Commit Graph

2847 Commits

Author SHA1 Message Date
Masatoshi Kimura
6d98b6a986 Bug 1102632 - Stop triggering non-secure fallback for SSL_ERROR_UNSUPPORTED_VERSION. r=keeler 2014-12-02 20:33:24 +09:00
Kai Engert
3665e05348 Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.17.3, changing version numbers, only. 2014-12-01 14:34:08 +01:00
Jan Beich
d76f92bf8d Bug 1105851 - Unbreak non-unified non-SPS build after 1054498. r=jcj 2014-11-30 21:27:45 +01:00
Bob Owen
513e26d6ce Bug 1094667: Use the USER_NON_ADMIN access token by default for the Windows content sandbox. r=tabraldes 2014-11-29 17:12:18 +00:00
Bob Owen
976a5c00ec Bug 928044 Part 3: Add logging changes back into the Chromium interception code. r=tabraldes 2014-11-29 17:12:18 +00:00
Bob Owen
9a0a395aed Bug 928044 Part 2: Enable the content sandbox by default on Windows with an open policy. r=tabraldes,glandium,jimm
--HG--
rename : security/sandbox/win/src/warnonlysandbox/wosCallbacks.h => security/sandbox/win/src/logging/loggingCallbacks.h
rename : security/sandbox/win/src/warnonlysandbox/wosTypes.h => security/sandbox/win/src/logging/loggingTypes.h
rename : security/sandbox/win/src/warnonlysandbox/warnOnlySandbox.cpp => security/sandbox/win/src/logging/sandboxLogging.cpp
rename : security/sandbox/win/src/warnonlysandbox/warnOnlySandbox.h => security/sandbox/win/src/logging/sandboxLogging.h
2014-11-29 17:12:18 +00:00
Bob Owen
f1c46b88fc Bug 928044 Part 1: Remove Chromium interception logging changes. r=tabraldes 2014-11-29 17:12:17 +00:00
ffxbld
9c4b8697e8 No bug, Automated HPKP preload list update from host b-linux64-ix-0005 - a=hpkp-update 2014-11-29 03:19:59 -08:00
ffxbld
fc4c314b24 No bug, Automated HSTS preload list update from host b-linux64-ix-0005 - a=hsts-update 2014-11-29 03:19:56 -08:00
Kai Engert
5120a5ba80 Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18, land beta 4 which backs out bug 1073330 2014-11-28 07:56:26 +01:00
Carsten "Tomcat" Book
004f2edc52 Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage 2014-11-27 16:30:41 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
e1eaa1f5df Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused 2014-11-27 04:12:00 +01:00
Masatoshi Kimura
5754d27f07 Bug 1092998 - Followup to address review comments. r=keeler 2014-11-27 21:39:33 +09:00
Bob Owen
0313e26177 Bug 1027902: Use an intial integrity level of low for the GMP sandbox on Windows. r=tabraldes 2014-11-27 08:44:45 +00:00
Blake Kaplan
0a803d9447 Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-26 14:28:28 -08:00
Masatoshi Kimura
d651e82425 Bug 1092998 - Deal with "cipher mismatch intolerant" servers. r=keeler 2014-11-27 07:19:11 +09:00
Rob Stradling
2f38dd3438 bug 1104109 - follow-up to fix new EV OID description strings (they need to match if the OIDs are the same) r=keeler 2014-11-26 11:28:17 -08:00
Bob Owen
7ca0b31e65 Bug 1041775 Part 3: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389
2014-11-18 15:11:47 +00:00
Bob Owen
57f83c8aaa Bug 1041775 Part 2: Re-apply warn only sandbox changes to Chromium code after merge. r=tabraldes
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
https://hg.mozilla.org/mozilla-central/rev/8d0aca89e1b2
2014-11-18 15:09:55 +00:00
Bob Owen
13e2a562f7 Bug 1041775 Part 1: Update Chromium sandbox code to commit 9522fad406dd161400daa518075828e47bd47f60. r=jld,aklotz,glandium
--HG--
rename : security/sandbox/chromium/sandbox/linux/sandbox_export.h => security/sandbox/chromium/sandbox/sandbox_export.h
2014-11-18 13:48:21 +00:00
Cykesiopka
82d0372c82 Bug 1103336 - Fix and re-enable PSM xpcshell tests that don't use add_tls_server_setup() on Android. r=dkeeler 2014-11-22 00:08:00 +01:00
J.C. Jones
ab36d11f8d Bug 1104109 - December 2014 batch of EV root CA Changes. r=keeler 2014-11-24 16:36:00 +01:00
Richard Barnes
78927cb49c Bug 968817 - Only accept certs for server TLS which use EKU (and which assert the TLS Server Authentication EKU) r=keeler 2014-11-24 20:33:50 -05:00
Jed Davis
eb5a7b8072 Bug 1101170 - Move Linux sandbox code into plugin-container on desktop. r=kang r=glandium
Specifically:
* SandboxCrash() uses internal Gecko interfaces, so stays in libxul.
