d1625cff2fb38b519d700b7c917f9b80e94904d4: Fix a crash. An attempt to move a sensitive key longer than 48 bytes
nelsonb%netscape.com - Wed, 17 Aug 2011 05:01:36 +0000 - rev 10068
Fix a crash. An attempt to move a sensitive key longer than 48 bytes from one token to another will no longer crash. Instead, it will fail with the new error code SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY. Bug 97887. In addition, DHE key pairs are now generated with CKA_SENSITIVE false.
e1a75eb88489ee0d60f499f2e982d6ec74143cde: Initial NSS Open Source checkin
relyea%netscape.com - Wed, 17 Aug 2011 05:01:35 +0000 - rev 10067
Initial NSS Open Source checkin
343fcb6b22c3c7a58af39c7c46bf109d871e606e: bustage fix
kaie%kuix.de - Wed, 10 Aug 2011 15:14:24 +0000 - rev 10066
bustage fix
a22b181b9a56ac20180c5efd87d07b268a1f8c77: Bug 676886, NSS' internal HTTP client should exclude :port for OCSP requests on default port 80, r=wtc
kaie%kuix.de - Wed, 10 Aug 2011 12:31:54 +0000 - rev 10065
Bug 676886, NSS' internal HTTP client should exclude :port for OCSP requests on default port 80, r=wtc
6d2059f5f67e9c633e2c7a88adfdd7393093a0d7: Set version number to 3.12.12 beta NSS_3_12_BRANCH
kaie%kuix.de - Tue, 09 Aug 2011 18:16:19 +0000 - rev 10064
Set version number to 3.12.12 beta
4678258e3dde02c6f5297ac14aa6622e1c9f343a: Update version numbers to NSS 3.12.11 final release NSS_3_12_BRANCH NSS_3_12_11_RTM
kaie%kuix.de - Tue, 09 Aug 2011 15:56:31 +0000 - rev 10063
Update version numbers to NSS 3.12.11 final release
1ae61eee09957f676ed446dcc380a9d75d9563ec: Bug 668397: remove support for Fortezza certificates and keys from NSS_3_12_BRANCH NSS_3_12_11_BETA3
wtc%google.com - Fri, 05 Aug 2011 12:27:52 +0000 - rev 10062
Bug 668397: remove support for Fortezza certificates and keys from cert_VerifyCertChainOld and seckey_ExtractPublicKey. The bug was reported by Tavis Ormandy <taviso@sdf.lonestar.org>. The patch was written by Brian Smith <bsmith@mozilla.com>. r=rrelyea,wtc. Modified Files: Tag: NSS_3_12_BRANCH certhigh/certvfy.c cryptohi/seckey.c
50d2e1f0b9ea98a6eddc116c165747725eac68bb: Bug 662557: Set pkixErrorClass and pkixErrorCode if localRevChecker orexternalRevChecker fails, otherwise we would end up reporting the default NSS_3_12_BRANCH
wtc%google.com - Fri, 05 Aug 2011 02:55:24 +0000 - rev 10061
Bug 662557: Set pkixErrorClass and pkixErrorCode if localRevChecker orexternalRevChecker fails, otherwise we would end up reporting the default error code PKIX_ALLOCERROR (value 0). Add the PKIX_CHECK_NO_GOTO macro. The patch is written by Kai Engert <kaie@kuix.de>. r=wtc. Modified Files: Tag: NSS_3_12_BRANCH pkix/checker/pkix_revocationchecker.c pkix/util/pkix_tools.h
66bca88b1b24b88f5b14e27a5c6f5677947c49d0: Bug 662557: Set pkixErrorClass and pkixErrorCode if localRevChecker or
wtc%google.com - Fri, 05 Aug 2011 02:53:24 +0000 - rev 10060
Bug 662557: Set pkixErrorClass and pkixErrorCode if localRevChecker or externalRevChecker fails, otherwise we would end up reporting the default error code PKIX_ALLOCERROR (value 0). Add the PKIX_CHECK_NO_GOTO macro. The patch is written by Kai Engert <kaie@kuix.de>. r=wtc. Modified Files: pkix/checker/pkix_revocationchecker.c pkix/util/pkix_tools.h
779cc6149a6c93cfc795e65fed947e1812cfb689: Bug 673413: disallow !item->data && item->len in MatchComponentType.
wtc%google.com - Fri, 05 Aug 2011 02:06:58 +0000 - rev 10059
Bug 673413: disallow !item->data && item->len in MatchComponentType. r=rrelyea.
