wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
243,267 Commits 1 Branch 166 Tags 1.2 GiB
1e32ed323a
Commit Graph

2278 Commits

Author SHA1 Message Date
Nicholas Nethercote
09156539d5 Bug 1131901 (part 1) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj. 
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.
 2015-02-02 14:48:58 -08:00
Cykesiopka
a8c28fda0e Bug 1130405 - Remove unused pippki strings. r=jcj 2015-02-11 05:08:00 -05:00
Cykesiopka
54328342f6 Bug 1130402 - Make use of currently unused certManager.dtd access key strings. r=jcj 2015-02-07 01:16:00 -05:00
Cykesiopka
f0e176336b Bug 1131475 - Make sure reference to "unable_to_toggle_fips" bundle key is in the correct case. r=jcj 2015-02-11 05:05:00 -05:00
Andrew McCreight
c946357872 Bug 1131199, part 2 - Make PLDHashtInitEntry infallible. r=froydnj 
Also, drop the unused table argument.
 2015-02-11 09:46:40 -08:00
Andrew McCreight
55eaced49c Bug 1131199, part 1 - Allocation of CompareCacheHashEntryPtr::entry is infallible. r=froydnj 2015-02-11 09:46:40 -08:00
Nicholas Nethercote
a3bfc736ba Back out changesets 2fcef6b54be7, 2be07829fefc, 66dfe37b8532, df3fcd2be8fd, 0a436bce77a6 (bug 1050035) for causing intermittent crashes and assertion failures. 2015-02-10 14:39:49 -08:00
Brian Smith
70541ae471 Bug 1122841, Part 2: Centralize checking of public key, r=keeler 2015-02-02 16:17:08 -08:00
Masatoshi Kimura
3b7544e51a Bug 1124039 - Enable RC4 only if ClientHelloVersion <= TLS 1.0. r=keeler 2015-02-10 22:29:51 +09:00
Cykesiopka
646544ea00 Bug 897690 - Remove misleading error message from AppendErrorTextUntrusted. r=dkeeler 2015-02-09 03:50:00 +01:00
Nicholas Nethercote
ee41df7dc2 Bug 1127201 (attempt 2, part 1) - Replace most NS_ABORT_IF_FALSE calls with MOZ_ASSERT. r=Waldo. 2015-02-09 14:34:50 -08:00
Masatoshi Kimura
0e792b8d54 Bug 1126413 - Part 2: UI changes to display security info on broken secure pages. r=dolske 2015-02-10 04:16:23 +09:00
Masatoshi Kimura
0240561b0a Bug 1126413 - Part 1: Expose nsISSLStatus for broken secure pages. r=keeler 2015-02-10 04:16:22 +09:00
Phil Ringnalda
a7795990b2 Merge m-i to m-c, a=merge 2015-02-07 08:45:54 -08:00
ffxbld
0568e7e728 No bug, Automated HPKP preload list update from host bld-linux64-spot-075 - a=hpkp-update 2015-02-07 03:24:40 -08:00
ffxbld
7680059999 No bug, Automated HSTS preload list update from host bld-linux64-spot-075 - a=hsts-update 2015-02-07 03:24:38 -08:00
Nicholas Nethercote
0a02b5d31c Bug 1127201 (part 2) - Convert all NS_ABORT_IF_FALSE calls to MOZ_ASSERT. r=Waldo. 2015-02-04 20:05:36 -08:00
Masatoshi Kimura
5febeecdfb Bug 1128763 - Do insecure fallback after PR_CONNECT_RESET_ERROR for whitelisted sites only. r=keeler 2015-02-05 22:02:32 +09:00
Masatoshi Kimura
a082706cfe Bug 1116891 - Do fallback with RC4 cipher suites after PR_CONNECT_RESET_ERROR. r=bsmith 2015-02-05 22:02:31 +09:00
Masatoshi Kimura
aed319520c Bug 1127285 - Remove unused fallback reasons. r=keeler 2015-02-05 22:02:31 +09:00
Cykesiopka
ca5babd898 Bug 1128917 - Replace getp12password.xul with a call to nsIPromptService::PromptPassword(). r=keeler 2015-02-05 03:28:00 +01:00
Masatoshi Kimura
b6814beac2 Bug 1128227 - Add a static TLS insecure fallback whitelist. r=keeler 2015-02-07 13:03:23 +09:00
TheKK
cd4a17333c Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz 2015-01-23 06:17:00 +01:00
Nicholas Nethercote
a40419dc43 Bug 1050035 (part 4) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj. 
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.
 2015-02-02 14:48:58 -08:00
Nicholas Nethercote
a5bbfabc46 Bug 1050035 (part 2) - Remove the fallible version of PL_DHashTableInit(). r=froydnj,mrbkap. 
Because it's no longer needed now that entry storage isn't allocated there.
(The other possible causes of failures are much less interesting and simply
crashing is a reasonable thing to do for them.)

