Commit Graph

2165 Commits

Author SHA1 Message Date
Brian Smith
450a20ba54 Bug 1031542: Add test case for key usage without any value bits, r=keeler
--HG--
extra : rebase_source : 25bdc0db6b042fe6fbba61b80cb8a4ac7cb588eb
2014-06-27 15:21:48 -07:00
Brian Smith
2bd47f2cb9 Bug 975229: Remove NSS-based certificate verification, r=keeler
--HG--
extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9
2014-06-16 23:13:29 -07:00
Brian Smith
c214d0f55e Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
2014-06-20 10:10:51 -07:00
David Keeler
4e568fe551 bug 1028178 - re-add nsICertificateDialogs to nsNSSDialogs' NS_IMPL_ISUPPORTS declaration r=briansmith 2014-06-20 09:38:08 -07:00
David Keeler
6dc7ca62d1 bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith 2014-06-20 09:01:57 -07:00
Cykesiopka
40f95d5437 Bug 972702 - Make Cert Viewer details tab content resizable. r=keeler 2014-05-27 20:58:00 +02:00
Camilo Viecco
2883e1d4ea Bug 1016442 - Make mozilla cdn sites production on built-in list. r=mmc
--HG--
extra : rebase_source : 5d937b61ab86c974210dcc83735cd4308bff018e
2014-05-27 10:53:40 -07:00
Ryan VanderMeulen
9460f40816 Backed out changeset d5da62e82faf (bug 995801) for test_browserElement_oop_SecurityChange.html failures.
CLOSED TREE
2014-05-27 14:27:40 -04:00
David Keeler
bacc5f19c7 bug 995801 - cache nsNSSCertificate::mCachedEVStatus on disk r=mayhemer 2014-01-10 11:13:03 -08:00
Richard Barnes
cf739d773c Bug 998803 - Add support for RSA encryption and signing to WebCrypto API. r=bz,dkeeler 2014-05-23 15:29:00 +02:00
ffxbld
1b5b7ecfd1 No bug, Automated HSTS preload list update from host bld-linux64-spot-1068 - a=hsts-update 2014-05-24 03:14:12 -07:00
Monica Chew
c21cc7a85f Bug 1004351: Enable production mode for twitter pins (r=keeler) 2014-05-22 15:11:07 -07:00
Monica Chew
f87b89298d Bug 1014344: Use Google's root pems in addition to their intermediate certs (r=keeler) 2014-05-22 15:09:45 -07:00
Wan-Teh Chang
c88fddaa3c Bug 1009794: Update NSS to NSS_3_16_2_BETA2, which also includes fixes
for bug 999893, bug 1011090, bug 1009785, bug 421391, and bug 1011229.
2014-05-22 12:31:09 -07:00
Cykesiopka
17e952b63e Bug 622332 - Show cert SHA-256 fingerprint and remove MD5 fingerprint. r=keeler 2014-05-22 00:52:00 +02:00
Birunthan Mohanathas
76ca8ec617 Bug 869836 - Part 7: Use AppendLiteral instead of Append where possible. r=ehsan 2014-05-22 06:48:51 +03:00
Birunthan Mohanathas
c4568a7085 Bug 869836 - Part 6: Use EqualsLiteral instead of Equals where possible. r=ehsan 2014-05-22 06:48:51 +03:00
Birunthan Mohanathas
807e72372f Bug 869836 - Part 4: Use EqualsLiteral instead of Equals(NS_LITERAL_STRING(...)). r=ehsan 2014-05-22 06:48:51 +03:00
Birunthan Mohanathas
411a8639b4 Bug 869836 - Part 3: Use Append('c') instead of AppendLiteral("c"). r=ehsan 2014-05-22 06:48:51 +03:00
Birunthan Mohanathas
62570a8716 Bug 869836 - Part 2: Use AppendLiteral instead of Append(NS_LITERAL_STRING(...)). r=ehsan 2014-05-22 06:48:50 +03:00
Camilo Viecco
a87a54bcc1 Bug 1010594 - Part 2/2 tests - r=keeler
--HG--
extra : rebase_source : 4ca9623b815544edc58308544fa85b192c2f31f3
2014-05-19 13:26:23 -07:00
Camilo Viecco
1eac4f4b6c Bug 1010594 - Part 1/2 OCSP url check - r=briansmith
--HG--
extra : rebase_source : 0b26339d33db90722401ae1d8ac255d0390aea30
2014-05-16 13:53:14 -07:00
Camilo Viecco
4eff7cf088 Bug 1009635 - PreloadedHPKP.json should also contain production/exclusion lists. r=keeler
--HG--
extra : rebase_source : 46c13e490358f26b21191d6d783d795897ceea63
2014-05-15 08:04:54 -07:00
Richard Barnes
7b6d82be69 Bug 995385 - Ensure that NSS is initialzed for CryptoTasks. r=dkeeler 2014-05-16 15:47:00 -04:00
Bob Owen
2c9a59f64a Bug 1009452 - inherit stdout and stderr into the content process to allow logging. r=aklotz 2014-05-14 16:09:31 +01:00
Jed Davis
c7dae997a6 Bug 920372 - Fix socketcall whitelisting on i386. r=kang 2014-05-20 18:38:14 -07:00
Jed Davis
1523066770 Bug 920372 - Allow tgkill only for threads of the calling process itself. r=kang 2014-05-20 18:38:06 -07:00
Jed Davis
3a308504da Bug 920372 - Use Chromium seccomp-bpf compiler to dynamically build sandbox program. r=kang 2014-05-20 18:37:53 -07:00
Jed Davis
3b103d307f Bug 920372 - Import Chromium seccomp-bpf compiler, rev 4c08f442d2588a2c7cfaa117a55bd87d2ac32f9a. r=kang
Newly imported:
* sandbox/linux/seccomp-bpf/
* sandbox/linux/sandbox_export.h
* base/posix/eintr_wrapper.h

Updated:
* base/basictypes.h
* base/macros.h

At the time of this writing (see future patches for this bug) the only
things we're using from sandbox/linux/seccomp-bpf/ are codegen.cc and
basicblock.cc, and the header files they require.  However, we may use
more of this code in the future, and it seems cleaner in general to
import the entire subtree.
