strsclnt with SSL2 enabled, so I need to fix that first.
Modified Files:
ssl3con.c sslcon.c
git-svn-id: svn://10.0.0.236/trunk@264747 18797224-902f-48f8-a5cc-f745e15eee43
even if we support all the currently specified curves
(NSS_ECC_MORE_THAN_SUITE_B is set). r=agl,rrelyea.
Modified Files:
ssl3con.c sslcon.c
git-svn-id: svn://10.0.0.236/trunk@264744 18797224-902f-48f8-a5cc-f745e15eee43
parentheses. The patch is contributed by Nico Weber <thakis@chromium.org>.
r=wtc.
git-svn-id: svn://10.0.0.236/trunk@263505 18797224-902f-48f8-a5cc-f745e15eee43
Based on patch contributed by Adam Langley of Google <agl@chromium.org>.
r=agl,nelson.
Modified Files:
notes.txt ssl3con.c sslcon.c sslimpl.h sslsecur.c
git-svn-id: svn://10.0.0.236/trunk@261113 18797224-902f-48f8-a5cc-f745e15eee43
the doubt that SCSV could be negotiated by mistake. r=nelson,rrelyea.
Modified Files:
sslcon.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@259596 18797224-902f-48f8-a5cc-f745e15eee43
compare of two memory regions, and use it in libSSL for comparing secret
data. The patch is contributed by Adam Langley <agl@chromium.org> of
Google. r=wtc,nelson.
Modified Files:
lib/ssl/ssl3con.c lib/ssl/sslcon.c lib/ssl/sslgathr.c
lib/util/nssutil.def lib/util/secport.c lib/util/secport.h
git-svn-id: svn://10.0.0.236/trunk@258699 18797224-902f-48f8-a5cc-f745e15eee43
and not TLS, they should not negotiate ECC ciphersuites at all.
Bug 341707. r=rrelyea.
git-svn-id: svn://10.0.0.236/trunk@203068 18797224-902f-48f8-a5cc-f745e15eee43
SSL now follows NSPR socket semantics and never returns a short write
count on a blocking socket. On a blocking socket, it returns either
the full count or -1 (with an error code set).
For non-blocking sockets, SSL no longer returns a full write count
when some of the data remains buffered in the SSL record layer.
Instead it returns a number is that always at least 1 byte short of a
full write count, so that the caller will keep retrying until it is done.
SSL makes sure that the first byte sent by the caller in the retry
matches the last byte previously buffered. r=rrelyea.
Modified Files: ssl3con.c sslcon.c ssldef.c sslimpl.h sslsecur.c
git-svn-id: svn://10.0.0.236/trunk@194962 18797224-902f-48f8-a5cc-f745e15eee43
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c. derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
SSL messages. Previously NSS would reject some it should accept
and vice versa. Bugscape bug 57121. r=wtc,julien
git-svn-id: svn://10.0.0.236/trunk@158397 18797224-902f-48f8-a5cc-f745e15eee43
rather than being pointed to by the sslSocket. This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks. sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.
git-svn-id: svn://10.0.0.236/trunk@115407 18797224-902f-48f8-a5cc-f745e15eee43
1) Implicit declaration of function.
2) Possibly unitialized variables.
These warnings have indicated some real problems in the code, so many changes
are not just to silence the warnings, but to fix the problems. Others were
inocuous, but the warnings were silenced to reduce the noise.
git-svn-id: svn://10.0.0.236/trunk@109938 18797224-902f-48f8-a5cc-f745e15eee43
remember the certs it sent back when it established the SSL session.
Bug 78959. Also, hold on the certs in the received cert chain until
the SSL connection is complete. This makes it easier for applications
to look at the entire cert chain after the handshake is over without
having to write their own custom authCert callbacks. It is backwards
compatible with older NSS SSL applications, but may use more memory.
git-svn-id: svn://10.0.0.236/trunk@107729 18797224-902f-48f8-a5cc-f745e15eee43
getpeername() occasionally fails with ENOTCONN after a successful
completion of non-blocking connect.
git-svn-id: svn://10.0.0.236/trunk@103680 18797224-902f-48f8-a5cc-f745e15eee43
1. New SSL server session cache implementation that uses finer grained
locking to reduce lock contention, and does 128-way associative caching.
2. rename symbol SSL_SESSIONID_BYTES to SSL2_SESSIONID_BYTES.
3. Work around compiler bug on Solaris i386.
Modified Files:
manifest.mn sslcon.c sslimpl.h sslsecur.c sslsnce.c
git-svn-id: svn://10.0.0.236/trunk@96768 18797224-902f-48f8-a5cc-f745e15eee43
SECHashObjects[] is no longer exported.
New function HASH_GetHashObject returns pointer to selected const object.
SSL statistics are now in a structure whose address is obtained via a
call to SSL_GetStatistics().
On NT, the new symbol NSS_USE_STATIC_LIBS must be declared in programs
that use the static SSL library.
Also, propagate "const" declaration for SECHashObjects.
git-svn-id: svn://10.0.0.236/trunk@84403 18797224-902f-48f8-a5cc-f745e15eee43
