summaryrefslogtreecommitdiffstats
path: root/net/third_party
Commit message (Collapse)AuthorAgeFilesLines
* Fix inconsistent line ending style. Set svn:eol-style to LF.wtc@chromium.org2010-11-041-2/+2
| | | | | | | | | TBR=rsleevi BUG=37560,45369 TEST=none Review URL: http://codereview.chromium.org/4488002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65084 0039d316-1c4b-4281-b951-d872f2087c98
* Support for using OS-native certificates for SSL clientwtc@chromium.org2010-11-0410-1/+834
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | auth. Known Limitations: - Only SSL3/TLS1.0 handshakes are supported. It's unlikely SSLv2 will/should ever be implemented. NSS does not yet support TLS1.1/1.2. - On Windows, only CryptoAPI keys are supported. Keys that can only be accessed via CNG will fail. Technical Notes: Windows: - Only the AT_KEYEXCHANGE key is used, per http://msdn.microsoft.com/en-us/library/aa387461(VS.85).aspx - CryptSetHashParam is used to directly set the hash value. This *should* be supported by all CSPs that are compatible with RSA/SChannel, AFAICT, but testing is needed. NSS: - The define NSS_PLATFORM_CLIENT_AUTH is used to guard all of the new/patched code. The primary implementation details are in sslplatf.c. Patch author: Ryan Sleevi <rsleevi@chromium.org> Original review URL: http://codereview.chromium.org/2828002 BUG=148,37560,45369 TEST=Attempt to authenticate with a site that requires SSL client authentication (e.g., https://foaf.me/simpleLogin.php with a FOAF+SSL client certificate). Review URL: http://codereview.chromium.org/3455019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65064 0039d316-1c4b-4281-b951-d872f2087c98
* net: Make Snap Start check cert verification and add metricsagl@chromium.org2010-11-031-0/+2
| | | | | | | | | | | | | | | | This CL causes Snap Start to only trigger if the certificate verification has completed by the time we are ready to send out the handshake message. It also adds a couple of NetLog entries and histograms around the Snap Start code. BUG=none TEST=none http://codereview.chromium.org/4408001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64986 0039d316-1c4b-4281-b951-d872f2087c98
* Don't resend payload after Snap Start misprediction.agl@chromium.org2010-11-032-18/+1
| | | | | | | | | | | | | | | | | | | | | The Snap Start code in NSS worked like the prototype implementation in tlsclient. This had the library take care of resending the application data in the event of a mispredict. However, that was safe because it did certificate verification as the message was received. However, in Chrome, it's possible that a mispret could be triggered by the server having a different certificate and NSS would resend the application data before Chrome verified the certificate. This change removes that behaviour from NSS and makes the retransmission the job of ssl_client_socket_nss.cc. BUG=none TEST=none http://codereview.chromium.org/4213003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64953 0039d316-1c4b-4281-b951-d872f2087c98
* DOMUI Cert Manager: merge email certs into other certs tab.mattm@chromium.org2010-11-031-8/+1
| | | | | | | | | BUG=19991 TEST=cert manager no longer has a "people" tab, any certs that were there are now in "other" tab. Review URL: http://codereview.chromium.org/4310004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64866 0039d316-1c4b-4281-b951-d872f2087c98
* net: add SSL_PeerCertificatesChain function to NSS.agl@chromium.org2010-10-253-0/+48
| | | | | | | | | | | | SSL_PeerCertificatesChain returns the intermediate certificates as presented by a TLS server. Previously, we have been extracting chains built by validation, which may differ from the chain presented by the server. BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63750 0039d316-1c4b-4281-b951-d872f2087c98
* Add certificates to the ss->ssl3.peerCertChain linked listwtc@chromium.org2010-10-213-25/+78
| | | | | | | | | | | in the right order. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/3984003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63366 0039d316-1c4b-4281-b951-d872f2087c98
* net: add patch file for Snap Start support in NSSagl@chromium.org2010-10-202-0/+2135
| | | | | | | | | | | | | | Add a file in the patches/ directory which contains the contents of our current Snap Start patch. No code changes. BUG=none TEST=none Review URL: http://codereview.chromium.org/3922002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63206 0039d316-1c4b-4281-b951-d872f2087c98
* Convert LOG(INFO) to VLOG(1) - net/.pkasting@chromium.org2010-10-163-9/+9
| | | | | | | | | | Also converts COOKIE_DLOG (since VLOG can be toggled on a granular basis), removes some unneeded "endl"s and {}s, aligns "<<"s per style guide, and changes KeygenHandler::GenKeyAndSignChallenge() to avoid using "goto". BUG=none TEST=none Review URL: http://codereview.chromium.org/3846001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@62831 0039d316-1c4b-4281-b951-d872f2087c98
