summaryrefslogtreecommitdiffstats
path: root/net/third_party/nss/README.chromium
Commit message (Collapse)AuthorAgeFilesLines
* Allow SSL_HandshakeNegotiatedExtension to be called before the handshakewtc@chromium.org2011-08-251-0/+5
| | | | | | | | | | | | is finished. R=agl@chromium.org,mattm@chromium.org BUG=88782 TEST=none Review URL: http://codereview.chromium.org/7746010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98277 0039d316-1c4b-4281-b951-d872f2087c98
* Send only one byte of data in the first CBC encrypted aplication datawtc@chromium.org2011-08-181-0/+6
| | | | | | | | | | | | | | record. This randomizes the IV in a backward compatible manner. R=agl@chromium.org BUG=87159 TEST=HTTPS sites continue to work. Review URL: http://codereview.chromium.org/7621002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97269 0039d316-1c4b-4281-b951-d872f2087c98
* Add an NSS function to restart the handshake after a client certificatewtc@chromium.org2011-08-171-0/+3
| | | | | | | | | | | | request. R=agl@chromium.org,rkn@chromium.org BUG=88782 TEST=none Review URL: http://codereview.chromium.org/7590017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97208 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "net: Precede each CBC encrypted application data record with an ↵agl@chromium.org2011-08-091-5/+0
| | | | | | | | | | | | | | empty one." This reverts commit r91768. BUG=91905 TEST=none Review URL: http://codereview.chromium.org/7583036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@95932 0039d316-1c4b-4281-b951-d872f2087c98
* SSL_ForceHandshake should send the saved write data in the SSL socket.wtc@chromium.org2011-08-051-1/+6
| | | | | | | | | | R=agl@chromium.org BUG=91458 TEST=none Review URL: http://codereview.chromium.org/7572043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@95627 0039d316-1c4b-4281-b951-d872f2087c98
* net: add NSS support for RFC 5705agl@chromium.org2011-07-221-0/+5
| | | | | | | | | | | | | | | (Keying Material Exporters for TLS). This is a reworked version of the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=507359. BUG=none TEST=none yet Review URL: http://codereview.chromium.org/7464031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93635 0039d316-1c4b-4281-b951-d872f2087c98
* net: update NSS patches to reflect recent changes.agl@chromium.org2011-07-221-0/+3
| | | | | | | | | | | | | | | | | This updates the cached info patch to reflect: Merge upstream NSS changes from the cached info extension (r93119) And adds a patch for the origin bound certs work in: Add client-side support for the origin bound certificate TLS extension. (r92576) No code changes. BUG=84920,88782 TEST=none Review URL: http://codereview.chromium.org/7464028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93615 0039d316-1c4b-4281-b951-d872f2087c98
* net: Precede each CBC encrypted application data record with an empty one.agl@chromium.org2011-07-071-0/+5
| | | | | | | | | | | | | | | | Precede each CBC encrypted application data record with an empty application data record in order to randomize the IV in a backwards compatible manner. (This is a reland of r90632 which was reverted in r90643 because it tickled a bug in remoting unittests.) http://codereview.chromium.org/7239002 BUG=87159 TEST=HTTPS sites continue to work. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@91768 0039d316-1c4b-4281-b951-d872f2087c98
* net: measure the latency difference of resume handshakes.agl@chromium.org2011-06-291-0/+4
| | | | | | | | | | | | | | | | | | | With False Start, we hope that resume and non-resume handshakes take the same amount of time. But non-resume handshakes involve sending the certificate chain to the client and this has a latency impact, although we don't know how high. There's also a danger that revocation checks will be confounded into this data: a full handshake is more likely to perform a revocation check. We'll have to look at the data and, possible, reintroduce the revocation checking field trial to address this. BUG=none TEST=none Review URL: http://codereview.chromium.org/7218013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90950 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "net: Precede each CBC encrypted application data record with an ↵agl@chromium.org2011-06-271-5/+0
| | | | | | | | empty one." This reverts commit 71c84a00ba9eb06356176514c392043b585bf2d8. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90643 0039d316-1c4b-4281-b951-d872f2087c98
