Commit Graph

154 Commits

Author SHA1 Message Date
nelsonb%netscape.com
cc8d6b1b9f Eliminate TCP connection reset errors that occur when server requires
client auth and SSL3 client doesn't authenticate.  The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.
2003-05-30 23:22:39 +00:00
wtc%netscape.com
213a402f9d Bug 134113: make NSS build on Win32 using GCC (MinGW). The patch
(attachment 121068) is contributed by Chris Seawood (cls@seawood.org).
2003-04-20 04:23:37 +00:00
jpierre%netscape.com
3609f97d06 Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb 2003-04-17 02:03:39 +00:00
jpierre%netscape.com
d07c7a50f5 Fix for 201259 . Make the default client auth callback NSS_GetClientAuthData work with dual-key certs. r=nelsonb, sr=wtc 2003-04-09 22:23:10 +00:00
nelsonb%netscape.com
3f52ba47c1 Changes to enable ECC over characteristic 2^m fields.
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
 nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
 nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
 nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
 nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
 nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
 nss/lib/util/secoidt.h
2003-03-29 00:18:30 +00:00
nelsonb%netscape.com
29640f53f9 Add missing return statement. 2003-03-27 03:07:47 +00:00
wtc%netscape.com
a98f4c0628 Bug 199082: checked in Nelson's patch, which
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c
2003-03-26 00:31:13 +00:00
relyea%netscape.com
abfd3a64f2 Make indention style consistant with SSL's usage, not softoken/pk11 usage. 2003-03-13 16:36:43 +00:00
relyea%netscape.com
d9b9435a62 Allow for tokens that don't require login. bug 197082 2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
f87129ad87 Add support for Elliptic Curve Cryptography. Bug 195135.
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
15064057ce Fix bug 160207. Make TLS implementation resistant to timing attacks on
CBC block mode cipher suites in TLS.  See bug for details.
2003-02-21 23:00:16 +00:00
relyea%netscape.com
4c4ce5586d Bug 167756. Address Nelson's review comments. remove socket specific latency
in favor of a slot specific latency test (already done by pk11wrap code).
2003-02-15 01:21:25 +00:00
relyea%netscape.com
998b101109 Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure. 2003-01-23 22:02:37 +00:00
relyea%netscape.com
7d03017158 Check for token removal before continuing SSL sessions which have client auth
with certs associated with that token. bug 167756.
2003-01-23 17:27:34 +00:00
jpierre%netscape.com
f593a5bac0 Fix for bug #126930 - make SSL_ConfigServreSessionIDCache work on OS/2 by not using shared memory in single process mode. r=nelsonb 2003-01-23 00:15:08 +00:00
nelsonb%netscape.com
6b4fae5a4a Don't reject a cert request with an empty list of CA cert names.
Don't crash with an empty CA name list.
2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
6710514e32 Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342. 2002-11-05 00:25:20 +00:00
wtc%netscape.com
d7b153e145 Bug 127740: added a comment to explain the thread yield in
ssl3_SendApplicationData.
2002-09-30 20:51:05 +00:00
wtc%netscape.com
0051b0f950 Bug 153380: document the default values for the SSL options. 2002-09-18 22:32:19 +00:00
jpierre%netscape.com
58167f8fae Fix NT build 2002-09-07 02:48:45 +00:00
jpierre%netscape.com
78ade1e7f9 Fix compiler warnings 2002-09-07 01:48:46 +00:00
nicolson%netscape.com
e179fe8904 Fix 164126: makefile build error.
Change the NSS module name from "security" to "nss".
2002-09-06 16:38:56 +00:00
wtc%netscape.com
a897ae16a9 Bugs 166734 and 166785: fixed compiler warnings reported by gcc on Linux.
The patch for this checkin is attached to bug 166785.
2002-09-06 00:27:52 +00:00
nelsonb%netscape.com
644319e67f Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 2002-08-09 21:53:17 +00:00
nelsonb%netscape.com
3843ef99c0 Fix bug 160207 by changing the error alerts we send for failed decryption. 2002-08-07 20:01:51 +00:00
bishakhabanerjee%netscape.com
65f7eca2f9 Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 2002-07-30 20:57:44 +00:00
relyea%netscape.com
43480112f3 Initialize type field to clear off purify warnings. 2002-06-25 23:00:59 +00:00
nelsonb%netscape.com
071fe9ae9c Fix bug 135261. Create symbolic names for the values 2 and 3 for the
SSL_REQUIRE_CERTIFICATE option.  Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.
2002-06-22 01:40:32 +00:00
wtc%netscape.com
47b432c0f5 Bug 153380: TLS is enabled by default now. 2002-06-21 18:25:46 +00:00
ian.mcgreer%sun.com
607f12501a bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc
r=relyea
2002-06-19 15:21:37 +00:00
wtc%netscape.com
5b50af192d Bugzilla bug 145178: added OpenBSD build support. The patch is contributed
by Christopher Seawood <seawood@netscape.com>.
