summaryrefslogtreecommitdiffstats
path: root/net/third_party
Commit message (Collapse)AuthorAgeFilesLines
* Pick up the fix for NSS bug 718554 (a SSL_ForceHandshake bug).wtc@chromium.org2012-01-202-4/+4
| | | | | | | | | | | | | | | | SSL_ForceHandshake returns wrong positive results after sending pending data. See https://bugzilla.mozilla.org/show_bug.cgi?id=718554. Fortunately this bug doesn't affect Chromium because Chromium compares the return value of SSL_ForceHandshake with SECSuccess (0). R=agl@chromium.org BUG=none TEST=none Review URL: http://codereview.chromium.org/9265015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@118547 0039d316-1c4b-4281-b951-d872f2087c98
* Fix compile error for ↵Guanqun.Lu@gmail.com2012-01-141-6/+15
| | | | | | | | | | | | | | | net/third_party/mozilla_security_manager/nsNSSCertTrust.cpp Because in the new nss3 package, CERTDB_VALID_PEER is deprecated and in the chromium build, deprecated is marked as errors. BUG=108656 TEST= compiled under nss-devel-3.12.10-6.fc15 and nss-devel-3.13.1-9.fc16 Review URL: http://codereview.chromium.org/9041002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@117791 0039d316-1c4b-4281-b951-d872f2087c98
* Initialized variable to fix -Wmaybe-uninitialized warning.asharif@chromium.org2012-01-131-1/+1
| | | | | | | | | | BUG=none TEST=try bots. Review URL: http://codereview.chromium.org/9139041 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@117584 0039d316-1c4b-4281-b951-d872f2087c98
* net: rename NSS's 'ssl' to 'libssl'agl@chromium.org2011-12-151-1/+1
| | | | | | | | | | | | | ninja doesn't like there being several targets with the name 'ssl', so I renamed NSS's 'ssl' target to 'libssl'. BUG=none TEST=compiles Review URL: http://codereview.chromium.org/8907043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114656 0039d316-1c4b-4281-b951-d872f2087c98
* This applies GUIDs to certificate and key nicknames whengspencer@chromium.org2011-12-123-59/+80
| | | | | | | | | | | | | | | imported via ONC. It also centralizes the label creation for nicknames and certificates so that we can better control their values. BUG=chromium-os:19403 TEST=Ran new unit tests, imported certs into certificate store via ONC. Review URL: http://codereview.chromium.org/8566056 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113993 0039d316-1c4b-4281-b951-d872f2087c98
* Add bugzilla link for ↵mattm@chromium.org2011-12-071-1/+1
| | | | | | | | | | | | net/third_party/nss/patches/getrequestedclientcerttypes.patch BUG=88782 TEST=none Review URL: http://codereview.chromium.org/8834003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113477 0039d316-1c4b-4281-b951-d872f2087c98
* Add NSS function to retrieve TLS client cert types requested by server.mattm@chromium.org2011-12-067-1/+142
| | | | | | | | | BUG=88782 TEST=none Review URL: http://codereview.chromium.org/8771031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113109 0039d316-1c4b-4281-b951-d872f2087c98
* Allow linker initialization of lazy instancejoth@chromium.org2011-11-151-2/+2
| | | | | | | | | | | | | | Using the initializer list construct = {0} allows the object to be linker initialized. Modify the LazyInstance class design to make it a pod aggregate type that can be linker initialized this way. Also combines the instance and state members, in line with the Singleton<> class design. Introduces a new LAZY_INSTANCE_INITIALIZER macro specifically for using to init all lazy instances + modify all existing callsites to use it. (Old code would no longer compile) BUG=94925 TEST=existing tests pass. http://build.chromium.org/f/chromium/perf/linux-release/sizes/report.html?history=150&header=chrome-si&graph=chrome-si&rev=-1 should step downward. TBR=jam@chromium.org,rvargas@chromium.org,darin@chromium.org,ben@chromium.org,apatrick@chromium.org,akalin@chromium.org Review URL: http://codereview.chromium.org/8491043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@110076 0039d316-1c4b-4281-b951-d872f2087c98
* Add the encrypted client certificates TLS extension and enable it ifwtc@chromium.org2011-11-109-49/+579
| | | | | | | | | | | | | | origin-bound certificates are enabled. The patch was originally written by Adam Langley. R=agl@chromium.org BUG=none TEST=none Review URL: http://codereview.chromium.org/8495003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@109493 0039d316-1c4b-4281-b951-d872f2087c98
* net: add missing return value in SSL_SetNextProtoCallbackagl@chromium.org2011-10-283-19/+33
