Commit Graph

2026 Commits

Author SHA1 Message Date
ffxbld
67d1ab5218 No bug, Automated HSTS preload list update from host bld-linux64-spot-358 - a=hsts-update 2014-05-17 03:15:04 -07:00
Brian Smith
43e812bb41 Bug 1010634, Part 1: Fix compiler warnings in certverifier, r=cviecco
--HG--
extra : rebase_source : f8d925f042040368b038b62bc1d0c9d4d6d04618
2014-05-14 17:46:32 -07:00
Brian Smith
726599adbd Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
2014-05-15 18:59:52 -07:00
Brian Smith
4aaebcf1b7 Bug 1010581: Document Expect/Match/Skip terminology in mozilla::pkix::der and make that code more consistent, r=keeler
--HG--
extra : rebase_source : 12aa2e1e9eed4f32a75732a65cbfaba9789d5d39
2014-05-14 19:30:09 -07:00
Brian Smith
ac79ecb683 Bug 1006041: Use mozilla::pkix::der for decoding the extended key usage extension, r=keeler
--HG--
extra : rebase_source : b4b62f117d653784eb6ad058554faf520a1bd90b
2014-05-14 01:02:34 -07:00
Brian Smith
f9a6cb7aca Bug 989564, Part 2: Remove CERTCertificate dependency from CheckBasicConstraints, r=keeler
--HG--
extra : rebase_source : c0ce62f44109cbcdf65da770a1154814733a6b49
2014-04-25 20:27:27 -07:00
Brian Smith
07edc768dc Bug 989564, Part 1: Decode basic constraints extension using mozilla::pkix::der, r=keeler
--HG--
extra : rebase_source : 89560218a69596868cb8a93c69ee72656b0abf77
2014-05-05 09:55:57 -07:00
Monica Chew
7dfd0bdbe7 Bug 1007844: Implement per-host telemetry for pin violations for AMO and aus4 (r=keeler) 2014-05-15 16:56:51 -07:00
Monica Chew
8428812265 Bug 1006594: Implement moz-specific telemetry (r=keeler) 2014-05-14 16:36:46 -07:00
David Keeler
6b2d58cdbe backout dfc04fd0a41f (bug 1002814) for gtest breakage 2014-05-14 11:08:20 -07:00
David Keeler
8447893ea3 bug 1005266 - disable strict timeout checking in test_ocsp_timeout.js on WinXP because of frequent failures r=mmc 2014-05-14 09:57:10 -07:00
David Keeler
629dc525c2 bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith 2014-05-14 10:05:32 -07:00
Patrick McManus
0d145e63f3 bug 1006804 - psm interface for kea size and make kea available in preliminary handshake r=keeler r=honzab 2014-05-06 17:22:25 -04:00
Gervase Markham
d2053b443f Bug 1007195 - Change licensing on mozilla::pkix to dual Apache 2/MPL 2. r=briansmith. 2014-05-14 14:37:25 +01:00
Monica Chew
775d416af7 Bug 1009720: Telemetry for CERT_PINNING_TEST_RESULTS (r=keeler) 2014-05-13 13:50:13 -07:00
David Keeler
3660be1571 bug 1005355 - look for PSM test binaries in /data/local/xpcb/ on Android/B2G r=mmc 2014-05-12 14:38:00 -07:00
Monica Chew
e1cffc99ed Bug 772756: Implement sha1 support, import Chrome's pinsets wholesale, add test mode (r=cviecco,keeler) 2014-05-08 17:18:50 -07:00
Carsten "Tomcat" Book
07745cfb8e Merge mozilla-central to mozilla-inbound 2014-05-12 13:48:01 +02:00
Carsten "Tomcat" Book
012c32e909 merge mozilla-inbound to mozilla-central 2014-05-12 13:33:19 +02:00
ffxbld
ab22bc9ea2 No bug, Automated HSTS preload list update from host bld-linux64-spot-382 - a=hsts-update 2014-05-10 03:26:08 -07:00
Jacek Caban
1938b72484 Bug 1005309 - Fixed MSVC detection.
