summaryrefslogtreecommitdiffstats
path: root/net/third_party/nss
Commit message (Collapse)AuthorAgeFilesLines
* Remove rendundant use of product_name in gyp files.evan@chromium.org2011-06-091-1/+0
| | | | | | | | | We default to using the target name as the product name; there's no need to state it twice. Review URL: http://codereview.chromium.org/7135006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88556 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the TLS Snap Start code from NSS.wtc@chromium.org2011-06-0914-3769/+146
| | | | | | | | | | R=agl@chromium.org BUG=none TEST=none Review URL: http://codereview.chromium.org/7003069 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88459 0039d316-1c4b-4281-b951-d872f2087c98
* Final gyp patch to make use of the new cross-platform POSIX defines ↵tony@chromium.org2011-05-231-2/+2
| | | | | | | | toolkit_uses_gtk, os_posix, and use_x11. For lists of source files that use a mix of POSIX and Gtk APIs, toolkit_uses_gtk was given precedence. Solaris was made to use ALSA also, as libasound has been ported to FreeBSD and Solaris as a wrapper around the native OSS. Review URL: http://codereview.chromium.org/7055003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86352 0039d316-1c4b-4281-b951-d872f2087c98
* Globally replace <(library) with static_libraryevan@chromium.org2011-05-191-1/+1
| | | | | | | | | | | We provided <(library) as a variable to support a peculiar build configuration on Linux. We no longer support that build configuration, so we can simplify this code to no longer use a variable. Review URL: http://codereview.chromium.org/7051014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86004 0039d316-1c4b-4281-b951-d872f2087c98
* Increase warning level to 4 on Visual Studiomaruel@chromium.org2011-05-031-1/+2
| | | | | | | | | | | | | This requires disabling most /W4 warnings so the patch doesn't get too large. I still fixed a few bugs so I didn't have to disable some more serious warnings. Most of these warnings are already enabled on gcc so it's mostly windows-specific code that is affected. BUG=none TEST=none Review URL: http://codereview.chromium.org/6902069 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@83840 0039d316-1c4b-4281-b951-d872f2087c98
* Update to NSS 3.12.9. falsestart.patch, falsestart2.patch, andwtc@chromium.org2011-02-1816-593/+21
| | | | | | | | | | | | | | | weakserverkey.patch have been upstreamed. SSL_ERROR_WEAK_SERVER_KEY has been renamed SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY. Pick up fixes for two bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=586697 - https://bugzilla.mozilla.org/show_bug.cgi?id=588698 R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/6487026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75446 0039d316-1c4b-4281-b951-d872f2087c98
* Update the NSS patches. Add snapstart2.patch and peercertchain.patch.wtc@chromium.org2011-02-176-32/+243
| | | | | | | | | | | | | | | Tweak sslimpl.h to eliminate one conflict when applying clientauth.patch. Unfortunately one conflict in sslimpl.h and one conflict in ssl3con.c still remain in clientauth.patch. Add the applypatches.sh script to make it easier to apply the patches. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/6538005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75311 0039d316-1c4b-4281-b951-d872f2087c98
* Add the NSS patch for SSL client auth with native crypto APIs on Macwtc@chromium.org2011-02-163-99/+708
| | | | | | | | | | | | and Windows. The original dheclientauth.patch is subsumed by this patch because it is hard to separate the two patches. R=rsleevi BUG=37560,45369,62027 TEST=none Review URL: http://codereview.chromium.org/6528039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75191 0039d316-1c4b-4281-b951-d872f2087c98
* Remove whitespace at the end of lines.wtc@chromium.org2011-02-161-4/+4
| | | | | | | | | R=rsleevi BUG=37560,45369,62027 TEST=none Review URL: http://codereview.chromium.org/6525042 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75151 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the unused PlatformAuthInfo structure definition.wtc@chromium.org2011-02-161-13/+0
| | | | | | | | | R=eroman,rsleevi BUG=71928 TEST=none Review URL: http://codereview.chromium.org/6524021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75032 0039d316-1c4b-4281-b951-d872f2087c98
* The current implementation of client authentication for Windows and Mac ↵rsleevi@chromium.org2011-02-125-214/+1
