Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
216,607 Commits 3,986 Branches 0 Tags
Commit Graph

50 Commits

Author SHA1 Message Date
wtc%google.com
ade9335c30 Bug 507359: Implement TLS keying material exporters. The patch is written 
by Douglas Stebila <douglas@stebila.ca> and improved by Adam Langley
<agl@chromium.org>.  r=wtc.
Modified Files:
	ssl.def ssl.h ssl3con.c sslimpl.h sslinfo.c


git-svn-id: svn://10.0.0.236/trunk@263533 18797224-902f-48f8-a5cc-f745e15eee43
 2012-03-07 01:27:40 +00:00
kaie%kuix.de
6c980c7018 Bug 726315, followup from bug 542832, Patch contributed by Brian Smith, r=kaie 
git-svn-id: svn://10.0.0.236/trunk@263415 18797224-902f-48f8-a5cc-f745e15eee43
 2012-02-15 21:52:08 +00:00
kaie%kuix.de
a80bdaa107 Bug 542832 - SSL_RestartHandshakeAfterServerCert is broken, patch by Brian Smith, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263385 18797224-902f-48f8-a5cc-f745e15eee43
 2012-02-11 12:58:48 +00:00
kaie%kuix.de
1d479025ca Bug 542832 - SSL_RestartHandshakeAfterServerCert is broken, patch by Brian Smith, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263383 18797224-902f-48f8-a5cc-f745e15eee43
 2012-02-11 12:57:28 +00:00
kaie%kuix.de
9d33576904 Bug 542832 - SSL_RestartHandshakeAfterServerCert is broken, patch by Brian Smith, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263382 18797224-902f-48f8-a5cc-f745e15eee43
 2012-02-11 12:55:58 +00:00
bsmith%mozilla.com
0601ca68ad Bug 547312: Implement client-side support for NPN; original patch by agl r=wtc; changes by bsmith r=agl 
git-svn-id: svn://10.0.0.236/trunk@263024 18797224-902f-48f8-a5cc-f745e15eee43
 2011-10-29 00:29:11 +00:00
wtc%google.com
eeafd4b2de Bug 593080: change the default of the SSL_ENABLE_SSL2 and 
SSL_V2_COMPATIBLE_HELLO options to PR_FALSE.  r=rrelyea.
Modified Files:
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.h
	lib/ssl/sslsock.c


git-svn-id: svn://10.0.0.236/trunk@262964 18797224-902f-48f8-a5cc-f745e15eee43
 2011-10-06 22:42:34 +00:00
bsmith%mozilla.com
2e2793892a Bug 665814: Prevent chosen plaintext attacks on SSL 3.0 and TLS 1.0 connections, r=wtc, sr=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@262945 18797224-902f-48f8-a5cc-f745e15eee43
 2011-10-01 03:59:54 +00:00
kaie%kuix.de
2d50bc73fe Bug 673115 - Add function to obtain version of NSS at runtime, r=wtc, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@262560 18797224-902f-48f8-a5cc-f745e15eee43
 2011-08-01 07:08:10 +00:00
wtc%google.com
daa3cd26f4 Bug 635778: Rename SSL_ConfigSecureServerWithChainOpt to 
SSL_ConfigSecureServerWithCertChain.  List the certChainOpt argument
immediately after the cert argument.  Improve comments.
Modified Files:
	ssl.def ssl.h sslsecur.c


git-svn-id: svn://10.0.0.236/trunk@262164 18797224-902f-48f8-a5cc-f745e15eee43
 2011-04-08 05:37:44 +00:00
alexei.volkov.bugs%sun.com
e3d68d7de7 635778 - Need an API to pass user defined cert chain when SSL socket is set up. r=nelson, rreleya 
git-svn-id: svn://10.0.0.236/trunk@262033 18797224-902f-48f8-a5cc-f745e15eee43
 2011-03-10 04:29:04 +00:00
wtc%google.com
1e99b8cb20 Bug 525092: Support TLS false start. The patch is contributed by Adam 
Langley of Google <agl@chromium.org>.  r=wtc.
Modified Files:
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.h
	lib/ssl/ssl3con.c lib/ssl/ssl3gthr.c lib/ssl/sslimpl.h
	lib/ssl/sslsecur.c lib/ssl/sslsock.c tests/ssl/sslstress.txt


