Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
215,390 Commits 3,986 Branches 0 Tags
Commit Graph

379 Commits

Author SHA1 Message Date
alexei.volkov.bugs%sun.com
e3d68d7de7 635778 - Need an API to pass user defined cert chain when SSL socket is set up. r=nelson, rreleya 
git-svn-id: svn://10.0.0.236/trunk@262033 18797224-902f-48f8-a5cc-f745e15eee43
 2011-03-10 04:29:04 +00:00
wtc%google.com
0f73ee0fe1 Bug 616757: in ssl3_SendCertificateVerify, we must destroy 
ss->ssl3.clientPrivateKey for all key exchange algorithms, otherwise we
will send a Certificate message in renegotiation even if the renegotiation
doesn't request client auth.  Move the cleanup of clientCertChain and
clientPrivateKey from ssl3_HandleCertificateRequest to
ssl3_HandleServerHello as a second defense.  The patch is contributed by
Ryan Sleevi <ryan.sleevi@gmail.com>.  r=wtc.


git-svn-id: svn://10.0.0.236/trunk@261791 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-22 02:25:06 +00:00
nelson%bolyard.com
82ffdf2e33 Bug 606209 ssl_PushIOLayer does not handle failure from PR_CallOnce 
Patch contributed by timeless@mozdev.org, r=nelson


git-svn-id: svn://10.0.0.236/trunk@261757 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-15 19:58:41 +00:00
wtc%google.com
b41a67ad55 Bug 606049: Add the SSL peer's CA certificates to ss->ssl3.peerCertChain in 
the correct order.  r=nelson.


git-svn-id: svn://10.0.0.236/trunk@261441 18797224-902f-48f8-a5cc-f745e15eee43
 2010-10-21 17:31:36 +00:00
wtc%google.com
e945f23c99 Bug 600438: Fix the locking order assertion in ssl_Get1stHandshakeLock, 
allowing firstHandshakeLock -> recvBufLock -> firstHandshakeLock, which can
happen if a callback function calls some libSSL functions.  r=nelson.


git-svn-id: svn://10.0.0.236/trunk@261439 18797224-902f-48f8-a5cc-f745e15eee43
 2010-10-20 23:54:04 +00:00
wtc%google.com
db53542ee4 Bug 525092: Allow SSL_GetChannelInfo to be called as soon as a TLS false 
start handshake is done.  r=agl.


git-svn-id: svn://10.0.0.236/trunk@261168 18797224-902f-48f8-a5cc-f745e15eee43
 2010-09-02 01:12:57 +00:00
wtc%google.com
e1d2b6d850 Bug 587234: SSL_ERROR_WEAK_SERVER_KEY is renamed 
SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY to be specific about key type.
TBR=kaie.
Modified Files:
	cmd/lib/SSLerrs.h lib/ssl/ssl3con.c lib/ssl/sslerr.h


git-svn-id: svn://10.0.0.236/trunk@261157 18797224-902f-48f8-a5cc-f745e15eee43
 2010-09-01 19:43:48 +00:00
wtc%google.com
2b958eb6a4 Bug 588698: wrap a long line, partly to cause this file to be recompiled 
after the change to sslimpl.h in rev. 1.80.  (NSS makefiles don't have
header dependencies.)


git-svn-id: svn://10.0.0.236/trunk@261136 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-28 21:28:48 +00:00
wtc%google.com
f470fd33f5 Bug 588698: comment out the locking order assertion in 
ssl_Get1stHandshakeLock because it's too strict when reentering
firstHandshakeLock.


git-svn-id: svn://10.0.0.236/trunk@261125 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-28 18:52:46 +00:00
nelson%bolyard.com
d36b5e1607 Bug 586697 - ssl3_DeriveMasterSecret must not request pVersion when it does 
Master key derivation for Diffie-Hellman through pkcs11.
Patch contributed by Alexei Volkov <alexei.volkov.bugs@sun.com>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@261124 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-28 18:22:07 +00:00
wtc%google.com
dc58ba1b0e Bug 588698: Add assertions to discover and enforce current locking order. 
Based on patch contributed by Adam Langley of Google <agl@chromium.org>.
r=agl,nelson.
Modified Files:
	notes.txt ssl3con.c sslcon.c sslimpl.h sslsecur.c


