Merge branch 'master' into private-emaldona-upstream-experiment
This commit is contained in:
Elio Maldonado
commit
0ee7d5581e
|
|
@ -7,7 +7,6 @@ PayPalEE.cert
|
|||
TestCA.ca.cert
|
||||
TestUser50.cert
|
||||
TestUser51.cert
|
||||
/nss-pem-20160308.tar.bz2
|
||||
/PayPalRootCA.cert
|
||||
/PayPalICA.cert
|
||||
/nss-3.24.0.tar.gz
|
||||
/nss-3.25.0.tar.gz
|
||||
|
|
|
|||
|
|
@ -1,102 +0,0 @@
|
|||
--- ./lib/ssl/sslsock.c.compatibility 2016-06-02 10:59:07.188831825 -0700
|
||||
+++ ./lib/ssl/sslsock.c 2016-06-02 10:59:07.205831404 -0700
|
||||
@@ -675,16 +675,28 @@
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
rv = SECFailure; /* not allowed */
|
||||
}
|
||||
break;
|
||||
}
|
||||
ssl_EnableSSL3(&ss->vrange, on);
|
||||
break;
|
||||
|
||||
+ case SSL_ENABLE_SSL2:
|
||||
+ case SSL_V2_COMPATIBLE_HELLO:
|
||||
+ /* We no longer support SSL v2.
|
||||
+ * However, if an old application requests to disable SSL v2,
|
||||
+ * we shouldn't fail.
|
||||
+ */
|
||||
+ if (on) {
|
||||
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
+ rv = SECFailure;
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
case SSL_NO_CACHE:
|
||||
ss->opt.noCache = on;
|
||||
break;
|
||||
|
||||
case SSL_ENABLE_FDX:
|
||||
if (on && ss->opt.noLocks) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
rv = SECFailure;
|
||||
@@ -856,16 +868,20 @@
|
||||
on = ss->opt.handshakeAsServer;
|
||||
break;
|
||||
case SSL_ENABLE_TLS:
|
||||
on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
|
||||
break;
|
||||
case SSL_ENABLE_SSL3:
|
||||
on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
|
||||
break;
|
||||
+ case SSL_ENABLE_SSL2:
|
||||
+ case SSL_V2_COMPATIBLE_HELLO:
|
||||
+ on = PR_FALSE;
|
||||
+ break;
|
||||
case SSL_NO_CACHE:
|
||||
on = ss->opt.noCache;
|
||||
break;
|
||||
case SSL_ENABLE_FDX:
|
||||
on = ss->opt.fdx;
|
||||
break;
|
||||
case SSL_ROLLBACK_DETECTION:
|
||||
on = ss->opt.detectRollBack;
|
||||
@@ -967,16 +983,20 @@
|
||||
on = ssl_defaults.handshakeAsServer;
|
||||
break;
|
||||
case SSL_ENABLE_TLS:
|
||||
on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
|
||||
break;
|
||||
case SSL_ENABLE_SSL3:
|
||||
on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
|
||||
break;
|
||||
+ case SSL_ENABLE_SSL2:
|
||||
+ case SSL_V2_COMPATIBLE_HELLO:
|
||||
+ on = PR_FALSE;
|
||||
+ break;
|
||||
case SSL_NO_CACHE:
|
||||
on = ssl_defaults.noCache;
|
||||
break;
|
||||
case SSL_ENABLE_FDX:
|
||||
on = ssl_defaults.fdx;
|
||||
break;
|
||||
case SSL_ROLLBACK_DETECTION:
|
||||
on = ssl_defaults.detectRollBack;
|
||||
@@ -1100,16 +1120,28 @@
|
||||
case SSL_ENABLE_TLS:
|
||||
ssl_EnableTLS(&versions_defaults_stream, on);
|
||||
break;
|
||||
|
||||
case SSL_ENABLE_SSL3:
|
||||
ssl_EnableSSL3(&versions_defaults_stream, on);
|
||||
break;
|
||||
|
||||
+ case SSL_ENABLE_SSL2:
|
||||
+ case SSL_V2_COMPATIBLE_HELLO:
|
||||
+ /* We no longer support SSL v2.