* CertDatabase: Add ImportServerCerts method.mattm@chromium.org2010-10-122-0/+39
| | | | | | | | | BUG=19991 TEST=net_unittests Review URL: http://codereview.chromium.org/3576016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@62228 0039d316-1c4b-4281-b951-d872f2087c98
* NSS: Snap Start NPN support and other fixes.agl@chromium.org2010-09-204-16/+108
| | | | | | | | | | | | | | | | | | | | Snap Start now works with NPN. In the case that the server doesn't support Snap Start, SSL_GetPredictedServerHelloData will no longer return any data to allow the application not to cache Snap Start information for servers that don't support it. Previously Snap Start wasn't filling in the certificates in all cases. (Test cases didn't check the certificates on the socket; but Chrome noticed.) BUG=none TEST=nsstests (not in tree) http://codereview.chromium.org/3430007/show git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59957 0039d316-1c4b-4281-b951-d872f2087c98
* NSS: Call handshake callback with False Start and Snap Start.agl@chromium.org2010-09-141-20/+14
| | | | | | | | | | | | Previously, we wouldn't call the handshake callback if both False Start and Snap Start were enabled on a connection. BUG=none TEST=none, because we haven't got the Snap Start code in yet. http://codereview.chromium.org/3247006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59371 0039d316-1c4b-4281-b951-d872f2087c98
* CertDatabase cleanups: comments for CertType and trust enums, ↵mattm@chromium.org2010-09-142-11/+12
| | | | | | | | | | | s/ImportCertResult/ImportCertFailure/ BUG=19991 TEST=none Review URL: http://codereview.chromium.org/3351002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59318 0039d316-1c4b-4281-b951-d872f2087c98
* Add NSS cert trust setting, cert deleting, and CA cert import to CertDatabase.mattm@chromium.org2010-08-312-0/+269
| | | | | | | | | BUG=19991 TEST=net/base/cert_database_nss_unittest.cc Review URL: http://codereview.chromium.org/3106028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@58077 0039d316-1c4b-4281-b951-d872f2087c98
* Allow SSL_SecurityStatus, SSL_GetChannelInfo, andwtc@chromium.org2010-08-275-3/+178
| | | | | | | | | | | | | | SSL_HandshakeNegotiatedExtension to be called as soon as a false start handshake is done. R=agl BUG=53366 TEST=Visit any HTTPS sites, especially sites with certificate errors. The SSL InfoBubble should not say "your connection to www.example.com is not encrypted." Review URL: http://codereview.chromium.org/3233001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57691 0039d316-1c4b-4281-b951-d872f2087c98
* NSS: Add Snap Start supportagl@chromium.org2010-08-2510-15/+1299
| | | | | | | | | | | This patch adds NSS support for Snap Start, an experimental TLS extension for zero round trip handshakes. This change does not enable Snap Start. BUG=none TEST=External unittests (not in tree) git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57325 0039d316-1c4b-4281-b951-d872f2087c98
* NSS cert database cleanupsmattm@chromium.org2010-08-201-6/+5
| | | | | | | | | | | | | | Use ScopedPK11Slot. Move common test functionality into functions. Move common test conditions into SetUp/TearDown. Move common test variables into attributes of the test class. BUG=19991 TEST=tests still pass Review URL: http://codereview.chromium.org/3189014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56801 0039d316-1c4b-4281-b951-d872f2087c98
* Move nsNSSCertTrust from chrome/third_party to net/third_party.mattm@chromium.org2010-08-202-0/+495
| | | | | | | | | BUG=19991 TEST=builds Review URL: http://codereview.chromium.org/3104022 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56799 0039d316-1c4b-4281-b951-d872f2087c98
* Give keys friendly names in NSS and OS Xdavidben@chromium.org2010-08-192-1/+20
| | | | | | | | | | | | | | | | This will make them browsing them easier in Keychain Access and certutil. It also gives them a more useful name in Keychain permission dialogs. The friendly name is currently just the hostname which requested the key. It would be nice to have some surrounding text with localization, but this works for now. BUG=none TEST=none Review URL: http://codereview.chromium.org/2806045 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56774 0039d316-1c4b-4281-b951-d872f2087c98
* Revert the workaround for servers that use tiny DH keys.wtc@chromium.org2010-08-176-67/+63
| | | | | | | | | | | | | | | | | | Add the new error code ERR_SSL_WEAK_SERVER_KEY for these broken servers. Use the new SSL_RENEGOTIATE_TRANSITIONAL option. On the client side it is equivalent to SSL_RENEGOTIATE_UNRESTRICTED. R=agl BUG=51694 TEST=Visit https://portal-plumprod.cgc.enbridge.com and https://www.citylink.com.au. The network error page should display the error message: Error 129 (net::ERR_SSL_WEAK_SERVER_KEY): Unknown error. Review URL: http://codereview.chromium.org/3149012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56283 0039d316-1c4b-4281-b951-d872f2087c98