--HG--
extra : rebase_source : 0b61de1270eb861234539de675c2d381e217f55c
2014-05-12 11:01:22 +02:00
David Keeler
ec8d8ab69e bug 1005266 - specify a timeout for the socket in test_ocsp_timeout.js r=mmc 2014-05-09 15:17:43 -07:00
Camilo Viecco
3e488201d3 Bug 1007986 - Remove 1024 bit roots from mozilla pin list. r=mmc 2014-05-09 10:58:47 -07:00
David Keeler
2ca20b9cf4 bug 1007962 - CreateEncodedCertificate should take a SECItem as its serialNumber argument r=mmc 2014-05-08 15:33:38 -07:00
David Keeler
6ab0be36f4 bug 1007813 - match CreateEncodedCertificate declaration to its definition r=mmc 2014-05-08 11:51:50 -07:00
Wan-Teh Chang
4d8e8b3f86 Bug 979703: Update NSS to NSS_3_16_2_BETA1.
Fix bugs in intel-gcm-x86-masm.asm and re-enable the
Intel AES assembly code. (The fix is by Shay Gueron of Intel.)
Remove an unnecessary loop in intel-gcm-x64-masm.asm r=agl.
2014-05-08 14:28:47 -07:00
Monica Chew
59ec23eea7 Bug 1000354: Fix comment and make test clearer (r=keeler) 2014-05-07 15:48:23 -07:00
Bobby Holley
0a5fb33d0a Bug 997987 - Remove usage of nsIScriptSecurityManager::GetSubjectPrincipal. r=Ms2ger 2014-05-06 15:43:03 -07:00
Jed Davis
c3a76a64ec Bug 1004832 - Add tgkill to seccomp-bpf whitelist. r=kang 2014-05-02 16:57:00 +02:00
Camilo Viecco
7975f9a0c7 Bug 1006107 - Disable pining by default, setup pinning for *.addons.mozilla.org. r=dkeeler
--HG--
extra : rebase_source : 93b1dbd5dc31490424060729a3941deffa8ee1d5
2014-05-05 13:59:32 -07:00
Wan-Teh Chang
c0bf0a4283 Bug 993569: Update to NSS 3.16.1 and NSPR 4.10.5. r=kaie. 2014-05-05 13:51:39 -07:00
Monica Chew
f1a0dc002c Bug 1005364: Disable pinning for all mozilla properties (r=keeler) 2014-05-04 15:36:38 -07:00
Brian Smith
2dc3d8c884 Bug 1005667: Fix build warning due to buggy test code in pkixtestutil.cpp, r=dholbert 2014-05-04 11:04:48 -07:00
Brian Smith
3718837588 Bug 1005309, Part 2: Enable extended compiler warnings (-W4 -Wall) in mozilla::pkix, r=mmc
--HG--
extra : rebase_source : 033574a0b26582753baec003becfaf15bbd85003
extra : histedit_source : 2d52c47f92b8f694203c2eb580b37be78ccf2f9c
2014-05-03 17:50:26 -07:00
Brian Smith
00e0d8964b Bug 1005309, Part 1: Improve type conversion and error checking for hashing done in mozilla::pkix's pkixocsp.cpp. r=mmc
--HG--
extra : rebase_source : 79c248ebc45d722249ae7adbbd2527dc9985f6f0
extra : histedit_source : 8ea66942cec4252d9d7e625da22b5ad9964485a1
2014-05-02 11:53:06 -07:00
Brian Smith
ee7f4a5d76 Bug 1005256: Improve parameter validation in mozilla::pkix::der::Input::GetSECItem, r=mmc
--HG--
extra : rebase_source : 93b65e103c86747ddaf463e639aacffdf7ccb08f
extra : histedit_source : 10ef0ab13fb9de710ea3c589600db4632f9cf4a0
2014-05-02 11:52:10 -07:00
Brian Smith
d9ebffb937 Bug 1005208: Rename issuerKeyHash to keyHash in mozilla::pkix's pkixocsp.cpp, r=mmc
--HG--
extra : rebase_source : ede4ed17cb56e3e52325ecadc2c5ded33c4a6013
extra : histedit_source : b727000e81bbc8afa6b9f8188b97065f59da45ad
2014-05-02 10:40:03 -07:00
Brian Smith
02c940dedf Bug 1005198: Make it easy to create test certificates in GTest tests, r=keeler
--HG--
extra : rebase_source : 0b1ec263a5a1ce1856afb12f11ea4c35c2aa55d0
