Compare commits
30 Commits
Author | SHA1 | Date |
---|---|---|
Elio Maldonado | d9f25969ea | |
Elio Maldonado | 88d11fdb16 | |
Elio Maldonado | 78858d7f74 | |
Elio Maldonado | 8379430f6d | |
Elio Maldonado | 2bffed2b1e | |
Elio Maldonado | 516d508995 | |
Elio Maldonado | 3ec88faaca | |
Jaromir Capik | 74c6f87fee | |
Elio Maldonado | 7395f9bf9e | |
Elio Maldonado | 78134fa40c | |
Elio Maldonado | 8f003a704a | |
Elio Maldonado | cce3557766 | |
Elio Maldonado | 85a116d768 | |
Elio Maldonado | 2620f5d561 | |
Elio Maldonado | be8bca8e15 | |
Kai Engert | c16d08144a | |
Kai Engert | d7c16cfd1d | |
Elio Maldonado | b65cae435d | |
Elio Maldonado | 5296e318d7 | |
Elio Maldonado | 2885b07162 | |
Elio Maldonado | 834912a124 | |
Elio Maldonado | 03e131d922 | |
Elio Maldonado | b61b9ba802 | |
Elio Maldonado | 85bb34a6ea | |
Kai Engert | 5dda91f096 | |
Kevin Fenzi | da65b81e95 | |
Elio Maldonado | fde56efde8 | |
Peter Robinson | f97420ec14 | |
Elio Maldonado | 474e72cbc1 | |
Tom Callaway | c3970d9438 |
|
@ -8,4 +8,6 @@ TestCA.ca.cert
|
|||
TestUser50.cert
|
||||
TestUser51.cert
|
||||
/nss-pem-20140125.tar.bz2
|
||||
/nss-3.17.4.tar.gz
|
||||
/PayPalRootCA.cert
|
||||
/PayPalICA.cert
|
||||
/nss-3.21.0.tar.gz
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
#requires nspr
|
||||
#requires perl
|
||||
#requires nss-util
|
||||
#requires nss-softokn
|
||||
|
||||
mcd $BUILDDIR/nss
|
||||
|
||||
export BUILD_OPT=1
|
||||
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
|
||||
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
|
||||
export NSPR_INCLUDE_DIR=/usr/include/nspr
|
||||
export NSPR_LIB_DIR=/usr/lib${SUFFIX}
|
||||
export NSS_USE_SYSTEM_SQLITE=1
|
||||
export NSS_BUILD_WITHOUT_SOFTOKEN=1
|
||||
export USE_SYSTEM_SOFTOKEN=1
|
||||
export SOFTOKEN_LIB_DIR=/usr/lib${SUFFIX}
|
||||
export NSSUTIL_INCLUDE_DIR=/usr/include/nss3
|
||||
export NSSUTIL_LIB_DIR=/usr/lib${SUFFIX}
|
||||
export USE_SYSTEM_NSSUTIL=1
|
||||
export FREEBL_INCLUDE_DIR=/usr/include/nss3
|
||||
export FREEBL_LIB_DIR=/usr/lib${SUFFIX}
|
||||
export USE_SYSTEM_FREEBL=1
|
||||
export NSS_USE_SYSTEM_FREEBL=1
|
||||
export FREEBL_NO_DEPEND=1
|
||||
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
export NSS_NO_SSL2_NO_EXPORT=1
|
||||
export NSS_ECC_MORE_THAN_SUITE_B=1
|
||||
export NSS_NO_PKCS11_BYPASS=1
|
||||
#export NSDISTMODE="copy"
|
||||
|
||||
if [ "$SUFFIX" = "64" ]; then
|
||||
USE_64=1
|
||||
export USE_64
|
||||
fi
|
||||
|
||||
(cd $SRC/nss-3.* && mkdir -p dist/private/nss && cp nss/lib/ckfw/nssck.api dist/private/nss/)
|
||||
|
||||
make -C $SRC/nss-3.*/nss/coreconf
|
||||
make -C $SRC/nss-3.*/nss/lib/dbm
|
||||
make -C $SRC/nss-3.*/nss
|
||||
cd $SRC/nss-3.*/nss/coreconf
|
||||
make install
|
||||
cd $SRC/nss-3.*/nss/lib/dbm
|
||||
make install
|
||||
cd $SRC/nss-3.*/nss
|
||||
make install
|
||||
# Copy the binary libraries we want
|
||||
NSSLIBS="libnss3.so libnssckbi.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so"