* SandboxInfo moves to libxul from libmozsandbox, which no longer exists.
* Where libxul calls Set*Sandbox(), it uses weak symbols.
* Everything remains as it was on mobile.
2014-11-24 15:22:13 -08:00
Jed Davis
279ab5b3c8 Bug 1101170 - Move sandbox status info into a separate module. r=kang r=glandium
This changes the interface so that the code which determines the flags
can live in one place, but checking the flags doesn't need to call into
another library.

Also removes the no-op wrappers for Set*Sandbox when disabled at build
time; nothing used them, one of them was unusable due to having the wrong
type, and all they really accomplish is allowing sloppiness with ifdefs
(which could hide actual mistakes).
2014-11-24 15:22:13 -08:00
Richard Barnes
c8d1717147 Bug 1088255 - Collect telemetry on CAs that appear in valid cert chains r=keeler 2014-11-07 16:26:46 -05:00
Carsten "Tomcat" Book
99c627c356 merge mozilla-inbound to mozilla-central a=merge 2014-11-24 13:30:23 +01:00
ffxbld
ad59d69d06 No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update 2014-11-22 03:19:44 -08:00
ffxbld
cd9a4bdea2 No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update 2014-11-22 03:19:41 -08:00
Kai Engert
d568114769 Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18 - NSS_3_18_BETA3, r=wtc 2014-11-20 20:29:15 +01:00
Carsten "Tomcat" Book
00488eb57e Backed out changeset 1aebb84c8af1 (bug 1041775) for Windows 8 PGO Build Bustage on a CLOSED TREE
--HG--
rename : security/sandbox/chromium/sandbox/sandbox_export.h => security/sandbox/chromium/sandbox/linux/sandbox_export.h
2014-11-20 16:11:56 +01:00
Carsten "Tomcat" Book
aadab21ee9 Backed out changeset ec63befb3ad7 (bug 1041775) 2014-11-20 16:11:12 +01:00
Carsten "Tomcat" Book
0f9bf9f40f Backed out changeset ebe866ff8a44 (bug 1041775) 2014-11-20 16:11:06 +01:00
David Keeler
cc65ea472a bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith
validThrough should now be the time through which, if passed in as the given
time to validate an OCSP response at, VerifyEncodedOCSPResponse will still
consider it trustworthy. After that time, it will be expired. This makes it
so the OCSP cache compares validity period responses consistently with
mozilla::pkix.
2014-11-21 10:43:43 -08:00
Bob Owen
a52aebdb85 Bug 1041775 Part 3: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389
2014-11-18 15:11:47 +00:00
Bob Owen
87ccc9be29 Bug 1041775 Part 2: Re-apply warn only sandbox changes to Chromium code after merge. r=tabraldes
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
https://hg.mozilla.org/mozilla-central/rev/8d0aca89e1b2
2014-11-18 15:09:55 +00:00
Bob Owen
aae8e1186c Bug 1041775 Part 1: Update Chromium sandbox code to commit 9522fad406dd161400daa518075828e47bd47f60. r=jld,aklotz
--HG--
rename : security/sandbox/chromium/sandbox/linux/sandbox_export.h => security/sandbox/chromium/sandbox/sandbox_export.h
2014-11-18 13:48:21 +00:00
David Keeler
975927dcc7 bug 1091232 - update PSM data structures that are affected by root CA changes r=mmc 2014-11-18 16:41:18 -08:00
Cykesiopka
509363556e Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler 2014-11-17 21:12:00 +01:00
Monica Chew
