Brad Lassey
899dca0947
bug 1118554 - fix gcc4.9 warnings on Android, <cstdlib> instead of <stdlib.h> r=gcp
...
--HG--
extra : rebase_source : cbb04c5973878e350e890c4df2ce271d32b7587e
2015-01-08 10:19:39 -05:00
Jacek Caban
55b1872f77
Bug 1119179 - Avoid gmtime_r duplication if it's provided by mingw. r=bsmith
2015-01-09 11:41:15 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
3bda017935
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused
2015-01-07 06:08:00 +01:00
Ehsan Akhgari
b6e35bb4b4
Bug 1118486 - Part 1: Use = delete
instead of MOZ_DELETE directly; r=Waldo
...
Most of this patch (with the exception of dom/bindings/Codegen.py) was
generated by the following bash script:
#!/bin/bash
function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
! -wholename "*security/nss*" \
! -wholename "*/.hg*" \
! -wholename "*/.git*" \
! -wholename "obj-*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_DELETE '= delete'
2015-01-08 23:19:05 -05:00
David Keeler
a1f3b2453c
bug 1101194 - follow-up to fix bustage in TestCertDB r=bustage on a CLOSED TREE
...
Turns out there was a code path that resulted in attempting to acquire a lock
on the DataStorage mutex when one had already been acquired, resulting in
deadlock. This fixes it.
2015-01-08 10:56:07 -08:00
Kai Engert
1aabca1e25
Bug 1107731, upgrade Mozilla 37 to use NSS 3.18 (this is beta 5), r=wtc
2015-01-08 19:40:05 +01:00
David Keeler
b18f07bda4
bug 1101194 - add telemetry for DataStorage table size r=mgoodwin
2015-01-07 13:23:07 -08:00
Cykesiopka
7d1003f392
Bug 989485 - Split test_cert_eku.js into multiple files to avoid time outs. r=keeler
2015-01-08 01:15:00 -05:00
Brian Smith
7e9ea7c5f5
Bug 1118599 - Remove now-unneeded MOZILLA_PKIX_ENUM_CLASS workaround for GCC enum class bugs. r=mmc
2015-01-06 18:28:09 -08:00
Michael Pruett
b9d2bd339e
Bug 1118024 - Use new PL_DHashTable{Add,Lookup,Remove} functions. r=nfroyd
2015-01-05 20:27:28 -06:00
Mike Hommey
403bf99083
Bug 1110760 - Build and Package Chromium Sandbox wow_helper. r=gps
2015-01-08 10:44:41 +09:00
Mike Hommey
0e7bbf59c9
Bug 1110760 - Increase the chances of the wow_helper target code symbols being in the assumed order. r=aklotz
2015-01-08 10:44:41 +09:00
Bob Owen
15af7f7f74
Bug 1110760 - Import Chromium Sandbox wow_helper code. r=aklotz
2015-01-08 10:44:40 +09:00
David Keeler
8f6f828f17
bug 1114741 - have nsRandomGenerator guard against NSS shutdown r=jcj
...
nsRandomGenerator uses NSS resources but does not prevent against NSS shutting
down while doing so. To fix this, nsRandomGenerator must implement
nsNSSShutDownObject.
2015-01-05 16:11:26 -08:00
Brad Lassey
1c9ee71594
bug 1118554 - make android's stdcxx work r=glandium
2015-01-06 23:34:31 -05:00
Brian Smith
f64580a5e6
Bug 1073867, Part 5: Make DSS test faster, r=mmc
...
--HG--
extra : rebase_source : 5d3ae5b6c777382d69134d5c38fca0c52c93c3a2
extra : histedit_source : 15209d1249d2eb638143409404cbbe15f0a2715b
2014-12-24 17:56:10 -08:00
Nicholas Nethercote
9a2b68d42b
Bug 1117611 - Fix shadowed variable in SandboxBroker::SetSecurityLevelForContentProcess(). r=bobowen.
...
