Commit Graph

174 Commits

Author SHA1 Message Date
jpierre%netscape.com
3c9a7eb176 Fix for 244095 - link NSS libraries with -R $ORIGIN on Solaris 2004-05-25 00:13:12 +00:00
wchang0222%aol.com
081ede0ac7 Bugscape bug 57081: If the make variable NISCC_TEST is defined at build
time, add -DNISCC_TEST to the compile command line.  The NISCC_TEST macro
enables special code that's conditionally compiled for NISCC testing.
Modified Files:
	cmd/smimetools/Makefile cmd/smimetools/cmsutil.c
	lib/ssl/config.mk lib/ssl/manifest.mn
2004-05-13 01:29:15 +00:00
jpierre%netscape.com
79af302c8e Fix for 242984 - crash with application having incomplete PRIOMethods. r=nelsonb,wtc 2004-05-11 03:48:25 +00:00
gerv%gerv.net
9bd361a285 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 2004-04-27 23:04:40 +00:00
gerv%gerv.net
3634d4d94b Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
c4b2be519c Add conditionally compiled code for NISCC testing of NSS's SSL library.
patch by Ian McGreer.  Bugscape bug 53322.
2004-03-05 23:28:57 +00:00
jpierre%netscape.com
f1a9128ad1 Fix for 235874 - crash in PK11_DigestKey . r=wtc, nelsonb 2004-03-03 03:18:56 +00:00
nelsonb%netscape.com
8dc069e8e4 Overload the error code SSL_ERROR_RX_RECORD_TOO_LONG to report SSL2
records that are too short.  Bugscape bug 54814
2004-01-08 06:52:00 +00:00
jpierre%netscape.com
8a6338d551 Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF 2004-01-08 01:37:46 +00:00
wchang0222%aol.com
9ccb6b87c5 Made wincx the last argument of PK11_PubDeriveExtended. r=relyea.
Modified Files: pk11func.h pk11skey.c ssl3con.c
2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
390b635832 Grow handshake message buffer once per message, not once per each message
segment received.  Bugscape bug 53418.
2003-11-05 06:22:57 +00:00
nelsonb%netscape.com
afd97d4f96 Remove one unnecessary transition from the SSL3 state machine.
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337
2003-10-31 07:01:05 +00:00
wchang0222%aol.com
4327068745 Bugzilla bug 222065: fixed a bug (inside #ifdef WINNT) introduced in the
previous checkin.
2003-10-22 01:00:10 +00:00
nelsonb%netscape.com
9413aae7aa When the SSL_NO_CACHE option is set on an SSL server socket, don't touch
the server session cache AT ALL.  Bug 222726
2003-10-19 01:55:50 +00:00
nelsonb%netscape.com
6436ed5ab3 Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452. 2003-10-19 01:31:41 +00:00
nelsonb%netscape.com
47dc9b03e8 SSL_ShutdownServerSessionIDCache no longer leaks the cache memory.
Bug 222065. r=wchang0222
2003-10-19 01:25:10 +00:00
ian.mcgreer%sun.com
5c2c5888f9 ECC code landing.
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
2003-10-17 13:45:42 +00:00
nelsonb%netscape.com
8464dc0bb6 Eliminate unnecessary copying of CA names in HandleCertRequest.
Bug 204686.
2003-10-07 02:24:01 +00:00
nelsonb%netscape.com
96f28b4691 Detect Zero length certs and zero length CA names. Bug 204686.
Also, eliminate unnecessary copying of incoming certs.
2003-10-03 02:01:18 +00:00
wtc%netscape.com
4f4355b894 Bugzilla bug 214674: made the Linux implementation of sslMutex really work.
They were no-ops in multiprocess mode before.  The patch is Nelson
Bolyard's.  r=wtc.
2003-08-28 22:23:59 +00:00
nelsonb%netscape.com
cc8d6b1b9f Eliminate TCP connection reset errors that occur when server requires
client auth and SSL3 client doesn't authenticate.  The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.
2003-05-30 23:22:39 +00:00
wtc%netscape.com
213a402f9d Bug 134113: make NSS build on Win32 using GCC (MinGW). The patch
(attachment 121068) is contributed by Chris Seawood (cls@seawood.org).
