rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Test build for update to nss-3.16.1

This commit is contained in:
Elio Maldonado 2014-04-26 14:33:24 -07:00
parent 37a942df5c
commit fef95b4814
13 changed files with 1004 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -9,3 +9,5 @@ TestUser50.cert
TestUser51.cert
/nss-pem-20140125.tar.bz2
/nss-3.16.0.tar.gz
/nss-3.16.1.tar.gz
/nss-pem-20140425.tar.bz2

75
Bug-1001841-disable-sslv2-libssl.patch Normal file
View File

@ -0,0 +1,75 @@
diff -up ./nss/lib/ssl/config.mk.disableSSL2 ./nss/lib/ssl/config.mk
--- ./nss/lib/ssl/config.mk.disableSSL2 2013-09-25 06:57:55.000000000 -0700
+++ ./nss/lib/ssl/config.mk 2013-11-05 16:09:47.459727948 -0800
@@ -7,6 +7,10 @@ ifdef NISCC_TEST
DEFINES += -DNISCC_TEST
endif
+ifdef NSS_NO_SSL2
+DEFINES += -DNSS_NO_SSL2
+endif
+
ifdef NSS_NO_PKCS11_BYPASS
DEFINES += -DNO_PKCS11_BYPASS
else
diff -up ./nss/lib/ssl/sslsock.c.disableSSL2 ./nss/lib/ssl/sslsock.c
--- ./nss/lib/ssl/sslsock.c.disableSSL2 2013-11-05 16:09:47.419727310 -0800
+++ ./nss/lib/ssl/sslsock.c 2013-11-05 16:09:47.461727980 -0800
@@ -639,6 +639,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break;
case SSL_ENABLE_SSL2:
+#ifdef NSS_NO_SSL2
+ if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ }
+ break;
+ ss->opt.enableSSL2 = on;
+#else
if (IS_DTLS(ss)) {
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -650,6 +658,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
if (on) {
ss->opt.v2CompatibleHello = on;
}
+#endif
ss->preferredCipher = NULL;
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
@@ -671,6 +680,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break;
case SSL_V2_COMPATIBLE_HELLO:
+#ifdef NSS_NO_SSL2
+ if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ break;
+ }
+#else
if (IS_DTLS(ss)) {
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -678,6 +694,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
}
break;
}
+#endif
ss->opt.v2CompatibleHello = on;
if (!on) {
ss->opt.enableSSL2 = on;
@@ -1112,7 +1129,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
if (ssl_IsRemovedCipherSuite(which)) {
rv = SECSuccess;
} else if (SSL_IS_SSL2_CIPHER(which)) {
+#ifdef NSS_NO_SSL2
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+#else
rv = ssl2_SetPolicy(which, policy);
+#endif
} else {
rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
}

13
Bug-1001841-disable-sslv2-tests.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up ./nss/tests/ssl/ssl.sh.disableSSL2 ./nss/tests/ssl/ssl.sh
--- ./nss/tests/ssl/ssl.sh.disableSSL2 2013-09-25 06:57:55.000000000 -0700
+++ ./nss/tests/ssl/ssl.sh 2013-11-03 16:43:48.905914207 -0800
@@ -278,6 +278,9 @@ ssl_cov()
echo "${testname}" | grep "SSL2" > /dev/null
SSL2=$?
+ # skip export and ssl2 tests when build has disabled SSL2
+ if [ "${NSS_NO_SSL2}" = 1 ] && [ -n ${EXP} -o -n ${SSL2} ] && continue
+
if [ "${SSL2}" -eq 0 ] ; then
# We cannot use asynchronous cert verification with SSL2
SSL2_FLAGS=-O

