| Name: Network Security Services (NSS) |
| URL: http://www.mozilla.org/projects/security/pki/nss/ |
| Version: 3.13.4 pre-release snapshot 20120319 |
| Security Critical: Yes |
| |
| This directory includes a copy of NSS's libssl from the CVS repo at: |
| :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot |
| |
| The snapshot was updated to the CVS tag: NSS_SSL_3_13_4_20120319_TAG |
| |
| Patches: |
| |
| * Commenting out a couple of functions because they need NSS symbols |
| which may not exist in the system NSS library. |
| patches/versionskew.patch |
| |
| * Send empty renegotiation info extension instead of SCSV unless TLS is |
| disabled. |
| patches/renegoscsv.patch |
| https://bugzilla.mozilla.org/show_bug.cgi?id=549042 |
| |
| * Cache the peer's intermediate CA certificates in session ID, so that |
| they're available when we resume a session. |
| patches/cachecerts.patch |
| https://bugzilla.mozilla.org/show_bug.cgi?id=731478 |
| |
| * Add the SSL_PeerCertificateChain function |
| patches/peercertchain.patch |
| https://bugzilla.mozilla.org/show_bug.cgi?id=731485 |
| |
| * Add OCSP stapling support |
| patches/ocspstapling.patch |
| |
| * Add support for client auth with native crypto APIs on Mac and Windows |
| patches/clientauth.patch |
| ssl/sslplatf.c |
| |
| * Add a function to export whether the last handshake on a socket resumed a |
| previous session. |
| patches/didhandshakeresume.patch |
| https://bugzilla.mozilla.org/show_bug.cgi?id=731798 |
| |
| * Support origin bound certificates. |
| http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt |
| https://bugzilla.mozilla.org/show_bug.cgi?id=680292 |
| patches/origin_bound_certs.patch |
| |
| * Add a function to restart a handshake after a client certificate request. |
| patches/restartclientauth.patch |
| |
| * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake |
| is finished. |
| https://bugzilla.mozilla.org/show_bug.cgi?id=681839 |
| patches/negotiatedextension.patch |
| |
| * Support the encrypted client certificates extension. |
| https://bugzilla.mozilla.org/show_bug.cgi?id=691991 |
| patches/encryptedclientcerts.patch |
| |
| * Add function to retrieve TLS client cert types requested by server. |
| https://bugzilla.mozilla.org/show_bug.cgi?id=51413 |
| patches/getrequestedclientcerttypes.patch |
| |
| * Add DTLS support. |
| https://bugzilla.mozilla.org/show_bug.cgi?id=681065 |
| patches/dtls.patch |
| |
| * Enable False Start only when the server supports NPN. |
| patches/falsestartnpn.patch |
| |
| Apply the patches to NSS by running the patches/applypatches.sh script. Read |
| the comments at the top of patches/applypatches.sh for instructions. |
| |
| The ssl/bodge directory contains files taken from the NSS repo that we required |
| for building libssl outside of its usual build environment. |