Commit Graph

2668 Commits

Author SHA1 Message Date
David Keeler
cc65ea472a bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith
validThrough should now be the time through which, if passed in as the given
time to validate an OCSP response at, VerifyEncodedOCSPResponse will still
consider it trustworthy. After that time, it will be expired. This makes it
so the OCSP cache compares validity period responses consistently with
mozilla::pkix.
2014-11-21 10:43:43 -08:00
Kai Engert
d568114769 Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18 - NSS_3_18_BETA3, r=wtc 2014-11-20 20:29:15 +01:00
Carsten "Tomcat" Book
00488eb57e Backed out changeset 1aebb84c8af1 (bug 1041775) for Windows 8 PGO Build Bustage on a CLOSED TREE
--HG--
rename : security/sandbox/chromium/sandbox/sandbox_export.h => security/sandbox/chromium/sandbox/linux/sandbox_export.h
2014-11-20 16:11:56 +01:00
Carsten "Tomcat" Book
aadab21ee9 Backed out changeset ec63befb3ad7 (bug 1041775) 2014-11-20 16:11:12 +01:00
Carsten "Tomcat" Book
0f9bf9f40f Backed out changeset ebe866ff8a44 (bug 1041775) 2014-11-20 16:11:06 +01:00
Bob Owen
a52aebdb85 Bug 1041775 Part 3: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389
2014-11-18 15:11:47 +00:00
Bob Owen
87ccc9be29 Bug 1041775 Part 2: Re-apply warn only sandbox changes to Chromium code after merge. r=tabraldes
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
https://hg.mozilla.org/mozilla-central/rev/8d0aca89e1b2
2014-11-18 15:09:55 +00:00
Bob Owen
aae8e1186c Bug 1041775 Part 1: Update Chromium sandbox code to commit 9522fad406dd161400daa518075828e47bd47f60. r=jld,aklotz
--HG--
rename : security/sandbox/chromium/sandbox/linux/sandbox_export.h => security/sandbox/chromium/sandbox/sandbox_export.h
2014-11-18 13:48:21 +00:00
David Keeler
975927dcc7 bug 1091232 - update PSM data structures that are affected by root CA changes r=mmc 2014-11-18 16:41:18 -08:00
Cykesiopka
509363556e Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler 2014-11-17 21:12:00 +01:00
Monica Chew
2d3f38456b Bug 1092606: Filter out duplicate pinsets as well as domains (r=keeler) 2014-11-17 12:54:42 -08:00
Kai Engert
75427f88c8 Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18 - NSS_3_18_BETA2 2014-11-17 14:57:45 +01:00
Cykesiopka
e59f7d10ca Bug 1084606 - Allow overrides for MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE. r=dkeeler 2014-11-11 00:59:00 +01:00
Gregory Szorc
d8dfd9b547 Merge inbound to m-c; a=merge
--HG--
extra : amend_source : 2e89bf359e356566aee6b04bb864979539e1c90d
2014-11-15 13:57:08 -08:00
ffxbld
09c8458513 No bug, Automated HPKP preload list update from host b-linux64-ix-0011 - a=hpkp-update 2014-11-15 03:21:19 -08:00
ffxbld
f9882b9437 No bug, Automated HSTS preload list update from host b-linux64-ix-0011 - a=hsts-update 2014-11-15 03:21:16 -08:00
David Keeler
2a1194b40c bug 940994 - follow-up to fix some issues that were missed in review r=mmc 2014-11-14 16:46:23 -08:00
Monica Chew
24a5ab6b1d Bug 1098288: Enable pinning on spideroak (r=keeler) 2014-11-14 11:17:40 -08:00
Masatoshi Kimura
40351c3a65 Bug 1094495 - Disable C4480 in security/pkix. r=keeler 2014-11-12 07:41:42 +09:00
Cykesiopka
d10e8aef8f Bug 1057035 - Fix terminology used in the certificate exception dialog. r=keeler 2014-10-27 21:06:00 -04:00
Masatoshi Kimura
55d966ec5f Bug 1093595 - Change strings to add a description about weak encryption. r=dolske 2014-11-11 07:29:44 +09:00
Masatoshi Kimura
f4f4964baf Bug 1093595 - Treat SSL3 and RC4 as broken. r=keeler 2014-11-11 07:29:44 +09:00
Carsten "Tomcat" Book
925df8e984 merge mozilla-inbound to mozilla-central a=merge 2014-11-10 14:24:51 +01:00
ffxbld
818d809dde No bug, Automated HPKP preload list update from host bld-linux64-spot-144 - a=hpkp-update 2014-11-08 03:20:20 -08:00
ffxbld
a9a58b836b No bug, Automated HSTS preload list update from host bld-linux64-spot-144 - a=hsts-update 2014-11-08 03:20:17 -08:00
Monica Chew
ccfc8984aa Bug 1030135: Promote pin for services.mozilla.com to production mode (r=keeler) 2014-11-07 12:00:50 -08:00
Shashank Sabniveesu
c51de0f3e3 Bug 940994 - Adding '.p7b' to 'known file types' list of 'Certificate Manager'. r=keeler 2014-10-07 14:30:00 +02:00
Chris Peterson
23bc91c094 Bug 1095926 - Fix -Wcomment warning in OCSP test and mark some OCSP tests as FAIL_ON_WARNINGS. r=briansmith 2014-10-11 20:13:45 -07:00
Michael Ratcliffe
e2616dda10 Bug 1090913 - Make mochitests fail when it has 0 passes and 0 fails r=jmaher 2014-11-05 16:00:52 +00:00
Jed Davis
c0003b43bf Bug 1077057 - Expose Linux sandboxing information to JS via nsSystemInfo. r=kang r=froydnj
This adds "hasSeccompBPF" for seccomp-bpf support; other "has" keys
will be added in the future (e.g., user namespaces).