2014-05-20 18:37:45 -07:00
Monica Chew
b35189dfe7 Bug 1013504: Introduce error file for genHPKPStaticPins.js (r=keeler) 2014-05-20 13:25:02 -07:00
Richard Barnes
ae11832c51 Bug 1005375 - Add an API that allows CryptoTasks to be created without being dispatched 2014-05-03 08:50:00 +02:00
Chris Peterson
7429b133b7 Bug 1007708 - Part 1: Fix warnings in security/pkix/test/ and mark as FAIL_ON_WARNINGS. r=briansmith 2014-05-17 20:12:10 -07:00
Monica Chew
1d542c52b2 Bug 1011269: Forgot to qref to pick up keeler's changes (r=keeler) 2014-05-19 13:24:41 -07:00
Monica Chew
8bc2f051f9 Bug 1011269: Add CertVerifier::pinningEnforceTestMode (r=keeler) 2014-05-19 13:04:40 -07:00
David Keeler
0c382cbab9 bug 986150 - fix some comments in mozilla::pkix DER tests r=mmc 2014-05-19 12:14:51 -07:00
David Keeler
b0685b996f bug 986150 - test mozilla::pkix::der::OptionalBoolean r=mmc 2014-05-19 12:14:44 -07:00
David Keeler
7490c005ac bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith 2014-05-14 10:05:32 -07:00
David Keeler
ca14d7c987 bug 1002814 - retry PK11_GenerateKeyPair when it fails non-fatally r=briansmith 2014-05-19 11:13:04 -07:00
Marco Castelluccio
98f16ffbdc Bug 972201 - Remove the MOZ_B2G_CERTDATA hack. r=briansmith 2014-05-18 15:42:42 +02:00
ffxbld
7253546a17 No bug, Automated HSTS preload list update from host bld-linux64-spot-358 - a=hsts-update 2014-05-17 03:15:04 -07:00
Brian Smith
ed25ac818b Bug 1010634, Part 1: Fix compiler warnings in certverifier, r=cviecco
--HG--
extra : rebase_source : f8d925f042040368b038b62bc1d0c9d4d6d04618
2014-05-14 17:46:32 -07:00
Brian Smith
b3711e99df Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
2014-05-15 18:59:52 -07:00
Brian Smith
fcba6f8814 Bug 1010581: Document Expect/Match/Skip terminology in mozilla::pkix::der and make that code more consistent, r=keeler
--HG--
extra : rebase_source : 12aa2e1e9eed4f32a75732a65cbfaba9789d5d39
2014-05-14 19:30:09 -07:00
Brian Smith
e1de62ff87 Bug 1006041: Use mozilla::pkix::der for decoding the extended key usage extension, r=keeler
--HG--
extra : rebase_source : b4b62f117d653784eb6ad058554faf520a1bd90b
2014-05-14 01:02:34 -07:00
Brian Smith
dd25f656a6 Bug 989564, Part 2: Remove CERTCertificate dependency from CheckBasicConstraints, r=keeler
--HG--
extra : rebase_source : c0ce62f44109cbcdf65da770a1154814733a6b49
2014-04-25 20:27:27 -07:00
Brian Smith
8a6f85b521 Bug 989564, Part 1: Decode basic constraints extension using mozilla::pkix::der, r=keeler
--HG--
extra : rebase_source : 89560218a69596868cb8a93c69ee72656b0abf77
2014-05-05 09:55:57 -07:00
Monica Chew
a1ab4d859d Bug 1007844: Implement per-host telemetry for pin violations for AMO and aus4 (r=keeler) 2014-05-15 16:56:51 -07:00
Monica Chew
f023ce771c Bug 1006594: Implement moz-specific telemetry (r=keeler) 2014-05-14 16:36:46 -07:00
David Keeler
34bae7a5a0 backout dfc04fd0a41f (bug 1002814) for gtest breakage 2014-05-14 11:08:20 -07:00
David Keeler
099169f359 bug 1005266 - disable strict timeout checking in test_ocsp_timeout.js on WinXP because of frequent failures r=mmc 2014-05-14 09:57:10 -07:00
David Keeler
bfe37e0d32 bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith 2014-05-14 10:05:32 -07:00
Patrick McManus
033d5fc4e8 bug 1006804 - psm interface for kea size and make kea available in preliminary handshake r=keeler r=honzab 2014-05-06 17:22:25 -04:00
Gervase Markham
4ce70c195e Bug 1007195 - Change licensing on mozilla::pkix to dual Apache 2/MPL 2. r=briansmith. 2014-05-14 14:37:25 +01:00
Monica Chew
9eb1c9c9de Bug 1009720: Telemetry for CERT_PINNING_TEST_RESULTS (r=keeler) 2014-05-13 13:50:13 -07:00
David Keeler
c441103da0 bug 1005355 - look for PSM test binaries in /data/local/xpcb/ on Android/B2G r=mmc 2014-05-12 14:38:00 -07:00
Monica Chew
d1eb9b420d Bug 772756: Implement sha1 support, import Chrome's pinsets wholesale, add test mode (r=cviecco,keeler) 2014-05-08 17:18:50 -07:00
Carsten "Tomcat" Book
ce3573f668 Merge mozilla-central to mozilla-inbound 2014-05-12 13:48:01 +02:00
Carsten "Tomcat" Book
97853c8221 merge mozilla-inbound to mozilla-central 2014-05-12 13:33:19 +02:00
ffxbld
59e3b8e3f4 No bug, Automated HSTS preload list update from host bld-linux64-spot-382 - a=hsts-update 2014-05-10 03:26:08 -07:00
Jacek Caban
37b0fcfa8d Bug 1005309 - Fixed MSVC detection.