123
dont-hold-issuer-cert-handles-in-crl-cache.patch Normal file
View File

@ -0,0 +1,123 @@
diff -up ./nss/lib/certdb/certi.h.1034409 ./nss/lib/certdb/certi.h
--- ./nss/lib/certdb/certi.h.1034409 2014-01-03 11:59:10.000000000 -0800
+++ ./nss/lib/certdb/certi.h 2014-02-20 08:46:10.345136599 -0800
@@ -116,11 +116,16 @@ struct CRLDPCacheStr {
#else
PRLock* lock;
#endif
- CERTCertificate* issuer; /* issuer cert
- XXX there may be multiple issuer certs,
- with different validity dates. Also
- need to deal with SKID/AKID . See
- bugzilla 217387, 233118 */
+ SECItem *issuerDERCert; /* issuer DER cert. Don't hold a reference
+ to the actual cert so the trust can be
+ updated on the cert automatically.
+ XXX there may be multiple issuer certs,
+ with different validity dates. Also
+ need to deal with SKID/AKID . See
+ bugzilla 217387, 233118 */
+
+ CERTCertDBHandle *dbHandle;
+
SECItem* subject; /* DER of issuer subject */
SECItem* distributionPoint; /* DER of distribution point. This may be
NULL when distribution points aren't
@@ -172,7 +177,7 @@ struct CRLIssuerCacheStr {
NSSRWLock* lock;
CRLDPCache** dps;
PLHashTable* distributionpoints;
- CERTCertificate* issuer;
+ CERTCertificate* issuer; /* This should be the DER Cert, not a cert handle */
#endif
};
diff -up ./nss/lib/certdb/crl.c.1034409 ./nss/lib/certdb/crl.c
--- ./nss/lib/certdb/crl.c.1034409 2014-01-03 11:59:10.000000000 -0800
+++ ./nss/lib/certdb/crl.c 2014-02-20 08:49:30.835466687 -0800
@@ -1123,9 +1123,9 @@ static SECStatus DPCache_Destroy(CRLDPCa
PORT_Free(cache->crls);
}
/* destroy the cert */
- if (cache->issuer)
+ if (cache->issuerDERCert)
{
- CERT_DestroyCertificate(cache->issuer);
+ SECITEM_FreeItem(cache->issuerDERCert, PR_TRUE);
}
/* free the subject */
if (cache->subject)
@@ -1571,14 +1571,20 @@ static SECStatus CachedCrl_Verify(CRLDPC
else
{
SECStatus signstatus = SECFailure;
- if (cache->issuer)
+ if (cache->issuerDERCert)
{
- signstatus = CERT_VerifyCRL(crlobject->crl, cache->issuer, vfdate,
+ CERTCertificate *issuer = CERT_NewTempCertificate(cache->dbHandle,
+ cache->issuerDERCert, NULL, PR_FALSE, PR_TRUE);
+
+ if (issuer) {
+ signstatus = CERT_VerifyCRL(crlobject->crl, issuer, vfdate,
wincx);
+ CERT_DestroyCertificate(issuer);
+ }
}
if (SECSuccess != signstatus)
{
- if (!cache->issuer)
+ if (!cache->issuerDERCert)
{
/* we tried to verify without an issuer cert . This is
because this CRL came through a call to SEC_FindCrlByName.
@@ -1925,15 +1931,16 @@ static SECStatus DPCache_GetUpToDate(CRL
}
/* add issuer certificate if it was previously unavailable */
- if (issuer && (NULL == cache->issuer) &&
+ if (issuer && (NULL == cache->issuerDERCert) &&
(SECSuccess == CERT_CheckCertUsage(issuer, KU_CRL_SIGN)))
{
/* if we didn't have a valid issuer cert yet, but we do now. add it */
DPCache_LockWrite();
- if (!cache->issuer)
+ if (!cache->issuerDERCert)
{
dirty = PR_TRUE;
- cache->issuer = CERT_DupCertificate(issuer);
+ cache->dbHandle = issuer->dbhandle;
+ cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);
}
DPCache_UnlockWrite();
}
@@ -1944,7 +1951,7 @@ static SECStatus DPCache_GetUpToDate(CRL
SEC_FindCrlByName, or through manual insertion, rather than through a
certificate verification (CERT_CheckCRL) */
- if (cache->issuer && vfdate )
+ if (cache->issuerDERCert && vfdate )
{
mustunlock = PR_FALSE;
/* re-process all unverified CRLs */
@@ -2201,7 +2208,8 @@ static SECStatus DPCache_Create(CRLDPCac
}
if (issuer)
{
- cache->issuer = CERT_DupCertificate(issuer);
+ cache->dbHandle = issuer->dbhandle;
+ cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);
}
cache->distributionPoint = SECITEM_DupItem(dp);
cache->subject = SECITEM_DupItem(subject);
diff -up ./nss/tests/chains/chains.sh.1034409 ./nss/tests/chains/chains.sh
--- ./nss/tests/chains/chains.sh.1034409 2014-02-20 08:16:34.867686934 -0800
+++ ./nss/tests/chains/chains.sh 2014-02-20 08:34:35.149603340 -0800
@@ -974,6 +974,7 @@ check_ocsp()
OCSP_HOST=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//")
OCSP_PORT=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/^.*:.*:\/\/.*:\([0-9]*\).*$/\1/")
+ echo "Cert = ${CERT_NICK}.cert"
echo "tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20"
tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20
return $?