git-svn-id: svn://10.0.0.236/trunk@261113 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-28 00:56:10 +00:00
wtc%google.com
53532bd03f Bug 588698: SSL_DataPending only needs to get recvBufLock. r=nelson. 
git-svn-id: svn://10.0.0.236/trunk@261107 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-26 18:04:41 +00:00
wtc%google.com
07feacb99e Bug 587234: Better error reporting for tiny DH keys in Server Key Exchange. 
Add a new error code SSL_ERROR_WEAK_SERVER_KEY for the dh_p size check in
ssl3_HandleServerKeyExchange.  r=nelson.
Modified Files:
	cmd/lib/SSLerrs.h lib/ssl/ssl3con.c lib/ssl/sslerr.h


git-svn-id: svn://10.0.0.236/trunk@261049 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-16 18:19:02 +00:00
wtc%google.com
2dc38c772f Bug 586470: Add 'const' to SEC_DerSignData and ssl3_UpdateHandshakeHashes. 
Remove PK11_ImportPrivateKey.  r=emaldona.
Modified Files:
	cryptohi/cryptohi.h cryptohi/secsign.c pk11wrap/pk11pk12.c
	ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@261027 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-12 01:15:38 +00:00
wtc%google.com
610f1fd344 Bug 525092: Allow SSL_SecurityStatus and SSL_HandshakeNegotiatedExtension 
to be called from an early invocation of the handshake callback due to TLS
false start.  r=agl.
Modified Files:
	sslauth.c sslreveal.c


git-svn-id: svn://10.0.0.236/trunk@260949 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-03 18:48:45 +00:00
wtc%google.com
1e99b8cb20 Bug 525092: Support TLS false start. The patch is contributed by Adam 
Langley of Google <agl@chromium.org>.  r=wtc.
Modified Files:
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.h
	lib/ssl/ssl3con.c lib/ssl/ssl3gthr.c lib/ssl/sslimpl.h
	lib/ssl/sslsecur.c lib/ssl/sslsock.c tests/ssl/sslstress.txt


git-svn-id: svn://10.0.0.236/trunk@260919 18797224-902f-48f8-a5cc-f745e15eee43
 2010-07-30 03:00:17 +00:00
alexei.volkov.bugs%sun.com
1830da80df Bug 556497 - ServerSessionIDLookup tries very hard to crash if !gotLock or pcce->sessionIDLength != psce->sessionIDLength. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@260628 18797224-902f-48f8-a5cc-f745e15eee43
 2010-07-05 19:31:56 +00:00
wtc%google.com
2be3505cb6 Bug 571797: do not check block cipher padding if decryption failed. The 
patch is contributed by Brian Smith <brian@briansmith.org>.  r=wtc.


git-svn-id: svn://10.0.0.236/trunk@260569 18797224-902f-48f8-a5cc-f745e15eee43
 2010-06-24 19:53:20 +00:00
nelson%bolyard.com
4cf2a89eea Bug 571797: NSS should not send the decryption_failed alert 
Patch contributed by Brian Smith <brian@briansmith.org>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@260550 18797224-902f-48f8-a5cc-f745e15eee43
 2010-06-24 09:24:18 +00:00
nelson%bolyard.com
536cc6effe Bug 571796: ssl3_HandleRecord should check all the padding bytes 
Patch contributed by Brian Smith <brian@briansmith.org>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@260486 18797224-902f-48f8-a5cc-f745e15eee43
 2010-06-18 06:25:42 +00:00
nelson%bolyard.com
7286c7e079 Bug 562434: SSL_ForceHandshake returns SECSuccess if the peer sends us an application data record 
git-svn-id: svn://10.0.0.236/trunk@260432 18797224-902f-48f8-a5cc-f745e15eee43
 2010-06-06 22:30:02 +00:00
nelson%bolyard.com
25cae7d289 Bug 506041: Correct misspellings in source code comments 
Patch contributed by Michael Kohler <michaelkohler@live.com>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@260229 18797224-902f-48f8-a5cc-f745e15eee43
 2010-04-25 23:37:40 +00:00
nelson%bolyard.com
f01c5988df Bug 555700: ssl3_SendServerNameXtn null checks ss after dereferencing it 
Patch contributed by Timeless <timeless@bemail.org>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@260139 18797224-902f-48f8-a5cc-f745e15eee43
 2010-04-03 19:19:07 +00:00
nelson%bolyard.com
a04e310e21 Bug 554354: SSL client doesn't validate ECDH params from server, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@260138 18797224-902f-48f8-a5cc-f745e15eee43
 2010-04-03 19:06:23 +00:00
nelson%bolyard.com
c0b5e7332d Bug 415565: Use new NSPR atomic macros in NSS 
Patch contributed by Steve Snyder <swsnyder@snydernet.net>, r=wtc


