Nicholas Nethercote
09156539d5
Bug 1131901 (part 1) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj.
...
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.
2015-02-02 14:48:58 -08:00
Cykesiopka
a8c28fda0e
Bug 1130405 - Remove unused pippki strings. r=jcj
2015-02-11 05:08:00 -05:00
Cykesiopka
54328342f6
Bug 1130402 - Make use of currently unused certManager.dtd access key strings. r=jcj
2015-02-07 01:16:00 -05:00
Cykesiopka
f0e176336b
Bug 1131475 - Make sure reference to "unable_to_toggle_fips" bundle key is in the correct case. r=jcj
2015-02-11 05:05:00 -05:00
Andrew McCreight
c946357872
Bug 1131199, part 2 - Make PLDHashtInitEntry infallible. r=froydnj
...
Also, drop the unused table argument.
2015-02-11 09:46:40 -08:00
Andrew McCreight
55eaced49c
Bug 1131199, part 1 - Allocation of CompareCacheHashEntryPtr::entry is infallible. r=froydnj
2015-02-11 09:46:40 -08:00
Nicholas Nethercote
a3bfc736ba
Back out changesets 2fcef6b54be7, 2be07829fefc, 66dfe37b8532, df3fcd2be8fd, 0a436bce77a6 (bug 1050035) for causing intermittent crashes and assertion failures.
2015-02-10 14:39:49 -08:00
Brian Smith
70541ae471
Bug 1122841, Part 2: Centralize checking of public key, r=keeler
2015-02-02 16:17:08 -08:00
Masatoshi Kimura
3b7544e51a
Bug 1124039 - Enable RC4 only if ClientHelloVersion <= TLS 1.0. r=keeler
2015-02-10 22:29:51 +09:00
Cykesiopka
646544ea00
Bug 897690 - Remove misleading error message from AppendErrorTextUntrusted. r=dkeeler
2015-02-09 03:50:00 +01:00
Nicholas Nethercote
ee41df7dc2
Bug 1127201 (attempt 2, part 1) - Replace most NS_ABORT_IF_FALSE calls with MOZ_ASSERT. r=Waldo.
2015-02-09 14:34:50 -08:00
Masatoshi Kimura
0e792b8d54
Bug 1126413 - Part 2: UI changes to display security info on broken secure pages. r=dolske
2015-02-10 04:16:23 +09:00
Masatoshi Kimura
0240561b0a
Bug 1126413 - Part 1: Expose nsISSLStatus for broken secure pages. r=keeler
2015-02-10 04:16:22 +09:00
Phil Ringnalda
a7795990b2
Merge m-i to m-c, a=merge
2015-02-07 08:45:54 -08:00
ffxbld
0568e7e728
No bug, Automated HPKP preload list update from host bld-linux64-spot-075 - a=hpkp-update
2015-02-07 03:24:40 -08:00
ffxbld
7680059999
No bug, Automated HSTS preload list update from host bld-linux64-spot-075 - a=hsts-update
2015-02-07 03:24:38 -08:00
Nicholas Nethercote
0a02b5d31c
Bug 1127201 (part 2) - Convert all NS_ABORT_IF_FALSE calls to MOZ_ASSERT. r=Waldo.
2015-02-04 20:05:36 -08:00
Masatoshi Kimura
5febeecdfb
Bug 1128763 - Do insecure fallback after PR_CONNECT_RESET_ERROR for whitelisted sites only. r=keeler
2015-02-05 22:02:32 +09:00
Masatoshi Kimura
a082706cfe
Bug 1116891 - Do fallback with RC4 cipher suites after PR_CONNECT_RESET_ERROR. r=bsmith
2015-02-05 22:02:31 +09:00
Masatoshi Kimura
aed319520c
Bug 1127285 - Remove unused fallback reasons. r=keeler
2015-02-05 22:02:31 +09:00
Cykesiopka
ca5babd898
Bug 1128917 - Replace getp12password.xul with a call to nsIPromptService::PromptPassword(). r=keeler
2015-02-05 03:28:00 +01:00
Masatoshi Kimura
b6814beac2
Bug 1128227 - Add a static TLS insecure fallback whitelist. r=keeler
2015-02-07 13:03:23 +09:00
TheKK
cd4a17333c
Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz
2015-01-23 06:17:00 +01:00
Nicholas Nethercote
a40419dc43
Bug 1050035 (part 4) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj.
...
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.
2015-02-02 14:48:58 -08:00
Nicholas Nethercote
a5bbfabc46
Bug 1050035 (part 2) - Remove the fallible version of PL_DHashTableInit(). r=froydnj,mrbkap.
...
Because it's no longer needed now that entry storage isn't allocated there.
(The other possible causes of failures are much less interesting and simply
crashing is a reasonable thing to do for them.)