--HG--
extra : rebase_source : 0b61de1270eb861234539de675c2d381e217f55c
2014-05-12 11:01:22 +02:00
David Keeler
0d13727d61 bug 1005266 - specify a timeout for the socket in test_ocsp_timeout.js r=mmc 2014-05-09 15:17:43 -07:00
Camilo Viecco
b1148150bc Bug 1007986 - Remove 1024 bit roots from mozilla pin list. r=mmc 2014-05-09 10:58:47 -07:00
David Keeler
92b21afdff bug 1007962 - CreateEncodedCertificate should take a SECItem as its serialNumber argument r=mmc 2014-05-08 15:33:38 -07:00
David Keeler
a4528a1530 bug 1007813 - match CreateEncodedCertificate declaration to its definition r=mmc 2014-05-08 11:51:50 -07:00
Wan-Teh Chang
6a62d32e50 Bug 979703: Update NSS to NSS_3_16_2_BETA1.
Fix bugs in intel-gcm-x86-masm.asm and re-enable the
Intel AES assembly code. (The fix is by Shay Gueron of Intel.)
Remove an unnecessary loop in intel-gcm-x64-masm.asm r=agl.
2014-05-08 14:28:47 -07:00
Monica Chew
a203d88ce4 Bug 1000354: Fix comment and make test clearer (r=keeler) 2014-05-07 15:48:23 -07:00
Bobby Holley
5c9d904093 Bug 997987 - Remove usage of nsIScriptSecurityManager::GetSubjectPrincipal. r=Ms2ger 2014-05-06 15:43:03 -07:00
Jed Davis
52cd05523d Bug 1004832 - Add tgkill to seccomp-bpf whitelist. r=kang 2014-05-02 16:57:00 +02:00
Camilo Viecco
ae2571aa01 Bug 1006107 - Disable pining by default, setup pinning for *.addons.mozilla.org. r=dkeeler
--HG--
extra : rebase_source : 93b1dbd5dc31490424060729a3941deffa8ee1d5
2014-05-05 13:59:32 -07:00
Wan-Teh Chang
958625bc6e Bug 993569: Update to NSS 3.16.1 and NSPR 4.10.5. r=kaie. 2014-05-05 13:51:39 -07:00
Monica Chew
b049aa3cac Bug 1005364: Disable pinning for all mozilla properties (r=keeler) 2014-05-04 15:36:38 -07:00
Brian Smith
a97bc4147c Bug 1005667: Fix build warning due to buggy test code in pkixtestutil.cpp, r=dholbert 2014-05-04 11:04:48 -07:00
Brian Smith
163631e898 Bug 1005309, Part 2: Enable extended compiler warnings (-W4 -Wall) in mozilla::pkix, r=mmc
--HG--
extra : rebase_source : 033574a0b26582753baec003becfaf15bbd85003
extra : histedit_source : 2d52c47f92b8f694203c2eb580b37be78ccf2f9c
2014-05-03 17:50:26 -07:00
Brian Smith
8da948d67f Bug 1005309, Part 1: Improve type conversion and error checking for hashing done in mozilla::pkix's pkixocsp.cpp. r=mmc
--HG--
extra : rebase_source : 79c248ebc45d722249ae7adbbd2527dc9985f6f0
extra : histedit_source : 8ea66942cec4252d9d7e625da22b5ad9964485a1
2014-05-02 11:53:06 -07:00
Brian Smith
2cad23bbfd Bug 1005256: Improve parameter validation in mozilla::pkix::der::Input::GetSECItem, r=mmc
--HG--
extra : rebase_source : 93b65e103c86747ddaf463e639aacffdf7ccb08f
extra : histedit_source : 10ef0ab13fb9de710ea3c589600db4632f9cf4a0
2014-05-02 11:52:10 -07:00
Brian Smith
b6d4008ea4 Bug 1005208: Rename issuerKeyHash to keyHash in mozilla::pkix's pkixocsp.cpp, r=mmc
--HG--
extra : rebase_source : ede4ed17cb56e3e52325ecadc2c5ded33c4a6013
extra : histedit_source : b727000e81bbc8afa6b9f8188b97065f59da45ad
2014-05-02 10:40:03 -07:00
Brian Smith
46d3a85aea Bug 1005198: Make it easy to create test certificates in GTest tests, r=keeler
--HG--
extra : rebase_source : 0b1ec263a5a1ce1856afb12f11ea4c35c2aa55d0
extra : histedit_source : 40a3a3fc1993de0fcdeb5593a1a1df4dc94832b8
2014-04-25 19:57:40 -07:00
ffxbld
b43b9dd445 No bug, Automated HSTS preload list update from host bld-linux64-spot-043 - a=hsts-update 2014-05-03 03:18:44 -07:00
David Keeler
e771a7d73d bug 1004270 - use SQL cert/key DBs in PSM tests so we can run them on Android r=briansmith 2014-05-02 15:06:29 -07:00
Camilo Viecco
3b227aa061 Bug 951315 - Add telemetry to PK pinning. r=dkeeler 2014-04-30 17:04:00 -07:00
Monica Chew
92fa29b307 Bug 1002696 - Minimum set of changes to make genHPKPStaticPins.js productionizable. r=cviecco, dkeeler
--HG--
rename : security/manager/boot/src/PreloadedHPKPins.json => security/manager/tools/PreloadedHPKPins.json
rename : security/manager/boot/src/genHPKPStaticPins.js => security/manager/tools/genHPKPStaticPins.js
2014-05-01 14:48:37 -07:00
David Keeler
6c916db011 bug 982248 - NSSCertDBTrustDomain: specify timeout for OCSP requests r=briansmith 2014-05-01 15:07:55 -07:00
Brian Smith
cb05abe1d6 Bug 1003290: Fix OID parser template type, r=keeler
--HG--
extra : rebase_source : c33e450b84234ae7471118c2f8749593a59d9298
2014-04-25 16:31:30 -07:00
Brian Smith
6b71be8400 Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
2014-04-25 16:29:26 -07:00
Brian Smith
80e8f86c33 Bug 1002929: Avoid implicit conversion of Result to boolean in mozilla::der::GeneralizedTime, r=keeler
--HG--
extra : rebase_source : 8966d41f1837611b83ac84b347aeddfade9bc949
2014-04-24 16:08:30 -07:00
Monica Chew
b06faaca65 Bug 998057: Add tests for certificate pinning (r=cviecco,dkeeler) 2014-04-30 20:11:35 -07:00
Monica Chew
a950040c90 Backed out changeset 9c8fbf297d51
Camilo did not land his patch that this depends on, my bad.
