b88d7c2e5158fc6b645b71c42db7d7f27c5f5baa: Bug 1423016 - DTLS support for tstclnt. r=mt
EKR <ekr@rtfm.com> - Sat, 11 Nov 2017 11:50:18 +0800 - rev 14186
Push 2932 by ekr@mozilla.com at Tue, 05 Dec 2017 00:41:26 +0000
Bug 1423016 - DTLS support for tstclnt. r=mt Reviewers: mt Differential Revision: https://phabricator.services.mozilla.com/D314
a32eec0bdec8c4fc6e0bc1b65b73b9b1a498041d: Bug 1422688 - Fix for blocking mode reads of 0-RTT, r=ekr
Martin Thomson <martin.thomson@gmail.com> - Wed, 29 Nov 2017 11:11:26 +1100 - rev 14185
Push 2931 by martin.thomson@gmail.com at Tue, 05 Dec 2017 00:30:55 +0000
Bug 1422688 - Fix for blocking mode reads of 0-RTT, r=ekr We talked about this in an earlier iteration of Bug 1386475, but we didn't like that the code checked whether there was early data twice. Turns out that it is necessary for blocking sockets. If we return PR_WOULD_BLOCK_ERROR on a blocking socket, the calling code rightfully objects. As it turns out, selfserv is an example of this. It was breaking with boringssl. I don't know why this wasn't an issue with other clients, but I suspect that it is because very few implementations are doing exactly the same thing with 0-RTT and timing is critical here.
e3c27c38cb10a0e9e23f0475de9c1801a0aea75a: Bug 1422848, NSS taskcluster should run at least one "make optimized" build, r=fkiefer
Kai Engert <kaie@kuix.de> - Mon, 04 Dec 2017 22:40:04 +0100 - rev 14184
Push 2930 by kaie@kuix.de at Mon, 04 Dec 2017 21:39:43 +0000
Bug 1422848, NSS taskcluster should run at least one "make optimized" build, r=fkiefer
f8536fe0e12841249533b6fe9b8e47e99951fbc2: Bug 1422843, Silence false positive warnings about ABI changes in NSS 3.35, r=fkiefer
Kai Engert <kaie@kuix.de> - Mon, 04 Dec 2017 19:03:09 +0100 - rev 14183
Push 2929 by kaie@kuix.de at Mon, 04 Dec 2017 18:02:45 +0000
Bug 1422843, Silence false positive warnings about ABI changes in NSS 3.35, r=fkiefer
6d56dc87ea96c2d0cc5fbe3ca9ca24b2365659f0: Bug 1417331, fix whitespace for clang-format
Kai Engert <kaie@kuix.de> - Mon, 04 Dec 2017 13:18:43 +0100 - rev 14182
Push 2928 by kaie@kuix.de at Mon, 04 Dec 2017 12:18:23 +0000
Bug 1417331, fix whitespace for clang-format
0bd865cf27a7384e817046cdc07fda59714f8aa9: Bug 1417331, disable keylog tests if keylogfile is disabled, r=mt
Kai Engert <kaie@kuix.de> - Mon, 04 Dec 2017 13:07:43 +0100 - rev 14181
Push 2927 by kaie@kuix.de at Mon, 04 Dec 2017 12:07:19 +0000
Bug 1417331, disable keylog tests if keylogfile is disabled, r=mt
f35ea3fe5c2c6435de0b899a3ca5914580d9c68d: Bug 1422652 - Remove correct PSS CA cert, r=ueno
Martin Thomson <martin.thomson@gmail.com> - Mon, 04 Dec 2017 12:23:51 +1100 - rev 14180
Push 2926 by martin.thomson@gmail.com at Mon, 04 Dec 2017 08:54:24 +0000
Bug 1422652 - Remove correct PSS CA cert, r=ueno
179bb12e1dc54eebd8e0470a420354ea121ee91f: Bug 1315865 - Automatic KeyUpdate to avoid cipher exhaustion, r=ekr
Martin Thomson <martin.thomson@gmail.com> - Fri, 01 Sep 2017 16:46:28 +1000 - rev 14179
Push 2926 by martin.thomson@gmail.com at Mon, 04 Dec 2017 08:54:24 +0000
