Brian Smith
f99766963b
Bug 1030475: Use a valid id-ce-inhibitAnyPolicy extension value for test pkix_cert_extensions.KnownCriticalCEExtension, r=keeler
...
--HG--
extra : rebase_source : 34972b2842d65ad6d716b0fbccf4984f9efd1fbf
2014-06-25 17:14:32 -07:00
Brian Smith
ffa6744d0b
Bug 1030478: Make the AIA extension used in pkix_cert_extensions.CriticalAIAExtension less invalid, r=keeler
...
--HG--
extra : rebase_source : 42241cb4c8d2ba4e3e0ccc937059f9510765314b
2014-06-25 16:42:50 -07:00
Brian Smith
da88992387
Bug 1031022: Go back to accepting explicit encoding of v1 for certificates and OCSP responses, r=cviecco
...
--HG--
extra : rebase_source : f0adf63879a48db6c036cce1a3e9a7b65e44fc4e
2014-06-26 17:03:48 -07:00
Carsten "Tomcat" Book
9c954f17e2
merge fx-team to mozilla-central a=merge
2014-06-26 15:33:24 +02:00
Wes Kocher
97b6283a0e
Merge m-c to fx-team a=merge
2014-06-25 18:44:50 -07:00
Nathan Froyd
fd1e19ecd1
Backout bcd72aabb661, 1ed1c6212f4c, and 8d6f286139ef (bug 1025998) for xpcshell bustage leading to this CLOSED TREE
2014-06-25 17:00:06 -04:00
Nathan Froyd
9b746be8ce
Bug 1025998 - also export symbols groveled out of NSS by ctypes; r=me to reopen this CLOSED TREE
2014-06-25 15:14:49 -04:00
Brian Smith
4b43ae2a1c
Bug 1029341: Factor out decoding of certificate/OCSP extensions, r=keeler
...
--HG--
extra : rebase_source : a1d66b75838e9dfad486f5654db6d977e5c1d97a
extra : histedit_source : 34e05d8b3d94500b9cb4f1e311f8fe526b97ba6e
2014-06-24 21:52:50 -07:00
Brian Smith
33a324f644
Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco
...
--HG--
extra : rebase_source : 7e91710ed7cd6e68875c2d26f0b503835968e1f2
extra : histedit_source : e07446cad5edbf6cbb048304bc2b2af4395410db
2014-06-25 01:32:06 -07:00
Brian Smith
8ccb29582c
Bug 1029992, Improve AlgorithmIdentifier decoding in mozilla::pkix, r=cviecco
...
--HG--
extra : rebase_source : dec7d3e00afe3a9e433f789baf09c0c41679b0e2
extra : histedit_source : 47657cfde7a266b5d5322b024800abe316e9dbd6
2014-06-24 21:47:50 -07:00
Nathan Froyd
227bbe7f5d
Bug 1025998 - part 2 - use hand-rolled .def files for linking NSS; r=glandium
2014-06-24 15:36:10 -04:00
Kai Engert
9097ccebde
Bug 1020695, Update Mozilla to use NSS 3.16.2, r=wtc
2014-06-25 11:25:59 +02:00
Carsten "Tomcat" Book
ebf69ab96b
Backed out changeset 4f21e9bc729a (bug 1029364) for B2G Device and Emulator Bustage on a CLOSED TREE
2014-06-25 10:01:17 +02:00
Carsten "Tomcat" Book
41a513b25c
Backed out changeset a10da316a35f (bug 1029341)
2014-06-25 10:00:42 +02:00
Brian Smith
68788eeb9c
Bug 1029341: Factor out decoding of certificate/OCSP extensions, r=keeler
...
--HG--
extra : rebase_source : e307bea95d29cf78c9eaa7ddb1f2b2c195a59dc9
2014-06-24 21:52:50 -07:00
Brian Smith
39d3680e86
Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco
...
--HG--
extra : rebase_source : 79d5f29c2af1ec77d6bb8a7936bb0a17f28e8d52
2014-06-19 16:17:28 -07:00
Jim Blandy
b6b202b6bb
Bug 914753: Make Emacs file variable header lines correct, or at least consistent. DONTBUILD r=ehsan
...
The -*- file variable lines -*- establish per-file settings that Emacs will
pick up. This patch makes the following changes to those lines (and touches
nothing else):
- Never set the buffer's mode.
Years ago, Emacs did not have a good JavaScript mode, so it made sense
to use Java or C++ mode in .js files. However, Emacs has had js-mode for
years now; it's perfectly serviceable, and is available and enabled by
default in all major Emacs packagings.
Selecting a mode in the -*- file variable line -*- is almost always the
wrong thing to do anyway. It overrides Emacs's default choice, which is
(now) reasonable; and even worse, it overrides settings the user might
have made in their '.emacs' file for that file extension. It's only
useful when there's something specific about that particular file that
makes a particular mode appropriate.
- Correctly propagate settings that establish the correct indentation
level for this file: c-basic-offset and js2-basic-offset should be
js-indent-level. Whatever value they're given should be preserved;
different parts of our tree use different indentation styles.
- We don't use tabs in Mozilla JS code. Always set indent-tabs-mode: nil.
Remove tab-width: settings, at least in files that don't contain tab
characters.
- Remove js2-mode settings that belong in the user's .emacs file, like
js2-skip-preprocessor-directives.
2014-06-24 22:12:07 -07:00
Brian R. Bondy
1a59235ead
Bug 598615 - Rename HAVE_64BIT_OS to HAVE_64BIT_BUILD. r=ted
2014-06-24 22:16:25 -04:00
Wes Kocher
e1dd0ab43e
Backed out 2 changesets (bug 1027890) for B2G Windows Build bustage on a CLOSED TREE
...