78
enable-fips-when-system-is-in-fips-mode.patch Normal file
View File

@ -0,0 +1,78 @@
diff -up nss/lib/pk11wrap/pk11pars.c.fips nss/lib/pk11wrap/pk11pars.c
--- nss/lib/pk11wrap/pk11pars.c.fips 2013-05-28 14:43:24.000000000 -0700
+++ nss/lib/pk11wrap/pk11pars.c 2013-07-10 18:54:16.733465910 -0700
@@ -150,6 +150,10 @@ SECMOD_CreateModule(const char *library,
}
mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc);
mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc);
+ /* if the system FIPS mode is enabled, force FIPS to be on */
+ if (SECMOD_GetSystemFIPSEnabled()) {
+ mod->isFIPS = PR_TRUE;
+ }
mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc);
slotParams = NSSUTIL_ArgGetParamValue("slotParams",nssc);
mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena,slotParams,
diff -up nss/lib/pk11wrap/pk11util.c.fips nss/lib/pk11wrap/pk11util.c
--- nss/lib/pk11wrap/pk11util.c.fips 2013-05-28 14:43:24.000000000 -0700
+++ nss/lib/pk11wrap/pk11util.c 2013-07-10 18:54:16.734465927 -0700
@@ -95,6 +95,25 @@ SECMOD_Shutdown()
return SECSuccess;
}
+int SECMOD_GetSystemFIPSEnabled(void) {
+#ifdef LINUX
+ FILE *f;
+ char d;
+ size_t size;
+
+ f = fopen("/proc/sys/crypto/fips_enabled", "r");
+ if (!f)
+ return 0;
+
+ size = fread(&d, 1, 1, f);
+ fclose(f);
+ if (size != 1)
+ return 0;
+ if (d == '1')
+ return 1;
+#endif
+ return 0;
+}
/*
* retrieve the internal module
@@ -417,7 +436,7 @@ SECMOD_DeleteInternalModule(const char *
SECMODModuleList **mlpp;
SECStatus rv = SECFailure;
- if (pendingModule) {
+ if (SECMOD_GetSystemFIPSEnabled() || pendingModule) {
PORT_SetError(SEC_ERROR_MODULE_STUCK);
return rv;
}
@@ -888,7 +907,7 @@ SECMOD_DestroyModuleList(SECMODModuleLis
PRBool
SECMOD_CanDeleteInternalModule(void)
{
- return (PRBool) (pendingModule == NULL);
+ return (PRBool) ((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled());
}
/*
diff -up nss/lib/pk11wrap/secmodi.h.fips nss/lib/pk11wrap/secmodi.h
--- nss/lib/pk11wrap/secmodi.h.fips 2013-07-10 18:55:06.358298154 -0700
+++ nss/lib/pk11wrap/secmodi.h 2013-07-10 18:56:52.050069372 -0700
@@ -116,7 +116,12 @@ PK11SymKey *pk11_TokenKeyGenWithFlagsAnd
CK_MECHANISM_TYPE pk11_GetPBECryptoMechanism(SECAlgorithmID *algid,
SECItem **param, SECItem *pwd, PRBool faulty3DES);
-
+/* Get the state of the system FIPS mode */
+/* NSS uses this to force FIPS mode if the system bit is on. Applications which
+ * use the SECMOD_CanDeleteInteral() to check to see if they can switch to or
+ * from FIPS mode will automatically be told that they can't swith out of FIPS
+ * mode */
+int SECMOD_GetSystemFIPSEnabled();
extern void pk11sdr_Init(void);
extern void pk11sdr_Shutdown(void);

