Update to NSS 3.22

This commit is contained in:
Elio Maldonado 2016-02-08 07:57:39 -08:00
parent f7ddea92df
commit 5953345108
9 changed files with 210 additions and 104 deletions

View File

@ -1,6 +1,5 @@
diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk --- ./lib/ssl/config.mk.disableSSL2libssl 2016-01-29 02:30:10.000000000 -0800
--- a/lib/ssl/config.mk +++ ./lib/ssl/config.mk 2016-02-06 11:20:50.322990421 -0800
+++ b/lib/ssl/config.mk
@@ -2,16 +2,20 @@ @@ -2,16 +2,20 @@
# This Source Code Form is subject to the terms of the Mozilla Public # This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this # License, v. 2.0. If a copy of the MPL was not distributed with this
@ -22,10 +21,9 @@ diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk
ifdef NSS_NO_PKCS11_BYPASS ifdef NSS_NO_PKCS11_BYPASS
DEFINES += -DNO_PKCS11_BYPASS DEFINES += -DNO_PKCS11_BYPASS
else else
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c --- ./lib/ssl/sslsock.c.disableSSL2libssl 2016-02-06 11:20:50.312990617 -0800
--- a/lib/ssl/sslsock.c +++ ./lib/ssl/sslsock.c 2016-02-06 11:26:04.123828138 -0800
+++ b/lib/ssl/sslsock.c @@ -705,16 +705,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
@@ -674,16 +674,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
if (ss->cipherSpecs) { if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs); PORT_Free(ss->cipherSpecs);
ss->cipherSpecs = NULL; ss->cipherSpecs = NULL;
@ -47,8 +45,8 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
} }
break; break;
} }
ss->opt.enableSSL2 = on; if (on) {
@@ -691,52 +697,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh @@ -729,52 +735,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
ss->opt.v2CompatibleHello = on; ss->opt.v2CompatibleHello = on;
} }
ss->preferredCipher = NULL; ss->preferredCipher = NULL;
@ -116,7 +114,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
rv = SECFailure; rv = SECFailure;
} else { } else {
if (PR_FALSE != on) { if (PR_FALSE != on) {
@@ -1163,16 +1184,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo @@ -1235,16 +1256,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
} }
return SECSuccess; return SECSuccess;
} }

View File

@ -1,12 +1,11 @@
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh --- ./tests/ssl/ssl.sh.disableSSL2tests 2016-01-29 02:30:10.000000000 -0800
--- a/tests/ssl/ssl.sh +++ ./tests/ssl/ssl.sh 2016-02-06 11:50:26.496668124 -0800
+++ b/tests/ssl/ssl.sh
@@ -57,19 +57,24 @@ ssl_init() @@ -57,19 +57,24 @@ ssl_init()
fi fi
PORT=${PORT-8443} PORT=${PORT-8443}
NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal} NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal}
nss_ssl_run="stapling cov auth stress" nss_ssl_run="stapling signed_cert_timestamps cov auth stress"
NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run} NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
# Test case files # Test case files
@ -20,6 +19,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
+ fi + fi
SSLAUTH=${QADIR}/ssl/sslauth.txt SSLAUTH=${QADIR}/ssl/sslauth.txt
- SSLSTRESS=${QADIR}/ssl/sslstress.txt - SSLSTRESS=${QADIR}/ssl/sslstress.txt
SSLPOLICY=${QADIR}/ssl/sslpolicy.txt
REQUEST_FILE=${QADIR}/ssl/sslreq.dat REQUEST_FILE=${QADIR}/ssl/sslreq.dat
#temparary files #temparary files
@ -27,8 +27,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
SERVERPID=${TMP}/tests_pid.$$ SERVERPID=${TMP}/tests_pid.$$
R_SERVERPID=../tests_pid.$$ R_SERVERPID=../tests_pid.$$
@@ -116,17 +121,21 @@ is_selfserv_alive()
@@ -115,17 +120,21 @@ is_selfserv_alive()
if [ "${OS_ARCH}" = "WINNT" ] && \ if [ "${OS_ARCH}" = "WINNT" ] && \
[ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
PID=${SHELL_SERVERPID} PID=${SHELL_SERVERPID}
@ -50,7 +49,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
# local shell function to wait until selfserver is running and initialized # local shell function to wait until selfserver is running and initialized
######################################################################## ########################################################################
wait_for_selfserv() wait_for_selfserv()
@@ -138,17 +147,21 @@ wait_for_selfserv() @@ -139,17 +148,21 @@ wait_for_selfserv()
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
sleep 5 sleep 5
echo "retrying to connect to selfserv at `date`" echo "retrying to connect to selfserv at `date`"
@ -72,7 +71,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
########################### kill_selfserv ############################## ########################### kill_selfserv ##############################
# local shell function to kill the selfserver after the tests are done # local shell function to kill the selfserver after the tests are done
######################################################################## ########################################################################
@@ -209,25 +222,26 @@ start_selfserv() @@ -210,25 +223,26 @@ start_selfserv()
ECC_OPTIONS="" ECC_OPTIONS=""
fi fi
if [ "$1" = "mixed" ]; then if [ "$1" = "mixed" ]; then
@ -102,7 +101,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
# process (sh.exe). MKS's kill command has a bug: invoking kill # process (sh.exe). MKS's kill command has a bug: invoking kill
# on the helper process does not terminate the real background # on the helper process does not terminate the real background
# process. Our workaround has been to have selfserv save its PID # process. Our workaround has been to have selfserv save its PID
@@ -274,16 +288,22 @@ ssl_cov() @@ -275,16 +289,22 @@ ssl_cov()
exec < ${SSLCOV} exec < ${SSLCOV}
while read ectype testmax param testname while read ectype testmax param testname
do do