| | | | | | | | | | | | | matches the NSS implementation, in that it continously checks that the private key is still accessible. The intent is that once the user removes the private key (such as by ejecting a smart card, if it's stored on one), then the existing SSL sessions will become invalidated. However, depending on the smart card middleware, this may involve non-trivial work being done every SSL record, and may be causing a performance regression for authentication. The new behaviour is that any negotiated SSL connections remain valid, even after the smart card is ejected, and any established SSL sessions are not invalidated and may be reused. This matches the observed behaviours of IE and Safari. Smart card client auth on Linux is unaffected and will continue polling the smart card to determine if it's been ejected / the key has been deleted. BUG=71928 TEST=none Review URL: http://codereview.chromium.org/6413010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@74716 0039d316-1c4b-4281-b951-d872f2087c98
* Do not pass CRYPT_NOHASHOID to CryptSignHash with CALG_SSL3_SHAMD5.rsleevi@chromium.org2011-02-091-2/+2
| | | | | | | | | | | | This may fix bug 72041. R=wtc BUG=72041 TEST=covered by existing net_unittests Review URL: http://codereview.chromium.org/6458023 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@74254 0039d316-1c4b-4281-b951-d872f2087c98
* When performing SSL client authentication on Windows via NSS, change the ↵rsleevi@chromium.org2011-02-053-20/+28
| | | | | | | | | | | | | | returned key type to use a PCERT_KEY_CONTEXT allocated via NSS's PORT_Alloc(), rather than an HCRYPTPROV, for native client certificate authentication. There are two reasons for doing this; first, a PCERT_KEY_CONTEXT lets us transmit a dwKeySpec, indicating whether to use the AT_KEYEXCHANGE or AT_SIGNATURE key for CryptoAPI keys. Second, a small piece of syntactic fluff, a PCERT_KEY_CONTEXT easily supports CNG keys for Vista+, which though not presently supported, is a TODO. R=wtc BUG=37560, 71748 TEST=Perform SSL client auth on Windows. Review URL: http://codereview.chromium.org/4670004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73913 0039d316-1c4b-4281-b951-d872f2087c98
* Return more specific error messages when performing a SSL client auth ↵rsleevi@chromium.org2011-02-051-15/+21
| | | | | | | | | | | handshake and an error signing with the certificate private key is encountered, rather than using ERR_FAILED/ERR_SSL_PROTOCOL_ERROR. BUG=69609 TEST=none Review URL: http://codereview.chromium.org/6371014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73891 0039d316-1c4b-4281-b951-d872f2087c98
* When performing a SSL renegotiation handshake, do not send ↵rsleevi@chromium.org2010-12-103-31/+134
| | | | | | | | | | | | | | | | | | | Certificate/CertificateVerify messages unless the peer sends a CertificateRequest, requesting client auth. This would happen if the following conditions were true: - In the initial/previous handshake, the peer requests client authentication. - The client chooses a certificate, versus declining to provide one. - A (EC-)DHE cipher suite is negotiated. - The peer requests (secure) renegotiation. - The peer does NOT request a client certificate during the renegotiated handshake. R=wtc BUG=62027 TEST=none Review URL: http://codereview.chromium.org/5611005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@68829 0039d316-1c4b-4281-b951-d872f2087c98
* nss: add support for OCSP stapling.agl@chromium.org2010-11-2211-1/+778
| | | | | | | | | | | | This patch adds support in libssl for requesting and storing OCSP stapled responses. BUG=none TEST=none (yet) http://codereview.chromium.org/5045001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67005 0039d316-1c4b-4281-b951-d872f2087c98
* ssl3_PlatformSignHashes should set buf->len to thewtc@chromium.org2010-11-121-3/+3
| | | | | | | | | | | | actual signature length rather than the estimated signature length. R=rsleevi BUG=37560,45369,62027 TEST=none Review URL: http://codereview.chromium.org/4825003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65979 0039d316-1c4b-4281-b951-d872f2087c98
* NSS: always record the ServerHello data.agl@chromium.org2010-11-121-14/+14
