Mike Hommey
57f05db8a5
Bug 1225682 - Don't use nsAuto{,C}String as class member variables in security/manager/. r=keeler
2015-12-02 11:04:37 +09:00
Cykesiopka
d3496ca93e
Bug 1224968 - Support public key input to unbreak periodic HPKP updates. r=keeler
...
be448badb1
%5E!/#F0 switched SHA1 hashes to public keys for static pins. This broke genHPKPStaticPins.js and thus periodic HPKP updates, since the file doesn't handle public keys.
The changes here mostly mirror ba1f296240
.
2015-12-01 00:30:00 +01:00
Cykesiopka
48152475d6
Bug 1228794 - Convert test_getchain.js to generate certificates at build time. r=keeler
...
With this change, CertUtils.py is no longer needed.
2015-12-01 00:28:00 +01:00
Bogdan Postelnicu
aea0abf4da
Bug 1228346 - initialize mOCSPMustStapleEnabled in constructor. r=dkeeler
2015-11-26 07:40:00 +01:00
David Keeler
a0a0bd8a2c
bug 986956 - only ever initialize NSS once per process r=Cykesiopka r=mgoodwin
...
As a consequence, if NSS is initialized when there is no profile directory, NSS
will not persist changes. Other failures may occur (e.g. see bug 1216882).
2015-11-19 13:31:52 -08:00
Mark Goodwin
39bf94580b
Bug 1227970 - Perform preference checks to allow OCSP Bypass for OneCRL via Kinto r=keeler
2015-11-26 16:57:21 +00:00
Carsten "Tomcat" Book
46bd94b7de
Merge mozilla-central to mozilla-inbound
2015-11-25 13:57:30 +01:00
Jonathan Hao
db70215456
Bug 1225422 - Update the PrivilegedPackageRoot certificate. r=keeler
2015-11-19 15:08:05 +08:00
Julian Hector
62aebd2a01
Bug 1215303 - Part 2 - automatically enable broker when in permissive mode r=jld
2015-11-13 12:29:47 +00:00
Julian Hector
4a50cad8bc
Bug 1215303 - Part 1 - add permissive mode r=jld
2015-11-13 12:27:45 +00:00
Ben Bucksch
fcfe70ba4a
Bug 1200802 - Accept RFC1929 SOCKS credentials in proxyInfo. r=michal
2015-11-24 22:56:00 +01:00
Carsten "Tomcat" Book
e8329a26bf
merge mozilla-inbound to mozilla-central a=merge
2015-11-23 14:08:50 +01:00
ffxbld
ea3cd557b2
No bug, Automated HPKP preload list update from host bld-linux64-spot-1073 - a=hpkp-update
2015-11-21 03:49:57 -08:00
ffxbld
d1065e576b
No bug, Automated HSTS preload list update from host bld-linux64-spot-1073 - a=hsts-update
2015-11-21 03:49:55 -08:00
Mark Goodwin
18e5fc3212
Bug 1224467 - Add a preference for controlling whether oneCRL blocklists are updated via AMO. Also add a test. r=keeler,mossop
2015-11-18 11:53:54 +00:00
Carsten "Tomcat" Book
e53fe2c40e
Merge mozilla-central to mozilla-inbound
2015-11-17 12:33:46 +01:00
Carsten "Tomcat" Book
72a2bb1a1b
merge fx-team to mozilla-central a=merge
2015-11-17 12:10:03 +01:00
ffxbld
73f130af61
No bug, Automated HPKP preload list update from host bld-linux64-spot-383 - a=hpkp-update
2015-11-17 00:44:58 -08:00
ffxbld
65e938363c
No bug, Automated HSTS preload list update from host bld-linux64-spot-383 - a=hsts-update
2015-11-17 00:44:56 -08:00
Cykesiopka
df3c0999ef
Bug 1224478 - Replace do_check_* calls with their Assert.jsm equivalents in PSM xpcshell tests. r=keeler
...
Also replaces if-do_throw() blocks with equivalent Assert.jsm method calls.
2015-11-16 22:53:00 +01:00
Wes Kocher
20a6f667ce
Merge m-c to fx-team, a=merge
2015-11-16 17:28:26 -08:00
Panos Astithas
d57e1f69aa
Make 'Go Back' button work even when there is nothing to go back to (bug 1221084); r=paolo
2015-11-16 15:37:27 +02:00
Cykesiopka
bc1f70ae1c
Bug 1224481 - Comment out CA certs removed in NSS 3.21 in PreloadedHPKPins.json to keep periodic Static HPKP updates working. r=dkeeler
2015-11-13 07:28:28 -08:00
Cykesiopka
fefb703f63
Bug 1222903 - Reject EV status for EV EE certs that are valid for longer than 27 months as well. r=keeler
2015-11-13 07:42:00 +01:00
David Keeler
76e9b80948
bug 1222179 - remove unnecessary observation topics in nsNSSComponent r=Cykesiopka
...
nsNSSComponent would (unnecessarily) observe "profile-change-net-teardown" and
"profile-change-net-restore". Now it no longer does.