* net: Precede each CBC encrypted application data record with an empty one.agl@chromium.org2011-06-271-0/+5
| | | | | | | | | | | | | Precede each CBC encrypted application data record with an empty application data record in order to randomize the IV in a backwards compatible manner. BUG=87159 TEST=HTTPS sites continue to work. Review URL: http://codereview.chromium.org/7239002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90632 0039d316-1c4b-4281-b951-d872f2087c98
* net: mention upstream Mozilla bug for cachedinfo.agl@chromium.org2011-06-241-0/+1
| | | | | | BUG=84920 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90402 0039d316-1c4b-4281-b951-d872f2087c98
* net: include patch for cached info and fix whitespace.agl@chromium.org2011-06-241-0/+3
| | | | | | | | | | | | No code changes. TBR=wtc BUG=none TEST=no code changes. http://codereview.chromium.org/7236036/ git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90377 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the TLS Snap Start code from NSS.wtc@chromium.org2011-06-091-5/+0
| | | | | | | | | | R=agl@chromium.org BUG=none TEST=none Review URL: http://codereview.chromium.org/7003069 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88459 0039d316-1c4b-4281-b951-d872f2087c98
* Update to NSS 3.12.9. falsestart.patch, falsestart2.patch, andwtc@chromium.org2011-02-181-12/+1
| | | | | | | | | | | | | | | weakserverkey.patch have been upstreamed. SSL_ERROR_WEAK_SERVER_KEY has been renamed SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY. Pick up fixes for two bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=586697 - https://bugzilla.mozilla.org/show_bug.cgi?id=588698 R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/6487026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75446 0039d316-1c4b-4281-b951-d872f2087c98
* Update the NSS patches. Add snapstart2.patch and peercertchain.patch.wtc@chromium.org2011-02-171-0/+7
| | | | | | | | | | | | | | | Tweak sslimpl.h to eliminate one conflict when applying clientauth.patch. Unfortunately one conflict in sslimpl.h and one conflict in ssl3con.c still remain in clientauth.patch. Add the applypatches.sh script to make it easier to apply the patches. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/6538005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75311 0039d316-1c4b-4281-b951-d872f2087c98
* Add the NSS patch for SSL client auth with native crypto APIs on Macwtc@chromium.org2011-02-161-1/+5
| | | | | | | | | | | | and Windows. The original dheclientauth.patch is subsumed by this patch because it is hard to separate the two patches. R=rsleevi BUG=37560,45369,62027 TEST=none Review URL: http://codereview.chromium.org/6528039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75191 0039d316-1c4b-4281-b951-d872f2087c98
* When performing a SSL renegotiation handshake, do not send ↵rsleevi@chromium.org2010-12-101-0/+6
| | | | | | | | | | | | | | | | | | | Certificate/CertificateVerify messages unless the peer sends a CertificateRequest, requesting client auth. This would happen if the following conditions were true: - In the initial/previous handshake, the peer requests client authentication. - The client chooses a certificate, versus declining to provide one. - A (EC-)DHE cipher suite is negotiated. - The peer requests (secure) renegotiation. - The peer does NOT request a client certificate during the renegotiated handshake. R=wtc BUG=62027 TEST=none Review URL: http://codereview.chromium.org/5611005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@68829 0039d316-1c4b-4281-b951-d872f2087c98
* nss: add support for OCSP stapling.agl@chromium.org2010-11-221-0/+3
| | | | | | | | | | | | This patch adds support in libssl for requesting and storing OCSP stapled responses. BUG=none TEST=none (yet) http://codereview.chromium.org/5045001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67005 0039d316-1c4b-4281-b951-d872f2087c98
* Add certificates to the ss->ssl3.peerCertChain linked listwtc@chromium.org2010-10-211-1/+3
| | | | | | | | | | | in the right order. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/3984003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63366 0039d316-1c4b-4281-b951-d872f2087c98
* net: add patch file for Snap Start support in NSSagl@chromium.org2010-10-201-0/+4
| | | | | | | | | | | | | | Add a file in the patches/ directory which contains the contents of our current Snap Start patch. No code changes. BUG=none TEST=none Review URL: http://codereview.chromium.org/3922002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63206 0039d316-1c4b-4281-b951-d872f2087c98