|
||||
+ * However, if an old application requests to disable SSL v2,
|
||||
+ * we shouldn't fail.
|
||||
+ */
|
||||
+ if (on) {
|
||||
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
+ return SECFailure;
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
case SSL_NO_CACHE:
|
||||
ssl_defaults.noCache = on;
|
||||
break;
|
||||
|
||||
case SSL_ENABLE_FDX:
|
||||
if (on && ssl_defaults.noLocks) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
diff -up nss/lib/ckfw/manifest.mn.libpem nss/lib/ckfw/manifest.mn
|
||||
--- nss/lib/ckfw/manifest.mn.libpem 2013-05-28 14:43:24.000000000 -0700
|
||||
+++ nss/lib/ckfw/manifest.mn 2013-05-30 22:14:49.247459672 -0700
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
CORE_DEPTH = ../..
|
||||
|
||||
-DIRS = builtins
|
||||
+DIRS = builtins pem
|
||||
|
||||
PRIVATE_EXPORTS = \
|
||||
ck.h \
|
||||
|
|
@ -1,17 +1,15 @@
|
|||
diff -up nss/cmd/Makefile.skipthem nss/cmd/Makefile
|
||||
--- nss/cmd/Makefile.nobltest 2013-05-28 14:43:24.000000000 -0700
|
||||
+++ nss/cmd/Makefile 2013-06-15 11:51:11.669655168 -0700
|
||||
@@ -14,10 +14,10 @@ ifdef BUILD_LIBPKIX_TESTS
|
||||
DIRS += libpkix
|
||||
endif
|
||||
|
||||
-ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
|
||||
+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1)
|
||||
diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile
|
||||
--- ./nss/cmd/Makefile.skipem 2016-06-24 10:10:38.143165159 -0700
|
||||
+++ ./nss/cmd/Makefile 2016-06-24 10:13:08.566457400 -0700
|
||||
@@ -17,7 +17,11 @@ endif
|
||||
ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
|
||||
BLTEST_SRCDIR =
|
||||
-FIPSTEST_SRCDIR =
|
||||
-SHLIBSIGN_SRCDIR =
|
||||
+FIPSTEST_SRCDIR =
|
||||
FIPSTEST_SRCDIR =
|
||||
+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1)
|
||||
+SHLIBSIGN_SRCDIR = shlibsign
|
||||
+else
|
||||
SHLIBSIGN_SRCDIR =
|
||||
+endif
|
||||
else
|
||||
BLTEST_SRCDIR = bltest
|
||||
FIPSTEST_SRCDIR = fipstest
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
diff -up ./nss/cmd/manifest.mn.skip_ecperf ./nss/cmd/manifest.mn
|
||||
--- ./nss/cmd/manifest.mn.noecperf 2016-06-24 08:04:53.891106841 -0700
|
||||
+++ ./nss/cmd/manifest.mn 2016-06-24 08:06:57.186887403 -0700
|
||||
@@ -42,7 +42,6 @@ NSS_SRCDIRS = \
|
||||
dbtest \
|
||||
derdump \
|
||||
digest \
|
||||
- ecperf \
|
||||
httpserv \
|
||||
listsuites \
|
||||
makepqg \
|
||||
65
nss.spec
65
nss.spec
|
|
@ -1,11 +1,11 @@
|
|||
%global nspr_version 4.12.0
|
||||
%global nss_util_version 3.24.0
|
||||
%global nss_softokn_version 3.24.0
|
||||
%global nss_util_version 3.25.0
|
||||
%global nss_softokn_version 3.25.0
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||
|
||||
# uncomment to make nss ignore the system policy file
|
||||
#%global nss_ignore_system_policy 1
|
||||
%global nss_ignore_system_policy 1
|
||||
|
||||
# solution taken from icedtea-web.spec
|
||||
%define multilib_arches %{power64} sparc64 x86_64 mips64 mips64el
|
||||
|
|
@ -21,10 +21,10 @@
|
|||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.24.0
|
||||
Version: 3.25.0
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 2.4%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