38323e0a5b395fc82881a9b276612e8459a249e0: Bug 217721: change the certUsageObjectSigner case back to NSS_3_12_BRANCH
wtc%google.com - Fri, 05 Aug 2011 01:16:27 +0000 - rev 10058
Bug 217721: change the certUsageObjectSigner case back to KU_DIGITAL_SIGNATURE because RFC 5280 says code signing needs digitalSignature, as opposed to "digitalSignature and/or nonRepudiation". r=rrelyea. Modified Files: Tag: NSS_3_12_BRANCH certdb.c
d3ab6c75e17cc4b2836d36975aae4da48c2ed239: Bug 217721: change the certUsageObjectSigner case back to
wtc%google.com - Fri, 05 Aug 2011 01:13:14 +0000 - rev 10057
Bug 217721: change the certUsageObjectSigner case back to KU_DIGITAL_SIGNATURE because RFC 5280 says code signing needs digitalSignature, as opposed to "digitalSignature and/or nonRepudiation". R=rrelyea.
357dd43b2490a6790d8b1e6aa84667f1919b063a: Bug 673115 - Add function to obtain version of NSS at runtime, r=wtc, r=rrelyea
kaie%kuix.de - Mon, 01 Aug 2011 07:08:10 +0000 - rev 10056
Bug 673115 - Add function to obtain version of NSS at runtime, r=wtc, r=rrelyea
1a23a394ca93e64eaab3691272819a58df41cd4a: Bug 671002 - July 2011 batch of CA certificate changes, r=rrelyea NSS_3_12_BRANCH NSS_3_12_11_BETA2
kaie%kuix.de - Mon, 01 Aug 2011 06:40:04 +0000 - rev 10055
Bug 671002 - July 2011 batch of CA certificate changes, r=rrelyea
ee03878a7922ae43639ed8c5ea98646ae3033ba6: Bug 671002 - July 2011 batch of CA certificate changes, r=rrelyea
kaie%kuix.de - Mon, 01 Aug 2011 06:33:48 +0000 - rev 10054
Bug 671002 - July 2011 batch of CA certificate changes, r=rrelyea
a1bbd40a2e605198b7f93027f51b05e92c17e3e1: Bug 675325: Add "const" to the inDerCert parameter of
wtc%google.com - Fri, 29 Jul 2011 23:10:20 +0000 - rev 10053
Bug 675325: Add "const" to the inDerCert parameter of PK11_FindCertFromDERCertItem. r=emaldona.
e6501c41715a645f589cc033e222ab93cca1b55b: Bug 217721: do not use non-repudiation-only certs for SSL client NSS_3_12_BRANCH
wtc%google.com - Thu, 28 Jul 2011 22:19:57 +0000 - rev 10052
Bug 217721: do not use non-repudiation-only certs for SSL client authentication. The patch is contributed by Philipp Hug <debian@hug.cx>. r=nelson,rrelyea,wtc. Modified Files: Tag: NSS_3_12_BRANCH certdb.c certt.h
7a16f887a4c8ce14b9ab374105078d417ecad5ef: Bug 217721: do not use non-repudiation-only certs for SSL client
wtc%google.com - Thu, 28 Jul 2011 21:38:14 +0000 - rev 10051
Bug 217721: do not use non-repudiation-only certs for SSL client authentication. The patch is contributed by Philipp Hug <debian@hug.cx>. r=nelson,rrelyea,wtc. Modified Files: certdb.c certt.h
13461792615b44518d06c1b6f7d0291bf70d6cdb: Bug 617565: Prevent buffer overflow in PK11_DeriveWithTemplate and NSS_3_12_BRANCH NSS_3_12_11_BETA1
wtc%google.com - Tue, 26 Jul 2011 16:09:20 +0000 - rev 10050
Bug 617565: Prevent buffer overflow in PK11_DeriveWithTemplate and pk11_AnyUnwrapKey template handling. The patch is written by Brian Smith <bsmith@mozilla.com>. r=wtc. Tag: NSS_3_12_BRANCH
1230eff1e60e518fbbbd3fef892a4d03d6c64d31: Bug 617565: Prevent buffer overflow in PK11_DeriveWithTemplate and
wtc%google.com - Tue, 26 Jul 2011 16:02:07 +0000 - rev 10049
Bug 617565: Prevent buffer overflow in PK11_DeriveWithTemplate and pk11_AnyUnwrapKey template handling. The patch is written by Brian Smith <bsmith@mozilla.com>. r=wtc.
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 +3000 tip