jpierre%netscape.com
3c9a7eb176
Fix for 244095 - link NSS libraries with -R $ORIGIN on Solaris
2004-05-25 00:13:12 +00:00
wchang0222%aol.com
081ede0ac7
Bugscape bug 57081: If the make variable NISCC_TEST is defined at build
...
time, add -DNISCC_TEST to the compile command line. The NISCC_TEST macro
enables special code that's conditionally compiled for NISCC testing.
Modified Files:
cmd/smimetools/Makefile cmd/smimetools/cmsutil.c
lib/ssl/config.mk lib/ssl/manifest.mn
2004-05-13 01:29:15 +00:00
jpierre%netscape.com
79af302c8e
Fix for 242984 - crash with application having incomplete PRIOMethods. r=nelsonb,wtc
2004-05-11 03:48:25 +00:00
gerv%gerv.net
9bd361a285
Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines.
2004-04-27 23:04:40 +00:00
gerv%gerv.net
3634d4d94b
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
c4b2be519c
Add conditionally compiled code for NISCC testing of NSS's SSL library.
...
patch by Ian McGreer. Bugscape bug 53322.
2004-03-05 23:28:57 +00:00
jpierre%netscape.com
f1a9128ad1
Fix for 235874 - crash in PK11_DigestKey . r=wtc, nelsonb
2004-03-03 03:18:56 +00:00
nelsonb%netscape.com
8dc069e8e4
Overload the error code SSL_ERROR_RX_RECORD_TOO_LONG to report SSL2
...
records that are too short. Bugscape bug 54814
2004-01-08 06:52:00 +00:00
jpierre%netscape.com
8a6338d551
Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF
2004-01-08 01:37:46 +00:00
wchang0222%aol.com
9ccb6b87c5
Made wincx the last argument of PK11_PubDeriveExtended. r=relyea.
...
Modified Files: pk11func.h pk11skey.c ssl3con.c
2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
390b635832
Grow handshake message buffer once per message, not once per each message
...
segment received. Bugscape bug 53418.
2003-11-05 06:22:57 +00:00
nelsonb%netscape.com
afd97d4f96
Remove one unnecessary transition from the SSL3 state machine.
...
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337
2003-10-31 07:01:05 +00:00
wchang0222%aol.com
4327068745
Bugzilla bug 222065: fixed a bug (inside #ifdef WINNT) introduced in the
...
previous checkin.
2003-10-22 01:00:10 +00:00
nelsonb%netscape.com
9413aae7aa
When the SSL_NO_CACHE option is set on an SSL server socket, don't touch
...
the server session cache AT ALL. Bug 222726
2003-10-19 01:55:50 +00:00
nelsonb%netscape.com
6436ed5ab3
Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452.
2003-10-19 01:31:41 +00:00
nelsonb%netscape.com
47dc9b03e8
SSL_ShutdownServerSessionIDCache no longer leaks the cache memory.
...
Bug 222065. r=wchang0222
2003-10-19 01:25:10 +00:00
ian.mcgreer%sun.com
5c2c5888f9
ECC code landing.
...
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
2003-10-17 13:45:42 +00:00
nelsonb%netscape.com
8464dc0bb6
Eliminate unnecessary copying of CA names in HandleCertRequest.
...
Bug 204686.
2003-10-07 02:24:01 +00:00
nelsonb%netscape.com
96f28b4691
Detect Zero length certs and zero length CA names. Bug 204686.
...
Also, eliminate unnecessary copying of incoming certs.
2003-10-03 02:01:18 +00:00
wtc%netscape.com
4f4355b894
Bugzilla bug 214674: made the Linux implementation of sslMutex really work.
...
They were no-ops in multiprocess mode before. The patch is Nelson
Bolyard's. r=wtc.
2003-08-28 22:23:59 +00:00
nelsonb%netscape.com
cc8d6b1b9f
Eliminate TCP connection reset errors that occur when server requires
...
client auth and SSL3 client doesn't authenticate. The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.
2003-05-30 23:22:39 +00:00
wtc%netscape.com
213a402f9d
Bug 134113: make NSS build on Win32 using GCC (MinGW). The patch
...
(attachment 121068) is contributed by Chris Seawood (cls@seawood.org ).
