Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
136,028 Commits 3,986 Branches 0 Tags
Commit Graph

176 Commits

Author SHA1 Message Date
nelsonb%netscape.com
9fe96f18ad Follow the SSL2 specification more closely in accepting and rejecting 
SSL messages.  Previously NSS would reject some it should accept
and vice versa.  Bugscape bug 57121. r=wtc,julien


git-svn-id: svn://10.0.0.236/trunk@158397 18797224-902f-48f8-a5cc-f745e15eee43
 2004-06-24 02:06:41 +00:00
jpierre%netscape.com
8385c4f9e2 Fix for 237934 - nss_InitLock not atomic. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@158176 18797224-902f-48f8-a5cc-f745e15eee43
 2004-06-19 03:21:39 +00:00
jpierre%netscape.com
cca7512c06 Fix for 244095 - link NSS libraries with -R $ORIGIN on Solaris 
git-svn-id: svn://10.0.0.236/trunk@156892 18797224-902f-48f8-a5cc-f745e15eee43
 2004-05-25 00:13:12 +00:00
wchang0222%aol.com
d8ea205bcc Bugscape bug 57081: If the make variable NISCC_TEST is defined at build 
time, add -DNISCC_TEST to the compile command line.  The NISCC_TEST macro
enables special code that's conditionally compiled for NISCC testing.
Modified Files:
	cmd/smimetools/Makefile cmd/smimetools/cmsutil.c
	lib/ssl/config.mk lib/ssl/manifest.mn


git-svn-id: svn://10.0.0.236/trunk@156332 18797224-902f-48f8-a5cc-f745e15eee43
 2004-05-13 01:29:15 +00:00
jpierre%netscape.com
bc5774d577 Fix for 242984 - crash with application having incomplete PRIOMethods. r=nelsonb,wtc 
git-svn-id: svn://10.0.0.236/trunk@156222 18797224-902f-48f8-a5cc-f745e15eee43
 2004-05-11 03:48:25 +00:00
gerv%gerv.net
62b0f34e77 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 
git-svn-id: svn://10.0.0.236/trunk@155606 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-27 23:04:40 +00:00
gerv%gerv.net
43cb9e1492 Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155484 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
6f48d14853 Add conditionally compiled code for NISCC testing of NSS's SSL library. 
patch by Ian McGreer.  Bugscape bug 53322.


git-svn-id: svn://10.0.0.236/trunk@153596 18797224-902f-48f8-a5cc-f745e15eee43
 2004-03-05 23:28:57 +00:00
jpierre%netscape.com
cabec54b89 Fix for 235874 - crash in PK11_DigestKey . r=wtc, nelsonb 
git-svn-id: svn://10.0.0.236/trunk@153448 18797224-902f-48f8-a5cc-f745e15eee43
 2004-03-03 03:18:56 +00:00
nelsonb%netscape.com
aa8a0fe260 Overload the error code SSL_ERROR_RX_RECORD_TOO_LONG to report SSL2 
records that are too short.  Bugscape bug 54814


git-svn-id: svn://10.0.0.236/trunk@151018 18797224-902f-48f8-a5cc-f745e15eee43
 2004-01-08 06:52:00 +00:00
jpierre%netscape.com
9af88d0f5a Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF 
git-svn-id: svn://10.0.0.236/trunk@151008 18797224-902f-48f8-a5cc-f745e15eee43
 2004-01-08 01:37:46 +00:00
wchang0222%aol.com
0fd2842063 Made wincx the last argument of PK11_PubDeriveExtended. r=relyea. 
Modified Files: pk11func.h pk11skey.c ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@150552 18797224-902f-48f8-a5cc-f745e15eee43
 2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
478d713628 Grow handshake message buffer once per message, not once per each message 
segment received.  Bugscape bug 53418.


git-svn-id: svn://10.0.0.236/trunk@148858 18797224-902f-48f8-a5cc-f745e15eee43
 2003-11-05 06:22:57 +00:00
nelsonb%netscape.com
517ef7b660 Remove one unnecessary transition from the SSL3 state machine. 
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337


git-svn-id: svn://10.0.0.236/trunk@148646 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-31 07:01:05 +00:00
wchang0222%aol.com
2aff98abf2 Bugzilla bug 222065: fixed a bug (inside #ifdef WINNT) introduced in the 
previous checkin.