git-svn-id: svn://10.0.0.236/trunk@260919 18797224-902f-48f8-a5cc-f745e15eee43
 2010-07-30 03:00:17 +00:00
wtc%google.com
88282f31d8 Bug 537356: Redefine SSL_RENEGOTIATE_CLIENT_ONLY as 
SSL_RENEGOTIATE_TRANSITIONAL, changing its meaning for server sockets,  and
make it the default.  r=rrelyea.
Modified Files:
	ssl.h ssl3con.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@259722 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-17 02:29:08 +00:00
wtc%google.com
7438b8e95a Bug 537356: Rename SCSV. In the final RFC, the symbolic name of the SCSV 
changed to TLS_EMPTY_RENEGOTIATION_INFO_SCSV.  r=christophe,rrelyea.
Modified Files:
	cmd/ssltap/ssltap.c lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslproto.h


git-svn-id: svn://10.0.0.236/trunk@259715 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-16 18:56:48 +00:00
wtc%google.com
1aa1b407a5 Bug 496993: Add accessor functions for SSL_ImplementedCiphers and 
SSL_NumImplementedCiphers.  r=nelson.
Modified Files:
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.def
	lib/ssl/ssl.h lib/ssl/sslenum.c


git-svn-id: svn://10.0.0.236/trunk@259676 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-10 18:07:21 +00:00
wtc%google.com
4ad6a3c20d Bug 540304: Rename ExtensionType to SSLExtensionType. The patch is 
contributed by Kai Engert <kaie@kuix.de>.  r=wtc.
Modified Files:
	ssl.h sslreveal.c sslt.h


git-svn-id: svn://10.0.0.236/trunk@259597 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-04 03:21:11 +00:00
kaie%kuix.de
bd4c4b9fa4 Bug 540304, Implement SSL_HandshakeNegotiatedExtension 
r=nelson


git-svn-id: svn://10.0.0.236/trunk@259501 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-28 16:14:25 +00:00
nelson%bolyard.com
0bc55de11a Bug 537356: Implement new safe SSL3 & TLS renegotiation, r=wtc 
git-svn-id: svn://10.0.0.236/trunk@259500 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-28 06:19:13 +00:00
alexei.volkov.bugs%sun.com
d26b36b737 360421 - Implement TLS Server Name Indication for servers. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@259396 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-14 22:15:26 +00:00
wtc%google.com
d73ba345fb Bug 530907: The peerID argument to SSL_SetSockPeerID should be declared 
const.  Removed an unnecessary PR_CALLBACK qualifier.  r=nelson.


git-svn-id: svn://10.0.0.236/trunk@259084 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-25 05:24:25 +00:00
nelson%bolyard.com
089608da06 Bug 526689: (CVE-2009-3555) SSL3 & TLS Renegotiation Vulnerability 
Disable SSL 3.x renegotiation by default.  Add new options to re-enable.
r=wtc,rrelyea


git-svn-id: svn://10.0.0.236/trunk@258888 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-06 20:11:29 +00:00
wtc%google.com
7904b372b3 Bug 275744: Implement TLS compression RFC 3749. Add the SSL_ENABLE_DEFLATE 
SSL option and the -z command-line option for tstclnt, strsclnt, and
selfserv for enabling the DEFLATE compression method.  The patch is
contributed by Adam Langley <agl@chromium.org> of Google.  r=nelson.
Modified Files:
	cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c lib/ssl/Makefile lib/ssl/ssl.h
	lib/ssl/ssl3con.c lib/ssl/ssl3prot.h lib/ssl/sslerr.h
	lib/ssl/sslimpl.h lib/ssl/sslsock.c