* Update to NSS 3.12.7.wtc@chromium.org2010-08-1314-95/+100
| | | | | | | | | R=agl BUG=51694 TEST=No build errors or test failures. Review URL: http://codereview.chromium.org/3177012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56042 0039d316-1c4b-4281-b951-d872f2087c98
* Add NSS PKCS12 import/export functions to CertDatabase.mattm@chromium.org2010-08-122-0/+470
| | | | | | | | | | | Use sql: prefix when opening NSS UserDB (this will affect existing Chromeos installations, which had been using the old berkelydb format.) BUG=19991,51327,51328,51330,51332 TEST=net/base/cert_database_nss_unittest.cc Review URL: http://codereview.chromium.org/3018038 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55916 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Add NSS PKCS12 import/export functions to CertDatabase." which ↵mattm@chromium.org2010-08-112-470/+0
| | | | | | | | | | | | failed compile on chromeos. This reverts commit r55798. BUG=19991,51327,51328,51330,51332 Review URL: http://codereview.chromium.org/3169007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55804 0039d316-1c4b-4281-b951-d872f2087c98
* Add NSS PKCS12 import/export functions to CertDatabase.mattm@chromium.org2010-08-112-0/+470
| | | | | | | | | | | Use sql: prefix when opening NSS UserDB (this will affect existing Chromeos installations, which had been using the old berkelydb format.) BUG=19991,51327,51328,51330,51332 TEST=net/base/cert_database_nss_unittest.cc Review URL: http://codereview.chromium.org/3018038 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55798 0039d316-1c4b-4281-b951-d872f2087c98
* List TLS_DHE_RSA_WITH_AES_256_CBC_SHA afterwtc@chromium.org2010-08-104-2/+68
| | | | | | | | | | | | | | | | TLS_RSA_WITH_AES_256_CBC_SHA in ClientHello so that we communicate securely with some servers that use 256-bit DH keys. The proper fix is to upgrade to NSS 3.12.7 to pick up the DH key size checks. This is just a workaround. R=agl BUG=51694 TEST=none Review URL: http://codereview.chromium.org/3118002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55580 0039d316-1c4b-4281-b951-d872f2087c98
* Reshuffle some NSS code to make way for Snap Start.agl@chromium.org2010-08-063-122/+158
| | | | | | | | | TEST=net_unittests BUG=none http://codereview.chromium.org/3074008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55226 0039d316-1c4b-4281-b951-d872f2087c98
* Update the TLS False Start patch. Replace TABs by spaceswtc@chromium.org2010-07-293-35/+37
| | | | | | | | | | | | | in ssl.h. Add comments to ssl3con.c to make it clear that we call the handshakeCallback only once. Fix incorrect -h option in new test cases in sslstress.txt. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/2808075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54146 0039d316-1c4b-4281-b951-d872f2087c98
* net/third_party/nss: sync patches/ directory.agl@chromium.org2010-07-083-1/+129
| | | | | | | | | | | * Add a patch for r50960 (Cache the peer's intermediate CA certificates...) No code changes. TEST=none BUG=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@51859 0039d316-1c4b-4281-b951-d872f2087c98
* Cache the peer's intermediate CA certificates in session ID, so thatwtc@chromium.org2010-06-283-0/+45
| | | | | | | | | | | | | | they're available when we resume a session. Right now when we resume a session, only the server certificate is available, so we may have an incomplete certificate chain. TBR=agl BUG=47181 TEST=no "certificate not trusted" error on the Mac after using Chrome for a long time. Review URL: http://codereview.chromium.org/2855025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50960 0039d316-1c4b-4281-b951-d872f2087c98
* Add a unit test to check KeygenHandler's thread-safetydavidben@chromium.org2010-06-251-8/+14
| | | | | | | | | | | | We'll want some semblance of thread-safety when we make keygen asynchronous. R=wtc,mattm BUG=148 TEST=unit test Review URL: http://codereview.chromium.org/2838010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50903 0039d316-1c4b-4281-b951-d872f2087c98
* Change Windows' application/x-x509-user-cert handling to allow any ↵rsleevi@chromium.org2010-06-241-13/+0
| | | | | | | | | | | | certificate that has a private key, regardless of where it was generated, rather than restricting it to keys generated via <keygen> in the current browsing session. BUG=148 TEST=None R=wtc Review URL: http://codereview.chromium.org/2874002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50695 0039d316-1c4b-4281-b951-d872f2087c98
* Don't need to copy the challenge data before calling DER_Encode becausewtc@chromium.org2010-06-242-10/+8
