| OLD | NEW |
|---|
| (Empty) |
| 1 Index: mozilla/security/nss/cmd/strsclnt/strsclnt.c | |
| 2 =================================================================== | |
| 3 RCS file: /cvsroot/mozilla/security/nss/cmd/strsclnt/strsclnt.c,v | |
| 4 retrieving revision 1.67 | |
| 5 diff -u -p -r1.67 strsclnt.c | |
| 6 --- mozilla/security/nss/cmd/strsclnt/strsclnt.c 3 Apr 2010 18:27:28 -000
0 1.67 | |
| 7 +++ mozilla/security/nss/cmd/strsclnt/strsclnt.c 29 Jul 2010 01:49:04 -00
00 | |
| 8 @@ -162,6 +162,7 @@ static PRBool disableLocking = PR_FALSE | |
| 9 static PRBool ignoreErrors = PR_FALSE; | |
| 10 static PRBool enableSessionTickets = PR_FALSE; | |
| 11 static PRBool enableCompression = PR_FALSE; | |
| 12 +static PRBool enableFalseStart = PR_FALSE; | |
| 13 | |
| 14 PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; | |
| 15 | |
| 16 @@ -197,7 +198,8 @@ Usage(const char *progName) | |
| 17 " -U means enable throttling up threads\n" | |
| 18 " -B bypasses the PKCS11 layer for SSL encryption and MACing\n" | |
| 19 " -u enable TLS Session Ticket extension\n" | |
| 20 - " -z enable compression\n", | |
| 21 + " -z enable compression\n" | |
| 22 + " -g enable false start\n", | |
| 23 progName); | |
| 24 exit(1); | |
| 25 } | |
| 26 @@ -1244,6 +1246,12 @@ client_main( | |
| 27 errExit("SSL_OptionSet SSL_ENABLE_DEFLATE"); | |
| 28 } | |
| 29 | |
| 30 + if (enableFalseStart) { | |
| 31 + rv = SSL_OptionSet(model_sock, SSL_ENABLE_FALSE_START, PR_TRUE); | |
| 32 + if (rv != SECSuccess) | |
| 33 + errExit("SSL_OptionSet SSL_ENABLE_FALSE_START"); | |
| 34 + } | |
| 35 + | |
| 36 SSL_SetURL(model_sock, hostName); | |
| 37 | |
| 38 SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate, | |
| 39 @@ -1354,7 +1362,7 @@ main(int argc, char **argv) | |
| 40 | |
| 41 | |
| 42 optstate = PL_CreateOptState(argc, argv, | |
| 43 - "23BC:DNP:TUW:a:c:d:f:in:op:qst:uvw:z"); | |
| 44 + "23BC:DNP:TUW:a:c:d:f:gin:op:qst:uvw:z"); | |
| 45 while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { | |
| 46 switch(optstate->option) { | |
| 47 | |
| 48 @@ -1384,6 +1392,8 @@ main(int argc, char **argv) | |
| 49 | |
| 50 case 'f': fileName = optstate->value; break; | |
| 51 | |
| 52 + case 'g': enableFalseStart = PR_TRUE; break; | |
| 53 + | |
| 54 case 'i': ignoreErrors = PR_TRUE; break; | |
| 55 | |
| 56 case 'n': nickName = PL_strdup(optstate->value); break; | |
| 57 Index: mozilla/security/nss/cmd/tstclnt/tstclnt.c | |
| 58 =================================================================== | |
| 59 RCS file: /cvsroot/mozilla/security/nss/cmd/tstclnt/tstclnt.c,v | |
| 60 retrieving revision 1.62 | |
| 61 diff -u -p -r1.62 tstclnt.c | |
| 62 --- mozilla/security/nss/cmd/tstclnt/tstclnt.c 10 Feb 2010 18:07:21 -0000
1.62 | |
| 63 +++ mozilla/security/nss/cmd/tstclnt/tstclnt.c 29 Jul 2010 01:49:04 -0000 | |
| 64 @@ -225,6 +225,7 @@ static void Usage(const char *progName) | |
| 65 fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "
-r N"); | |
| 66 fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u"); | |
| 67 fprintf(stderr, "%-20s Enable compression.\n", "-z"); | |
| 68 + fprintf(stderr, "%-20s Enable false start.\n", "-g"); | |
| 69 fprintf(stderr, "%-20s Letter(s) chosen from the following list\n", | |
| 70 "-c ciphers"); | |
| 71 fprintf(stderr, | |
| 72 @@ -521,6 +522,7 @@ int main(int argc, char **argv) | |
| 73 int useExportPolicy = 0; | |
| 74 int enableSessionTickets = 0; | |
| 75 int enableCompression = 0; | |
| 76 + int enableFalseStart = 0; | |
| 77 PRSocketOptionData opt; | |