Backed out changeset bcd694f0e95d (bug 1027890)
Backed out changeset 49cadfcde709 (bug 1027890)
2014-06-24 18:33:46 -07:00
Mike Hommey
a56bc0ee1c
Bug 1027890 - Remove all sorts of build system code dedicated to pymake. r=gps
2014-06-25 08:38:28 +09:00
Cykesiopka
63a1d33bc6
Bug 270016 - Make the list of certs shown in the Delete/Distrust cert dialog scrollable. r=keeler
2014-06-23 23:51:00 +02:00
Brian Smith
4212992a61
Bug 1028643: Convert nsISignatureVerifier to use CertVerifier (mozilla::pkix) and move nsISignatureVerifier functionality to nsIDataSignatureVerifier, r=keeler
...
--HG--
extra : rebase_source : 14f6f5dedd7145d574ac5b4c86b6ad42b6716ae8
extra : histedit_source : f891fbe80c4ca9fc62849bc2d6d8ffad372a6bf0
2014-06-22 18:50:22 -07:00
Brian Smith
bc23ff330b
Bug 1028493: Remove unused stapledOCSPResponse parameter from CreateCetErrorRunnable, r=mmc
...
--HG--
extra : rebase_source : 6ceddadff81fd607b53de317dc841e334bc76621
extra : histedit_source : d05fe4430c880da25c4d361977218ceb416d8f0d
2014-06-20 19:43:09 -07:00
Benoit Jacob
c26bd2e511
Bug 1028588 - Fix dangerous public destructors in security/ - r=bsmith
2014-06-23 18:40:03 -04:00
Honza Bambas
fd24ec8def
Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell
2014-06-23 19:43:40 +02:00
Ryan VanderMeulen
8f44adceee
Merge inbound to m-c. a=merge
2014-06-23 10:42:32 -04:00
ffxbld
387e4e4978
No bug, Automated HSTS preload list update from host bld-linux64-spot-1030 - a=hsts-update
2014-06-21 03:14:13 -07:00
Harsh Pathak
ad1b14886e
bug 956147 - Use Scoped PLArenaPool in GetSubjectAltNames to avoid memory leaks. r=keeler.
2014-06-19 14:36:31 -07:00
Brian Smith
3be55730af
Bug 1006812: Use mozilla::pkix::der to decode the key usage extension, r=keeler
...
--HG--
extra : rebase_source : e445c913994dc027e1179543d7b6cab2505e734d
2014-06-19 00:13:20 -07:00
Camilo Viecco
4547fc975b
Bug 1015973 - Improve cert error decoding. r=keeler
...
--HG--
extra : rebase_source : e812bc94b7c30727ef3a17fab0dac03633254083
2014-06-02 09:04:39 -07:00
David Keeler
7431ca657e
bug 1027711 - remove some unused const variables in PSM r=cviecco
2014-06-19 10:31:06 -07:00
Brian Smith
ee56f24882
Bug 1027311, Part 3: Remove irrelevant & problematic extensions from test_cert_signatures test certificates, r=cviecco
...
--HG--
extra : rebase_source : 574e46ea5664b1985ac19dab395e75f75f0bdccb
2014-06-18 13:40:18 -07:00
Brian Smith
64d2f4a8e1
Bug 1027311, Part 2: Remove irrelevant & problematic extensions from test_ev_certs test certificates, r=cviecco
...
--HG--
extra : rebase_source : 413b57030d95d8e0293933e01c5877909ceb27ff
2014-06-18 15:05:45 -07:00
Brian Smith
f15940bcb5
Bug 1027311, Part 1: Remove irrelevant & problematic extensions from test_certificate_usages test certificates, r=cviecco
...
--HG--
extra : rebase_source : e9a4072de3d24797929fc37c85ba99517bb6bad1
2014-06-18 13:56:36 -07:00
Brian Smith
a8a48f6bb4
Bug 1027255: Add ASSERT_/EXPECT_ GTest helpers for mozilla::pkix::Result, r=mmc
...
--HG--
extra : rebase_source : 2fb8807724ba59028ec32e8d287296a905bd3615
2014-06-18 23:40:34 -07:00
Brian Smith
3398077c81
Bug 611752: Remove XPCOM CMS interfaces (nsICMS* and nsISMimeCert), r=keeler
...
--HG--
extra : rebase_source : d5f70ff8b084fa9d53309d28d2ad478a478f4ff6
2014-06-15 20:51:51 -07:00
Brian Smith
6879fc02dd
Bug 1022970: Switch from UNIFIED_SOURCES back to SOURCES in security/pkix, security/certverifier, and security/manager/ssl/src, r=keeler
...
--HG--
extra : rebase_source : 7d45d018be6b23af199c1e9c858fb5bb3bb5a01b
2014-06-16 22:57:55 -07:00
Brian Smith
1ff76502ae
Bug 1026371
: Remove useless comments in CertVerifier.cpp, r=cviecco
...