| | | | | | | | | | | | | | | | | Previously, if we predicted a ServerHello (because we were snap startting), then serverHelloPredictionData was set and we wouldn't record the actual ServerHello contents in the event of a misprediction. This meant that we couldn't recover from a misprediction because we would record the same prediction again. With this patch, we'll always write to serverHelloPredictionData, even if we made a prediction. BUG=none TEST=snap_start_unittests git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65947 0039d316-1c4b-4281-b951-d872f2087c98
* Fix inconsistent line ending style. Set svn:eol-style to LF.wtc@chromium.org2010-11-041-2/+2
| | | | | | | | | TBR=rsleevi BUG=37560,45369 TEST=none Review URL: http://codereview.chromium.org/4488002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65084 0039d316-1c4b-4281-b951-d872f2087c98
* Support for using OS-native certificates for SSL clientwtc@chromium.org2010-11-0410-1/+834
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | auth. Known Limitations: - Only SSL3/TLS1.0 handshakes are supported. It's unlikely SSLv2 will/should ever be implemented. NSS does not yet support TLS1.1/1.2. - On Windows, only CryptoAPI keys are supported. Keys that can only be accessed via CNG will fail. Technical Notes: Windows: - Only the AT_KEYEXCHANGE key is used, per http://msdn.microsoft.com/en-us/library/aa387461(VS.85).aspx - CryptSetHashParam is used to directly set the hash value. This *should* be supported by all CSPs that are compatible with RSA/SChannel, AFAICT, but testing is needed. NSS: - The define NSS_PLATFORM_CLIENT_AUTH is used to guard all of the new/patched code. The primary implementation details are in sslplatf.c. Patch author: Ryan Sleevi <rsleevi@chromium.org> Original review URL: http://codereview.chromium.org/2828002 BUG=148,37560,45369 TEST=Attempt to authenticate with a site that requires SSL client authentication (e.g., https://foaf.me/simpleLogin.php with a FOAF+SSL client certificate). Review URL: http://codereview.chromium.org/3455019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65064 0039d316-1c4b-4281-b951-d872f2087c98
* net: Make Snap Start check cert verification and add metricsagl@chromium.org2010-11-031-0/+2
| | | | | | | | | | | | | | | | This CL causes Snap Start to only trigger if the certificate verification has completed by the time we are ready to send out the handshake message. It also adds a couple of NetLog entries and histograms around the Snap Start code. BUG=none TEST=none http://codereview.chromium.org/4408001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64986 0039d316-1c4b-4281-b951-d872f2087c98
* Don't resend payload after Snap Start misprediction.agl@chromium.org2010-11-032-18/+1
| | | | | | | | | | | | | | | | | | | | | The Snap Start code in NSS worked like the prototype implementation in tlsclient. This had the library take care of resending the application data in the event of a mispredict. However, that was safe because it did certificate verification as the message was received. However, in Chrome, it's possible that a mispret could be triggered by the server having a different certificate and NSS would resend the application data before Chrome verified the certificate. This change removes that behaviour from NSS and makes the retransmission the job of ssl_client_socket_nss.cc. BUG=none TEST=none http://codereview.chromium.org/4213003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64953 0039d316-1c4b-4281-b951-d872f2087c98
* net: add SSL_PeerCertificatesChain function to NSS.agl@chromium.org2010-10-253-0/+48
| | | | | | | | | | | | SSL_PeerCertificatesChain returns the intermediate certificates as presented by a TLS server. Previously, we have been extracting chains built by validation, which may differ from the chain presented by the server. BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63750 0039d316-1c4b-4281-b951-d872f2087c98
* Add certificates to the ss->ssl3.peerCertChain linked listwtc@chromium.org2010-10-213-25/+78
| | | | | | | | | | | in the right order. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/3984003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63366 0039d316-1c4b-4281-b951-d872f2087c98
* net: add patch file for Snap Start support in NSSagl@chromium.org2010-10-202-0/+2135
| | | | | | | | | | | | | | Add a file in the patches/ directory which contains the contents of our current Snap Start patch. No code changes. BUG=none TEST=none Review URL: http://codereview.chromium.org/3922002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63206 0039d316-1c4b-4281-b951-d872f2087c98