This also makes PL_DNewHashTable() infallible.
2015-02-01 20:19:08 -08:00
David Keeler
cab7fd2d3e
bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa
...
As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
2015-01-15 11:01:10 -08:00
Cykesiopka
b120add5d7
Bug 78808 - Enable Cert Manager buttons only when they would have an effect. Original patch by Scott Johnson. r=keeler
2015-01-31 14:20:00 +01:00
Mike Hommey
50e6916b40
Bug 1126593 - Add a global fallible instance, so that using fallible works directly, everywhere. r=njn
2015-02-02 09:56:13 +09:00
Andrew McCreight
1ee96e7527
Back out Bug 1127201 (part 2) for various problems.
2015-02-06 15:04:32 -08:00
Cykesiopka
6af3b3a232
Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler
2015-02-06 11:18:20 -08:00
Cykesiopka
b6900ab73a
Bug 968560 - Add missing Not-Yet-Valid cert override tests. r=dkeeler
2015-02-06 11:18:04 -08:00
Phil Ringnalda
56b992da90
Merge m-c to m-i
2015-01-31 09:13:30 -08:00
Masatoshi Kimura
96a8248e48
backout 3d4d4a91f29a (bug 1102632) as some web pages can no longer connect without enabling SSLv3
2015-01-31 22:16:48 +09:00
ffxbld
a691b83b24
No bug, Automated HPKP preload list update from host bld-linux64-spot-015 - a=hpkp-update
2015-01-31 03:38:09 -08:00
ffxbld
f5b851b52b
No bug, Automated HSTS preload list update from host bld-linux64-spot-015 - a=hsts-update
2015-01-31 03:38:07 -08:00
Wes Kocher
50b90fbd84
Merge fx-team to m-c a=merge CLOSED TREE
2015-01-29 15:27:17 -08:00
Masatoshi Kimura
90c7a6b8f8
Bug 1123020 - Remove options to allow unrestricted renegotiation. r=keeler
2015-01-29 21:04:26 +09:00
Gijs Kruitbosch
dbac71f391
Bug 1126675 - indicate missing issuerName or subjectName as empty string, r=keeler
2015-01-28 15:42:41 +00:00
David Keeler
289800a028
backout cd0ec3afca5a (bug 832837) for mochitest bustage
2015-01-30 11:25:24 -08:00
David Keeler
5108f641ee
bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa
...
As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
2015-01-15 11:01:10 -08:00
Masatoshi Kimura
65d35ee16e
Bug 1114816 - Implement TLS intolerance fallback whitelist. r=keeler
2015-01-29 03:52:42 +09:00
Cykesiopka
ecefbade12
Bug 1125478 - Refactor and clean up key size test files. r=keeler
2015-01-27 22:11:00 +01:00
Nicholas Nethercote
d761b24aaf
Bug 1124973 (part 2) - Introduce PL_DHashTableSearch(), and replace most PL_DHashTableLookup() calls with it. r=froydnj.
...
It feels safer to use a function with a new name, rather than just changing the
behaviour of the existing function.
For most of these cases the PL_DHashTableLookup() result was checked with
PL_DHASH_ENTRY_IS_{FREE,BUSY} so the conversion was easy. A few of them
preceded that check with a useless null check, but the intent of these was
still easy to determine.
I'll do the trickier ones in subsequent patches.
2015-01-22 21:06:55 -08:00
David Keeler
d043f815ec
bug 1125503 - when canonicalizing hostnames, check string length before calling Last() r=mmc
2015-01-26 12:47:50 -08:00
Cykesiopka
5167ffd003
Bug 691148 - Remove unused strings from pipnss.properties. r=keeler
2015-01-26 21:30:00 +01:00
Chris Peterson
bd3e661f2d
Bug 1125592 - Fix -Wmaybe-uninitialized warning in security/manager/ssl/src/nsNSSASN1Object.cpp. r=dkeeler
2015-01-23 22:58:43 -08:00
Phil Ringnalda
0df0968ebe
Merge m-i to m-c, a=merge
2015-01-24 08:27:17 -08:00
ffxbld
2a36acca4c
No bug, Automated HPKP preload list update from host bld-linux64-spot-127 - a=hpkp-update
2015-01-24 03:27:50 -08:00
ffxbld
5346825c50
No bug, Automated HSTS preload list update from host bld-linux64-spot-127 - a=hsts-update
2015-01-24 03:27:48 -08:00
Cykesiopka
e1b3097b36
Bug 1077790 - Tests. r=keeler
2015-01-22 13:50:06 -08:00
David Keeler
d57bb36810
bug 1114882 - allow nsICryptoHash to be used in a content process r=mayhemer
2015-01-16 11:59:25 -08:00
Wes Kocher
f2fccc7054
Backed out changeset 7811ebf7e321 (bug 1114882) for Android S4 orange on a CLOSED TREE
2015-01-21 17:24:36 -08:00
Raymond Etornam Agbeame(:retornam)
c744e27855
Bug 1109235 - remove nsIStreamCipher and implementation r=keeler
2015-01-22 16:02:30 -08:00
David Keeler
b115436002
bug 1114882 - allow nsICryptoHash to be used in a content process r=mayhemer
2015-01-16 11:59:25 -08:00
Ryan VanderMeulen
ab5614b717
Merge inbound to m-c. a=merge
2015-01-20 22:12:46 -05:00
ffxbld
f16b272dc6
No bug, Automated HPKP preload list update from host bld-linux64-spot-1001 - a=hpkp-update
2015-01-20 15:17:19 -08:00
ffxbld
57179e1be6
No bug, Automated HSTS preload list update from host bld-linux64-spot-1001 - a=hsts-update
2015-01-20 15:17:17 -08:00
Nicholas Nethercote
9a918a72c0
Bug 1123151 (part 2) - Add PLDHashTable::IsInitialized(). r=froydnj.