--HG--
extra : rebase_source : 58444ab17c68bcde6938540b3b074af55e417687
2014-06-16 23:37:53 -07:00
Birunthan Mohanathas
c910458886
Bug 1016240 - Exterminate CR+LF line endings. r=briansmith,cpearce,ehsan,gavin
2014-06-18 17:56:02 -07:00
Benoit Jacob
79a09b081b
Bug 1027251 - Fix or whitelist dangerous public destructors in security/ - r=bsmith
2014-06-18 22:29:00 -04:00
Monica Chew
955a182d6f
Bug 1027133: Enable test mode for *.twitter.com (r=keeler)
2014-06-18 16:23:13 -04:00
David Keeler
23ad75a565
bug 1017826 - follow-up to fix indentation r=me a=whitespace-only DONTBUILD
2014-06-17 09:14:00 -07:00
Harsh Pathak
85a5bc6e6a
Bug 1017826 - prevent a potential memory leak in OCSPCache::Put. r=keeler
2014-06-16 20:27:00 +02:00
Nathan Froyd
9e632a1ea1
Bug 1018375 - part 4 - use a linker script for libnss3 on Linux-like OSes; r=glandium
2014-05-30 14:34:54 -04:00
Nathan Froyd
7b6f38d2db
Bug 1018375 - part 3 - use a static list of NSS def files for MOZ_FOLD_LIBS groveling; r=glandium
2014-06-03 14:23:06 -04:00
Harsh Pathak
2c75ba8d1d
bug 550052 - add length check when decoding key usage bit strings. r=dkeeler
2014-06-10 16:56:00 +02:00
Harsh Pathak
b2c0ef83be
Bug 1017348 - DumpASN1Object/ifdef-ed out code removed. r=dkeeler
2014-06-10 16:58:00 +02:00
Phil Ringnalda
61e8743b62
Merge m-i to m-c, a=merge
2014-06-15 09:28:20 -07:00
ffxbld
ae1625362c
No bug, Automated HSTS preload list update from host bld-linux64-spot-006 - a=hsts-update
2014-06-14 03:14:44 -07:00
Wan-Teh Chang
61a2cf4501
Bug 1020695: Update Mozilla to use NSS 3.16.2 Beta 4. Includes fixes for
...
bug 1013088, bug 996237, bug 970539, bug 1016567, bug 485732, bug 334013,
bug 959864, bug 1016836, bug 1016811, bug 1018536, bug 996250, bug 1009227,
bug 963150, bug 1007126, bug 1021102.
2014-06-13 14:17:18 -07:00
Camilo Viecco
007c3dfb85
Bug 998513 - Test GeneralizedTime encodings in mozilla::pkix. r=keeler.
2014-06-13 12:50:11 -07:00
Wes Kocher
f0ebc18ca2
Merge m-c to fx-team
2014-06-11 18:52:12 -07:00
Monica Chew
68b5959bb3
Bug 1004352: Enable pinning for Google in production mode (r=keeler)
2014-06-11 15:32:37 -07:00
Gijs Kruitbosch
b881af4217
Bug 908534 - change of event sink should trigger OnSecurityChange notifications, r=dkeeler
2014-06-11 11:19:17 +01:00
David Keeler
72e5b879dd
bug 1017160 - remove nsINSSCertErrorDialog and implementation r=cviecco
2014-06-09 16:35:35 -07:00
David Keeler
a1ba22a9d2
bug 1020993 - properly handle unknown critical extensions in BackCert::Init r=briansmith
2014-06-09 13:57:44 -07:00
Harsh Pathak
b671eb2af2
Bug 997370 - Update comment in nsIX509Cert.idl to reflect certificate fingerprint instead of public key. r=cviecco
2014-06-09 10:58:00 -04:00
Ryan VanderMeulen
6f355e5e59
Merge m-c to inbound on a CLOSED TREE. a=me
2014-06-07 13:36:44 -04:00
ffxbld
da3750634f
No bug, Automated HSTS preload list update from host bld-linux64-spot-051 - a=hsts-update
2014-06-07 03:18:25 -07:00
David Keeler
d98be01fdd
bug 1019198 - fail handshake if given an expired OCSP response and fetching a new one fails r=briansmith
2014-06-06 09:20:50 -07:00
Camilo Viecco
2754803080
Bug 1000548 - Leaking arenas allocated in mozilla::pkix r=keeler
...
--HG--
extra : rebase_source : 6b0aaef098a4fa4d5749013a332b6b7602640b36
2014-06-05 16:28:46 -07:00
Ed Morley
dd53384926
Backed out changeset 189492a9a115 (bug 1020695) for mochitest-2 failures in test_WebCrypto.html; CLOSED TREE
2014-06-05 15:52:01 +01:00
Wan-Teh Chang
1c2b9ab842
Bug 1020695: Update Mozilla to use NSS 3.16.2 Beta 3. Includes fixes for
...
bug 1013088, bug 996237, bug 970539, bug 1016567, bug 485732, bug 334013,
bug 959864, bug 1016836, bug 1016811, bug 1018536, bug 996250, bug 1009227,
bug 963150.
2014-06-05 07:06:32 -07:00
Wan-Teh Chang
27b5fea348
Revert 8406a2b981c5 to fix build bustage.
...
> Bug 1020695: Update Mozilla to use NSS 3.16.2 Beta 3. Includes fixes for
> bug 1013088, bug 996237, bug 970539, bug 1016567, bug 485732, bug 334013,
> bug 959864, bug 1016836, bug 1016811, bug 1018536, bug 996250, bug 1009227,
> bug 963150.
2014-06-04 21:26:33 -07:00
Wan-Teh Chang
19a284c6e7
Bug 1020695: Update Mozilla to use NSS 3.16.2 Beta 3. Includes fixes for
...
bug 1013088, bug 996237, bug 970539, bug 1016567, bug 485732, bug 334013,
bug 959864, bug 1016836, bug 1016811, bug 1018536, bug 996250, bug 1009227,
bug 963150.
2014-06-04 21:03:47 -07:00
David Keeler
afd6b3a4c0
bug 1003566 - part 2/2: prevent OCSP requests from being upgraded to HTTPS by HSTS r=cviecco
2014-06-04 09:58:28 -07:00
Camilo Viecco
f8058010ea
Bug 1021797 - Rename ArenaFalseCleaner to PORT_FreeArena_false. r=keeler
...
--HG--
extra : rebase_source : e7316ee06f58f42afbaf68d7e5f7948277fd15fd
2014-06-06 14:11:08 -07:00
Monica Chew
2a8bdf8ac7
Bug 1020485: Enable pinning in test mode for accounts.firefox.com (r=keeler)
2014-06-06 13:44:59 -07:00
Brian Smith
d069eee1bd
Bug 1020683, Part 3: Fix build bustage, a=BUSTAGE on a CLOSED TREE
...
