ss->ssl3.clientPrivateKey for all key exchange algorithms, otherwise we
will send a Certificate message in renegotiation even if the renegotiation
doesn't request client auth. Move the cleanup of clientCertChain and
clientPrivateKey from ssl3_HandleCertificateRequest to
ssl3_HandleServerHello as a second defense. The patch is contributed by
Ryan Sleevi <ryan.sleevi@gmail.com>. r=wtc.
git-svn-id: svn://10.0.0.236/trunk@261791 18797224-902f-48f8-a5cc-f745e15eee43
SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY to be specific about key type.
TBR=kaie.
Modified Files:
cmd/lib/SSLerrs.h lib/ssl/ssl3con.c lib/ssl/sslerr.h
git-svn-id: svn://10.0.0.236/trunk@261157 18797224-902f-48f8-a5cc-f745e15eee43
Based on patch contributed by Adam Langley of Google <agl@chromium.org>.
r=agl,nelson.
Modified Files:
notes.txt ssl3con.c sslcon.c sslimpl.h sslsecur.c
git-svn-id: svn://10.0.0.236/trunk@261113 18797224-902f-48f8-a5cc-f745e15eee43
Add a new error code SSL_ERROR_WEAK_SERVER_KEY for the dh_p size check in
ssl3_HandleServerKeyExchange. r=nelson.
Modified Files:
cmd/lib/SSLerrs.h lib/ssl/ssl3con.c lib/ssl/sslerr.h
git-svn-id: svn://10.0.0.236/trunk@261049 18797224-902f-48f8-a5cc-f745e15eee43
SSL_RENEGOTIATE_TRANSITIONAL, changing its meaning for server sockets, and
make it the default. r=rrelyea.
Modified Files:
ssl.h ssl3con.c sslsock.c
git-svn-id: svn://10.0.0.236/trunk@259722 18797224-902f-48f8-a5cc-f745e15eee43
when we detect missing compression. The patch is contributed by Adam
Langley <agl@chromium.org>. r=nelson,wtc.
Modified Files:
cmd/lib/SSLerrs.h lib/ssl/ssl3con.c lib/ssl/sslerr.h
git-svn-id: svn://10.0.0.236/trunk@259586 18797224-902f-48f8-a5cc-f745e15eee43
because we don't send the elliptic_curves and ec_point_format extensions
in SSL 3.0 client hello. r=nelson.
git-svn-id: svn://10.0.0.236/trunk@259579 18797224-902f-48f8-a5cc-f745e15eee43
but not any other extension. r=rrelyea.
Modified Files:
ssl3con.c ssl3ext.c
git-svn-id: svn://10.0.0.236/trunk@259505 18797224-902f-48f8-a5cc-f745e15eee43
otherwise zlib returns Z_BUF_ERROR, which we consider fatal. The patch is
contributed by Adam Langley of Google <agl@chromium.org>. r=wtc,nelson.
git-svn-id: svn://10.0.0.236/trunk@259136 18797224-902f-48f8-a5cc-f745e15eee43
after including zlib.h. Rename compress to compressor and decompress to
decompressor to avoid the compress macro that may be defined by zconf.h.
r=nelson.
Modified Files:
ssl3con.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@259050 18797224-902f-48f8-a5cc-f745e15eee43
patch is contributed by Adam Langley of Google <agl@chromium.org>.
r=wtc,nelson.
git-svn-id: svn://10.0.0.236/trunk@259049 18797224-902f-48f8-a5cc-f745e15eee43
built as part of Mozilla, the 'compress' member of the ssl3CipherSpec
structure gets renamed. Undefine 'compress' to avoid that. r=nelson.
git-svn-id: svn://10.0.0.236/trunk@258982 18797224-902f-48f8-a5cc-f745e15eee43
desirability so that servers that simply pick the first mutually supported
compression method will pick the best compression method. Add compression
method info to the SSLChannelInfo structure. Rename SSL3CompressionMethod
to SSLCompressionMethod and add the ssl_ prefix to the enum constants.
Remove an extra comma in strsclnt.c that breaks the concatenation of two
string literals. r=agl,rrelyea,nelson.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c lib/ssl/ssl3con.c lib/ssl/ssl3ext.c
lib/ssl/ssl3prot.h lib/ssl/sslimpl.h lib/ssl/sslinfo.c
lib/ssl/sslsnce.c lib/ssl/sslt.h tests/ssl/sslstress.txt
git-svn-id: svn://10.0.0.236/trunk@258919 18797224-902f-48f8-a5cc-f745e15eee43
Disable SSL 3.x renegotiation by default. Add new options to re-enable.
r=wtc,rrelyea
git-svn-id: svn://10.0.0.236/trunk@258888 18797224-902f-48f8-a5cc-f745e15eee43
SSL option and the -z command-line option for tstclnt, strsclnt, and
selfserv for enabling the DEFLATE compression method. The patch is
contributed by Adam Langley <agl@chromium.org> of Google. r=nelson.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c lib/ssl/Makefile lib/ssl/ssl.h
lib/ssl/ssl3con.c lib/ssl/ssl3prot.h lib/ssl/sslerr.h
lib/ssl/sslimpl.h lib/ssl/sslsock.c
git-svn-id: svn://10.0.0.236/trunk@258862 18797224-902f-48f8-a5cc-f745e15eee43
compare of two memory regions, and use it in libSSL for comparing secret
data. The patch is contributed by Adam Langley <agl@chromium.org> of
Google. r=wtc,nelson.
Modified Files:
lib/ssl/ssl3con.c lib/ssl/sslcon.c lib/ssl/sslgathr.c
lib/util/nssutil.def lib/util/secport.c lib/util/secport.h
git-svn-id: svn://10.0.0.236/trunk@258699 18797224-902f-48f8-a5cc-f745e15eee43
include any headers from lib/ssl. r=nelson.
Modified Files:
softoken/pkcs11c.c ssl/manifest.mn ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@254368 18797224-902f-48f8-a5cc-f745e15eee43
