blob: 10ed53389a2a0e6aacd5350cea239d8cfb214743 [file] [log] [blame]
Name: Network Security Services (NSS)
URL: http://www.mozilla.org/projects/security/pki/nss/
Version: 3.23 RTM
Security Critical: Yes
License: MPL 2
License File: NOT_SHIPPED
This directory includes a copy of NSS's libssl from the hg repo at:
https://hg.mozilla.org/projects/nss
The same module appears in crypto/third_party/nss (and third_party/nss on some
platforms), so we don't repeat the license file here.
The snapshot was updated to the hg tag: NSS_3_23_RTM
Patches:
* Cache the peer's intermediate CA certificates in session ID, so that
they're available when we resume a session.
patches/cachecerts.patch
https://bugzilla.mozilla.org/show_bug.cgi?id=731478
* Add a function to export whether the last handshake on a socket resumed a
previous session.
patches/didhandshakeresume.patch
https://bugzilla.mozilla.org/show_bug.cgi?id=731798
* Add function to retrieve TLS client cert types requested by server.
https://bugzilla.mozilla.org/show_bug.cgi?id=51413
patches/getrequestedclientcerttypes.patch
* Add a function to restart a handshake after a client certificate request.
patches/restartclientauth.patch
* Add support for TLS Channel IDs
patches/channelid.patch
* Add support for extracting the tls-unique channel binding value
patches/tlsunique.patch
https://bugzilla.mozilla.org/show_bug.cgi?id=563276
* SSL_ExportKeyingMaterial should get the RecvBufLock and SSL3HandshakeLock.
This change was made in https://chromiumcodereview.appspot.com/10454066.
patches/secretexporterlocks.patch
* Fix session cache lock creation race.
patches/cachelocks.patch
https://bugzilla.mozilla.org/show_bug.cgi?id=764646
* Add a function to allow the cipher suites preference order to be set.
patches/cipherorder.patch
* Add explicit functions for managing the SSL/TLS session cache.
This is a temporary workaround until Chromium migrates to NSS's
asynchronous certificate verification.
patches/sessioncache.patch
* Add a comment explaining why signature_algorithms extension should be at
the end of the extension list. This works around a bug in WebSphere
Application Server 7.0, which is intolerant to the final extension having
zero length. This also ensures that the padding extension has non-zero
length.
patches/reorderextensions.patch
* Fix an unused method when disabling PKCS#11 bypass mode
patches/nobypass.patch
Apply the patches to NSS by running the patches/applypatches.sh script. Read
the comments at the top of patches/applypatches.sh for instructions.