e6e9c562c9e2b56859a21725e82f0e8c927edbcb: [PATCH 4/7] The NSS_G/SetAlgorithmPolicy functions can be used to restrict the curves used in cert verification BUG1009429_BRANCH
Elio Maldonado <emaldona@redhat.com> - Tue, 14 Apr 2015 14:28:37 -0700 - rev 11425
Push 613 by emaldona@redhat.com at Tue, 14 Apr 2015 23:20:01 +0000
[PATCH 4/7] The NSS_G/SetAlgorithmPolicy functions can be used to restrict the curves used in cert verification In particular the NSS_USE_ALG_IN_CERT_SIGNATURE flag can be specified to allow a specific curve for certificate verification. From: Nikos Mavrogiannopoulos <nmav@redhat.com>
28f6c4af66c5e4fbc339ae1ce7baf44948eb7b9e: [PATCH 3/7] Added functions to set and get numeric options for NSS. BUG1009429_BRANCH
Elio Maldonado <emaldona@redhat.com> - Tue, 14 Apr 2015 14:25:29 -0700 - rev 11424
Push 613 by emaldona@redhat.com at Tue, 14 Apr 2015 23:20:01 +0000
[PATCH 3/7] Added functions to set and get numeric options for NSS. Currently the only options defined allow setting the minimum acceptable sizes for RSA, DH, and DSA keys. The SSL DH key exchange was modified to take account for the min DH value set. From: Nikos Mavrogiannopoulos <nmav@redhat.com>
56db76cc9047d6391fbe8e56a51a4f98c5d288af: [PATCH 2/7] The NSS_G/SetAlgorithmPolicy functions can be used to restrict the curves used in SSL BUG1009429_BRANCH
Elio Maldonado <emaldona@redhat.com> - Tue, 14 Apr 2015 14:22:49 -0700 - rev 11423
Push 613 by emaldona@redhat.com at Tue, 14 Apr 2015 23:20:01 +0000
[PATCH 2/7] The NSS_G/SetAlgorithmPolicy functions can be used to restrict the curves used in SSL In particular the NSS_USE_ALG_IN_SSL_KX flag can be specified to allow a specific curve for TLS negotiation. This will affect the advertized curves as well. From: Nikos Mavrogiannopoulos <nmav@redhat.com>
1beb91dda17ae92d4a8909abe0e4017923de5a96: [PATCH 1/7] Restrict the SignatureAlgorithms in SSL based on the NSS settings. BUG1009429_BRANCH
Elio Maldonado <emaldona@redhat.com> - Tue, 14 Apr 2015 14:06:25 -0700 - rev 11422
Push 613 by emaldona@redhat.com at Tue, 14 Apr 2015 23:20:01 +0000
[PATCH 1/7] Restrict the SignatureAlgorithms in SSL based on the NSS settings. Added the NSS_USE_ALG_IN_SSL_KX flag for NSS_G/SetAlgorithmPolicy, which specifies the allowed hash algorithms for SSL signatures. This is only relevant in TLS 1.2 which uses the SignatureAlgorithms extension. Older TLS versions have fixed signature algorithms and formats. From: Nikos Mavrogiannopoulos <nmav@redhat.com>
82de44ead36ffc55baf73f9ac2986f6932fe4e9d: Bug 1153994 - Syntax error in nss/tests/all.sh, r=kaie
Elio Maldonado <emaldona@redhat.com> - Mon, 13 Apr 2015 12:24:20 -0700 - rev 11421
Push 612 by emaldona@redhat.com at Mon, 13 Apr 2015 19:24:43 +0000
Bug 1153994 - Syntax error in nss/tests/all.sh, r=kaie
07da6d86695a416e404dfa4ff973fb0ab26ed49b: Bug 991783 - Add generic mechanism to add name constraints to built-in certificates r=wtc
Richard Barnes <rbarnes@mozilla.com> - Sat, 11 Apr 2015 22:26:44 +0200 - rev 11420
Push 611 by kaie@kuix.de at Sat, 11 Apr 2015 20:27:12 +0000
Bug 991783 - Add generic mechanism to add name constraints to built-in certificates r=wtc
9fca4f7066f85ea8489552984010929fc29292a7: Bug 1151037 - Expired nss/test/libpkix/certs/PayPalEE.cert, r=bustage
Kai Engert <kaie@kuix.de> - Thu, 09 Apr 2015 22:32:24 +0200 - rev 11419
Push 610 by kaie@kuix.de at Thu, 09 Apr 2015 20:32:31 +0000
Bug 1151037 - Expired nss/test/libpkix/certs/PayPalEE.cert, r=bustage
60c35f8c4e0f6f18eccc44552acea980df875f95: Bug 950344 - Fix unused-but-set-variable 'client' warning in pkix_pl_httpdefaultclient.c, r=emaldona
cykesiopka - Thu, 02 Apr 2015 08:37:48 -0700 - rev 11418
Push 609 by emaldona@redhat.com at Thu, 02 Apr 2015 15:37:57 +0000
Bug 950344 - Fix unused-but-set-variable 'client' warning in pkix_pl_httpdefaultclient.c, r=emaldona
6cda07b32ff582d6e2fda3182dec44830af0baea: Bug 950348 - Fix unused-but-set-variable 'fullHash' warning in pkix_pl_publickey.c, a=cykesiopka, r=emaldona
cykesiopka - Thu, 02 Apr 2015 08:33:38 -0700 - rev 11417
