| blob | aad42b5aa9304483189049e4ae12b6e196d0493f |
1 Name: Network Security Services (NSS)
2 URL: http://www.mozilla.org/projects/security/pki/nss/
3 Version: 3.15.1
4 Security Critical: Yes
5 License: MPL 2
6 License File: NOT_SHIPPED
8 This directory includes a copy of NSS's libssl from the hg repo at:
9 https://hg.mozilla.org/projects/nss
11 The same module appears in crypto/third_party/nss (and third_party/nss on some
12 platforms), so we don't repeat the license file here.
14 The snapshot was updated to the hg tag: NSS_3_15_1_RTM
16 Patches:
18 * Commenting out a couple of functions because they need NSS symbols
19 which may not exist in the system NSS library.
20 patches/versionskew.patch
22 * Send empty renegotiation info extension instead of SCSV unless TLS is
23 disabled.
24 patches/renegoscsv.patch
25 https://bugzilla.mozilla.org/show_bug.cgi?id=549042
27 * Cache the peer's intermediate CA certificates in session ID, so that
28 they're available when we resume a session.
29 patches/cachecerts.patch
30 https://bugzilla.mozilla.org/show_bug.cgi?id=731478
32 * Add the SSL_PeerCertificateChain function
33 patches/peercertchain.patch
34 https://bugzilla.mozilla.org/show_bug.cgi?id=731485
36 * Add support for client auth with native crypto APIs on Mac and Windows
37 patches/clientauth.patch
38 ssl/sslplatf.c
40 * Add a function to export whether the last handshake on a socket resumed a
41 previous session.
42 patches/didhandshakeresume.patch
43 https://bugzilla.mozilla.org/show_bug.cgi?id=731798
45 * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake
46 is finished.
47 https://bugzilla.mozilla.org/show_bug.cgi?id=681839
48 patches/negotiatedextension.patch
50 * Add function to retrieve TLS client cert types requested by server.
51 https://bugzilla.mozilla.org/show_bug.cgi?id=51413
52 patches/getrequestedclientcerttypes.patch
54 * Add a function to restart a handshake after a client certificate request.
55 patches/restartclientauth.patch
57 * Add support for TLS Channel IDs
58 patches/channelid.patch
60 * Add support for extracting the tls-unique channel binding value
61 patches/tlsunique.patch
62 https://bugzilla.mozilla.org/show_bug.cgi?id=563276
64 * Define the EC_POINT_FORM_UNCOMPRESSED macro. In NSS 3.13.2 the macro
65 definition was moved from the internal header ec.h to blapit.h. When
66 compiling against older system NSS headers, we need to define the macro.
67 patches/ecpointform.patch
69 * SSL_ExportKeyingMaterial should get the RecvBufLock and SSL3HandshakeLock.
70 This change was made in https://chromiumcodereview.appspot.com/10454066.
71 patches/secretexporterlocks.patch
73 * Allow the constant-time CBC processing code to be compiled against older
74 NSS that doesn't contain the CBC constant-time changes.
75 patches/cbc.patch
76 https://code.google.com/p/chromium/issues/detail?id=172658#c12
78 * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS
79 versions older than 3.15 report an EC key size range of 112 bits to 571
80 bits, even when it is compiled to support only the NIST P-256, P-384, and
81 P-521 curves. Remove this patch when all system NSS softoken packages are
82 NSS 3.15 or later.
83 patches/suitebonly.patch
85 * Define the SECItemArray type and declare the SECItemArray handling
86 functions, which were added in NSS 3.15. Remove this patch when all system
87 NSS packages are NSS 3.15 or later.
88 patches/secitemarray.patch
90 * Update Chromium-specific code for TLS 1.2.
91 patches/tls12chromium.patch
93 * Add the Application Layer Protocol Negotiation extension.
94 patches/alpn.patch
96 * Fix an issue with allocating an SSL socket when under memory pressure.
97 https://bugzilla.mozilla.org/show_bug.cgi?id=903565
98 patches/sslsock_903565.patch
100 Apply the patches to NSS by running the patches/applypatches.sh script. Read
101 the comments at the top of patches/applypatches.sh for instructions.
103 The ssl/bodge directory contains files taken from the NSS repo that we required
104 for building libssl outside of its usual build environment.