42
nss-softokn-allow-level1.patch Normal file
View File

@ -0,0 +1,42 @@
diff -up ./nss/lib/softoken/fipstokn.c.allow_level1 ./nss/lib/softoken/fipstokn.c
--- ./nss/lib/softoken/fipstokn.c.allow_level1 2013-10-11 11:47:31.265670032 -0700
+++ ./nss/lib/softoken/fipstokn.c 2013-10-11 11:58:12.730655827 -0700
@@ -97,6 +97,7 @@ libaudit_init(void)
* ******************** Password Utilities *******************************
*/
static PRBool isLoggedIn = PR_FALSE;
+static PRBool isLevel2 = PR_TRUE;
PRBool sftk_fatalError = PR_FALSE;
/*
@@ -197,7 +198,7 @@ static CK_RV sftk_newPinCheck(CK_CHAR_PT
static CK_RV sftk_fipsCheck(void) {
if (sftk_fatalError)
return CKR_DEVICE_ERROR;
- if (!isLoggedIn)
+ if (isLevel2 && !isLoggedIn)
return CKR_USER_NOT_LOGGED_IN;
return CKR_OK;
}
@@ -498,6 +499,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserve
return crv;
}
nsf_init = PR_TRUE;
+ isLevel2 = PR_TRUE; /* assume level 2 unless we learn otherwise */
return CKR_OK;
}
@@ -552,8 +554,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID,
CHECK_FORK();
crv = NSC_GetTokenInfo(slotID,pInfo);
- if (crv == CKR_OK)
- pInfo->flags |= CKF_LOGIN_REQUIRED;
+ if (crv == CKR_OK) {
+ if ((pInfo->flags & CKF_LOGIN_REQUIRED) == 0) {
+ isLevel2 = PR_FALSE;
+ }
+ }
return crv;
}

116
nss-softokn-config.in Normal file
View File

@ -0,0 +1,116 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
softokn3 - Requires full dynamic linking
freebl3 - for internal use only (and glibc for self-integrity check)
nssdbm3 - for internal use only
Dymamically linked
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss-softokn`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss-softokn`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
echo $libdirs
fi

11
nss-softokn.pc.in Normal file
View File

@ -0,0 +1,11 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS-SOFTOKN
Description: Network Security Services Softoken PKCS #11 Module
Version: %SOFTOKEN_VERSION%
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3
Cflags: -I${includedir}

118
nss-util-config.in Normal file
View File

@ -0,0 +1,118 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-util-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
nssutil
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
lib_nssutil=yes
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss-util`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss-util`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss-util`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
if test -n "$lib_nssutil"; then
libdirs="$libdirs -lnssutil${major_version}"
fi
echo $libdirs
fi

11
nss-util.pc.in Normal file
View File

@ -0,0 +1,11 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS-UTIL
Description: Network Security Services Utility Library
Version: %NSSUTIL_VERSION%
Requires: nspr >= %NSPR_VERSION%
Libs: -L${libdir} -lnssutil3
Cflags: -I${includedir}