...
This encapsulates most of the uses of PLDHashTable::ops.
2015-01-19 16:11:34 -08:00
Nicholas Nethercote
fa52a2c4c9
Bug 1123151 (part 1) - Set PLDHashTable::ops consistently. r=froydnj.
...
Currently the setting of PLDHashTable::ops is very haphazard.
- PLDHashTable has no constructor, so it's not auto-nulled, so lots of places
null it themselves.
- In the fallible PLDHashTable::Init() function, if the entry storage
allocation fails we'll be left with a table that has |ops| set -- indicating
it's been initialized -- but has null entry storage. I'm not certain this can
cause problems but it feels unsafe, and some (but not all) callers of Init()
null it on failure.
- PLDHashTable does not null |ops| in Finish(), so some (but not all) callers
do this themselves.
This patch makes things simpler.
- It adds a constructor that zeroes |ops|.
- It modifies Init() so that it only sets |ops| once success is ensured.
- It zeroes |ops| in Finish().
- Finally, it removes all the now-unnecessary |ops| nulling done by the users
of PLDHashTable.
2015-01-19 16:01:24 -08:00
David Keeler
0b57449e27
bug 1123374 - fix CertBlocklist initialization when revocations.txt does not exist r=mgoodwin
2015-01-20 10:18:29 -08:00
Masatoshi Kimura
0846c8ac1d
Bug 1120393 - unittest to ensure nsITransportSecurityInfo.errorCode is correctly serialized. r=keeler
2015-01-16 21:48:38 +09:00
Masatoshi Kimura
3ec67da41d
Bug 1120393 - Serialize/deserialize nsITransportSecurity.errorCode. r=keeler
2015-01-16 21:48:38 +09:00
Birunthan Mohanathas
a2efd69daa
Bug 1060696 - Remove NS_INIT_ISUPPORTS. r=froydnj
2015-01-16 07:34:46 +02:00
Nicholas Nethercote
14f46aac14
Bug 1121304 (part 2, attempt 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj.
2015-01-14 14:35:56 -08:00
Phil Ringnalda
cb85f01b15
Backed out 2 changesets (bug 1121304) for consistent b2g hangs in webgl-color-test.html?frame=1&__&preserve&premult&_____
...
Backed out changeset 20651ac19549 (bug 1121304)
Backed out changeset 758afec77c95 (bug 1121304)
2015-01-14 22:02:23 -08:00
Nicholas Nethercote
60d7115c86
Bug 1121304 (part 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj.
2015-01-14 14:35:56 -08:00
Nicholas Nethercote
c4c1173204
Bug 1120476 (part 4) - Remove PLDHashTableOps::finalize. r=froydnj.
2015-01-13 19:02:35 -08:00
Nicholas Nethercote
7c92773a6f
Bug 1120476 (part 3) - Remove PLDHashTable::data. r=froydnj.
2015-01-13 16:42:13 -08:00
Brian Smith
a55759cd92
Bug 1115906, Part 2: Annotate classes and member functions with override and final, r=keeler
2015-01-13 16:54:10 -08:00
Brian Smith
8c8b82fc94
Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler
2015-01-07 14:53:11 -08:00
Mike Hommey
09eca4aa01
Bug 1120937 - Properly initialize the session field from C_OpenSession in the PKCS#11 test module. r=dkeeler
2015-01-14 15:18:50 +09:00
Cykesiopka
8a1c12356d
Bug 1120098 - Re-enable test_ocsp_timeout.js on Windows. r=dkeeler
2015-01-10 08:41:00 +01:00
Steve Singer
b596b7d1fe
Bug 1120125 - Fix compile error on big endian platforms. r=keeler
2015-01-10 14:31:00 +01:00
David Keeler
b03e9b919f
bug 1065909 - canonicalize hostnames in nsSiteSecurityService and PublicKeyPinningService r=mmc
2015-01-09 09:46:05 -08:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
02a6ae6ff4
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused
2015-01-07 06:08:00 +01:00
Ehsan Akhgari
bd52bd3f4e
Bug 1118486 - Part 1: Use = delete
instead of MOZ_DELETE directly; r=Waldo
...