|
|
@ -48,6 +48,12 @@ BuildRequires: gawk
|
|||
BuildRequires: psmisc
|
||||
BuildRequires: perl
|
||||
|
||||
# nss-pem used to be bundled with the nss package on Fedora -- make sure that
|
||||
# programs relying on that continue to work until they are fixed to require
|
||||
# nss-pem instead. Once all of them are fixed, the following line can be
|
||||
# removed. See https://bugzilla.redhat.com/1346806 for details.
|
||||
Requires: nss-pem
|
||||
|
||||
%{!?nss_ckbi_suffix:%define full_nss_version %{version}}
|
||||
%{?nss_ckbi_suffix:%define full_nss_version %{version}%{nss_ckbi_suffix}}
|
||||
|
||||
|
|
@ -61,7 +67,6 @@ Source6: blank-cert9.db
|
|||
Source7: blank-key4.db
|
||||
Source8: system-pkcs11.txt
|
||||
Source9: setup-nsssysinit.sh
|
||||
Source12: %{name}-pem-20160308.tar.bz2
|
||||
Source20: nss-config.xml
|
||||
Source21: setup-nsssysinit.xml
|
||||
Source22: pkcs11.txt.xml
|
||||
|
|
@ -73,14 +78,8 @@ Source27: secmod.db.xml
|
|||
|
||||
Patch2: add-relro-linker-option.patch
|
||||
Patch3: renegotiate-transitional.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=402712
|
||||
Patch6: nss-enable-pem.patch
|
||||
# Below reference applies to most pem module related patches
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
|
||||
Patch16: nss-539183.patch
|
||||
# must statically link pem against the freebl in the buildroot
|
||||
# Needed only when freebl on tree has new APIS
|
||||
Patch25: nsspem-use-system-freebl.patch
|
||||
# TODO: Remove this patch when the ocsp test are fixed
|
||||
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
|
||||
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
|
||||
|
|
@ -98,9 +97,6 @@ Patch50: iquote.patch
|
|||
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
||||
Patch59: nss-check-policy-file.patch
|
||||
Patch60: nss-pem-unitialized-vars.path
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1277569
|
||||
Patch61: mozbz1277569backport.patch
|
||||
# TODO: file a bug usptream
|
||||
# Upstream commit that caused problems with gtests
|
||||
# https://git.fedorahosted.org/cgit/nss-pem.git/commit/
|
||||
|
|
@ -111,6 +107,8 @@ Patch63: tests-check-policy-file.patch
|
|||
Patch64: nss-conditionally-ignore-system-policy.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
||||
Patch65: tests-data-adjust-for-policy.patch
|
||||
# TODO: file a bug upstream
|
||||
Patch70: nss-skip-ecperf.patch
|
||||
|
||||
|
||||
%description
|
||||
|
|
@ -182,14 +180,11 @@ low level services.
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
%setup -q -T -D -n %{name}-%{version} -a 12
|
||||
%setup -q -T -D -n %{name}-%{version}
|
||||
|
||||
%patch2 -p0 -b .relro
|
||||
%patch3 -p0 -b .transitional
|
||||
%patch6 -p0 -b .libpem
|
||||
%patch16 -p0 -b .539183
|
||||
# link pem against buildroot's freebl, essential when mixing and matching
|
||||
%patch25 -p0 -b .systemfreebl
|
||||
%patch40 -p0 -b .noocsptest
|
||||
%patch47 -p0 -b .templates
|
||||
%patch49 -p0 -b .skipthem
|
||||
|
|
@ -197,12 +192,12 @@ low level services.
