OLD | NEW |
---|---|
1 Name: Network Security Services (NSS) | 1 Name: Network Security Services (NSS) |
2 URL: http://www.mozilla.org/projects/security/pki/nss/ | 2 URL: http://www.mozilla.org/projects/security/pki/nss/ |
3 | 3 |
Ryan Sleevi
2012/03/02 01:30:18
Version: 3.13.3
Security Critical: Yes
| |
4 This directory includes a copy of NSS's libssl from the CVS repo at: | 4 This directory includes a copy of NSS's libssl from the CVS repo at: |
5 :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot | 5 :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot |
6 | 6 |
7 The snapshot was updated to the CVS tag: NSS_3_12_9_RTM | 7 The snapshot was updated to the CVS tag: NSS_3_13_3_RTM |
8 | 8 |
9 Patches: | 9 Patches: |
10 | 10 |
11 * Next protocol negotiation support. | |
12 patches/nextproto.patch | |
13 http://codereview.chromium.org/415005 | |
14 | |
15 * Commenting out a couple of functions because they need NSS symbols | 11 * Commenting out a couple of functions because they need NSS symbols |
16 which may not exist in the system NSS library. | 12 which may not exist in the system NSS library. |
17 patches/versionskew.patch | 13 patches/versionskew.patch |
18 | 14 |
19 * Send empty renegotiation info extension instead of SCSV unless TLS is | 15 * Send empty renegotiation info extension instead of SCSV unless TLS is |
20 disabled. | 16 disabled. |
21 patches/renegoscsv.patch | 17 patches/renegoscsv.patch |
22 https://bugzilla.mozilla.org/show_bug.cgi?id=549042 | 18 https://bugzilla.mozilla.org/show_bug.cgi?id=549042 |
23 | 19 |
24 * Cache the peer's intermediate CA certificates in session ID, so that | 20 * Cache the peer's intermediate CA certificates in session ID, so that |
25 they're available when we resume a session. Add certificates to | 21 they're available when we resume a session. |
26 ss->ssl3.peerCertChain in the right order. | |
27 patches/cachecerts.patch | 22 patches/cachecerts.patch |
28 https://bugzilla.mozilla.org/show_bug.cgi?id=606049 | 23 https://bugzilla.mozilla.org/show_bug.cgi?id=731478 |
29 | 24 |
30 * Add the SSL_PeerCertificateChain function | 25 * Add the SSL_PeerCertificateChain function |
31 patches/peercertchain.patch | 26 patches/peercertchain.patch |
27 https://bugzilla.mozilla.org/show_bug.cgi?id=731485 | |
32 | 28 |
33 * Add OCSP stapling support | 29 * Add OCSP stapling support |
34 patches/ocspstapling.patch | 30 patches/ocspstapling.patch |
35 | 31 |
36 * Add support for client auth with native crypto APIs on Mac and Windows | 32 * Add support for client auth with native crypto APIs on Mac and Windows |
37 patches/clientauth.patch | 33 patches/clientauth.patch |
38 ssl/sslplatf.c | 34 ssl/sslplatf.c |
39 | 35 |
40 * Don't send a client certificate when renegotiating if the peer does not | |
41 request one. This only happened if the previous key exchange algorithm | |
42 was non-RSA. | |
43 patches/clientauth.patch | |
44 https://bugzilla.mozilla.org/show_bug.cgi?id=616757 | |
45 | |
46 * Add support for TLS cached info extension. | |
47 patches/cachedinfo.patch | |
48 https://bugzilla.mozilla.org/show_bug.cgi?id=665739 | |
49 | |
50 * Add a function to export whether the last handshake on a socket resumed a | 36 * Add a function to export whether the last handshake on a socket resumed a |
51 previous session. | 37 previous session. |
52 patches/didhandshakeresume.patch | 38 patches/didhandshakeresume.patch |
53 | 39 https://bugzilla.mozilla.org/show_bug.cgi?id=731798 |
54 * Start each set of CBC encrypted application data records, resulting from | |