git-svn-id: svn://10.0.0.236/trunk@258862 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-04 17:19:25 +00:00
wtc%google.com
6289ace530 Bug 403563: implement the TLS session ticket extension (rfc4507bis). The 
patch is contributed by Nagendra Modadugu <ngm+mozilla@google.com>.  A
small portion (PKCS #11 code and tests) was written by Wan-Teh Chang
<wtc@google.com>.  r=nelson,wtc
Modified Files:
	cmd/lib/SSLerrs.h cmd/selfserv/selfserv.c
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
	lib/ssl/manifest.mn lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslerr.h
	lib/ssl/sslimpl.h lib/ssl/sslnonce.c lib/ssl/sslsnce.c
	lib/ssl/sslsock.c lib/ssl/sslt.h tests/ssl/sslstress.txt
Added Files:
	lib/ssl/ssl3ext.c


git-svn-id: svn://10.0.0.236/trunk@247232 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-06 20:16:24 +00:00
wtc%google.com
d31369b999 Bug 403563: reserve an SSL option for TLS session tickets. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@246235 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-21 21:44:09 +00:00
neil.williams%sun.com
f4f094b47f Bug 325672, Create CanBypass function 
r=Nelson


git-svn-id: svn://10.0.0.236/trunk@230235 18797224-902f-48f8-a5cc-f745e15eee43
 2007-07-18 21:38:55 +00:00
julien.pierre.bugs%sun.com
efa0597919 Fix for bug 257860 . Correct doc for SSL_SecurityStatus . r=nelson 
git-svn-id: svn://10.0.0.236/trunk@229660 18797224-902f-48f8-a5cc-f745e15eee43
 2007-07-11 03:09:14 +00:00
julien.pierre.bugs%sun.com
219677d209 Fix for bug 127960 . Add SSL force handshake APIs which take a timeout . r=nelson 
git-svn-id: svn://10.0.0.236/trunk@180433 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-16 20:33:09 +00:00
nelsonb%netscape.com
66cf75f421 Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS. 
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c.  derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
    ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
    ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
    ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c


git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-09 03:02:16 +00:00
nelsonb%netscape.com
00749853c3 Remove fortezza code from libSSL and from the SSL test programs. 
Stop building fortezza's special software token, and fortezza specific
test programs.   Bug 239960. r=rrelyea.
Modified Files:
    cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
    cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
    cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
    cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
    cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
    lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
    lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
    lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
    lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
    lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
    lib/ssl/sslt.h


git-svn-id: svn://10.0.0.236/trunk@177810 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-16 03:42:26 +00:00
nelsonb%netscape.com
663db84c36 Back out the preceeding fortezza removal patch, which was accidentally 
applied to the trunk, not to the intended branch.


git-svn-id: svn://10.0.0.236/trunk@171823 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
b62572db42 Remove fortezza support from libSSL and related commands. Bug 239960. 
ON PERFORMANCE_HACKS_BRANCH.  r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@171820 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 19:43:19 +00:00
gerv%gerv.net
62b0f34e77 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 
git-svn-id: svn://10.0.0.236/trunk@155606 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-27 23:04:40 +00:00
gerv%gerv.net
43cb9e1492 Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155484 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
3e437a3d4d Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452. 
git-svn-id: svn://10.0.0.236/trunk@148118 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-19 01:31:41 +00:00
wtc%netscape.com
ede99124e6 Bug 199082: checked in Nelson's patch, which 
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c


git-svn-id: svn://10.0.0.236/trunk@140305 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-26 00:31:13 +00:00
wtc%netscape.com
91b98bac0f Bug 153380: document the default values for the SSL options. 
git-svn-id: svn://10.0.0.236/trunk@129970 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-18 22:32:19 +00:00
nelsonb%netscape.com
9b6375ccb6 Fix bug 135261. Create symbolic names for the values 2 and 3 for the 
SSL_REQUIRE_CERTIFICATE option.  Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.


git-svn-id: svn://10.0.0.236/trunk@123859 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-22 01:40:32 +00:00
wtc%netscape.com
c1bd73527f Bug 153380: TLS is enabled by default now. 
git-svn-id: svn://10.0.0.236/trunk@123794 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-21 18:25:46 +00:00
nelsonb%netscape.com
076553af57 Implement new function SSL_LocalCertificate(). Bug 78959. 
git-svn-id: svn://10.0.0.236/trunk@107638 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-08 02:15:38 +00:00
nelsonb%netscape.com
b91f3120f1 Reimplement SSL_GetChannelInfo. Add new function SSL_GetCipherSuiteInfo(). 
Also, implement new ciphersuite preference order.  Bug 78959.