| 78 PRNetAddr addr; | |
| 79 PRPollDesc pollset[2]; | |
| 80 @@ -551,7 +553,7 @@ int main(int argc, char **argv) | |
| 81 } | |
| 82 | |
| 83 optstate = PL_CreateOptState(argc, argv, | |
| 84 - "23BSTW:a:c:d:fh:m:n:op:qr:suvw:xz"); | |
| 85 + "23BSTW:a:c:d:fgh:m:n:op:qr:suvw:xz"); | |
| 86 while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { | |
| 87 switch (optstate->option) { | |
| 88 case '?': | |
| 89 @@ -578,6 +580,8 @@ int main(int argc, char **argv) | |
| 90 | |
| 91 case 'c': cipherString = PORT_Strdup(optstate->value); break; | |
| 92 | |
| 93 + case 'g': enableFalseStart = 1; break; | |
| 94 + | |
| 95 case 'd': certDir = PORT_Strdup(optstate->value); break; | |
| 96 | |
| 97 case 'f': clientSpeaksFirst = PR_TRUE; break; | |
| 98 @@ -863,7 +867,14 @@ int main(int argc, char **argv) | |
| 99 SECU_PrintError(progName, "error enabling compression"); | |
| 100 return 1; | |
| 101 } | |
| 102 - | |
| 103 + | |
| 104 + /* enable false start. */ | |
| 105 + rv = SSL_OptionSet(s, SSL_ENABLE_FALSE_START, enableFalseStart); | |
| 106 + if (rv != SECSuccess) { | |
| 107 + SECU_PrintError(progName, "error enabling false start"); | |
| 108 + return 1; | |
| 109 + } | |
| 110 + | |
| 111 SSL_SetPKCS11PinArg(s, &pwdata); | |
| 112 | |
| 113 SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); | |
| 114 Index: mozilla/security/nss/lib/ssl/ssl.h | |
| 115 =================================================================== | |
| 116 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v | |
| 117 retrieving revision 1.38 | |
| 118 diff -u -p -r1.38 ssl.h | |
| 119 --- mozilla/security/nss/lib/ssl/ssl.h 17 Feb 2010 02:29:07 -0000 1.38 | |
| 120 +++ mozilla/security/nss/lib/ssl/ssl.h 29 Jul 2010 01:49:04 -0000 | |
| 121 @@ -128,6 +128,17 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi | |
| 122 /* Renegotiation Info (RI) */ | |
| 123 /* extension in ALL handshakes. */ | |
| 124 /* default: off */ | |
| 125 +#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ | |
| 126 + /* default, applies only to */ | |
| 127 + /* clients). False start is a */ | |
| 128 +/* mode where an SSL client will start sending application data before */ | |
| 129 +/* verifying the server's Finished message. This means that we could end up */ | |
| 130 +/* sending data to an imposter. However, the data will be encrypted and */ | |
| 131 +/* only the true server can derive the session key. Thus, so long as the */ | |
| 132 +/* cipher isn't broken this is safe. Because of this, False Start will only */ | |
| 133 +/* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ | |
| 134 +/* bits. The advantage of False Start is that it saves a round trip for */ | |
| 135 +/* client-speaks-first protocols when performing a full handshake. */ | |
| 136 | |
| 137 #ifdef SSL_DEPRECATED_FUNCTION | |
| 138 /* Old deprecated function names */ | |
| 139 Index: mozilla/security/nss/lib/ssl/ssl3con.c | |
| 140 =================================================================== | |
| 141 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v | |
| 142 retrieving revision 1.142 | |
| 143 diff -u -p -r1.142 ssl3con.c | |
| 144 --- mozilla/security/nss/lib/ssl/ssl3con.c 24 Jun 2010 19:53:20 -0000
1.142 | |
| 145 +++ mozilla/security/nss/lib/ssl/ssl3con.c 29 Jul 2010 01:49:04 -0000 | |
| 146 @@ -5665,7 +5665,17 @@ ssl3_RestartHandshakeAfterCertReq(sslSoc | |
| 147 return rv; | |
| 148 } | |
| 149 | |
| 150 - | |
| 151 +PRBool | |
| 152 +ssl3_CanFalseStart(sslSocket *ss) { | |
| 153 + return ss->opt.enableFalseStart && | |