This also makes PL_DNewHashTable() infallible.
 2015-02-01 20:19:08 -08:00
David Keeler
cab7fd2d3e bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa 
As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
 2015-01-15 11:01:10 -08:00
Cykesiopka
b120add5d7 Bug 78808 - Enable Cert Manager buttons only when they would have an effect. Original patch by Scott Johnson. r=keeler 2015-01-31 14:20:00 +01:00
Mike Hommey
50e6916b40 Bug 1126593 - Add a global fallible instance, so that using fallible works directly, everywhere. r=njn 2015-02-02 09:56:13 +09:00
Andrew McCreight
1ee96e7527 Back out Bug 1127201 (part 2) for various problems. 2015-02-06 15:04:32 -08:00
Cykesiopka
6af3b3a232 Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler 2015-02-06 11:18:20 -08:00
Cykesiopka
b6900ab73a Bug 968560 - Add missing Not-Yet-Valid cert override tests. r=dkeeler 2015-02-06 11:18:04 -08:00
Phil Ringnalda
56b992da90 Merge m-c to m-i 2015-01-31 09:13:30 -08:00
Masatoshi Kimura
96a8248e48 backout 3d4d4a91f29a (bug 1102632) as some web pages can no longer connect without enabling SSLv3 2015-01-31 22:16:48 +09:00
ffxbld
a691b83b24 No bug, Automated HPKP preload list update from host bld-linux64-spot-015 - a=hpkp-update 2015-01-31 03:38:09 -08:00
ffxbld
f5b851b52b No bug, Automated HSTS preload list update from host bld-linux64-spot-015 - a=hsts-update 2015-01-31 03:38:07 -08:00
Wes Kocher
50b90fbd84 Merge fx-team to m-c a=merge CLOSED TREE 2015-01-29 15:27:17 -08:00
Masatoshi Kimura
90c7a6b8f8 Bug 1123020 - Remove options to allow unrestricted renegotiation. r=keeler 2015-01-29 21:04:26 +09:00
Gijs Kruitbosch
dbac71f391 Bug 1126675 - indicate missing issuerName or subjectName as empty string, r=keeler 2015-01-28 15:42:41 +00:00
David Keeler
289800a028 backout cd0ec3afca5a (bug 832837) for mochitest bustage 2015-01-30 11:25:24 -08:00
David Keeler
5108f641ee bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa 
As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
 2015-01-15 11:01:10 -08:00
Masatoshi Kimura
65d35ee16e Bug 1114816 - Implement TLS intolerance fallback whitelist. r=keeler 2015-01-29 03:52:42 +09:00
Cykesiopka
ecefbade12 Bug 1125478 - Refactor and clean up key size test files. r=keeler 2015-01-27 22:11:00 +01:00
Nicholas Nethercote
d761b24aaf Bug 1124973 (part 2) - Introduce PL_DHashTableSearch(), and replace most PL_DHashTableLookup() calls with it. r=froydnj. 
It feels safer to use a function with a new name, rather than just changing the
behaviour of the existing function.

For most of these cases the PL_DHashTableLookup() result was checked with
PL_DHASH_ENTRY_IS_{FREE,BUSY} so the conversion was easy. A few of them
preceded that check with a useless null check, but the intent of these was
still easy to determine.

I'll do the trickier ones in subsequent patches.
 2015-01-22 21:06:55 -08:00
David Keeler
d043f815ec bug 1125503 - when canonicalizing hostnames, check string length before calling Last() r=mmc 2015-01-26 12:47:50 -08:00
Cykesiopka
5167ffd003 Bug 691148 - Remove unused strings from pipnss.properties. r=keeler 2015-01-26 21:30:00 +01:00
Chris Peterson
bd3e661f2d Bug 1125592 - Fix -Wmaybe-uninitialized warning in security/manager/ssl/src/nsNSSASN1Object.cpp. r=dkeeler 2015-01-23 22:58:43 -08:00
Phil Ringnalda
0df0968ebe Merge m-i to m-c, a=merge 2015-01-24 08:27:17 -08:00
ffxbld
2a36acca4c No bug, Automated HPKP preload list update from host bld-linux64-spot-127 - a=hpkp-update 2015-01-24 03:27:50 -08:00
ffxbld
5346825c50 No bug, Automated HSTS preload list update from host bld-linux64-spot-127 - a=hsts-update 2015-01-24 03:27:48 -08:00
Cykesiopka
e1b3097b36 Bug 1077790 - Tests. r=keeler 2015-01-22 13:50:06 -08:00
David Keeler
d57bb36810 bug 1114882 - allow nsICryptoHash to be used in a content process r=mayhemer 2015-01-16 11:59:25 -08:00
Wes Kocher
f2fccc7054 Backed out changeset 7811ebf7e321 (bug 1114882) for Android S4 orange on a CLOSED TREE 2015-01-21 17:24:36 -08:00
Raymond Etornam Agbeame(:retornam)
c744e27855 Bug 1109235 - remove nsIStreamCipher and implementation r=keeler 2015-01-22 16:02:30 -08:00
David Keeler
b115436002 bug 1114882 - allow nsICryptoHash to be used in a content process r=mayhemer 2015-01-16 11:59:25 -08:00
Ryan VanderMeulen
ab5614b717 Merge inbound to m-c. a=merge 2015-01-20 22:12:46 -05:00
ffxbld
f16b272dc6 No bug, Automated HPKP preload list update from host bld-linux64-spot-1001 - a=hpkp-update 2015-01-20 15:17:19 -08:00
ffxbld
57179e1be6 No bug, Automated HSTS preload list update from host bld-linux64-spot-1001 - a=hsts-update 2015-01-20 15:17:17 -08:00
Nicholas Nethercote
9a918a72c0 Bug 1123151 (part 2) - Add PLDHashTable::IsInitialized(). r=froydnj. 
This encapsulates most of the uses of PLDHashTable::ops.
 2015-01-19 16:11:34 -08:00
Nicholas Nethercote
fa52a2c4c9 Bug 1123151 (part 1) - Set PLDHashTable::ops consistently. r=froydnj. 
Currently the setting of PLDHashTable::ops is very haphazard.

