nelsonb%netscape.com
cc8d6b1b9f
Eliminate TCP connection reset errors that occur when server requires
...
client auth and SSL3 client doesn't authenticate. The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.
2003-05-30 23:22:39 +00:00
wtc%netscape.com
213a402f9d
Bug 134113: make NSS build on Win32 using GCC (MinGW). The patch
...
(attachment 121068) is contributed by Chris Seawood (cls@seawood.org ).
2003-04-20 04:23:37 +00:00
jpierre%netscape.com
3609f97d06
Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb
2003-04-17 02:03:39 +00:00
jpierre%netscape.com
d07c7a50f5
Fix for 201259 . Make the default client auth callback NSS_GetClientAuthData work with dual-key certs. r=nelsonb, sr=wtc
2003-04-09 22:23:10 +00:00
nelsonb%netscape.com
3f52ba47c1
Changes to enable ECC over characteristic 2^m fields.
...
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
nss/lib/util/secoidt.h
2003-03-29 00:18:30 +00:00
nelsonb%netscape.com
29640f53f9
Add missing return statement.
2003-03-27 03:07:47 +00:00
wtc%netscape.com
a98f4c0628
Bug 199082: checked in Nelson's patch, which
...
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
lib/ssl/sslimpl.h lib/ssl/sslsnce.c
2003-03-26 00:31:13 +00:00
relyea%netscape.com
abfd3a64f2
Make indention style consistant with SSL's usage, not softoken/pk11 usage.
2003-03-13 16:36:43 +00:00
relyea%netscape.com
d9b9435a62
Allow for tokens that don't require login. bug 197082
2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
f87129ad87
Add support for Elliptic Curve Cryptography. Bug 195135.
...
Modified Files:
cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
lib/cryptohi/keythi.h lib/cryptohi/seckey.c
lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
lib/softoken/lowkeyti.h lib/softoken/manifest.mn
lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
lib/util/secoid.c lib/util/secoidt.h
Added Files:
lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
15064057ce
Fix bug 160207. Make TLS implementation resistant to timing attacks on
...
CBC block mode cipher suites in TLS. See bug for details.
2003-02-21 23:00:16 +00:00
relyea%netscape.com
4c4ce5586d
Bug 167756. Address Nelson's review comments. remove socket specific latency
...
in favor of a slot specific latency test (already done by pk11wrap code).
2003-02-15 01:21:25 +00:00
relyea%netscape.com
998b101109
Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure.
2003-01-23 22:02:37 +00:00
relyea%netscape.com
7d03017158
Check for token removal before continuing SSL sessions which have client auth
...
with certs associated with that token. bug 167756.
2003-01-23 17:27:34 +00:00
jpierre%netscape.com
f593a5bac0
Fix for bug #126930 - make SSL_ConfigServreSessionIDCache work on OS/2 by not using shared memory in single process mode. r=nelsonb
2003-01-23 00:15:08 +00:00
nelsonb%netscape.com
6b4fae5a4a
Don't reject a cert request with an empty list of CA cert names.
...
Don't crash with an empty CA name list.
2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
6710514e32
Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342.
2002-11-05 00:25:20 +00:00
wtc%netscape.com
d7b153e145
Bug 127740: added a comment to explain the thread yield in
...
ssl3_SendApplicationData.
2002-09-30 20:51:05 +00:00
wtc%netscape.com
0051b0f950
Bug 153380: document the default values for the SSL options.
2002-09-18 22:32:19 +00:00
jpierre%netscape.com
58167f8fae
Fix NT build
2002-09-07 02:48:45 +00:00
jpierre%netscape.com
78ade1e7f9
Fix compiler warnings
2002-09-07 01:48:46 +00:00
nicolson%netscape.com
e179fe8904
Fix 164126: makefile build error.
...
Change the NSS module name from "security" to "nss".
2002-09-06 16:38:56 +00:00
wtc%netscape.com
a897ae16a9
Bugs 166734 and 166785: fixed compiler warnings reported by gcc on Linux.
...
The patch for this checkin is attached to bug 166785.
2002-09-06 00:27:52 +00:00
nelsonb%netscape.com
644319e67f
Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529.
2002-08-09 21:53:17 +00:00
nelsonb%netscape.com
3843ef99c0
Fix bug 160207 by changing the error alerts we send for failed decryption.
2002-08-07 20:01:51 +00:00
bishakhabanerjee%netscape.com
65f7eca2f9
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 20:57:44 +00:00
relyea%netscape.com
43480112f3
Initialize type field to clear off purify warnings.
2002-06-25 23:00:59 +00:00
nelsonb%netscape.com
071fe9ae9c
Fix bug 135261. Create symbolic names for the values 2 and 3 for the
...
SSL_REQUIRE_CERTIFICATE option. Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.
2002-06-22 01:40:32 +00:00
wtc%netscape.com
47b432c0f5
Bug 153380: TLS is enabled by default now.
2002-06-21 18:25:46 +00:00
ian.mcgreer%sun.com
607f12501a
bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc
...
r=relyea
2002-06-19 15:21:37 +00:00
wtc%netscape.com
5b50af192d
Bugzilla bug 145178: added OpenBSD build support. The patch is contributed
...
by Christopher Seawood <seawood@netscape.com>.
