Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(100)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/README.chromium

Issue 14522022: Update NSS libSSL to NSS_3_15_BETA2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Make the changes rsleevi suggested Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/third_party/nss/patches/aes256keylength.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/README.chromium
===================================================================
--- net/third_party/nss/README.chromium (revision 197379)
+++ net/third_party/nss/README.chromium (working copy)
@@ -1,17 +1,17 @@
Name: Network Security Services (NSS)
URL: http://www.mozilla.org/projects/security/pki/nss/
-Version: 3.14
+Version: 3.15 Beta 2
Security Critical: Yes
License: MPL 2
License File: NOT_SHIPPED
-This directory includes a copy of NSS's libssl from the CVS repo at:
- :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
+This directory includes a copy of NSS's libssl from the hg repo at:
+ https://hg.mozilla.org/projects/nss
The same module appears in crypto/third_party/nss (and third_party/nss on some
platforms), so we don't repeat the license file here.
-The snapshot was updated to the CVS tag: NSS_3_14_RTM
+The snapshot was updated to the hg tag: NSS_3_15_BETA2
Patches:
@@ -33,10 +33,6 @@
patches/peercertchain.patch
https://bugzilla.mozilla.org/show_bug.cgi?id=731485
- * Add OCSP stapling support
- patches/ocspstapling.patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=360420
-
* Add support for client auth with native crypto APIs on Mac and Windows
patches/clientauth.patch
ssl/sslplatf.c
@@ -46,9 +42,6 @@
patches/didhandshakeresume.patch
https://bugzilla.mozilla.org/show_bug.cgi?id=731798
- * Add a function to restart a handshake after a client certificate request.
- patches/restartclientauth.patch
-
* Allow SSL_HandshakeNegotiatedExtension to be called before the handshake
is finished.
https://bugzilla.mozilla.org/show_bug.cgi?id=681839
@@ -58,10 +51,8 @@
https://bugzilla.mozilla.org/show_bug.cgi?id=51413
patches/getrequestedclientcerttypes.patch
- * Enable False Start only when the server supports forward secrecy.
- patches/falsestartnpn.patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=810582
- https://bugzilla.mozilla.org/show_bug.cgi?id=810583
+ * Add a function to restart a handshake after a client certificate request.
+ patches/restartclientauth.patch
* Add support for TLS Channel IDs
patches/channelid.patch
@@ -70,10 +61,6 @@
patches/tlsunique.patch
https://bugzilla.mozilla.org/show_bug.cgi?id=563276
- * Don't crash when the SSL keylog file cannot be opened.
- patches/sslkeylogerror.patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=810579
-
* Define the EC_POINT_FORM_UNCOMPRESSED macro. In NSS 3.13.2 the macro
definition was moved from the internal header ec.h to blapit.h. When
compiling against older system NSS headers, we need to define the macro.
@@ -83,19 +70,31 @@
This change was made in https://chromiumcodereview.appspot.com/10454066.
patches/secretexporterlocks.patch
- * Implement CBC processing in constant-time to address the "Lucky Thirteen"
- attack.
+ * Allow the constant-time CBC processing code to be compiled against older
+ NSS that doesn't contain the CBC constant-time changes.
patches/cbc.patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=822365
+ https://code.google.com/p/chromium/issues/detail?id=172658#c12
- * Fix a crash in dtls_FreeHandshakeMessages.
- patches/dtlsinitclist.patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=822433 (fixed in NSS 3.14.2)
-
* Define AES_256_KEY_LENGTH if the system blapit.h header doesn't define it.
Remove this patch when all system NSS packages are NSS 3.12.10 or later.
patches/aes256keylength.patch
+ * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS
+ versions older than 3.15 report an EC key size range of 112 bits to 571
+ bits, even when it is compiled to support only the NIST P-256, P-384, and
+ P-521 curves. Remove this patch when all system NSS softoken packages are
+ NSS 3.15 or later.
+ patches/suitebonly.patch
+
+ * Define the SECItemArray type and declare the SECItemArray handling
+ functions, which were added in NSS 3.15. Remove this patch when all system
+ NSS packages are NSS 3.15 or later.
+ patches/secitemarray.patch
+
+ * Remove unused variables in ssl3_SendCertificateStatus.
+ patches/unusedvariables.patch
+ https://bugzilla.mozilla.org/show_bug.cgi?id=866949
+
Apply the patches to NSS by running the patches/applypatches.sh script. Read
the comments at the top of patches/applypatches.sh for instructions.
« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/third_party/nss/patches/aes256keylength.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698