--HG--
extra : rebase_source : 29f25cc34bd5f66bac2454c30613344fb63a92b5
2015-01-05 15:54:22 -08:00
Ehsan Akhgari
4b5d28601f
Bug 1116559 - Remove the code to handle shutdown-cleanse from the cert override service code; r=keeler
...
shutdown-cleanse has not been a thing for quite a while.
2015-01-05 21:01:27 -05:00
Andrew Bartlett
3823a96109
Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
...
NTLMv2 is the default.
This adds a new preference:
network.ntlm.force-generic-ntlm-v1
This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.
To support this, we also:
- Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"
- Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"
- Remove LM code from internal NTLM handler
The LM response should essentially never be sent, the last practical
use case was CIFS connections to Windows 9X, I have never seen a web
server that could only do LM
It is removed before the NTLMv2 work is done so as to avoid having 3
possible states here (LM, NTLM, NTLMv2) to control via preferences.
Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-22 15:55:00 -05:00
Brian Smith
0df174721c
Bug 1117003 - Backout cset ca3c73188295 (Bug 1115903, Part 2), r=ehsan
2015-01-02 12:26:14 -08:00
Phil Ringnalda
577013867e
Merge m-i to m-c, a=merge
2015-01-03 20:02:33 -08:00
ffxbld
5968e9ce33
No bug, Automated HPKP preload list update from host bld-linux64-spot-100 - a=hpkp-update
2015-01-03 03:20:27 -08:00
ffxbld
44b7deef25
No bug, Automated HSTS preload list update from host bld-linux64-spot-100 - a=hsts-update
2015-01-03 03:20:25 -08:00
Brian Smith
47e92f2b3c
Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj
...
--HG--
extra : rebase_source : 6c8575de36355521baf69bba89eba530cd4e8b09
2014-12-26 23:49:47 -08:00
Brian Smith
39853892f9
Bug 1115903, Remove VS2010 workarounds, r=mmc
...
--HG--
extra : rebase_source : 742973c0f2d547371fbeca72e384053c70b5ba0f
2014-12-26 21:39:54 -08:00
Brian Smith
17c1065e6f
Bug 1115761, Part 4: Add "fall through" comment, r=jcj
...
--HG--
extra : rebase_source : 1e40d7d7d85c1a02eb6195ecee1038ea40a6a9ab
2014-12-26 15:07:56 -08:00
Brian Smith
a1d102d4f2
Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj
...
--HG--
extra : rebase_source : b11b172fac76c7845d2a97cabf1bad9e04a50367
2014-12-23 14:51:52 -08:00
Brian Smith
b3bf235584
Bug 1115761, Part 2: Use NotReached more consistently in pkixnss.cpp, r=jcj
...
--HG--
extra : rebase_source : 80647fc11d40d822dc042af1d797cb34062a84ab
2014-12-23 22:35:53 -08:00
Brian Smith
b88b8f38dd
Bug 1115761, Part 1: Remove obsolete references to NSS stuff in comments, r=jcj
...
--HG--
extra : rebase_source : 65af59d9695b424f057b40c54aab6973a39bcc25
2014-12-26 12:40:45 -08:00
Brian Smith
e3671889ff
Bug 1035414, Part 2: Always check subject's issuer matches issuer's subject, r=jcj
...
--HG--
extra : rebase_source : a75eca6ed909fa4f241b1a736656b7e8c99eb3ea
2014-12-26 10:13:18 -08:00
Brian Smith
68fac13f07
Bug 1035414, Part 1: Test issuer/subject name matching, r=jcj
...
--HG--
extra : rebase_source : 8faab27888502083565db3681f10a310b69b1845
2014-12-26 11:35:48 -08:00
Brian Smith
df0803d83c
Bug 1073867, Part 4: Test that DSS end-entity certificates are rejected, r=mmc
...
--HG--
extra : rebase_source : 7cfdcdf08f2ae8909062b8803de6702ab47ec65a
2014-12-26 11:40:51 -08:00
Brian Smith
257741f645
Bug 1073867, Part 3: Reject DSS end-entity certificates, r=mmc
...