git-svn-id: svn://10.0.0.236/trunk@260135 18797224-902f-48f8-a5cc-f745e15eee43
 2010-04-03 18:27:33 +00:00
alexei.volkov.bugs%sun.com
00fc6017fa Fix virtual name cache initialisation. Privided by nelson. r=alexei 
git-svn-id: svn://10.0.0.236/trunk@260042 18797224-902f-48f8-a5cc-f745e15eee43
 2010-03-26 20:47:57 +00:00
nelson%bolyard.com
220be4d7df Bug 507371: useless null check of hashBuf in ssl3_ComputeECDHKeyHash 
Patch contributed by Timeless <timeless@mozdev.org>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@259980 18797224-902f-48f8-a5cc-f745e15eee43
 2010-03-15 08:03:14 +00:00
nelson%bolyard.com
e49479c092 Bug 550432 ssl2_GatherData calls PORT_Memcmp with unintialized mac when gs->offset < macLen 
Patch contributed by timeless <timeless@bemail.org>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@259895 18797224-902f-48f8-a5cc-f745e15eee43
 2010-03-06 21:23:34 +00:00
alexei.volkov.bugs%sun.com
1121fde6c4 Backout the previous patch. Restore state of the trunk before tagging the tree. 
git-svn-id: svn://10.0.0.236/trunk@259856 18797224-902f-48f8-a5cc-f745e15eee43
 2010-03-01 20:03:45 +00:00
alexei.volkov.bugs%sun.com
9ac9e59801 537356 - Implement new safe SSL3 & TLS renegotiation. Change renegotiation default to be SSL_RENEGOTIATE_REQUIRES_XTN. r=wtc. 
git-svn-id: svn://10.0.0.236/trunk@259821 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-26 20:44:54 +00:00
alexei.volkov.bugs%sun.com
afbbd7d153 548654 - libssl: handshake failure alert is set twice upon unsuccessful extension parsing. r=wtc 
git-svn-id: svn://10.0.0.236/trunk@259819 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-26 19:25:44 +00:00
wtc%google.com
88282f31d8 Bug 537356: Redefine SSL_RENEGOTIATE_CLIENT_ONLY as 
SSL_RENEGOTIATE_TRANSITIONAL, changing its meaning for server sockets,  and
make it the default.  r=rrelyea.
Modified Files:
	ssl.h ssl3con.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@259722 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-17 02:29:08 +00:00
wtc%google.com
7438b8e95a Bug 537356: Rename SCSV. In the final RFC, the symbolic name of the SCSV 
changed to TLS_EMPTY_RENEGOTIATION_INFO_SCSV.  r=christophe,rrelyea.
Modified Files:
	cmd/ssltap/ssltap.c lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslproto.h


git-svn-id: svn://10.0.0.236/trunk@259715 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-16 18:56:48 +00:00
wtc%google.com
1aa1b407a5 Bug 496993: Add accessor functions for SSL_ImplementedCiphers and 
SSL_NumImplementedCiphers.  r=nelson.
Modified Files:
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.def
	lib/ssl/ssl.h lib/ssl/sslenum.c


git-svn-id: svn://10.0.0.236/trunk@259676 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-10 18:07:21 +00:00
wtc%google.com
9c501fd076 Bug 495358: Remove obsolete Classic Mac OS code. r=emaldona. 
Modified Files:
	nss/nss.h ssl/sslimpl.h


git-svn-id: svn://10.0.0.236/trunk@259658 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-10 00:33:50 +00:00
wtc%google.com
8243dfe878 Bug 275744: Use either system zlib or nss/lib/zlib. Unset NSS_ENABLE_ZLIB 
when building (make NSS_ENABLE_ZLIB=) to turn off TLS deflate compression.
r=rrelyea.
Modified Files:
	Makefile config.mk


