Commit Graph

3427 Commits

Author SHA1 Message Date
Cykesiopka
8eefbf1b80 Bug 443811 - Use long date format for cert date output. r=keeler 2015-09-13 23:33:00 +02:00
Richard Barnes
ef0d9ed24f Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler 2015-09-11 14:52:30 -04:00
ffxbld
4bc06df906 No bug, Automated HPKP preload list update from host bld-linux64-spot-542 - a=hpkp-update 2015-09-12 03:39:46 -07:00
ffxbld
34db847572 No bug, Automated HSTS preload list update from host bld-linux64-spot-542 - a=hsts-update 2015-09-12 03:39:44 -07:00
Steven Michaud
65c33408b6 Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir, tighten earlier patch. r=areinald 2015-09-10 15:32:42 -05:00
Mark Goodwin
25d06c35c0 Bug 1016555 - Disable OCSP checking for certificates covered by OneCRL r=keeler
1) Added some comments to firefox.js to explain the relationship between
extensions.blocklist.interval and security.onecrl.maximum_staleness_in_seconds
2) Modified default values in firefox.js and mobile.js to set maximum staleness
to 1.25x blocklist interval
3) modified the tests_ev_certs.js xpcshell test to cope with larger maximum
staleness values to address test failures
2015-09-10 11:10:07 +01:00
Bob Owen
89cecb0a22 Bug 1200336: Apply fix for Chromium issue 482784 for sandbox bug when built with VS2015. r=tabraldes 2015-09-10 08:25:20 +01:00
Jed Davis
2b175a829d Bug 1199481 - Complain more when entering sandboxing code as root. r=kang 2015-08-28 13:37:00 +02:00
Jed Davis
4e4ab4e9b2 Bug 1199413 - Fix MOZ_DISABLE_GMP_SANDBOX so it disables all the sandboxing. r=kang
Bonus fix: don't start the chroot helper unless we're going to use
it.  For this to matter, you'd need a system with unprivileged user
namespaces but no seccomp-bpf (or fake it with env vars) *and* to set
media.gmp.insecure.allow, so this is more to set a good example for
future changes to this code than for functional reasons.
2015-08-28 12:18:00 +02:00
Nicholas Nethercote
0c46c656b9 Bug 1202526 (part 5) - Use PLDHashTable::RemoveEntry() in nsSecureBrowserUIImpl. r=dkeeler.
This avoids repeating the hash table search in order to remove the entry.
2015-09-07 19:20:16 -07:00
Jacek Caban
a1d8a2b9b2 Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith 2015-09-09 14:16:59 +02:00
Bob Owen
e2abf5a65b Bug 1197943: Turn off MITIGATION_STRICT_HANDLE_CHECKS for NPAPI process sandbox for causing hangs. r=aklotz 2015-09-09 08:45:25 +01:00
Bob Owen
6649fdb686 Bug 1201438: Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy 2015-09-08 11:18:12 +01:00
ffxbld
dc1dd8c399 No bug, Automated HPKP preload list update from host bld-linux64-spot-1098 - a=hpkp-update 2015-09-05 03:41:54 -07:00
ffxbld
3b3a1dd6a4 No bug, Automated HSTS preload list update from host bld-linux64-spot-1098 - a=hsts-update 2015-09-05 03:41:52 -07:00
Steven Michaud
821cabecb6 Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir. r=areinald 2015-09-03 19:28:30 -05:00
David Keeler
b41a1cba8f bug 1196853 - convert test_cert_signatures.js to generate certificates at build time r=jcj
Also add additional testcases that weren't in the original test (tampered
signatures had been tested, but tampered certificates hadn't been covered).