| | | | | | | | | | Also take a couple of changes from Brain Smith's version of the code which exclude NPN from renegotiations. Review URL: http://codereview.chromium.org/8417032 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107791 0039d316-1c4b-4281-b951-d872f2087c98
* NSS: update NPN patch to fix comment style and ssl.def.agl@chromium.org2011-10-253-13/+15
| | | | | | | This is a non-code change which updates the nextproto patch to NSS to reflect https://bugzilla.mozilla.org/show_bug.cgi?id=547312#c19 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107188 0039d316-1c4b-4281-b951-d872f2087c98
* Fix a comment nit for SSLNextProtoCallback.wtc@chromium.org2011-10-192-2/+2
| | | | | | | | | | R=agl@chromium.org BUG=none TEST=none Review URL: http://codereview.chromium.org/8349004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@106232 0039d316-1c4b-4281-b951-d872f2087c98
* net: rework the NPN patch.agl@chromium.org2011-10-187-186/+332
| | | | | | | | | | | | | | | | | | This change moves the protocol selection logic out of NSS and into Chromium code. This allows some things to be a little cleaner (no more wire-encoded NPN strings) and also allows for some tricks that we have been considering for SPDY+WebSockets. As a consequence of this change, next protocols are now a std::vector<std::string> rather than an encoded char* BUG=none TEST=SPDY still works with Google sites. Review URL: http://codereview.chromium.org/8156001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@106093 0039d316-1c4b-4281-b951-d872f2087c98
* Change the default of the SSL_ENABLE_OB_CERTS option to PR_FALSE.wtc@chromium.org2011-10-132-2/+2
| | | | | | | | | | | | | This change does not affect Chromium because Chromium doesn't depend on the default value of this SSL option. R=mattm@chromium.org BUG=88782 TEST=none Review URL: http://codereview.chromium.org/8249012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@105241 0039d316-1c4b-4281-b951-d872f2087c98
* net: disable 1/n-1 record splitting when False Start is disabled.agl@chromium.org2011-10-052-13/+15
| | | | | | | | | | | | | | Brocade SSL terminators are intolerant to 1/n-1 record splitting as well. For the sake of getting M15 out the door, this patch uses the False Start blacklist in order to switch off 1/n-1 record splitting too. This is deeply unfortunate but will be reverted on trunk as soon as it can be merged to M15. BUG=98908 TEST=none Review URL: http://codereview.chromium.org/8137027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@104119 0039d316-1c4b-4281-b951-d872f2087c98
* Fix libssl to build properly with use_system_zlib==0.bradchen@google.com2011-10-041-1/+3
| | | | | | | | | | | | | | This CL replaces CL 8059021, lost due to a git repo accident. TBR=wtc BUG=30704 TEST=build chromotocol_test_client Review URL: http://codereview.chromium.org/8113013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@103880 0039d316-1c4b-4281-b951-d872f2087c98
* net: update NSS patches.agl@chromium.org2011-10-0316-341/+322
| | | | | | | This change doesn't alter anything about the patches, it just makes them apply cleanly on top of one another in preparation for altering the NPN patch. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@103728 0039d316-1c4b-4281-b951-d872f2087c98
* Update cbcrandomiv.patch to the currently proposed patch (v10) for thewtc@chromium.org2011-09-302-106/+286
| | | | | | | | | | | | NSS upstream in https://bugzilla.mozilla.org/show_bug.cgi?id=665814. R=agl@chromium.org BUG=87159 TEST=HTTPS sites continue to work. Review URL: http://codereview.chromium.org/8084004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@103517 0039d316-1c4b-4281-b951-d872f2087c98
* Fallback from platform client auth to NSS client auth.mattm@chromium.org2011-09-275-225/+247
| | | | | | | | | | | Adds support for origin bound certs on Win and Mac. BUG=88782 TEST=normal SSL client auth still works & origin-bound auth works following origin-bound testing doc. Review URL: http://codereview.chromium.org/7839025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102877 0039d316-1c4b-4281-b951-d872f2087c98
* Add a license header to net/third_party/nss/patches/applypatches.sh.wtc@chromium.org2011-09-271-0/+4