Bug 1315865 - Automatic KeyUpdate to avoid cipher exhaustion, r=ekr
c7806ef48b38f0349fcddffa7a1f8ae2dff6f1e9: Bug 1315865 - Basic KeyUpdate handling, r=ekr
Martin Thomson <martin.thomson@gmail.com> - Tue, 14 Feb 2017 20:35:14 +1100 - rev 14178
Push 2926 by martin.thomson@gmail.com at Mon, 04 Dec 2017 08:54:24 +0000
Bug 1315865 - Basic KeyUpdate handling, r=ekr Summary: KeyUpdate for TLS (not DTLS). Experimental API for triggering one. Reviewers: ekr
ce395e6b2908478c9d6180b8b118ceb3f1edf5eb: Bug 1422326 - Use fewer layers in HACL* docker image r=franziskus
Tim Taubert <ttaubert@mozilla.com> - Fri, 01 Dec 2017 16:17:06 +0100 - rev 14177
Push 2925 by ttaubert@mozilla.com at Fri, 01 Dec 2017 15:19:45 +0000
Bug 1422326 - Use fewer layers in HACL* docker image r=franziskus Summary: https://treeherder.mozilla.org/#/jobs?repo=nss-try&revision=2fc53af42652ac888f87516a4f681cab56135f6a Reviewers: franziskus Reviewed By: franziskus Differential Revision: https://phabricator.services.mozilla.com/D308
0c062fe18d23acaa3ded5787664a39ea3cdf8f58: Bug 1421788 - Add a length check in nssCryptokiObject_Create to maybe prevent null pointer deref r=ttaubert
David Keeler <dkeeler@mozilla.com> - Fri, 01 Dec 2017 06:24:29 +0100 - rev 14176
Push 2924 by ttaubert@mozilla.com at Fri, 01 Dec 2017 06:46:42 +0000
Bug 1421788 - Add a length check in nssCryptokiObject_Create to maybe prevent null pointer deref r=ttaubert Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1421788 Differential Revision: https://phabricator.services.mozilla.com/D302
401de51885384e2d612ca7cc32ffc0936bc5969b: Bug 1421572 - Correct early exporter secret derivation, r=ekr
Martin Thomson <martin.thomson@gmail.com> - Wed, 29 Nov 2017 06:23:19 -0800 - rev 14175
Push 2923 by ekr@mozilla.com at Wed, 29 Nov 2017 14:47:26 +0000
Bug 1421572 - Correct early exporter secret derivation, r=ekr Summary: This was pretty obviously wrong before, which was made obvious when I moved a few things around. Reviewers: ekr, Lekensteyn Reviewed By: Lekensteyn Subscribers: mt, Lekensteyn Bug #: 1421572 Differential Revision: https://phabricator.services.mozilla.com/D297
7c9e5bd3d8fe33be7bc0ebfe74ee3934e2fc64f4: Bug 1417331 - Early exporters for TLS 1.3, r=lekensteyn
Martin Thomson <martin.thomson@gmail.com> - Wed, 29 Nov 2017 21:20:44 +1100 - rev 14174
Push 2922 by martin.thomson@gmail.com at Wed, 29 Nov 2017 10:23:39 +0000
Bug 1417331 - Early exporters for TLS 1.3, r=lekensteyn Reviewers: Lekensteyn Reviewed By: Lekensteyn Bug #: 1317331 Differential Revision: https://phabricator.services.mozilla.com/D287
79f689370b96037c38d2268673d5c1f8e1037467: Bug 1212199 - Fix signed/unsigned warning for V2Hello handler, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Fri, 24 Nov 2017 10:47:00 +1100 - rev 14173
Push 2921 by martin.thomson@gmail.com at Wed, 29 Nov 2017 10:03:36 +0000
Bug 1212199 - Fix signed/unsigned warning for V2Hello handler, r=ttaubert
96e6dbbd080f07b325a31e67fea8ed858c6b21cf: Bug 1419278 - make lg_CopyAttribute handle optionsDate and smimeOptions properly, r=ttaubert,jseward
