| OLD | NEW |
| 1 Name: Network Security Services (NSS) | 1 Name: Network Security Services (NSS) |
| 2 URL: http://www.mozilla.org/projects/security/pki/nss/ | 2 URL: http://www.mozilla.org/projects/security/pki/nss/ |
| 3 | 3 |
| 4 This directory includes a copy of NSS's libssl from the CVS repo at: | 4 This directory includes a copy of NSS's libssl from the CVS repo at: |
| 5 :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot | 5 :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot |
| 6 | 6 |
| 7 The snapshot was updated to the CVS tag: NSS_3_12_9_RTM | 7 The snapshot was updated to the CVS tag: NSS_3_12_9_RTM |
| 8 | 8 |
| 9 Patches: | 9 Patches: |
| 10 | 10 |
| 11 * Next protocol negotiation support. | 11 * Next protocol negotiation support. |
| 12 patches/nextproto.patch | 12 patches/nextproto.patch |
| 13 http://codereview.chromium.org/415005 | 13 http://codereview.chromium.org/415005 |
| 14 | 14 |
| 15 * Commenting out a couple of functions because they need NSS symbols | 15 * Commenting out a couple of functions because they need NSS symbols |
| 16 which may not exist in the system NSS library. | 16 which may not exist in the system NSS library. |
| 17 patches/versionskew.patch | 17 patches/versionskew.patch |
| 18 | 18 |
| 19 * Send empty renegotiation info extension instead of SCSV unless TLS is | 19 * Send empty renegotiation info extension instead of SCSV unless TLS is |
| 20 disabled. | 20 disabled. |
| 21 patches/renegoscsv.patch | 21 patches/renegoscsv.patch |
| 22 https://bugzilla.mozilla.org/show_bug.cgi?id=549042 | 22 https://bugzilla.mozilla.org/show_bug.cgi?id=549042 |
| 23 | 23 |
| 24 * Cache the peer's intermediate CA certificates in session ID, so that | 24 * Cache the peer's intermediate CA certificates in session ID, so that |
| 25 they're available when we resume a session. Add certificates to | 25 they're available when we resume a session. Add certificates to |
| 26 ss->ssl3.peerCertChain in the right order. | 26 ss->ssl3.peerCertChain in the right order. |
| 27 patches/cachecerts.patch | 27 patches/cachecerts.patch |
| 28 https://bugzilla.mozilla.org/show_bug.cgi?id=606049 | 28 https://bugzilla.mozilla.org/show_bug.cgi?id=606049 |
| 29 | 29 |
| 30 * Add Snap Start support | |
| 31 patches/snapstart.patch | |
| 32 patches/snapstart2.patch | |
| 33 http://tools.ietf.org/html/draft-agl-tls-snapstart-00 | |
| 34 | |
| 35 * Add the SSL_PeerCertificateChain function | 30 * Add the SSL_PeerCertificateChain function |
| 36 patches/peercertchain.patch | 31 patches/peercertchain.patch |
| 37 | 32 |
| 38 * Add OCSP stapling support | 33 * Add OCSP stapling support |
| 39 patches/ocspstapling.patch | 34 patches/ocspstapling.patch |
| 40 | 35 |
| 41 * Add support for client auth with native crypto APIs on Mac and Windows | 36 * Add support for client auth with native crypto APIs on Mac and Windows |
| 42 patches/clientauth.patch | 37 patches/clientauth.patch |
| 43 ssl/sslplatf.c | 38 ssl/sslplatf.c |
| 44 | 39 |
| 45 * Don't send a client certificate when renegotiating if the peer does not | 40 * Don't send a client certificate when renegotiating if the peer does not |
| 46 request one. This only happened if the previous key exchange algorithm | 41 request one. This only happened if the previous key exchange algorithm |
| 47 was non-RSA. | 42 was non-RSA. |
| 48 patches/clientauth.patch | 43 patches/clientauth.patch |
| 49 https://bugzilla.mozilla.org/show_bug.cgi?id=616757 | 44 https://bugzilla.mozilla.org/show_bug.cgi?id=616757 |
| 50 | 45 |
| 51 Apply the patches to NSS by running the patches/applypatches.sh script. Read | 46 Apply the patches to NSS by running the patches/applypatches.sh script. Read |
| 52 the comments at the top of patches/applypatches.sh for instructions. | 47 the comments at the top of patches/applypatches.sh for instructions. |
| 53 | 48 |
| 54 The ssl/bodge directory contains files taken from the NSS repo that we required | 49 The ssl/bodge directory contains files taken from the NSS repo that we required |
| 55 for building libssl outside of its usual build environment. | 50 for building libssl outside of its usual build environment. |
| OLD | NEW |