|
|||
%patch58 -p0 -b .1185708_3des
|
||||
pushd nss
|
||||
%patch59 -p1 -b .check_policy_file
|
||||
%patch60 -p1 -b .unitialized_vars
|
||||
%patch61 -p1 -b .compatibility
|
||||
%patch62 -p0 -b .skip_util_gtest
|
||||
#%patch62 -p0 -b .skip_util_gtest
|
||||
%patch63 -p1 -b .check_policy
|
||||
%patch64 -p0 -b .ignore_system_policy
|
||||
popd
|
||||
# temporary
|
||||
%patch70 -p0 -b .skip_ecperf
|
||||
|
||||
#########################################################
|
||||
# Higher-level libraries and test tools need access to
|
||||
|
|
@ -210,15 +205,13 @@ popd
|
|||
# until fixed upstream we must copy some headers locally
|
||||
#########################################################
|
||||
|
||||
pemNeedsFromSoftoken="lowkeyi lowkeyti softoken softoknt"
|
||||
for file in ${pemNeedsFromSoftoken}; do
|
||||
%{__cp} ./nss/lib/softoken/${file}.h ./nss/lib/ckfw/pem/
|
||||
done
|
||||
|
||||
# Copying these header until the upstream bug is accepted
|
||||
# Copying these headers until the upstream bug is accepted
|
||||
# Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207
|
||||
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
|
||||
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
|
||||
# TODO: similar problem as descrived above
|
||||
# ./nss/lib/freebl/ec.h, ./nss/lib/freebl/ecl/ecl-curve.h
|
||||
# the last one requires that NSS_ECC_MORE_THAN_SUITE_B not be defined
|
||||
|
||||
# Before removing util directory we must save verref.h
|
||||
# as it will be needed later during the build phase.
|
||||
|
|
@ -241,6 +234,8 @@ done
|
|||
|
||||
%build
|
||||
|
||||
# TODO: remove this when we solve the problems
|
||||
export NSS_DISABLE_GTESTS=1
|
||||
|
||||
NSS_NO_PKCS11_BYPASS=1
|
||||
export NSS_NO_PKCS11_BYPASS
|
||||
|
|
@ -484,8 +479,10 @@ pushd ./nss/tests/
|
|||
|
||||
# don't need to run all the tests when testing packaging
|
||||
# nss_cycles: standard pkix upgradedb sharedb
|
||||
# the full list from all.sh is:
|
||||
# "cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
|
||||
# TODO: Add ssl_gtests when we rebase to nss-3.25
|
||||
%define nss_tests "libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains pk11_gtests der_gtests"
|
||||
%define nss_tests "libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
|
||||
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
|
||||
# nss_ssl_run: cov auth stress
|
||||
#
|
||||
|
|
@ -565,7 +562,7 @@ touch $RPM_BUILD_ROOT%{_libdir}/libnssckbi.so
|
|||
%{__install} -p -m 755 dist/*.OBJ/lib/libnssckbi.so $RPM_BUILD_ROOT/%{_libdir}/nss/libnssckbi.so
|
||||
|
||||
# Copy the binary libraries we want
|
||||
for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so
|
||||
for file in libnss3.so libnsssysinit.so libsmime3.so libssl3.so
|
||||
do
|
||||
%{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||
done
|
||||
|
|
@ -691,7 +688,6 @@ fi
|
|||
%{_libdir}/libsmime3.so
|
||||
%ghost %{_libdir}/libnssckbi.so
|
||||
%{_libdir}/nss/libnssckbi.so
|
||||
%{_libdir}/libnsspem.so
|
||||
%dir %{_sysconfdir}/pki/nssdb
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert8.db
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key3.db
|
||||
|
|
@ -787,7 +783,6 @@ fi
|
|||
%{_includedir}/nss3/keythi.h
|
||||
%{_includedir}/nss3/nss.h
|
||||
%{_includedir}/nss3/nssckbi.h
|
||||
%{_includedir}/nss3/nsspem.h
|
||||
%{_includedir}/nss3/ocsp.h
|
||||
%{_includedir}/nss3/ocspt.h
|
||||
%{_includedir}/nss3/p12.h
|
||||
|
|
@ -832,6 +827,12 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Jun 24 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-2
|
||||
- Rebase to nss 3.25
|
||||
|
||||
* Thu Jun 16 2016 Kamil Dudka <kdudka@redhat.com> - 3.24.0-3
|
||||
- decouple nss-pem from the nss package (#1347336)