Most of this patch (with the exception of dom/bindings/Codegen.py) was
generated by the following bash script:
#!/bin/bash
function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
! -wholename "*security/nss*" \
! -wholename "*/.hg*" \
! -wholename "*/.git*" \
! -wholename "obj-*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_DELETE '= delete'
2015-01-08 23:19:05 -05:00
David Keeler
98173efa0b
bug 1101194 - follow-up to fix bustage in TestCertDB r=bustage on a CLOSED TREE
...
Turns out there was a code path that resulted in attempting to acquire a lock
on the DataStorage mutex when one had already been acquired, resulting in
deadlock. This fixes it.
2015-01-08 10:56:07 -08:00
David Keeler
fd61efce36
bug 1101194 - add telemetry for DataStorage table size r=mgoodwin
2015-01-07 13:23:07 -08:00
Cykesiopka
a7c74a8344
Bug 989485 - Split test_cert_eku.js into multiple files to avoid time outs. r=keeler
2015-01-08 01:15:00 -05:00
Michael Pruett
c1d94593ae
Bug 1118024 - Use new PL_DHashTable{Add,Lookup,Remove} functions. r=nfroyd
2015-01-05 20:27:28 -06:00
David Keeler
b5e27bf11e
bug 1114741 - have nsRandomGenerator guard against NSS shutdown r=jcj
...
nsRandomGenerator uses NSS resources but does not prevent against NSS shutting
down while doing so. To fix this, nsRandomGenerator must implement
nsNSSShutDownObject.
2015-01-05 16:11:26 -08:00
Ehsan Akhgari
ae3cd2efdb
Bug 1116559 - Remove the code to handle shutdown-cleanse from the cert override service code; r=keeler
...
shutdown-cleanse has not been a thing for quite a while.
2015-01-05 21:01:27 -05:00
Andrew Bartlett
c89715476a
Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
...
NTLMv2 is the default.
This adds a new preference:
network.ntlm.force-generic-ntlm-v1
This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.
To support this, we also:
- Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"
- Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"
- Remove LM code from internal NTLM handler
The LM response should essentially never be sent, the last practical
use case was CIFS connections to Windows 9X, I have never seen a web
server that could only do LM
It is removed before the NTLMv2 work is done so as to avoid having 3
possible states here (LM, NTLM, NTLMv2) to control via preferences.
Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-22 15:55:00 -05:00
Phil Ringnalda
6c4fc4e249
Merge m-i to m-c, a=merge
2015-01-03 20:02:33 -08:00
ffxbld
2ec8f6a06a
No bug, Automated HPKP preload list update from host bld-linux64-spot-100 - a=hpkp-update
2015-01-03 03:20:27 -08:00
ffxbld
f18bb21ede
No bug, Automated HSTS preload list update from host bld-linux64-spot-100 - a=hsts-update
2015-01-03 03:20:25 -08:00
David Erceg
8927ea5bc7
Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler
2014-12-22 20:26:49 +11:00
Ehsan Akhgari
a5a4deacc5
Bug 1115076 - Wait for about:privatebrowsing to load in test_sts_privatebrowsing_perwindowpb.html; r=jdm
2014-12-31 09:32:03 -05:00
Ehsan Akhgari
c30ba4c1d7
Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith
2015-01-02 09:02:04 -05:00
ffxbld
9eff036676
No bug, Automated HPKP preload list update from host b-linux64-ix-0002 - a=hpkp-update
2014-12-27 03:21:29 -08:00
ffxbld
6cc4f9e5fd
No bug, Automated HSTS preload list update from host b-linux64-ix-0002 - a=hsts-update
2014-12-27 03:21:25 -08:00
Tom Schuster
7c4bae7af7
Bug 1110835 - Simplify some code nsSecureBrowserUIImpl around UpdateSecurityState. r=keeler
2014-12-25 21:31:11 +01:00
Masatoshi Kimura
507586aa3c
Bug 1114295 - Remove the dead pref for TLS_DHE_DSS_WITH_AES_128_CBC_SHA. r=keeler
2014-12-24 22:21:12 +09:00
Tom Schuster
95cbfb29c4
Bug 764496 - Make EV detection work in content processes. r=keeler,kanru
2014-12-24 14:04:24 +01:00
Carsten "Tomcat" Book
10610f2aef
Backed out changeset 8fd0df8e208c (bug 423758) for bustage
2014-12-22 09:05:34 +01:00
Andrew Bartlett
7c4547c771
Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
...