- PLDHashTable has no constructor, so it's not auto-nulled, so lots of places
  null it themselves.

- In the fallible PLDHashTable::Init() function, if the entry storage
  allocation fails we'll be left with a table that has |ops| set -- indicating
  it's been initialized -- but has null entry storage. I'm not certain this can
  cause problems but it feels unsafe, and some (but not all) callers of Init()
  null it on failure.

- PLDHashTable does not null |ops| in Finish(), so some (but not all) callers
  do this themselves.

This patch makes things simpler.

- It adds a constructor that zeroes |ops|.

- It modifies Init() so that it only sets |ops| once success is ensured.

- It zeroes |ops| in Finish().

- Finally, it removes all the now-unnecessary |ops| nulling done by the users
  of PLDHashTable.
 2015-01-19 16:01:24 -08:00
David Keeler
0b57449e27 bug 1123374 - fix CertBlocklist initialization when revocations.txt does not exist r=mgoodwin 2015-01-20 10:18:29 -08:00
Masatoshi Kimura
0846c8ac1d Bug 1120393 - unittest to ensure nsITransportSecurityInfo.errorCode is correctly serialized. r=keeler 2015-01-16 21:48:38 +09:00
Masatoshi Kimura
3ec67da41d Bug 1120393 - Serialize/deserialize nsITransportSecurity.errorCode. r=keeler 2015-01-16 21:48:38 +09:00
Birunthan Mohanathas
a2efd69daa Bug 1060696 - Remove NS_INIT_ISUPPORTS. r=froydnj 2015-01-16 07:34:46 +02:00
Nicholas Nethercote
14f46aac14 Bug 1121304 (part 2, attempt 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj. 2015-01-14 14:35:56 -08:00
Phil Ringnalda
cb85f01b15 Backed out 2 changesets (bug 1121304) for consistent b2g hangs in webgl-color-test.html?frame=1&__&preserve&premult&_____ 
Backed out changeset 20651ac19549 (bug 1121304)
Backed out changeset 758afec77c95 (bug 1121304)
 2015-01-14 22:02:23 -08:00
Nicholas Nethercote
60d7115c86 Bug 1121304 (part 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj. 2015-01-14 14:35:56 -08:00
Nicholas Nethercote
c4c1173204 Bug 1120476 (part 4) - Remove PLDHashTableOps::finalize. r=froydnj. 2015-01-13 19:02:35 -08:00
Nicholas Nethercote
7c92773a6f Bug 1120476 (part 3) - Remove PLDHashTable::data. r=froydnj. 2015-01-13 16:42:13 -08:00
Brian Smith
a55759cd92 Bug 1115906, Part 2: Annotate classes and member functions with override and final, r=keeler 2015-01-13 16:54:10 -08:00
Brian Smith
8c8b82fc94 Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler 2015-01-07 14:53:11 -08:00
Mike Hommey
09eca4aa01 Bug 1120937 - Properly initialize the session field from C_OpenSession in the PKCS#11 test module. r=dkeeler 2015-01-14 15:18:50 +09:00
Cykesiopka
8a1c12356d Bug 1120098 - Re-enable test_ocsp_timeout.js on Windows. r=dkeeler 2015-01-10 08:41:00 +01:00
Steve Singer
b596b7d1fe Bug 1120125 - Fix compile error on big endian platforms. r=keeler 2015-01-10 14:31:00 +01:00
David Keeler
b03e9b919f bug 1065909 - canonicalize hostnames in nsSiteSecurityService and PublicKeyPinningService r=mmc 2015-01-09 09:46:05 -08:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
02a6ae6ff4 Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 06:08:00 +01:00
Ehsan Akhgari
bd52bd3f4e Bug 1118486 - Part 1: Use = delete instead of MOZ_DELETE directly; r=Waldo 
Most of this patch (with the exception of dom/bindings/Codegen.py) was
generated by the following bash script:

#!/bin/bash

function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
       ! -wholename "*security/nss*" \
       ! -wholename "*/.hg*" \
       ! -wholename "*/.git*" \
       ! -wholename "obj-*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_DELETE '= delete'
 2015-01-08 23:19:05 -05:00
David Keeler
98173efa0b bug 1101194 - follow-up to fix bustage in TestCertDB r=bustage on a CLOSED TREE 
Turns out there was a code path that resulted in attempting to acquire a lock
on the DataStorage mutex when one had already been acquired, resulting in
deadlock. This fixes it.
 2015-01-08 10:56:07 -08:00
David Keeler
fd61efce36 bug 1101194 - add telemetry for DataStorage table size r=mgoodwin 2015-01-07 13:23:07 -08:00
Cykesiopka
a7c74a8344 Bug 989485 - Split test_cert_eku.js into multiple files to avoid time outs. r=keeler 2015-01-08 01:15:00 -05:00
Michael Pruett
c1d94593ae Bug 1118024 - Use new PL_DHashTable{Add,Lookup,Remove} functions. r=nfroyd 2015-01-05 20:27:28 -06:00
David Keeler
b5e27bf11e bug 1114741 - have nsRandomGenerator guard against NSS shutdown r=jcj 
nsRandomGenerator uses NSS resources but does not prevent against NSS shutting
down while doing so. To fix this, nsRandomGenerator must implement
nsNSSShutDownObject.
 2015-01-05 16:11:26 -08:00
Ehsan Akhgari
ae3cd2efdb Bug 1116559 - Remove the code to handle shutdown-cleanse from the cert override service code; r=keeler 
shutdown-cleanse has not been a thing for quite a while.
 2015-01-05 21:01:27 -05:00
Andrew Bartlett
c89715476a Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler 
NTLMv2 is the default.

This adds a new preference:
network.ntlm.force-generic-ntlm-v1

This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.

To support this, we also:
 - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"

 - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"

 - Remove LM code from internal NTLM handler

   The LM response should essentially never be sent, the last practical
   use case was CIFS connections to Windows 9X, I have never seen a web
   server that could only do LM

   It is removed before the NTLMv2 work is done so as to avoid having 3
   possible states here (LM, NTLM, NTLMv2) to control via preferences.

Developed with Garming Sam <garming@catalyst.net.nz>
 2014-12-22 15:55:00 -05:00
Phil Ringnalda
6c4fc4e249 Merge m-i to m-c, a=merge 2015-01-03 20:02:33 -08:00
ffxbld
2ec8f6a06a No bug, Automated HPKP preload list update from host bld-linux64-spot-100 - a=hpkp-update 2015-01-03 03:20:27 -08:00
ffxbld
f18bb21ede No bug, Automated HSTS preload list update from host bld-linux64-spot-100 - a=hsts-update 2015-01-03 03:20:25 -08:00
David Erceg
8927ea5bc7 Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler 2014-12-22 20:26:49 +11:00
Ehsan Akhgari
a5a4deacc5 Bug 1115076 - Wait for about:privatebrowsing to load in test_sts_privatebrowsing_perwindowpb.html; r=jdm 2014-12-31 09:32:03 -05:00
Ehsan Akhgari
c30ba4c1d7 Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith 2015-01-02 09:02:04 -05:00
ffxbld
9eff036676 No bug, Automated HPKP preload list update from host b-linux64-ix-0002 - a=hpkp-update 2014-12-27 03:21:29 -08:00
ffxbld
6cc4f9e5fd No bug, Automated HSTS preload list update from host b-linux64-ix-0002 - a=hsts-update 2014-12-27 03:21:25 -08:00
Tom Schuster
7c4bae7af7 Bug 1110835 - Simplify some code nsSecureBrowserUIImpl around UpdateSecurityState. r=keeler 2014-12-25 21:31:11 +01:00
Masatoshi Kimura
507586aa3c Bug 1114295 - Remove the dead pref for TLS_DHE_DSS_WITH_AES_128_CBC_SHA. r=keeler 2014-12-24 22:21:12 +09:00
Tom Schuster
95cbfb29c4 Bug 764496 - Make EV detection work in content processes. r=keeler,kanru 2014-12-24 14:04:24 +01:00
Carsten "Tomcat" Book
10610f2aef Backed out changeset 8fd0df8e208c (bug 423758) for bustage 2014-12-22 09:05:34 +01:00
Andrew Bartlett
7c4547c771 Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler 
NTLMv2 is the default.

