Disable SSL 3.x renegotiation by default. Add new options to re-enable.
r=wtc,rrelyea
git-svn-id: svn://10.0.0.236/trunk@258888 18797224-902f-48f8-a5cc-f745e15eee43
SSL option and the -z command-line option for tstclnt, strsclnt, and
selfserv for enabling the DEFLATE compression method. The patch is
contributed by Adam Langley <agl@chromium.org> of Google. r=nelson.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c lib/ssl/Makefile lib/ssl/ssl.h
lib/ssl/ssl3con.c lib/ssl/ssl3prot.h lib/ssl/sslerr.h
lib/ssl/sslimpl.h lib/ssl/sslsock.c
git-svn-id: svn://10.0.0.236/trunk@258862 18797224-902f-48f8-a5cc-f745e15eee43
compare of two memory regions, and use it in libSSL for comparing secret
data. The patch is contributed by Adam Langley <agl@chromium.org> of
Google. r=wtc,nelson.
Modified Files:
lib/ssl/ssl3con.c lib/ssl/sslcon.c lib/ssl/sslgathr.c
lib/util/nssutil.def lib/util/secport.c lib/util/secport.h
git-svn-id: svn://10.0.0.236/trunk@258699 18797224-902f-48f8-a5cc-f745e15eee43
include any headers from lib/ssl. r=nelson.
Modified Files:
softoken/pkcs11c.c ssl/manifest.mn ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@254368 18797224-902f-48f8-a5cc-f745e15eee43
of nssrenam.h. Remove functions that no longer need to be renamed from
nssrenam.h. r=rrelyea.
Modified Files:
cmd/vfychain/vfychain.c lib/certdb/stanpcertdb.c
lib/crmf/asn1cmn.c lib/crmf/cmmfrec.c lib/crmf/respcmn.c
lib/nss/nss.def lib/nss/nssrenam.h lib/pkcs12/p12e.c
lib/pkcs7/certread.c lib/pkcs7/p7decode.c lib/pkcs7/p7encode.c
lib/smime/cmsutil.c lib/ssl/ssl3con.c lib/ssl/ssl3ecc.c
lib/ssl/sslnonce.c lib/ssl/sslsnce.c
git-svn-id: svn://10.0.0.236/trunk@247455 18797224-902f-48f8-a5cc-f745e15eee43
type we expect before using it. r=nelsonb
Modified Files: ssl3con.c ssl3ecc.c
git-svn-id: svn://10.0.0.236/trunk@216773 18797224-902f-48f8-a5cc-f745e15eee43
and not TLS, they should not negotiate ECC ciphersuites at all.
Bug 341707. r=rrelyea.
git-svn-id: svn://10.0.0.236/trunk@203068 18797224-902f-48f8-a5cc-f745e15eee43
by constant expressions. HP C compiler version B.11.11.08 generates
incorrect code silently if the initializers are non-constant expressions.
r=alexei.volkov,julien.pierre.
Modified files: cmd/crmftest/testcrmf.c lib/ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@200976 18797224-902f-48f8-a5cc-f745e15eee43
instead of SECKEY_PublicKeyStrength to get ECDSA signature lengths.
Removed the 'type' member from the VFYContextStr structure because that
info is in the 'key->keyType' field. Set error codes when functions
fail (return 0). r=nelsonb.
Modified Files:
cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secvfy.c
nss/nss.def ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@198781 18797224-902f-48f8-a5cc-f745e15eee43
SSL now follows NSPR socket semantics and never returns a short write
count on a blocking socket. On a blocking socket, it returns either
the full count or -1 (with an error code set).
For non-blocking sockets, SSL no longer returns a full write count
when some of the data remains buffered in the SSL record layer.
Instead it returns a number is that always at least 1 byte short of a
full write count, so that the caller will keep retrying until it is done.
SSL makes sure that the first byte sent by the caller in the retry
matches the last byte previously buffered. r=rrelyea.
Modified Files: ssl3con.c sslcon.c ssldef.c sslimpl.h sslsecur.c
git-svn-id: svn://10.0.0.236/trunk@194962 18797224-902f-48f8-a5cc-f745e15eee43
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@194359 18797224-902f-48f8-a5cc-f745e15eee43
r=nelson r=thomas.
patch in bug + white space changes suggested by nelson.
git-svn-id: svn://10.0.0.236/trunk@192798 18797224-902f-48f8-a5cc-f745e15eee43
ECDSA signatures. Backed out a temporary workaround in
ECDSA_SignDigestWithSeed. Made other changes related to signature lengths.
r=relyea,nelson.bolyard.
Modified Files:
cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secsign.c
freebl/ec.c pk11wrap/pk11obj.c pk11wrap/pk11pub.h
ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@191542 18797224-902f-48f8-a5cc-f745e15eee43
from being negotiated by NSS servers. Necessary until the server side
of the _DHE_ cipher suites is fully implemented. r=Julien,Wan-Teh,Vipul
git-svn-id: svn://10.0.0.236/trunk@191364 18797224-902f-48f8-a5cc-f745e15eee43
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c. derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