NTLMv2 is the default.
This adds a new preference:
network.ntlm.force-generic-ntlm-v1
This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.
To support this, we also:
- Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"
- Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"
- Remove LM code from internal NTLM handler
The LM response should essentially never be sent, the last practical
use case was CIFS connections to Windows 9X, I have never seen a web
server that could only do LM
It is removed before the NTLMv2 work is done so as to avoid having 3
possible states here (LM, NTLM, NTLMv2) to control via preferences.
Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-18 17:25:00 +01:00
Phil Ringnalda
47c63e05f9
Merge m-c to m-i
...
--HG--
extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e
2014-12-20 12:19:27 -08:00
ffxbld
a95f358b50
No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update
2014-12-20 03:20:57 -08:00
ffxbld
4d39a09cfa
No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update
2014-12-20 03:20:56 -08:00
Michael Wu
f5bfa94c08
Bug 1103816 - Add support for gonk-L to android_stub.h, r=glandium
2014-12-16 21:35:09 -05:00
Blake Kaplan
d3bf06c398
Bug 1113313 - Rename these functions to better reflect what they do. r=billm
...
--HG--
extra : rebase_source : ae61b3dd6dd5ce50a131a640060d7be57e562e4d
2014-12-19 12:07:04 -05:00
Brian Smith
7ba9cd2249
Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler
...
--HG--
extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea
2014-12-15 20:49:42 -08:00
Brian Smith
f6f98ab137
Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab
2014-12-04 20:55:15 -08:00
Brian Smith
d5f76e041e
Bug 1111397, Part 2: Remove test_bug484111.html, r=keeler
...
--HG--
extra : rebase_source : 56617ea82e9028295203173d1ea5e6ccfdbf9722
2014-12-14 21:51:26 -08:00
Brian Smith
4c07ad4887
Bug 952863, Part 2: Remove dead code for non-ECDHE TLS False Start, r=keeler
...
--HG--
extra : rebase_source : 47ee95682f769b8e10aaf55b0f4fccfef1fcdea0
2014-12-10 10:13:18 -08:00
Nathan Froyd
2d3c1a8560
Bug 1112608 - use GENERATED_INCLUDES in security/manager/{boot,pki}/src/; r=mshal
...
The sole use of Makefile.in in the security/manager/{boot,pki}/src/
directories is so we can add $(DIST)/public/nss to INCLUDES.
GENERATED_INCLUDES can be used to handle this case instead, at the cost
of hardcoding the path to $(DIST). This seems reasonable enough, since
a number of moz.build files already know about dist/ and its location
within the objdir.
2014-12-17 11:02:19 -05:00
Brian Smith
9737598e7c
Bug 952863, Part 1: Require ECDHE for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : d983e440de5be7c097a3e0f4afe0de805c540919
2014-12-12 11:39:01 -08:00
Masatoshi Kimura
6edff5968f
Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus
2014-12-13 20:09:01 +09:00
Brian Smith
36a90ed8ee
Bug 1084025, Part 3: Clean up some bits, r=keeler, r=emk
...
--HG--
extra : rebase_source : 7aa1de4e9c391bf3e3cd5df79c62fff4546a8c67
2014-12-12 16:42:41 -08:00
Brian Smith
ddd90fc492
Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler
...
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
2014-12-11 23:22:35 -08:00
Monica Chew
926900820d
Bug 1101969: Disable pinning on media.mozilla.com (r=keeler)
2014-12-12 09:10:57 -08:00
Monica Chew
1c63529d8f
Bug 1004781: Enable pinning for facebook in production mode (r=keeler)
2014-12-12 09:10:53 -08:00
Brian Smith
a7a7679e74
Bug 940787: Stop requiring ALPN/NPN for False Start, r=keeler
...
--HG--
extra : rebase_source : f8946e1fc631f2458807a559104a1dca01f444ac
2014-12-10 10:50:48 -08:00
Brian Smith
3612b61bdf
Bug 1109766: Require AES-GCM for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : 8370c628863e644131ed1fbe6b8e49b5dc1215dc
2014-12-10 10:19:00 -08:00
Brian Smith
08f28ca9b5
Bug 861310: Require TLS 1.2 for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : d4bb253a84270c84acdf7ed4f84bc0186231e521
2014-12-10 10:04:45 -08:00
Cykesiopka
f4adc3137f
Bug 1109252 - Make remaining PSM test cert generation scripts print out cert information as necessary. r=keeler
2014-12-10 21:32:00 +01:00
Cykesiopka
43c4cab0c6
Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler
2014-12-09 12:07:00 -05:00
Cykesiopka
8df09bdcf2
Bug 978426 - Re-enable test_sts_preloadlist_perwindowpb.js on B2G. r=dkeeler
2014-12-09 11:37:00 +01:00
Brian Smith
4f0b5d793a
Bug 1107787: Disable TLS_DHE_DSS_WITH_AES_128_CBC_SHA, r=keeler
...