Modified Files: coreconf/config.mk sslmutex.c sslmutex.h
Added Files: coreconf/OpenBSD.mk
2002-05-18 03:24:17 +00:00
wtc%netscape.com
ec52ca8b50
Bugzilla bug 138532: use pipes instead of semaphores for NetBSD, which does
...
not have semaphore.h. Thanks to Chris Seawood <seawood@netscape.com> for
the patch. Modified files: sslmutex.h sslmutex.c
2002-05-16 13:36:03 +00:00
wtc%netscape.com
272f7f9153
Fixed build breakage on BeOS -- made the ifdef match the one in sslsnce.c.
2002-05-16 05:32:30 +00:00
wtc%netscape.com
e4f5bd3810
Bugzilla bug 127062: use PR_MSG_PEEK instead of MSG_PEEK.
2002-05-01 00:21:50 +00:00
nelsonb%netscape.com
ba4e5d74fc
Fix build error on NT.
2002-04-04 01:41:19 +00:00
nelsonb%netscape.com
f9e447b703
Make libSSL build for WinCE.
2002-04-04 00:14:12 +00:00
nelsonb%netscape.com
15d009d11b
If an error occurs when attempting to write previously buffered data on
...
a socket, do not override the error code with PR_WOULD_BLOCK_ERROR.
bug 132899.
2002-03-23 01:06:08 +00:00
ian.mcgreer%sun.com
4ef12717ce
bug 132889, sense of boolean 'blocking' is reversed within the HANDLE_ERR macro of ssl_WriteV
2002-03-22 22:48:02 +00:00
nelsonb%netscape.com
26f5c0d8ba
Add new bits to struct returned by SSL_GetCipherSuiteInfo. Bug 132438.
2002-03-22 21:43:43 +00:00
wtc%netscape.com
1ced872252
Bugzilla bug 129408: final adjustments of the NSS 3.4 *.def files. List
...
the symbols in alphabetical order. In softokn.def, changed "Sofoken 3.4
release" to "NSS 3.4 release, which is what we use in other *.def files.
Added seven new PKCS7 exports to smime.def. r=relyea
Modified files: nss.def smime.def softokn.def ssl.def
2002-03-07 21:18:49 +00:00
bishakhabanerjee%netscape.com
208526857e
Bug 127785 - checked in cseawood's patch
2002-02-27 21:49:41 +00:00
nelsonb%netscape.com
681ff24ca9
1. the sslSecurityInfo and sslGather structs are now part of the sslSocket
...
rather than being pointed to by the sslSocket. This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks. sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.
2002-02-27 04:40:17 +00:00
nelsonb%netscape.com
4bfe43978d
Change ssl_GetPeerInfo to no longer assume that an address is IPV6 if
...
it's not IPv4. Fixes a bug on systems that don't support IPV6, but
do support other address families.
2002-02-26 00:28:15 +00:00
wtc%netscape.com
6c79ece2fe
Bugzilla bug 70217: ported NSS to BeOS. The patch is contributed by
...
Christopher Seawood <seawood@netscape.com>.
2002-02-22 04:23:30 +00:00
wtc%netscape.com
ddf21869a1
Bugzilla bug 125730: fixed OpenVMS build breakage. Thanks to Colin Blakes
...
<colin@theblakes.com> for the patch.
odified Files: sslmutex.c sslmutex.h sslsnce.c
2002-02-16 02:52:07 +00:00
wtc%netscape.com
cb5e5f1f21
Bugzilla bug 112198: use the -dylib_file ld option to link the ssl3 and
...
smime3 dylibs and the NSS tools so that they can find the indirectly
referenced libsoftokn3.dylib. Define and export DYLD_LIBRARY_PATH. The
patch is contributed by Brian Ryner <bryner@netscape.com>. r=wtc,beard.
Modified Files:
coreconf/Darwin.mk nss/cmd/platlibs.mk nss/lib/smime/config.mk
nss/lib/ssl/config.mk nss/tests/common/init.sh
2002-02-15 23:38:47 +00:00
nelsonb%netscape.com
e023b4422a
Change most coreconf and NSS makefiles to use OS_TARGET (which can
...
be overridden via an environment variable) rather than OS_ARCH.
This is a precursor to more flexibility in cross-platform builds.
Bug 104541.
2002-02-15 22:54:08 +00:00
wtc%netscape.com
da15146da7
Bugzilla bug 112198: Port NSS to Mac OS X (Darwin). The patch is
...
contributed by Javier Pedemonte <pedemonte@alumni.utexas.net>.
Modified Files:
coreconf/config.mk coreconf/nsinstall/nsinstall.c
coreconf/nsinstall/pathsub.c nss/lib/freebl/unix_rand.c
nss/lib/ssl/unix_err.c
2002-02-10 05:24:49 +00:00
nelsonb%netscape.com
494eb9ffcc
Plug one of the leaks reported in bugzilla bug 123081
2002-02-04 23:15:11 +00:00
javi%netscape.com
531a6a7a9d
Changes required to get the trunk of NSS building on the Mac.
2002-01-09 23:22:23 +00:00