55 a single call to ssl3_SendApplicationData, with a one-byte application | |
56 data record in order to randomize the IV in a backward compatible manner. | |
57 https://bugzilla.mozilla.org/show_bug.cgi?id=665814 | |
58 patches/cbcrandomiv.patch | |
59 | 40 |
60 * Support origin bound certificates. | 41 * Support origin bound certificates. |
61 http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt | 42 http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt |
62 patches/origin_bound_certs.patch | 43 patches/origin_bound_certs.patch |
63 | 44 |
64 * Add a function to implement RFC 5705: Keying Material Exporters for TLS | 45 * Add a function to implement RFC 5705: Keying Material Exporters for TLS |
65 This is a reworked version of the patch from | 46 This is a reworked version of the patch from |
66 https://bugzilla.mozilla.org/show_bug.cgi?id=507359 | 47 https://bugzilla.mozilla.org/show_bug.cgi?id=507359 |
67 patches/secret_exporter.patch | 48 patches/secret_exporter.patch |
68 | 49 |
69 * Send saved write data in the SSL socket in SSL_ForceHandshake. | |
70 patches/handshakeshortwrite.patch | |
71 https://bugzilla.mozilla.org/show_bug.cgi?id=676729 | |
72 | |
73 * Add a function to restart a handshake after a client certificate request. | |
74 patches/restartclientauth.patch | |
75 | |
76 * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake | 50 * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake |
77 is finished. | 51 is finished. |
78 https://bugzilla.mozilla.org/show_bug.cgi?id=681839 | 52 https://bugzilla.mozilla.org/show_bug.cgi?id=681839 |
79 patches/negotiatedextension.patch | 53 patches/negotiatedextension.patch |
80 | 54 |
55 * Add a function to restart a handshake after a client certificate request. | |
56 patches/restartclientauth.patch | |
Ryan Sleevi
2012/03/02 01:30:18
I thought bsmith upstreamed this already?
wtc
2012/03/02 23:06:17
No. What bsmith implemented is the related functi
| |
57 | |
81 * Support the encrypted client certificates extension. | 58 * Support the encrypted client certificates extension. |
82 https://bugzilla.mozilla.org/show_bug.cgi?id=691991 | 59 https://bugzilla.mozilla.org/show_bug.cgi?id=691991 |
83 patches/encryptedclientcerts.patch | 60 patches/encryptedclientcerts.patch |
84 | 61 |
85 * Add function to retrieve TLS client cert types requested by server. | 62 * Add function to retrieve TLS client cert types requested by server. |
86 https://bugzilla.mozilla.org/show_bug.cgi?id=51413 | 63 https://bugzilla.mozilla.org/show_bug.cgi?id=51413 |
87 patches/getrequestedclientcerttypes.patch | 64 patches/getrequestedclientcerttypes.patch |
88 | 65 |
89 * Fixed a clang warning in sslcon.c. | 66 * Fixed a clang warning in sslcon.c. |
90 https://bugzilla.mozilla.org/show_bug.cgi?id=728919 | 67 https://bugzilla.mozilla.org/show_bug.cgi?id=728919 |
91 patches/clang-sslcon.patch | 68 patches/clang-sslcon.patch |
92 | 69 |
93 Apply the patches to NSS by running the patches/applypatches.sh script. Read | 70 Apply the patches to NSS by running the patches/applypatches.sh script. Read |
94 the comments at the top of patches/applypatches.sh for instructions. | 71 the comments at the top of patches/applypatches.sh for instructions. |
95 | 72 |
96 The ssl/bodge directory contains files taken from the NSS repo that we required | 73 The ssl/bodge directory contains files taken from the NSS repo that we required |
97 for building libssl outside of its usual build environment. | 74 for building libssl outside of its usual build environment. |
OLD | NEW |