| | | | | | | | | | | | | Remove the suppression from tools/checklicenses/checklicenses.py. R=phajdan.jr@chromium.org BUG=98106 TEST=tools/checklicenses/checklicenses.py --ignore-suppressions net/third_party/nss/patches/applypatches.sh should say 'SUCCESS'. Review URL: http://codereview.chromium.org/8028043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102869 0039d316-1c4b-4281-b951-d872f2087c98
* Introduce a typedef for users of the SSL cert trust bits. This allows lots ↵pkasting@chromium.org2011-09-202-8/+8
| | | | | | | | | | | | of callers wishing to refer to "a bitfield composed of these values" to use an explicit type instead of "int". I find the resulting code to be noticeably clearer, and a similar change for another type exposed a bug where not having an explicit type allowed a function argument ordering bug to creep in, so I claim this is safer too. The constants are still defined using an enum, because due to how macros like EXPECT_EQ are implemented, converting to use the typedef requires either separating the constant declarations and definitions (reducing readability) or converting EXPECT_EQ(b, a) -> EXPECT_TRUE (a == b) in various places. BUG=92247 TEST=Compiles Review URL: http://codereview.chromium.org/7823006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@101989 0039d316-1c4b-4281-b951-d872f2087c98
* Allow SSL_HandshakeNegotiatedExtension to be called before the handshakewtc@chromium.org2011-08-254-8/+53
| | | | | | | | | | | | is finished. R=agl@chromium.org,mattm@chromium.org BUG=88782 TEST=none Review URL: http://codereview.chromium.org/7746010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98277 0039d316-1c4b-4281-b951-d872f2087c98
* Updated ob_cert extension number to match with the change in opensslmdietz@google.com2011-08-252-2/+2
| | | | | | | | | | BUG=88782 TEST= Review URL: http://codereview.chromium.org/7725004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98160 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: allow linking directly with Kerberos instead of using dlopen.phajdan.jr@chromium.org2011-08-244-896/+0
| | | | | | | | | | | dlopen is still the default for Google Chrome. This option is intended for Linux distro packagers. BUG=92689 Review URL: http://codereview.chromium.org/7655046 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98116 0039d316-1c4b-4281-b951-d872f2087c98
* Fix revert 98028: add file that drover --revert forgot to adddpolukhin@chromium.org2011-08-244-0/+896
| | | | | | | | | | | | | | | | Revert 97925 - Linux: allow linking directly with Kerberos instead of using dlopen. dlopen is still the default for Google Chrome. This option is intended for Linux distro packagers. BUG=92689 Review URL: http://codereview.chromium.org/7655046 TBR=phajdan.jr@chromium.org Review URL: http://codereview.chromium.org/7719025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98029 0039d316-1c4b-4281-b951-d872f2087c98
* Always transfer ownership of inputs to SSL_RestartHandshakeAfterCertReq,wtc@chromium.org2011-08-243-68/+132
| | | | | | | | | | | | even when the function fails. R=rsleevi@chromium.org BUG=88782 TEST=none Review URL: http://codereview.chromium.org/7677037 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97996 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: allow linking directly with Kerberos instead of using dlopen.phajdan.jr@chromium.org2011-08-234-896/+0
| | | | | | | | | | | dlopen is still the default for Google Chrome. This option is intended for Linux distro packagers. BUG=92689 Review URL: http://codereview.chromium.org/7655046 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97925 0039d316-1c4b-4281-b951-d872f2087c98
* Send only one byte of data in the first CBC encrypted aplication datawtc@chromium.org2011-08-184-1/+97
| | | | | | | | | | | | | | record. This randomizes the IV in a backward compatible manner. R=agl@chromium.org BUG=87159 TEST=HTTPS sites continue to work. Review URL: http://codereview.chromium.org/7621002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97269 0039d316-1c4b-4281-b951-d872f2087c98
* Add an NSS function to restart the handshake after a client certificatewtc@chromium.org2011-08-177-19/+202
| | | | | | | | | | | | request. R=agl@chromium.org,rkn@chromium.org BUG=88782 TEST=none Review URL: http://codereview.chromium.org/7590017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97208 0039d316-1c4b-4281-b951-d872f2087c98
* Rename NET_API to NET_EXPORT, and rename NET_TEST to NET_EXPORT_PRIVATE.darin@chromium.org2011-08-121-2/+2
