because we don't send the elliptic_curves and ec_point_format extensions
in SSL 3.0 client hello. r=nelson.
git-svn-id: svn://10.0.0.236/trunk@259579 18797224-902f-48f8-a5cc-f745e15eee43
but not any other extension. r=rrelyea.
Modified Files:
ssl3con.c ssl3ext.c
git-svn-id: svn://10.0.0.236/trunk@259505 18797224-902f-48f8-a5cc-f745e15eee43
otherwise zlib returns Z_BUF_ERROR, which we consider fatal. The patch is
contributed by Adam Langley of Google <agl@chromium.org>. r=wtc,nelson.
git-svn-id: svn://10.0.0.236/trunk@259136 18797224-902f-48f8-a5cc-f745e15eee43
after including zlib.h. Rename compress to compressor and decompress to
decompressor to avoid the compress macro that may be defined by zconf.h.
r=nelson.
Modified Files:
ssl3con.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@259050 18797224-902f-48f8-a5cc-f745e15eee43
patch is contributed by Adam Langley of Google <agl@chromium.org>.
r=wtc,nelson.
git-svn-id: svn://10.0.0.236/trunk@259049 18797224-902f-48f8-a5cc-f745e15eee43
built as part of Mozilla, the 'compress' member of the ssl3CipherSpec
structure gets renamed. Undefine 'compress' to avoid that. r=nelson.
git-svn-id: svn://10.0.0.236/trunk@258982 18797224-902f-48f8-a5cc-f745e15eee43
desirability so that servers that simply pick the first mutually supported
compression method will pick the best compression method. Add compression
method info to the SSLChannelInfo structure. Rename SSL3CompressionMethod
to SSLCompressionMethod and add the ssl_ prefix to the enum constants.
Remove an extra comma in strsclnt.c that breaks the concatenation of two
string literals. r=agl,rrelyea,nelson.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c lib/ssl/ssl3con.c lib/ssl/ssl3ext.c
lib/ssl/ssl3prot.h lib/ssl/sslimpl.h lib/ssl/sslinfo.c
lib/ssl/sslsnce.c lib/ssl/sslt.h tests/ssl/sslstress.txt
git-svn-id: svn://10.0.0.236/trunk@258919 18797224-902f-48f8-a5cc-f745e15eee43
Disable SSL 3.x renegotiation by default. Add new options to re-enable.
r=wtc,rrelyea
git-svn-id: svn://10.0.0.236/trunk@258888 18797224-902f-48f8-a5cc-f745e15eee43
SSL option and the -z command-line option for tstclnt, strsclnt, and
selfserv for enabling the DEFLATE compression method. The patch is
contributed by Adam Langley <agl@chromium.org> of Google. r=nelson.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c lib/ssl/Makefile lib/ssl/ssl.h
lib/ssl/ssl3con.c lib/ssl/ssl3prot.h lib/ssl/sslerr.h
lib/ssl/sslimpl.h lib/ssl/sslsock.c
git-svn-id: svn://10.0.0.236/trunk@258862 18797224-902f-48f8-a5cc-f745e15eee43
compare of two memory regions, and use it in libSSL for comparing secret
data. The patch is contributed by Adam Langley <agl@chromium.org> of
Google. r=wtc,nelson.
Modified Files:
lib/ssl/ssl3con.c lib/ssl/sslcon.c lib/ssl/sslgathr.c
lib/util/nssutil.def lib/util/secport.c lib/util/secport.h
git-svn-id: svn://10.0.0.236/trunk@258699 18797224-902f-48f8-a5cc-f745e15eee43
include any headers from lib/ssl. r=nelson.
Modified Files:
softoken/pkcs11c.c ssl/manifest.mn ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@254368 18797224-902f-48f8-a5cc-f745e15eee43
of nssrenam.h. Remove functions that no longer need to be renamed from
nssrenam.h. r=rrelyea.
Modified Files:
cmd/vfychain/vfychain.c lib/certdb/stanpcertdb.c
lib/crmf/asn1cmn.c lib/crmf/cmmfrec.c lib/crmf/respcmn.c
lib/nss/nss.def lib/nss/nssrenam.h lib/pkcs12/p12e.c
lib/pkcs7/certread.c lib/pkcs7/p7decode.c lib/pkcs7/p7encode.c
lib/smime/cmsutil.c lib/ssl/ssl3con.c lib/ssl/ssl3ecc.c
lib/ssl/sslnonce.c lib/ssl/sslsnce.c
git-svn-id: svn://10.0.0.236/trunk@247455 18797224-902f-48f8-a5cc-f745e15eee43
type we expect before using it. r=nelsonb
Modified Files: ssl3con.c ssl3ecc.c
git-svn-id: svn://10.0.0.236/trunk@216773 18797224-902f-48f8-a5cc-f745e15eee43
and not TLS, they should not negotiate ECC ciphersuites at all.
Bug 341707. r=rrelyea.
git-svn-id: svn://10.0.0.236/trunk@203068 18797224-902f-48f8-a5cc-f745e15eee43
by constant expressions. HP C compiler version B.11.11.08 generates
incorrect code silently if the initializers are non-constant expressions.
r=alexei.volkov,julien.pierre.
Modified files: cmd/crmftest/testcrmf.c lib/ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@200976 18797224-902f-48f8-a5cc-f745e15eee43
instead of SECKEY_PublicKeyStrength to get ECDSA signature lengths.
Removed the 'type' member from the VFYContextStr structure because that
info is in the 'key->keyType' field. Set error codes when functions
fail (return 0). r=nelsonb.
Modified Files:
cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secvfy.c
nss/nss.def ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@198781 18797224-902f-48f8-a5cc-f745e15eee43
SSL now follows NSPR socket semantics and never returns a short write
count on a blocking socket. On a blocking socket, it returns either
the full count or -1 (with an error code set).
For non-blocking sockets, SSL no longer returns a full write count
when some of the data remains buffered in the SSL record layer.
Instead it returns a number is that always at least 1 byte short of a
full write count, so that the caller will keep retrying until it is done.
SSL makes sure that the first byte sent by the caller in the retry
matches the last byte previously buffered. r=rrelyea.
Modified Files: ssl3con.c sslcon.c ssldef.c sslimpl.h sslsecur.c
git-svn-id: svn://10.0.0.236/trunk@194962 18797224-902f-48f8-a5cc-f745e15eee43
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@194359 18797224-902f-48f8-a5cc-f745e15eee43