git-svn-id: svn://10.0.0.236/trunk@259602 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-04 19:09:08 +00:00
wtc%google.com
4ad6a3c20d Bug 540304: Rename ExtensionType to SSLExtensionType. The patch is 
contributed by Kai Engert <kaie@kuix.de>.  r=wtc.
Modified Files:
	ssl.h sslreveal.c sslt.h


git-svn-id: svn://10.0.0.236/trunk@259597 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-04 03:21:11 +00:00
wtc%google.com
94ac5cd996 Bug 537356: Don't add SCSV to ss->cipherSpecs (for SSL 2.0), to eliminate 
the doubt that SCSV could be negotiated by mistake.  r=nelson,rrelyea.
Modified Files:
	sslcon.c sslimpl.h


git-svn-id: svn://10.0.0.236/trunk@259596 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-04 03:08:45 +00:00
wtc%google.com
13cd60e59c Bug 275744: Add new error code SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD 
when we detect missing compression.  The patch is contributed by Adam
Langley <agl@chromium.org>.  r=nelson,wtc.
Modified Files:
	cmd/lib/SSLerrs.h lib/ssl/ssl3con.c lib/ssl/sslerr.h


git-svn-id: svn://10.0.0.236/trunk@259586 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-03 03:44:29 +00:00
wtc%google.com
d49496f0ff Bug 537356: Disable the ECC cipher suites for SSL 3.0 renegotiations 
because we don't send the elliptic_curves and ec_point_format extensions
in SSL 3.0 client hello.  r=nelson.


git-svn-id: svn://10.0.0.236/trunk@259579 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-03 02:46:15 +00:00
wtc%google.com
44e58a0d4e Bug 537356: Don't bother initializing unused entries in client hello 
senders arrays with { -1, NULL }.  r=nelson.


git-svn-id: svn://10.0.0.236/trunk@259578 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-03 02:38:20 +00:00
alexei.volkov.bugs%sun.com
08cba3b588 360421 - Implement TLS Server Name Indication for servers. Save server name in session ticket. r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@259576 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-03 02:25:36 +00:00
wtc%google.com
e33fb104bb Bug 537356: Send SCSV in SSLv2-compatible client hellos. r=nelson. 
git-svn-id: svn://10.0.0.236/trunk@259513 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-30 03:48:10 +00:00
wtc%google.com
3f6d220c28 Bug 537356: server-side SSL_RENEGOTIATE_REQUIRES_XTN code should handle 
both client-initiated (ss->ssl3.hs.ws == idle_handshake) and
server-initiated (ss->ssl3.hs.ws == wait_client_hello) renegotiations.
r=kaie,nelson.


git-svn-id: svn://10.0.0.236/trunk@259506 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-29 19:55:42 +00:00
wtc%google.com
fa46d39e9d Bug 537356: In SSL 3.0, send and handle the renegotiation_info extension 
but not any other extension.  r=rrelyea.
Modified Files:
	ssl3con.c ssl3ext.c


git-svn-id: svn://10.0.0.236/trunk@259505 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-29 19:20:28 +00:00
kaie%kuix.de
bd4c4b9fa4 Bug 540304, Implement SSL_HandshakeNegotiatedExtension 
r=nelson


git-svn-id: svn://10.0.0.236/trunk@259501 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-28 16:14:25 +00:00
nelson%bolyard.com
0bc55de11a Bug 537356: Implement new safe SSL3 & TLS renegotiation, r=wtc 
git-svn-id: svn://10.0.0.236/trunk@259500 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-28 06:19:13 +00:00
wtc%google.com
66dfd7adba Bug 536474: Add support for logging pre-master secrets. The patch is 
contributed by Adam Langley <agl@chromium.org>.  r=nelson,wtc.
Modified Files:
	ssl3con.c sslimpl.h sslsock.c


git-svn-id: svn://10.0.0.236/trunk@259455 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-22 03:47:42 +00:00
alexei.volkov.bugs%sun.com
9cbdff6813 additional fix for bug 360421 - Implement TLS Server Name Indication for servers. 
git-svn-id: svn://10.0.0.236/trunk@259404 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-15 01:49:34 +00:00
alexei.volkov.bugs%sun.com
d26b36b737 360421 - Implement TLS Server Name Indication for servers. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@259396 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-14 22:15:26 +00:00