2014-04-30 20:01:34 -07:00
Monica Chew
628c03d585 Bug 998057: Add tests for certificate pinning (r=cviecco,dkeeler) 2014-04-30 19:56:03 -07:00
Monica Chew
625b9449b2 Bug 998057: Add test pinset to the pin generator (r=cviecco)
--HG--
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.der => security/manager/boot/src/default-ee.der
2014-04-30 15:30:44 -07:00
Camilo Viecco
06f960a801 Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
--HG--
extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca
2014-02-05 14:49:10 -08:00
Richard Barnes
39fa6a3803 Bug 1003604 - Make nsNSSShutDownObject::isAlreadyShutDown() const. r=dkeeler 2014-04-29 17:45:00 +02:00
Rodrigo Rodriguez Jr.
bc17528767 Bug 952650 (part 11) - Remove JSVAL_TO_INT. r=njn.
--HG--
extra : rebase_source : 41923458bbf8fd957c9a57685df4969f1190bd9f
2014-04-27 19:55:08 -07:00
Rodrigo Rodriguez Jr.
1b9dfa0db1 Bug 952650 (part 9) - Remove JSVAL_IS_INT. r=njn.
--HG--
extra : rebase_source : dc0c170914c2370c218cdbbe671d2a68628f5a87
2014-04-27 19:47:02 -07:00
Rodrigo Rodriguez Jr.
5b7e66980d Bug 952650 (part 1) - Remove JSVAL_IS_NULL. r=terrence.
--HG--
extra : rebase_source : 83d1cdaf71260fd99b688c23303ceb2de7b00031
2014-04-27 19:30:51 -07:00
Wan-Teh Chang
e809100c4e Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 4. This disables
the new Intel AES assembly code on Windows. r=kaie.
2014-04-29 16:13:03 -07:00
Camilo Viecco
08d3905de0 Bug 744204 - Allow Key pining part 1 - Built-in Pinning Service. r=keeler 2013-06-20 10:35:43 -07:00
David Keeler
2a77846f27 bug 977865 - mozilla::pkix: add backoff for ocsp fetching when a responder fails r=cviecco 2014-04-28 16:38:15 -07:00
Brian Smith
c587f858f4 Bug 998067: Add utility code for making it easier to create GTests based on NSS, r=keeler
--HG--
extra : rebase_source : 8ae08d1ccc9329aa567cfc7ac590ddb026155bae
2014-04-16 21:38:01 -07:00
Brian Smith
2c23644423 Bug 1000544: Use "Fail(x, y)" instead of "PR_SetError(y, 0); return x;" more consistently, r=mmc
--HG--
extra : rebase_source : 96addac738b8ffe39c7a92d546388d5f13fc2340
2014-04-23 14:13:32 -07:00
Brian Smith
8d2dfeb6e2 Bug 1000482: Remove unused stapledOCSPResponse parmaeter from BuildForwardInner, r=mmc, r=keeler
--HG--
extra : rebase_source : b5d67d3488aa3df5690a7dd2b76495ac4986a723
2014-04-23 13:42:38 -07:00
Brian Smith
717e7f71a1 Bug 1000483: Remove unused isTrustAnchor parameter from CheckKeyUsage, r=cviecco
--HG--
extra : rebase_source : 96e7b76362d6219193c814d35c332aae2ed5b48f
2014-04-23 13:38:19 -07:00
Wan-Teh Chang
6b1f295425 Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 3. The main change
is https://hg.mozilla.org/projects/nss/rev/7e8485a5ed49.