Push 608 by emaldona@redhat.com at Thu, 02 Apr 2015 15:34:08 +0000
Bug 950348 - Fix unused-but-set-variable 'fullHash' warning in pkix_pl_publickey.c, a=cykesiopka, r=emaldona
834c9c87914445b88cadac7afa5ea83d1a73e7fe: Bug 345725 - Fix spelling error in CERTCertificateStr comment in certt.h, a=cykesiopka, r=emaldona
cykesiopka - Thu, 02 Apr 2015 08:27:59 -0700 - rev 11416
Push 607 by emaldona@redhat.com at Thu, 02 Apr 2015 15:28:39 +0000
Bug 345725 - Fix spelling error in CERTCertificateStr comment in certt.h, a=cykesiopka, r=emaldona
94203d3f6c5eb8ede6aa46953ff6f6a2b2c61488: Bug 1134548 - Send the maximum version in ClientHello when attempting resumption, r=wtc
Martin Thomson <martin.thomson@gmail.com> - Fri, 13 Mar 2015 11:29:42 -0700 - rev 11415
Push 606 by martin.thomson@gmail.com at Mon, 30 Mar 2015 23:38:15 +0000
Bug 1134548 - Send the maximum version in ClientHello when attempting resumption, r=wtc
62f085e7ecc6342e3ab430d327a70e79f9d0e06f: Bug 1096741 (part 1) - In mp_exptmod_safe_i(), instantiate |powersArray| lazily, r=rrelyea, r=kaie
Nicholas Nethercote <nnethercote@mozilla.com> - Mon, 26 Jan 2015 20:22:38 -0800 - rev 11414
Push 605 by kaie@kuix.de at Fri, 27 Mar 2015 08:51:20 +0000
Bug 1096741 (part 1) - In mp_exptmod_safe_i(), instantiate |powersArray| lazily, r=rrelyea, r=kaie
80b6963079d90c53b6927f8cb5d3a5c70bb97599: Bug 1096741 (part 2) - In mp_exptmod_safe_i(), instantiate |tmp| lazily, r=rrelyea, r=kaie
Nicholas Nethercote <nnethercote@mozilla.com> - Thu, 13 Nov 2014 00:44:25 -0800 - rev 11413
Push 605 by kaie@kuix.de at Fri, 27 Mar 2015 08:51:20 +0000
Bug 1096741 (part 2) - In mp_exptmod_safe_i(), instantiate |tmp| lazily, r=rrelyea, r=kaie
e2b98ed12caa8cda72ddc257fb4389fcf4fa1d82: Bug 1145270 - Remove E-Guven root certificate from NSS, r=rrelyea, r=ryan.sleevi
Kai Engert <kaie@kuix.de> - Thu, 26 Mar 2015 20:50:54 +0100 - rev 11412
Push 604 by kaie@kuix.de at Thu, 26 Mar 2015 19:51:01 +0000
Bug 1145270 - Remove E-Guven root certificate from NSS, r=rrelyea, r=ryan.sleevi
70549e7ca8014acfa9b8098247e97bce63b3fde3: Added tag NSS_3_18_1_BETA1 for changeset 9dde22ab19d1
Kai Engert <kaie@kuix.de> - Thu, 26 Mar 2015 20:25:02 +0100 - rev 11411
Push 603 by kaie@kuix.de at Thu, 26 Mar 2015 19:25:10 +0000
Added tag NSS_3_18_1_BETA1 for changeset 9dde22ab19d1
9dde22ab19d1c7c5e0acbdfcab99550313ca733a: Bug 753136 - More extensive extension exercising, r=ekr NSS_3_18_1_BETA1
Martin Thomson <martin.thomson@gmail.com> - Tue, 17 Mar 2015 13:42:19 -0700 - rev 11410
Push 602 by martin.thomson@gmail.com at Wed, 18 Mar 2015 17:49:25 +0000
Bug 753136 - More extensive extension exercising, r=ekr
b2fae9d52e145b97c655cec2cc348aeea44a36b4: Bug 753136 - Track when alerts are sent and send a catch-all alert on extension failures, r=ekr
Martin Thomson <martin.thomson@gmail.com> - Mon, 16 Mar 2015 14:19:44 -0700 - rev 11409
Push 602 by martin.thomson@gmail.com at Wed, 18 Mar 2015 17:49:25 +0000
Bug 753136 - Track when alerts are sent and send a catch-all alert on extension failures, r=ekr
b4bd63404b8226308fad8034ed24f2445597fbc4: Bug 753136 - Fixing ssl3_HandleSupportedPointFormatsXtn, r=ekr
Martin Thomson <martin.thomson@gmail.com> - Mon, 09 Mar 2015 12:09:01 -0700 - rev 11408
Push 602 by martin.thomson@gmail.com at Wed, 18 Mar 2015 17:49:25 +0000
Bug 753136 - Fixing ssl3_HandleSupportedPointFormatsXtn, r=ekr
1b11045d1472b8cdb139371600ef547fa0e6cb25: Bug 753136 - Fixing ssl3_HandleSupportedCurvesXtn, r=ekr
Martin Thomson <martin.thomson@gmail.com> - Tue, 17 Mar 2015 13:51:47 -0700 - rev 11407
Push 602 by martin.thomson@gmail.com at Wed, 18 Mar 2015 17:49:25 +0000
Bug 753136 - Fixing ssl3_HandleSupportedCurvesXtn, r=ekr
9beaa95036fcdf10a49c934c558dd1412f48f61f: Bug 753136 - Fixing ssl3_HandleUseSRTPXtn, r=ekr
Martin Thomson <martin.thomson@gmail.com> - Wed, 18 Mar 2015 10:00:31 -0700 - rev 11406
Push 602 by martin.thomson@gmail.com at Wed, 18 Mar 2015 17:49:25 +0000
Bug 753136 - Fixing ssl3_HandleUseSRTPXtn, r=ekr
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 +3000 tip