From d082198205f74a0bd8da4e7241f7e21f6cb815c3 Mon Sep 17 00:00:00 2001 From: Tigro Date: Tue, 13 Aug 2013 19:36:03 +0400 Subject: [PATCH] sync with mageia --- nss-fixrandom.patch | 4 +- nss-no-rpath.patch | 6 +- nss.spec | 259 ++++++++++++++++----------------- renegotiate-transitional.patch | 10 +- 4 files changed, 136 insertions(+), 143 deletions(-) diff --git a/nss-fixrandom.patch b/nss-fixrandom.patch index 18eb82e..1b6d84d 100644 --- a/nss-fixrandom.patch +++ b/nss-fixrandom.patch @@ -1,5 +1,5 @@ ---- mozilla/security/nss/lib/freebl/unix_rand.c.orig 2006-12-16 09:38:48.000000000 +0100 -+++ mozilla/security/nss/lib/freebl/unix_rand.c 2006-12-16 09:38:59.000000000 +0100 +--- nss/lib/freebl/unix_rand.c.orig 2006-12-16 09:38:48.000000000 +0100 ++++ nss/lib/freebl/unix_rand.c 2006-12-16 09:38:59.000000000 +0100 @@ -876,7 +876,7 @@ /* Fork netstat to collect its output by default. Do not unset this unless * another source of entropy is available diff --git a/nss-no-rpath.patch b/nss-no-rpath.patch index d1f2756..945ac01 100644 --- a/nss-no-rpath.patch +++ b/nss-no-rpath.patch @@ -1,6 +1,6 @@ ---- nss-3.14.1/mozilla/security/nss/cmd/platlibs.mk.norpath 2012-11-14 05:14:08.000000000 +0400 -+++ nss-3.14.1/mozilla/security/nss/cmd/platlibs.mk 2013-01-14 13:08:22.895819720 +0400 -@@ -18,9 +18,9 @@ endif +--- nss/cmd/platlibs.mk~ 2012-07-17 11:22:42.000000000 -0400 ++++ nss/cmd/platlibs.mk 2012-10-27 13:03:47.839324389 -0400 +@@ -18,9 +18,9 @@ ifeq ($(OS_ARCH), Linux) ifeq ($(USE_64), 1) diff --git a/nss.spec b/nss.spec index 7a74090..9895a98 100644 --- a/nss.spec +++ b/nss.spec @@ -2,37 +2,38 @@ %define major 3 %define libname %mklibname %{name} %{major} -%define libfreebl %mklibname freebl %{major} %define develname %mklibname -d %{name} %define sdevelname %mklibname -d -s %{name} %define cvsver 3_15_1 +%define version 3.15.1 + +%define patchver %(echo %{version}|cut -d. -f3) +%if %{patchver} +%define tarballver %{version} +%else +%define tarballver %(echo %{version}|cut -d. -f1,2) +%endif %define nspr_libname %mklibname nspr 4 -%define nspr_version 4.9.0 # this seems fragile, so require the exact version or later (#58754) %define sqlite3_version %(pkg-config --modversion sqlite3 &>/dev/null && pkg-config --modversion sqlite3 2>/dev/null || echo 0) %define nspr_version %(pkg-config --modversion nspr &>/dev/null && pkg-config --modversion nspr 2>/dev/null || echo 0) -%define build_empty 0 -%{?_with_empty: %{expand: %%global build_empty 1}} -%{?_without_empty: %{expand: %%global build_empty 0}} - Name: nss +Version: %{version} +Release: %mkrel 1 Epoch: 2 -Version: 3.15.1 -Release: 1 Summary: Netscape Security Services Group: System/Libraries -License: MPL or GPLv2+ or LGPLv2+ +License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/index.html -Source0: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{cvsver}_RTM/src/nss-%{version}.tar.gz +Source0: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{cvsver}_RTM/src/nss-%{tarballver}.tar.gz Source1: nss.pc.in Source2: nss-config.in Source3: blank-cert8.db Source4: blank-key3.db Source5: blank-secmod.db -Source6: certdata_empty.txt # https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html # converted from PEM to DER format with openssl command: # openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der @@ -44,10 +45,11 @@ Source8: http://www.icpbrasil.gov.br/certificadoACRaiz.crt Patch0: nss-no-rpath.patch Patch1: nss-fixrandom.patch Patch4: renegotiate-transitional.patch -BuildRequires: rootcerts >= 1:20120218.00 -BuildRequires: nspr-devel >= 2:4.9.0 -BuildRequires: zlib-devel -BuildRequires: sqlite3-devel >= 3.7.7.1 +BuildRequires: rootcerts >= 1:20121229.00 +BuildRequires: libnspr-devel >= 2:%{nspr_version} +BuildRequires: libz-devel +# one should look in nss/lib/sqlite/README to check which version is "recommended" +BuildRequires: sqlite3-devel >= 3.7.14.1 BuildRequires: zip %description @@ -64,41 +66,65 @@ libraries have been not been included due to conflicts with the Mozilla libraries. %endif -%package shlibsign -Summary: Netscape Security Services - shlibsign -Group: System/Libraries -Conflicts: %{name} < 2:3.13.1-2 +%package doc +Summary: Network Security Services (NSS) - Documentation +Group: Documentation +BuildArch: noarch -%description shlibsign -This package contains the binary shlibsign needed by libfreebl3 -and libsoftokn3. +%description doc +Documentation for Network Security Services. %if %with lib %package -n %{libname} Summary: Network Security Services (NSS) Group: System/Libraries +Provides: mozilla-nss = %{epoch}:%{version}-%{release} +Requires(pre): filesystem >= 2.1.9-18 +Requires(post): nss +Requires(post): rpm-helper +Requires: %{mklibname sqlite3_ 0} >= %{sqlite3_version} +Requires: %{nspr_libname} >= %{nspr_version} +Conflicts: %{_lib}nss-devel < 2:3.13.5-2 %description -n %{libname} -This package contains the shared libraries libnss3, libnssckbi, libnssdbm3, -libnssutil3, libsmime3, and libssl3. - -%package -n %{libfreebl} -Summary: Network Security Services (NSS) -Group: System/Libraries -Requires(post): nss-shlibsign -Requires(post): rpm-helper -Conflicts: %{_lib}nss3 < 2:3.13.1-5 - -%description -n %{libfreebl} -This package contains the shared libraries libfreebl3 and libsoftokn3. +Network Security Services (NSS) is a set of libraries designed to +support cross-platform development of security-enabled server +applications. Applications built with NSS can support SSL v2 and v3, +TLS, PKCS #5, PKCS #7, PKCS #11, PKCS +#12, S/MIME, X.509 v3 certificates, and other security standards. For +detailed information on standards supported, see +http://www.mozilla.org/projects/security/pki/nss/overview.html. %package -n %{develname} Summary: Network Security Services (NSS) - development files Group: Development/C++ -Requires: %{libname} >= %{epoch}:%{version}-%{release} -Requires: %{libfreebl} >= %{epoch}:%{version}-%{release} +Requires(pre): filesystem >= 2.1.9-18 +Requires: %{libname} = %{epoch}:%{version}-%{release} +Requires: libnspr-devel +Provides: libnss-devel = %{epoch}:%{version}-%{release} Provides: nss-devel = %{epoch}:%{version}-%{release} -%rename %{libname}-devel +# (cg) The -devel package doesn't generate these automatically. +%ifarch x86_64 +Provides: devel(libfreebl3(64bit)) +Provides: devel(libnss3(64bit)) +Provides: devel(libnssckbi(64bit)) +Provides: devel(libnssdbm3(64bit)) +Provides: devel(libnssutil3(64bit)) +Provides: devel(libsmime3(64bit)) +Provides: devel(libsoftokn3(64bit)) +Provides: devel(libssl3(64bit)) +%else +Provides: devel(libfreebl3) +Provides: devel(libnss3) +Provides: devel(libnssckbi) +Provides: devel(libnssdbm3) +Provides: devel(libnssutil3) +Provides: devel(libsmime3) +Provides: devel(libsoftokn3) +Provides: devel(libssl3) +%endif +Obsoletes: %{libname}-devel < 2:3.12-8 +Conflicts: %{libname} < 2:3.12-8 %description -n %{develname} Header files to doing development with Network Security Services. @@ -106,22 +132,23 @@ Header files to doing development with Network Security Services. %package -n %{sdevelname} Summary: Network Security Services (NSS) - static libraries Group: Development/C++ -Requires: %{libname} >= %{epoch}:%{version}-%{release} -Requires: %{develname} >= %{epoch}:%{version}-%{release} +Requires: %{libname} = %{epoch}:%{version}-%{release} +Requires: %{develname} = %{epoch}:%{version}-%{release} +Requires: libnspr-devel >= 2:%{nspr_version} +Provides: libnss-static-devel = %{epoch}:%{version}-%{release} Provides: nss-static-devel = %{epoch}:%{version}-%{release} Conflicts: libopenssl-static-devel -%rename %{libname}-static-devel +Obsoletes: %{libname}-static-devel < 2:3.12-8 %description -n %{sdevelname} Static libraries for doing development with Network Security Services. %endif %prep - -%setup -q -#patch0 -p1 -b .no-rpath -#patch1 -p0 -#patch4 -p0 -b .transitional +%setup -qn %{name}-%{tarballver} +%patch0 -p0 +%patch1 -p0 +%patch4 -p0 -b .transitional find . -type d -perm 0700 -exec chmod 755 {} \; find . -type f -perm 0555 -exec chmod 755 {} \; @@ -134,14 +161,15 @@ find . -name '*.c' -executable -exec chmod -x {} \; export BUILD_OPT=1 export OPTIMIZER="%{optflags}" export XCFLAGS="%{optflags}" +export LDOPTS="$LDFLAGS" export ARCHFLAG="$LDFLAGS" export LIBDIR=%{_libdir} export USE_SYSTEM_ZLIB=1 export ZLIB_LIBS="-lz" export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 -export NSPR_INCLUDE_DIR=`%{_bindir}/pkg-config --cflags-only-I nspr | sed 's/-I//'` -export NSPR_LIB_DIR=`%{_bindir}/pkg-config --libs-only-L nspr | sed 's/-L//'` +export NSPR_INCLUDE_DIR=`%{_bindir}/pkg-config --cflags-only-I nspr | %{__sed} 's/-I//'` +export NSPR_LIB_DIR=`%{_bindir}/pkg-config --libs-only-L nspr | %{__sed} 's/-L//'` export MOZILLA_CLIENT=1 export NS_USE_GCC=1 export NSS_USE_SYSTEM_SQLITE=1 @@ -150,29 +178,10 @@ export NSS_ENABLE_ECC=1 export USE_64=1 %endif -%if %{build_empty} -# (oe) the "trust no one" scenario, it goes like: -# 1. mv /% {_lib}/libnssckbi.so /% {_lib}/libnssckbi.so.BAK -# 2. mv /% {_lib}/libnssckbi_empty.so /% {_lib}/libnssckbi.so -# 3. restart ff/tb -# it has to be done manually for now, but at least we have a way for -# users to quickly mitigate future problems, or whatever :-) - -pushd mozilla/security/nss/lib/ckfw/builtins -%{__perl} ./certdata.perl < %{SOURCE6} -popd -%endif - # Parallel is broken as of 3.11.4 :( -%make -j1 -C ./mozilla/security/nss \ - build_coreconf \ - build_dbm \ - all - -%if %{build_empty} -# tuck away the empty libnssckbi.so library -cp -p mozilla/security/nss/lib/ckfw/builtins/Linux*/libnssckbi.so libnssckbi_empty.so -%endif +%make -j1 -C ./nss/coreconf +%make -j1 -C ./nss/lib/dbm +%make -j1 -C ./nss # install new Verisign intermediate certificate # http://qa.mandriva.com/show_bug.cgi?id=29612 @@ -184,23 +193,13 @@ if [ -z "$ADDBUILTIN" ]; then fi ADDBUILTIN="$PWD/$ADDBUILTIN" OLD="$LD_LIBRARY_PATH" -libpath=`%{_bindir}/find mozilla/dist/ -name "Linux*" -type d` +libpath=`%{_bindir}/find ./dist/ -name "Linux*.