* NSS: Snap Start NPN support and other fixes.agl@chromium.org2010-09-204-16/+108
| | | | | | | | | | | | | | | | | | | | Snap Start now works with NPN. In the case that the server doesn't support Snap Start, SSL_GetPredictedServerHelloData will no longer return any data to allow the application not to cache Snap Start information for servers that don't support it. Previously Snap Start wasn't filling in the certificates in all cases. (Test cases didn't check the certificates on the socket; but Chrome noticed.) BUG=none TEST=nsstests (not in tree) http://codereview.chromium.org/3430007/show git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59957 0039d316-1c4b-4281-b951-d872f2087c98
* NSS: Call handshake callback with False Start and Snap Start.agl@chromium.org2010-09-141-20/+14
| | | | | | | | | | | | Previously, we wouldn't call the handshake callback if both False Start and Snap Start were enabled on a connection. BUG=none TEST=none, because we haven't got the Snap Start code in yet. http://codereview.chromium.org/3247006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59371 0039d316-1c4b-4281-b951-d872f2087c98
* Allow SSL_SecurityStatus, SSL_GetChannelInfo, andwtc@chromium.org2010-08-275-3/+178
| | | | | | | | | | | | | | SSL_HandshakeNegotiatedExtension to be called as soon as a false start handshake is done. R=agl BUG=53366 TEST=Visit any HTTPS sites, especially sites with certificate errors. The SSL InfoBubble should not say "your connection to www.example.com is not encrypted." Review URL: http://codereview.chromium.org/3233001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57691 0039d316-1c4b-4281-b951-d872f2087c98
* NSS: Add Snap Start supportagl@chromium.org2010-08-2510-15/+1299
| | | | | | | | | | | This patch adds NSS support for Snap Start, an experimental TLS extension for zero round trip handshakes. This change does not enable Snap Start. BUG=none TEST=External unittests (not in tree) git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57325 0039d316-1c4b-4281-b951-d872f2087c98
* Revert the workaround for servers that use tiny DH keys.wtc@chromium.org2010-08-176-67/+63
| | | | | | | | | | | | | | | | | | Add the new error code ERR_SSL_WEAK_SERVER_KEY for these broken servers. Use the new SSL_RENEGOTIATE_TRANSITIONAL option. On the client side it is equivalent to SSL_RENEGOTIATE_UNRESTRICTED. R=agl BUG=51694 TEST=Visit https://portal-plumprod.cgc.enbridge.com and https://www.citylink.com.au. The network error page should display the error message: Error 129 (net::ERR_SSL_WEAK_SERVER_KEY): Unknown error. Review URL: http://codereview.chromium.org/3149012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56283 0039d316-1c4b-4281-b951-d872f2087c98
* Update to NSS 3.12.7.wtc@chromium.org2010-08-1314-95/+100
| | | | | | | | | R=agl BUG=51694 TEST=No build errors or test failures. Review URL: http://codereview.chromium.org/3177012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56042 0039d316-1c4b-4281-b951-d872f2087c98
* List TLS_DHE_RSA_WITH_AES_256_CBC_SHA afterwtc@chromium.org2010-08-104-2/+68
| | | | | | | | | | | | | | | | TLS_RSA_WITH_AES_256_CBC_SHA in ClientHello so that we communicate securely with some servers that use 256-bit DH keys. The proper fix is to upgrade to NSS 3.12.7 to pick up the DH key size checks. This is just a workaround. R=agl BUG=51694 TEST=none Review URL: http://codereview.chromium.org/3118002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55580 0039d316-1c4b-4281-b951-d872f2087c98
* Reshuffle some NSS code to make way for Snap Start.agl@chromium.org2010-08-063-122/+158
| | | | | | | | | TEST=net_unittests BUG=none http://codereview.chromium.org/3074008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55226 0039d316-1c4b-4281-b951-d872f2087c98
* Update the TLS False Start patch. Replace TABs by spaceswtc@chromium.org2010-07-293-35/+37
| | | | | | | | | | | | | in ssl.h. Add comments to ssl3con.c to make it clear that we call the handshakeCallback only once. Fix incorrect -h option in new test cases in sslstress.txt. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/2808075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54146 0039d316-1c4b-4281-b951-d872f2087c98
* net/third_party/nss: sync patches/ directory.agl@chromium.org2010-07-083-1/+129
| | | | | | | | | | | * Add a patch for r50960 (Cache the peer's intermediate CA certificates...) No code changes. TEST=none BUG=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@51859 0039d316-1c4b-4281-b951-d872f2087c98