| | | | | | | | | | | DER_Encode will copy it. Document the GenKeyAndSignChallenge function. R=mattm,davidben BUG=148 TEST=none Review URL: http://codereview.chromium.org/2866011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50682 0039d316-1c4b-4281-b951-d872f2087c98
* Move the Mozilla-derived code in net/base/keygen_handler_nss.ccwtc@chromium.org2010-06-184-0/+388
| | | | | | | | | | | | | to the new net/third_party/mozilla_security_manager directory. Fix nits. R=mattm,davidben BUG=148 TEST=none Review URL: http://codereview.chromium.org/2824014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50259 0039d316-1c4b-4281-b951-d872f2087c98
* Removed gssapi namespace.ahendrickson@google.com2010-06-102-20/+8
| | | | | | | | | BUG=33033. TEST=None. Review URL: http://codereview.chromium.org/2682006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49414 0039d316-1c4b-4281-b951-d872f2087c98
* Use SSLClientSocketNSS on Mac OS X. By default, chrome still useswtc@chromium.org2010-06-011-13/+18
| | | | | | | | | | | | | | | | | | SSLClientSocketMac. Specify the --use-nss-for-ssl command-line option to use SSLClientSocketNSS. The nss.gyp in src/net/third_party/nss is renamed ssl.gyp to avoid a naming conflict with the nss.gyp in src/third_party/nss. The GYP generator for Xcode project files disallows same-named .gyp files. SSL client authentication doesn't work yet. R=mark BUG=30689 TEST=No build and test failures on Mac and Windows. Review URL: http://codereview.chromium.org/2322008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48650 0039d316-1c4b-4281-b951-d872f2087c98
* Adding gssapi.h to third_party.ahendrickson@google.com2010-05-184-0/+914
| | | | | | | | | | | Moved to net/third_party. BUG=None. TEST=None. Review URL: http://codereview.chromium.org/2011013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47563 0039d316-1c4b-4281-b951-d872f2087c98
* GYP changes for FreeBSD and OpenBSDpvalchev@google.com2010-05-141-2/+2
| | | | | | Review URL: http://codereview.chromium.org/1480002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47327 0039d316-1c4b-4281-b951-d872f2087c98
* Pass license check script for most of the tree.evan@chromium.org2010-03-192-0/+38
| | | | | | | | | | | | | Modified license-checker script to allow pruning directories we know to be ok. Still need to do a bit of third_party/* , as well as file a bunch of bugs on pieces where the licenses aren't clear, but I'm running out of energy. Review URL: http://codereview.chromium.org/1100003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42045 0039d316-1c4b-4281-b951-d872f2087c98
* ssl_SecureSend should not do handshake when the handshake wait state iswtc@chromium.org2010-03-163-62/+104
| | | | | | | | | | | wait_finished and we are false starting. R=agl BUG=38103 TEST=SSLClientSocketTest.Read_FullDuplex should not hang on Ubuntu Karmic. Review URL: http://codereview.chromium.org/850008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41731 0039d316-1c4b-4281-b951-d872f2087c98
* NSS and NPN: send NextProtocol on resume and disable NPN without SPDY.agl@chromium.org2010-03-122-17/+40
| | | | | | | | | | | | | | | | | | | NPN on resume was broken symmetrically between OpenSSL and NSS (which is probably why we didn't notice for so long). OpenSSL wasn't expecting the message and NSS wasn't sending it. This change sends the NextProtocol message when resuming and disables NPN when not using SPDY. The reason for the latter is that we have GFEs deployed which don't expect NextProtocol when resuming and we have to wait some time before they get replaced. Because of this, we can't have NPN enabled by default. Instead, we'll use --host-resolver-rules to redirect everything to known-good GFEs in the mean time. http://codereview.chromium.org/841003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41433 0039d316-1c4b-4281-b951-d872f2087c98
* SSL False Start Supportagl@chromium.org2010-03-029-3/+390
| | | | | | | | | | | | | | | | | | | | | | | | | * Adds TLS false start support. This allows us to start sending encrypted data before we have validated the server's Finished message. (This behaviour is already enabled on Android.) I've verified that this works using netem to add a 200ms delay on the loopback adaptor. I've also checked that an incorrect Finished message from the server causes an error by hacking the Go TLS server. Beware when looking at packet traces that the time taken in NSS's SQLite calls can exceed the RTT of the connection and make it appear that this code isn't functioning. * Adds DEBUG and TRACE defines to libssl when building Chromium in Debug mode. This means that setting SSLTRACE in the environment now works for debug builds. (Reland. First landed in r39905, reverted in r40024 because it uncovered a bug. Then landed in r40124 and reverted in r40126 because the faster SSL handshakes made a flake UI test worse. UI test fixed in r40285.) http://codereview.chromium.org/518065 BUG=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40438 0039d316-1c4b-4281-b951-d872f2087c98