| 154 + !ss->sec.isServer && | |
| 155 + !ss->ssl3.hs.isResuming && | |
| 156 + ss->ssl3.cwSpec && | |
| 157 + ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && | |
| 158 + (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa || | |
| 159 + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh || | |
| 160 + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh); | |
| 161 +} | |
| 162 | |
| 163 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | |
| 164 * ssl3 Server Hello Done message. | |
| 165 @@ -5737,6 +5747,12 @@ ssl3_HandleServerHelloDone(sslSocket *ss | |
| 166 ss->ssl3.hs.ws = wait_new_session_ticket; | |
| 167 else | |
| 168 ss->ssl3.hs.ws = wait_change_cipher; | |
| 169 + | |
| 170 + /* Do the handshake callback for sslv3 here, if we can false start. */ | |
| 171 + if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { | |
| 172 + (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | |
| 173 + } | |
| 174 + | |
| 175 return SECSuccess; | |
| 176 | |
| 177 loser: | |
| 178 @@ -8476,8 +8492,8 @@ xmit_loser: | |
| 179 } | |
| 180 ss->ssl3.hs.ws = idle_handshake; | |
| 181 | |
| 182 - /* Do the handshake callback for sslv3 here. */ | |
| 183 - if (ss->handshakeCallback != NULL) { | |
| 184 + /* Do the handshake callback for sslv3 here, if we cannot false start. */ | |
| 185 + if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { | |
| 186 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | |
| 187 } | |
| 188 | |
| 189 Index: mozilla/security/nss/lib/ssl/ssl3gthr.c | |
| 190 =================================================================== | |
| 191 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3gthr.c,v | |
| 192 retrieving revision 1.9 | |
| 193 diff -u -p -r1.9 ssl3gthr.c | |
| 194 --- mozilla/security/nss/lib/ssl/ssl3gthr.c 20 Nov 2008 07:37:25 -0000
1.9 | |
| 195 +++ mozilla/security/nss/lib/ssl/ssl3gthr.c 29 Jul 2010 01:49:04 -0000 | |
| 196 @@ -188,6 +188,7 @@ ssl3_GatherCompleteHandshake(sslSocket * | |
| 197 { | |
| 198 SSL3Ciphertext cText; | |
| 199 int rv; | |
| 200 + PRBool canFalseStart = PR_FALSE; | |
| 201 | |
| 202 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | |
| 203 do { | |
| 204 @@ -207,7 +208,20 @@ ssl3_GatherCompleteHandshake(sslSocket * | |
| 205 if (rv < 0) { | |
| 206 return ss->recvdCloseNotify ? 0 : rv; | |
| 207 } | |
| 208 - } while (ss->ssl3.hs.ws != idle_handshake && ss->gs.buf.len == 0); | |
| 209 + | |
| 210 + /* If we kicked off a false start in ssl3_HandleServerHelloDone, break | |
| 211 + * out of this loop early without finishing the handshake. | |
| 212 + */ | |
| 213 + if (ss->opt.enableFalseStart) { | |
| 214 + ssl_GetSSL3HandshakeLock(ss); | |
| 215 + canFalseStart = (ss->ssl3.hs.ws == wait_change_cipher || | |
| 216 + ss->ssl3.hs.ws == wait_new_session_ticket) && | |
| 217 + ssl3_CanFalseStart(ss); | |
| 218 + ssl_ReleaseSSL3HandshakeLock(ss); | |
| 219 + } | |
| 220 + } while (ss->ssl3.hs.ws != idle_handshake && | |
| 221 + !canFalseStart && | |
| 222 + ss->gs.buf.len == 0); | |
| 223 | |
| 224 ss->gs.readOffset = 0; | |
| 225 ss->gs.writeOffset = ss->gs.buf.len; | |
| 226 Index: mozilla/security/nss/lib/ssl/sslimpl.h | |
| 227 =================================================================== | |
| 228 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v | |
| 229 retrieving revision 1.77 | |
| 230 diff -u -p -r1.77 sslimpl.h | |
| 231 --- mozilla/security/nss/lib/ssl/sslimpl.h 10 Feb 2010 00:33:50 -0000
1.77 | |
| 232 +++ mozilla/security/nss/lib/ssl/sslimpl.h 29 Jul 2010 01:49:04 -0000 | |