This also adds "canSandboxContent" and "canSandboxMedia", which are
absent if the corresponding type of sandboxing isn't enabled at build
type (or is disabled with environment variables), and otherwise present
as a boolean indicating whether that type of sandboxing is supported.
Currently this is always the same as hasSeccompBPF, but that could change
in the future.

Some changes have been made to the "mozilla/Sandbox.h" interface to
support this; the idea is that the MOZ_DISABLE_*_SANDBOX environment
variables should be equivalent to disabling MOZ_*_SANDBOX at build time.
2014-11-06 13:11:00 +01:00
David Keeler
28de902146 bug 1039642 - follow-up to fix non-unified build bustage (missing include and namespace) r=bustage a=metered 2014-11-06 14:23:21 -08:00
David Keeler
a8eff24a19 bug 1039642 - clean up the implementation of nsPkcs11 for style and safety r=jcj r=mmc a=metered 2014-11-05 14:05:46 -08:00
David Keeler
12b9e52c8f bug 1039642 - test that smart card events are no longer emitted after removing a PKCS#11 module r=jcj r=mmc a=metered
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js => security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
2014-11-05 13:54:21 -08:00
David Keeler
533af6553c bug 1039642 - stop PKCS#11 module threads before deleting them r=jcj r=mmc a=metered 2014-11-05 13:53:28 -08:00
Jed Davis
eb420073d5 Bug 1093893 - Fix B2G sandbox for ICS Bionic pthread_kill(). r=kang 2014-11-06 11:04:14 -08:00
Chris Peterson
9fa6824ffd Bug 1092710 - Fix -Wunused-const-variable warning-as-error in non-unified security/certverifier. r=keeler
--HG--
extra : rebase_source : c13f7e565c8459263191f9bb16d4221b6f163443
2014-11-01 12:14:41 -07:00
Dragana Damjanovic
2e68ce12bc Bug 1087213 - Implenent bind function in nsNSSIOLayer. r=honza 2014-10-22 02:06:00 +02:00
Monica Chew
ab81f38ecb Bug 1004781: Remove unnecessary cert for facebook (r=keeler) 2014-11-04 10:54:26 -08:00
Monica Chew
d16e874df2 Bug 1092606: Don't import Chromium pinsets for domains that are already in our list (r=keeler,jcj) 2014-11-04 10:53:52 -08:00
David Keeler
469763fa53 bug 1079658 - follow-up bustage fix (unnecessary multi-line C++-style comment) r=bustage on a CLOSED TREE 2014-11-03 13:48:48 -08:00
David Keeler
85ea7a8d6f bug 1079658 - check for the id-pkix-ocsp-nocheck extension when decoding certificates r=briansmith 2014-11-03 11:35:15 -08:00
Bob Owen
6a0cc31276 Bug 1076903: Add a Chromium LICENSE file to security/sandbox/win/src. r=gerv 2014-11-03 15:34:26 +00:00
Chris Peterson
47a64631af Bug 1092028 - Fix -Wunused-const-variable warning-as-error in security/pkix/test/gtest. r=bsmith 2014-10-30 23:17:27 -07:00
ffxbld
658df753a4 No bug, Automated HPKP preload list update from host b-linux64-ix-0009 - a=hpkp-update 2014-11-01 03:19:47 -07:00
ffxbld
a9b178b97e No bug, Automated HSTS preload list update from host b-linux64-ix-0009 - a=hsts-update 2014-11-01 03:19:44 -07:00
Garrett Robinson
dae84ffbe6 Bug 846489 - Part 1 - Expose error code on TransportSecurityInfo. r=keeler 2014-10-30 12:50:00 +01:00
Carsten "Tomcat" Book
573a77d7d3 Backed out changeset 5fb2f4662098 (bug 846498) for wrong bug number in commit message 2014-10-31 10:03:53 +01:00
Masatoshi Kimura
72b1c83560 Bug 1088915 - Stop offering RC4 in the first handshakes. r=keeler 2014-10-22 01:11:29 +09:00
Masatoshi Kimura
f4a512a9de Bug 947149 - Remove useless and even misleading word and dead code. r=keeler, dolske 2014-10-30 15:22:00 +01:00
Garrett Robinson
a0f34fc2ad Bug 846498 - Expose error code on TransportSecurityInfo. r=keeler 2014-10-30 12:50:00 +01:00