4cc1ba65d4
Changelog:
New Functionality:
* in sechash.h
HASH_GetHashOidTagByHashType - convert type HASH_HashType to type
SECOidTag
* in sslexp.h
SSL_SendCertificateRequest - allow server to request post-handshake client
authentication. To use this both peers need to enable the
SSL_ENABLE_POST_HANDSHAKE_AUTH option. Note that while the mechanism is
present, post-handshake authentication is currently not TLS 1.3 compliant
due to Bug 1532312
Notable changes:
* The following CA certificates were Added:
- CN = emSign Root CA - G1
SHA-256 Fingerprint:
40F6AF0346A99AA1CD1D555A4E9CCE62C7F9634603EE406615833DC8C8D00367
- CN = emSign ECC Root CA - G3
SHA-256 Fingerprint:
86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B
- CN = emSign Root CA - C1
SHA-256 Fingerprint:
125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F
- CN = emSign ECC Root CA - C3
SHA-256 Fingerprint:
BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3
- CN = Hongkong Post Root CA 3
SHA-256 Fingerprint:
5A2FC03F0C83B090BBFA40604B0988446C7636183DF9846E17101A447FB8EFD6
Bugs fixed in NSS 3.43
* Bug 1528669 and Bug 1529308 - Improve Gyp build system handling
* Bug 1529950 and Bug 1521174 - Improve NSS S/MIME tests for Thunderbird
* Bug 1530134 - If Docker isn't installed, try running a local clang-format
as a fallback
* Bug 1531267 - Enable FIPS mode automatically if the system FIPS mode flag
is set
* Bug 1528262 - Add a -J option to the strsclnt command to specify sigschemes
* Bug 1513909 - Add manual for nss-policy-check
* Bug 1531074 - Fix a deref after a null check in SECKEY_SetPublicValue
* Bug 1517714 - Properly handle ESNI with HRR
* Bug 1529813 - Expose HKDF-Expand-Label with mechanism
* Bug 1535122 - Align TLS 1.3 HKDF trace levels
* Bug 1530102 - Use getentropy on compatible versions of FreeBSD
|
||
|---|---|---|
| .. | ||
| files | ||
| patches | ||
| buildlink3.mk | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||