git-svn-id: svn://10.0.0.236/trunk@107060 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-02 04:24:28 +00:00
nelsonb%netscape.com
c38ee88985 Implement new function SSL_GetChannelInfo(). Bugzilla bug 78959. 
git-svn-id: svn://10.0.0.236/trunk@103057 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-18 01:59:21 +00:00
nelsonb%netscape.com
611ba43412 Add two new functions to permit application tuning of the number of SSL 
server session cache locks.  We may yet decide to back this out for the
NSS 3.3 release.  Modified Files: ssl.def ssl.h sslsnce.c


git-svn-id: svn://10.0.0.236/trunk@96958 18797224-902f-48f8-a5cc-f745e15eee43
 2001-06-12 20:27:12 +00:00
wtc%netscape.com
f563c9425e Bugzilla bug #77199: Make NSS build under OS/2. Thanks to Javier 
Pedemonte <pedemont@us.ibm.com> for the patch.
Modified Files:
        coreconf/OS2.mk coreconf/rules.mk coreconf/ruleset.mk
        nss/lib/freebl/Makefile nss/lib/pkcs12/p12.h nss/lib/ssl/ssl.h
        nss/lib/util/secport.h


git-svn-id: svn://10.0.0.236/trunk@95606 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-21 21:25:32 +00:00
nelsonb%netscape.com
e00b59a1ac Make SSL API consistent in using SECStatus as return value for functions 
that return only values in that enumeration.  Bug 68097. R&A = relyea.
Modified Files:
 	lib/ssl/ssl.h lib/ssl/sslauth.c lib/ssl/sslsecur.c
 	lib/ssl/sslsnce.c lib/ssl/sslsock.c cmd/selfserv/selfserv.c
 	cmd/strsclnt/strsclnt.c


git-svn-id: svn://10.0.0.236/trunk@86642 18797224-902f-48f8-a5cc-f745e15eee43
 2001-02-09 00:32:14 +00:00
wtc%netscape.com
a620d900b4 Bugzilla bug #65416: assign values explicitly to enumeration constants. 
The same values that the compiler would assign are assigned, with only
one exception (cmmfNoPKIStatus in cmmft.h).  This is patch id=22555,
reviewed by Nelson Bolyard.


git-svn-id: svn://10.0.0.236/trunk@85087 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-18 16:36:43 +00:00
nelsonb%netscape.com
d5cd06265e Remove declarations of SOCKS support functions, which have never worked 
in NSS 3.x and are not supported.  Ifdef out declarations of deprecated
functions, since they are not exported by ssl3.dll.


git-svn-id: svn://10.0.0.236/trunk@84479 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-06 20:56:40 +00:00
nelsonb%netscape.com
4317ea94c5 Use _WIN32 instead of _WINDOWS in windows-dependent ifdefs. 
git-svn-id: svn://10.0.0.236/trunk@84449 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-05 23:53:38 +00:00
nelsonb%netscape.com
dbd95a18a1 Changes to deal with exporting data from Windows DLLs. 
SECHashObjects[] is no longer exported.
New function HASH_GetHashObject returns pointer to selected const object.
SSL statistics are now in a structure whose address is obtained via a
call to SSL_GetStatistics().
On NT, the new symbol NSS_USE_STATIC_LIBS must be declared in programs
that use the static SSL library.
Also, propagate "const" declaration for SECHashObjects.


git-svn-id: svn://10.0.0.236/trunk@84403 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-05 01:38:26 +00:00
nelsonb%netscape.com
e4ad3d1501 Changes in support of corrected TLS rollback detection. 
git-svn-id: svn://10.0.0.236/trunk@70707 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-24 03:31:44 +00:00
relyea%netscape.com
a4d4d45374 Initial NSS Open Source checkin 
git-svn-id: svn://10.0.0.236/trunk@64788 18797224-902f-48f8-a5cc-f745e15eee43
 2000-03-31 20:13:40 +00:00