Cykesiopka
8eefbf1b80
Bug 443811 - Use long date format for cert date output. r=keeler
2015-09-13 23:33:00 +02:00
Richard Barnes
ef0d9ed24f
Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
2015-09-11 14:52:30 -04:00
ffxbld
4bc06df906
No bug, Automated HPKP preload list update from host bld-linux64-spot-542 - a=hpkp-update
2015-09-12 03:39:46 -07:00
ffxbld
34db847572
No bug, Automated HSTS preload list update from host bld-linux64-spot-542 - a=hsts-update
2015-09-12 03:39:44 -07:00
Steven Michaud
65c33408b6
Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir, tighten earlier patch. r=areinald
2015-09-10 15:32:42 -05:00
Mark Goodwin
25d06c35c0
Bug 1016555 - Disable OCSP checking for certificates covered by OneCRL r=keeler
...
1) Added some comments to firefox.js to explain the relationship between
extensions.blocklist.interval and security.onecrl.maximum_staleness_in_seconds
2) Modified default values in firefox.js and mobile.js to set maximum staleness
to 1.25x blocklist interval
3) modified the tests_ev_certs.js xpcshell test to cope with larger maximum
staleness values to address test failures
2015-09-10 11:10:07 +01:00
Bob Owen
89cecb0a22
Bug 1200336: Apply fix for Chromium issue 482784 for sandbox bug when built with VS2015. r=tabraldes
2015-09-10 08:25:20 +01:00
Jed Davis
2b175a829d
Bug 1199481 - Complain more when entering sandboxing code as root. r=kang
2015-08-28 13:37:00 +02:00
Jed Davis
4e4ab4e9b2
Bug 1199413 - Fix MOZ_DISABLE_GMP_SANDBOX so it disables all the sandboxing. r=kang
...
Bonus fix: don't start the chroot helper unless we're going to use
it. For this to matter, you'd need a system with unprivileged user
namespaces but no seccomp-bpf (or fake it with env vars) *and* to set
media.gmp.insecure.allow, so this is more to set a good example for
future changes to this code than for functional reasons.
2015-08-28 12:18:00 +02:00
Nicholas Nethercote
0c46c656b9
Bug 1202526 (part 5) - Use PLDHashTable::RemoveEntry() in nsSecureBrowserUIImpl. r=dkeeler.
...
This avoids repeating the hash table search in order to remove the entry.
2015-09-07 19:20:16 -07:00
Jacek Caban
a1d8a2b9b2
Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
2015-09-09 14:16:59 +02:00
Bob Owen
e2abf5a65b
Bug 1197943: Turn off MITIGATION_STRICT_HANDLE_CHECKS for NPAPI process sandbox for causing hangs. r=aklotz
2015-09-09 08:45:25 +01:00
Bob Owen
6649fdb686
Bug 1201438: Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy
2015-09-08 11:18:12 +01:00
ffxbld
dc1dd8c399
No bug, Automated HPKP preload list update from host bld-linux64-spot-1098 - a=hpkp-update
2015-09-05 03:41:54 -07:00
ffxbld
3b3a1dd6a4
No bug, Automated HSTS preload list update from host bld-linux64-spot-1098 - a=hsts-update
2015-09-05 03:41:52 -07:00
Steven Michaud
821cabecb6
Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir. r=areinald
2015-09-03 19:28:30 -05:00
David Keeler
b41a1cba8f
bug 1196853
- convert test_cert_signatures.js to generate certificates at build time r=jcj
...
Also add additional testcases that weren't in the original test (tampered
signatures had been tested, but tampered certificates hadn't been covered).
2015-08-19 15:59:49 -07:00
ffxbld
3d8ce77307
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2015-09-03 13:59:53 -07:00
ffxbld
25c72e5172
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2015-09-03 13:59:50 -07:00
Masatoshi Kimura
90ba467266
Bug 1201024 - Disable unrestricted RC4 fallback and add RC4-only servers to the fallback whitelist. r=cykesiopka
2015-09-03 21:50:52 +09:00
Nick Thomas
2b6fac45c5
Bug 1197607, Automated hsts & hpkp updates are failing on mozilla-central, mozilla-aurora, mozilla-esr38, r=cykesiopka
2015-09-03 22:07:42 +12:00
Masatoshi Kimura
b62a73df84
Bug 1195789 - Update fallback whitelist. r=cykesiopka
2015-09-02 00:44:04 +09:00
Nicholas Nethercote
69d088e45f
Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
...