View File

@ -0,0 +1,124 @@
diff -up ./cmd/p7sign/p7sign.c.fix_warnings ./cmd/p7sign/p7sign.c
--- ./cmd/p7sign/p7sign.c.fix_warnings 2016-02-07 15:29:48.459494920 -0800
+++ ./cmd/p7sign/p7sign.c 2016-02-07 15:55:04.920963101 -0800
@@ -92,21 +92,24 @@ SignFile(FILE *outFile, PRFileDesc *inFi
SEC_PKCS7ContentInfo *cinfo;
SECStatus rv;
- if (outFile == NULL || inFile == NULL || cert == NULL)
- return -1;
+ if (outFile == NULL || inFile == NULL || cert == NULL) {
+ return -1;
+ }
/* suck the file in */
- if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE,
- PR_FALSE) != SECSuccess)
- return -1;
+ if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE,
+ PR_FALSE) != SECSuccess) {
+ return -1;
+ }
if (!encapsulated) {
/* unfortunately, we must create the digest ourselves */
/* SEC_PKCS7CreateSignedData should have a flag to not include */
/* the content for non-encapsulated content at encode time, but */
/* should always compute the hash itself */
- if (CreateDigest(&data2sign, digestdata, &len, 32) < 0)
- return -1;
+ if (CreateDigest(&data2sign, digestdata, &len, 32) < 0) {
+ return -1;
+ }
digest.data = (unsigned char *)digestdata;
digest.len = len;
}
@@ -116,9 +119,9 @@ SignFile(FILE *outFile, PRFileDesc *inFi
SEC_OID_SHA1,
encapsulated ? NULL : &digest,
NULL, NULL);
- if (cinfo == NULL)
+ if (cinfo == NULL) {
return -1;
-
+ }
if (encapsulated) {
SEC_PKCS7SetContent(cinfo, (char *)data2sign.data, data2sign.len);
}
@@ -134,8 +137,9 @@ SignFile(FILE *outFile, PRFileDesc *inFi
SEC_PKCS7DestroyContentInfo (cinfo);
- if (rv != SECSuccess)
+ if (rv != SECSuccess) {
return -1;
+ }
return 0;
}
diff -up ./cmd/vfychain/vfychain.c.fix_warnings ./cmd/vfychain/vfychain.c
--- ./cmd/vfychain/vfychain.c.fix_warnings 2016-02-07 16:03:13.189775733 -0800
+++ ./cmd/vfychain/vfychain.c 2016-02-07 16:22:33.709073372 -0800
@@ -439,7 +439,7 @@ main(int argc, char *argv[], char *envp[
case 0 : /* positional parameter */ goto breakout;
case 'a' : isAscii = PR_TRUE; break;
case 'b' : secStatus = DER_AsciiToTime(&time, optstate->value);
- if (secStatus != SECSuccess) Usage(progName); break;
+ if (secStatus != SECSuccess) { Usage(progName); } break;
case 'd' : certDir = PL_strdup(optstate->value); break;
case 'e' : ocsp_fetchingFailureIsAFailure = PR_FALSE; break;
case 'f' : certFetching = PR_TRUE; break;
@@ -484,9 +484,9 @@ main(int argc, char *argv[], char *envp[
case 't' : trusted = PR_TRUE; break;
case 'T' : onlyTrustAnchors = PR_FALSE; break;
case 'u' : usage = PORT_Atoi(optstate->value);
- if (usage < 0 || usage > 62) Usage(progName);
+ if (usage < 0 || usage > 62) { Usage(progName); }
certUsage = ((SECCertificateUsage)1) << usage;
- if (certUsage > certificateUsageHighest) Usage(progName);
+ if (certUsage > certificateUsageHighest) { Usage(progName); }
break;
case 'w':
pwdata.source = PW_PLAINTEXT;
diff -up ./lib/dbm/src/hash.c.fix_warnings ./lib/dbm/src/hash.c
--- ./lib/dbm/src/hash.c.fix_warnings 2016-02-07 15:18:54.006925157 -0800
+++ ./lib/dbm/src/hash.c 2016-02-07 15:21:02.151491099 -0800
@@ -815,9 +815,9 @@ hash_access(
}
ovfl_loop_count++;
- if(ovfl_loop_count > MAX_OVERFLOW_HASH_ACCESS_LOOPS)
+ if(ovfl_loop_count > MAX_OVERFLOW_HASH_ACCESS_LOOPS) {
return (DATABASE_CORRUPTED_ERROR);
-
+ }
/* FOR LOOP INIT */
bp = (uint16 *)rbufp->page;
n = *bp++;
@@ -825,8 +825,9 @@ hash_access(
off = hashp->BSIZE;
} else if (bp[1] < REAL_KEY) {
if ((ndx =
- __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0)
+ __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0) {
goto found;
+ }
if (ndx == -2) {
bufp = rbufp;
if (!(pageno =
diff -up ./lib/dbm/src/h_page.c.fix_warnings ./lib/dbm/src/h_page.c
--- ./lib/dbm/src/h_page.c.fix_warnings 2016-01-29 02:30:10.000000000 -0800
+++ ./lib/dbm/src/h_page.c 2016-02-07 15:10:42.439250993 -0800
@@ -114,9 +114,9 @@ long new_lseek(int fd, long offset, int
if(origin == SEEK_CUR)
{
- if(offset < 1)
- return(lseek(fd, offset, SEEK_CUR));
-
+ if(offset < 1) {
+ return(lseek(fd, offset, SEEK_CUR));
+ }
cur_pos = lseek(fd, 0, SEEK_CUR);
if(cur_pos < 0)