2d3f38456b Bug 1092606: Filter out duplicate pinsets as well as domains (r=keeler) 2014-11-17 12:54:42 -08:00
Kai Engert
75427f88c8 Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18 - NSS_3_18_BETA2 2014-11-17 14:57:45 +01:00
Cykesiopka
e59f7d10ca Bug 1084606 - Allow overrides for MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE. r=dkeeler 2014-11-11 00:59:00 +01:00
Gregory Szorc
d8dfd9b547 Merge inbound to m-c; a=merge
--HG--
extra : amend_source : 2e89bf359e356566aee6b04bb864979539e1c90d
2014-11-15 13:57:08 -08:00
ffxbld
09c8458513 No bug, Automated HPKP preload list update from host b-linux64-ix-0011 - a=hpkp-update 2014-11-15 03:21:19 -08:00
ffxbld
f9882b9437 No bug, Automated HSTS preload list update from host b-linux64-ix-0011 - a=hsts-update 2014-11-15 03:21:16 -08:00
David Keeler
2a1194b40c bug 940994 - follow-up to fix some issues that were missed in review r=mmc 2014-11-14 16:46:23 -08:00
Monica Chew
24a5ab6b1d Bug 1098288: Enable pinning on spideroak (r=keeler) 2014-11-14 11:17:40 -08:00
Masatoshi Kimura
40351c3a65 Bug 1094495 - Disable C4480 in security/pkix. r=keeler 2014-11-12 07:41:42 +09:00
Cykesiopka
d10e8aef8f Bug 1057035 - Fix terminology used in the certificate exception dialog. r=keeler 2014-10-27 21:06:00 -04:00
Masatoshi Kimura
55d966ec5f Bug 1093595 - Change strings to add a description about weak encryption. r=dolske 2014-11-11 07:29:44 +09:00
Masatoshi Kimura
f4f4964baf Bug 1093595 - Treat SSL3 and RC4 as broken. r=keeler 2014-11-11 07:29:44 +09:00
Carsten "Tomcat" Book
925df8e984 merge mozilla-inbound to mozilla-central a=merge 2014-11-10 14:24:51 +01:00
ffxbld
818d809dde No bug, Automated HPKP preload list update from host bld-linux64-spot-144 - a=hpkp-update 2014-11-08 03:20:20 -08:00
ffxbld
a9a58b836b No bug, Automated HSTS preload list update from host bld-linux64-spot-144 - a=hsts-update 2014-11-08 03:20:17 -08:00
Monica Chew
ccfc8984aa Bug 1030135: Promote pin for services.mozilla.com to production mode (r=keeler) 2014-11-07 12:00:50 -08:00
Shashank Sabniveesu
c51de0f3e3 Bug 940994 - Adding '.p7b' to 'known file types' list of 'Certificate Manager'. r=keeler 2014-10-07 14:30:00 +02:00
Chris Peterson
23bc91c094 Bug 1095926 - Fix -Wcomment warning in OCSP test and mark some OCSP tests as FAIL_ON_WARNINGS. r=briansmith 2014-10-11 20:13:45 -07:00
Michael Ratcliffe
e2616dda10 Bug 1090913 - Make mochitests fail when it has 0 passes and 0 fails r=jmaher 2014-11-05 16:00:52 +00:00
Jed Davis
c0003b43bf Bug 1077057 - Expose Linux sandboxing information to JS via nsSystemInfo. r=kang r=froydnj
This adds "hasSeccompBPF" for seccomp-bpf support; other "has" keys
will be added in the future (e.g., user namespaces).

This also adds "canSandboxContent" and "canSandboxMedia", which are
absent if the corresponding type of sandboxing isn't enabled at build
type (or is disabled with environment variables), and otherwise present
as a boolean indicating whether that type of sandboxing is supported.
Currently this is always the same as hasSeccompBPF, but that could change
in the future.

Some changes have been made to the "mozilla/Sandbox.h" interface to
support this; the idea is that the MOZ_DISABLE_*_SANDBOX environment
variables should be equivalent to disabling MOZ_*_SANDBOX at build time.
