From bf931cd3318ba0d34c10b011befaada708ea737e Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Sat, 9 Nov 2013 11:02:17 -0800 Subject: [PATCH] Bug 934378, Bug 898431: Update NSS to NSS 3.15.4 beta 2 (NSS_3_15_4_BETA2), r=me --HG-- extra : rebase_source : 079854e8533b46d24184547c1424078cfb68852f --- configure.in | 2 +- security/nss/TAG-INFO | 2 +- security/nss/coreconf/coreconf.dep | 1 + security/nss/lib/ssl/ssl3con.c | 19 ++++++++----------- security/nss/tests/ocsp/ocsp.sh | 10 +++++----- 5 files changed, 16 insertions(+), 18 deletions(-) diff --git a/configure.in b/configure.in index 2f17bbafc44..6b80adbd020 100644 --- a/configure.in +++ b/configure.in @@ -3668,7 +3668,7 @@ MOZ_ARG_WITH_BOOL(system-nss, _USE_SYSTEM_NSS=1 ) if test -n "$_USE_SYSTEM_NSS"; then - AM_PATH_NSS(3.15.3, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])]) + AM_PATH_NSS(3.15.4, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])]) fi if test -n "$MOZ_NATIVE_NSS"; then diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index ac5b19f2e5a..6f8bf0a9038 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -NSS_3_15_4_BETA1 +NSS_3_15_4_BETA2 diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 5182f75552c..590d1bfaeee 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,3 +10,4 @@ */ #error "Do not include this header file." + diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index bc4bcfa208b..9fbc9729243 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -7043,7 +7043,7 @@ ssl3_CheckFalseStart(sslSocket *ss) PRBool ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss) { - PRBool result = PR_FALSE; + PRBool result; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); @@ -7054,10 +7054,9 @@ ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss) case wait_change_cipher: result = !ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn); break; - case wait_finished: - break; default: - PR_NOT_REACHED("ssl3_WaitingForStartOfServerSecondRound"); + result = PR_FALSE; + break; } return result; @@ -9967,19 +9966,17 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error) PORT_Assert(!ss->firstHsDone); PORT_Assert(!ss->sec.isServer); PORT_Assert(!ss->ssl3.hs.isResuming); - PORT_Assert(ss->ssl3.hs.ws == wait_new_session_ticket || - ss->ssl3.hs.ws == wait_change_cipher || - ss->ssl3.hs.ws == wait_finished); + PORT_Assert(ss->ssl3.hs.ws != idle_handshake); - /* ssl3_SendClientSecondRound deferred the false start check because - * certificate authentication was pending, so we do it now if we still - * haven't received any of the server's second round yet. - */ if (ss->opt.enableFalseStart && !ss->firstHsDone && !ss->sec.isServer && !ss->ssl3.hs.isResuming && ssl3_WaitingForStartOfServerSecondRound(ss)) { + /* ssl3_SendClientSecondRound deferred the false start check because + * certificate authentication was pending, so we do it now if we still + * haven't received any of the server's second round yet. + */ rv = ssl3_CheckFalseStart(ss); } else { rv = SECSuccess; diff --git a/security/nss/tests/ocsp/ocsp.sh b/security/nss/tests/ocsp/ocsp.sh index 84323c9c8cc..4e13e055532 100644 --- a/security/nss/tests/ocsp/ocsp.sh +++ b/security/nss/tests/ocsp/ocsp.sh @@ -60,11 +60,11 @@ ocsp_stapling() ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF} html_msg $? 0 "$TESTNAME" - TESTNAME="startssl revoked, supports OCSP stapling" - echo "$SCRIPTNAME: $TESTNAME" - echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}" - ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF} - html_msg $? 3 "$TESTNAME" +# TESTNAME="startssl revoked, supports OCSP stapling" +# echo "$SCRIPTNAME: $TESTNAME" +# echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}" +# ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF} +# html_msg $? 3 "$TESTNAME" TESTNAME="comodo trial test expired revoked, supports OCSP stapling" echo "$SCRIPTNAME: $TESTNAME"