Modified Files: coreconf/config.mk sslmutex.c sslmutex.h
Added Files: coreconf/OpenBSD.mk
2002-05-18 03:24:17 +00:00
wtc%netscape.com
ec52ca8b50 Bugzilla bug 138532: use pipes instead of semaphores for NetBSD, which does
not have semaphore.h.  Thanks to Chris Seawood <seawood@netscape.com> for
the patch.  Modified files: sslmutex.h sslmutex.c
2002-05-16 13:36:03 +00:00
wtc%netscape.com
272f7f9153 Fixed build breakage on BeOS -- made the ifdef match the one in sslsnce.c. 2002-05-16 05:32:30 +00:00
wtc%netscape.com
e4f5bd3810 Bugzilla bug 127062: use PR_MSG_PEEK instead of MSG_PEEK. 2002-05-01 00:21:50 +00:00
nelsonb%netscape.com
ba4e5d74fc Fix build error on NT. 2002-04-04 01:41:19 +00:00
nelsonb%netscape.com
f9e447b703 Make libSSL build for WinCE. 2002-04-04 00:14:12 +00:00
nelsonb%netscape.com
15d009d11b If an error occurs when attempting to write previously buffered data on
a socket, do not override the error code with PR_WOULD_BLOCK_ERROR.
bug 132899.
2002-03-23 01:06:08 +00:00
ian.mcgreer%sun.com
4ef12717ce bug 132889, sense of boolean 'blocking' is reversed within the HANDLE_ERR macro of ssl_WriteV 2002-03-22 22:48:02 +00:00
nelsonb%netscape.com
26f5c0d8ba Add new bits to struct returned by SSL_GetCipherSuiteInfo. Bug 132438. 2002-03-22 21:43:43 +00:00
wtc%netscape.com
1ced872252 Bugzilla bug 129408: final adjustments of the NSS 3.4 *.def files. List
the symbols in alphabetical order.  In softokn.def, changed "Sofoken 3.4
release" to "NSS 3.4 release, which is what we use in other *.def files.
Added seven new PKCS7 exports to smime.def.  r=relyea
Modified files: nss.def smime.def softokn.def ssl.def
2002-03-07 21:18:49 +00:00
bishakhabanerjee%netscape.com
208526857e Bug 127785 - checked in cseawood's patch 2002-02-27 21:49:41 +00:00
nelsonb%netscape.com
681ff24ca9 1. the sslSecurityInfo and sslGather structs are now part of the sslSocket
rather than being pointed to by the sslSocket.  This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks.  sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.
2002-02-27 04:40:17 +00:00
nelsonb%netscape.com
4bfe43978d Change ssl_GetPeerInfo to no longer assume that an address is IPV6 if
it's not IPv4.  Fixes a bug on systems that don't support IPV6, but
do support other address families.
2002-02-26 00:28:15 +00:00
wtc%netscape.com
6c79ece2fe Bugzilla bug 70217: ported NSS to BeOS. The patch is contributed by
Christopher Seawood <seawood@netscape.com>.
2002-02-22 04:23:30 +00:00
wtc%netscape.com
ddf21869a1 Bugzilla bug 125730: fixed OpenVMS build breakage. Thanks to Colin Blakes
<colin@theblakes.com> for the patch.
odified Files: sslmutex.c sslmutex.h sslsnce.c
2002-02-16 02:52:07 +00:00
wtc%netscape.com
cb5e5f1f21 Bugzilla bug 112198: use the -dylib_file ld option to link the ssl3 and
smime3 dylibs and the NSS tools so that they can find the indirectly
referenced libsoftokn3.dylib.  Define and export DYLD_LIBRARY_PATH.  The
patch is contributed by Brian Ryner <bryner@netscape.com>. r=wtc,beard.
Modified Files:
	coreconf/Darwin.mk nss/cmd/platlibs.mk nss/lib/smime/config.mk
	nss/lib/ssl/config.mk nss/tests/common/init.sh
2002-02-15 23:38:47 +00:00
nelsonb%netscape.com
e023b4422a Change most coreconf and NSS makefiles to use OS_TARGET (which can
be overridden via an environment variable) rather than OS_ARCH.
This is a precursor to more flexibility in cross-platform builds.
Bug 104541.
2002-02-15 22:54:08 +00:00
wtc%netscape.com
da15146da7 Bugzilla bug 112198: Port NSS to Mac OS X (Darwin). The patch is
contributed by Javier Pedemonte <pedemonte@alumni.utexas.net>.
Modified Files:
	coreconf/config.mk coreconf/nsinstall/nsinstall.c
	coreconf/nsinstall/pathsub.c nss/lib/freebl/unix_rand.c
	nss/lib/ssl/unix_err.c
2002-02-10 05:24:49 +00:00
nelsonb%netscape.com
494eb9ffcc Plug one of the leaks reported in bugzilla bug 123081 2002-02-04 23:15:11 +00:00
javi%netscape.com
531a6a7a9d Changes required to get the trunk of NSS building on the Mac. 2002-01-09 23:22:23 +00:00