2014-04-27 20:39:24 -07:00
Birunthan Mohanathas
ff8ce9bd42 Bug 900908 - Part 3: Change uses of numbered macros in nsIClassInfoImpl.h/nsISupportsImpl.h to the variadic variants. r=froydnj 2014-04-27 03:06:00 -04:00
Ryan VanderMeulen
de681ea4fc Merge m-c to inbound. 2014-04-26 21:41:26 -04:00
ffxbld
3daca64876 No bug, Automated HSTS preload list update from host bld-linux64-spot-425 - a=hsts-update 2014-04-26 03:23:23 -07:00
Nathan Toone
d67b9ae3a0 Bug 1001585 - Don't build tests directory if --disable-tests is specified. r=briansmith 2014-04-26 11:29:00 -04:00
Arpad Borsos
e19fb46166 Bug 474369 - remove nsVoidArray includes; r=ehsan
--HG--
extra : rebase_source : dd3abeb623fd8b784fd6ba639c88def84a4daf58
2014-04-26 16:12:45 +02:00
Camilo Viecco
71d731b4d8 Bug 915930 - Make mozilla::pkix the default certificate verifier for all (not just desktop) r=briansmith
--HG--
extra : rebase_source : 56402e60078298dc64cf5476afda7c95671a7092
2014-04-25 13:22:30 -07:00
Wan-Teh Chang
e6781c8c31 Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 2. 2014-04-25 06:06:01 -07:00
Honza Bambas
605c3001ad Bug 999306 - Add 'allow-insecure-ntlm-v1' preference for the generic NTLM v1 authentication module, r=jduell 2014-04-24 18:50:46 +02:00
Stefan Arentz
54d22813e9 Bug 968490: Add mozilla::pkix::der unit tests (r=cviecco) 2014-03-26 16:00:03 -07:00
Randell Jesup
1f9314c7a8 Bug 996487: don't null out mThread while committing thread suicide r=bsmedberg 2014-04-22 15:32:13 -04:00
YFdyh000
686ab7c5e8 Bug 995528 - Certificate viewer describes not-valid-before date as issue date. r=honzab, ui-r=philipp 2014-04-21 10:58:04 -04:00
ffxbld
1ff1ed65cc No bug, Automated HSTS preload list update from host bld-linux64-spot-454 - a=hsts-update 2014-04-19 03:14:16 -07:00
Randell Jesup
45132d9932 Bug 988881: clean up CryptoTask (SignedJar) tasks instead of leaking them r=bsmedberg,mayhemer 2014-04-17 02:18:04 -04:00
Anuj Agarwal
b57b4cf0d1 Bug 897359 - Remove unimplemented popChallengeResponse, random, and disableRightClick methods. r=bz 2014-04-18 09:32:52 -04:00
David Keeler
2e3bd0056f bug 991898 - mozilla::pkix: temporarily allow empty Extensions in OCSP responses r=briansmith 2014-04-17 16:01:18 -07:00
Camilo Viecco
2a380c2fee Bug 997795 - Cleanup decodings. r=dkeeler 2014-04-17 14:42:05 -07:00
Jed Davis
a52d5f0783 Bug 997409 - Add set_thread_area to seccomp whitelist if available. r=kang 2014-04-17 16:23:23 -04:00
Camilo Viecco
e70e998770 Bug 992972 - Add sha256SubjectPublicKeyInfoDigest attribute to nsIX509Cert. sr=bsmith 2014-04-07 10:35:57 -07:00
David Keeler
267f36c29e bug 997843 - mozilla::pkix::der::Input::Expect should take a uint16_t as its length argument r=briansmith 2014-04-17 09:50:06 -07:00
Patrick McManus
edc73bcc7b bug 993591 - PSM HTTP Fetch should own streamloader data r=dkeller r=mayhemmer 2014-04-09 17:48:17 -04:00
David Keeler
7ce7130265 bug 982774 - der::ExpectTagAndGetLength: check that input has enough capacity for the length described r=briansmith 2014-04-16 13:30:09 -07:00
David Keeler
47abc69838 bug 972753 - OCSP testing: delegated responses and including multiple certificates r=cviecco 2014-04-16 09:31:27 -07:00
Raymond Etornam Agbeame(:retornam)
7f95bd8328 Bug 934676 - Remove unused variable 'extracted' in ClientAuthDataRunnable::RunOnTargetThread. r=keeler 2014-04-15 15:46:00 +02:00
Monica Chew
d98ff86e6e Bug 991177: Disallow overrides for SEC_ERROR_CA_CERT_INVALID (r=keeler) 2014-04-15 15:35:41 -07:00
Kyle Huey
b6957123df Bug 991812: Remove uses of AtomicRefCounted<T> that live in Gecko. r=ehsan
--HG--
extra : rebase_source : 0d14e02c64d548fd3177681248d722683aaa87c3
2014-04-14 12:04:25 -07:00
David Keeler
c0e2e8d723 bug 994932 - fix error checking in GetOCSPResponseForType r=retornam 2014-04-15 14:21:08 -07:00
Jed Davis
738f39b679 Bug 981949 - Whitelist ftruncate for seccomp-bpf sandboxing. r=kang 2014-04-11 13:09:00 +02:00
Bobby Holley
f223b1107f Bug 989528 - Rename AutoSystemCaller to AutoNoJSAPI, and assert against pre-existing exceptions. r=bz 2014-04-14 20:27:00 -07:00
Ryan VanderMeulen
601b02224e Backed out changesets ddbac34527fe and fa82f32d0c39 (bug 991812) for B2G bustage.
CLOSED TREE
2014-04-14 16:16:18 -04:00
Kyle Huey
acd8c16b76 Bug 991812: Remove uses of AtomicRefCounted<T> that live in Gecko. r=ehsan 2014-04-14 12:04:25 -07:00
Ryan VanderMeulen
be657e134d Merge m-c to inbound on a CLOSED TREE. 2014-04-13 22:52:50 -04:00
ffxbld
783ee9d2ef No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update 2014-04-12 03:21:26 -07:00
Mike Kaply
535e1a8665 Bug #993846 - Add missing stringbundle, r=kaie 2014-04-11 10:07:02 -05:00
David Keeler
f0c23bbc7e bug 993186 - improve test_cert_eku generator r=cviecco 2014-04-09 11:04:00 -07:00
Jed Davis
f8ce2f4279 Bug 993145 - Skip attempting seccomp sandboxing if seccomp unavailable. r=kang 2014-04-09 15:23:00 +02:00
Bob Owen
f5a4bd97f2 Bug 928062 - Set Windows sandbox delayed integrity level to INTEGRITY_LEVEL_LOW. r=aklotz 2014-04-08 16:25:18 +01:00
Boris Zbarsky
46967823f5 Bug 995047 followup. Fix a caller that I missed because it's only compiled on some platforms, so we can reopen the CLOSED TREE 2014-04-12 00:38:06 -04:00
David Keeler
ae21952cdd bug 991209 - mozilla::pkix: allow non-end-entity certs to have OCSP signing EKU r=briansmith 2014-04-10 10:15:02 -07:00
Boris Zbarsky
35fca5eeeb Bug 991742 part 8. Remove the "aScope" argument of WebIDL/nsWrapperCache WrapObject() methods. r=bholley
This patch was mostly generated with the following command:

find . -name "*.h" -o -name "*.cpp" | xargs sed -e '/WrapObject(JSContext/ {; N; s/\(WrapObject(JSContext *\* *a\{0,1\}[Cc]x\),\n\{0,1\} *JS::Handle<JSObject\*> a\{0,1\}[sS]cope/\1/ ; }' -i ""

and then reverting the changes that made to
dom/bindings/BindingUtils.h, since those WrapObject methods are not
the ones we're trying to change here, plus a bunch of manual fixups
for cases that this command did not catch (including all the callsites
of WrapObject()).
