Bug 958916: Update to NSS 3.15.5 release candidate 0 (NSS_3_15_5_RC0), r=me, a=sledru
authorBrian Smith <brian@briansmith.org>
Wed, 05 Feb 2014 20:01:54 -0800
changeset 182676 8563809a50e6fdaef9065c1f3ffbec00f551b9cd
parent 182675 8e82d0db50ffc4114a78dc581dd5cfa830915114
child 182677 28f391c5c335efa76f1de3725ca5627a540f8531
push id3343
push userffxbld
push dateMon, 17 Mar 2014 21:55:32 +0000
treeherdermozilla-beta@2f7d3415f79f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme, sledru
bugs958916
milestone29.0a2
Bug 958916: Update to NSS 3.15.5 release candidate 0 (NSS_3_15_5_RC0), r=me, a=sledru
security/nss/TAG-INFO
security/nss/coreconf/coreconf.dep
security/nss/lib/ssl/ssl.h
security/nss/lib/ssl/ssl3ext.c
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_15_5_BETA3
+NSS_3_15_5_RC0
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/lib/ssl/ssl.h
+++ b/security/nss/lib/ssl/ssl.h
@@ -158,31 +158,32 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
  * not other types of records, because some implementations will not accept
  * fragmented records of some other types (e.g. some versions of NSS do not
  * accept fragmented alerts).
  */
 #define SSL_CBC_RANDOM_IV 23
 #define SSL_ENABLE_OCSP_STAPLING       24 /* Request OCSP stapling (client) */
 
 /* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial
- * handshake when protocol negotiation is used. SSL_SetNextProtoCallback
- * or SSL_SetNextProtoNego must be used to control the protocol negotiation;
- * otherwise, the NPN extension will not be negotiated. SSL_ENABLE_NPN is
- * currently enabled by default but this may change in future versions.
+ * handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the
+ * application layer protocol negotiation; otherwise, the NPN extension will
+ * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this
+ * may change in future versions.
  */
 #define SSL_ENABLE_NPN 25
 
 /* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the
- * initial handshake when protocol negotiation is used. SSL_SetNextProtoNego
- * (not SSL_SetNextProtoCallback) must be used to control the protocol
- * negotiation; otherwise, the ALPN extension will not be negotiated. ALPN is
- * not negotiated for renegotiation handshakes, even though the ALPN
- * specification defines a way to use ALPN during renegotiations.
- * SSL_ENABLE_ALPN is currently disabled by default, but this may change in
- * future versions.
+ * initial handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control
+ * the application layer protocol negotiation; otherwise, the ALPN extension
+ * will not be negotiated. ALPN is not negotiated for renegotiation handshakes,
+ * even though the ALPN specification defines a way to use ALPN during
+ * renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this
+ * may change in future versions.
  */
 #define SSL_ENABLE_ALPN 26
 
 #ifdef SSL_DEPRECATED_FUNCTION 
 /* Old deprecated function names */
 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
 #endif
--- a/security/nss/lib/ssl/ssl3ext.c
+++ b/security/nss/lib/ssl/ssl3ext.c
@@ -610,21 +610,22 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc
 {
     SECStatus rv;
     unsigned char resultBuffer[255];
     SECItem result = { siBuffer, resultBuffer, 0 };
 
     PORT_Assert(!ss->firstHsDone);
 
     if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {
-	/* If the server negotiated ALPN then it has already told us what protocol
-	 * to use, so it doesn't make sense for us to try to negotiate a different
-	 * one by sending the NPN handshake message. However, if we've negotiated
-	 * NPN then we're required to send the NPN handshake message. Thus, these
-	 * two extensions cannot both be negotiated on the same connection. */
+	/* If the server negotiated ALPN then it has already told us what
+	 * protocol to use, so it doesn't make sense for us to try to negotiate
+	 * a different one by sending the NPN handshake message. However, if
+	 * we've negotiated NPN then we're required to send the NPN handshake
+	 * message. Thus, these two extensions cannot both be negotiated on the
+	 * same connection. */
 	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
 	return SECFailure;
     }
 
     rv = ssl3_ValidateNextProtoNego(data->data, data->len);
     if (rv != SECSuccess)
 	return rv;