David Keeler
e9ced1eb69
bug 1223466 - update extended validation information to deal with root removals in NSS 3.21 r=mgoodwin
...
These entries were removed:
from bug 1204962:
CN=TC TrustCenter Universal CA III,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE
SHA-256: 309B4A87F6CA56C93169AAA99C6D988854D7892BD5437E2D07B29CBEDA55D35D
SHA-1: 9656CD7B57969895D0E141466806FBB8C6110687
from bug 1204997:
CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
SHA-256: 793CBF4559B9FDE38AB22DF16869F69881AE14C4B0139AC788A78A1AFCCA02FB
SHA-1: D3C063F219ED073E34AD5D750B327629FFD59AF2
from bug 1208461:
CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
SHA-256: 85FB2F91DD12275A0145B636534F84024AD68B69B8EE88684FF711375805B348
SHA-1: 58119F0E128287EA50FDD987456F4F78DCFAD6D4
2015-11-10 10:13:18 -08:00
Wes Kocher
e985043b20
Merge m-c to inbound, a=merge
2015-11-11 17:12:26 -08:00
Masatoshi Kimura
90690d0be6
Bug 1219088 - Clear the session cache when a weak crypto override is revoked. r=keeler
2015-11-11 23:13:34 +09:00
Masatoshi Kimura
f9d7fecf8a
Bug 1223131 - Don't remove a host from the whitelist if the version fallback was needed. r=keeler
2015-11-12 07:18:37 +09:00
Ehsan Akhgari
308c9d2d90
Bug 1215723 - Part 5: Add an automated test; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
eef071165d
Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
484d64ec70
Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
c92d8a0ca2
Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
1dd2e913e3
Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler
...
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
2015-11-02 12:33:00 -05:00
David Keeler
a46370fe08
bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg
2015-10-30 10:37:22 -07:00
Wes Kocher
5a09d8b6b4
Backed out 5 changesets (bug 1215723) for android S4 bustage
...
Backed out changeset 2a945ce1cd40 (bug 1215723)
Backed out changeset dd7f58b60ddc (bug 1215723)
Backed out changeset 62dbb95bd79a (bug 1215723)
Backed out changeset b31ac98bb3c8 (bug 1215723)
Backed out changeset 228cdfaa82c1 (bug 1215723)
2015-11-06 15:19:35 -08:00
Ehsan Akhgari
0dff0071ed
Bug 1215723 - Part 5: Add an automated test; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
dc8c5815aa
Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
e0d3d2d905
Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
49884777a4
Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler
2015-10-30 15:30:00 -04:00
Ehsan Akhgari
d32e5b3c64
Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler
...
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
2015-11-02 12:33:00 -05:00
David Keeler
b2ec26b623
bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj
2015-10-26 16:02:19 -07:00
Wes Kocher
5ed08f03eb
Backed out changeset ae1885cf1fd6 (bug 1218596) for windows build bustage CLOSED TREE
2015-11-05 17:48:53 -08:00
Mike Hommey
405622a83e
Bug 1221453 - Use ObjDirPaths for GENERATED_INCLUDES and merge with LOCAL_INCLUDES. r=gps
2015-11-06 09:59:21 +09:00
David Keeler
3a8a0b48f7
bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj
2015-10-26 16:02:19 -07:00
Chris Manchester
111bc7fe80
Bug 1218999 - Back out changeset 5f32b2bcfa43 (bug 1188468) in favor of a more efficient solution. r=glandium
...
Bug 118468 landed an option for FileAvoidWrite to always write to an output
file, whether or not the contents would be changed. This was to address a
problem caused by not updating mtimes when building GENERATED_FILES, but
undoes the purpose of FileAvoidWrite and isn't really necessary.
This is addressed in a subsequent commit by unconditionally updating
mtimes when processing GENERATED_FILES.
2015-11-03 10:23:04 -08:00
Cykesiopka
2b2361521b
Bug 1110935 - Part 3 - Remove now unnecessary temp variables. r=keeler
2015-11-02 22:11:00 +01:00
Cykesiopka
d0e803ce31
Bug 1110935 - Part 2 - Remove ReentrantMonitor and ReentrantMonitorAutoEnter uses. r=keeler
2015-11-02 22:10:00 +01:00
Cykesiopka
ee4c4feb29
Bug 1110935 - Part 1 - Assert we're on the main thread on public methods. r=keeler
2015-11-02 22:09:00 +01:00
Phil Ringnalda
6516241a22
Back out changeset bda43f333e1a (bug 1211568) for "Could not find EV root in NSS storage" assertion failures
...