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 29 Nov 2017 09:24:43 +0100 - rev 14172
Push 2920 by franziskuskiefer@gmail.com at Wed, 29 Nov 2017 08:28:29 +0000
Bug 1419278 - make lg_CopyAttribute handle optionsDate and smimeOptions properly, r=ttaubert,jseward Reviewers: ttaubert Reviewed By: ttaubert Subscribers: ttaubert, franziskus, jseward Bug #: 1419278 Differential Revision: https://phabricator.services.mozilla.com/D267
2e84661d39faf3b224384180d9ca81314b9f127c: NSS_TLS13_DRAFT19_BRANCH merge follow-up, remove ssl3encode, r=mt,ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 29 Nov 2017 09:24:33 +0100 - rev 14171
Push 2920 by franziskuskiefer@gmail.com at Wed, 29 Nov 2017 08:28:29 +0000
NSS_TLS13_DRAFT19_BRANCH merge follow-up, remove ssl3encode, r=mt,ttaubert Reviewers: mt, ttaubert Reviewed By: mt, ttaubert Differential Revision: https://phabricator.services.mozilla.com/D283
c71d2fa1a53c6039f40878bf66be90a6bbc927c9: Bug 1265127 - fixed race condition in ssl_PushIOLayer, r=franziskus
Jonas Allmann <jallmann@mozilla.com> - Wed, 29 Nov 2017 09:20:58 +0100 - rev 14170
Push 2919 by franziskuskiefer@gmail.com at Wed, 29 Nov 2017 08:23:30 +0000
Bug 1265127 - fixed race condition in ssl_PushIOLayer, r=franziskus Reviewers: franziskus Reviewed By: franziskus Bug #: 1265127 Differential Revision: https://phabricator.services.mozilla.com/D293
36dc2b60c1f61f2c3bed38eced382333e966f90b: Bug 1417331 - fix key log unit tests, r=mt
Peter Wu <peter@lekensteyn.nl> - Wed, 15 Nov 2017 07:48:54 +0000 - rev 14169
Push 2918 by martin.thomson@gmail.com at Mon, 27 Nov 2017 05:40:20 +0000
Bug 1417331 - fix key log unit tests, r=mt The key log unit tests were never activated because the SSLKEYLOGFILE environment variable was not properly set (putenv claims the pointer and requires it to be valid after invocation) after changing to PR_SetEnv. The test failures did not show up because gtest somehow swallows errors for the child process. Set "throw_on_failure" in the child to fix this. And finally fix the invalid tests (client random size 1? nope) and ensure 0-RTT is triggered such that CLIENT_EARLY_TRAFFIC_SECRET can be tested.
2b6dc5a87babdfbc15fefe0ef561bf6cc9b83562: Bug 1429776 - Various coverity issues on TLS 1.3 branch, r=ekr
Martin Thomson <martin.thomson@gmail.com> - Mon, 27 Nov 2017 10:08:54 +1100 - rev 14168
Push 2917 by martin.thomson@gmail.com at Mon, 27 Nov 2017 00:04:16 +0000
Bug 1429776 - Various coverity issues on TLS 1.3 branch, r=ekr
b0658ed367633e505d38c0c0f63b801ddbbb21a4: Bug 1377940, Change NSS default storage file format (currently DBM), when no prefix is given, to SQL, r=rrelyea, r=fkiefer
Kai Engert <kaie@kuix.de> - Fri, 24 Nov 2017 19:43:14 +0100 - rev 14167
Push 2916 by kaie@kuix.de at Fri, 24 Nov 2017 18:43:01 +0000
Bug 1377940, Change NSS default storage file format (currently DBM), when no prefix is given, to SQL, r=rrelyea, r=fkiefer
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 tip