| | | | | | Review URL: http://codereview.chromium.org/7529043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96560 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "net: Precede each CBC encrypted application data record with an ↵agl@chromium.org2011-08-094-106/+2
| | | | | | | | | | | | | | empty one." This reverts commit r91768. BUG=91905 TEST=none Review URL: http://codereview.chromium.org/7583036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@95932 0039d316-1c4b-4281-b951-d872f2087c98
* SSL_ForceHandshake should send the saved write data in the SSL socket.wtc@chromium.org2011-08-054-2/+74
| | | | | | | | | | R=agl@chromium.org BUG=91458 TEST=none Review URL: http://codereview.chromium.org/7572043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@95627 0039d316-1c4b-4281-b951-d872f2087c98
* For PKCS#12 imports, only mark key as unextractable if the PKCS#12 file ↵gauravsh@chromium.org2011-08-041-11/+28
| | | | | | | | | | | | | | | | includes it This addresses a potential corner case where we end up marking an already existing private key as unextractable while importing a corresponding certificate into a hardware (unextractable slot). BUG=chromium-os:15838 TEST=Added a new unit test Review URL: http://codereview.chromium.org/7466006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@95486 0039d316-1c4b-4281-b951-d872f2087c98
* net: fix caching of peer's cert chain in session objects.agl@chromium.org2011-08-022-3/+12
| | | | | | | | | | BUG=91341 TEST=none Review URL: http://codereview.chromium.org/7549020 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@95179 0039d316-1c4b-4281-b951-d872f2087c98
* Change a VLOG(1) message to LOG(ERROR) because it is truly an errorwtc@chromium.org2011-07-301-1/+1
| | | | | | | | | | | | message. R=gauravsh@chromium.org BUG=none TEST=none Review URL: http://codereview.chromium.org/7541008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94831 0039d316-1c4b-4281-b951-d872f2087c98
* net: allow SSL secrets to be exported sooner.agl@chromium.org2011-07-264-48/+56
| | | | | | | | | | | | This also addresses some follows up from previous CLs. BUG=none TEST=none Review URL: http://codereview.chromium.org/7493056 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94105 0039d316-1c4b-4281-b951-d872f2087c98
* net: add NSS support for RFC 5705agl@chromium.org2011-07-227-22/+361
| | | | | | | | | | | | | | | (Keying Material Exporters for TLS). This is a reworked version of the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=507359. BUG=none TEST=none yet Review URL: http://codereview.chromium.org/7464031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93635 0039d316-1c4b-4281-b951-d872f2087c98
* net: update NSS patches to reflect recent changes.agl@chromium.org2011-07-226-30/+573
| | | | | | | | | | | | | | | | | This updates the cached info patch to reflect: Merge upstream NSS changes from the cached info extension (r93119) And adds a patch for the origin bound certs work in: Add client-side support for the origin bound certificate TLS extension. (r92576) No code changes. BUG=84920,88782 TEST=none Review URL: http://codereview.chromium.org/7464028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93615 0039d316-1c4b-4281-b951-d872f2087c98
* Added client hello handler for the TLS origin bound cert extensionrkn@chromium.org2011-07-221-0/+1
| | | | | | | | | | | to the list of client hello handlers. BUG=None TEST=None Review URL: http://codereview.chromium.org/7481013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93567 0039d316-1c4b-4281-b951-d872f2087c98
* Merge upstream NSS changes from the cached info extension.rkn@chromium.org2011-07-196-11/+220
| | | | | | | | | BUG=None TEST=None Review URL: http://codereview.chromium.org/7379009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93119 0039d316-1c4b-4281-b951-d872f2087c98
* Add client-side support for the origin bound certificate TLS extension.rkn@chromium.org2011-07-145-4/+103
| | | | | | | | | BUG=None TEST=None Review URL: http://codereview.chromium.org/7327029 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92576 0039d316-1c4b-4281-b951-d872f2087c98
* Linux Cert manager: improve PKCS #12 import error messages.mattm@chromium.org2011-07-131-7/+24
| | | | | | | | | BUG=76275 TEST=try to import a corrupt or unsupported PKCS #12 file. Review URL: http://codereview.chromium.org/7338011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92306 0039d316-1c4b-4281-b951-d872f2087c98
* net: expose some more classes as APIevan@chromium.org2011-07-111-1/+3
