18797224-902f-48f8-a5cc-f745e15eee43
 2002-04-04 00:14:12 +00:00
ian.mcgreer%sun.com
706f544f7a bug 132889, sense of boolean 'blocking' is reversed within the HANDLE_ERR macro of ssl_WriteV 
git-svn-id: svn://10.0.0.236/trunk@117239 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-22 22:48:02 +00:00
nelsonb%netscape.com
76f9a42d49 1. the sslSecurityInfo and sslGather structs are now part of the sslSocket 
rather than being pointed to by the sslSocket.  This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks.  sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.


git-svn-id: svn://10.0.0.236/trunk@115407 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-27 04:40:17 +00:00
nelsonb%netscape.com
2b8a7de572 Change ssl_GetPeerInfo to no longer assume that an address is IPV6 if 
it's not IPv4.  Fixes a bug on systems that don't support IPV6, but
do support other address families.


git-svn-id: svn://10.0.0.236/trunk@115336 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 00:28:15 +00:00
wtc%netscape.com
52f5bfd019 Bugzilla bug 70217: ported NSS to BeOS. The patch is contributed by 
Christopher Seawood <seawood@netscape.com>.


git-svn-id: svn://10.0.0.236/trunk@115206 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-22 04:23:30 +00:00
relyea%netscape.com
dd1d27c432 Clean up compilier warnings on Solaris and Linux, most particularly: 
1) Implicit declaration of function.
2) Possibly unitialized variables.

These warnings have indicated some real problems in the code, so many changes
are not just to silence the warnings, but to fix the problems. Others were
inocuous, but the warnings were silenced to reduce the noise.


git-svn-id: svn://10.0.0.236/trunk@109938 18797224-902f-48f8-a5cc-f745e15eee43
 2001-12-07 01:36:25 +00:00
nelsonb%netscape.com
5b7036cc69 Put better comments by the table of preconfigured policies. 
git-svn-id: svn://10.0.0.236/trunk@107058 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-02 04:00:27 +00:00
nelsonb%netscape.com
f978c68393 Add support to TLS for new 128-bit and 256-bit AES ciphersuites. 87021. 
git-svn-id: svn://10.0.0.236/trunk@103408 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-21 03:07:35 +00:00
nelsonb%netscape.com
c38ee88985 Implement new function SSL_GetChannelInfo(). Bugzilla bug 78959. 
git-svn-id: svn://10.0.0.236/trunk@103057 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-18 01:59:21 +00:00