*" -type d` # to use the built libraries instead of requiring nss # again as buildrequires export LD_LIBRARY_PATH="$PWD/$libpath/lib" -pushd mozilla/security/nss/lib/ckfw/builtins +pushd nss/lib/ckfw/builtins -# (oe) for reference: -# *ALL* of the root CA certs are hard coded into the libnssckbi.so library. -# So, for Mandriva we can add/remove certs easily in the rootcerts package. Please -# checkout and examine the rootcerts package. -# Once this has been done and the new rootcerts package has been installed this -# package (nss) has to be rebuilt to pickup the changes made. The "recreate -# certificates" lines below generates a new certdata.c source containing the root -# CA certs for mozilla. -# *ALL* of the mozilla based softwares that support SSL has to link against -# the NSS library. # recreate certificates %{__perl} ./certdata.perl < /etc/pki/tls/mozilla/certdata.txt @@ -211,14 +210,15 @@ popd export LD_LIBRARY_PATH="$OLD" %install -pushd mozilla/dist/$(uname -s)* +%{__rm} -rf %{buildroot} + +pushd dist/$(uname -s)* %{__mkdir_p} %{buildroot}%{_bindir} %{__cp} -aL bin/* %{buildroot}%{_bindir} %if %with lib %{__mkdir_p} %{buildroot}%{_libdir} -%{__mkdir_p} %{buildroot}/%{_lib} %{__mkdir_p} %{buildroot}%{_includedir}/nss %{__cp} -aL ../public/nss/* %{buildroot}%{_includedir}/nss @@ -236,20 +236,18 @@ pushd mozilla/dist/$(uname -s)* for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \ libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so do - %{__install} -m 755 lib/$file %{buildroot}/%{_lib} - ln -sf ../../%{_lib}/$file %{buildroot}%{_libdir}/$file + %{__install} -m 755 lib/$file %{buildroot}%{_libdir} done # These ghost files will be generated in the post step # Make sure chk files can be found in both places for file in libsoftokn3.chk libfreebl3.chk do - touch %{buildroot}/%{_lib}/$file - ln -s ../../%{_lib}/$file %{buildroot}%{_libdir}/$file + touch %{buildroot}%{_libdir}/$file done %{__mkdir_p} %{buildroot}%{_libdir}/pkgconfig -cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ +%{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%prefix%%,%{_prefix},g" \ -e "s,%%exec_prefix%%,%{_prefix},g" \ -e "s,%%includedir%%,%{_includedir}/nss,g" \ @@ -261,12 +259,12 @@ cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ popd %if %with lib -export NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` -export NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` -export NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` +export NSS_VMAJOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMAJOR" | %{__awk} '{print $3}'` +export NSS_VMINOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMINOR" | %{__awk} '{print $3}'` +export NSS_VPATCH=`echo %{version} | sed 's/\([0-9]*\).