2014-04-08 18:27:18 -04:00
Boris Zbarsky
56f44fdf10 Bug 991742 part 6. Remove the "aScope" argument of binding Wrap() methods. r=bholley
This patch was mostly generated with this command:

find . -name "*.h" -o -name "*.cpp" | xargs sed -e 's/Binding::Wrap(aCx, aScope, this/Binding::Wrap(aCx, this/' -e 's/Binding_workers::Wrap(aCx, aScope, this/Binding_workers::Wrap(aCx, this/' -e 's/Binding::Wrap(cx, scope, this/Binding::Wrap(cx, this/' -i ""

plus a few manual fixes to dom/bindings/Codegen.py, js/xpconnect/src/event_impl_gen.py, and a few C++ files that were not caught in the search-and-replace above.
2014-04-08 18:27:17 -04:00
Camilo Viecco
2f343b217f Bug 993569 - Update Mozilla 31 to use NSS 3.16.1. (beta1) r=kaie 2014-04-08 11:38:37 -07:00
Michael Shuen
85908d62ba Bug 984608 - SECKEY_EncodeDERSubjectPublicKeyInfo and PK11_DEREncodePublicKey take non-const SECKEYPublicKey*. r=briansmith 2014-04-08 11:27:31 -07:00
David Keeler
2f779bc64a bug 990603 - test override for server certificate with basic constraints: CA=true r=briansmith 2014-04-08 09:51:45 -07:00
David Keeler
179fc74542 bug 990603 - mozilla::pkix: defer reporting end-entity cert errors until after path building r=briansmith 2014-04-08 09:49:36 -07:00
Peter Van der Beken
a12d286723 Bug 984497 - Use SpecialPowers more and change SpecialPower usage to deal with Window on WebIDL bindings. r=bz.
--HG--
rename : content/media/webspeech/synth/test/test_setup.html => content/media/webspeech/synth/test/file_setup.html
rename : content/media/webspeech/synth/test/test_speech_queue.html => content/media/webspeech/synth/test/file_speech_queue.html
rename : content/media/webspeech/synth/test/test_speech_simple.html => content/media/webspeech/synth/test/file_speech_simple.html
extra : rebase_source : 687daf9d78e69fe6ae21f7c1a26503cf88a18b97
2014-02-15 22:12:34 +01:00
Peter Van der Beken
7741df1efa Back out 75c95dac7fe0 (bug 984497) and f1b0d3d13755 (bug 990475) to fix bustage on a CLOSED TREE.
--HG--
extra : rebase_source : a63315cd428faeb95464f6ad76946d1c0c6d36c3
2014-04-07 22:18:53 +02:00
Peter Van der Beken
8cf720bdb0 Bug 984497 - Use SpecialPowers more and change SpecialPower usage to deal with Window on WebIDL bindings. r=bz.
--HG--
rename : content/media/webspeech/synth/test/test_setup.html => content/media/webspeech/synth/test/file_setup.html
rename : content/media/webspeech/synth/test/test_speech_queue.html => content/media/webspeech/synth/test/file_speech_queue.html
rename : content/media/webspeech/synth/test/test_speech_simple.html => content/media/webspeech/synth/test/file_speech_simple.html
extra : rebase_source : 3662ae8b0f35fefb250c9cd048e848d662863855
2014-02-15 22:12:34 +01:00
Shu-yu Guo
f236a45566 Bug 989509 - Part 3: security/ (r=cviecco,dkeeler) 2014-04-03 19:29:40 -07:00
Camilo Viecco
02c29dd580 Bug 987816 - Part 2/3. Update tests to match un-regressed behaviour. r=dkeeler
--HG--
extra : rebase_source : 7bccc66831f56cede353ec33275449b7bf2560b1
2014-03-31 09:10:13 -07:00
Camilo Viecco
2011f0e31a Bug 987816 - Part 2/3. Test verifying certificateUsageVerifyCA can return OK. r= dkeeler
--HG--
extra : rebase_source : 8e3f50d58c3c61e0fc843a053370f74d9adac8c0
2014-03-31 09:10:11 -07:00
Camilo Viecco
0905fe7590 Bug 987816 - Part 1/3. Allow verifying with certificateUsageVerifyCA. r=dkeeler
--HG--
extra : rebase_source : 7530839c9c02d56936e322f897de96d80a60a18f
2014-03-28 10:21:30 -07:00
Jon Coppeard
bb2e7cbea1 Bug 959787 - Handlify JS_ExecuteScript and JS::Evaluate APIs r=terrence r=bz 2014-04-01 11:34:39 +01:00
Mike Hommey
edf4794405 Bug 988168 - Better integrate gtest libxul in the build system. r=mshal. DONTBUILD
--HG--
rename : toolkit/library/Makefile.in => toolkit/library/libxul.mk
rename : toolkit/library/moz.build => toolkit/library/libxul.mozbuild
2014-03-31 13:21:38 +02:00
Mike Hommey
3dbd6f1f57 Backed out changeset 561b9329d832 (bug 988168) for wrong attribution. 2014-04-01 13:17:50 +09:00
Jacek Caban
258449c186 Bug 988168 - Better integrate gtest libxul in the build system. r=mshal
--HG--
rename : toolkit/library/Makefile.in => toolkit/library/libxul.mk
rename : toolkit/library/moz.build => toolkit/library/libxul.mozbuild
2014-03-31 13:21:38 +02:00
Geoff Brown
4ba9807bcb Bug 967704 - Skip a few more tests on Android 2.3 2014-03-31 21:30:07 -06:00
David Keeler
bda5e2835b bug 989516 - mozilla::pkix: temporarily allow improper basicConstraint:cA encodings r=cviecco 2014-03-31 11:06:43 -07:00
David Keeler