2014-11-06 13:11:00 +01:00
David Keeler
28de902146 bug 1039642 - follow-up to fix non-unified build bustage (missing include and namespace) r=bustage a=metered 2014-11-06 14:23:21 -08:00
David Keeler
a8eff24a19 bug 1039642 - clean up the implementation of nsPkcs11 for style and safety r=jcj r=mmc a=metered 2014-11-05 14:05:46 -08:00
David Keeler
12b9e52c8f bug 1039642 - test that smart card events are no longer emitted after removing a PKCS#11 module r=jcj r=mmc a=metered
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js => security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
2014-11-05 13:54:21 -08:00
David Keeler
533af6553c bug 1039642 - stop PKCS#11 module threads before deleting them r=jcj r=mmc a=metered 2014-11-05 13:53:28 -08:00
Jed Davis
eb420073d5 Bug 1093893 - Fix B2G sandbox for ICS Bionic pthread_kill(). r=kang 2014-11-06 11:04:14 -08:00
Chris Peterson
9fa6824ffd Bug 1092710 - Fix -Wunused-const-variable warning-as-error in non-unified security/certverifier. r=keeler
--HG--
extra : rebase_source : c13f7e565c8459263191f9bb16d4221b6f163443
2014-11-01 12:14:41 -07:00
Dragana Damjanovic
2e68ce12bc Bug 1087213 - Implenent bind function in nsNSSIOLayer. r=honza 2014-10-22 02:06:00 +02:00
Monica Chew
ab81f38ecb Bug 1004781: Remove unnecessary cert for facebook (r=keeler) 2014-11-04 10:54:26 -08:00
Monica Chew
d16e874df2 Bug 1092606: Don't import Chromium pinsets for domains that are already in our list (r=keeler,jcj) 2014-11-04 10:53:52 -08:00
David Keeler
469763fa53 bug 1079658 - follow-up bustage fix (unnecessary multi-line C++-style comment) r=bustage on a CLOSED TREE 2014-11-03 13:48:48 -08:00
David Keeler
85ea7a8d6f bug 1079658 - check for the id-pkix-ocsp-nocheck extension when decoding certificates r=briansmith 2014-11-03 11:35:15 -08:00
Bob Owen
6a0cc31276 Bug 1076903: Add a Chromium LICENSE file to security/sandbox/win/src. r=gerv 2014-11-03 15:34:26 +00:00
Chris Peterson
47a64631af Bug 1092028 - Fix -Wunused-const-variable warning-as-error in security/pkix/test/gtest. r=bsmith 2014-10-30 23:17:27 -07:00
ffxbld
658df753a4 No bug, Automated HPKP preload list update from host b-linux64-ix-0009 - a=hpkp-update 2014-11-01 03:19:47 -07:00
ffxbld
a9b178b97e No bug, Automated HSTS preload list update from host b-linux64-ix-0009 - a=hsts-update 2014-11-01 03:19:44 -07:00
Garrett Robinson
dae84ffbe6 Bug 846489 - Part 1 - Expose error code on TransportSecurityInfo. r=keeler 2014-10-30 12:50:00 +01:00
Carsten "Tomcat" Book
573a77d7d3 Backed out changeset 5fb2f4662098 (bug 846498) for wrong bug number in commit message 2014-10-31 10:03:53 +01:00
Masatoshi Kimura
72b1c83560 Bug 1088915 - Stop offering RC4 in the first handshakes. r=keeler 2014-10-22 01:11:29 +09:00
Masatoshi Kimura
f4a512a9de Bug 947149 - Remove useless and even misleading word and dead code. r=keeler, dolske 2014-10-30 15:22:00 +01:00
Garrett Robinson
a0f34fc2ad Bug 846498 - Expose error code on TransportSecurityInfo. r=keeler 2014-10-30 12:50:00 +01:00
Brian Smith
4d3694c0d4 Reland Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
--HG--
extra : rebase_source : 3a5e3bc2e113035e9c88b571bac68f3dbe2c8f04
2014-10-28 15:28:38 -07:00
Brian Smith
8839c2c859 Bug 1089104: Add support for TeletexString-encoded CN-IDs to CheckCertHostname, r=keeler
--HG--
extra : rebase_source : 320794deae857a574f509b7277ea64576abd37b3
2014-10-29 17:19:45 -07:00
Brian Smith
28b4618c5b Bug 1089393: Fix hex excape sequences ('\0x' -> '\x') in pkixnames_tests.cpp, r=mmc
--HG--
extra : rebase_source : a0136045ce9b957976f8eb2ef8ad6c9eae0a8ad7
2014-10-26 11:29:42 -07:00
Monica Chew
8f6b43d8ca Bug 1004781: Actually remove the pinset (r=keeler) 2014-10-30 16:21:09 -07:00
Monica Chew
a91d0dffdd Bug 1004781: Remove our pinset for facebook since it's in chromium now (r=keeler) 2014-10-30 16:14:19 -07:00
David Keeler
6fef1144d0 bug 1085509 - follow-up to include forgotten Telemetry.h header (non-unified build bustage) r=bustage 2014-10-30 13:12:01 -07:00
David Keeler
0b77e828f8 bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj 2014-10-29 16:25:16 -07:00
David Keeler
d44f95a768 bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc 2014-10-24 10:46:30 -07:00
André Reinald
65c17572f5 Bug 1076385 - Sandbox the content process on Mac. r=smichaud 2014-10-30 13:33:17 -05:00
Carsten "Tomcat" Book
591e2dcdee Backed out changeset b4665be856d7 (bug 1089305) for frequent b2g/android xpcshell test failures 2014-10-30 15:26:02 +01:00
Cykesiopka
c5973cf81a Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler 2014-10-29 11:09:00 +01:00
Martin Thomson
c201e39152 Bug 1088950 - Adding some testing. r=dkeeler 2014-10-27 17:48:00 +01:00
Martin Thomson
6c04870460 Bug 1088950 - Fix handling of inappropriate_fallback alert. r=keeler 2014-10-27 17:47:00 +01:00
Mike Hommey
d667f4bb59 Bug 1077148 part 4 - Add and use new moz.build templates for Gecko programs and libraries. r=gps
There are, sadly, many combinations of linkage in use throughout the tree.