|
||||
# BOZO: temporarily disable FIPS140 support
|
||||
#NSSLIBCHKS="libnssdbm3.chk libfreebl3.chk libsoftokn3.chk"
|
||||
NSSLIBCHKS=""
|
||||
# END BOZO
|
||||
cd $SRC/nss-3.*
|
||||
for file in $NSSLIBS $NSSLIBCHKS
|
||||
do
|
||||
install -p -m 755 dist/*.OBJ/lib/$file /usr/lib${SUFFIX}/
|
||||
done
|
||||
# Copy the include files we want
|
||||
for file in $SRC/nss-*/dist/public/nss/*.h
|
||||
do
|
||||
install -p -m 644 $file /usr/include/nss3/
|
||||
done
|
12
iquote.patch
12
iquote.patch
|
@ -173,3 +173,15 @@ diff -up nss/lib/nss/Makefile.iquote nss/lib/nss/Makefile
|
|||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile
|
||||
--- nss/lib/ssl/Makefile.iquote 2015-11-13 09:23:41.653738563 -0800
|
||||
+++ nss/lib/ssl/Makefile 2015-11-13 09:25:25.121415348 -0800
|
||||
@@ -49,7 +49,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c
|
||||
--- nss/cmd/httpserv/httpserv.c.539183 2013-05-28 14:43:24.000000000 -0700
|
||||
+++ nss/cmd/httpserv/httpserv.c 2013-05-30 22:16:46.685373471 -0700
|
||||
@@ -661,14 +661,18 @@ getBoundListenSocket(unsigned short port
|
||||
PRStatus prStatus;
|
||||
diff -up ./nss/cmd/httpserv/httpserv.c.539183 ./nss/cmd/httpserv/httpserv.c
|
||||
--- ./nss/cmd/httpserv/httpserv.c.539183 2015-11-08 21:12:59.000000000 -0800
|
||||
+++ ./nss/cmd/httpserv/httpserv.c 2015-11-12 13:28:01.574855325 -0800
|
||||
@@ -938,13 +938,13 @@ getBoundListenSocket(unsigned short port
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData opt;
|
||||
+ PRUint16 socketDomain = PR_AF_INET;
|
||||
|
||||
- addr.inet.family = PR_AF_INET;
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
|
@ -15,9 +13,6 @@ diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c
|
|||
+ }
|
||||
|
||||
- listen_sock = PR_NewTCPSocket();
|
||||
+ if (PR_GetEnv("NSS_USE_SDP")) {
|
||||
+ socketDomain = PR_AF_INET_SDP;
|
||||
+ }
|
||||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
|
||||
if (listen_sock == NULL) {
|
||||
- errExit("PR_NewTCPSocket");
|
||||
|
@ -25,14 +20,12 @@ diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c
|
|||
}
|
||||
|
||||
opt.option = PR_SockOpt_Nonblocking;
|
||||
diff -up nss/cmd/selfserv/selfserv.c.539183 nss/cmd/selfserv/selfserv.c
|
||||
--- nss/cmd/selfserv/selfserv.c.539183 2013-05-28 14:43:24.000000000 -0700
|
||||
+++ nss/cmd/selfserv/selfserv.c 2013-05-30 22:16:46.688373495 -0700
|
||||
@@ -1687,14 +1687,18 @@ getBoundListenSocket(unsigned short port
|
||||
PRStatus prStatus;
|
||||
diff -up ./nss/cmd/selfserv/selfserv.c.539183 ./nss/cmd/selfserv/selfserv.c
|
||||
--- ./nss/cmd/selfserv/selfserv.c.539183 2015-11-08 21:12:59.000000000 -0800
|
||||
+++ ./nss/cmd/selfserv/selfserv.c 2015-11-12 13:26:40.498345875 -0800
|
||||
@@ -1707,13 +1707,13 @@ getBoundListenSocket(unsigned short port
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData opt;
|
||||
+ PRUint16 socketDomain = PR_AF_INET;
|
