Update to NSS 3.22
This commit is contained in:
parent
f7ddea92df
commit
5953345108
@ -1,6 +1,5 @@
|
||||
diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk
|
||||
--- a/lib/ssl/config.mk
|
||||
+++ b/lib/ssl/config.mk
|
||||
--- ./lib/ssl/config.mk.disableSSL2libssl 2016-01-29 02:30:10.000000000 -0800
|
||||
+++ ./lib/ssl/config.mk 2016-02-06 11:20:50.322990421 -0800
|
||||
@@ -2,16 +2,20 @@
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
@ -22,10 +21,9 @@ diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk
|
||||
ifdef NSS_NO_PKCS11_BYPASS
|
||||
DEFINES += -DNO_PKCS11_BYPASS
|
||||
else
|
||||
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
||||
--- a/lib/ssl/sslsock.c
|
||||
+++ b/lib/ssl/sslsock.c
|
||||
@@ -674,16 +674,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
||||
--- ./lib/ssl/sslsock.c.disableSSL2libssl 2016-02-06 11:20:50.312990617 -0800
|
||||
+++ ./lib/ssl/sslsock.c 2016-02-06 11:26:04.123828138 -0800
|
||||
@@ -705,16 +705,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
||||
if (ss->cipherSpecs) {
|
||||
PORT_Free(ss->cipherSpecs);
|
||||
ss->cipherSpecs = NULL;
|
||||
@ -47,8 +45,8 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
||||
}
|
||||
break;
|
||||
}
|
||||
ss->opt.enableSSL2 = on;
|
||||
@@ -691,52 +697,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
||||
if (on) {
|
||||
@@ -729,52 +735,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
||||
ss->opt.v2CompatibleHello = on;
|
||||
}
|
||||
ss->preferredCipher = NULL;
|
||||
@ -116,7 +114,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
||||
rv = SECFailure;
|
||||
} else {
|
||||
if (PR_FALSE != on) {
|
||||
@@ -1163,16 +1184,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
|
||||
@@ -1235,16 +1256,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
|
@ -1,12 +1,11 @@
|
||||
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
|
||||
--- a/tests/ssl/ssl.sh
|
||||
+++ b/tests/ssl/ssl.sh
|
||||
--- ./tests/ssl/ssl.sh.disableSSL2tests 2016-01-29 02:30:10.000000000 -0800
|
||||
+++ ./tests/ssl/ssl.sh 2016-02-06 11:50:26.496668124 -0800
|
||||
@@ -57,19 +57,24 @@ ssl_init()
|
||||
fi
|
||||
|
||||
PORT=${PORT-8443}
|
||||
NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal}
|
||||
nss_ssl_run="stapling cov auth stress"
|
||||
nss_ssl_run="stapling signed_cert_timestamps cov auth stress"
|
||||
NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
|
||||
|
||||
# Test case files
|
||||
@ -20,6 +19,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
|
||||
+ fi
|
||||
SSLAUTH=${QADIR}/ssl/sslauth.txt
|
||||
- SSLSTRESS=${QADIR}/ssl/sslstress.txt
|
||||
SSLPOLICY=${QADIR}/ssl/sslpolicy.txt
|
||||
REQUEST_FILE=${QADIR}/ssl/sslreq.dat
|
||||
|
||||
#temparary files
|
||||
@ -27,8 +27,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
|
||||
SERVERPID=${TMP}/tests_pid.$$
|
||||
|
||||
R_SERVERPID=../tests_pid.$$
|
||||
|
||||
@@ -115,17 +120,21 @@ is_selfserv_alive()
|
||||
@@ -116,17 +121,21 @@ is_selfserv_alive()
|
||||
if [ "${OS_ARCH}" = "WINNT" ] && \
|
||||
[ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
|
||||
PID=${SHELL_SERVERPID}
|
||||
@ -50,7 +49,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
|
||||
# local shell function to wait until selfserver is running and initialized
|
||||
########################################################################
|
||||