--HG--
extra : rebase_source : 063d859c69adc8deba9d1842f4bd42a9b862bbe5
2014-12-04 19:50:58 -08:00
Brian Smith
eb97a4eb5a
Bug 1037098: Remove preferences for cipher suites disabled in bug 1036765, r=keeler
...
--HG--
extra : rebase_source : b033bea062c8cafecd93830fa54f4cf184fa28df
2014-12-04 19:47:17 -08:00
Ryan VanderMeulen
05d42674b2
Backed out changesets fb903f13f215, 9c5c712698e4, and 36d257ead3da (bug 1092835) for causing test_csp_allow_https_schemes.html permafail on Android 2.3.
...
CLOSED TREE
2014-12-09 14:00:47 -05:00
Masatoshi Kimura
c669e4c53f
Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus
2014-12-10 00:54:06 +09:00
Masatoshi Kimura
7bbfc6348c
Bug 1093724 - Add a range check to the TLS version prefs loading code. r=keeler
2014-12-09 21:48:29 +09:00
Masatoshi Kimura
5f2852c277
Bug 1084025 - Add telemetry to measure failures due to not falling back. r=keeler
2014-12-09 07:19:05 +09:00
Carsten "Tomcat" Book
ad27337e2a
merge mozilla-inbound to mozilla-central a=merge
2014-12-08 12:48:58 +01:00
ffxbld
d25b6bf01d
No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update
2014-12-06 03:20:43 -08:00
ffxbld
f4ba31b941
No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update
2014-12-06 03:20:41 -08:00
Cykesiopka
f885b51be2
Bug 1085074 - Part 3 - Update inadequately sized Delegated Signer cert. r=briansmith
2014-12-07 20:42:00 +01:00
Cykesiopka
5353aea9a4
Bug 1085074 - Part 2 - Use explicit bit sizes for key size cert file names. r=briansmith
2014-12-07 20:41:00 +01:00
Cykesiopka
10ea8d764d
Bug 1085074 - Part 1 - Use adequate/OK and inadequate/notOK to refer to sizes for key size tests. r=briansmith
2014-12-07 20:23:00 +01:00
Cykesiopka
c246745fc5
Bug 1009158 - Fix and re-enable PSM xpcshell tests that would previously time out on Android due to LD_LIBRARY_PATH issues. r=keeler
2014-12-03 09:15:00 +01:00
Masatoshi Kimura
b15a7ac118
Bug 1102632 - Stop triggering non-secure fallback for SSL_ERROR_UNSUPPORTED_VERSION. r=keeler
2014-12-02 20:33:24 +09:00
Jan Beich
7614ac358a
Bug 1105851 - Unbreak non-unified non-SPS build after 1054498. r=jcj
2014-11-30 21:27:45 +01:00
ffxbld
8256862b03
No bug, Automated HPKP preload list update from host b-linux64-ix-0005 - a=hpkp-update
2014-11-29 03:19:59 -08:00
ffxbld
64ebeeaadb
No bug, Automated HSTS preload list update from host b-linux64-ix-0005 - a=hsts-update
2014-11-29 03:19:56 -08:00
Carsten "Tomcat" Book
50164ea992
Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage
2014-11-27 16:30:41 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
614a479757
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused
2014-11-27 04:12:00 +01:00
Masatoshi Kimura
ca37b76217
Bug 1092998 - Followup to address review comments. r=keeler
2014-11-27 21:39:33 +09:00
Blake Kaplan
acc1904cd3
Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler
2014-11-26 14:28:28 -08:00
Masatoshi Kimura
686218a47c
Bug 1092998 - Deal with "cipher mismatch intolerant" servers. r=keeler
2014-11-27 07:19:11 +09:00
Cykesiopka
48f2c9d1de
Bug 1103336 - Fix and re-enable PSM xpcshell tests that don't use add_tls_server_setup() on Android. r=dkeeler
2014-11-22 00:08:00 +01:00
Richard Barnes
bec314ca7d
Bug 968817 - Only accept certs for server TLS which use EKU (and which assert the TLS Server Authentication EKU) r=keeler
2014-11-24 20:33:50 -05:00
Richard Barnes
6ecf105112
Bug 1088255 - Collect telemetry on CAs that appear in valid cert chains r=keeler
2014-11-07 16:26:46 -05:00
ffxbld
43ebc0b81a
No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update
2014-11-22 03:19:44 -08:00
ffxbld
697badb259
No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update
2014-11-22 03:19:41 -08:00
David Keeler
c637dcccd7
bug 1091232 - update PSM data structures that are affected by root CA changes r=mmc
2014-11-18 16:41:18 -08:00
Cykesiopka
364fdddd4b
Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler
2014-11-17 21:12:00 +01:00
Monica Chew
a50d73f349
Bug 1092606: Filter out duplicate pinsets as well as domains (r=keeler)
2014-11-17 12:54:42 -08:00
Cykesiopka
169234c9f2
Bug 1084606 - Allow overrides for MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE. r=dkeeler
2014-11-11 00:59:00 +01:00
Gregory Szorc
fc49af35ef
Merge inbound to m-c; a=merge
...