extra : histedit_source : 40a3a3fc1993de0fcdeb5593a1a1df4dc94832b8
2014-04-25 19:57:40 -07:00
ffxbld
c0633c3827 No bug, Automated HSTS preload list update from host bld-linux64-spot-043 - a=hsts-update 2014-05-03 03:18:44 -07:00
David Keeler
33497d228a bug 1004270 - use SQL cert/key DBs in PSM tests so we can run them on Android r=briansmith 2014-05-02 15:06:29 -07:00
Camilo Viecco
2114fc7458 Bug 951315 - Add telemetry to PK pinning. r=dkeeler 2014-04-30 17:04:00 -07:00
Monica Chew
2b01945b12 Bug 1002696 - Minimum set of changes to make genHPKPStaticPins.js productionizable. r=cviecco, dkeeler
--HG--
rename : security/manager/boot/src/PreloadedHPKPins.json => security/manager/tools/PreloadedHPKPins.json
rename : security/manager/boot/src/genHPKPStaticPins.js => security/manager/tools/genHPKPStaticPins.js
2014-05-01 14:48:37 -07:00
David Keeler
3bb0dcd8ba bug 982248 - NSSCertDBTrustDomain: specify timeout for OCSP requests r=briansmith 2014-05-01 15:07:55 -07:00
Brian Smith
92ef8d4244 Bug 1003290: Fix OID parser template type, r=keeler
--HG--
extra : rebase_source : c33e450b84234ae7471118c2f8749593a59d9298
2014-04-25 16:31:30 -07:00
Brian Smith
5f1d6946ed Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
2014-04-25 16:29:26 -07:00
Brian Smith
2ca0ebab0b Bug 1002929: Avoid implicit conversion of Result to boolean in mozilla::der::GeneralizedTime, r=keeler
--HG--
extra : rebase_source : 8966d41f1837611b83ac84b347aeddfade9bc949
2014-04-24 16:08:30 -07:00
Monica Chew
b93e188e37 Bug 998057: Add tests for certificate pinning (r=cviecco,dkeeler) 2014-04-30 20:11:35 -07:00
Monica Chew
17cd41868a Backed out changeset 9c8fbf297d51
Camilo did not land his patch that this depends on, my bad.
2014-04-30 20:01:34 -07:00
Monica Chew
2d85c28b2d Bug 998057: Add tests for certificate pinning (r=cviecco,dkeeler) 2014-04-30 19:56:03 -07:00
Monica Chew
94e6bf9ad7 Bug 998057: Add test pinset to the pin generator (r=cviecco)
--HG--
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.der => security/manager/boot/src/default-ee.der
2014-04-30 15:30:44 -07:00
Camilo Viecco
b3ac77c27f Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
--HG--
extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca
2014-02-05 14:49:10 -08:00
Richard Barnes
9e4f3258ed Bug 1003604 - Make nsNSSShutDownObject::isAlreadyShutDown() const. r=dkeeler 2014-04-29 17:45:00 +02:00
Rodrigo Rodriguez Jr.
f307a82a31 Bug 952650 (part 11) - Remove JSVAL_TO_INT. r=njn.
--HG--
extra : rebase_source : 41923458bbf8fd957c9a57685df4969f1190bd9f
2014-04-27 19:55:08 -07:00
Rodrigo Rodriguez Jr.
34da22f61e Bug 952650 (part 9) - Remove JSVAL_IS_INT. r=njn.
--HG--
extra : rebase_source : dc0c170914c2370c218cdbbe671d2a68628f5a87
2014-04-27 19:47:02 -07:00
Rodrigo Rodriguez Jr.
413ffc41d6 Bug 952650 (part 1) - Remove JSVAL_IS_NULL. r=terrence.
--HG--
extra : rebase_source : 83d1cdaf71260fd99b688c23303ceb2de7b00031
2014-04-27 19:30:51 -07:00
Wan-Teh Chang
90809cc516 Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 4. This disables
the new Intel AES assembly code on Windows. r=kaie.