|
||||
|
||||
* Mon Jun 13 2016 Elio Maldonado <emaldona@redhat.com> - 3.24.0-2.4
|
||||
- Add support for conditionally ignoring the system policy
|
||||
|
||||
|
|
|
|||
|
|
@ -1,80 +0,0 @@
|
|||
diff -up nss/lib/ckfw/pem/config.mk.systemfreebl nss/lib/ckfw/pem/config.mk
|
||||
--- nss/lib/ckfw/pem/config.mk.systemfreebl 2012-08-11 09:06:59.000000000 -0700
|
||||
+++ nss/lib/ckfw/pem/config.mk 2013-04-04 16:02:33.805744145 -0700
|
||||
@@ -41,6 +41,11 @@ CONFIG_CVS_ID = "@(#) $RCSfile: config.m
|
||||
# are specifed as dependencies within rules.mk.
|
||||
#
|
||||
|
||||
+
|
||||
+EXTRA_LIBS += \
|
||||
+ $(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
|
||||
+ $(NULL)
|
||||
+
|
||||
TARGETS = $(SHARED_LIBRARY)
|
||||
LIBRARY =
|
||||
IMPORT_LIBRARY =
|
||||
@@ -69,3 +74,22 @@ ifeq ($(OS_TARGET),SunOS)
|
||||
MKSHLIB += -R '$$ORIGIN'
|
||||
endif
|
||||
|
||||
+# If a platform has a system nssutil, set USE_SYSTEM_NSSUTIL to 1 and
|
||||
+# NSSUTIL_LIBS to the linker command-line arguments for the system nssutil
|
||||
+# (for example, -lnssutil3 on fedora) in the platform's config file in coreconf.
|
||||
+ifdef USE_SYSTEM_NSSUTIL
|
||||
+OS_LIBS += $(NSSUTIL_LIBS)
|
||||
+else
|
||||
+NSSUTIL_LIBS = $(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX)
|
||||
+EXTRA_LIBS += $(NSSUTIL_LIBS)
|
||||
+endif
|
||||
+# If a platform has a system freebl, set USE_SYSTEM_FREEBL to 1 and
|
||||
+# FREEBL_LIBS to the linker command-line arguments for the system nssutil
|
||||
+# (for example, -lfreebl3 on fedora) in the platform's config file in coreconf.
|
||||
+ifdef USE_SYSTEM_FREEBL
|
||||
+OS_LIBS += $(FREEBL_LIBS)
|
||||
+else
|
||||
+FREEBL_LIBS = $(DIST)/lib/$(LIB_PREFIX)freebl3.$(LIB_SUFFIX)
|
||||
+EXTRA_LIBS += $(FREEBL_LIBS)
|
||||
+endif
|
||||
+
|
||||
diff -up nss/lib/ckfw/pem/Makefile.systemfreebl nss/lib/ckfw/pem/Makefile
|
||||
--- nss/lib/ckfw/pem/Makefile.systemfreebl 2012-08-11 09:06:59.000000000 -0700
|
||||
+++ nss/lib/ckfw/pem/Makefile 2013-04-04 16:02:33.806744154 -0700
|
||||
@@ -43,8 +43,7 @@ include config.mk
|
||||
EXTRA_LIBS = \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
|
||||
- $(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
|
||||
- $(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
|
||||
+ $(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
|
||||
$(NULL)