wait_for_selfserv()
|
||||
@@ -138,17 +147,21 @@ wait_for_selfserv()
|
||||
@@ -139,17 +148,21 @@ wait_for_selfserv()
|
||||
if [ $? -ne 0 ]; then
|
||||
sleep 5
|
||||
echo "retrying to connect to selfserv at `date`"
|
||||
@ -72,7 +71,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
|
||||
########################### kill_selfserv ##############################
|
||||
# local shell function to kill the selfserver after the tests are done
|
||||
########################################################################
|
||||
@@ -209,25 +222,26 @@ start_selfserv()
|
||||
@@ -210,25 +223,26 @@ start_selfserv()
|
||||
ECC_OPTIONS=""
|
||||
fi
|
||||
if [ "$1" = "mixed" ]; then
|
||||
@ -102,7 +101,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
|
||||
# process (sh.exe). MKS's kill command has a bug: invoking kill
|
||||
# on the helper process does not terminate the real background
|
||||
# process. Our workaround has been to have selfserv save its PID
|
||||
@@ -274,16 +288,22 @@ ssl_cov()
|
||||
@@ -275,16 +289,22 @@ ssl_cov()
|
||||
exec < ${SSLCOV}
|
||||
while read ectype testmax param testname
|
||||
do
|
||||
|
124
fix_warnings_treated_as_errors.patch
Normal file
124
fix_warnings_treated_as_errors.patch
Normal file
@ -0,0 +1,124 @@
|
||||
diff -up ./cmd/p7sign/p7sign.c.fix_warnings ./cmd/p7sign/p7sign.c
|
||||
--- ./cmd/p7sign/p7sign.c.fix_warnings 2016-02-07 15:29:48.459494920 -0800
|
||||
+++ ./cmd/p7sign/p7sign.c 2016-02-07 15:55:04.920963101 -0800
|
||||
@@ -92,21 +92,24 @@ SignFile(FILE *outFile, PRFileDesc *inFi
|
||||
SEC_PKCS7ContentInfo *cinfo;
|
||||
SECStatus rv;
|
||||
|
||||
- if (outFile == NULL || inFile == NULL || cert == NULL)
|
||||
- return -1;
|
||||
+ if (outFile == NULL || inFile == NULL || cert == NULL) {
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
/* suck the file in */
|
||||
- if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE,
|
||||
- PR_FALSE) != SECSuccess)
|
||||
- return -1;
|
||||
+ if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE,
|
||||
+ PR_FALSE) != SECSuccess) {
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
if (!encapsulated) {
|
||||
/* unfortunately, we must create the digest ourselves */
|
||||
/* SEC_PKCS7CreateSignedData should have a flag to not include */
|
||||
/* the content for non-encapsulated content at encode time, but */
|
||||
/* should always compute the hash itself */
|
||||
- if (CreateDigest(&data2sign, digestdata, &len, 32) < 0)
|
||||
- return -1;
|
||||
+ if (CreateDigest(&data2sign, digestdata, &len, 32) < 0) {
|
||||
+ return -1;
|
||||
+ }
|
||||
digest.data = (unsigned char *)digestdata;
|
||||
digest.len = len;
|
||||
}
|
||||
@@ -116,9 +119,9 @@ SignFile(FILE *outFile, PRFileDesc *inFi
|
||||
SEC_OID_SHA1,
|
||||
encapsulated ? NULL : &digest,
|
||||
NULL, NULL);
|
||||
- if (cinfo == NULL)
|
||||
+ if (cinfo == NULL) {
|
||||
return -1;
|
||||
-
|
||||
+ }
|
||||
if (encapsulated) {
|
||||
SEC_PKCS7SetContent(cinfo, (char *)data2sign.data, data2sign.len);
|
||||
}
|
||||
@@ -134,8 +137,9 @@ SignFile(FILE *outFile, PRFileDesc *inFi
|
||||
|
||||
SEC_PKCS7DestroyContentInfo (cinfo);
|
||||
|
||||
- if (rv != SECSuccess)
|
||||
+ if (rv != SECSuccess) {
|
||||
return -1;
|
||||
+ }
|
||||
|
||||
return 0;
|
||||
}
|
||||
diff -up ./cmd/vfychain/vfychain.c.fix_warnings ./cmd/vfychain/vfychain.c
|
||||