--HG--
extra : rebase_source : 8eaa3eae911b0e75129988d58a19e5e76257b369
2014-06-06 12:04:36 -07:00
Brian Smith
842a9f0d8f
Bug 1020682: Simplify mozilla::pkix results cert chain construction and make it more efficient, r=cviecco
...
--HG--
extra : rebase_source : 69cb8ea66e075c89bbcbab3ca115cc2ccc95fa4f
2014-06-04 01:28:44 -07:00
Brian Smith
94b0c6c505
Bug 1020683, Part 2: Remove more references to CERTCertificate from mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : 9dce7585975fb23fe04f5714ece18645b22b2261
2014-06-04 00:03:28 -07:00
Brian Smith
56c22cc57c
Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
...
--HG--
extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8
2014-06-05 15:18:32 -07:00
Brian Smith
0988b16d24
Bug 1018411: Factor out signed data parsing in mozilla::pkix into a reusable and separately-testable function, r=keeler
...
--HG--
extra : rebase_source : d65a760f9f8efb656f238794019bd451ca163c0b
2014-05-31 18:54:34 -07:00
Mike Hommey
0fa0eb08c7
Bug 1027890 - Remove all sorts of build system code dedicated to pymake. r=gps
2014-06-25 08:38:28 +09:00
Jed Davis
1cac9a15d9
Bug 1014299 - Add times() to seccomp whitelist. r=kang
...
This system call seems to be used by some versions of the Qualcomm Adreno
graphics drivers when we run WebGL apps.
2014-06-02 14:52:00 +02:00
Sébastien Blin
6b33204ed4
Bug 1019722 - Remove a double assignment to lastRdn to fix a minor warning found by scan-build, the LLVM/Clang static analyzer. r=keeler
2014-06-02 20:16:14 +02:00
David Keeler
ca02748bb8
Bug 1009988 - OCSP tests: Precompute responses to prevent timeouts. r=cviecco
2014-06-02 11:35:27 -07:00
Monica Chew
2c499987c0
Bug 1019772: Enable production mode on pinning AMO (r=keeler)
2014-06-03 11:00:39 -07:00
Brian Smith
a33f724e49
Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
...
--HG--
extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f
2014-06-03 10:47:25 -07:00
Brian Smith
8b52746412
Bug 1019109: Add DottedOIDToCode.py tool, r=keeler
...
--HG--
extra : rebase_source : 44a92234f884af4500bc6eb5a1fc4dd4cfd38dc2
2014-06-02 10:50:04 -07:00
Cykesiopka
fbf7f5908c
Bug 235230 - Change IDL type of nsIX509Cert::windowTitle to AString; Original patch by Zack Weinberg. r=keeler
2014-06-01 13:59:00 +02:00
Brian Smith
d2755d917c
Bug 1018633: Simplify the max cert chain length check code in mozilla::pkix and make it more efficient, r=cviecco
...
--HG--
extra : rebase_source : 7fa4cc6c1b46357abed0c57c6e24c622049c5acb
2014-05-31 16:32:58 -07:00
Brian Smith
92e40f8a7d
Bug 1001188: Set the error code when the max cert chain length limit is exceeded, r=cviecco
...
--HG--
extra : rebase_source : ce9e1faa083f5c679e20a2b6d9e8d482462e75b0
2014-05-31 16:55:54 -07:00
Brian Smith
1e3170430a
Bug 1018642: Factor out reusable NSS GTest infrastructure into a new NSSTest class, r=cviecco
...
--HG--
extra : rebase_source : 101c316c1ea54f5092a21af4d7a1be349c504800
2014-05-30 16:46:49 -07:00
Brian Smith
d0f950f5b2
Bug 1018064: Replace mozilla::pkix::der::Input::Match with mozilla::pkix::der::Input::MatchRest, r=mmc
...
--HG--
extra : rebase_source : 5c5b14cf23b1e40854d241cbc482de40b01ac494
2014-05-29 22:09:45 -07:00
Brian Smith
058c81082c
Bug 1018061: Have mozilla::pkix::der::Input::Read use EnsureLength instead of its own checks, r=mmc
...
--HG--
extra : rebase_source : f46d6b9bdcd7d7a272fb39f22312a89d2695db56
2014-05-29 23:36:30 -07:00
Phil Ringnalda
7eb87d1b98
Merge m-i to m-c
2014-05-31 20:29:24 -07:00
ffxbld
3a8e6bfc3c
No bug, Automated HSTS preload list update from host bld-linux64-spot-176 - a=hsts-update
2014-05-31 03:14:44 -07:00
Cykesiopka
39960f90db
Bug 917510 - Replace SHA-1 fingerprints of EV certs in ExtendedValidation.cpp with SHA-2 fingerprints. r=briansmith, r=kwilson
2014-05-30 00:01:00 -04:00
Camilo Viecco
5f542bdf1c
Bug 991815 - Part 2/2 - Tests for OCSP responses up to 1 year old. r=keeler
...
--HG--
extra : rebase_source : cc012870da3a165a0a3d0d5c6c9671eeeda37f3f
2014-05-28 14:08:02 -07:00
Camilo Viecco
553254501f
Bug 991815 - Part 1/2 - Allow intermediate OCSP responses up to 1 year old. r=keeler
...
--HG--
extra : rebase_source : 28d5336da1dc44932b92ce2c59fca5fcb2b8a3d8
2014-05-30 16:12:36 -07:00
Nathan Froyd
2beaf5dea4
Bug 1017661
- remove MOZ_NSS_PATCH functionality; r=glandium
2014-05-29 12:16:58 -04:00
Brian Smith
03ace1f91a
Bug 1018033: Prevent buffer read overflow due to integer overflow in mozilla::pkix::der::Input::EnsureLength, r=keeler
...
--HG--
extra : rebase_source : e4e88d61e448fa475a106a06b9f32181906fba0f
2014-05-29 23:37:40 -07:00
Brian Smith
7d0c4cf7ba
Bug 1018041: Fix linking error in pkix_ocsp_request_tests when GTest is enabled on Windows, r=keeler
...