437
nss.spec
View File

@ -1,9 +1,12 @@
%global nspr_version 4.10.4
%global nss_util_version 3.16.0
%global nss_softokn_version 3.16.0
%global nspr_version 4.10.5
%global nss_util_version 3.16.1
%global nss_softokn_version 3.16.1
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
%global saved_files_dir %{_libdir}/nss/saved
# solution taken from icedtea-web.spec
%define multilib_arches ppc64 sparc64 x86_64 ppc64le
%ifarch %{multilib_arches}
@ -12,14 +15,33 @@
%define alt_ckbi libnssckbi.so
%endif
# Produce .chk files for the final stripped binaries
#
# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links
# against the freebl that we just built. This is necessary
# because the signing algorithm changed on 3.14 to DSA2 with SHA256
# whereas we previously signed with DSA and SHA1. We must Keep this line
# until all mock platforms have been updated.
# After %%{__os_install_post} we would add
# export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%%{_libdir}
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
%{nil}
# Define if using a source archive like "nss-version.with.ckbi.version".
# To "disable", add "#" to start of line, AND a space after "%".
#% define nss_ckbi_suffix .with.ckbi.1.93
Summary: Network Security Services
Name: nss
Version: 3.16.0
Release: 1%{?dist}
Version: 3.16.1
Release: 0.20140425.0%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@ -34,8 +56,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nspr-devel >= %{nspr_version}
# TODO: revert to same version as nss once we are done with the merge
# Using '>=' but on RHEL the requires should be '='
BuildRequires: nss-softokn-devel >= %{nss_softokn_version}
BuildRequires: nss-util-devel >= %{nss_util_version}
BuildRequires: sqlite-devel
BuildRequires: zlib-devel
BuildRequires: pkgconfig
@ -57,7 +77,7 @@ Source7: blank-key4.db
Source8: system-pkcs11.txt
Source9: setup-nsssysinit.sh
Source10: PayPalEE.cert
Source12: %{name}-pem-20140125.tar.bz2
Source12: %{name}-pem-20140425.tar.bz2
Source17: TestCA.ca.cert
Source18: TestUser50.cert
Source19: TestUser51.cert
@ -77,7 +97,6 @@ Patch16: nss-539183.patch
Patch18: nss-646045.patch
# must statically link pem against the freebl in the buildroot
# Needed only when freebl on tree has new APIS
Patch25: nsspem-use-system-freebl.patch
# TODO: Remove this patch when the ocsp test are fixed
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
@ -92,7 +111,34 @@ Patch49: nss-skip-bltest-and-fipstest.patch
# to be searched for for header files. This ensures a build even when system
# headers are older. Such is the case when starting an update with API changes or even private export changes.
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
Patch50: iquote.patch
Patch55: enable-fips-when-system-is-in-fips-mode.patch
# rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677
Patch56: p-ignore-setpolicy.patch
#Patch61: nss-ecc-list-3.15.3.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=921684
Patch62: dont-hold-issuer-cert-handles-in-crl-cache.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=977673
#Patch63: dont-disable-internal-module.patch
#Source100: %{name}-%{version}.tar.gz
#Source101: nss-split-util.sh
Source102: nss-util.pc.in
Source103: nss-util-config.in
#Patch103: nss-util-ecc-list-3.15.3.patch
#Source200: %{name}-%{version}.tar.gz
#Source201: nss-split-softokn.sh
Source202: nss-softokn.pc.in
Source203: nss-softokn-config.in
Patch211: nss-softokn-allow-level1.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@ -101,6 +147,93 @@ server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.
%package util
Summary: Network Security Services Utilities Library
Group: System Environment/Libraries
Requires: nspr >= %{nspr_version}
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nspr-devel >= %{nspr_version}
BuildRequires: zlib-devel
BuildRequires: pkgconfig
BuildRequires: gawk
BuildRequires: psmisc
BuildRequires: perl
%description util
Utilities for Network Security Services and the Softoken module
# We shouln't need to have a devel subpackage as util will be used in the
# context of nss or nss-softoken. keeping to please rpmlint.
#
%package util-devel
Summary: Development libraries for Network Security Services Utilities
Group: Development/Libraries
Requires: nss-util = %{version}-%{release}
Requires: nspr-devel >= %{nspr_version}
Requires: pkgconfig
%description util-devel
Header and library files for doing development with Network Security Services.
%package softokn
Summary: Network Security Services Softoken Module
Group: System Environment/Libraries
Requires: nspr >= %{nspr_version}
Requires: nss-util >= %{nss_util_version}
Requires: nss-softokn-freebl%{_isa} >= %{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nspr-devel >= %{nspr_version}