2003-04-20 04:23:37 +00:00
jpierre%netscape.com
3609f97d06
Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb
2003-04-17 02:03:39 +00:00
jpierre%netscape.com
d07c7a50f5
Fix for 201259 . Make the default client auth callback NSS_GetClientAuthData work with dual-key certs. r=nelsonb, sr=wtc
2003-04-09 22:23:10 +00:00
nelsonb%netscape.com
3f52ba47c1
Changes to enable ECC over characteristic 2^m fields.
...
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
nss/lib/util/secoidt.h
2003-03-29 00:18:30 +00:00
nelsonb%netscape.com
29640f53f9
Add missing return statement.
2003-03-27 03:07:47 +00:00
wtc%netscape.com
a98f4c0628
Bug 199082: checked in Nelson's patch, which
...
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
lib/ssl/sslimpl.h lib/ssl/sslsnce.c
2003-03-26 00:31:13 +00:00
relyea%netscape.com
abfd3a64f2
Make indention style consistant with SSL's usage, not softoken/pk11 usage.
2003-03-13 16:36:43 +00:00
relyea%netscape.com
d9b9435a62
Allow for tokens that don't require login. bug 197082
2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
f87129ad87
Add support for Elliptic Curve Cryptography. Bug 195135.
...
Modified Files:
cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
lib/cryptohi/keythi.h lib/cryptohi/seckey.c
lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
lib/softoken/lowkeyti.h lib/softoken/manifest.mn
lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
lib/util/secoid.c lib/util/secoidt.h
Added Files:
lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
15064057ce
Fix bug 160207. Make TLS implementation resistant to timing attacks on
...
CBC block mode cipher suites in TLS. See bug for details.
2003-02-21 23:00:16 +00:00
relyea%netscape.com
4c4ce5586d
Bug 167756. Address Nelson's review comments. remove socket specific latency
...
in favor of a slot specific latency test (already done by pk11wrap code).
2003-02-15 01:21:25 +00:00
relyea%netscape.com
998b101109
Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure.
2003-01-23 22:02:37 +00:00
relyea%netscape.com
7d03017158
Check for token removal before continuing SSL sessions which have client auth
...
with certs associated with that token. bug 167756.
2003-01-23 17:27:34 +00:00
jpierre%netscape.com
f593a5bac0
Fix for bug #126930 - make SSL_ConfigServreSessionIDCache work on OS/2 by not using shared memory in single process mode. r=nelsonb
2003-01-23 00:15:08 +00:00
nelsonb%netscape.com
6b4fae5a4a
Don't reject a cert request with an empty list of CA cert names.
...
Don't crash with an empty CA name list.
2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
6710514e32
Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342.
2002-11-05 00:25:20 +00:00
wtc%netscape.com
d7b153e145
Bug 127740: added a comment to explain the thread yield in
...
ssl3_SendApplicationData.
2002-09-30 20:51:05 +00:00
wtc%netscape.com
0051b0f950
Bug 153380: document the default values for the SSL options.
2002-09-18 22:32:19 +00:00
jpierre%netscape.com
58167f8fae
Fix NT build
2002-09-07 02:48:45 +00:00
jpierre%netscape.com
78ade1e7f9
Fix compiler warnings
2002-09-07 01:48:46 +00:00
nicolson%netscape.com
e179fe8904
Fix 164126: makefile build error.
...
Change the NSS module name from "security" to "nss".
2002-09-06 16:38:56 +00:00
wtc%netscape.com
a897ae16a9
Bugs 166734 and 166785: fixed compiler warnings reported by gcc on Linux.
...
The patch for this checkin is attached to bug 166785.
2002-09-06 00:27:52 +00:00
nelsonb%netscape.com
644319e67f
Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529.
2002-08-09 21:53:17 +00:00
nelsonb%netscape.com
3843ef99c0
Fix bug 160207 by changing the error alerts we send for failed decryption.
2002-08-07 20:01:51 +00:00
bishakhabanerjee%netscape.com
65f7eca2f9
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 20:57:44 +00:00
relyea%netscape.com
43480112f3
Initialize type field to clear off purify warnings.
2002-06-25 23:00:59 +00:00
nelsonb%netscape.com
071fe9ae9c
Fix bug 135261. Create symbolic names for the values 2 and 3 for the
...
SSL_REQUIRE_CERTIFICATE option. Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.
2002-06-22 01:40:32 +00:00
wtc%netscape.com
47b432c0f5
Bug 153380: TLS is enabled by default now.
2002-06-21 18:25:46 +00:00
ian.mcgreer%sun.com
607f12501a
bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc
...
r=relyea
2002-06-19 15:21:37 +00:00