2014-04-29 16:13:03 -07:00
Camilo Viecco
fe04ef65c2 Bug 744204 - Allow Key pining part 1 - Built-in Pinning Service. r=keeler 2013-06-20 10:35:43 -07:00
David Keeler
e37669ad7b bug 977865 - mozilla::pkix: add backoff for ocsp fetching when a responder fails r=cviecco 2014-04-28 16:38:15 -07:00
Brian Smith
231032479b Bug 998067: Add utility code for making it easier to create GTests based on NSS, r=keeler
--HG--
extra : rebase_source : 8ae08d1ccc9329aa567cfc7ac590ddb026155bae
2014-04-16 21:38:01 -07:00
Brian Smith
c402b1e960 Bug 1000544: Use "Fail(x, y)" instead of "PR_SetError(y, 0); return x;" more consistently, r=mmc
--HG--
extra : rebase_source : 96addac738b8ffe39c7a92d546388d5f13fc2340
2014-04-23 14:13:32 -07:00
Brian Smith
5f867b5e5d Bug 1000482: Remove unused stapledOCSPResponse parmaeter from BuildForwardInner, r=mmc, r=keeler
--HG--
extra : rebase_source : b5d67d3488aa3df5690a7dd2b76495ac4986a723
2014-04-23 13:42:38 -07:00
Brian Smith
5939fb33ef Bug 1000483: Remove unused isTrustAnchor parameter from CheckKeyUsage, r=cviecco
--HG--
extra : rebase_source : 96e7b76362d6219193c814d35c332aae2ed5b48f
2014-04-23 13:38:19 -07:00
Wan-Teh Chang
cdd31ecdf7 Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 3. The main change
is https://hg.mozilla.org/projects/nss/rev/7e8485a5ed49.
2014-04-27 20:39:24 -07:00
Birunthan Mohanathas
504b581650 Bug 900908 - Part 3: Change uses of numbered macros in nsIClassInfoImpl.h/nsISupportsImpl.h to the variadic variants. r=froydnj 2014-04-27 03:06:00 -04:00
Ryan VanderMeulen
7b427c4565 Merge m-c to inbound. 2014-04-26 21:41:26 -04:00
ffxbld
18f2d06933 No bug, Automated HSTS preload list update from host bld-linux64-spot-425 - a=hsts-update 2014-04-26 03:23:23 -07:00
Nathan Toone
15d86a0541 Bug 1001585 - Don't build tests directory if --disable-tests is specified. r=briansmith 2014-04-26 11:29:00 -04:00
Arpad Borsos
0ffd585a0c Bug 474369 - remove nsVoidArray includes; r=ehsan
--HG--
extra : rebase_source : dd3abeb623fd8b784fd6ba639c88def84a4daf58
2014-04-26 16:12:45 +02:00
Camilo Viecco
4515570905 Bug 915930 - Make mozilla::pkix the default certificate verifier for all (not just desktop) r=briansmith
--HG--
extra : rebase_source : 56402e60078298dc64cf5476afda7c95671a7092
2014-04-25 13:22:30 -07:00
Wan-Teh Chang
fa30218813 Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 2. 2014-04-25 06:06:01 -07:00
Honza Bambas
782f02bd55 Bug 999306 - Add 'allow-insecure-ntlm-v1' preference for the generic NTLM v1 authentication module, r=jduell 2014-04-24 18:50:46 +02:00
Stefan Arentz
c929461f38 Bug 968490: Add mozilla::pkix::der unit tests (r=cviecco) 2014-03-26 16:00:03 -07:00
Randell Jesup
c39b1723d8 Bug 996487: don't null out mThread while committing thread suicide r=bsmedberg 2014-04-22 15:32:13 -04:00
YFdyh000
7209169dc8 Bug 995528 - Certificate viewer describes not-valid-before date as issue date. r=honzab, ui-r=philipp 2014-04-21 10:58:04 -04:00
ffxbld
1a30be1a44 No bug, Automated HSTS preload list update from host bld-linux64-spot-454 - a=hsts-update 2014-04-19 03:14:16 -07:00
Randell Jesup
88cb135bdf Bug 988881: clean up CryptoTask (SignedJar) tasks instead of leaking them r=bsmedberg,mayhemer 2014-04-17 02:18:04 -04:00
Anuj Agarwal