--HG--
extra : rebase_source : 76546b57aade1a15b394a2e53d8c12d62906dcac
2014-12-24 00:51:52 -08:00
David Erceg
86c1c8ddf5
Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler
2014-12-22 20:26:49 +11:00
Ehsan Akhgari
0d12ab6f75
Bug 1115076 - Wait for about:privatebrowsing to load in test_sts_privatebrowsing_perwindowpb.html; r=jdm
2014-12-31 09:32:03 -05:00
Ehsan Akhgari
8d1f34cb76
Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith
2015-01-02 09:02:04 -05:00
ffxbld
c859dae2e4
No bug, Automated HPKP preload list update from host b-linux64-ix-0002 - a=hpkp-update
2014-12-27 03:21:29 -08:00
ffxbld
bc4966f0aa
No bug, Automated HSTS preload list update from host b-linux64-ix-0002 - a=hsts-update
2014-12-27 03:21:25 -08:00
Kaspar Brand
6542374a70
Bug 1112487 - The signing certificates with key usage only non-repudiation is taken as invalid for signing. r=keeler
2014-12-17 21:31:00 -05:00
Tom Schuster
2d05106e74
Bug 1110835 - Simplify some code nsSecureBrowserUIImpl around UpdateSecurityState. r=keeler
2014-12-25 21:31:11 +01:00
Masatoshi Kimura
bf2b64547c
Bug 1114295 - Remove the dead pref for TLS_DHE_DSS_WITH_AES_128_CBC_SHA. r=keeler
2014-12-24 22:21:12 +09:00
Tom Schuster
8d71a7d0ca
Bug 764496 - Make EV detection work in content processes. r=keeler,kanru
2014-12-24 14:04:24 +01:00
Brian Smith
3c27e21f16
Bug 1115181: Remove pkixnss.h dependency from pkixcert_signature_algorithm_tests, r=keeler
...
--HG--
extra : rebase_source : 2a4e11338b06d33ab8ad1536dc05c082db330d68
2014-12-23 14:51:16 -08:00
Brian Smith
d72d293161
Bug 1070444: Remove NSS dependencies in pkixbuild_tests.cpp, r=keeler
...
--HG--
extra : rebase_source : f07e38d40f1644cce30191f5d8ab29ac06582683
2014-12-22 01:20:59 -08:00
Brian Smith
2e3f19b2fa
Bug 1114701: Replace function pointers with function references, r=keeler
...
--HG--
extra : rebase_source : 350e7f8170f6b1176e46b829026e9ee27b3303e5
2014-12-23 12:43:25 -08:00
Daniel Holbert
33c7419e62
Bug 1114671: Use function pointer (instead of reference) in pkix/bind.h, for consistency & to fix -Wignored-qualifiers build warning for 'const'. r=briansmith
2014-12-22 13:04:36 -08:00
Brian Smith
e7cd1a4936
Bug 1107666, Part 2: Further fix for SSL_OCSP_STAPLING telemetry, r=keeler
...
--HG--
extra : rebase_source : b2dbbd4eaa8aea019b40eddfc19fb8af20ef3a4c
2014-12-20 07:03:57 -08:00
Carsten "Tomcat" Book
0b4b40c804
Backed out changeset 8fd0df8e208c (bug 423758) for bustage
2014-12-22 09:05:34 +01:00
J.C. Jones
2a55f8138d
Bug 968451 - Document the exported functions exposed from mozilla::pkix (pkix/pkix.h). r=keeler
2014-12-19 12:25:00 +01:00
Andrew Bartlett
1b11a5e146
Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
...
NTLMv2 is the default.
This adds a new preference:
network.ntlm.force-generic-ntlm-v1
This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.
To support this, we also:
- Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"
- Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"
- Remove LM code from internal NTLM handler
The LM response should essentially never be sent, the last practical
use case was CIFS connections to Windows 9X, I have never seen a web
server that could only do LM
It is removed before the NTLMv2 work is done so as to avoid having 3
possible states here (LM, NTLM, NTLMv2) to control via preferences.
Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-18 17:25:00 +01:00