2015-08-19 15:59:49 -07:00
ffxbld
3d8ce77307 No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2015-09-03 13:59:53 -07:00
ffxbld
25c72e5172 No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2015-09-03 13:59:50 -07:00
Masatoshi Kimura
90ba467266 Bug 1201024 - Disable unrestricted RC4 fallback and add RC4-only servers to the fallback whitelist. r=cykesiopka 2015-09-03 21:50:52 +09:00
Nick Thomas
2b6fac45c5 Bug 1197607, Automated hsts & hpkp updates are failing on mozilla-central, mozilla-aurora, mozilla-esr38, r=cykesiopka 2015-09-03 22:07:42 +12:00
Masatoshi Kimura
b62a73df84 Bug 1195789 - Update fallback whitelist. r=cykesiopka 2015-09-02 00:44:04 +09:00
Nicholas Nethercote
69d088e45f Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
2015-08-27 20:44:53 -07:00
Ryan VanderMeulen
3325ea8059 Backed out changeset 982be1bbebdf (bug 1199624) for Windows bustage. 2015-08-30 17:09:09 -04:00
Jacek Caban
5a61810c25 Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith 2015-08-29 07:59:00 -04:00
Cykesiopka
8cd8b4d197 Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. r=keeler 2015-08-24 22:53:42 -07:00
Makoto Kato
4f11626a2a Bug 1196403 - Apply crbug/522201 to support Windows 10 build 10525. r=bobowen 2015-08-25 19:21:08 +09:00
Xidorn Quan
da613e7a51 Bug 1188468 - Allow script to force updating a generated file even if the file is actually not changed. r=gps 2015-08-25 10:07:43 +10:00
David Keeler
f941583fc0 bug 1194013 - convert test_name_constraints.js to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-11 16:40:38 -07:00
Ryan VanderMeulen
92b3e3e9e6 Merge inbound to m-c. a=merge 2015-08-23 17:18:36 -04:00
Fabrice Desré
3b797ad0ab Bug 1196988 - Remove THA support. r=gwagner 2015-08-21 10:00:54 -07:00
Jonathan Griffin
75b23850e3 Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester 2015-08-18 11:26:14 -07:00
Kai Engert
1fd2102b9b Bug 1194135, set NSS version to final 3.20 tag, no code change, DONTBUILD 2015-08-19 18:41:53 +02:00
Wes Kocher
a8fded37cd Backed out changeset 688775a8227f (bug 1136892) for mass bustage prompting a CLOSED TREE 2015-08-18 11:58:05 -07:00
Christoph Kerschbaumer
301815979b Bug 1195606 - Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking) 2015-08-18 09:54:09 -07:00
Mark Goodwin
29cc9f37d3 Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler) 2015-08-21 15:14:08 +01:00
Mike Hommey
f041201fd5 Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith 2015-08-21 15:27:22 +09:00
Mike Hommey
6bd3004c10 Backout changesets af1b36497559 and 1d52ab626597 (bug 1189891) for pkix bustage 2015-08-21 15:05:38 +09:00
Mike Hommey
22a71eae08 Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith 2015-08-21 14:29:19 +09:00
Ben Hearsum
c5230b8f2e bug 1116409: switch update server to sha2 cert; update in-tree pinning. r=rstrong,snorp,mfinkle,dkeeler 2015-08-20 17:50:51 -04:00
Cykesiopka
a972c44150 Bug 1195615 - Log a web console warning when a HPKP header is ignored due to a non-built in root cert. r=keeler 2015-08-20 14:33:29 -07:00
Jonathan Griffin
27f1926ee5 Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester 2015-08-18 11:26:14 -07:00
Arnaud Bienner
5f922f1572 Bug 1190086 - Use new String::Contains(char) method more widely r=froydnj 2015-08-14 00:49:15 +02:00
David Keeler
c5ef778579 bug 1190603 - rename prime256v1 to secp256r1 in test_keysize.js to reduce confusion r=Cykesiopka
OpenSSL refers to the curve in question as 'prime256v1', but rfc 5480,
mozilla::pkix, and the test framework refer to it as secp256r1, so we
should be consistent.
2015-08-05 13:39:11 -07:00
David Keeler
a43f0cbb4c bug 1190603 - convert test_keysize.js to generate certificates at build time r=Cykesiopka 2015-08-03 17:02:58 -07:00
Aryeh Gregor
d3cb7c0037 Bug 1193298 - Part 2: Use .get() to convert from RefPtr to raw pointer. r=froydnj 2015-08-11 06:45:00 -04:00
Jed Davis
aebeff26fc Bug 1004011 - Support SECCOMP_FILTER_FLAG_TSYNC if available. r=kang 2015-08-11 16:30:00 -04:00
Tanvi Vyas
de349986d1 Bug 1182551 - Updating nsSecureBrowserUIImpl so that insecure pages with mixed content iframes don't get marked as broken. r=keeler 2015-08-13 17:13:48 -07:00
Kai Engert
e43d71303d Bug 1194135, Update Mozilla to NSS 3.20, r=mt 2015-08-13 11:31:23 +02:00
Nathan Froyd
c233b96243 Bug 1193021 - clean up reference-counting in security/; r=keeler 2015-07-01 13:10:53 -04:00