--HG--
extra : rebase_source : 36c5ee4f5cc40adb1079e34bd309147a662fc45f
2014-05-29 23:06:10 -07:00
Brian Smith
d099e18d30
Bug 1018018: Remove support/mention of proprietary Netscape certificate extensions from PSM, r=cviecco
...
--HG--
extra : rebase_source : 758ff9384c040084b1015f8025a4ff9f33590176
2014-05-29 20:38:25 -07:00
Brian Smith
f61831a128
Bug 1010634, Part 6: Enable -Wall with a few exceptions for certverifier, r=cviecco
...
--HG--
extra : rebase_source : 611f0d65e7edb74345a4a599a6606de37e3da75e
2014-05-15 21:56:23 -07:00
Brian Smith
1a0e4070a0
Bug 1010634, Part 5: Add private destructor to NSSErrorService in line with the XPCOM recommendations, r=cviecco
...
--HG--
extra : rebase_source : 1f8b4558114eef0e1a15f51f0c814f16e05f6f76
2014-05-29 20:18:17 -07:00
Brian Smith
78cf7bf1aa
Bug 1010634, Part 3: Fix more warnings in CertVerifier, r=cviecco
...
--HG--
extra : rebase_source : 21e79fbc472aeccec7df213e0cd8d99bebfbff75
2014-05-29 20:17:53 -07:00
David Keeler
165f7dcea8
bug 1006710 - add class of PSM errors to SEC and SSL errors r=briansmith
2014-05-28 15:28:03 -07:00
Camilo Viecco
4c8d269435
Bug 1005142 - Part 2/2 - Basic OCSP fetch method tests. r=keeler
...
--HG--
extra : rebase_source : 364a5d410eb3743ae0a03ebcf0a258e847d71743
2014-05-23 09:47:41 -07:00
Camilo Viecco
d20bcaf3c2
Bug 1005142 - Part 1/2 - Add OCSP get capabilities to OCSPRequestor. r=keeler
...
--HG--
extra : rebase_source : ee4a86bf02a466a31de8b0b6cd7ce375a7f28c6d
2014-05-21 15:42:21 -07:00
David Keeler
bb25d1dd44
bug 995801 - cache nsNSSCertificate::mCachedEVStatus on disk r=mayhemer
2014-01-10 11:13:03 -08:00
Brian Smith
76608dbfec
Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco
...
--HG--
extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc
2014-07-10 22:38:59 -07:00
Ryan VanderMeulen
6d6357a5b4
Merge m-c to inbound. a=merge
2014-07-11 16:38:04 -04:00
David Keeler
efaef0d80f
bug 1031543 - allow importing user certificates via certificate manager r=honzab
2014-07-11 11:19:24 -07:00
Brian Smith
b4e7be124a
Bug 1031542: Add test case for key usage without any value bits, r=keeler
...
--HG--
extra : rebase_source : 25bdc0db6b042fe6fbba61b80cb8a4ac7cb588eb
2014-06-27 15:21:48 -07:00
Brian Smith
cf47c812fd
Bug 975229: Remove NSS-based certificate verification, r=keeler
...
--HG--
extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9
2014-06-16 23:13:29 -07:00
Brian Smith
ba706ba138
Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
...
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
2014-06-20 10:10:51 -07:00
David Keeler
1f5296bdd8
bug 1028178 - re-add nsICertificateDialogs to nsNSSDialogs' NS_IMPL_ISUPPORTS declaration r=briansmith
2014-06-20 09:38:08 -07:00
David Keeler
4369408e5a
bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith
2014-06-20 09:01:57 -07:00
Cykesiopka
f81c301340
Bug 972702 - Make Cert Viewer details tab content resizable. r=keeler
2014-05-27 20:58:00 +02:00
Camilo Viecco
ebf37d16e3
Bug 1016442 - Make mozilla cdn sites production on built-in list. r=mmc
...
--HG--
extra : rebase_source : 5d937b61ab86c974210dcc83735cd4308bff018e
2014-05-27 10:53:40 -07:00
Ryan VanderMeulen
dfef259674
Backed out changeset d5da62e82faf (bug 995801) for test_browserElement_oop_SecurityChange.html failures.
...
CLOSED TREE
2014-05-27 14:27:40 -04:00
David Keeler
2c33f22ba9
bug 995801 - cache nsNSSCertificate::mCachedEVStatus on disk r=mayhemer
2014-01-10 11:13:03 -08:00
Richard Barnes
2b34ee7aa4
Bug 998803 - Add support for RSA encryption and signing to WebCrypto API. r=bz,dkeeler
2014-05-23 15:29:00 +02:00
ffxbld
b1e2aacef4
No bug, Automated HSTS preload list update from host bld-linux64-spot-1068 - a=hsts-update
2014-05-24 03:14:12 -07:00
Monica Chew
b7b4c09739
Bug 1004351: Enable production mode for twitter pins (r=keeler)
2014-05-22 15:11:07 -07:00
Monica Chew
b3defc8b63
Bug 1014344: Use Google's root pems in addition to their intermediate certs (r=keeler)
2014-05-22 15:09:45 -07:00
Wan-Teh Chang
eef2a3cc2c
Bug 1009794: Update NSS to NSS_3_16_2_BETA2, which also includes fixes
...
for bug 999893, bug 1011090, bug 1009785, bug 421391, and bug 1011229.