This adds a new preference:
network.ntlm.force-generic-ntlm-v1

This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.

To support this, we also:
 - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"

 - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"

 - Remove LM code from internal NTLM handler

   The LM response should essentially never be sent, the last practical
   use case was CIFS connections to Windows 9X, I have never seen a web
   server that could only do LM

   It is removed before the NTLMv2 work is done so as to avoid having 3
   possible states here (LM, NTLM, NTLMv2) to control via preferences.

Developed with Garming Sam <garming@catalyst.net.nz>
 2014-12-18 17:25:00 +01:00
Phil Ringnalda
47c63e05f9 Merge m-c to m-i 
--HG--
extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e
 2014-12-20 12:19:27 -08:00
ffxbld
a95f358b50 No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update 2014-12-20 03:20:57 -08:00
ffxbld
4d39a09cfa No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update 2014-12-20 03:20:56 -08:00
Michael Wu
f5bfa94c08 Bug 1103816 - Add support for gonk-L to android_stub.h, r=glandium 2014-12-16 21:35:09 -05:00
Blake Kaplan
d3bf06c398 Bug 1113313 - Rename these functions to better reflect what they do. r=billm 
--HG--
extra : rebase_source : ae61b3dd6dd5ce50a131a640060d7be57e562e4d
 2014-12-19 12:07:04 -05:00
Brian Smith
7ba9cd2249 Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler 
--HG--
extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea
 2014-12-15 20:49:42 -08:00
Brian Smith
f6f98ab137 Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab
 2014-12-04 20:55:15 -08:00
Brian Smith
d5f76e041e Bug 1111397, Part 2: Remove test_bug484111.html, r=keeler 
--HG--
extra : rebase_source : 56617ea82e9028295203173d1ea5e6ccfdbf9722
 2014-12-14 21:51:26 -08:00
Brian Smith
4c07ad4887 Bug 952863, Part 2: Remove dead code for non-ECDHE TLS False Start, r=keeler 
--HG--
extra : rebase_source : 47ee95682f769b8e10aaf55b0f4fccfef1fcdea0
 2014-12-10 10:13:18 -08:00
Nathan Froyd
2d3c1a8560 Bug 1112608 - use GENERATED_INCLUDES in security/manager/{boot,pki}/src/; r=mshal 
The sole use of Makefile.in in the security/manager/{boot,pki}/src/
directories is so we can add $(DIST)/public/nss to INCLUDES.
GENERATED_INCLUDES can be used to handle this case instead, at the cost
of hardcoding the path to $(DIST).  This seems reasonable enough, since
a number of moz.build files already know about dist/ and its location
within the objdir.
 2014-12-17 11:02:19 -05:00
Brian Smith
9737598e7c Bug 952863, Part 1: Require ECDHE for TLS False Start, r=keeler 
--HG--
extra : rebase_source : d983e440de5be7c097a3e0f4afe0de805c540919
 2014-12-12 11:39:01 -08:00
Masatoshi Kimura
6edff5968f Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus 2014-12-13 20:09:01 +09:00
Brian Smith
36a90ed8ee Bug 1084025, Part 3: Clean up some bits, r=keeler, r=emk 
--HG--
extra : rebase_source : 7aa1de4e9c391bf3e3cd5df79c62fff4546a8c67
 2014-12-12 16:42:41 -08:00
Brian Smith
ddd90fc492 Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler 
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
 2014-12-11 23:22:35 -08:00
Monica Chew
926900820d Bug 1101969: Disable pinning on media.mozilla.com (r=keeler) 2014-12-12 09:10:57 -08:00
Monica Chew
1c63529d8f Bug 1004781: Enable pinning for facebook in production mode (r=keeler) 2014-12-12 09:10:53 -08:00
Brian Smith
a7a7679e74 Bug 940787: Stop requiring ALPN/NPN for False Start, r=keeler 
--HG--
extra : rebase_source : f8946e1fc631f2458807a559104a1dca01f444ac
 2014-12-10 10:50:48 -08:00
Brian Smith
3612b61bdf Bug 1109766: Require AES-GCM for TLS False Start, r=keeler 
--HG--
extra : rebase_source : 8370c628863e644131ed1fbe6b8e49b5dc1215dc
 2014-12-10 10:19:00 -08:00
Brian Smith
08f28ca9b5 Bug 861310: Require TLS 1.2 for TLS False Start, r=keeler 
--HG--
extra : rebase_source : d4bb253a84270c84acdf7ed4f84bc0186231e521
 2014-12-10 10:04:45 -08:00
Cykesiopka
f4adc3137f Bug 1109252 - Make remaining PSM test cert generation scripts print out cert information as necessary. r=keeler 2014-12-10 21:32:00 +01:00
Cykesiopka
43c4cab0c6 Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler 2014-12-09 12:07:00 -05:00
Cykesiopka
8df09bdcf2 Bug 978426 - Re-enable test_sts_preloadlist_perwindowpb.js on B2G. r=dkeeler 2014-12-09 11:37:00 +01:00
Brian Smith
4f0b5d793a Bug 1107787: Disable TLS_DHE_DSS_WITH_AES_128_CBC_SHA, r=keeler 
--HG--
extra : rebase_source : 063d859c69adc8deba9d1842f4bd42a9b862bbe5
 2014-12-04 19:50:58 -08:00
Brian Smith
eb97a4eb5a Bug 1037098: Remove preferences for cipher suites disabled in bug 1036765, r=keeler 
--HG--
extra : rebase_source : b033bea062c8cafecd93830fa54f4cf184fa28df
 2014-12-04 19:47:17 -08:00