* Send an empty renegotiation info extension instead of SCSVwtc@chromium.org2010-03-023-2/+36
| | | | | | | | | | | | | | | | unless TLS is disabled. This allows implementers of server side secure renegotiation to use Linux Chrome as a test client that sends empty renegotiation info extensions in initial handshakes. Rename README.google to README.chromium. R=agl BUG=none TEST=none Review URL: http://codereview.chromium.org/660233 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40337 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Fix the case where the browser livelocks if we cannot open a file."agl@chromium.org2010-03-019-390/+3
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40291 0039d316-1c4b-4281-b951-d872f2087c98
* Fix the case where the browser livelocks if we cannot open a file.agl@chromium.org2010-02-269-3/+390
| | | | | | | | | | | | | | | | | | | | If one tries to upload a file that one doesn't have read access to, the browser livelocks. It tries to read from the file, gets nothing but spins forever because it knows that it hasn't finished reading. To address this, firstly we add a check at stat() time to make sure that we can read the file. However, this doesn't take care of the case where the access() call was incorrect, or the permissions have changed under us. In this case, we replace the missing file with NULs. (Land attempt three: first in r39446, reverted in r39448. Second in r39899, reverted in r39901.) http://codereview.chromium.org/541022 BUG=30850 TEST=Try to upload a file that isn't readable (i.e. /etc/shadow). The resulting upload should be a 0 byte file. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40146 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "SSL False Start Support"agl@chromium.org2010-02-269-390/+3
| | | | | | | (Again. Looks like it might have uncovered another issue but I'm about to go to lunch and I don't want to leave the tree red.) git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40126 0039d316-1c4b-4281-b951-d872f2087c98
* SSL False Start Supportagl@chromium.org2010-02-269-3/+390
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Adds TLS false start support. This allows us to start sending encrypted data before we have validated the server's Finished message. (This behaviour is already enabled on Android.) I've verified that this works using netem to add a 200ms delay on the loopback adaptor. I've also checked that an incorrect Finished message from the server causes an error by hacking the Go TLS server. Beware when looking at packet traces that the time taken in NSS's SQLite calls can exceed the RTT of the connection and make it appear that this code isn't functioning. * Adds DEBUG and TRACE defines to libssl when building Chromium in Debug mode. This means that setting SSLTRACE in the environment now works for debug builds. (Reland. First landed in r39905, reverted in r40024 because it uncovered a bug.) http://codereview.chromium.org/518065 BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40124 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "SSL False Start Support"agl@chromium.org2010-02-259-390/+3
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40024 0039d316-1c4b-4281-b951-d872f2087c98
* SSL False Start Supportagl@chromium.org2010-02-249-3/+390
| | | | | | | | | | | | | | | | | | | | | | | | * Adds TLS false start support. This allows us to start sending encrypted data before we have validated the server's Finished message. (This behaviour is already enabled on Android.) I've verified that this works using netem to add a 200ms delay on the loopback adaptor. I've also checked that an incorrect Finished message from the server causes an error by hacking the Go TLS server. Beware when looking at packet traces that the time taken in NSS's SQLite calls can exceed the RTT of the connection and make it appear that this code isn't functioning. * Adds DEBUG and TRACE defines to libssl when building Chromium in Debug mode. This means that setting SSLTRACE in the environment now works for debug builds. http://codereview.chromium.org/518065 BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39905 0039d316-1c4b-4281-b951-d872f2087c98
* net/third_party/nss: update to NSS_3_12_6_RC0agl@chromium.org2010-02-165-8/+26
| | | | | | | | | BUG=none TEST=none http://codereview.chromium.org/593089 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39123 0039d316-1c4b-4281-b951-d872f2087c98
* arm with its sysroot needs a new path to ../../../build/linux/pkg-config-wrapperfbarchard@chromium.org2010-02-161-1/+1
| | | | | | | | | BUG=35869 TEST=gclient runhooks --force should work for arm configurations of linux. Review URL: http://codereview.chromium.org/600144 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39110 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-05-10 05:48:40 +0000