2014-05-22 12:31:09 -07:00
Cykesiopka
d53d1dbe6d
Bug 622332 - Show cert SHA-256 fingerprint and remove MD5 fingerprint. r=keeler
2014-05-22 00:52:00 +02:00
Birunthan Mohanathas
c6f127456b
Bug 869836 - Part 7: Use AppendLiteral instead of Append where possible. r=ehsan
2014-05-22 06:48:51 +03:00
Birunthan Mohanathas
fa0eb27120
Bug 869836 - Part 6: Use EqualsLiteral instead of Equals where possible. r=ehsan
2014-05-22 06:48:51 +03:00
Birunthan Mohanathas
53a11ecbdf
Bug 869836 - Part 4: Use EqualsLiteral instead of Equals(NS_LITERAL_STRING(...))
. r=ehsan
2014-05-22 06:48:51 +03:00
Birunthan Mohanathas
016d46e5f3
Bug 869836 - Part 3: Use Append('c')
instead of AppendLiteral("c")
. r=ehsan
2014-05-22 06:48:51 +03:00
Birunthan Mohanathas
41bdca1ff6
Bug 869836 - Part 2: Use AppendLiteral instead of Append(NS_LITERAL_STRING(...))
. r=ehsan
2014-05-22 06:48:50 +03:00
Camilo Viecco
adc414a37a
Bug 1010594 - Part 2/2 tests - r=keeler
...
--HG--
extra : rebase_source : 4ca9623b815544edc58308544fa85b192c2f31f3
2014-05-19 13:26:23 -07:00
Camilo Viecco
1156dda879
Bug 1010594 - Part 1/2 OCSP url check - r=briansmith
...
--HG--
extra : rebase_source : 0b26339d33db90722401ae1d8ac255d0390aea30
2014-05-16 13:53:14 -07:00
Camilo Viecco
53e3758b6c
Bug 1009635 - PreloadedHPKP.json should also contain production/exclusion lists. r=keeler
...
--HG--
extra : rebase_source : 46c13e490358f26b21191d6d783d795897ceea63
2014-05-15 08:04:54 -07:00
Richard Barnes
bab6e91564
Bug 995385 - Ensure that NSS is initialzed for CryptoTasks. r=dkeeler
2014-05-16 15:47:00 -04:00
Bob Owen
7ad2840b2f
Bug 1009452 - inherit stdout and stderr into the content process to allow logging. r=aklotz
2014-05-14 16:09:31 +01:00
Jed Davis
cf4e2aa404
Bug 920372 - Fix socketcall whitelisting on i386. r=kang
2014-05-20 18:38:14 -07:00
Jed Davis
e766f56bd7
Bug 920372 - Allow tgkill only for threads of the calling process itself. r=kang
2014-05-20 18:38:06 -07:00
Jed Davis
76189ee1d6
Bug 920372 - Use Chromium seccomp-bpf compiler to dynamically build sandbox program. r=kang
2014-05-20 18:37:53 -07:00
Jed Davis
9f6ce63f92
Bug 920372 - Import Chromium seccomp-bpf compiler, rev 4c08f442d2588a2c7cfaa117a55bd87d2ac32f9a. r=kang
...
Newly imported:
* sandbox/linux/seccomp-bpf/
* sandbox/linux/sandbox_export.h
* base/posix/eintr_wrapper.h
Updated:
* base/basictypes.h
* base/macros.h
At the time of this writing (see future patches for this bug) the only
things we're using from sandbox/linux/seccomp-bpf/ are codegen.cc and
basicblock.cc, and the header files they require. However, we may use
more of this code in the future, and it seems cleaner in general to
import the entire subtree.
2014-05-20 18:37:45 -07:00
Monica Chew
6b29a720f7
Bug 1013504: Introduce error file for genHPKPStaticPins.js (r=keeler)
2014-05-20 13:25:02 -07:00
Richard Barnes
a9ee821104
Bug 1005375 - Add an API that allows CryptoTasks to be created without being dispatched
2014-05-03 08:50:00 +02:00
Chris Peterson
f863a103d1
Bug 1007708 - Part 1: Fix warnings in security/pkix/test/ and mark as FAIL_ON_WARNINGS. r=briansmith
2014-05-17 20:12:10 -07:00
Monica Chew
d65adf15ae
Bug 1011269: Forgot to qref to pick up keeler's changes (r=keeler)
2014-05-19 13:24:41 -07:00
Monica Chew
26de94ed56
Bug 1011269: Add CertVerifier::pinningEnforceTestMode (r=keeler)
2014-05-19 13:04:40 -07:00
David Keeler
db2cfc3933
bug 986150 - fix some comments in mozilla::pkix DER tests r=mmc
2014-05-19 12:14:51 -07:00
David Keeler
46e6cd90ee
bug 986150 - test mozilla::pkix::der::OptionalBoolean r=mmc
2014-05-19 12:14:44 -07:00
David Keeler
1718a0078a
bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith
2014-05-14 10:05:32 -07:00
David Keeler
fa30954a7c
bug 1002814 - retry PK11_GenerateKeyPair when it fails non-fatally r=briansmith
2014-05-19 11:13:04 -07:00
Marco Castelluccio
9d51a7ca59
Bug 972201 - Remove the MOZ_B2G_CERTDATA hack. r=briansmith
2014-05-18 15:42:42 +02:00
ffxbld
67d1ab5218
No bug, Automated HSTS preload list update from host bld-linux64-spot-358 - a=hsts-update
2014-05-17 03:15:04 -07:00
Brian Smith
43e812bb41
Bug 1010634, Part 1: Fix compiler warnings in certverifier, r=cviecco
...
--HG--
extra : rebase_source : f8d925f042040368b038b62bc1d0c9d4d6d04618
2014-05-14 17:46:32 -07:00
Brian Smith
726599adbd
Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
...
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
2014-05-15 18:59:52 -07:00
Brian Smith
4aaebcf1b7
Bug 1010581: Document Expect/Match/Skip terminology in mozilla::pkix::der and make that code more consistent, r=keeler
...
--HG--
extra : rebase_source : 12aa2e1e9eed4f32a75732a65cbfaba9789d5d39
2014-05-14 19:30:09 -07:00
Brian Smith
ac79ecb683
Bug 1006041: Use mozilla::pkix::der for decoding the extended key usage extension, r=keeler
...