* Cache the peer's intermediate CA certificates in session ID, so thatwtc@chromium.org2010-06-283-0/+45
| | | | | | | | | | | | | | they're available when we resume a session. Right now when we resume a session, only the server certificate is available, so we may have an incomplete certificate chain. TBR=agl BUG=47181 TEST=no "certificate not trusted" error on the Mac after using Chrome for a long time. Review URL: http://codereview.chromium.org/2855025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50960 0039d316-1c4b-4281-b951-d872f2087c98
* Use SSLClientSocketNSS on Mac OS X. By default, chrome still useswtc@chromium.org2010-06-011-13/+18
| | | | | | | | | | | | | | | | | | SSLClientSocketMac. Specify the --use-nss-for-ssl command-line option to use SSLClientSocketNSS. The nss.gyp in src/net/third_party/nss is renamed ssl.gyp to avoid a naming conflict with the nss.gyp in src/third_party/nss. The GYP generator for Xcode project files disallows same-named .gyp files. SSL client authentication doesn't work yet. R=mark BUG=30689 TEST=No build and test failures on Mac and Windows. Review URL: http://codereview.chromium.org/2322008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48650 0039d316-1c4b-4281-b951-d872f2087c98
* GYP changes for FreeBSD and OpenBSDpvalchev@google.com2010-05-141-2/+2
| | | | | | Review URL: http://codereview.chromium.org/1480002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47327 0039d316-1c4b-4281-b951-d872f2087c98
* Pass license check script for most of the tree.evan@chromium.org2010-03-192-0/+38
| | | | | | | | | | | | | Modified license-checker script to allow pruning directories we know to be ok. Still need to do a bit of third_party/* , as well as file a bunch of bugs on pieces where the licenses aren't clear, but I'm running out of energy. Review URL: http://codereview.chromium.org/1100003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42045 0039d316-1c4b-4281-b951-d872f2087c98
* ssl_SecureSend should not do handshake when the handshake wait state iswtc@chromium.org2010-03-163-62/+104
| | | | | | | | | | | wait_finished and we are false starting. R=agl BUG=38103 TEST=SSLClientSocketTest.Read_FullDuplex should not hang on Ubuntu Karmic. Review URL: http://codereview.chromium.org/850008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41731 0039d316-1c4b-4281-b951-d872f2087c98
* NSS and NPN: send NextProtocol on resume and disable NPN without SPDY.agl@chromium.org2010-03-122-17/+40
| | | | | | | | | | | | | | | | | | | NPN on resume was broken symmetrically between OpenSSL and NSS (which is probably why we didn't notice for so long). OpenSSL wasn't expecting the message and NSS wasn't sending it. This change sends the NextProtocol message when resuming and disables NPN when not using SPDY. The reason for the latter is that we have GFEs deployed which don't expect NextProtocol when resuming and we have to wait some time before they get replaced. Because of this, we can't have NPN enabled by default. Instead, we'll use --host-resolver-rules to redirect everything to known-good GFEs in the mean time. http://codereview.chromium.org/841003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41433 0039d316-1c4b-4281-b951-d872f2087c98
* SSL False Start Supportagl@chromium.org2010-03-029-3/+390
| | | | | | | | | | | | | | | | | | | | | | | | | * Adds TLS false start support. This allows us to start sending encrypted data before we have validated the server's Finished message. (This behaviour is already enabled on Android.) I've verified that this works using netem to add a 200ms delay on the loopback adaptor. I've also checked that an incorrect Finished message from the server causes an error by hacking the Go TLS server. Beware when looking at packet traces that the time taken in NSS's SQLite calls can exceed the RTT of the connection and make it appear that this code isn't functioning. * Adds DEBUG and TRACE defines to libssl when building Chromium in Debug mode. This means that setting SSLTRACE in the environment now works for debug builds. (Reland. First landed in r39905, reverted in r40024 because it uncovered a bug. Then landed in r40124 and reverted in r40126 because the faster SSL handshakes made a flake UI test worse. UI test fixed in r40285.) http://codereview.chromium.org/518065 BUG=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40438 0039d316-1c4b-4281-b951-d872f2087c98