| | | | | | | | | These additional bits of NET_API are necessary for the components build on Linux. Review URL: http://codereview.chromium.org/7337003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92072 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the comments setting emands and vim tab width and expansion variables.tony@chromium.org2011-07-112-12/+0
| | | | | | | | | | | | | | | | | These were added in r28089 (http://codereview.chromium.org/256059) but are unnecessary bloat for everyone to carry around, even those that don't use emacs or vim. In an earlier change, I added editor config files in src/tools/emacs/ and src/tools/vim/ so users of the appropriate editor can source those instead. BUG=none TEST=none Review URL: http://codereview.chromium.org/7310019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92046 0039d316-1c4b-4281-b951-d872f2087c98
* net: Precede each CBC encrypted application data record with an empty one.agl@chromium.org2011-07-074-2/+106
| | | | | | | | | | | | | | | | Precede each CBC encrypted application data record with an empty application data record in order to randomize the IV in a backwards compatible manner. (This is a reland of r90632 which was reverted in r90643 because it tickled a bug in remoting unittests.) http://codereview.chromium.org/7239002 BUG=87159 TEST=HTTPS sites continue to work. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@91768 0039d316-1c4b-4281-b951-d872f2087c98
* net: measure the latency difference of resume handshakes.agl@chromium.org2011-06-295-0/+82
| | | | | | | | | | | | | | | | | | | With False Start, we hope that resume and non-resume handshakes take the same amount of time. But non-resume handshakes involve sending the certificate chain to the client and this has a latency impact, although we don't know how high. There's also a danger that revocation checks will be confounded into this data: a full handshake is more likely to perform a revocation check. We'll have to look at the data and, possible, reintroduce the revocation checking field trial to address this. BUG=none TEST=none Review URL: http://codereview.chromium.org/7218013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90950 0039d316-1c4b-4281-b951-d872f2087c98
* For PKCS12 private keys imported into a hardware backed token, mark them as ↵gauravsh@chromium.org2011-06-292-37/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | unextractable The certificate mangager in Chrome OS has an "import and bind to device" option that allows imported private keys and associated certificates to be imported into a hardware token (typically a TPM). This change makes all private keys that are imported into a hardware token unextractable by setting to CKA_EXTRACTABLE flag to false. Export behavior is also changed to always perform the CKA_EXTRACTABLE flag check irrespective of whether it's an internal (soft) or hardware backed token and refusing export if set to false. Most hardware tokens will enforce this. Internal soft tokens tend to ignore this flag. The flag is made to take precedence irrespective of whether the underlying token will still allow key export. BUG=chromium-os:15838 TEST=unit tests Review URL: http://codereview.chromium.org/7190027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90890 0039d316-1c4b-4281-b951-d872f2087c98
* Use crnss.dll and crnspr.dll with the component build.rvargas@google.com2011-06-281-0/+1
| | | | | | | | BUG=85776 TEST=none Review URL: http://codereview.chromium.org/7273015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90853 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "net: Precede each CBC encrypted application data record with an ↵agl@chromium.org2011-06-274-106/+2
| | | | | | | | empty one." This reverts commit 71c84a00ba9eb06356176514c392043b585bf2d8. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90643 0039d316-1c4b-4281-b951-d872f2087c98
* net: Precede each CBC encrypted application data record with an empty one.agl@chromium.org2011-06-274-2/+106
| | | | | | | | | | | | | Precede each CBC encrypted application data record with an empty application data record in order to randomize the IV in a backwards compatible manner. BUG=87159 TEST=HTTPS sites continue to work. Review URL: http://codereview.chromium.org/7239002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90632 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-02-12 20:45:10 +0000