| 233 @@ -333,6 +333,7 @@ typedef struct sslOptionsStr { | |
| 234 unsigned int enableDeflate : 1; /* 19 */ | |
| 235 unsigned int enableRenegotiation : 2; /* 20-21 */ | |
| 236 unsigned int requireSafeNegotiation : 1; /* 22 */ | |
| 237 + unsigned int enableFalseStart : 1; /* 23 */ | |
| 238 } sslOptions; | |
| 239 | |
| 240 typedef enum { sslHandshakingUndetermined = 0, | |
| 241 @@ -1250,6 +1251,8 @@ extern void ssl_SetAlwaysBlock(sslS | |
| 242 | |
| 243 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); | |
| 244 | |
| 245 +extern PRBool ssl3_CanFalseStart(sslSocket *ss); | |
| 246 + | |
| 247 #define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) | |
| 248 #define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock
) | |
| 249 #define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) | |
| 250 Index: mozilla/security/nss/lib/ssl/sslsecur.c | |
| 251 =================================================================== | |
| 252 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsecur.c,v | |
| 253 retrieving revision 1.43 | |
| 254 diff -u -p -r1.43 sslsecur.c | |
| 255 --- mozilla/security/nss/lib/ssl/sslsecur.c 14 Jan 2010 22:15:25 -0000
1.43 | |
| 256 +++ mozilla/security/nss/lib/ssl/sslsecur.c 29 Jul 2010 01:49:04 -0000 | |
| 257 @@ -1199,8 +1199,17 @@ ssl_SecureSend(sslSocket *ss, const unsi | |
| 258 ss->writerThread = PR_GetCurrentThread(); | |
| 259 /* If any of these is non-zero, the initial handshake is not done. */ | |
| 260 if (!ss->firstHsDone) { | |
| 261 + PRBool canFalseStart = PR_FALSE; | |
| 262 ssl_Get1stHandshakeLock(ss); | |
| 263 - if (ss->handshake || ss->nextHandshake || ss->securityHandshake) { | |
| 264 + if (ss->version >= SSL_LIBRARY_VERSION_3_0 && | |
| 265 + (ss->ssl3.hs.ws == wait_change_cipher || | |
| 266 + ss->ssl3.hs.ws == wait_finished || | |
| 267 + ss->ssl3.hs.ws == wait_new_session_ticket) && | |
| 268 + ssl3_CanFalseStart(ss)) { | |
| 269 + canFalseStart = PR_TRUE; | |
| 270 + } | |
| 271 + if (!canFalseStart && | |
| 272 + (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { | |
| 273 rv = ssl_Do1stHandshake(ss); | |
| 274 } | |
| 275 ssl_Release1stHandshakeLock(ss); | |
| 276 Index: mozilla/security/nss/lib/ssl/sslsock.c | |
| 277 =================================================================== | |
| 278 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v | |
| 279 retrieving revision 1.67 | |
| 280 diff -u -p -r1.67 sslsock.c | |
| 281 --- mozilla/security/nss/lib/ssl/sslsock.c 25 Apr 2010 23:37:38 -0000
1.67 | |
| 282 +++ mozilla/security/nss/lib/ssl/sslsock.c 29 Jul 2010 01:49:04 -0000 | |
| 283 @@ -183,6 +183,7 @@ static sslOptions ssl_defaults = { | |
| 284 PR_FALSE, /* enableDeflate */ | |
| 285 2, /* enableRenegotiation (default: requires extension) */ | |
| 286 PR_FALSE, /* requireSafeNegotiation */ | |
| 287 + PR_FALSE, /* enableFalseStart */ | |
| 288 }; | |
| 289 | |
| 290 sslSessionIDLookupFunc ssl_sid_lookup; | |
| 291 @@ -728,6 +729,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh | |
| 292 ss->opt.requireSafeNegotiation = on; | |
| 293 break; | |
| 294 | |
| 295 + case SSL_ENABLE_FALSE_START: | |
| 296 + ss->opt.enableFalseStart = on; | |
| 297 + break; | |
| 298 + | |
| 299 default: | |
| 300 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 301 rv = SECFailure; | |
| 302 @@ -791,6 +796,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh | |
| 303 on = ss->opt.enableRenegotiation; break; | |
| 304 case SSL_REQUIRE_SAFE_NEGOTIATION: | |
| 305 on = ss->opt.requireSafeNegotiation; break; | |