BuildRequires: sqlite-devel
BuildRequires: zlib-devel
BuildRequires: pkgconfig
BuildRequires: gawk
BuildRequires: psmisc
BuildRequires: perl
%description softokn
Network Security Services Softoken Cryptographic Module
%package softokn-freebl
Summary: Freebl library for the Network Security Services
Group: System Environment/Base
Conflicts: nss < 3.12.2.99.3-5
Conflicts: prelink < 0.4.3
Conflicts: filesystem < 3
%description softokn-freebl
NSS Softoken Cryptographic Module Freelb Library
Install the nss-softokn-freebl package if you need the freebl
library.
%package softokn-freebl-devel
Summary: Header and Library files for doing development with the Freebl library for NSS
Group: System Environment/Base
Provides: nss-softokn-freebl-static = %{version}-%{release}
Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release}
%description softokn-freebl-devel
NSS Softoken Cryptographic Module Freelb Library Development Tools
This package supports special needs of some PKCS #11 module developers and
is otherwise considered private to NSS. As such, the programming interfaces
may change and the usual NSS binary compatibility commitments do not apply.
Developers should rely only on the officially supported NSS public API.
%package softokn-devel
Summary: Development libraries for Network Security Services
Group: Development/Libraries
Requires: nss-softokn%{?_isa} = %{version}-%{release}
Requires: nss-softokn-freebl-devel%{?_isa} = %{version}-%{release}
Requires: nspr-devel >= %{nspr_version}
Requires: nss-util-devel >= %{nss_util_version}
Requires: pkgconfig
BuildRequires: nspr-devel >= %{nspr_version}
%description softokn-devel
Header and library files for doing development with Network Security Services.
%package tools
Summary: Tools for the Network Security Services
Group: System Environment/Base
@ -145,7 +278,6 @@ BuildRequires: xmlto
%description devel
Header and Library files for doing development with Network Security Services.
%package pkcs11-devel
Summary: Development libraries for PKCS #11 (Cryptoki) using NSS
Group: Development/Libraries
@ -175,12 +307,22 @@ low level services.
%patch16 -p0 -b .539183
%patch18 -p0 -b .646045
# link pem against buildroot's freebl, essential when mixing and matching
%patch25 -p0 -b .systemfreebl
%patch40 -p0 -b .noocsptest
%patch47 -p0 -b .templates
%patch48 -p0 -b .crypto
%patch49 -p0 -b .skipthem
%patch50 -p0 -b .iquote
%patch55 -p0 -b .852023
pushd nss
%patch56 -p1 -b .1026677
popd
#%patch61 -p0 -b .ecc-lists
%patch62 -p0 -b .1034409
#%patch63 -p0 -b .1056036
#%patch103 -p0 -b .ecc_list
%patch211 -p0 -b .allow_level1
#########################################################
# Higher-level libraries and test tools need access to
@ -201,6 +343,22 @@ done
%build
# partial RELRO support as a security enhancement
LDFLAGS+=-Wl,-z,relro
export LDFLAGS
# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
# copied to dist and the rpm install phase can find it
# This due of the upstream changes to fix
# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
FREEBL_LOWHASH=1
export FREEBL_LOWHASH
#FREEBL_USE_PRELINK=1
#export FREEBL_USE_PRELINK
export NSS_NO_SSL2=1
NSS_NO_PKCS11_BYPASS=1
export NSS_NO_PKCS11_BYPASS
@ -231,25 +389,19 @@ NSPR_LIB_DIR=%{_libdir}
export NSPR_INCLUDE_DIR
export NSPR_LIB_DIR
export NSSUTIL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
export NSSUTIL_LIB_DIR=%{_libdir}
#export NSSUTIL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
#export NSSUTIL_LIB_DIR=%{_libdir}
#export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
#export FREEBL_LIB_DIR=%{_libdir}
export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
export FREEBL_LIB_DIR=%{_libdir}
export USE_SYSTEM_FREEBL=1
export FREEBL_LIB_DIR=$RPM_BUILD_ROOT/%{_libdir}
#export USE_SYSTEM_FREEBL=1
# FIXME choose one or the other style and submit a patch upstream
# wtc has suggested using NSS_USE_SYSTEM_FREEBL
export NSS_USE_SYSTEM_FREEBL=1
export FREEBL_LIBS=`/usr/bin/pkg-config --libs nss-softokn`
export SOFTOKEN_LIB_DIR=%{_libdir}
# use the system ones
export USE_SYSTEM_NSSUTIL=1
export USE_SYSTEM_SOFTOKEN=1
# tell the upstream build system what we are doing
export NSS_BUILD_WITHOUT_SOFTOKEN=1
#export NSS_USE_SYSTEM_FREEBL=1
#export FREEBL_LIBS=`/usr/bin/pkg-config --libs nss-softokn`
#export SOFTOKEN_LIB_DIR=%{_libdir}
NSS_USE_SYSTEM_SQLITE=1
export NSS_USE_SYSTEM_SQLITE
@ -259,30 +411,15 @@ USE_64=1
export USE_64
%endif
# uncomment if the iquote patch is activated
export IN_TREE_FREEBL_HEADERS_FIRST=1
NSS_ENABLE_ECC=1
export NSS_ENABLE_ECC
##### phase 1: remove util/freebl/softoken and low level tools
#
######## Remove freebl, softoken and util
%{__rm} -rf ./mozilla/security/nss/lib/freebl
%{__rm} -rf ./mozilla/security/nss/lib/softoken
%{__rm} -rf ./mozilla/security/nss/lib/util