2003-04-20 04:23:37 +00:00
jpierre%netscape.com
3609f97d06 Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb 2003-04-17 02:03:39 +00:00
jpierre%netscape.com
d07c7a50f5 Fix for 201259 . Make the default client auth callback NSS_GetClientAuthData work with dual-key certs. r=nelsonb, sr=wtc 2003-04-09 22:23:10 +00:00
nelsonb%netscape.com
3f52ba47c1 Changes to enable ECC over characteristic 2^m fields.
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
 nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
 nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
 nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
 nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
 nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
 nss/lib/util/secoidt.h
2003-03-29 00:18:30 +00:00
nelsonb%netscape.com
29640f53f9 Add missing return statement. 2003-03-27 03:07:47 +00:00
wtc%netscape.com
a98f4c0628 Bug 199082: checked in Nelson's patch, which
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c
2003-03-26 00:31:13 +00:00
relyea%netscape.com
abfd3a64f2 Make indention style consistant with SSL's usage, not softoken/pk11 usage. 2003-03-13 16:36:43 +00:00
relyea%netscape.com
d9b9435a62 Allow for tokens that don't require login. bug 197082 2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
f87129ad87 Add support for Elliptic Curve Cryptography. Bug 195135.
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
15064057ce Fix bug 160207. Make TLS implementation resistant to timing attacks on
CBC block mode cipher suites in TLS.  See bug for details.
2003-02-21 23:00:16 +00:00
relyea%netscape.com
4c4ce5586d Bug 167756. Address Nelson's review comments. remove socket specific latency
in favor of a slot specific latency test (already done by pk11wrap code).
2003-02-15 01:21:25 +00:00
relyea%netscape.com
998b101109 Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure. 2003-01-23 22:02:37 +00:00
relyea%netscape.com
7d03017158 Check for token removal before continuing SSL sessions which have client auth
with certs associated with that token. bug 167756.
2003-01-23 17:27:34 +00:00
jpierre%netscape.com
f593a5bac0 Fix for bug #126930 - make SSL_ConfigServreSessionIDCache work on OS/2 by not using shared memory in single process mode. r=nelsonb 2003-01-23 00:15:08 +00:00
nelsonb%netscape.com
6b4fae5a4a Don't reject a cert request with an empty list of CA cert names.
Don't crash with an empty CA name list.
2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
6710514e32 Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342. 2002-11-05 00:25:20 +00:00
wtc%netscape.com
d7b153e145 Bug 127740: added a comment to explain the thread yield in
ssl3_SendApplicationData.
2002-09-30 20:51:05 +00:00
wtc%netscape.com
0051b0f950 Bug 153380: document the default values for the SSL options. 2002-09-18 22:32:19 +00:00
jpierre%netscape.com
58167f8fae Fix NT build 2002-09-07 02:48:45 +00:00
jpierre%netscape.com
78ade1e7f9 Fix compiler warnings 2002-09-07 01:48:46 +00:00
nicolson%netscape.com
e179fe8904 Fix 164126: makefile build error.
Change the NSS module name from "security" to "nss".
2002-09-06 16:38:56 +00:00
wtc%netscape.com
a897ae16a9 Bugs 166734 and 166785: fixed compiler warnings reported by gcc on Linux.
The patch for this checkin is attached to bug 166785.
2002-09-06 00:27:52 +00:00
nelsonb%netscape.com
644319e67f Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 2002-08-09 21:53:17 +00:00
nelsonb%netscape.com
3843ef99c0 Fix bug 160207 by changing the error alerts we send for failed decryption. 2002-08-07 20:01:51 +00:00
bishakhabanerjee%netscape.com
65f7eca2f9 Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 2002-07-30 20:57:44 +00:00
relyea%netscape.com
43480112f3 Initialize type field to clear off purify warnings. 2002-06-25 23:00:59 +00:00
nelsonb%netscape.com
071fe9ae9c Fix bug 135261. Create symbolic names for the values 2 and 3 for the
SSL_REQUIRE_CERTIFICATE option.  Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.
2002-06-22 01:40:32 +00:00
wtc%netscape.com
47b432c0f5 Bug 153380: TLS is enabled by default now. 2002-06-21 18:25:46 +00:00
ian.mcgreer%sun.com
607f12501a bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc
r=relyea
2002-06-19 15:21:37 +00:00