| 306 + case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; | |
| 307 | |
| 308 default: | |
| 309 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 310 @@ -841,6 +847,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBo | |
| 311 case SSL_REQUIRE_SAFE_NEGOTIATION: | |
| 312 on = ssl_defaults.requireSafeNegotiation; | |
| 313 break; | |
| 314 + case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; | |
| 315 | |
| 316 default: | |
| 317 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 318 @@ -984,6 +991,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo | |
| 319 ssl_defaults.requireSafeNegotiation = on; | |
| 320 break; | |
| 321 | |
| 322 + case SSL_ENABLE_FALSE_START: | |
| 323 + ssl_defaults.enableFalseStart = on; | |
| 324 + break; | |
| 325 + | |
| 326 default: | |
| 327 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 328 return SECFailure; | |
| 329 Index: mozilla/security/nss/tests/ssl/sslstress.txt | |
| 330 =================================================================== | |
| 331 RCS file: /cvsroot/mozilla/security/nss/tests/ssl/sslstress.txt,v | |
| 332 retrieving revision 1.18 | |
| 333 diff -u -p -r1.18 sslstress.txt | |
| 334 --- mozilla/security/nss/tests/ssl/sslstress.txt 3 Feb 2010 02:25:36 -000
0 1.18 | |
| 335 +++ mozilla/security/nss/tests/ssl/sslstress.txt 29 Jul 2010 01:49:04 -00
00 | |
| 336 @@ -42,9 +42,11 @@ | |
| 337 noECC 0 _ -c_1000_-C_A Stress SSL2 RC4 128
with MD5 | |
| 338 noECC 0 _ -c_1000_-C_c_-T Stress SSL3 RC4 128
with MD5 | |
| 339 noECC 0 _ -c_1000_-C_c Stress TLS RC4 128
with MD5 | |
| 340 + noECC 0 _ -c_1000_-C_c_-g Stress TLS RC4 128
with MD5 (false start) | |
| 341 noECC 0 -u -2_-c_1000_-C_c_-u Stress TLS RC4 128
with MD5 (session ticket) | |
| 342 noECC 0 -z -2_-c_1000_-C_c_-z Stress TLS RC4 128
with MD5 (compression) | |
| 343 noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z Stress TLS RC4 128
with MD5 (session ticket, compression) | |
| 344 + noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z_-g Stress TLS RC4 128
with MD5 (session ticket, compression, false start) | |
| 345 SNI 0 -u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 128
with MD5 (session ticket, SNI) | |
| 346 | |
| 347 # | |
| 348 @@ -55,7 +57,9 @@ | |
| 349 noECC 0 -r_-r -c_100_-C_c_-N_-n_TestUser Stress TLS RC4 128 w
ith MD5 (no reuse, client auth) | |
| 350 noECC 0 -r_-r_-u -2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 w
ith MD5 (session ticket, client auth) | |
| 351 noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 w
ith MD5 (compression, client auth) | |
| 352 + noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z_-g Stress TLS RC4 12
8 with MD5 (compression, client auth, false start) | |
| 353 noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z Stress TLS RC4 12
8 with MD5 (session ticket, compression, client auth) | |
| 354 + noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z_-g Stress TLS RC4
128 with MD5 (session ticket, compression, client auth, false start) | |
| 355 SNI 0 -r_-r_-u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 1
28 with MD5 (session ticket, SNI, client auth, default virt host) | |
| 356 SNI 0 -r_-r_-u_-a_Host-sni.Dom_-k_Host-sni.Dom -2_-3_-c_1000_-C_c_-u_
-a_Host-sni.Dom Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, c
hange virt host) | |
| 357 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6487026:
Update to NSS 3.12.9. falsestart.patch, falsestart2.patch, and... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/