2015-11-12 16:21:33 -08:00
Mark Goodwin
39defcf9cc
Bug 921907 - Enable OCSP must-staple. r=keeler
2015-11-20 11:44:25 +00:00
Kai Engert
38c05169d7
Bug 1211568, land NSS_3_21_RTM r=martin.thomson, and adjust Makefiles r=mh
2015-11-13 18:03:01 +01:00
Mark Goodwin
e64e269a0d
Bug 901698 - Some tests for OCSP-must-staple; r=keeler
2015-11-13 16:49:09 +00:00
Mark Goodwin
f2e92f7de5
Bug 901698 - Implement OCSP-must-staple; r=keeler
2015-11-13 16:49:08 +00:00
David Keeler
cbc6c51f4d
bug 1223466 - update extended validation information to deal with root removals in NSS 3.21 r=mgoodwin
...
These entries were removed:
from bug 1204962:
CN=TC TrustCenter Universal CA III,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE
SHA-256: 309B4A87F6CA56C93169AAA99C6D988854D7892BD5437E2D07B29CBEDA55D35D
SHA-1: 9656CD7B57969895D0E141466806FBB8C6110687
from bug 1204997:
CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
SHA-256: 793CBF4559B9FDE38AB22DF16869F69881AE14C4B0139AC788A78A1AFCCA02FB
SHA-1: D3C063F219ED073E34AD5D750B327629FFD59AF2
from bug 1208461:
CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
SHA-256: 85FB2F91DD12275A0145B636534F84024AD68B69B8EE88684FF711375805B348
SHA-1: 58119F0E128287EA50FDD987456F4F78DCFAD6D4
2015-11-10 10:13:18 -08:00
Wes Kocher
cfdc46c501
Merge m-c to inbound, a=merge
2015-11-11 17:12:26 -08:00
Masatoshi Kimura
451907567d
Bug 1219088 - Clear the session cache when a weak crypto override is revoked. r=keeler
2015-11-11 23:13:34 +09:00
Masatoshi Kimura
e178ef3a87
Bug 1223131 - Don't remove a host from the whitelist if the version fallback was needed. r=keeler
2015-11-12 07:18:37 +09:00
Ehsan Akhgari
356c8d7e00
Bug 1215723 - Part 5: Add an automated test; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
ae44b58442
Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
578bdf9ab2
Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
3990e391f4
Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
ef691b31b2
Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler
...
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
2015-11-02 12:33:00 -05:00
David Keeler
3054c9a868
bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg
2015-10-30 10:37:22 -07:00
Wes Kocher
a812810bc0
Backed out 5 changesets (bug 1215723) for android S4 bustage
...
Backed out changeset 2a945ce1cd40 (bug 1215723)
Backed out changeset dd7f58b60ddc (bug 1215723)
Backed out changeset 62dbb95bd79a (bug 1215723)
Backed out changeset b31ac98bb3c8 (bug 1215723)
Backed out changeset 228cdfaa82c1 (bug 1215723)
2015-11-06 15:19:35 -08:00
Ehsan Akhgari
e41fc0cb7d
Bug 1215723 - Part 5: Add an automated test; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
c1d63d7741
Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
592e4d1459
Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
df561bc070
Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
0b0f1310a6
Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler
...
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
2015-11-02 12:33:00 -05:00
David Keeler
5a8dc3d3e9
bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj
2015-10-26 16:02:19 -07:00
Wes Kocher
ca5597ab3a
Backed out changeset ae1885cf1fd6 (bug 1218596) for windows build bustage CLOSED TREE
2015-11-05 17:48:53 -08:00
Mike Hommey
7fd290435b
Bug 1221453 - Use ObjDirPaths for GENERATED_INCLUDES and merge with LOCAL_INCLUDES. r=gps
2015-11-06 09:59:21 +09:00
David Keeler
cf1fd97faa
bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj
2015-10-26 16:02:19 -07:00
Chris Manchester
964145e07d
Bug 1218999 - Back out changeset 5f32b2bcfa43 (bug 1188468) in favor of a more efficient solution. r=glandium
...
Bug 118468 landed an option for FileAvoidWrite to always write to an output
file, whether or not the contents would be changed. This was to address a
problem caused by not updating mtimes when building GENERATED_FILES, but
undoes the purpose of FileAvoidWrite and isn't really necessary.
This is addressed in a subsequent commit by unconditionally updating
mtimes when processing GENERATED_FILES.
2015-11-03 10:23:04 -08:00