View File

@ -171,6 +171,18 @@ diff -up nss/lib/nss/Makefile.iquote nss/lib/nss/Makefile
+INCLUDES += -iquote $(DIST)/../public/nss +INCLUDES += -iquote $(DIST)/../public/nss
+INCLUDES += -iquote $(DIST)/../private/nss +INCLUDES += -iquote $(DIST)/../private/nss
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up ./nss/lib/pk11wrap/Makefile.iquote ./nss/lib/pk11wrap/Makefile
--- ./nss/lib/pk11wrap/Makefile.iquote 2016-02-07 09:49:33.310455054 -0800
+++ ./nss/lib/pk11wrap/Makefile 2016-02-07 09:51:38.830881330 -0800
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
-
+INCLUDES += -iquote $(DIST)/../public/nss
####################################################################### #######################################################################
# (7) Execute "local" rules. (OPTIONAL). # # (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile
@ -185,3 +197,25 @@ diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile
####################################################################### #######################################################################
# (7) Execute "local" rules. (OPTIONAL). # # (7) Execute "local" rules. (OPTIONAL). #
diff -up ./nss/external_tests/pk11_gtest/Makefile.iquote ./nss/external_tests/pk11_gtest/Makefile
--- ./nss/external_tests/pk11_gtest/Makefile.iquote 2016-02-07 10:07:49.163055808 -0800
+++ ./nss/external_tests/pk11_gtest/Makefile 2016-02-07 10:09:07.463478307 -0800
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
+INCLUDES += -iquote $(DIST)/../public/nss
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up ./nss/external_tests/ssl_gtest/Makefile.iquote ./nss/external_tests/ssl_gtest/Makefile
--- ./nss/external_tests/ssl_gtest/Makefile.iquote 2016-02-07 10:19:57.132763142 -0800
+++ ./nss/external_tests/ssl_gtest/Makefile 2016-02-07 10:20:42.346957530 -0800
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
++INCLUDES += -iquote $(DIST)/../public/nss
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #

View File

@ -1,6 +1,6 @@
%global nspr_version 4.10.10 %global nspr_version 4.11.0
%global nss_util_version 3.21.0 %global nss_util_version 3.22.0
%global nss_softokn_version 3.21.0 %global nss_softokn_version 3.22.0
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv" %global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
@ -18,10 +18,10 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.21.0 Version: 3.22.0
# for Rawhide, please always use release >= 2 # for Rawhide, please always use release >= 2
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...) # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
Release: 7%{?dist} Release: 2%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -105,6 +105,10 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
# The submission will be very different from this patch as # The submission will be very different from this patch as
# cleanup there is already in progress there. # cleanup there is already in progress there.
Patch59: pem-compile-with-Werror.patch Patch59: pem-compile-with-Werror.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1246499
Patch60: vfyserv-defined-but-not-used.patch
# Local: Upstream nss-3.23 has these fixed
Patch61: fix_warnings_treated_as_errors.patch
%description %description
Network Security Services (NSS) is a set of libraries designed to Network Security Services (NSS) is a set of libraries designed to
@ -195,6 +199,10 @@ popd
%patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5 %patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5
%patch58 -p0 -b .1185708_3des %patch58 -p0 -b .1185708_3des
%patch59 -p0 -b .compile_Werror %patch59 -p0 -b .compile_Werror
pushd nss
%patch60 -p1 -b .defined_not_used
%patch61 -p1 -b .fix_warnings
popd
######################################################### #########################################################
# Higher-level libraries and test tools need access to # Higher-level libraries and test tools need access to
@ -303,8 +311,7 @@ export IN_TREE_FREEBL_HEADERS_FIRST=1
##### phase 2: build the rest of nss ##### phase 2: build the rest of nss
# nss supports pluggable ecc with more than suite-b # nss supports pluggable ecc with more than suite-b
NSS_ECC_MORE_THAN_SUITE_B=1 export NSS_ECC_MORE_THAN_SUITE_B=1
export NSS_ECC_MORE_THAN_SUITE_B
export NSS_BLTEST_NOT_AVAILABLE=1 export NSS_BLTEST_NOT_AVAILABLE=1
%{__make} -C ./nss/coreconf %{__make} -C ./nss/coreconf
@ -824,6 +831,9 @@ fi
%changelog %changelog
* Mon Feb 08 2016 Elio Maldonado <emaldona@redhat.com> - 3.22.0-2
- Update to NSS 3.22
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.21.0-7 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.21.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

View File

@ -1,38 +0,0 @@
diff -up ./nss/tests/ssl/sslauth.txt.ocsp_sni ./nss/tests/ssl/sslauth.txt
--- ./nss/tests/ssl/sslauth.txt.ocsp_sni 2015-05-28 10:50:45.000000000 -0700
+++ ./nss/tests/ssl/sslauth.txt 2015-08-30 08:49:22.025299419 -0700
@@ -65,12 +65,12 @@
# SNI Tests
#
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
- SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
- SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
+ SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
+ SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI
- SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions
+ SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_vssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
- SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
+ SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS
- SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
- SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
+ SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
+ SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
diff -up ./nss/tests/ssl/ssl.sh.ocsp_sni ./nss/tests/ssl/ssl.sh
--- ./nss/tests/ssl/ssl.sh.ocsp_sni 2015-08-30 08:49:21.905301105 -0700
+++ ./nss/tests/ssl/ssl.sh 2015-08-30 08:49:22.017299531 -0700
@@ -457,10 +457,10 @@ ssl_stapling_sub()
start_selfserv
echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} -v ${CLIENT_OPTIONS} \\"
- echo " -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}"
+ echo " -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
- -d ${P_R_CLIENTDIR} -v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \
+ -d ${P_R_CLIENTDIR} -v -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
cat ${TMP}/$HOST.tmp.$$

View File

@ -1,39 +0,0 @@
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -85,27 +85,27 @@ static SECStatus ssl3_AESGCMBypass(ssl3K
*
* Important: See bug 946147 before enabling, reordering, or adding any cipher
* suites to this list.
*/
static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
/* cipher_suite policy enabled isPresent */
#ifndef NSS_DISABLE_ECC
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
* bug 946147.
*/
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
#endif /* NSS_DISABLE_ECC */
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},

View File

@ -4,4 +4,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db 691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db 2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2 b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2
f53ffa490133d29ff930fa4b29bade90 nss-3.21.0.tar.gz a0ae9d27c0261716648e49e3be33badd nss-3.22.0.tar.gz

View File

@ -0,0 +1,18 @@
diff -up ./cmd/vfyserv/vfyserv.h.defined_not_used ./cmd/vfyserv/vfyserv.h
--- ./cmd/vfyserv/vfyserv.h.defined_not_used 2016-02-06 18:32:54.143216370 -0800
+++ ./cmd/vfyserv/vfyserv.h 2016-02-06 18:33:24.943636231 -0800
@@ -135,14 +135,4 @@ void lockedVars_WaitForDone(lockedVars *
int lockedVars_AddToCount(lockedVars *lv, int addend);
-/* Buffer stuff. */
-
-static const char stopCmd[] = { "GET /stop " };
-static const char defaultHeader[] = {
- "HTTP/1.0 200 OK\r\n"
- "Server: SSL sample server\r\n"
- "Content-type: text/plain\r\n"
- "\r\n"
-};
-
#endif