1af2e5556c bug 987295 - mozilla::pkix: test ocsp extension decoding r=cviecco 2014-03-31 10:54:53 -07:00
David Keeler
f73aa391b1 bug 987295 - mozilla::pkix: fix decoding OCSP response extensions r=cviecco 2014-03-31 13:24:16 -07:00
Camilo Viecco
02ccbcd3d6 Bug 986156 - Test anypolicyoid (no inhibit policy) for EV . r=dkeeler
--HG--
extra : rebase_source : 004dbe5fc1b168c43f62c5bed8e71d4d67b04754
2014-03-28 10:00:45 -07:00
Camilo Viecco
402a7a9293 Bug 986156 - Allow anypolicyoid and reject on inhibitAnypolicy (mozilla::pkix). r=bsmith
--HG--
extra : rebase_source : dd61d4bfa64ed65582f3a1b4662f16740983a3ce
2014-03-28 10:00:29 -07:00
Phil Ringnalda
aa7ac0fff7 Merge m-i to m-c 2014-03-29 09:00:18 -07:00
ffxbld
c0d0a0bd94 No bug, Automated HSTS preload list update from host bld-linux64-spot-403 - a=hsts-update 2014-03-29 03:14:50 -07:00
Mike Hommey
b4ed5e9a80 Backout changesets ca413634eba3 and a92851ff7444 (bug 988168) for likely windows PGO perf regression 2014-03-29 16:49:19 +09:00
Jed Davis
ddc591c878 Bug 989172 - Re-add sigaltstack to seccomp whitelist. r=kang
This reinstates the patch from bug 983518, which was unintentionally
dropped while merging with the reorganization in bug 985227.
2014-03-28 17:58:26 -07:00
Wes Kocher
51005ce03d Backed out 2 changesets (bug 987816) for xpcshell orange
Backed out changeset 245d0cb5a7b3 (bug 987816)
Backed out changeset b714220dd39d (bug 987816)
2014-03-28 16:57:12 -07:00
Camilo Viecco
96a8f62c2d Bug 987816 - certificateUsageVerifyCA is OK verifcation option. r=dkeeler
--HG--
extra : rebase_source : 0e000dc85705e1c61773e8fc73425fe80e0b9134
2014-03-28 10:21:30 -07:00
Camilo Viecco
557392561a Bug 987816 - test certificateUsageVerifyCA can return success. r=dkeeler
--HG--
rename : toolkit/library/libxul.mk => toolkit/library/Makefile.in
rename : toolkit/library/libxul.mozbuild => toolkit/library/moz.build
extra : rebase_source : 145fd4fce17325ca9e34681f3451c66c33bfd1a1
2014-03-28 15:53:08 -07:00
Mike Hommey
d55f8470ad Bug 988168 - Better integrate gtest libxul in the build system. r=mshal
--HG--
rename : toolkit/library/Makefile.in => toolkit/library/libxul.mk
rename : toolkit/library/moz.build => toolkit/library/libxul.mozbuild
2014-03-29 07:50:08 +09:00
Camilo Viecco
4ebeba8a03 Bug 982292 - Enhance EKU testing. r=dkeeler 2014-03-18 08:59:37 -07:00
Camilo Viecco
b8e464e37e Bug 982292 - Allow nsSGC to 'nest' TLS Web Server Authentication EKU in moz::pkix. r=bsmith 2014-03-13 11:06:44 -07:00
Makoto Kato
c0da567b5b Bug 987888 - --enable-content-sandbox breaks 64-bit builds. r=dkeeler,r=mshal 2014-03-28 13:59:16 +09:00
Brian Smith
28363a7d66 Bug 982778: Initialize parameters of output value of der::AlgorithmIdentifier, r=keeler 2014-03-13 21:26:03 -07:00
Benjamin Peterson
1b0c0d2f10 Bug 988718 - Mark nsSecurityHeaderParser explicit. r=dkeeler 2014-03-27 12:51:25 -04:00
Antonio M. Amaya
572fc8db93 Bug 880043 - Signed packaged installation test certificate generation. r=cviecco
--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/nss_ctypes.py => security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/nss_ctypes.py
rename : security/manager/ssl/tests/unit/test_signed_apps/sign_b2g_app.py => security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py
2014-03-27 11:02:27 -04:00
David Keeler
00785d6113 bug 986171 - mozilla::pkix: telemetry for what cert validation library is in use r=cviecco 2014-03-26 09:41:08 -07:00
David Keeler
1ea866dced Backed out changeset d9e136a02980 (bug 986171) for build bustage r=backout 2014-03-25 14:02:42 -07:00
David Keeler
d56c7b6534 bug 986171 - mozilla::pkix: telemetry for what cert validation library is in use r=cviecco 2014-03-25 13:43:01 -07:00
David Keeler
1898826bf2 bug 987217 - free leaking encodedRequest in GenerateCRMFRequest r=cviecco 2014-03-25 10:38:03 -07:00
Camilo Viecco
da379b1daf Bug 969188 - Part 3/3 - Test handling of v1/v2/v3 certificates from PSM. r=keeler
--HG--
extra : rebase_source : 321d603913f07a0afe64400e300146873e8a81af
2014-02-25 15:37:22 -08:00
Camilo Viecco
4fc6d46e33 Bug 969188 - Part 2/3 - mozilla::pkix only decode v3 extensions in v3 certificates. r=briansmith
--HG--
extra : rebase_source : 86e58ccf8538d0f40d3b24b89a92dceac095cb21
2014-03-06 10:04:04 -08:00
Camilo Viecco
fcc7445865 Bug 969188 - Part 1/3 - Fix mozilla::pkix handling of trusted v1 certificates. r=briansmith
--HG--
extra : rebase_source : 242b4849a7820d23518936a8c86ddcb7d9684394
2014-03-06 10:04:04 -08:00
Wan-Teh Chang
79601daa95 Bug 986875: Don't set the obsolete NSS makefile variable STANDARDS_CFLAGS.