--HG--
extra : rebase_source : b4b62f117d653784eb6ad058554faf520a1bd90b
2014-05-14 01:02:34 -07:00
Brian Smith
f9a6cb7aca
Bug 989564, Part 2: Remove CERTCertificate dependency from CheckBasicConstraints, r=keeler
...
--HG--
extra : rebase_source : c0ce62f44109cbcdf65da770a1154814733a6b49
2014-04-25 20:27:27 -07:00
Brian Smith
07edc768dc
Bug 989564, Part 1: Decode basic constraints extension using mozilla::pkix::der, r=keeler
...
--HG--
extra : rebase_source : 89560218a69596868cb8a93c69ee72656b0abf77
2014-05-05 09:55:57 -07:00
Monica Chew
7dfd0bdbe7
Bug 1007844: Implement per-host telemetry for pin violations for AMO and aus4 (r=keeler)
2014-05-15 16:56:51 -07:00
Monica Chew
8428812265
Bug 1006594: Implement moz-specific telemetry (r=keeler)
2014-05-14 16:36:46 -07:00
David Keeler
6b2d58cdbe
backout dfc04fd0a41f (bug 1002814) for gtest breakage
2014-05-14 11:08:20 -07:00
David Keeler
8447893ea3
bug 1005266 - disable strict timeout checking in test_ocsp_timeout.js on WinXP because of frequent failures r=mmc
2014-05-14 09:57:10 -07:00
David Keeler
629dc525c2
bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith
2014-05-14 10:05:32 -07:00
Patrick McManus
0d145e63f3
bug 1006804 - psm interface for kea size and make kea available in preliminary handshake r=keeler r=honzab
2014-05-06 17:22:25 -04:00
Gervase Markham
d2053b443f
Bug 1007195 - Change licensing on mozilla::pkix to dual Apache 2/MPL 2. r=briansmith.
2014-05-14 14:37:25 +01:00
Monica Chew
775d416af7
Bug 1009720: Telemetry for CERT_PINNING_TEST_RESULTS (r=keeler)
2014-05-13 13:50:13 -07:00
David Keeler
3660be1571
bug 1005355 - look for PSM test binaries in /data/local/xpcb/ on Android/B2G r=mmc
2014-05-12 14:38:00 -07:00
Monica Chew
e1cffc99ed
Bug 772756: Implement sha1 support, import Chrome's pinsets wholesale, add test mode (r=cviecco,keeler)
2014-05-08 17:18:50 -07:00
Carsten "Tomcat" Book
07745cfb8e
Merge mozilla-central to mozilla-inbound
2014-05-12 13:48:01 +02:00
Carsten "Tomcat" Book
012c32e909
merge mozilla-inbound to mozilla-central
2014-05-12 13:33:19 +02:00
ffxbld
ab22bc9ea2
No bug, Automated HSTS preload list update from host bld-linux64-spot-382 - a=hsts-update
2014-05-10 03:26:08 -07:00
Jacek Caban
1938b72484
Bug 1005309 - Fixed MSVC detection.
...
--HG--
extra : rebase_source : 0b61de1270eb861234539de675c2d381e217f55c
2014-05-12 11:01:22 +02:00
David Keeler
ec8d8ab69e
bug 1005266 - specify a timeout for the socket in test_ocsp_timeout.js r=mmc
2014-05-09 15:17:43 -07:00
Camilo Viecco
3e488201d3
Bug 1007986 - Remove 1024 bit roots from mozilla pin list. r=mmc
2014-05-09 10:58:47 -07:00
David Keeler
2ca20b9cf4
bug 1007962 - CreateEncodedCertificate should take a SECItem as its serialNumber argument r=mmc
2014-05-08 15:33:38 -07:00
David Keeler
6ab0be36f4
bug 1007813 - match CreateEncodedCertificate declaration to its definition r=mmc
2014-05-08 11:51:50 -07:00
Wan-Teh Chang
4d8e8b3f86
Bug 979703: Update NSS to NSS_3_16_2_BETA1.
...
Fix bugs in intel-gcm-x86-masm.asm and re-enable the
Intel AES assembly code. (The fix is by Shay Gueron of Intel.)
Remove an unnecessary loop in intel-gcm-x64-masm.asm r=agl.
2014-05-08 14:28:47 -07:00
Monica Chew
59ec23eea7
Bug 1000354: Fix comment and make test clearer (r=keeler)
2014-05-07 15:48:23 -07:00
Bobby Holley
0a5fb33d0a
Bug 997987 - Remove usage of nsIScriptSecurityManager::GetSubjectPrincipal. r=Ms2ger
2014-05-06 15:43:03 -07:00
Jed Davis
c3a76a64ec
Bug 1004832 - Add tgkill to seccomp-bpf whitelist. r=kang
2014-05-02 16:57:00 +02:00
Camilo Viecco
7975f9a0c7
Bug 1006107 - Disable pining by default, setup pinning for *.addons.mozilla.org. r=dkeeler
...
--HG--
extra : rebase_source : 93b1dbd5dc31490424060729a3941deffa8ee1d5
2014-05-05 13:59:32 -07:00
Wan-Teh Chang
c0bf0a4283
Bug 993569: Update to NSS 3.16.1 and NSPR 4.10.5. r=kaie.
2014-05-05 13:51:39 -07:00
Monica Chew
f1a0dc002c
Bug 1005364: Disable pinning for all mozilla properties (r=keeler)
2014-05-04 15:36:38 -07:00
Brian Smith
2dc3d8c884
Bug 1005667: Fix build warning due to buggy test code in pkixtestutil.cpp, r=dholbert
2014-05-04 11:04:48 -07:00
Brian Smith
3718837588
Bug 1005309, Part 2: Enable extended compiler warnings (-W4 -Wall) in mozilla::pkix, r=mmc
...
