net/third_party/nss/README.chromium - Issue 14522022: Update NSS libSSL to NSS_3_15_BETA2.

Unified Diff: net/third_party/nss/README.chromium

Issue 14522022: Update NSS libSSL to NSS_3_15_BETA2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Adjust secitemarray.patch, remove handlecertloser.patch Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/third_party/nss/patches/aes256keylength.patch » ('j') | net/third_party/nss/ssl/bodge/secitem_array.c » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/third_party/nss/README.chromium

===================================================================

--- net/third_party/nss/README.chromium (revision 196870)

+++ net/third_party/nss/README.chromium (working copy)

@@ -1,17 +1,17 @@

Name: Network Security Services (NSS)

URL: http://www.mozilla.org/projects/security/pki/nss/

-Version: 3.14

+Version: 3.15 Beta 2

Security Critical: Yes

License: MPL 2

License FILE: NOT_SHIPPED

-This directory includes a copy of NSS's libssl from the CVS repo at:

- :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot

+This directory includes a copy of NSS's libssl from the hg repo at:

+ https://hg.mozilla.org/projects/nss

The same module appears in crypto/third_party/nss (and third_party/nss on some

platforms), so we don't repeat the license file here.

-The snapshot was updated to the CVS tag: NSS_3_14_RTM

+The snapshot was updated to the hg tag: NSS_3_15_BETA2

Patches:

@@ -33,10 +33,6 @@

patches/peercertchain.patch

https://bugzilla.mozilla.org/show_bug.cgi?id=731485

- * Add OCSP stapling support

- patches/ocspstapling.patch

- https://bugzilla.mozilla.org/show_bug.cgi?id=360420

* Add support for client auth with native crypto APIs on Mac and Windows

patches/clientauth.patch

ssl/sslplatf.c

@@ -46,9 +42,6 @@

patches/didhandshakeresume.patch

https://bugzilla.mozilla.org/show_bug.cgi?id=731798

- * Add a function to restart a handshake after a client certificate request.

- patches/restartclientauth.patch

wtc 2013/04/29 18:09:59 This patch still exists. I merely moved it to matc

* Allow SSL_HandshakeNegotiatedExtension to be called before the handshake

is finished.

https://bugzilla.mozilla.org/show_bug.cgi?id=681839

@@ -58,10 +51,8 @@

https://bugzilla.mozilla.org/show_bug.cgi?id=51413

patches/getrequestedclientcerttypes.patch

- * Enable False Start only when the server supports forward secrecy.

- patches/falsestartnpn.patch

- https://bugzilla.mozilla.org/show_bug.cgi?id=810582

- https://bugzilla.mozilla.org/show_bug.cgi?id=810583

+ * Add a function to restart a handshake after a client certificate request.

+ patches/restartclientauth.patch

* Add support for TLS Channel IDs

patches/channelid.patch

@@ -70,10 +61,6 @@

patches/tlsunique.patch

https://bugzilla.mozilla.org/show_bug.cgi?id=563276

- * Don't crash when the SSL keylog file cannot be opened.

- patches/sslkeylogerror.patch

- https://bugzilla.mozilla.org/show_bug.cgi?id=810579

* Define the EC_POINT_FORM_UNCOMPRESSED macro. In NSS 3.13.2 the macro

definition was moved from the internal header ec.h to blapit.h. When

compiling against older system NSS headers, we need to define the macro.

@@ -83,19 +70,25 @@

This change was made in https://chromiumcodereview.appspot.com/10454066.

patches/secretexporterlocks.patch

- * Implement CBC processing in constant-time to address the "Lucky Thirteen"

- attack.

+ * Allow the constant-time CBC processing code to be compiled against older

+ NSS that doesn't contain the CBC constant-time changes.

patches/cbc.patch

- https://bugzilla.mozilla.org/show_bug.cgi?id=822365

+ https://code.google.com/p/chromium/issues/detail?id=172658#c12

- * Fix a crash in dtls_FreeHandshakeMessages.

- patches/dtlsinitclist.patch

- https://bugzilla.mozilla.org/show_bug.cgi?id=822433 (fixed in NSS 3.14.2)

* Define AES_256_KEY_LENGTH if the system blapit.h header doesn't define it.

Remove this patch when all system NSS packages are NSS 3.12.10 or later.

patches/aes256keylength.patch

+ * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS

+ versions older than 3.15 report an incorrect EC key size range. Remove

+ this patch when all system NSS softoken packages are NSS 3.15 or later.

+ patches/suitebonly.patch

+ * Define the SECItemArray type and declare the SECItemArray handling

+ functions, which were added in NSS 3.15. Remove this patch when all system

+ NSS packages are NSS 3.15 or later.

+ patches/secitemarray.patch

Apply the patches to NSS by running the patches/applypatches.sh script. Read

the comments at the top of patches/applypatches.sh for instructions.

« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/third_party/nss/patches/aes256keylength.patch » ('j') | net/third_party/nss/ssl/bodge/secitem_array.c » ('J')