||||
|
||||
- addr.inet.family = PR_AF_INET;
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
|
@ -42,9 +35,6 @@ diff -up nss/cmd/selfserv/selfserv.c.539183 nss/cmd/selfserv/selfserv.c
|
|||
+ }
|
||||
|
||||
- listen_sock = PR_NewTCPSocket();
|
||||
+ if (PR_GetEnv("NSS_USE_SDP")) {
|
||||
+ socketDomain = PR_AF_INET_SDP;
|
||||
+ }
|
||||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
|
||||
if (listen_sock == NULL) {
|
||||
- errExit("PR_NewTCPSocket");
|
||||
|
|
112
nss.spec
112
nss.spec
|
@ -1,6 +1,6 @@
|
|||
%global nspr_version 4.10.7
|
||||
%global nss_util_version 3.17.4
|
||||
%global nss_softokn_version 3.17.4
|
||||
%global nspr_version 4.10.10
|
||||
%global nss_util_version 3.21.0
|
||||
%global nss_softokn_version 3.21.0
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||
|
||||
|
@ -18,8 +18,10 @@
|
|||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.17.4
|
||||
Release: 1%{?dist}
|
||||
Version: 3.21.0
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 1.1%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
|
@ -56,11 +58,7 @@ Source6: blank-cert9.db
|
|||
Source7: blank-key4.db
|
||||
Source8: system-pkcs11.txt
|
||||
Source9: setup-nsssysinit.sh
|
||||
Source10: PayPalEE.cert
|
||||
Source12: %{name}-pem-20140125.tar.bz2
|
||||
Source17: TestCA.ca.cert
|
||||
Source18: TestUser50.cert
|
||||
Source19: TestUser51.cert
|
||||
Source20: nss-config.xml
|
||||
Source21: setup-nsssysinit.xml
|
||||
Source22: pkcs11.txt.xml
|
||||
|
@ -90,8 +88,18 @@ Patch49: nss-skip-bltest-and-fipstest.patch
|
|||
# headers are older. Such is the case when starting an update with API changes or even private export changes.
|
||||
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
|
||||
Patch50: iquote.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
|
||||
Patch51: tls12.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1009429
|
||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
||||
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||
|
||||
# As of nss-3.21 we compile NSS with -Werror.
|
||||
# see https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
|
||||
# This requires a cleanup of the PEM module as we have it here.
|
||||
# TODO: submit a patch to the interim nss-pem upstream project
|
||||
# The submission will be very different from this patch as
|
||||
# cleanup there is already in progress there.
|
||||
Patch59: pem-compile-with-Werror.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -162,10 +170,6 @@ low level services.
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
%{__cp} %{SOURCE10} -f ./nss/tests/libpkix/certs
|
||||
%{__cp} %{SOURCE17} -f ./nss/tests/libpkix/certs
|
||||
%{__cp} %{SOURCE18} -f ./nss/tests/libpkix/certs
|
||||
%{__cp} %{SOURCE19} -f ./nss/tests/libpkix/certs
|
||||
%setup -q -T -D -n %{name}-%{version} -a 12
|
||||
|
||||
%patch2 -p0 -b .relro
|
||||
|
@ -179,8 +183,9 @@ low level services.