######## Remove nss-softokn test tools
%{__rm} -rf ./mozilla/security/nss/cmd/bltest
%{__rm} -rf ./mozilla/security/nss/cmd/fipstest
%{__rm} -rf ./mozilla/security/nss/cmd/rsaperf_low
%{__make} -C ./nss export
%{__make} -C ./nss/lib/freebl private_export
%{__make} -C ./nss/lib/softoken private_export
%{__make} -C ./nss/lib/util private_export
##### phase 2: build the rest of nss
# nss supports pluggable ecc with more than suite-b
NSS_ECC_MORE_THAN_SUITE_B=1
export NSS_ECC_MORE_THAN_SUITE_B
export NSS_BLTEST_NOT_AVAILABLE=1
%{__make} -C ./nss/coreconf
%{__make} -C ./nss/lib/dbm
%{__make} -C ./nss
unset NSS_BLTEST_NOT_AVAILABLE
# build the man pages clean
pushd ./nss
@ -293,6 +430,69 @@ popd
%{__mkdir_p} ./dist/docs/nroff
%{__cp} ./nss/doc/nroff/* ./dist/docs/nroff
# Set up our package file
# The nspr_version and nss_util_version globals used here
# must match the ones nss-softokn has for its Requires.
%{__mkdir_p} ./dist/pkgconfig
%{__cat} %{Source202} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
-e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \
-e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
./dist/pkgconfig/nss-softokn.pc
SOFTOKEN_VMAJOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'`
SOFTOKEN_VMINOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
SOFTOKEN_VPATCH=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`
export SOFTOKEN_VMAJOR
export SOFTOKEN_VMINOR
export SOFTOKEN_VPATCH
%{__cat} %{Source203} | sed -e "s,@libdir@,%{_libdir},g" \
-e "s,@prefix@,%{_prefix},g" \
-e "s,@exec_prefix@,%{_prefix},g" \
-e "s,@includedir@,%{_includedir}/nss3,g" \
-e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \
-e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \
-e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \
> ./dist/pkgconfig/nss-softokn-config
chmod 755 ./dist/pkgconfig/nss-softokn-config
# Set up our package file
%{__mkdir_p} ./dist/pkgconfig
%{__cat} %{Source102} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
-e "s,%%NSSUTIL_VERSION%%,%{version},g" > \
./dist/pkgconfig/nss-util.pc
NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'`
NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'`
NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'`
export NSSUTIL_VMAJOR
export NSSUTIL_VMINOR
export NSSUTIL_VPATCH
%{__cat} %{Source103} | sed -e "s,@libdir@,%{_libdir},g" \
-e "s,@prefix@,%{_prefix},g" \
-e "s,@exec_prefix@,%{_prefix},g" \
-e "s,@includedir@,%{_includedir}/nss3,g" \
-e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \
-e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \
-e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \
> ./dist/pkgconfig/nss-util-config
chmod 755 ./dist/pkgconfig/nss-util-config
# Set up our package file
# The nspr_version and nss_{util|softokn}_version globals used
# here match the ones nss has for its Requires.
@ -359,6 +559,10 @@ if [ $DISABLETEST -eq 1 ]; then
fi
# Begin -- copied from the build section
# inform the ssl test scripts that SSL2 is disabled
#export NSS_NO_SSL2=1
FREEBL_NO_DEPEND=1
export FREEBL_NO_DEPEND
@ -370,7 +574,7 @@ USE_64=1
export USE_64
%endif
export NSS_BLTEST_NOT_AVAILABLE=1
#export NSS_BLTEST_NOT_AVAILABLE=1
# needed for the fips manging test
export SOFTOKEN_LIB_DIR=%{_libdir}
@ -447,11 +651,15 @@ echo "test suite completed"
# There is no make install target so we'll do it ourselves.
%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3
%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/nss3
%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
%{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir}
%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5
@ -460,7 +668,7 @@ touch $RPM_BUILD_ROOT%{_libdir}/libnssckbi.so
%{__install} -p -m 755 dist/*.OBJ/lib/libnssckbi.so $RPM_BUILD_ROOT/%{_libdir}/nss/libnssckbi.so
# Copy the binary libraries we want
for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so
for file in libsoftokn3.so libnssdbm3.so libfreebl3.so libnssutil3.so libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so
do
%{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done
@ -489,23 +697,43 @@ do
done
# Copy the binaries we ship as unsupported
for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
for file in bltest fipstest shlibsign atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
do
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
done
# Copy some freebl include files we also want
for file in blapi.h alghmac.h
do
%{__install} -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
done
# Copy the include files we want
for file in dist/public/nss/*.h
do
%{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
done
# Copy the static freebl library
for file in libfreebl.a
do