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
2015-08-27 20:44:53 -07:00
Ryan VanderMeulen
3325ea8059
Backed out changeset 982be1bbebdf (bug 1199624) for Windows bustage.
2015-08-30 17:09:09 -04:00
Jacek Caban
5a61810c25
Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
2015-08-29 07:59:00 -04:00
Cykesiopka
8cd8b4d197
Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. r=keeler
2015-08-24 22:53:42 -07:00
Makoto Kato
4f11626a2a
Bug 1196403 - Apply crbug/522201 to support Windows 10 build 10525. r=bobowen
2015-08-25 19:21:08 +09:00
Xidorn Quan
da613e7a51
Bug 1188468 - Allow script to force updating a generated file even if the file is actually not changed. r=gps
2015-08-25 10:07:43 +10:00
David Keeler
f941583fc0
bug 1194013 - convert test_name_constraints.js to generate certificates at build time r=Cykesiopka,mgoodwin
2015-08-11 16:40:38 -07:00
Ryan VanderMeulen
92b3e3e9e6
Merge inbound to m-c. a=merge
2015-08-23 17:18:36 -04:00
Fabrice Desré
3b797ad0ab
Bug 1196988 - Remove THA support. r=gwagner
2015-08-21 10:00:54 -07:00
Jonathan Griffin
75b23850e3
Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester
2015-08-18 11:26:14 -07:00
Kai Engert
1fd2102b9b
Bug 1194135, set NSS version to final 3.20 tag, no code change, DONTBUILD
2015-08-19 18:41:53 +02:00
Wes Kocher
a8fded37cd
Backed out changeset 688775a8227f (bug 1136892) for mass bustage prompting a CLOSED TREE
2015-08-18 11:58:05 -07:00
Christoph Kerschbaumer
301815979b
Bug 1195606
- Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking)
2015-08-18 09:54:09 -07:00
Mark Goodwin
29cc9f37d3
Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)
2015-08-21 15:14:08 +01:00
Mike Hommey
f041201fd5
Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
2015-08-21 15:27:22 +09:00
Mike Hommey
6bd3004c10
Backout changesets af1b36497559 and 1d52ab626597 (bug 1189891) for pkix bustage
2015-08-21 15:05:38 +09:00
Mike Hommey
22a71eae08
Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
2015-08-21 14:29:19 +09:00
Ben Hearsum
c5230b8f2e
bug 1116409: switch update server to sha2 cert; update in-tree pinning. r=rstrong,snorp,mfinkle,dkeeler
2015-08-20 17:50:51 -04:00
Cykesiopka
a972c44150
Bug 1195615 - Log a web console warning when a HPKP header is ignored due to a non-built in root cert. r=keeler
2015-08-20 14:33:29 -07:00
Jonathan Griffin
27f1926ee5
Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester
2015-08-18 11:26:14 -07:00
Arnaud Bienner
5f922f1572
Bug 1190086 - Use new String::Contains(char) method more widely r=froydnj
2015-08-14 00:49:15 +02:00
David Keeler
c5ef778579
bug 1190603 - rename prime256v1 to secp256r1 in test_keysize.js to reduce confusion r=Cykesiopka
...
OpenSSL refers to the curve in question as 'prime256v1', but rfc 5480,
mozilla::pkix, and the test framework refer to it as secp256r1, so we
should be consistent.
2015-08-05 13:39:11 -07:00
David Keeler
a43f0cbb4c
bug 1190603 - convert test_keysize.js to generate certificates at build time r=Cykesiopka
2015-08-03 17:02:58 -07:00
Aryeh Gregor
d3cb7c0037
Bug 1193298 - Part 2: Use .get() to convert from RefPtr to raw pointer. r=froydnj
2015-08-11 06:45:00 -04:00
Jed Davis
aebeff26fc
Bug 1004011 - Support SECCOMP_FILTER_FLAG_TSYNC if available. r=kang
2015-08-11 16:30:00 -04:00
Tanvi Vyas
de349986d1
Bug 1182551 - Updating nsSecureBrowserUIImpl so that insecure pages with mixed content iframes don't get marked as broken. r=keeler
2015-08-13 17:13:48 -07:00
Kai Engert
e43d71303d
Bug 1194135, Update Mozilla to NSS 3.20, r=mt
2015-08-13 11:31:23 +02:00
Nathan Froyd
c233b96243
Bug 1193021 - clean up reference-counting in security/; r=keeler
2015-07-01 13:10:53 -04:00