|
|||
%patch49 -p0 -b .skipthem
|
||||
%patch50 -p0 -b .iquote
|
||||
pushd nss
|
||||
%patch51 -p1 -b .994599
|
||||
popd
|
||||
%patch58 -p0 -b .1185708_3des
|
||||
%patch59 -p0 -b .compile_Werror
|
||||
|
||||
#########################################################
|
||||
# Higher-level libraries and test tools need access to
|
||||
|
@ -193,11 +198,15 @@ for file in ${pemNeedsFromSoftoken}; do
|
|||
%{__cp} ./nss/lib/softoken/${file}.h ./nss/lib/ckfw/pem/
|
||||
done
|
||||
|
||||
# Copying these header util the upstream bug is accepted
|
||||
# Copying these header until the upstream bug is accepted
|
||||
# Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207
|
||||
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
|
||||
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
|
||||
|
||||
# Before removing util directory we must save verref.h
|
||||
# as it will be needed later during the build phase.
|
||||
%{__mv} ./nss/lib/util/verref.h ./nss/verref.h
|
||||
|
||||
##### Remove util/freebl/softoken and low level tools
|
||||
######## Remove freebl, softoken and util
|
||||
%{__rm} -rf ./nss/lib/freebl
|
||||
|
@ -264,10 +273,16 @@ export NSS_BUILD_WITHOUT_SOFTOKEN=1
|
|||
NSS_USE_SYSTEM_SQLITE=1
|
||||
export NSS_USE_SYSTEM_SQLITE
|
||||
|
||||
%ifarch x86_64 %{power64} ia64 s390x sparc64 aarch64
|
||||
# external tests are causing build problems because they access ssl internal types
|
||||
# TODO: Investigate as there may be a better solution
|
||||
export NSS_DISABLE_GTESTS=1
|
||||
|
||||
%ifnarch noarch
|
||||
%if 0%{__isa_bits} == 64
|
||||
USE_64=1
|
||||
export USE_64
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# uncomment if the iquote patch is activated
|
||||
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
||||
|
@ -280,6 +295,13 @@ export NSS_ECC_MORE_THAN_SUITE_B
|
|||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
%{__make} -C ./nss/coreconf
|
||||
%{__make} -C ./nss/lib/dbm
|
||||
|
||||
# nss/nssinit.c, ssl/sslcon.c, smime/smimeutil.c and ckfw/builtins/binst.c
|
||||
# need nss/lib/util/verref.h which is which is exported privately,
|
||||
# copy the one we saved during prep so it they can find it.
|
||||
%{__mkdir_p} ./dist/private/nss
|
||||
%{__mv} ./nss/verref.h ./dist/private/nss/verref.h
|
||||
|
||||
%{__make} -C ./nss
|
||||
unset NSS_BLTEST_NOT_AVAILABLE
|
||||
|
||||
|
@ -364,10 +386,12 @@ export FREEBL_NO_DEPEND
|
|||
BUILD_OPT=1
|
||||
export BUILD_OPT
|
||||
|
||||
%ifarch x86_64 %{power64} ia64 s390x sparc64 aarch64
|
||||
%ifnarch noarch
|
||||
%if 0%{__isa_bits} == 64
|
||||
USE_64=1
|
||||
export USE_64
|
||||
%endif
|
||||
%endif
|
||||
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
|
||||
|
@ -526,7 +550,7 @@ do
|
|||
done
|
||||
|
||||
# Copy the binaries we ship as unsupported
|
||||
for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
|
||||
for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
|
||||
do
|
||||
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
||||
done
|
||||
|
@ -558,7 +582,7 @@ for f in nss-config setup-nsssysinit; do
|
|||
done
|
||||
# Copy the man pages for the nss tools
|
||||
for f in "%{allTools}"; do
|
||||
install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||
install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||
done
|
||||
%if %{defined rhel}
|
||||
install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_mandir}/man1/pp.1
|
||||
|
@ -677,6 +701,7 @@ fi
|
|||
%{unsupported_tools_directory}/atob
|
||||
