Chromium Code Reviews

Issue 142283002: Update net/third_party/nss to NSS_3_15_5_BETA2. (Closed)

Created:
6 years, 11 months ago by wtc
Modified:
6 years, 10 months ago
Reviewers:
agl
CC:
chromium-reviews, chromium-apps-reviews_chromium.org, cbentzel+watch_chromium.org, extensions-reviews_chromium.org
Visibility:
Public.

Description

Update net/third_party/nss to NSS 3.15.5 Beta 2. alpn.patch and paddingextension.patch have been committed in the NSS upstream. In addition to calling SSL_SetNextProtoNego, the SSL_ENABLE_NPN and SSL_ENABLE_ALPN options need to be used to control whether each of NPN and APLN will be negotiated. SSL_ENABLE_NPN is enabled by default, but we enable it explicitly to be safe. R=agl@chromium.org BUG=331625 TEST=none Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=246110

Patch Set 1 #

Patch Set 2 : Tweak channelid.patch. Set the SSL_ENABLE_NPN and SSL_ENABLE_ALPN options. #

Patch Set 3 : Fix applypatches.sh mistakes #

Total comments: 5
Unified diffs Side-by-side diffs Stats (+474 lines, -869 lines)
M net/socket/ssl_client_socket_nss.cc View 1 chunk +7 lines, -1 line 0 comments
M net/third_party/nss/README.chromium View 4 chunks +3 lines, -10 lines 0 comments
M net/third_party/nss/patches/aesgcmchromium.patch View 3 chunks +4 lines, -4 lines 0 comments
D net/third_party/nss/patches/alpn.patch View 1 chunk +0 lines, -245 lines 0 comments
M net/third_party/nss/patches/applypatches.sh View 1 chunk +0 lines, -4 lines 0 comments
M net/third_party/nss/patches/cachecerts.patch View 8 chunks +15 lines, -15 lines 0 comments
M net/third_party/nss/patches/cachelocks.patch View 5 chunks +11 lines, -11 lines 0 comments
M net/third_party/nss/patches/chacha20poly1305.patch View 10 chunks +17 lines, -17 lines 0 comments
M net/third_party/nss/patches/channelid.patch View 26 chunks +62 lines, -61 lines 0 comments
M net/third_party/nss/patches/cipherorder.patch View 4 chunks +12 lines, -12 lines 0 comments
M net/third_party/nss/patches/clientauth.patch View 22 chunks +30 lines, -30 lines 0 comments
M net/third_party/nss/patches/didhandshakeresume.patch View 2 chunks +6 lines, -6 lines 0 comments
M net/third_party/nss/patches/fallbackscsv.patch View 8 chunks +43 lines, -51 lines 0 comments
M net/third_party/nss/patches/getrequestedclientcerttypes.patch View 6 chunks +14 lines, -14 lines 0 comments
M net/third_party/nss/patches/nssrwlock.patch View 6 chunks +11 lines, -11 lines 0 comments
D net/third_party/nss/patches/paddingextension.patch View 1 chunk +0 lines, -138 lines 0 comments
M net/third_party/nss/patches/paddingextensionall.patch View 2 chunks +6 lines, -6 lines 0 comments
M net/third_party/nss/patches/restartclientauth.patch View 4 chunks +11 lines, -11 lines 0 comments
M net/third_party/nss/patches/secitemarray.patch View 2 chunks +5 lines, -5 lines 0 comments
M net/third_party/nss/patches/secretexporterlocks.patch View 1 chunk +2 lines, -2 lines 0 comments
M net/third_party/nss/patches/sessioncache.patch View 3 chunks +7 lines, -7 lines 0 comments
M net/third_party/nss/patches/signedcertificatetimestamps.patch View 10 chunks +63 lines, -108 lines 0 comments
M net/third_party/nss/patches/tls12chromium.patch View 5 chunks +8 lines, -8 lines 0 comments
M net/third_party/nss/patches/tlsunique.patch View 4 chunks +12 lines, -12 lines 0 comments
M net/third_party/nss/ssl/ssl.h View 1 chunk +22 lines, -2 lines 2 comments
M net/third_party/nss/ssl/ssl3con.c View 1 chunk +1 line, -1 line 0 comments
M net/third_party/nss/ssl/ssl3ext.c View 11 chunks +37 lines, -30 lines 3 comments
M net/third_party/nss/ssl/sslenum.c View 1 chunk +1 line, -1 line 0 comments
M net/third_party/nss/ssl/sslimpl.h View 1 chunk +27 lines, -25 lines 0 comments
M net/third_party/nss/ssl/sslnonce.c View 3 chunks +5 lines, -11 lines 0 comments
M net/third_party/nss/ssl/sslsock.c View 5 chunks +32 lines, -10 lines 0 comments

Messages

Total messages: 5 (0 generated)
wtc
6 years, 11 months ago (2014-01-18 20:34:19 UTC) #1
agl
lgtm
6 years, 11 months ago (2014-01-21 15:56:50 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/wtc@chromium.org/142283002/170001
6 years, 11 months ago (2014-01-21 17:52:11 UTC) #3
commit-bot: I haz the power
Change committed as 246110
6 years, 11 months ago (2014-01-21 21:06:53 UTC) #4
wtc
6 years, 10 months ago (2014-02-12 15:26:24 UTC) #5
Message was sent while issue was closed. 
Adam:

Please ignore the following comments. These are notes to myself.

https://codereview.chromium.org/142283002/diff/170001/net/third_party/nss/ssl...
File net/third_party/nss/ssl/ssl.h (right):

https://codereview.chromium.org/142283002/diff/170001/net/third_party/nss/ssl...
net/third_party/nss/ssl/ssl.h:165: /* SSL_ENABLE_NPN controls whether the NPN
extension is enabled for the initial

Define "NPN".

Should we say "SSL_ENABLE_NEXT_PROTO_NEGO"?

https://codereview.chromium.org/142283002/diff/170001/net/third_party/nss/ssl...
net/third_party/nss/ssl/ssl.h:173: /* SSL_ENABLE_ALPN controls whether the ALPN
extension is enabled for the

Define "APLN".

Should we say "SSL_ENABLE_APP_LAYER_PROTO_NEGO"?

https://codereview.chromium.org/142283002/diff/170001/net/third_party/nss/ssl...
File net/third_party/nss/ssl/ssl3ext.c (right):

https://codereview.chromium.org/142283002/diff/170001/net/third_party/nss/ssl...
net/third_party/nss/ssl/ssl3ext.c:633: if (ssl3_ExtensionNegotiated(ss,
ssl_app_layer_protocol_xtn)) {

As an optimization, check ss->opt.enableALPN first.

https://codereview.chromium.org/142283002/diff/170001/net/third_party/nss/ssl...
net/third_party/nss/ssl/ssl3ext.c:639: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);

Use a different error code. This is not an NSS bug. This is a server bug.

https://codereview.chromium.org/142283002/diff/170001/net/third_party/nss/ssl...
net/third_party/nss/ssl/ssl3ext.c:683: if (ssl3_ExtensionNegotiated(ss,
ssl_next_proto_nego_xtn)) {

Add a comment.

As an optimization, check ss->opt.enableNPN first.

Change the error code because this is not an NSS bug. This is a server bug.

Powered by Google App Engine