Ryan VanderMeulen
05d42674b2 Backed out changesets fb903f13f215, 9c5c712698e4, and 36d257ead3da (bug 1092835) for causing test_csp_allow_https_schemes.html permafail on Android 2.3. 
CLOSED TREE
 2014-12-09 14:00:47 -05:00
Masatoshi Kimura
c669e4c53f Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus 2014-12-10 00:54:06 +09:00
Masatoshi Kimura
7bbfc6348c Bug 1093724 - Add a range check to the TLS version prefs loading code. r=keeler 2014-12-09 21:48:29 +09:00
Masatoshi Kimura
5f2852c277 Bug 1084025 - Add telemetry to measure failures due to not falling back. r=keeler 2014-12-09 07:19:05 +09:00
Carsten "Tomcat" Book
ad27337e2a merge mozilla-inbound to mozilla-central a=merge 2014-12-08 12:48:58 +01:00
ffxbld
d25b6bf01d No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update 2014-12-06 03:20:43 -08:00
ffxbld
f4ba31b941 No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update 2014-12-06 03:20:41 -08:00
Cykesiopka
f885b51be2 Bug 1085074 - Part 3 - Update inadequately sized Delegated Signer cert. r=briansmith 2014-12-07 20:42:00 +01:00
Cykesiopka
5353aea9a4 Bug 1085074 - Part 2 - Use explicit bit sizes for key size cert file names. r=briansmith 2014-12-07 20:41:00 +01:00
Cykesiopka
10ea8d764d Bug 1085074 - Part 1 - Use adequate/OK and inadequate/notOK to refer to sizes for key size tests. r=briansmith 2014-12-07 20:23:00 +01:00
Cykesiopka
c246745fc5 Bug 1009158 - Fix and re-enable PSM xpcshell tests that would previously time out on Android due to LD_LIBRARY_PATH issues. r=keeler 2014-12-03 09:15:00 +01:00
Masatoshi Kimura
b15a7ac118 Bug 1102632 - Stop triggering non-secure fallback for SSL_ERROR_UNSUPPORTED_VERSION. r=keeler 2014-12-02 20:33:24 +09:00
Jan Beich
7614ac358a Bug 1105851 - Unbreak non-unified non-SPS build after 1054498. r=jcj 2014-11-30 21:27:45 +01:00
ffxbld
8256862b03 No bug, Automated HPKP preload list update from host b-linux64-ix-0005 - a=hpkp-update 2014-11-29 03:19:59 -08:00
ffxbld
64ebeeaadb No bug, Automated HSTS preload list update from host b-linux64-ix-0005 - a=hsts-update 2014-11-29 03:19:56 -08:00
Carsten "Tomcat" Book
50164ea992 Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage 2014-11-27 16:30:41 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
614a479757 Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused 2014-11-27 04:12:00 +01:00
Masatoshi Kimura
ca37b76217 Bug 1092998 - Followup to address review comments. r=keeler 2014-11-27 21:39:33 +09:00
Blake Kaplan
acc1904cd3 Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-26 14:28:28 -08:00
Masatoshi Kimura
686218a47c Bug 1092998 - Deal with "cipher mismatch intolerant" servers. r=keeler 2014-11-27 07:19:11 +09:00
Cykesiopka
48f2c9d1de Bug 1103336 - Fix and re-enable PSM xpcshell tests that don't use add_tls_server_setup() on Android. r=dkeeler 2014-11-22 00:08:00 +01:00
Richard Barnes
bec314ca7d Bug 968817 - Only accept certs for server TLS which use EKU (and which assert the TLS Server Authentication EKU) r=keeler 2014-11-24 20:33:50 -05:00
Richard Barnes
6ecf105112 Bug 1088255 - Collect telemetry on CAs that appear in valid cert chains r=keeler 2014-11-07 16:26:46 -05:00
ffxbld
43ebc0b81a No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update 2014-11-22 03:19:44 -08:00
ffxbld
697badb259 No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update 2014-11-22 03:19:41 -08:00
David Keeler
c637dcccd7 bug 1091232 - update PSM data structures that are affected by root CA changes r=mmc 2014-11-18 16:41:18 -08:00
Cykesiopka
364fdddd4b Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler 2014-11-17 21:12:00 +01:00
Monica Chew
a50d73f349 Bug 1092606: Filter out duplicate pinsets as well as domains (r=keeler) 2014-11-17 12:54:42 -08:00
Cykesiopka
169234c9f2 Bug 1084606 - Allow overrides for MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE. r=dkeeler 2014-11-11 00:59:00 +01:00
Gregory Szorc
fc49af35ef Merge inbound to m-c; a=merge 
--HG--
extra : amend_source : 2e89bf359e356566aee6b04bb864979539e1c90d
 2014-11-15 13:57:08 -08:00
ffxbld
e0393c1572 No bug, Automated HPKP preload list update from host b-linux64-ix-0011 - a=hpkp-update 2014-11-15 03:21:19 -08:00
ffxbld
a5a71a3a65 No bug, Automated HSTS preload list update from host b-linux64-ix-0011 - a=hsts-update 2014-11-15 03:21:16 -08:00
David Keeler
e22ff7388d bug 940994 - follow-up to fix some issues that were missed in review r=mmc 2014-11-14 16:46:23 -08:00
Monica Chew
5a029358aa Bug 1098288: Enable pinning on spideroak (r=keeler) 2014-11-14 11:17:40 -08:00
Cykesiopka
9415acbacf Bug 1057035 - Fix terminology used in the certificate exception dialog. r=keeler 2014-10-27 21:06:00 -04:00
Masatoshi Kimura
aa8411b8a7 Bug 1093595 - Change strings to add a description about weak encryption. r=dolske 2014-11-11 07:29:44 +09:00