* Send an empty renegotiation info extension instead of SCSVwtc@chromium.org2010-03-023-2/+36
| | | | | | | | | | | | | | | | unless TLS is disabled. This allows implementers of server side secure renegotiation to use Linux Chrome as a test client that sends empty renegotiation info extensions in initial handshakes. Rename README.google to README.chromium. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/660233 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40337 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Fix the case where the browser livelocks if we cannot open a file."agl@chromium.org2010-03-019-390/+3
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40291 0039d316-1c4b-4281-b951-d872f2087c98
* Fix the case where the browser livelocks if we cannot open a file.agl@chromium.org2010-02-269-3/+390
| | | | | | | | | | | | | | | | | | | | If one tries to upload a file that one doesn't have read access to, the browser livelocks. It tries to read from the file, gets nothing but spins forever because it knows that it hasn't finished reading. To address this, firstly we add a check at stat() time to make sure that we can read the file. However, this doesn't take care of the case where the access() call was incorrect, or the permissions have changed under us. In this case, we replace the missing file with NULs. (Land attempt three: first in r39446, reverted in r39448. Second in r39899, reverted in r39901.) http://codereview.chromium.org/541022 BUG=30850 TEST=Try to upload a file that isn't readable (i.e. /etc/shadow). The resulting upload should be a 0 byte file. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40146 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "SSL False Start Support"agl@chromium.org2010-02-269-390/+3
| | | | | | | (Again. Looks like it might have uncovered another issue but I'm about to go to lunch and I don't want to leave the tree red.) git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40126 0039d316-1c4b-4281-b951-d872f2087c98
* SSL False Start Supportagl@chromium.org2010-02-269-3/+390
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Adds TLS false start support. This allows us to start sending encrypted data before we have validated the server's Finished message. (This behaviour is already enabled on Android.) I've verified that this works using netem to add a 200ms delay on the loopback adaptor. I've also checked that an incorrect Finished message from the server causes an error by hacking the Go TLS server. Beware when looking at packet traces that the time taken in NSS's SQLite calls can exceed the RTT of the connection and make it appear that this code isn't functioning. * Adds DEBUG and TRACE defines to libssl when building Chromium in Debug mode. This means that setting SSLTRACE in the environment now works for debug builds. (Reland. First landed in r39905, reverted in r40024 because it uncovered a bug.) http://codereview.chromium.org/518065 BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40124 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "SSL False Start Support"agl@chromium.org2010-02-259-390/+3
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40024 0039d316-1c4b-4281-b951-d872f2087c98
* SSL False Start Supportagl@chromium.org2010-02-249-3/+390
| | | | | | | | | | | | | | | | | | | | | | | | * Adds TLS false start support. This allows us to start sending encrypted data before we have validated the server's Finished message. (This behaviour is already enabled on Android.) I've verified that this works using netem to add a 200ms delay on the loopback adaptor. I've also checked that an incorrect Finished message from the server causes an error by hacking the Go TLS server. Beware when looking at packet traces that the time taken in NSS's SQLite calls can exceed the RTT of the connection and make it appear that this code isn't functioning. * Adds DEBUG and TRACE defines to libssl when building Chromium in Debug mode. This means that setting SSLTRACE in the environment now works for debug builds. http://codereview.chromium.org/518065 BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39905 0039d316-1c4b-4281-b951-d872f2087c98
* net/third_party/nss: update to NSS_3_12_6_RC0agl@chromium.org2010-02-165-8/+26
| | | | | | | | | BUG=none TEST=none http://codereview.chromium.org/593089 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39123 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-03-17 13:54:37 +0000