Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(45)

Side by Side Diff: net/third_party/nss/README.chromium

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/third_party/nss/patches/applypatches.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Name: Network Security Services (NSS) 1 Name: Network Security Services (NSS)
2 URL: http://www.mozilla.org/projects/security/pki/nss/ 2 URL: http://www.mozilla.org/projects/security/pki/nss/
3 Version: 3.13.3
4 Security Critical: Yes
3 5
4 This directory includes a copy of NSS's libssl from the CVS repo at: 6 This directory includes a copy of NSS's libssl from the CVS repo at:
5 :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot 7 :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
6 8
7 The snapshot was updated to the CVS tag: NSS_3_12_9_RTM 9 The snapshot was updated to the CVS tag: NSS_3_13_3_RTM
8 10
9 Patches: 11 Patches:
10 12
11 * Next protocol negotiation support.
12 patches/nextproto.patch
13 http://codereview.chromium.org/415005
14
15 * Commenting out a couple of functions because they need NSS symbols 13 * Commenting out a couple of functions because they need NSS symbols
16 which may not exist in the system NSS library. 14 which may not exist in the system NSS library.
17 patches/versionskew.patch 15 patches/versionskew.patch
18 16
19 * Send empty renegotiation info extension instead of SCSV unless TLS is 17 * Send empty renegotiation info extension instead of SCSV unless TLS is
20 disabled. 18 disabled.
21 patches/renegoscsv.patch 19 patches/renegoscsv.patch
22 https://bugzilla.mozilla.org/show_bug.cgi?id=549042 20 https://bugzilla.mozilla.org/show_bug.cgi?id=549042
23 21
24 * Cache the peer's intermediate CA certificates in session ID, so that 22 * Cache the peer's intermediate CA certificates in session ID, so that
25 they're available when we resume a session. Add certificates to 23 they're available when we resume a session.
26 ss->ssl3.peerCertChain in the right order.
27 patches/cachecerts.patch 24 patches/cachecerts.patch
28 https://bugzilla.mozilla.org/show_bug.cgi?id=606049 25 https://bugzilla.mozilla.org/show_bug.cgi?id=731478
29 26
30 * Add the SSL_PeerCertificateChain function 27 * Add the SSL_PeerCertificateChain function
31 patches/peercertchain.patch 28 patches/peercertchain.patch
29 https://bugzilla.mozilla.org/show_bug.cgi?id=731485
32 30
33 * Add OCSP stapling support 31 * Add OCSP stapling support
34 patches/ocspstapling.patch 32 patches/ocspstapling.patch
35 33
36 * Add support for client auth with native crypto APIs on Mac and Windows 34 * Add support for client auth with native crypto APIs on Mac and Windows
37 patches/clientauth.patch 35 patches/clientauth.patch
38 ssl/sslplatf.c 36 ssl/sslplatf.c
39 37
40 * Don't send a client certificate when renegotiating if the peer does not
41 request one. This only happened if the previous key exchange algorithm
42 was non-RSA.
43 patches/clientauth.patch
44 https://bugzilla.mozilla.org/show_bug.cgi?id=616757
45
46 * Add support for TLS cached info extension.
47 patches/cachedinfo.patch
48 https://bugzilla.mozilla.org/show_bug.cgi?id=665739
49
50 * Add a function to export whether the last handshake on a socket resumed a 38 * Add a function to export whether the last handshake on a socket resumed a
51 previous session. 39 previous session.
52 patches/didhandshakeresume.patch 40 patches/didhandshakeresume.patch
53 41 https://bugzilla.mozilla.org/show_bug.cgi?id=731798
54 * Start each set of CBC encrypted application data records, resulting from
55 a single call to ssl3_SendApplicationData, with a one-byte application
56 data record in order to randomize the IV in a backward compatible manner.
57 https://bugzilla.mozilla.org/show_bug.cgi?id=665814
58 patches/cbcrandomiv.patch
59 42
60 * Support origin bound certificates. 43 * Support origin bound certificates.
61 http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt 44 http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt
62 patches/origin_bound_certs.patch 45 patches/origin_bound_certs.patch
63 46
64 * Add a function to implement RFC 5705: Keying Material Exporters for TLS 47 * Add a function to implement RFC 5705: Keying Material Exporters for TLS
65 This is a reworked version of the patch from 48 This is a reworked version of the patch from
66 https://bugzilla.mozilla.org/show_bug.cgi?id=507359 49 https://bugzilla.mozilla.org/show_bug.cgi?id=507359
67 patches/secret_exporter.patch 50 patches/secret_exporter.patch
68 51
69 * Send saved write data in the SSL socket in SSL_ForceHandshake.
70 patches/handshakeshortwrite.patch
71 https://bugzilla.mozilla.org/show_bug.cgi?id=676729
72
73 * Add a function to restart a handshake after a client certificate request. 52 * Add a function to restart a handshake after a client certificate request.
74 patches/restartclientauth.patch 53 patches/restartclientauth.patch
75 54
76 * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake 55 * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake
77 is finished. 56 is finished.
78 https://bugzilla.mozilla.org/show_bug.cgi?id=681839 57 https://bugzilla.mozilla.org/show_bug.cgi?id=681839
79 patches/negotiatedextension.patch 58 patches/negotiatedextension.patch
80 59
81 * Support the encrypted client certificates extension. 60 * Support the encrypted client certificates extension.
82 https://bugzilla.mozilla.org/show_bug.cgi?id=691991 61 https://bugzilla.mozilla.org/show_bug.cgi?id=691991
83 patches/encryptedclientcerts.patch 62 patches/encryptedclientcerts.patch
84 63
85 * Add function to retrieve TLS client cert types requested by server. 64 * Add function to retrieve TLS client cert types requested by server.
86 https://bugzilla.mozilla.org/show_bug.cgi?id=51413 65 https://bugzilla.mozilla.org/show_bug.cgi?id=51413
87 patches/getrequestedclientcerttypes.patch 66 patches/getrequestedclientcerttypes.patch
88 67
89 * Fixed a clang warning in sslcon.c. 68 * Fixed a clang warning in sslcon.c.
90 https://bugzilla.mozilla.org/show_bug.cgi?id=728919 69 https://bugzilla.mozilla.org/show_bug.cgi?id=728919
91 patches/clang-sslcon.patch 70 patches/clang-sslcon.patch
92 71
93 Apply the patches to NSS by running the patches/applypatches.sh script. Read 72 Apply the patches to NSS by running the patches/applypatches.sh script. Read
94 the comments at the top of patches/applypatches.sh for instructions. 73 the comments at the top of patches/applypatches.sh for instructions.
95 74
96 The ssl/bodge directory contains files taken from the NSS repo that we required 75 The ssl/bodge directory contains files taken from the NSS repo that we required
97 for building libssl outside of its usual build environment. 76 for building libssl outside of its usual build environment.
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/third_party/nss/patches/applypatches.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698