%{unsupported_tools_directory}/btoa
|
||||
%{unsupported_tools_directory}/derdump
|
||||
%{unsupported_tools_directory}/listsuites
|
||||
%{unsupported_tools_directory}/ocspclnt
|
||||
%{unsupported_tools_directory}/pp
|
||||
%{unsupported_tools_directory}/selfserv
|
||||
|
@ -781,21 +806,56 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Nov 20 2015 Elio Maldonado <emaldona@redhat.com> - 3.21.0-1.1
|
||||
- Update %%{nss_util_version} and %%{nss_softokn_version} to 3.21.0
|
||||
- Resolves: Bug 1284095 - all https fails with sec_error_no_token
|
||||
|
||||
* Mon Nov 16 2015 Elio Maldonado <emaldona@redhat.com> - 3.21.0-1.0
|
||||
- Update to NSS 3.21
|
||||
- Package listsuites as part of the unsupported tools set
|
||||
- Resolves: Bug 1279912 - nss-3.21 is available
|
||||
- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit
|
||||
- Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set
|
||||
|
||||
* Mon Nov 02 2015 Elio Maldonado <emaldona@redhat.com> - 3.20.1-1.0
|
||||
- Update to NSS 3.20.1
|
||||
|
||||
* Mon Oct 05 2015 Elio Maldonado <emaldona@redhat.com> - 3.20.0-1.1.1
|
||||
- Enable ECC cipher-suites by default [hrbz#1185708]
|
||||
- Split the enabling patch in two for easier maintenance
|
||||
|
||||
* Thu Sep 17 2015 Elio Maldonado <emaldona@redhat.com> - 3.20.0-1.1
|
||||
- Enable ECC cipher-suites by default [rhbz#1185708]
|
||||
|
||||
* Sat Aug 22 2015 Elio Maldonado <emaldona@redhat.com> - 3.19.3-2.0
|
||||
- Update to NSS 3.20
|
||||
|
||||
* Wed Aug 12 2015 Elio Maldonado <emaldona@redhat.com> - 3.19.2-2.0
|
||||
- Update to NSS 3.19.3
|
||||
|
||||
* Thu Jun 18 2015 Elio Maldonado <emaldona@redhat.com> - 3.19.2-1.0
|
||||
- Update to NSS 3.19.2
|
||||
|
||||
* Thu May 28 2015 Kai Engert <kaie@redhat.com> - 3.19.1-1.0
|
||||
- Update to NSS 3.19.1
|
||||
|
||||
* Tue May 19 2015 Kai Engert <kaie@redhat.com> - 3.19.0-1.0
|
||||
- Update to NSS 3.19
|
||||
|
||||
* Mon Mar 23 2015 Elio Maldonado <emaldona@redhat.com> - 3.18.0-1
|
||||
- Update to nss-3.18.0
|
||||
|
||||
* Wed Jan 28 2015 Elio Maldonado <emaldona@redhat.com> - 3.17.4-1
|
||||
- Update to nss-3.17.4
|
||||
|
||||
* Sat Jan 24 2015 Ville Skyttä <ville.skytta@iki.fi> - 3.17.3-4
|
||||
- Own the %%{_datadir}/doc/nss-tools dir
|
||||
|
||||
* Tue Dec 16 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-3
|
||||
* Mon Dec 15 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-2
|
||||
- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
|
||||
- Install pp man page in %%{_datadir}/doc/nss-tools/pp.1
|
||||
- Use %%{_mandir} instead of /usr/share/man as more generic
|
||||
|
||||
* Mon Dec 15 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-2
|
||||
- Install pp man page in alternative location
|
||||
- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
|
||||
|
||||
* Fri Dec 05 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-1
|
||||
- Update to nss-3.17.3
|
||||
- Resolves: Bug 1171012 - nss-3.17.3 is available
|
||||
|
|
|
@ -0,0 +1,146 @@
|
|||
diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
|
||||
--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||
+++ ./nss/lib/ckfw/pem/ckpem.h 2015-11-13 12:07:29.219887390 -0800
|
||||
@@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr {
|
||||
};
|
||||
typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
|
||||
|
||||
+/* NOTE: Discrepancy with the the way callers use of the return value as a count
|
||||
+ * Fix this when we sync. up with the cleanup work being done at nss-pem project.
