Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(26)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/README.chromium

Issue 1844813002: Uprev NSS to 3.23 on iOS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: One more GN fix Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/nss_ssl_util.cc ('k') | net/third_party/nss/patches/aesgcmchromium.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Name: Network Security Services (NSS) 1 Name: Network Security Services (NSS)
2 URL: http://www.mozilla.org/projects/security/pki/nss/ 2 URL: http://www.mozilla.org/projects/security/pki/nss/
3 Version: 3.21 RTM 3 Version: 3.23 RTM
4 Security Critical: Yes 4 Security Critical: Yes
5 License: MPL 2 5 License: MPL 2
6 License File: NOT_SHIPPED 6 License File: NOT_SHIPPED
7 7
8 This directory includes a copy of NSS's libssl from the hg repo at: 8 This directory includes a copy of NSS's libssl from the hg repo at:
9 https://hg.mozilla.org/projects/nss 9 https://hg.mozilla.org/projects/nss
10 10
11 The same module appears in crypto/third_party/nss (and third_party/nss on some 11 The same module appears in crypto/third_party/nss (and third_party/nss on some
12 platforms), so we don't repeat the license file here. 12 platforms), so we don't repeat the license file here.
13 13
14 The snapshot was updated to the hg tag: NSS_3_21_RTM 14 The snapshot was updated to the hg tag: NSS_3_23_RTM
15 15
16 Patches: 16 Patches:
17 17
18 * Cache the peer's intermediate CA certificates in session ID, so that 18 * Cache the peer's intermediate CA certificates in session ID, so that
19 they're available when we resume a session. 19 they're available when we resume a session.
20 patches/cachecerts.patch 20 patches/cachecerts.patch
21 https://bugzilla.mozilla.org/show_bug.cgi?id=731478 21 https://bugzilla.mozilla.org/show_bug.cgi?id=731478
22 22
23 * Add support for client auth with native crypto APIs on Mac and Windows.
24 patches/clientauth.patch
25 ssl/sslplatf.c
26
27 * Add a function to export whether the last handshake on a socket resumed a 23 * Add a function to export whether the last handshake on a socket resumed a
28 previous session. 24 previous session.
29 patches/didhandshakeresume.patch 25 patches/didhandshakeresume.patch
30 https://bugzilla.mozilla.org/show_bug.cgi?id=731798 26 https://bugzilla.mozilla.org/show_bug.cgi?id=731798
31 27
32 * Add function to retrieve TLS client cert types requested by server. 28 * Add function to retrieve TLS client cert types requested by server.
33 https://bugzilla.mozilla.org/show_bug.cgi?id=51413 29 https://bugzilla.mozilla.org/show_bug.cgi?id=51413
34 patches/getrequestedclientcerttypes.patch 30 patches/getrequestedclientcerttypes.patch
35 31
36 * Add a function to restart a handshake after a client certificate request. 32 * Add a function to restart a handshake after a client certificate request.
37 patches/restartclientauth.patch 33 patches/restartclientauth.patch
38 34
39 * Add support for TLS Channel IDs 35 * Add support for TLS Channel IDs
40 patches/channelid.patch 36 patches/channelid.patch
41 37
42 * Add support for extracting the tls-unique channel binding value 38 * Add support for extracting the tls-unique channel binding value
43 patches/tlsunique.patch 39 patches/tlsunique.patch
44 https://bugzilla.mozilla.org/show_bug.cgi?id=563276 40 https://bugzilla.mozilla.org/show_bug.cgi?id=563276
45 41
46 * SSL_ExportKeyingMaterial should get the RecvBufLock and SSL3HandshakeLock. 42 * SSL_ExportKeyingMaterial should get the RecvBufLock and SSL3HandshakeLock.
47 This change was made in https://chromiumcodereview.appspot.com/10454066. 43 This change was made in https://chromiumcodereview.appspot.com/10454066.
48 patches/secretexporterlocks.patch 44 patches/secretexporterlocks.patch
49 45
50 * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS
51 versions older than 3.15 report an EC key size range of 112 bits to 571
52 bits, even when it is compiled to support only the NIST P-256, P-384, and
53 P-521 curves. Remove this patch when all system NSS softoken packages are
54 NSS 3.15 or later.
55 patches/suitebonly.patch
56
57 * Define the SECItemArray type and declare the SECItemArray handling
58 functions, which were added in NSS 3.15. Remove this patch when all system
59 NSS packages are NSS 3.15 or later.
60 patches/secitemarray.patch
61
62 * Update Chromium-specific code for TLS 1.2.
63 patches/tls12chromium.patch
64
65 * Add Chromium-specific code to detect AES GCM support in the system NSS
66 libraries at run time. Remove this patch when all system NSS packages are
67 NSS 3.15 or later.
68 patches/aesgcmchromium.patch
69
70 * Support ChaCha20+Poly1305 ciphersuites
71 http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-01
72 patches/chacha20poly1305.patch
73
74 * Fix session cache lock creation race. 46 * Fix session cache lock creation race.
75 patches/cachelocks.patch 47 patches/cachelocks.patch
76 https://bugzilla.mozilla.org/show_bug.cgi?id=764646 48 https://bugzilla.mozilla.org/show_bug.cgi?id=764646
77 49
78 * Support the Certificate Transparency (RFC 6962) TLS extension
79 signed_certificate_timestamp (client only).
80 patches/signedcertificatetimestamps.patch
81 https://bugzilla.mozilla.org/show_bug.cgi?id=944175
82
83 * Add a function to allow the cipher suites preference order to be set. 50 * Add a function to allow the cipher suites preference order to be set.
84 patches/cipherorder.patch 51 patches/cipherorder.patch
85 52
86 * Add explicit functions for managing the SSL/TLS session cache. 53 * Add explicit functions for managing the SSL/TLS session cache.
87 This is a temporary workaround until Chromium migrates to NSS's 54 This is a temporary workaround until Chromium migrates to NSS's
88 asynchronous certificate verification. 55 asynchronous certificate verification.
89 patches/sessioncache.patch 56 patches/sessioncache.patch
90 57
91 * Use NSSRWLock instead of PRRWLock in sslSessionID. This avoids the bugs
92 in the lock rank checking code in PRRWLock.
93 patches/nssrwlock.patch
94 https://bugzilla.mozilla.org/show_bug.cgi?id=957812
95
96 * Add a comment explaining why signature_algorithms extension should be at 58 * Add a comment explaining why signature_algorithms extension should be at
97 the end of the extension list. This works around a bug in WebSphere 59 the end of the extension list. This works around a bug in WebSphere
98 Application Server 7.0, which is intolerant to the final extension having 60 Application Server 7.0, which is intolerant to the final extension having
99 zero length. This also ensures that the padding extension has non-zero 61 zero length. This also ensures that the padding extension has non-zero
100 length. 62 length.
101 patches/reorderextensions.patch 63 patches/reorderextensions.patch
102 64
65 * Fix an unused method when disabling PKCS#11 bypass mode
66 patches/nobypass.patch
67
103 Apply the patches to NSS by running the patches/applypatches.sh script. Read 68 Apply the patches to NSS by running the patches/applypatches.sh script. Read
104 the comments at the top of patches/applypatches.sh for instructions. 69 the comments at the top of patches/applypatches.sh for instructions.
105 70
106 The ssl/bodge directory contains files taken from the NSS repo that we required
107 for building libssl outside of its usual build environment.
OLDNEW
« no previous file with comments | « net/socket/nss_ssl_util.cc ('k') | net/third_party/nss/patches/aesgcmchromium.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698