Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Side by Side Diff: net/third_party/nss/README.chromium

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Add new files in NSS 3.13.3 Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 Name: Network Security Services (NSS) 1 Name: Network Security Services (NSS)
2 URL: http://www.mozilla.org/projects/security/pki/nss/ 2 URL: http://www.mozilla.org/projects/security/pki/nss/
3 3
Ryan Sleevi 2012/03/02 01:30:18 Version: 3.13.3 Security Critical: Yes
4 This directory includes a copy of NSS's libssl from the CVS repo at: 4 This directory includes a copy of NSS's libssl from the CVS repo at:
5 :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot 5 :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
6 6
7 The snapshot was updated to the CVS tag: NSS_3_12_9_RTM 7 The snapshot was updated to the CVS tag: NSS_3_13_3_RTM
8 8
9 Patches: 9 Patches:
10 10
11 * Next protocol negotiation support.
12 patches/nextproto.patch
13 http://codereview.chromium.org/415005
14
15 * Commenting out a couple of functions because they need NSS symbols 11 * Commenting out a couple of functions because they need NSS symbols
16 which may not exist in the system NSS library. 12 which may not exist in the system NSS library.
17 patches/versionskew.patch 13 patches/versionskew.patch
18 14
19 * Send empty renegotiation info extension instead of SCSV unless TLS is 15 * Send empty renegotiation info extension instead of SCSV unless TLS is
20 disabled. 16 disabled.
21 patches/renegoscsv.patch 17 patches/renegoscsv.patch
22 https://bugzilla.mozilla.org/show_bug.cgi?id=549042 18 https://bugzilla.mozilla.org/show_bug.cgi?id=549042
23 19
24 * Cache the peer's intermediate CA certificates in session ID, so that 20 * Cache the peer's intermediate CA certificates in session ID, so that
25 they're available when we resume a session. Add certificates to 21 they're available when we resume a session.
26 ss->ssl3.peerCertChain in the right order.
27 patches/cachecerts.patch 22 patches/cachecerts.patch
28 https://bugzilla.mozilla.org/show_bug.cgi?id=606049 23 https://bugzilla.mozilla.org/show_bug.cgi?id=731478
29 24
30 * Add the SSL_PeerCertificateChain function 25 * Add the SSL_PeerCertificateChain function
31 patches/peercertchain.patch 26 patches/peercertchain.patch
27 https://bugzilla.mozilla.org/show_bug.cgi?id=731485
32 28
33 * Add OCSP stapling support 29 * Add OCSP stapling support
34 patches/ocspstapling.patch 30 patches/ocspstapling.patch
35 31
36 * Add support for client auth with native crypto APIs on Mac and Windows 32 * Add support for client auth with native crypto APIs on Mac and Windows
37 patches/clientauth.patch 33 patches/clientauth.patch
38 ssl/sslplatf.c 34 ssl/sslplatf.c
39 35
40 * Don't send a client certificate when renegotiating if the peer does not
41 request one. This only happened if the previous key exchange algorithm
42 was non-RSA.
43 patches/clientauth.patch
44 https://bugzilla.mozilla.org/show_bug.cgi?id=616757
45
46 * Add support for TLS cached info extension.
47 patches/cachedinfo.patch
48 https://bugzilla.mozilla.org/show_bug.cgi?id=665739
49
50 * Add a function to export whether the last handshake on a socket resumed a 36 * Add a function to export whether the last handshake on a socket resumed a
51 previous session. 37 previous session.
52 patches/didhandshakeresume.patch 38 patches/didhandshakeresume.patch
53 39 https://bugzilla.mozilla.org/show_bug.cgi?id=731798
54 * Start each set of CBC encrypted application data records, resulting from
55 a single call to ssl3_SendApplicationData, with a one-byte application
56 data record in order to randomize the IV in a backward compatible manner.
57 https://bugzilla.mozilla.org/show_bug.cgi?id=665814
58 patches/cbcrandomiv.patch
59 40
60 * Support origin bound certificates. 41 * Support origin bound certificates.
61 http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt 42 http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt
62 patches/origin_bound_certs.patch 43 patches/origin_bound_certs.patch
63 44
64 * Add a function to implement RFC 5705: Keying Material Exporters for TLS 45 * Add a function to implement RFC 5705: Keying Material Exporters for TLS
65 This is a reworked version of the patch from 46 This is a reworked version of the patch from
66 https://bugzilla.mozilla.org/show_bug.cgi?id=507359 47 https://bugzilla.mozilla.org/show_bug.cgi?id=507359
67 patches/secret_exporter.patch 48 patches/secret_exporter.patch
68 49
69 * Send saved write data in the SSL socket in SSL_ForceHandshake.
70 patches/handshakeshortwrite.patch
71 https://bugzilla.mozilla.org/show_bug.cgi?id=676729
72
73 * Add a function to restart a handshake after a client certificate request.
74 patches/restartclientauth.patch
75
76 * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake 50 * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake
77 is finished. 51 is finished.
78 https://bugzilla.mozilla.org/show_bug.cgi?id=681839 52 https://bugzilla.mozilla.org/show_bug.cgi?id=681839
79 patches/negotiatedextension.patch 53 patches/negotiatedextension.patch
80 54
55 * Add a function to restart a handshake after a client certificate request.
56 patches/restartclientauth.patch
Ryan Sleevi 2012/03/02 01:30:18 I thought bsmith upstreamed this already?
wtc 2012/03/02 23:06:17 No. What bsmith implemented is the related functi
57
81 * Support the encrypted client certificates extension. 58 * Support the encrypted client certificates extension.
82 https://bugzilla.mozilla.org/show_bug.cgi?id=691991 59 https://bugzilla.mozilla.org/show_bug.cgi?id=691991
83 patches/encryptedclientcerts.patch 60 patches/encryptedclientcerts.patch
84 61
85 * Add function to retrieve TLS client cert types requested by server. 62 * Add function to retrieve TLS client cert types requested by server.
86 https://bugzilla.mozilla.org/show_bug.cgi?id=51413 63 https://bugzilla.mozilla.org/show_bug.cgi?id=51413
87 patches/getrequestedclientcerttypes.patch 64 patches/getrequestedclientcerttypes.patch
88 65
89 * Fixed a clang warning in sslcon.c. 66 * Fixed a clang warning in sslcon.c.
90 https://bugzilla.mozilla.org/show_bug.cgi?id=728919 67 https://bugzilla.mozilla.org/show_bug.cgi?id=728919
91 patches/clang-sslcon.patch 68 patches/clang-sslcon.patch
92 69
93 Apply the patches to NSS by running the patches/applypatches.sh script. Read 70 Apply the patches to NSS by running the patches/applypatches.sh script. Read
94 the comments at the top of patches/applypatches.sh for instructions. 71 the comments at the top of patches/applypatches.sh for instructions.
95 72
96 The ssl/bodge directory contains files taken from the NSS repo that we required 73 The ssl/bodge directory contains files taken from the NSS repo that we required
97 for building libssl outside of its usual build environment. 74 for building libssl outside of its usual build environment.
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698