Masatoshi Kimura
afe67213d6 Bug 1093595 - Treat SSL3 and RC4 as broken. r=keeler 2014-11-11 07:29:44 +09:00
Carsten "Tomcat" Book
1d9d0ab094 merge mozilla-inbound to mozilla-central a=merge 2014-11-10 14:24:51 +01:00
ffxbld
c47a5e7e72 No bug, Automated HPKP preload list update from host bld-linux64-spot-144 - a=hpkp-update 2014-11-08 03:20:20 -08:00
ffxbld
d3c9b77c3e No bug, Automated HSTS preload list update from host bld-linux64-spot-144 - a=hsts-update 2014-11-08 03:20:17 -08:00
Monica Chew
9213772797 Bug 1030135: Promote pin for services.mozilla.com to production mode (r=keeler) 2014-11-07 12:00:50 -08:00
Shashank Sabniveesu
417a6677dd Bug 940994 - Adding '.p7b' to 'known file types' list of 'Certificate Manager'. r=keeler 2014-10-07 14:30:00 +02:00
Chris Peterson
3cc7f37dce Bug 1095926 - Fix -Wcomment warning in OCSP test and mark some OCSP tests as FAIL_ON_WARNINGS. r=briansmith 2014-10-11 20:13:45 -07:00
Michael Ratcliffe
a82f5ad5b7 Bug 1090913 - Make mochitests fail when it has 0 passes and 0 fails r=jmaher 2014-11-05 16:00:52 +00:00
David Keeler
300db0692c bug 1039642 - follow-up to fix non-unified build bustage (missing include and namespace) r=bustage a=metered 2014-11-06 14:23:21 -08:00
David Keeler
845d78bfd2 bug 1039642 - clean up the implementation of nsPkcs11 for style and safety r=jcj r=mmc a=metered 2014-11-05 14:05:46 -08:00
David Keeler
5566eb0f2e bug 1039642 - test that smart card events are no longer emitted after removing a PKCS#11 module r=jcj r=mmc a=metered 
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js => security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
 2014-11-05 13:54:21 -08:00
David Keeler
036550c543 bug 1039642 - stop PKCS#11 module threads before deleting them r=jcj r=mmc a=metered 2014-11-05 13:53:28 -08:00
Dragana Damjanovic
3899655299 Bug 1087213 - Implenent bind function in nsNSSIOLayer. r=honza 2014-10-22 02:06:00 +02:00
Monica Chew
162feb18f0 Bug 1004781: Remove unnecessary cert for facebook (r=keeler) 2014-11-04 10:54:26 -08:00
Monica Chew
d7bbb7d49f Bug 1092606: Don't import Chromium pinsets for domains that are already in our list (r=keeler,jcj) 2014-11-04 10:53:52 -08:00
ffxbld
4789a66b33 No bug, Automated HPKP preload list update from host b-linux64-ix-0009 - a=hpkp-update 2014-11-01 03:19:47 -07:00
ffxbld
4fc941058a No bug, Automated HSTS preload list update from host b-linux64-ix-0009 - a=hsts-update 2014-11-01 03:19:44 -07:00
Garrett Robinson
e35ae3c8b0 Bug 846489 - Part 1 - Expose error code on TransportSecurityInfo. r=keeler 2014-10-30 12:50:00 +01:00
Carsten "Tomcat" Book
e42a610706 Backed out changeset 5fb2f4662098 (bug 846498) for wrong bug number in commit message 2014-10-31 10:03:53 +01:00
Masatoshi Kimura
a45afaca87 Bug 1088915 - Stop offering RC4 in the first handshakes. r=keeler 2014-10-22 01:11:29 +09:00
Masatoshi Kimura
9d20a17351 Bug 947149 - Remove useless and even misleading word and dead code. r=keeler, dolske 2014-10-30 15:22:00 +01:00
Garrett Robinson
e306036c5a Bug 846498 - Expose error code on TransportSecurityInfo. r=keeler 2014-10-30 12:50:00 +01:00
Brian Smith
8f74650db9 Reland Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler 
--HG--
extra : rebase_source : 3a5e3bc2e113035e9c88b571bac68f3dbe2c8f04
 2014-10-28 15:28:38 -07:00
Monica Chew
d3ab192815 Bug 1004781: Actually remove the pinset (r=keeler) 2014-10-30 16:21:09 -07:00
Monica Chew
a8f153ca18 Bug 1004781: Remove our pinset for facebook since it's in chromium now (r=keeler) 2014-10-30 16:14:19 -07:00
David Keeler
69bca53cc3 bug 1085509 - follow-up to include forgotten Telemetry.h header (non-unified build bustage) r=bustage 2014-10-30 13:12:01 -07:00
David Keeler
c2579f15fc bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj 2014-10-29 16:25:16 -07:00
David Keeler
d5194db4e6 bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc 2014-10-24 10:46:30 -07:00
Carsten "Tomcat" Book
19eb2582af Backed out changeset b4665be856d7 (bug 1089305) for frequent b2g/android xpcshell test failures 2014-10-30 15:26:02 +01:00
Cykesiopka
4c6894dd96 Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler 2014-10-29 11:09:00 +01:00
Martin Thomson
38ee78fb15 Bug 1088950 - Adding some testing. r=dkeeler 2014-10-27 17:48:00 +01:00
Martin Thomson
207b89547b Bug 1088950 - Fix handling of inappropriate_fallback alert. r=keeler 2014-10-27 17:47:00 +01:00
Mike Hommey
21ec48314e Bug 1077148 part 4 - Add and use new moz.build templates for Gecko programs and libraries. r=gps 
There are, sadly, many combinations of linkage in use throughout the tree.
The main differentiator, though, is between program/libraries related to
Gecko or not. Kind of. Some need mozglue, some don't. Some need dependent
linkage, some standalone.