--- ./cmd/vfychain/vfychain.c.fix_warnings 2016-02-07 16:03:13.189775733 -0800
|
||||
+++ ./cmd/vfychain/vfychain.c 2016-02-07 16:22:33.709073372 -0800
|
||||
@@ -439,7 +439,7 @@ main(int argc, char *argv[], char *envp[
|
||||
case 0 : /* positional parameter */ goto breakout;
|
||||
case 'a' : isAscii = PR_TRUE; break;
|
||||
case 'b' : secStatus = DER_AsciiToTime(&time, optstate->value);
|
||||
- if (secStatus != SECSuccess) Usage(progName); break;
|
||||
+ if (secStatus != SECSuccess) { Usage(progName); } break;
|
||||
case 'd' : certDir = PL_strdup(optstate->value); break;
|
||||
case 'e' : ocsp_fetchingFailureIsAFailure = PR_FALSE; break;
|
||||
case 'f' : certFetching = PR_TRUE; break;
|
||||
@@ -484,9 +484,9 @@ main(int argc, char *argv[], char *envp[
|
||||
case 't' : trusted = PR_TRUE; break;
|
||||
case 'T' : onlyTrustAnchors = PR_FALSE; break;
|
||||
case 'u' : usage = PORT_Atoi(optstate->value);
|
||||
- if (usage < 0 || usage > 62) Usage(progName);
|
||||
+ if (usage < 0 || usage > 62) { Usage(progName); }
|
||||
certUsage = ((SECCertificateUsage)1) << usage;
|
||||
- if (certUsage > certificateUsageHighest) Usage(progName);
|
||||
+ if (certUsage > certificateUsageHighest) { Usage(progName); }
|
||||
break;
|
||||
case 'w':
|
||||
pwdata.source = PW_PLAINTEXT;
|
||||
diff -up ./lib/dbm/src/hash.c.fix_warnings ./lib/dbm/src/hash.c
|
||||
--- ./lib/dbm/src/hash.c.fix_warnings 2016-02-07 15:18:54.006925157 -0800
|
||||
+++ ./lib/dbm/src/hash.c 2016-02-07 15:21:02.151491099 -0800
|
||||
@@ -815,9 +815,9 @@ hash_access(
|
||||
}
|
||||
|
||||
ovfl_loop_count++;
|
||||
- if(ovfl_loop_count > MAX_OVERFLOW_HASH_ACCESS_LOOPS)
|
||||
+ if(ovfl_loop_count > MAX_OVERFLOW_HASH_ACCESS_LOOPS) {
|
||||
return (DATABASE_CORRUPTED_ERROR);
|
||||
-
|
||||
+ }
|
||||
/* FOR LOOP INIT */
|
||||
bp = (uint16 *)rbufp->page;
|
||||
n = *bp++;
|
||||
@@ -825,8 +825,9 @@ hash_access(
|
||||
off = hashp->BSIZE;
|
||||
} else if (bp[1] < REAL_KEY) {
|
||||
if ((ndx =
|
||||
- __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0)
|
||||
+ __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0) {
|
||||
goto found;
|
||||
+ }
|
||||
if (ndx == -2) {
|
||||
bufp = rbufp;
|
||||
if (!(pageno =
|
||||
diff -up ./lib/dbm/src/h_page.c.fix_warnings ./lib/dbm/src/h_page.c
|
||||
--- ./lib/dbm/src/h_page.c.fix_warnings 2016-01-29 02:30:10.000000000 -0800
|
||||
+++ ./lib/dbm/src/h_page.c 2016-02-07 15:10:42.439250993 -0800
|
||||
@@ -114,9 +114,9 @@ long new_lseek(int fd, long offset, int
|
||||
|
||||
if(origin == SEEK_CUR)
|
||||
{
|
||||
- if(offset < 1)
|
||||
- return(lseek(fd, offset, SEEK_CUR));
|
||||
-
|
||||
+ if(offset < 1) {
|
||||
+ return(lseek(fd, offset, SEEK_CUR));
|
||||
+ }
|
||||
cur_pos = lseek(fd, 0, SEEK_CUR);
|
||||
|
||||
if(cur_pos < 0)
|
34
iquote.patch
34
iquote.patch
@ -171,6 +171,18 @@ diff -up nss/lib/nss/Makefile.iquote nss/lib/nss/Makefile
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/pk11wrap/Makefile.iquote ./nss/lib/pk11wrap/Makefile
|
||||
--- ./nss/lib/pk11wrap/Makefile.iquote 2016-02-07 09:49:33.310455054 -0800
|
||||
+++ ./nss/lib/pk11wrap/Makefile 2016-02-07 09:51:38.830881330 -0800
|
||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile
|
||||
@ -185,3 +197,25 @@ diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/external_tests/pk11_gtest/Makefile.iquote ./nss/external_tests/pk11_gtest/Makefile
|
||||