CLOSED TREE
2015-11-10 08:18:47 -08:00
Kai Engert
396e0be1b8
Bug 1211568, land NSS_3_21_RTM r=martin.thomson, and adjust Makefiles r=mh
2015-11-10 16:24:15 +01:00
Jed Davis
606dd22647
Bug 1207790 - Fix sandbox build for older Linux distributions. r=gdestuynder
2015-10-30 15:13:00 +01:00
Birunthan Mohanathas
94998cf5fe
Bug 1219392 - Capitalize mozilla::unused to avoid conflicts. r=froydnj
2015-11-02 07:53:26 +02:00
Cykesiopka
2c1b35effe
Bug 1186817 - Replace nsBaseHashtable::EnumerateRead() calls in security/ with iterators. r=keeler
2015-10-30 07:50:09 -07:00
David Keeler
bb353a6f75
bug 1218515 - flip pinning-test.badssl.com into production mode r=jcj DONTBUILD NPOTB
...
pinning-test.badssl.com is a test domain for preloaded HPKP (HTTP Public Key
Pinning - see RFC 7469). By specifying a pinset corresponding to no known keys,
this domain should fail with a key pinning error by default. Also, the
includeSubdomains option is set, so any subdomains should fail as well.
Since Gecko incorporates preloaded pinsets from Chromium, this pinset is already
defined. This patch merely switches it from test mode to production mode (well,
to be more accurate, this patch sets up the input for the automated script that
will make the code change that will put the pinset into production mode).
2015-10-26 14:39:25 -07:00
Birunthan Mohanathas
a535083ab4
Bug 1217320 - Remove more XPIDL signature comments in .cpp files. r=froydnj
...
Comment-only, DONTBUILD.
2015-10-27 06:54:25 +02:00
David Keeler
7e2b952d2b
bug 1217602 - remove nsIPKIParamBlock r=Cykesiopka
...
nsIPKIParamBlock was unnecessary.
2015-10-22 13:11:40 -07:00
Ryan VanderMeulen
4f1cd14d42
Merge m-c to inbound.
2015-10-24 15:03:15 -04:00
ffxbld
7672b0c6f2
No bug, Automated HPKP preload list update from host bld-linux64-spot-508 - a=hpkp-update
2015-10-24 03:47:13 -07:00
ffxbld
c6d7621996
No bug, Automated HSTS preload list update from host bld-linux64-spot-508 - a=hsts-update
2015-10-24 03:47:11 -07:00
Cykesiopka
87f2a205a9
Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=keeler
2015-10-23 05:13:00 -04:00
Jonathan Hao
1e4dab63ca
Bug 1216469 - Bypass verification for signed packages from trust origins. r=valentin
2015-10-22 17:09:44 +08:00
David Keeler
c255d7ef6c
bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin
...
nsPSMUITracker was problematic. Apparently it was originally intended to prevent
NSS shutdown while NSS-related UI operations were going on (such as choosing a
client certificate). However, when nsNSSComponent would receive the event that
told it to shutdown NSS, it would attempt to call
mShutdownObjectList->evaporateAllNSSResources(), which would call
mActivityState.restrictActivityToCurrentThread(), which failed if such a UI
operation was in progress. This actually prevented the important part of
evaporateAllNSSResources, which is the releasing of all NSS objects in use by
PSM objects. Importantly, nsNSSComponent didn't check for or handle this failure
and proceeded to call NSS_Shutdown(), leaving PSM in an inconsistent state where
it thought it was okay to keep using the NSS objects it had when in fact it
wasn't.
In any case, nsPSMUITracker isn't really necessary as long as we have the
nsNSSShutDownPreventionLock mechanism, which mostly works and is what we should
use instead (or not at all, if no such lock is needed for the operation being
performed (for example, if no NSS functions are being called)).
2015-10-16 14:31:57 -07:00
Jed Davis
5e497dda8b
Bug 1215734 - Expand GeckoMediaPlugin sandbox policy for Clang 3.7 ASan. r=kang
2015-10-22 11:19:37 -07:00
Andrew McCreight
1eb30d2a7c
Bug 1157515 - CipherSuiteChangeObserver should clean itself up. r=keeler
2015-10-22 09:21:51 -07:00
Martin Thomson
6addb61ebd
Bug 1211568 - Update NSS to 3.21 Beta 3, r=kaie
2015-10-23 11:39:23 -07:00
Masatoshi Kimura
50b87b30dd
Bug 1215796 - Remove the static fallback whitelist. r=keeler
2015-10-22 21:37:40 +09:00
Masatoshi Kimura
1dd29cc1ee
Bug 1214981 - Disable output stream buffering. r=keeler
2015-10-21 15:23:00 -04:00
Wes Kocher
0f94ff44a0
Merge b2ginbound to central, a=merge
2015-10-21 16:37:24 -07:00
Wes Kocher
49d831b1c1
Merge inbound to m-c a=merge
2015-10-21 16:28:43 -07:00
J. Ryan Stinnett
027c63e6bd
Bug 1203159 - Clean up various tests after DevTools resource move. r=me
2015-10-21 14:18:29 -05:00
Jonathan Hao
136b17693a
Bug 1178448 - Use imported CA in developer mode. r=keeler,valentin
2015-10-08 17:08:45 +08:00
Masatoshi Kimura
19952cfffc
Bug 1215795 - Fix documentation in nsIWeakCryptoOverride.idl. r=keeler IGNORE IDL
2015-10-20 20:29:56 +09:00
Carsten "Tomcat" Book
e59ff5b478
Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures
2015-10-20 12:40:18 +02:00
Kai Engert
2274132a18
Bug 1215200, NSPR_4_10_10_RTM and NSS 3_20_1_RTM, bump version requirements, r=keeler
2015-10-20 12:34:15 +02:00