--HG--
extra : rebase_source : 033574a0b26582753baec003becfaf15bbd85003
extra : histedit_source : 2d52c47f92b8f694203c2eb580b37be78ccf2f9c
2014-05-03 17:50:26 -07:00
Brian Smith
00e0d8964b
Bug 1005309, Part 1: Improve type conversion and error checking for hashing done in mozilla::pkix's pkixocsp.cpp. r=mmc
...
--HG--
extra : rebase_source : 79c248ebc45d722249ae7adbbd2527dc9985f6f0
extra : histedit_source : 8ea66942cec4252d9d7e625da22b5ad9964485a1
2014-05-02 11:53:06 -07:00
Brian Smith
ee7f4a5d76
Bug 1005256: Improve parameter validation in mozilla::pkix::der::Input::GetSECItem, r=mmc
...
--HG--
extra : rebase_source : 93b65e103c86747ddaf463e639aacffdf7ccb08f
extra : histedit_source : 10ef0ab13fb9de710ea3c589600db4632f9cf4a0
2014-05-02 11:52:10 -07:00
Brian Smith
d9ebffb937
Bug 1005208: Rename issuerKeyHash to keyHash in mozilla::pkix's pkixocsp.cpp, r=mmc
...
--HG--
extra : rebase_source : ede4ed17cb56e3e52325ecadc2c5ded33c4a6013
extra : histedit_source : b727000e81bbc8afa6b9f8188b97065f59da45ad
2014-05-02 10:40:03 -07:00
Brian Smith
02c940dedf
Bug 1005198: Make it easy to create test certificates in GTest tests, r=keeler
...
--HG--
extra : rebase_source : 0b1ec263a5a1ce1856afb12f11ea4c35c2aa55d0
extra : histedit_source : 40a3a3fc1993de0fcdeb5593a1a1df4dc94832b8
2014-04-25 19:57:40 -07:00
ffxbld
c0633c3827
No bug, Automated HSTS preload list update from host bld-linux64-spot-043 - a=hsts-update
2014-05-03 03:18:44 -07:00
David Keeler
33497d228a
bug 1004270 - use SQL cert/key DBs in PSM tests so we can run them on Android r=briansmith
2014-05-02 15:06:29 -07:00
Camilo Viecco
2114fc7458
Bug 951315 - Add telemetry to PK pinning. r=dkeeler
2014-04-30 17:04:00 -07:00
Monica Chew
2b01945b12
Bug 1002696 - Minimum set of changes to make genHPKPStaticPins.js productionizable. r=cviecco, dkeeler
...
--HG--
rename : security/manager/boot/src/PreloadedHPKPins.json => security/manager/tools/PreloadedHPKPins.json
rename : security/manager/boot/src/genHPKPStaticPins.js => security/manager/tools/genHPKPStaticPins.js
2014-05-01 14:48:37 -07:00
David Keeler
3bb0dcd8ba
bug 982248 - NSSCertDBTrustDomain: specify timeout for OCSP requests r=briansmith
2014-05-01 15:07:55 -07:00
Brian Smith
92ef8d4244
Bug 1003290: Fix OID parser template type, r=keeler
...
--HG--
extra : rebase_source : c33e450b84234ae7471118c2f8749593a59d9298
2014-04-25 16:31:30 -07:00
Brian Smith
5f1d6946ed
Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
...
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
2014-04-25 16:29:26 -07:00
Brian Smith
2ca0ebab0b
Bug 1002929: Avoid implicit conversion of Result to boolean in mozilla::der::GeneralizedTime, r=keeler
...
--HG--
extra : rebase_source : 8966d41f1837611b83ac84b347aeddfade9bc949
2014-04-24 16:08:30 -07:00
Monica Chew
b93e188e37
Bug 998057: Add tests for certificate pinning (r=cviecco,dkeeler)
2014-04-30 20:11:35 -07:00
Monica Chew
17cd41868a
Backed out changeset 9c8fbf297d51
...
Camilo did not land his patch that this depends on, my bad.
2014-04-30 20:01:34 -07:00
Monica Chew
2d85c28b2d
Bug 998057: Add tests for certificate pinning (r=cviecco,dkeeler)
2014-04-30 19:56:03 -07:00
Monica Chew
94e6bf9ad7
Bug 998057: Add test pinset to the pin generator (r=cviecco)
...
--HG--
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.der => security/manager/boot/src/default-ee.der
2014-04-30 15:30:44 -07:00
Camilo Viecco
b3ac77c27f
Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
...
--HG--
extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca
2014-02-05 14:49:10 -08:00
Richard Barnes
9e4f3258ed
Bug 1003604 - Make nsNSSShutDownObject::isAlreadyShutDown() const. r=dkeeler
2014-04-29 17:45:00 +02:00
Rodrigo Rodriguez Jr.
f307a82a31
Bug 952650 (part 11) - Remove JSVAL_TO_INT. r=njn.
...
--HG--
extra : rebase_source : 41923458bbf8fd957c9a57685df4969f1190bd9f
2014-04-27 19:55:08 -07:00
Rodrigo Rodriguez Jr.
34da22f61e
Bug 952650 (part 9) - Remove JSVAL_IS_INT. r=njn.
...
--HG--
extra : rebase_source : dc0c170914c2370c218cdbbe671d2a68628f5a87
2014-04-27 19:47:02 -07:00
Rodrigo Rodriguez Jr.
413ffc41d6
Bug 952650 (part 1) - Remove JSVAL_IS_NULL. r=terrence.
...
--HG--
extra : rebase_source : 83d1cdaf71260fd99b688c23303ceb2de7b00031
2014-04-27 19:30:51 -07:00
Wan-Teh Chang
90809cc516
Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 4. This disables
...
the new Intel AES assembly code on Windows. r=kaie.
2014-04-29 16:13:03 -07:00