0dc21bc644 Bug 897359 - Remove unimplemented popChallengeResponse, random, and disableRightClick methods. r=bz 2014-04-18 09:32:52 -04:00
David Keeler
284f933831 bug 991898 - mozilla::pkix: temporarily allow empty Extensions in OCSP responses r=briansmith 2014-04-17 16:01:18 -07:00
Camilo Viecco
55a077728c Bug 997795 - Cleanup decodings. r=dkeeler 2014-04-17 14:42:05 -07:00
Jed Davis
d000250ab1 Bug 997409 - Add set_thread_area to seccomp whitelist if available. r=kang 2014-04-17 16:23:23 -04:00
Camilo Viecco
47dd4351c0 Bug 992972 - Add sha256SubjectPublicKeyInfoDigest attribute to nsIX509Cert. sr=bsmith 2014-04-07 10:35:57 -07:00
David Keeler
63e2eca97a bug 997843 - mozilla::pkix::der::Input::Expect should take a uint16_t as its length argument r=briansmith 2014-04-17 09:50:06 -07:00
Patrick McManus
a142639b4a bug 993591 - PSM HTTP Fetch should own streamloader data r=dkeller r=mayhemmer 2014-04-09 17:48:17 -04:00
David Keeler
019398a53c bug 982774 - der::ExpectTagAndGetLength: check that input has enough capacity for the length described r=briansmith 2014-04-16 13:30:09 -07:00
David Keeler
5deb7798b1 bug 972753 - OCSP testing: delegated responses and including multiple certificates r=cviecco 2014-04-16 09:31:27 -07:00
Raymond Etornam Agbeame(:retornam)
699e03848f Bug 934676 - Remove unused variable 'extracted' in ClientAuthDataRunnable::RunOnTargetThread. r=keeler 2014-04-15 15:46:00 +02:00
Monica Chew
1b724bad01 Bug 991177: Disallow overrides for SEC_ERROR_CA_CERT_INVALID (r=keeler) 2014-04-15 15:35:41 -07:00
Kyle Huey
c8e649664b Bug 991812: Remove uses of AtomicRefCounted<T> that live in Gecko. r=ehsan
--HG--
extra : rebase_source : 0d14e02c64d548fd3177681248d722683aaa87c3
2014-04-14 12:04:25 -07:00
David Keeler
9b13a83b9e bug 994932 - fix error checking in GetOCSPResponseForType r=retornam 2014-04-15 14:21:08 -07:00
Jed Davis
528a483b60 Bug 981949 - Whitelist ftruncate for seccomp-bpf sandboxing. r=kang 2014-04-11 13:09:00 +02:00
Bobby Holley
a81ce7e83c Bug 989528 - Rename AutoSystemCaller to AutoNoJSAPI, and assert against pre-existing exceptions. r=bz 2014-04-14 20:27:00 -07:00
Ryan VanderMeulen
98cf3141ca Backed out changesets ddbac34527fe and fa82f32d0c39 (bug 991812) for B2G bustage.
CLOSED TREE
2014-04-14 16:16:18 -04:00
Kyle Huey
3fb3aae2f9 Bug 991812: Remove uses of AtomicRefCounted<T> that live in Gecko. r=ehsan 2014-04-14 12:04:25 -07:00
Ryan VanderMeulen
f6ce616a14 Merge m-c to inbound on a CLOSED TREE. 2014-04-13 22:52:50 -04:00
ffxbld
2c156df92e No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update 2014-04-12 03:21:26 -07:00
Mike Kaply
a707c6fd1c Bug #993846 - Add missing stringbundle, r=kaie 2014-04-11 10:07:02 -05:00
David Keeler
af54147666 bug 993186 - improve test_cert_eku generator r=cviecco 2014-04-09 11:04:00 -07:00
Jed Davis
58a72fe315 Bug 993145 - Skip attempting seccomp sandboxing if seccomp unavailable. r=kang 2014-04-09 15:23:00 +02:00
Bob Owen
6fdbe1f12a Bug 928062 - Set Windows sandbox delayed integrity level to INTEGRITY_LEVEL_LOW. r=aklotz 2014-04-08 16:25:18 +01:00
Boris Zbarsky
44e75b0cc9 Bug 995047 followup. Fix a caller that I missed because it's only compiled on some platforms, so we can reopen the CLOSED TREE 2014-04-12 00:38:06 -04:00