git-svn-id: svn://10.0.0.236/trunk@148244 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-22 01:00:10 +00:00
nelsonb%netscape.com
68ca5e8448 When the SSL_NO_CACHE option is set on an SSL server socket, don't touch 
the server session cache AT ALL.  Bug 222726


git-svn-id: svn://10.0.0.236/trunk@148119 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-19 01:55:50 +00:00
nelsonb%netscape.com
3e437a3d4d Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452. 
git-svn-id: svn://10.0.0.236/trunk@148118 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-19 01:31:41 +00:00
nelsonb%netscape.com
701f341286 SSL_ShutdownServerSessionIDCache no longer leaks the cache memory. 
Bug 222065. r=wchang0222


git-svn-id: svn://10.0.0.236/trunk@148117 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-19 01:25:10 +00:00
ian.mcgreer%sun.com
decc84df49 ECC code landing. 
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs


git-svn-id: svn://10.0.0.236/trunk@148060 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-17 13:45:42 +00:00
nelsonb%netscape.com
9911b56b4d Eliminate unnecessary copying of CA names in HandleCertRequest. 
Bug 204686.


git-svn-id: svn://10.0.0.236/trunk@147660 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-07 02:24:01 +00:00
nelsonb%netscape.com
d544fa46d4 Detect Zero length certs and zero length CA names. Bug 204686. 
Also, eliminate unnecessary copying of incoming certs.


git-svn-id: svn://10.0.0.236/trunk@147524 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-03 02:01:18 +00:00
wtc%netscape.com
a684605285 Bugzilla bug 214674: made the Linux implementation of sslMutex really work. 
They were no-ops in multiprocess mode before.  The patch is Nelson
Bolyard's.  r=wtc.


git-svn-id: svn://10.0.0.236/trunk@146426 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-28 22:23:59 +00:00
nelsonb%netscape.com
e14edef9e3 Eliminate TCP connection reset errors that occur when server requires 
client auth and SSL3 client doesn't authenticate.  The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.


git-svn-id: svn://10.0.0.236/trunk@143124 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-30 23:22:39 +00:00
wtc%netscape.com
c8c128b326 Bug 134113: make NSS build on Win32 using GCC (MinGW). The patch 
(attachment 121068) is contributed by Chris Seawood (cls@seawood.org).


git-svn-id: svn://10.0.0.236/trunk@141471 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-20 04:23:37 +00:00
jpierre%netscape.com
5f94baad22 Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb 
git-svn-id: svn://10.0.0.236/trunk@141286 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-17 02:04:24 +00:00
jpierre%netscape.com
baac831b29 Fix for 201259 . Make the default client auth callback NSS_GetClientAuthData work with dual-key certs. r=nelsonb, sr=wtc 
git-svn-id: svn://10.0.0.236/trunk@140939 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-09 22:23:10 +00:00
nelsonb%netscape.com
faa5b981f5 Changes to enable ECC over characteristic 2^m fields. 
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
 nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
 nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
 nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
 nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
 nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
 nss/lib/util/secoidt.h


git-svn-id: svn://10.0.0.236/trunk@140430 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-29 00:18:30 +00:00
nelsonb%netscape.com
06d3adf3af Add missing return statement. 
git-svn-id: svn://10.0.0.236/trunk@140378 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-27 03:07:47 +00:00
wtc%netscape.com
ede99124e6 Bug 199082: checked in Nelson's patch, which 
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c


git-svn-id: svn://10.0.0.236/trunk@140305 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-26 00:31:13 +00:00
relyea%netscape.com
f06f3410eb Make indention style consistant with SSL's usage, not softoken/pk11 usage. 
git-svn-id: svn://10.0.0.236/trunk@139387 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-13 16:36:43 +00:00
relyea%netscape.com
baad4775cd Allow for tokens that don't require login. bug 197082 
git-svn-id: svn://10.0.0.236/trunk@139334 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
db2f1140de Add support for Elliptic Curve Cryptography. Bug 195135. 
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c


git-svn-id: svn://10.0.0.236/trunk@138574 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
3c19bbc924 Fix bug 160207. Make TLS implementation resistant to timing attacks on 
CBC block mode cipher suites in TLS.  See bug for details.


