From 4ba4c8f0299e285806f19102799b895c55285b99 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 5 Feb 2014 19:32:56 -0800 Subject: [PATCH] Bug 958916: Update to NSS 3.15.5 release candidate 0, (NSS_3_15_5_RC0), r=me --HG-- extra : rebase_source : 03eeda2f9f6968811d69c1e44eb8dc00472d7558 --- security/nss/TAG-INFO | 2 +- security/nss/coreconf/coreconf.dep | 1 + security/nss/lib/ssl/ssl.h | 23 ++++++++++++----------- security/nss/lib/ssl/ssl3ext.c | 11 ++++++----- 4 files changed, 20 insertions(+), 17 deletions(-) diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index d3c9f71f187..4ff5468b72d 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -NSS_3_15_5_BETA3 +NSS_3_15_5_RC0 diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 5182f75552c..590d1bfaeee 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,3 +10,4 @@ */ #error "Do not include this header file." + diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index b27af6658eb..35418e3829e 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -163,21 +163,22 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ /* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial - * handshake when protocol negotiation is used. SSL_SetNextProtoCallback - * or SSL_SetNextProtoNego must be used to control the protocol negotiation; - * otherwise, the NPN extension will not be negotiated. SSL_ENABLE_NPN is - * currently enabled by default but this may change in future versions. + * handshake when application layer protocol negotiation is used. + * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the + * application layer protocol negotiation; otherwise, the NPN extension will + * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this + * may change in future versions. */ #define SSL_ENABLE_NPN 25 /* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the - * initial handshake when protocol negotiation is used. SSL_SetNextProtoNego - * (not SSL_SetNextProtoCallback) must be used to control the protocol - * negotiation; otherwise, the ALPN extension will not be negotiated. ALPN is - * not negotiated for renegotiation handshakes, even though the ALPN - * specification defines a way to use ALPN during renegotiations. - * SSL_ENABLE_ALPN is currently disabled by default, but this may change in - * future versions. + * initial handshake when application layer protocol negotiation is used. + * SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control + * the application layer protocol negotiation; otherwise, the ALPN extension + * will not be negotiated. ALPN is not negotiated for renegotiation handshakes, + * even though the ALPN specification defines a way to use ALPN during + * renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this + * may change in future versions. */ #define SSL_ENABLE_ALPN 26 diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 792a3b42117..58ba1b45052 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -615,11 +615,12 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, PORT_Assert(!ss->firstHsDone); if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) { - /* If the server negotiated ALPN then it has already told us what protocol - * to use, so it doesn't make sense for us to try to negotiate a different - * one by sending the NPN handshake message. However, if we've negotiated - * NPN then we're required to send the NPN handshake message. Thus, these - * two extensions cannot both be negotiated on the same connection. */ + /* If the server negotiated ALPN then it has already told us what + * protocol to use, so it doesn't make sense for us to try to negotiate + * a different one by sending the NPN handshake message. However, if + * we've negotiated NPN then we're required to send the NPN handshake + * message. Thus, these two extensions cannot both be negotiated on the + * same connection. */ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; }