|
||||
+ */
|
||||
SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
|
||||
const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
|
||||
void pem_PopulateModulusExponent(pemInternalObject *io);
|
||||
diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
|
||||
--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||
+++ ./nss/lib/ckfw/pem/pinst.c 2015-11-13 12:07:29.219887390 -0800
|
||||
@@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key
|
||||
char *ivstring = NULL;
|
||||
int cipher;
|
||||
|
||||
- nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
||||
+ /* TODO: Fix discrepancy between our usage of the return value as
|
||||
+ * as an int (a count) and the declaration as a SECStatus. */
|
||||
+ nobjs = (int) ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
||||
if (nobjs <= 0) {
|
||||
nss_ZFreeIf(objs);
|
||||
return CKR_GENERAL_ERROR;
|
||||
@@ -515,8 +517,10 @@ AddCertificate(char *certfile, char *key
|
||||
if (keyfile) { /* add the private key */
|
||||
SECItem **keyobjs = NULL;
|
||||
int kobjs = 0;
|
||||
+ /* TODO: Fix discrepancy between our usage of the return value as
|
||||
+ * as an int and the declaration as a SECStatus. */
|
||||
kobjs =
|
||||
- ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
|
||||
+ (int) ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
|
||||
&ivstring, PR_FALSE);
|
||||
if (kobjs < 1) {
|
||||
error = CKR_GENERAL_ERROR;
|
||||
diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c
|
||||
--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||
+++ ./nss/lib/ckfw/pem/pobject.c 2015-11-13 12:07:29.220887368 -0800
|
||||
@@ -630,6 +630,11 @@ pem_DestroyInternalObject
|
||||
if (io->u.key.ivstring)
|
||||
free(io->u.key.ivstring);
|
||||
break;
|
||||
+ case pemAll:
|
||||
+ /* pemAll is not used, keep the compiler happy
|
||||
+ * TODO: investigate a proper solution
|
||||
+ */
|
||||
+ return;
|
||||
}
|
||||
|
||||
if (NULL != gobj)
|
||||
@@ -1044,7 +1049,9 @@ pem_CreateObject
|
||||
int nobjs = 0;
|
||||
int i;
|
||||
int objid;
|
||||
+#if 0
|
||||
pemToken *token;
|
||||
+#endif
|
||||
int cipher;
|
||||
char *ivstring = NULL;
|
||||
pemInternalObject *listObj = NULL;
|
||||
@@ -1073,7 +1080,9 @@ pem_CreateObject
|
||||
}
|
||||
slotID = nssCKFWSlot_GetSlotID(fwSlot);
|
||||
|
||||
+#if 0
|
||||
token = (pemToken *) mdToken->etc;
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* only create keys and certs.
|
||||
@@ -1114,7 +1123,11 @@ pem_CreateObject
|
||||
}
|
||||
|
||||
if (objClass == CKO_CERTIFICATE) {
|
||||
- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
||||
+ /* TODO: Fix discrepancy between our usage of the return value as
|
||||
+ * as an int and the declaration as a SECStatus. Typecasting as a
|
||||
+ * temporary workaround.