|
||||
|
||||
# can't do this in manifest.mn because OS_TARGET isn't defined there.
|
||||
@@ -56,6 +55,9 @@ EXTRA_LIBS += \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
+ -L$(NSSUTIL_LIB_DIR) \
|
||||
+ -lnssutil3 \
|
||||
+ -lfreebl3
|
||||
$(NULL)
|
||||
else
|
||||
EXTRA_SHARED_LIBS += \
|
||||
@@ -74,6 +76,9 @@ EXTRA_LIBS += \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
+ -L$(NSSUTIL_LIB_DIR) \
|
||||
+ -lnssutil3 \
|
||||
+ -lfreebl3 \
|
||||
$(NULL)
|
||||
endif
|
||||
|
||||
diff -up nss/lib/ckfw/pem/manifest.mn.systemfreebl nss/lib/ckfw/pem/manifest.mn
|
||||
--- nss/lib/ckfw/pem/manifest.mn.systemfreebl 2012-08-11 09:06:59.000000000 -0700
|
||||
+++ nss/lib/ckfw/pem/manifest.mn 2013-04-04 16:02:33.807744163 -0700
|
||||
@@ -65,4 +65,4 @@ REQUIRES = nspr
|
||||
|
||||
LIBRARY_NAME = nsspem
|
||||
|
||||
-#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4
|
||||
+EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4 -L$(NSS_LIB_DIR) -lnssutil3 -lfreebl3 -lsoftokn3
|
||||
|
|
@ -1,12 +1,12 @@
|
|||
diff -up ./nss/lib/ssl/sslsock.c.transitional ./nss/lib/ssl/sslsock.c
|
||||
--- ./nss/lib/ssl/sslsock.c.transitional 2016-03-05 08:54:13.871412639 -0800
|
||||
+++ ./nss/lib/ssl/sslsock.c 2016-03-05 09:00:27.721889811 -0800
|
||||
@@ -77,7 +77,7 @@ static sslOptions ssl_defaults = {
|
||||
PR_FALSE, /* noLocks */
|
||||
PR_FALSE, /* enableSessionTickets */
|
||||
PR_FALSE, /* enableDeflate */
|
||||
- 2, /* enableRenegotiation (default: requires extension) */
|
||||
+ 3, /* enableRenegotiation (default: transitional) */
|
||||
PR_FALSE, /* requireSafeNegotiation */
|
||||
PR_FALSE, /* enableFalseStart */
|
||||
PR_TRUE, /* cbcRandomIV */
|
||||
--- ./nss/lib/ssl/sslsock.c.transitional 2016-06-23 21:03:16.316480089 -0400
|
||||
+++ ./nss/lib/ssl/sslsock.c 2016-06-23 21:08:07.290202477 -0400
|
||||
@@ -72,7 +72,7 @@ static sslOptions ssl_defaults = {
|
||||
PR_FALSE, /* noLocks */
|
||||
PR_FALSE, /* enableSessionTickets */
|
||||
PR_FALSE, /* enableDeflate */
|
||||
- 2, /* enableRenegotiation (default: requires extension) */
|
||||
+ 3, /* enableRenegotiation (default: transitional) */
|
||||
PR_FALSE, /* requireSafeNegotiation */
|
||||
PR_FALSE, /* enableFalseStart */
|
||||
PR_TRUE, /* cbcRandomIV */
|
||||
|
|
|
|||
|
|
@ -1,14 +1,23 @@
|
|||
diff -up ./nss/lib/ssl/ssl3con.c.1185708_3des ./nss/lib/ssl/ssl3con.c
|
||||
--- ./nss/lib/ssl/ssl3con.c.1185708_3des 2015-09-29 16:24:18.717593591 -0700
|
||||
+++ ./nss/lib/ssl/ssl3con.c 2015-09-29 16:25:22.672879926 -0700
|
||||
@@ -101,8 +101,8 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
||||
--- ./nss/lib/ssl/ssl3con.c.1185708_3des 2016-06-23 21:10:09.765992512 -0400
|
||||
+++ ./nss/lib/ssl/ssl3con.c 2016-06-23 22:58:39.121398601 -0400
|
||||
@@ -118,18 +118,18 @@
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
|
|
|
|||
3
sources
3
sources
|
|
@ -3,5 +3,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
|||
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
||||
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||
4d8e770b105483e365f3327d883dd229 nss-pem-20160308.tar.bz2
|
||||
2a3ffd2f46b60ecc116ac086343a537a nss-3.24.0.tar.gz
|
||||
950263d15d1f055605bfb6e634a1a019 nss-3.25.0.tar.gz
|
||||
|
|
|
|||
Loading…
Reference in New Issue