git-svn-id: svn://10.0.0.236/trunk@138124 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-21 23:00:16 +00:00
relyea%netscape.com
39cd897ff6 Bug 167756. Address Nelson's review comments. remove socket specific latency 
in favor of a slot specific latency test (already done by pk11wrap code).


git-svn-id: svn://10.0.0.236/trunk@137837 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-15 01:21:25 +00:00
relyea%netscape.com
09be8d3cd2 Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure. 
git-svn-id: svn://10.0.0.236/trunk@136911 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-23 22:02:37 +00:00
relyea%netscape.com
00bc37d763 Check for token removal before continuing SSL sessions which have client auth 
with certs associated with that token. bug 167756.


git-svn-id: svn://10.0.0.236/trunk@136893 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-23 17:27:34 +00:00
jpierre%netscape.com
22bf9f8cc7 Fix for bug #126930 - make SSL_ConfigServreSessionIDCache work on OS/2 by not using shared memory in single process mode. r=nelsonb 
git-svn-id: svn://10.0.0.236/trunk@136858 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-23 00:15:08 +00:00
nelsonb%netscape.com
bca9f97d3a Don't reject a cert request with an empty list of CA cert names. 
Don't crash with an empty CA name list.


git-svn-id: svn://10.0.0.236/trunk@133943 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
827c334f1c Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342. 
git-svn-id: svn://10.0.0.236/trunk@132968 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-05 00:25:20 +00:00
wtc%netscape.com
cbc1167df3 Bug 127740: added a comment to explain the thread yield in 
ssl3_SendApplicationData.


git-svn-id: svn://10.0.0.236/trunk@130809 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-30 20:51:05 +00:00
wtc%netscape.com
91b98bac0f Bug 153380: document the default values for the SSL options. 
git-svn-id: svn://10.0.0.236/trunk@129970 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-18 22:32:19 +00:00
jpierre%netscape.com
c090eaa1e9 Fix NT build 
git-svn-id: svn://10.0.0.236/trunk@129030 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-07 02:48:45 +00:00
jpierre%netscape.com
9b0237c574 Fix compiler warnings 
git-svn-id: svn://10.0.0.236/trunk@129024 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-07 01:48:46 +00:00
nicolson%netscape.com
4b34ca8158 Fix 164126: makefile build error. 
Change the NSS module name from "security" to "nss".


git-svn-id: svn://10.0.0.236/trunk@128961 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-06 16:38:56 +00:00
wtc%netscape.com
16ce983004 Bugs 166734 and 166785: fixed compiler warnings reported by gcc on Linux. 
The patch for this checkin is attached to bug 166785.


git-svn-id: svn://10.0.0.236/trunk@128926 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-06 00:27:52 +00:00
nelsonb%netscape.com
a621affedc Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 
git-svn-id: svn://10.0.0.236/trunk@126906 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-09 21:53:17 +00:00
nelsonb%netscape.com
3b1e2d7136 Fix bug 160207 by changing the error alerts we send for failed decryption. 
git-svn-id: svn://10.0.0.236/trunk@126681 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-07 20:01:51 +00:00
bishakhabanerjee%netscape.com
dbb33a4181 Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 
git-svn-id: svn://10.0.0.236/trunk@126078 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-30 20:57:44 +00:00
relyea%netscape.com
424861117d Initialize type field to clear off purify warnings. 
git-svn-id: svn://10.0.0.236/trunk@124041 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-25 23:00:59 +00:00
nelsonb%netscape.com
9b6375ccb6 Fix bug 135261. Create symbolic names for the values 2 and 3 for the 
SSL_REQUIRE_CERTIFICATE option.  Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.


git-svn-id: svn://10.0.0.236/trunk@123859 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-22 01:40:32 +00:00