r=glandium.
2014-03-24 16:53:33 -07:00
David Keeler
c492def197 bug 987262 - mozilla::pkix: refactor Nested AtEnd() checks in pkixder.h r=briansmith 2014-03-24 13:12:56 -07:00
Phil Ringnalda
39747a1529 Merge m-c to m-i 2014-03-22 08:09:46 -07:00
ffxbld
2306430b7a No bug, Automated HSTS preload list update from host bld-linux64-spot-008 - a=hsts-update 2014-03-22 03:20:45 -07:00
David Keeler
c696487874 backout bug 985021 (8d622f4ec6e9) for another build breakage on a CLOSED TREE r=backout 2014-03-21 11:47:06 -07:00
David Keeler
d33e060a52 bug 969758 - ignore "snionly" property in Google's HSTS preload list r=cviecco DONTBUILD because NPOTB 2014-03-21 14:09:04 -07:00
David Keeler
f740f3e913 bug 985021 - mozilla::pkix: temporarily accept pathLenConstraint in EE basic constraints extensions r=briansmith 2014-03-21 10:38:36 -07:00
David Keeler
185d667850 bug 985021 - mozilla::pkix: temporarily accept pathLenConstraint in EE basic constraints extensions r=briansmith 2014-03-21 11:52:01 -07:00
David Keeler
214c7f5d0c backout bug 985021 (de535cd27ee7) for build breakage r=backout 2014-03-20 16:06:15 -07:00
David Keeler
e12675d08a bug 985021 - mozilla::pkix: temporarily accept pathLenConstraint in EE basic constraints extensions r=briansmith 2014-03-20 15:50:12 -07:00
David Keeler
2fb9ff870f bug 985201 - follow-up: fix comment mentioning "Insanity" (it should be "mozilla::pkix") r=me DONTBUILD 2014-03-20 15:36:23 -07:00
David Keeler
676eaf13b4 bug 985201 - rename insanity::pkix to mozilla::pkix r=cviecco r=briansmith
--HG--
rename : security/insanity/include/insanity/ScopedPtr.h => security/pkix/include/pkix/ScopedPtr.h
rename : security/insanity/include/insanity/bind.h => security/pkix/include/pkix/bind.h
rename : security/insanity/include/insanity/nullptr.h => security/pkix/include/pkix/nullptr.h
rename : security/insanity/include/insanity/pkix.h => security/pkix/include/pkix/pkix.h
rename : security/insanity/include/insanity/pkixtypes.h => security/pkix/include/pkix/pkixtypes.h
rename : security/insanity/lib/pkixbind.cpp => security/pkix/lib/pkixbind.cpp
rename : security/insanity/lib/pkixbuild.cpp => security/pkix/lib/pkixbuild.cpp
rename : security/insanity/lib/pkixcheck.cpp => security/pkix/lib/pkixcheck.cpp
rename : security/insanity/lib/pkixcheck.h => security/pkix/lib/pkixcheck.h
rename : security/insanity/lib/pkixder.cpp => security/pkix/lib/pkixder.cpp
rename : security/insanity/lib/pkixder.h => security/pkix/lib/pkixder.h
rename : security/insanity/lib/pkixkey.cpp => security/pkix/lib/pkixkey.cpp
rename : security/insanity/lib/pkixocsp.cpp => security/pkix/lib/pkixocsp.cpp
rename : security/insanity/lib/pkixutil.h => security/pkix/lib/pkixutil.h
rename : security/insanity/moz.build => security/pkix/moz.build
rename : security/insanity/test/lib/moz.build => security/pkix/test/lib/moz.build
rename : security/insanity/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestutil.cpp
rename : security/insanity/test/lib/pkixtestutil.h => security/pkix/test/lib/pkixtestutil.h
2014-03-20 14:29:21 -07:00
Jed Davis
b939b580cf Bug 985227 - Part 3: Replace the seccomp filter arch ifdefs with syscall existence tests. r=kang 2014-03-20 10:19:42 -04:00
Jed Davis
d06bc434b1 Bug 985227 - Part 2: Flatten out the #define maze in the seccomp filter. r=kang 2014-03-20 10:19:42 -04:00
Jed Davis
893f056ba5 Bug 985227 - Part 1: Move the seccomp filter into its own translation unit. r=kang
--HG--
rename : security/sandbox/linux/seccomp_filter.h => security/sandbox/linux/SandboxFilter.cpp
2014-03-20 10:19:42 -04:00
Jed Davis
a8a37995ce Bug 975273 - Add missing include to unbreak desktop seccomp build. r=kang 2014-03-20 09:27:28 -04:00