|
||||
+ */
|
||||
+ nobjs = (int) ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
||||
if (nobjs < 1)
|
||||
goto loser;
|
||||
|
||||
diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c
|
||||
--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||
+++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-13 12:07:29.220887368 -0800
|
||||
@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/* unused functions */
|
||||
+#if 0
|
||||
static SHA1Context *SHA1_CloneContext(SHA1Context * original)
|
||||
{
|
||||
SHA1Context *clone = NULL;
|
||||
@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
+#endif /* unused functions */
|
||||
|
||||
/*
|
||||
* Format one block of data for public/private key encryption using
|
||||
diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c
|
||||
--- ./nss/lib/ckfw/pem/util.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||
+++ ./nss/lib/ckfw/pem/util.c 2015-11-13 12:22:52.282196306 -0800
|
||||
@@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
-int
|
||||
+/* FIX: Returns a SECStatus yet callers take result as a count */
|
||||
+SECStatus
|
||||
ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
|
||||
int *cipher, char **ivstring, PRBool certsonly)
|
||||
{
|
||||
@@ -237,7 +238,12 @@ ReadDERFromFile(SECItem *** derlist, cha
|
||||
goto loser;
|
||||
}
|
||||
if ((certsonly && !key) || (!certsonly && key)) {
|
||||
+ error = CKR_OK;
|
||||
PUT_Object(der, error);
|
||||
+ if (error != CKR_OK) {
|
||||
+ free(der);
|
||||
+ goto loser;
|
||||
+ }
|
||||
} else {
|
||||
free(der->data);
|
||||
free(der);
|
||||
@@ -255,7 +261,12 @@ ReadDERFromFile(SECItem *** derlist, cha
|
||||
}
|
||||
|
||||
/* NOTE: This code path has never been tested. */
|
||||
+ error = CKR_OK;
|
||||
PUT_Object(der, error);
|
||||
+ if (error != CKR_OK) {
|
||||
+ free(der);
|
||||
+ goto loser;
|
||||
+ }
|
||||
}
|
||||
|
||||
nss_ZFreeIf(filedata.data);
|
|
@ -0,0 +1,14 @@
|
|||
diff -up ./nss/lib/ssl/ssl3con.c.1185708_3des ./nss/lib/ssl/ssl3con.c
|
||||
--- ./nss/lib/ssl/ssl3con.c.1185708_3des 2015-09-29 16:24:18.717593591 -0700
|
||||
+++ ./nss/lib/ssl/ssl3con.c 2015-09-29 16:25:22.672879926 -0700
|
||||
@@ -101,8 +101,8 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
#endif /* NSS_DISABLE_ECC */
|
6
sources
6
sources
|
@ -3,9 +3,5 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
|||
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
||||
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||
c9fefa97dc184a5857f12d938517ed81 PayPalEE.cert
|
||||
f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert
|
||||
1b7b6808cd77d5df29bf5bb9e5fac967 TestUser50.cert
|
||||
ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert
|
||||
b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2
|
||||
a77df26072cabf8afb26911b6fa9b755 nss-3.17.4.tar.gz
|
||||
f53ffa490133d29ff930fa4b29bade90 nss-3.21.0.tar.gz
|
||||
|
|
36
tls12.patch
36
tls12.patch
|
@ -1,36 +0,0 @@
|
|||
# HG changeset patch
|
||||
# User Martin Thomson <martin.thomson@gmail.com>
|
||||
# Date 1413479112 25200
|
||||
# Thu Oct 16 10:05:12 2014 -0700
|
||||
# Node ID f7e1c2c652f4c2522a0a5ec232ecebae1983053d
|
||||
# Parent 24852c6f89ea7ed2b8f231320d9a0a03bdd706d4
|
||||
Bug 1083900 - Updating default maximum version to 1.2
|
||||
|
||||
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
||||
--- a/lib/ssl/sslsock.c
|
||||
+++ b/lib/ssl/sslsock.c
|
||||
@@ -85,22 +85,22 @@ static sslOptions ssl_defaults = {
|
||||
PR_FALSE /* enableFallbackSCSV */
|
||||
};
|
||||
|
||||
/*
|
||||
* default range of enabled SSL/TLS protocols
|
||||
*/
|
||||
static SSLVersionRange versions_defaults_stream = {
|
||||
SSL_LIBRARY_VERSION_3_0,
|
||||
- SSL_LIBRARY_VERSION_TLS_1_0
|
||||
+ SSL_LIBRARY_VERSION_TLS_1_2
|
||||
};
|
||||
|
||||
static SSLVersionRange versions_defaults_datagram = {
|
||||
SSL_LIBRARY_VERSION_TLS_1_1,
|
||||
- SSL_LIBRARY_VERSION_TLS_1_1
|
||||
+ SSL_LIBRARY_VERSION_TLS_1_2
|
||||
};
|
||||
|
||||
#define VERSIONS_DEFAULTS(variant) \
|
||||
(variant == ssl_variant_stream ? &versions_defaults_stream : \
|
||||
&versions_defaults_datagram)
|
||||
|
||||
sslSessionIDLookupFunc ssl_sid_lookup;
|
||||
sslSessionIDCacheFunc ssl_sid_cache;
|
Loading…
Reference in New Issue