--- ./nss/external_tests/pk11_gtest/Makefile.iquote 2016-02-07 10:07:49.163055808 -0800
|
||||
+++ ./nss/external_tests/pk11_gtest/Makefile 2016-02-07 10:09:07.463478307 -0800
|
||||
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/external_tests/ssl_gtest/Makefile.iquote ./nss/external_tests/ssl_gtest/Makefile
|
||||
--- ./nss/external_tests/ssl_gtest/Makefile.iquote 2016-02-07 10:19:57.132763142 -0800
|
||||
+++ ./nss/external_tests/ssl_gtest/Makefile 2016-02-07 10:20:42.346957530 -0800
|
||||
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
++INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
|
24
nss.spec
24
nss.spec
@ -1,6 +1,6 @@
|
||||
%global nspr_version 4.10.10
|
||||
%global nss_util_version 3.21.0
|
||||
%global nss_softokn_version 3.21.0
|
||||
%global nspr_version 4.11.0
|
||||
%global nss_util_version 3.22.0
|
||||
%global nss_softokn_version 3.22.0
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||
|
||||
@ -18,10 +18,10 @@
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.21.0
|
||||
Version: 3.22.0
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 7%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
@ -105,6 +105,10 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||
# The submission will be very different from this patch as
|
||||
# cleanup there is already in progress there.
|
||||
Patch59: pem-compile-with-Werror.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1246499
|
||||
Patch60: vfyserv-defined-but-not-used.patch
|
||||
# Local: Upstream nss-3.23 has these fixed
|
||||
Patch61: fix_warnings_treated_as_errors.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
@ -195,6 +199,10 @@ popd
|
||||
%patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5
|
||||
%patch58 -p0 -b .1185708_3des
|
||||
%patch59 -p0 -b .compile_Werror
|
||||
pushd nss
|
||||
%patch60 -p1 -b .defined_not_used
|
||||
%patch61 -p1 -b .fix_warnings
|
||||
popd
|
||||
|
||||
#########################################################
|
||||
# Higher-level libraries and test tools need access to
|
||||
@ -303,8 +311,7 @@ export IN_TREE_FREEBL_HEADERS_FIRST=1
|
||||
|
||||
##### phase 2: build the rest of nss
|
||||
# nss supports pluggable ecc with more than suite-b
|
||||
NSS_ECC_MORE_THAN_SUITE_B=1
|
||||
export NSS_ECC_MORE_THAN_SUITE_B
|
||||
export NSS_ECC_MORE_THAN_SUITE_B=1
|
||||
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
%{__make} -C ./nss/coreconf
|
||||
@ -824,6 +831,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Feb 08 2016 Elio Maldonado <emaldona@redhat.com> - 3.22.0-2
|
||||
- Update to NSS 3.22
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.21.0-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
|
@ -1,38 +0,0 @@
|
||||
diff -up ./nss/tests/ssl/sslauth.txt.ocsp_sni ./nss/tests/ssl/sslauth.txt
|
||||
--- ./nss/tests/ssl/sslauth.txt.ocsp_sni 2015-05-28 10:50:45.000000000 -0700
|
||||
+++ ./nss/tests/ssl/sslauth.txt 2015-08-30 08:49:22.025299419 -0700
|
||||
@@ -65,12 +65,12 @@
|
||||
# SNI Tests
|
||||
#
|
||||
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
|
||||
- SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
|
||||
- SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
|
||||
+ SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
|
||||
+ SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
|
||||
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI
|
||||
- SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions
|
||||
+ SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_vssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions
|
||||
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
|
||||
- SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
|
||||
+ SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
|
||||
SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS
|
||||
- SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
|
||||
- SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
|
||||
+ SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
|
||||
+ SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
|
||||
diff -up ./nss/tests/ssl/ssl.sh.ocsp_sni ./nss/tests/ssl/ssl.sh
|
||||
--- ./nss/tests/ssl/ssl.sh.ocsp_sni 2015-08-30 08:49:21.905301105 -0700
|
||||
+++ ./nss/tests/ssl/ssl.sh 2015-08-30 08:49:22.017299531 -0700
|
||||
@@ -457,10 +457,10 @@ ssl_stapling_sub()
|
||||
start_selfserv
|
||||
|
||||
echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} -v ${CLIENT_OPTIONS} \\"
|
||||
- echo " -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}"
|
||||
+ echo " -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}"
|
||||
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
|
||||
${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
|
||||
- -d ${P_R_CLIENTDIR} -v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \
|
||||
+ -d ${P_R_CLIENTDIR} -v -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \
|
||||
>${TMP}/$HOST.tmp.$$ 2>&1
|
||||
ret=$?
|
||||
cat ${TMP}/$HOST.tmp.$$
|
@ -1,39 +0,0 @@
|
||||
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
||||
--- a/lib/ssl/ssl3con.c
|
||||
+++ b/lib/ssl/ssl3con.c
|
||||
@@ -85,27 +85,27 @@ static SECStatus ssl3_AESGCMBypass(ssl3K
|
||||
*
|
||||
* Important: See bug 946147 before enabling, reordering, or adding any cipher
|
||||
* suites to this list.
|
||||
*/
|
||||
static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
||||
/* cipher_suite policy enabled isPresent */
|
||||
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
|
||||
* bug 946147.
|
||||
*/
|
||||
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
2
sources
2
sources
@ -4,4 +4,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
||||
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||
b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2
|
||||
f53ffa490133d29ff930fa4b29bade90 nss-3.21.0.tar.gz
|
||||
a0ae9d27c0261716648e49e3be33badd nss-3.22.0.tar.gz
|
||||
|
18
vfyserv-defined-but-not-used.patch
Normal file
18
vfyserv-defined-but-not-used.patch
Normal file
@ -0,0 +1,18 @@
|
||||
diff -up ./cmd/vfyserv/vfyserv.h.defined_not_used ./cmd/vfyserv/vfyserv.h
|
||||
--- ./cmd/vfyserv/vfyserv.h.defined_not_used 2016-02-06 18:32:54.143216370 -0800
|
||||
+++ ./cmd/vfyserv/vfyserv.h 2016-02-06 18:33:24.943636231 -0800
|
||||
@@ -135,14 +135,4 @@ void lockedVars_WaitForDone(lockedVars *
|
||||
|
||||
int lockedVars_AddToCount(lockedVars *lv, int addend);
|
||||
|
||||
-/* Buffer stuff. */
|
||||
-
|
||||
-static const char stopCmd[] = { "GET /stop " };
|
||||
-static const char defaultHeader[] = {
|
||||
- "HTTP/1.0 200 OK\r\n"
|
||||
- "Server: SSL sample server\r\n"
|
||||
- "Content-type: text/plain\r\n"
|
||||
- "\r\n"
|
||||
-};
|
||||
-
|
||||
#endif
|
Loading…
Reference in New Issue
Block a user