\([0-9]*\).\([0-9]*\)/\3/'` %{__mkdir_p} %{buildroot}%{_bindir} -cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ +%{__cat} %{SOURCE2} | %{__sed} -e "s,@libdir@,%{_libdir},g" \ -e "s,@prefix@,%{_prefix},g" \ -e "s,@exec_prefix@,%{_prefix},g" \ -e "s,@includedir@,%{_includedir}/nss%{major},g" \ @@ -276,34 +274,34 @@ cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ > %{buildroot}/%{_bindir}/nss-config %endif -pushd mozilla/security/nss/cmd/smimetools +pushd nss/cmd/smimetools %{__install} -m 0755 smime %{buildroot}%{_bindir} %{__perl} -pi -e 's|/usr/local/bin|%{_bindir}|g' %{buildroot}%{_bindir}/smime popd # add docs %{__mkdir_p} docs/SSLsample +#%{__cp} -a nss/cmd/SSLsample/README docs/SSLsample/ %{__mkdir_p} docs/bltest -cp -a mozilla/security/nss/cmd/bltest/tests/* docs/bltest/ -chmod -R a+r docs +%{__cp} -a nss/cmd/bltest/tests/* docs/bltest/ %{__mkdir_p} docs/certcgi -%{__cp} -a mozilla/security/nss/cmd/certcgi/*.html docs/certcgi/ -%{__cp} -a mozilla/security/nss/cmd/certcgi/HOWTO.txt docs/certcgi/ +%{__cp} -a nss/cmd/certcgi/*.html docs/certcgi/ +%{__cp} -a nss/cmd/certcgi/HOWTO.txt docs/certcgi/ %{__mkdir_p} docs/modutil -%{__cp} -a mozilla/security/nss/cmd/modutil/*.html docs/modutil/ +%{__cp} -a nss/cmd/modutil/*.html docs/modutil/ %{__mkdir_p} docs/signtool -%{__cp} -a mozilla/security/nss/cmd/signtool/README docs/signtool/ +%{__cp} -a nss/cmd/signtool/README docs/signtool/ %{__mkdir_p} docs/signver -%{__cp} -a mozilla/security/nss/cmd/signver/examples/1/*.pl docs/signver/ -%{__cp} -a mozilla/security/nss/cmd/signver/examples/1/*.html docs/signver/ +%{__cp} -a nss/cmd/signver/examples/1/*.pl docs/signver/ +%{__cp} -a nss/cmd/signver/examples/1/*.html docs/signver/ %{__mkdir_p} docs/ssltap -%{__cp} -a mozilla/security/nss/cmd/ssltap/*.html docs/ssltap/ +%{__cp} -a nss/cmd/ssltap/*.html docs/ssltap/ # Install the empty NSS db files %{__mkdir_p} %{buildroot}%{_sysconfdir}/pki/nssdb @@ -313,23 +311,21 @@ chmod -R a+r docs %{_bindir}/find docs -type f | %{_bindir}/xargs -t %{__perl} -pi -e 's/\r$//g' -%if %{build_empty} -# install the empty libnssckbi.so library (use alternatives?) -install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so -%endif - %multiarch_binaries %{buildroot}%{_bindir}/nss-config +%clean +%{__rm} -rf %{buildroot} + %if %with lib -%posttrans -n %{libfreebl} -%create_ghostfile /%{_lib}/libsoftokn%{major}.chk root root 644 -%create_ghostfile /%{_lib}/libfreebl%{major}.chk root root 644 -%{_bindir}/shlibsign -i /%{_lib}/libsoftokn%{major}.so >/dev/null 2>/dev/null -%{_bindir}/shlibsign -i /%{_lib}/libfreebl%{major}.so >/dev/null 2>/dev/null +%post -n %{libname} +%create_ghostfile %{_libdir}/libsoftokn%{major}.chk root root 644 +%create_ghostfile %{_libdir}/libfreebl%{major}.chk root root 644 +%{_bindir}/shlibsign -i %{_libdir}/libsoftokn%{major}.so >/dev/null 2>/dev/null +%{_bindir}/shlibsign -i %{_libdir}/libfreebl%{major}.so >/dev/null 2>/dev/null %endif %files -%doc docs/* +%defattr(0644,root,root,0755) %attr(0755,root,root) %{_bindir}/addbuiltin %attr(0755,root,root) %{_bindir}/atob %attr(0755,root,root) %{_bindir}/baddbdir @@ -364,6 +360,7 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so %attr(0755,root,root) %{_bindir}/p7env %attr(0755,root,root) %{_bindir}/p7sign %attr(0755,root,root) %{_bindir}/p7verify +%attr(0755,root,root) %{_bindir}/pk11gcmtest %attr(0755,root,root) %{_bindir}/pk11mode %attr(0755,root,root) %{_bindir}/pk12util %attr(0755,root,root) %{_bindir}/pk1sign @@ -375,6 +372,7 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so %attr(0755,root,root) %{_bindir}/sdrtest %attr(0755,root,root) %{_bindir}/secmodtest %attr(0755,root,root) %{_bindir}/selfserv +%attr(0755,root,root) %{_bindir}/shlibsign %attr(0755,root,root) %{_bindir}/signtool %attr(0755,root,root) %{_bindir}/signver %attr(0755,root,root) %{_bindir}/smime @@ -389,33 +387,29 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so %config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db %config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db -%files shlibsign -%attr(0755,root,root) %{_bindir}/shlibsign +%files doc +%defattr(0644,root,root,0755) +%doc docs/* %if %with lib -%files -n %{libfreebl} -/%{_lib}/libfreebl%{major}.so -/%{_lib}/libsoftokn%{major}.so -%defattr(0644,root,root,0755) -%ghost /%{_lib}/libfreebl%{major}.chk -%ghost /%{_lib}/libsoftokn%{major}.chk - %files -n %{libname} -/%{_lib}/libnss%{major}.so -/%{_lib}/libnssckbi.so -%if %{build_empty} -/%{_lib}/libnssckbi_empty.so -%endif -/%{_lib}/libnssutil%{major}.so -/%{_lib}/libnssdbm%{major}.so -/%{_lib}/libsmime%{major}.so -/%{_lib}/libssl%{major}.so +%defattr(0755,root,root,0755) +%{_libdir}/libfreebl%{major}.so +%{_libdir}/libnss%{major}.so +%{_libdir}/libnssckbi.so +%{_libdir}/libsmime%{major}.so +%{_libdir}/libsoftokn%{major}.so +%{_libdir}/libssl%{major}.so +%{_libdir}/libnssutil%{major}.so +%{_libdir}/libnssdbm%{major}.so +%defattr(0644,root,root,0755) +%ghost %{_libdir}/libsoftokn%{major}.chk +%ghost %{_libdir}/libfreebl%{major}.chk %files -n %{develname} %defattr(0644,root,root,0755) %attr(0755,root,root) %{_bindir}/nss-config %attr(0755,root,root) %{multiarch_bindir}/nss-config -%_libdir/*.so %dir %{_includedir}/nss %{_includedir}/nss/base64.h %{_includedir}/nss/blapit.h @@ -527,4 +521,3 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so %{_libdir}/libssl.a %endif - diff --git a/renegotiate-transitional.patch b/renegotiate-transitional.patch index b1a940b..5324719 100644 --- a/renegotiate-transitional.patch +++ b/renegotiate-transitional.patch @@ -1,11 +1,11 @@ ---- mozilla/security/nss/lib/ssl/sslsock.c 2011-10-22 18:45:40.000000000 +0200 -+++ mozilla/security/nss/lib/ssl/sslsock.c.oden 2011-11-05 17:45:55.672091551 +0100 -@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { +--- nss/lib/ssl/sslsock.c 2013-05-28 23:43:24.000000000 +0200 ++++ nss/lib/ssl/sslsock.c.oden 2013-06-26 10:52:13.194644826 +0200 +@@ -149,7 +149,7 @@ static sslOptions ssl_defaults = { PR_FALSE, /* noLocks */ PR_FALSE, /* enableSessionTickets */ PR_FALSE, /* enableDeflate */ - 2, /* enableRenegotiation (default: requires extension) */ -+ 3, /* enableRenegotiation (default: transitional) */ ++ 3, /* enableRenegotiation (default: requires extension) */ PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ - PR_TRUE /* cbcRandomIV */ + PR_TRUE, /* cbcRandomIV */