Anyways, these new templates remove the need to manually define the
right dependencies against xpcomglue, nspr, mozalloc and mozglue
in most cases.

Places that build programs and were resetting MOZ_GLUE_PROGRAM_LDFLAGS
or that build libraries and were resetting MOZ_GLUE_LDFLAGS can now
just not use those Gecko-specific templates.
 2014-10-30 13:06:12 +09:00
Brian Smith
55f774a344 Back out cset 9b72d139e817 (Bug 1063281, Part 9) due to compatibility regressions on a CLOSED TREE, a=ryanvm 
--HG--
extra : rebase_source : cd9b43c3f66df3c5de337f2013fe61fae798b3ba
 2014-10-28 12:30:53 -07:00
Carsten "Tomcat" Book
ffea0ebdf8 Backed out changeset 50650e0f0edf (bug 1085509) for causing perma failure in win7 xperf 2014-10-28 14:10:38 +01:00
Carsten "Tomcat" Book
e6900d5f95 Backed out changeset b591ad43d53e (bug 1085509) 2014-10-28 14:09:44 +01:00
David Keeler
e4b1242898 bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj 2014-10-27 09:32:33 -07:00
David Keeler
a9dd52d60a bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc 2014-10-24 10:46:30 -07:00
ffxbld
a0de621feb No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update 2014-10-25 03:19:28 -07:00
ffxbld
e7a10649f0 No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update 2014-10-25 03:19:26 -07:00
Tom Schuster
0cece61bf9 Bug 886752 - Show TLS/SSL version in page info dialog. r=dao 2014-10-24 13:53:35 +02:00
Tom Schuster
86fd344b7d Bug 886752 - Add TLS version to SSLStatus and additional cleanup. r=keeler 2014-10-24 13:53:34 +02:00
Brian Smith
be86e7036f Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler 
--HG--
extra : rebase_source : 340eb682ba1f9dbd51652438433e7d0196494e1f
 2014-09-21 17:43:29 -07:00
David Keeler
8102e18fce backout f69fa3c13d1f (bug 1085509) for causing test_cert_overrides.js to fail 2014-10-23 11:50:17 -07:00