* Allow SSL_SecurityStatus, SSL_GetChannelInfo, andwtc@chromium.org2010-08-271-0/+2
| | | | | | | | | | | | | | SSL_HandshakeNegotiatedExtension to be called as soon as a false start handshake is done. R=agl BUG=53366 TEST=Visit any HTTPS sites, especially sites with certificate errors. The SSL InfoBubble should not say "your connection to www.example.com is not encrypted." Review URL: http://codereview.chromium.org/3233001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57691 0039d316-1c4b-4281-b951-d872f2087c98
* Revert the workaround for servers that use tiny DH keys.wtc@chromium.org2010-08-171-6/+4
| | | | | | | | | | | | | | | | | | Add the new error code ERR_SSL_WEAK_SERVER_KEY for these broken servers. Use the new SSL_RENEGOTIATE_TRANSITIONAL option. On the client side it is equivalent to SSL_RENEGOTIATE_UNRESTRICTED. R=agl BUG=51694 TEST=Visit https://portal-plumprod.cgc.enbridge.com and https://www.citylink.com.au. The network error page should display the error message: Error 129 (net::ERR_SSL_WEAK_SERVER_KEY): Unknown error. Review URL: http://codereview.chromium.org/3149012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56283 0039d316-1c4b-4281-b951-d872f2087c98
* Update to NSS 3.12.7.wtc@chromium.org2010-08-131-1/+1
| | | | | | | | | R=agl BUG=51694 TEST=No build errors or test failures. Review URL: http://codereview.chromium.org/3177012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56042 0039d316-1c4b-4281-b951-d872f2087c98
* List TLS_DHE_RSA_WITH_AES_256_CBC_SHA afterwtc@chromium.org2010-08-101-0/+8
| | | | | | | | | | | | | | | | TLS_RSA_WITH_AES_256_CBC_SHA in ClientHello so that we communicate securely with some servers that use 256-bit DH keys. The proper fix is to upgrade to NSS 3.12.7 to pick up the DH key size checks. This is just a workaround. R=agl BUG=51694 TEST=none Review URL: http://codereview.chromium.org/3118002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55580 0039d316-1c4b-4281-b951-d872f2087c98
* net/third_party/nss: sync patches/ directory.agl@chromium.org2010-07-081-0/+4
| | | | | | | | | | | * Add a patch for r50960 (Cache the peer's intermediate CA certificates...) No code changes. TEST=none BUG=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@51859 0039d316-1c4b-4281-b951-d872f2087c98
* Pass license check script for most of the tree.evan@chromium.org2010-03-191-0/+3
| | | | | | | | | | | | | Modified license-checker script to allow pruning directories we know to be ok. Still need to do a bit of third_party/* , as well as file a bunch of bugs on pieces where the licenses aren't clear, but I'm running out of energy. Review URL: http://codereview.chromium.org/1100003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42045 0039d316-1c4b-4281-b951-d872f2087c98
* SSL False Start Supportagl@chromium.org2010-03-021-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | * Adds TLS false start support. This allows us to start sending encrypted data before we have validated the server's Finished message. (This behaviour is already enabled on Android.) I've verified that this works using netem to add a 200ms delay on the loopback adaptor. I've also checked that an incorrect Finished message from the server causes an error by hacking the Go TLS server. Beware when looking at packet traces that the time taken in NSS's SQLite calls can exceed the RTT of the connection and make it appear that this code isn't functioning. * Adds DEBUG and TRACE defines to libssl when building Chromium in Debug mode. This means that setting SSLTRACE in the environment now works for debug builds. (Reland. First landed in r39905, reverted in r40024 because it uncovered a bug. Then landed in r40124 and reverted in r40126 because the faster SSL handshakes made a flake UI test worse. UI test fixed in r40285.) http://codereview.chromium.org/518065 BUG=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40438 0039d316-1c4b-4281-b951-d872f2087c98
* Send an empty renegotiation info extension instead of SCSVwtc@chromium.org2010-03-021-0/+22
unless TLS is disabled. This allows implementers of server side secure renegotiation to use Linux Chrome as a test client that sends empty renegotiation info extensions in initial handshakes. Rename README.google to README.chromium. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/660233 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40337 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-01-31 23:58:16 +0000