%{__install} -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done
# Copy the package configuration files
%{__install} -p -m 644 ./dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
%{__install} -p -m 755 ./dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
# Copy the template files we want
for file in dist/private/nss/nssck.api
for file in dist/private/nss/nssck.api dist/private/nss/templates.c
do
%{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
done
# Copy the package configuration files
%{__install} -p -m 644 ./dist/pkgconfig/nss-util.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc
%{__install} -p -m 755 ./dist/pkgconfig/nss-util-config $RPM_BUILD_ROOT/%{_bindir}/nss-util-config
# Copy the package configuration files
%{__install} -p -m 644 ./dist/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc
%{__install} -p -m 755 ./dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config
@ -729,8 +957,107 @@ fi
%{_libdir}/libnssb.a
%{_libdir}/libnssckfw.a
%files softokn
%defattr(-,root,root)
%{_libdir}/libnssdbm3.so
%{_libdir}/libnssdbm3.chk
%{_libdir}/libsoftokn3.so
%{_libdir}/libsoftokn3.chk
# shared with nss-tools
%dir %{_libdir}/nss
%dir %{saved_files_dir}
%dir %{unsupported_tools_directory}
%{unsupported_tools_directory}/bltest
%{unsupported_tools_directory}/fipstest
%{unsupported_tools_directory}/shlibsign
%files softokn-freebl
%defattr(-,root,root)
%{_libdir}/libfreebl3.so
%{_libdir}/libfreebl3.chk
%files softokn-freebl-devel
%defattr(-,root,root)
%{_libdir}/libfreebl.a
%{_includedir}/nss3/blapi.h
%{_includedir}/nss3/blapit.h
%{_includedir}/nss3/alghmac.h
%files softokn-devel
%defattr(-,root,root)
%{_libdir}/pkgconfig/nss-softokn.pc
%{_bindir}/nss-softokn-config
# co-owned with nss
%dir %{_includedir}/nss3
#
# The following headers are those exported public in
# nss/lib/freebl/manifest.mn and
# nss/lib/softoken/manifest.mn
#
# The following list is short because many headers, such as
# the pkcs #11 ones, have been provided by nss-util-devel
# which installed them before us.
#
%{_includedir}/nss3/ecl-exp.h
%{_includedir}/nss3/nsslowhash.h
%{_includedir}/nss3/shsign.h
%files util
%defattr(-,root,root)
%{_libdir}/libnssutil3.so
%files util-devel
%defattr(-,root,root)
# package configuration files
%{_libdir}/pkgconfig/nss-util.pc
%{_bindir}/nss-util-config
# co-owned with nss
%dir %{_includedir}/nss3
# these are marked as public export in nss/lib/util/manifest.mk
%{_includedir}/nss3/base64.h
%{_includedir}/nss3/ciferfam.h
%{_includedir}/nss3/hasht.h
%{_includedir}/nss3/nssb64.h
%{_includedir}/nss3/nssb64t.h
%{_includedir}/nss3/nsslocks.h
%{_includedir}/nss3/nssilock.h
%{_includedir}/nss3/nssilckt.h
%{_includedir}/nss3/nssrwlk.h
%{_includedir}/nss3/nssrwlkt.h
%{_includedir}/nss3/nssutil.h
%{_includedir}/nss3/pkcs11.h
%{_includedir}/nss3/pkcs11f.h
%{_includedir}/nss3/pkcs11n.h
%{_includedir}/nss3/pkcs11p.h
%{_includedir}/nss3/pkcs11t.h
%{_includedir}/nss3/pkcs11u.h
%{_includedir}/nss3/portreg.h
%{_includedir}/nss3/secasn1.h
%{_includedir}/nss3/secasn1t.h
%{_includedir}/nss3/seccomon.h
%{_includedir}/nss3/secder.h
%{_includedir}/nss3/secdert.h
%{_includedir}/nss3/secdig.h
%{_includedir}/nss3/secdigt.h
%{_includedir}/nss3/secerr.h
%{_includedir}/nss3/secitem.h
%{_includedir}/nss3/secoid.h
%{_includedir}/nss3/secoidt.h
%{_includedir}/nss3/secport.h
%{_includedir}/nss3/utilmodt.h
%{_includedir}/nss3/utilpars.h
%{_includedir}/nss3/utilparst.h
%{_includedir}/nss3/utilrename.h
%{_includedir}/nss3/templates/templates.c
%changelog
* Sat Apr 26 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-0.20140425.0
- Test build for update to nss-3.16.1
* Tue Mar 18 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.0-1
- Update to nss-3.16.0
- Cleanup the copying of the tools man pages

31
p-ignore-setpolicy.patch Normal file
View File

@ -0,0 +1,31 @@
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -1252,25 +1252,22 @@ SSL_CipherPrefGet(PRFileDesc *fd, PRInt3
rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
}
return rv;
}
SECStatus
NSS_SetDomesticPolicy(void)
{
- SECStatus status = SECSuccess;
const PRUint16 *cipher;
for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
- status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
- if (status != SECSuccess)
- break;
+ SSL_SetPolicy(*cipher, SSL_ALLOWED);
}
- return status;
+ return SECSuccess;
}
SECStatus
NSS_SetExportPolicy(void)
{
return NSS_SetDomesticPolicy();
}

2
sources
View File

@ -9,3 +9,5 @@ f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert
ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert
b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2
6a60df5c01f6c4ed8dbdbe85cf818a28 nss-3.16.0.tar.gz
30f4665aea605d4f3d2be6713a3e2da6 nss-3.16.1.tar.gz
af25066db4f9940c0845121039cde826 nss-pem-20140425.tar.bz2