Bug 934378, Bug 898431: Update NSS to NSS 3.15.4 beta 2 (NSS_3_15_4_BETA2), r=me

--HG--
extra : rebase_source : 079854e8533b46d24184547c1424078cfb68852f

configure.in

@@ -3668,7 +3668,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.15.3, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.15.4, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_NATIVE_NSS"; then

security/nss/TAG-INFO

@@ -1 +1 @@
-NSS_3_15_4_BETA1
+NSS_3_15_4_BETA2

security/nss/coreconf/coreconf.dep

@@ -10,3 +10,4 @@
  */
 
 #error "Do not include this header file."
+

security/nss/lib/ssl/ssl3con.c

@@ -7043,7 +7043,7 @@ ssl3_CheckFalseStart(sslSocket *ss)
 PRBool
 ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss)
 {
-    PRBool result = PR_FALSE;
+    PRBool result;
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
 
@@ -7054,10 +7054,9 @@ ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss)
     case wait_change_cipher:
         result = !ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn);
         break;
-    case wait_finished:
-        break;
     default:
-        PR_NOT_REACHED("ssl3_WaitingForStartOfServerSecondRound");
+        result = PR_FALSE;
+        break;
     }
 
     return result;
@@ -9967,19 +9966,17 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error)
 	PORT_Assert(!ss->firstHsDone);
 	PORT_Assert(!ss->sec.isServer);
 	PORT_Assert(!ss->ssl3.hs.isResuming);
-	PORT_Assert(ss->ssl3.hs.ws == wait_new_session_ticket ||
-		    ss->ssl3.hs.ws == wait_change_cipher ||
-		    ss->ssl3.hs.ws == wait_finished);
+	PORT_Assert(ss->ssl3.hs.ws != idle_handshake);
 
-	/* ssl3_SendClientSecondRound deferred the false start check because
-	 * certificate authentication was pending, so we do it now if we still
-         * haven't received any of the server's second round yet.
-	 */
 	if (ss->opt.enableFalseStart &&
 	    !ss->firstHsDone &&
 	    !ss->sec.isServer &&
 	    !ss->ssl3.hs.isResuming &&
 	    ssl3_WaitingForStartOfServerSecondRound(ss)) {
+	    /* ssl3_SendClientSecondRound deferred the false start check because
+	     * certificate authentication was pending, so we do it now if we still
+	     * haven't received any of the server's second round yet.
+	     */
 	    rv = ssl3_CheckFalseStart(ss);
 	} else {
 	    rv = SECSuccess;

security/nss/tests/ocsp/ocsp.sh

@@ -60,11 +60,11 @@ ocsp_stapling()
   ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}
   html_msg $? 0 "$TESTNAME"
 
-  TESTNAME="startssl revoked, supports OCSP stapling"
-  echo "$SCRIPTNAME: $TESTNAME"
-  echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}"
-  ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}
-  html_msg $? 3 "$TESTNAME"
+#  TESTNAME="startssl revoked, supports OCSP stapling"
+#  echo "$SCRIPTNAME: $TESTNAME"
+#  echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}"
+#  ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}
+#  html_msg $? 3 "$TESTNAME"
 
   TESTNAME="comodo trial test expired revoked, supports OCSP stapling"
   echo "$SCRIPTNAME: $TESTNAME"