OLD | NEW |
1 Name: Network Security Services (NSS) | 1 Name: Network Security Services (NSS) |
2 URL: http://www.mozilla.org/projects/security/pki/nss/ | 2 URL: http://www.mozilla.org/projects/security/pki/nss/ |
3 Version: 3.19 RTM | 3 Version: 3.21 RTM |
4 Security Critical: Yes | 4 Security Critical: Yes |
5 License: MPL 2 | 5 License: MPL 2 |
6 License File: NOT_SHIPPED | 6 License File: NOT_SHIPPED |
7 | 7 |
8 This directory includes a copy of NSS's libssl from the hg repo at: | 8 This directory includes a copy of NSS's libssl from the hg repo at: |
9 https://hg.mozilla.org/projects/nss | 9 https://hg.mozilla.org/projects/nss |
10 | 10 |
11 The same module appears in crypto/third_party/nss (and third_party/nss on some | 11 The same module appears in crypto/third_party/nss (and third_party/nss on some |
12 platforms), so we don't repeat the license file here. | 12 platforms), so we don't repeat the license file here. |
13 | 13 |
14 The snapshot was updated to the hg tag: NSS_3_19_RTM | 14 The snapshot was updated to the hg tag: NSS_3_21_RTM |
15 | 15 |
16 Patches: | 16 Patches: |
17 | 17 |
18 * Cache the peer's intermediate CA certificates in session ID, so that | 18 * Cache the peer's intermediate CA certificates in session ID, so that |
19 they're available when we resume a session. | 19 they're available when we resume a session. |
20 patches/cachecerts.patch | 20 patches/cachecerts.patch |
21 https://bugzilla.mozilla.org/show_bug.cgi?id=731478 | 21 https://bugzilla.mozilla.org/show_bug.cgi?id=731478 |
22 | 22 |
23 * Add support for client auth with native crypto APIs on Mac and Windows. | 23 * Add support for client auth with native crypto APIs on Mac and Windows. |
24 patches/clientauth.patch | 24 patches/clientauth.patch |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
93 patches/nssrwlock.patch | 93 patches/nssrwlock.patch |
94 https://bugzilla.mozilla.org/show_bug.cgi?id=957812 | 94 https://bugzilla.mozilla.org/show_bug.cgi?id=957812 |
95 | 95 |
96 * Add a comment explaining why signature_algorithms extension should be at | 96 * Add a comment explaining why signature_algorithms extension should be at |
97 the end of the extension list. This works around a bug in WebSphere | 97 the end of the extension list. This works around a bug in WebSphere |
98 Application Server 7.0, which is intolerant to the final extension having | 98 Application Server 7.0, which is intolerant to the final extension having |
99 zero length. This also ensures that the padding extension has non-zero | 99 zero length. This also ensures that the padding extension has non-zero |
100 length. | 100 length. |
101 patches/reorderextensions.patch | 101 patches/reorderextensions.patch |
102 | 102 |
103 * Make the build metadata deterministic | |
104 patches/removebuildmetadata.patch | |
105 | |
106 * Fix locking bug in ssl3_HandleHelloRequest when rejecting a renegotiation. | |
107 patches/norenegotiatelock.patch | |
108 https://bugzilla.mozilla.org/show_bug.cgi?id=1162521 | |
109 | |
110 * Increase the minimum DH group size to 1024 | |
111 patches/dh1024.patch | |
112 | |
113 Apply the patches to NSS by running the patches/applypatches.sh script. Read | 103 Apply the patches to NSS by running the patches/applypatches.sh script. Read |
114 the comments at the top of patches/applypatches.sh for instructions. | 104 the comments at the top of patches/applypatches.sh for instructions. |
115 | 105 |
116 The ssl/bodge directory contains files taken from the NSS repo that we required | 106 The ssl/bodge directory contains files taken from the NSS repo that we required |
117 for building libssl outside of its usual build environment. | 107 for building libssl outside of its usual build environment. |
OLD | NEW |