HGKeeper

Manual merge release-2.x.y branch into master.

2014-09-30, Mark Doliner

304d073d134e

Parents c3e87cb60c02 2efc22e824ab
Children 21ef99aa6390

Manual merge release-2.x.y branch into master.

1 merge conflict in ssl-nss.c. Not too bad.

1 files changed, 29 insertions(+), 24 deletions(-)

+29 -24

libpurple/plugins/ssl/ssl-nss.c

~~--- a/libpurple/plugins/ssl/ssl-nss.c Sun Sep 28 19:12:41 2014 -0700~~

+++ b/libpurple/plugins/ssl/ssl-nss.c Tue Sep 30 23:58:44 2014 -0700

@@ -32,6 +32,9 @@

#ifdef _WIN32

# ifndef HAVE_LONG_LONG

#define HAVE_LONG_LONG

+/* WINDDK_BUILD is defined because the checks around usage of

+ * intrisic functions are wrong in nspr */

+#define WINDDK_BUILD

# endif

#else

/* TODO: Why is this done?

@@ -133,6 +136,10 @@

static void

ssl_nss_init_nss(void)

{

+#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 )

+ SSLVersionRange supported, enabled;

+#endif /* NSS >= 3.14 */

+

PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);

NSS_NoDB_Init(".");

NSS_SetDomesticPolicy();

@@ -150,34 +157,32 @@

SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);

SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);

~~- if (NSS_VersionCheck("3.14")) {~~

~~- SSLVersionRange supported, enabled;~~

-

~~- /* Get the ranges of supported and enabled SSL versions */~~

~~- if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&~~

~~- (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {~~

~~- purple_debug_info("nss", "TLS supported versions: "~~

~~- "0x%04hx through 0x%04hx\n", supported.min, supported.max);~~

~~- purple_debug_info("nss", "TLS versions allowed by default: "~~

~~- "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);~~

+#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 )

+ /* Get the ranges of supported and enabled SSL versions */

+ if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&

+ (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {

+ purple_debug_info("nss", "TLS supported versions: "

+ "0x%04hx through 0x%04hx\n", supported.min, supported.max);

+ purple_debug_info("nss", "TLS versions allowed by default: "

+ "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);

~~- /* Make sure SSL 3.0 is disabled (it's old and everyone should be~~

~~- using at least TLS 1.0 by now), and make sure all versions of TLS~~

~~- supported by the local library are enabled (for some reason NSS~~

~~- doesn't enable newer versions of TLS by default -- more context in~~

~~- ticket #15909). */~~

~~- if (enabled.min != SSL_LIBRARY_VERSION_TLS_1_0 || supported.max > enabled.max) {~~

~~- enabled.max = supported.max;~~

~~- if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {~~

~~- purple_debug_info("nss", "Changed allowed TLS versions to "~~

~~- "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);~~

~~- } else {~~

~~- purple_debug_error("nss", "Error setting allowed TLS versions to "~~

~~- "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);~~

~~- }~~

+ /* Make sure SSL 3.0 is disabled (it's old and everyone should be

+ using at least TLS 1.0 by now), and make sure all versions of TLS

+ supported by the local library are enabled (for some reason NSS

+ doesn't enable newer versions of TLS by default -- more context in

+ ticket #15909). */

+ if (enabled.min != SSL_LIBRARY_VERSION_TLS_1_0 || supported.max > enabled.max) {

+ enabled.max = supported.max;

+ if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {

+ purple_debug_info("nss", "Changed allowed TLS versions to "

+ "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);

+ } else {

+ purple_debug_error("nss", "Error setting allowed TLS versions to "

+ "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);

}

+#endif /* NSS >= 3.14 */

_identity = PR_GetUniqueIdentity("Purple");

_nss_methods = PR_GetDefaultIOMethods();

pidgin/pidgin