--HG--
extra : amend_source : 2e89bf359e356566aee6b04bb864979539e1c90d
2014-11-15 13:57:08 -08:00
ffxbld
e0393c1572
No bug, Automated HPKP preload list update from host b-linux64-ix-0011 - a=hpkp-update
2014-11-15 03:21:19 -08:00
ffxbld
a5a71a3a65
No bug, Automated HSTS preload list update from host b-linux64-ix-0011 - a=hsts-update
2014-11-15 03:21:16 -08:00
David Keeler
e22ff7388d
bug 940994 - follow-up to fix some issues that were missed in review r=mmc
2014-11-14 16:46:23 -08:00
Monica Chew
5a029358aa
Bug 1098288: Enable pinning on spideroak (r=keeler)
2014-11-14 11:17:40 -08:00
Cykesiopka
9415acbacf
Bug 1057035 - Fix terminology used in the certificate exception dialog. r=keeler
2014-10-27 21:06:00 -04:00
Masatoshi Kimura
aa8411b8a7
Bug 1093595 - Change strings to add a description about weak encryption. r=dolske
2014-11-11 07:29:44 +09:00
Masatoshi Kimura
afe67213d6
Bug 1093595 - Treat SSL3 and RC4 as broken. r=keeler
2014-11-11 07:29:44 +09:00
Carsten "Tomcat" Book
1d9d0ab094
merge mozilla-inbound to mozilla-central a=merge
2014-11-10 14:24:51 +01:00
ffxbld
c47a5e7e72
No bug, Automated HPKP preload list update from host bld-linux64-spot-144 - a=hpkp-update
2014-11-08 03:20:20 -08:00
ffxbld
d3c9b77c3e
No bug, Automated HSTS preload list update from host bld-linux64-spot-144 - a=hsts-update
2014-11-08 03:20:17 -08:00
Monica Chew
9213772797
Bug 1030135: Promote pin for services.mozilla.com to production mode (r=keeler)
2014-11-07 12:00:50 -08:00
Shashank Sabniveesu
417a6677dd
Bug 940994 - Adding '.p7b' to 'known file types' list of 'Certificate Manager'. r=keeler
2014-10-07 14:30:00 +02:00
Chris Peterson
3cc7f37dce
Bug 1095926 - Fix -Wcomment warning in OCSP test and mark some OCSP tests as FAIL_ON_WARNINGS. r=briansmith
2014-10-11 20:13:45 -07:00
Michael Ratcliffe
a82f5ad5b7
Bug 1090913 - Make mochitests fail when it has 0 passes and 0 fails r=jmaher
2014-11-05 16:00:52 +00:00
David Keeler
300db0692c
bug 1039642 - follow-up to fix non-unified build bustage (missing include and namespace) r=bustage a=metered
2014-11-06 14:23:21 -08:00
David Keeler
845d78bfd2
bug 1039642 - clean up the implementation of nsPkcs11 for style and safety r=jcj r=mmc a=metered
2014-11-05 14:05:46 -08:00
David Keeler
5566eb0f2e
bug 1039642 - test that smart card events are no longer emitted after removing a PKCS#11 module r=jcj r=mmc a=metered
...
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js => security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
2014-11-05 13:54:21 -08:00
David Keeler
036550c543
bug 1039642 - stop PKCS#11 module threads before deleting them r=jcj r=mmc a=metered
2014-11-05 13:53:28 -08:00
Dragana Damjanovic
3899655299
Bug 1087213 - Implenent bind function in nsNSSIOLayer. r=honza
2014-10-22 02:06:00 +02:00
Monica Chew
162feb18f0
Bug 1004781: Remove unnecessary cert for facebook (r=keeler)
2014-11-04 10:54:26 -08:00
Monica Chew
d7bbb7d49f
Bug 1092606: Don't import Chromium pinsets for domains that are already in our list (r=keeler,jcj)
2014-11-04 10:53:52 -08:00
ffxbld
4789a66b33
No bug, Automated HPKP preload list update from host b-linux64-ix-0009 - a=hpkp-update
2014-11-01 03:19:47 -07:00
ffxbld
4fc941058a
No bug, Automated HSTS preload list update from host b-linux64-ix-0009 - a=hsts-update
2014-11-01 03:19:44 -07:00
Garrett Robinson
e35ae3c8b0
Bug 846489 - Part 1 - Expose error code on TransportSecurityInfo. r=keeler
2014-10-30 12:50:00 +01:00
Carsten "Tomcat" Book
e42a610706
Backed out changeset 5fb2f4662098 (bug 846498) for wrong bug number in commit message
2014-10-31 10:03:53 +01:00
Masatoshi Kimura
a45afaca87
Bug 1088915 - Stop offering RC4 in the first handshakes. r=keeler
2014-10-22 01:11:29 +09:00
Masatoshi Kimura
9d20a17351
Bug 947149 - Remove useless and even misleading word and dead code. r=keeler, dolske
2014-10-30 15:22:00 +01:00
Garrett Robinson
e306036c5a
Bug 846498 - Expose error code on TransportSecurityInfo. r=keeler
2014-10-30 12:50:00 +01:00
Brian Smith
8f74650db9
Reland Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : 3a5e3bc2e113035e9c88b571bac68f3dbe2c8f04
2014-10-28 15:28:38 -07:00
Monica Chew
d3ab192815
Bug 1004781: Actually remove the pinset (r=keeler)
2014-10-30 16:21:09 -07:00
Monica Chew
a8f153ca18
Bug 1004781: Remove our pinset for facebook since it's in chromium now (r=keeler)
2014-10-30 16:14:19 -07:00
David Keeler
69bca53cc3
bug 1085509 - follow-up to include forgotten Telemetry.h header (non-unified build bustage) r=bustage
2014-10-30 13:12:01 -07:00
David Keeler
c2579f15fc
bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj
2014-10-29 16:25:16 -07:00
David Keeler
d5194db4e6
bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc
2014-10-24 10:46:30 -07:00
Carsten "Tomcat" Book
19eb2582af
Backed out changeset b4665be856d7 (bug 1089305) for frequent b2g/android xpcshell test failures
2014-10-30 15:26:02 +01:00
Cykesiopka
4c6894dd96
Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler
2014-10-29 11:09:00 +01:00
Martin Thomson
38ee78fb15
Bug 1088950 - Adding some testing. r=dkeeler
2014-10-27 17:48:00 +01:00
Martin Thomson
207b89547b
Bug 1088950 - Fix handling of inappropriate_fallback alert. r=keeler
2014-10-27 17:47:00 +01:00
Mike Hommey
21ec48314e
Bug 1077148 part 4 - Add and use new moz.build templates for Gecko programs and libraries. r=gps
...
There are, sadly, many combinations of linkage in use throughout the tree.
The main differentiator, though, is between program/libraries related to
Gecko or not. Kind of. Some need mozglue, some don't. Some need dependent
linkage, some standalone.
Anyways, these new templates remove the need to manually define the
right dependencies against xpcomglue, nspr, mozalloc and mozglue
in most cases.
Places that build programs and were resetting MOZ_GLUE_PROGRAM_LDFLAGS
or that build libraries and were resetting MOZ_GLUE_LDFLAGS can now
just not use those Gecko-specific templates.
2014-10-30 13:06:12 +09:00
Brian Smith
55f774a344
Back out cset 9b72d139e817 (Bug 1063281, Part 9) due to compatibility regressions on a CLOSED TREE, a=ryanvm
...
--HG--
extra : rebase_source : cd9b43c3f66df3c5de337f2013fe61fae798b3ba
2014-10-28 12:30:53 -07:00
Carsten "Tomcat" Book
ffea0ebdf8
Backed out changeset 50650e0f0edf (bug 1085509) for causing perma failure in win7 xperf
2014-10-28 14:10:38 +01:00
Carsten "Tomcat" Book
e6900d5f95
Backed out changeset b591ad43d53e (bug 1085509)
2014-10-28 14:09:44 +01:00
David Keeler
e4b1242898
bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj
2014-10-27 09:32:33 -07:00
David Keeler
a9dd52d60a
bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc
2014-10-24 10:46:30 -07:00
ffxbld
a0de621feb
No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update
2014-10-25 03:19:28 -07:00
ffxbld
e7a10649f0
No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update
2014-10-25 03:19:26 -07:00
Tom Schuster
0cece61bf9
Bug 886752 - Show TLS/SSL version in page info dialog. r=dao
2014-10-24 13:53:35 +02:00
Tom Schuster
86fd344b7d
Bug 886752 - Add TLS version to SSLStatus and additional cleanup. r=keeler
2014-10-24 13:53:34 +02:00
Brian Smith
be86e7036f
Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : 340eb682ba1f9dbd51652438433e7d0196494e1f
2014-09-21 17:43:29 -07:00
David Keeler
8102e18fce
backout f69fa3c13d1f (bug 1085509) for causing test_cert_overrides.js to fail
2014-10-23 11:50:17 -07:00