The main differentiator, though, is between program/libraries related to
Gecko or not. Kind of. Some need mozglue, some don't. Some need dependent
linkage, some standalone.

Anyways, these new templates remove the need to manually define the
right dependencies against xpcomglue, nspr, mozalloc and mozglue
in most cases.

Places that build programs and were resetting MOZ_GLUE_PROGRAM_LDFLAGS
or that build libraries and were resetting MOZ_GLUE_LDFLAGS can now
just not use those Gecko-specific templates.
2014-10-30 13:06:12 +09:00
Brian Smith
5b092d4b63 Back out cset 9b72d139e817 (Bug 1063281, Part 9) due to compatibility regressions on a CLOSED TREE, a=ryanvm
--HG--
extra : rebase_source : cd9b43c3f66df3c5de337f2013fe61fae798b3ba
2014-10-28 12:30:53 -07:00
Carsten "Tomcat" Book
ea6d1713dc Backed out changeset 50650e0f0edf (bug 1085509) for causing perma failure in win7 xperf 2014-10-28 14:10:38 +01:00
Carsten "Tomcat" Book
23247ac4fc Backed out changeset b591ad43d53e (bug 1085509) 2014-10-28 14:09:44 +01:00
David Keeler
1da7cf8cfd bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj 2014-10-27 09:32:33 -07:00
David Keeler
e04965e27b bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc 2014-10-24 10:46:30 -07:00
Phil Ringnalda
4b0058925e Merge m-i to m-c, a=merge 2014-10-26 09:12:36 -07:00
ffxbld
8389489555 No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update 2014-10-25 03:19:28 -07:00
ffxbld
ff99b56ef4 No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update 2014-10-25 03:19:26 -07:00
Monica Chew
37fd9e59a1 Bug 1083539: Fix dropped return value check (r=keeler) 2014-10-23 17:07:45 -07:00
Tom Schuster
665681a71a Bug 886752 - Show TLS/SSL version in page info dialog. r=dao 2014-10-24 13:53:35 +02:00
Tom Schuster
90bca89032 Bug 886752 - Add TLS version to SSLStatus and additional cleanup. r=keeler 2014-10-24 13:53:34 +02:00
Kai Engert
97849dc7c0 Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18, landing beta 1, r=wtc 2014-10-25 00:34:34 +02:00
Jed Davis
e6256d996f Bug 1081242 - Make ASAN's error reporting work while sandboxed on Linux. r=kang 2014-10-21 11:18:00 +02:00
Brian Smith
778f2b169e Bug 1085497: Add Input::size_type, r=mmc
--HG--
extra : rebase_source : 098eae9234be99e683c0d44b35e1ec7058a086dd
2014-10-16 18:23:27 -07:00
Brian Smith
8b0a955b69 Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
--HG--
extra : rebase_source : 340eb682ba1f9dbd51652438433e7d0196494e1f
2014-09-21 17:43:29 -07:00
Brian Smith
23aecc8693 Bug 1063281, Part 8: Rewrite PresentedDNSIDMatchesReferenceDNSID, r=keeler
--HG--
extra : rebase_source : a74e8d89a3ddfe5f6af70f32d31f1dc06600d90a
2014-10-15 19:21:35 -07:00
Brian Smith
86bc7c397a Bug 1063281, Part 7: Implement IsValidPresentedDNSID, r=keeler
--HG--
extra : rebase_source : 32d85980d8d486bb806e169a8241256ad57fa9d1
2014-10-16 15:59:34 -07:00
Brian Smith
1d3358e5bf Bug 1083539: Factor out common SEQUENCE unwrapping logic into reusable functions, r=mmc
--HG--
extra : rebase_source : 93d669d3cbe178339fe59c1d9345c773b4e238d4
2014-10-14 02:07:08 -07:00
Brian Smith
ae2d69c9b5 Bug 1063281, Part 6: Implement CheckCertHostname, r=keeler
--HG--
extra : rebase_source : c28fe67d319f64b2efa326fd8649ef529c487c05
2014-10-15 16:10:32 -07:00
Brian Smith
d9be7c3bb6 Bug 1063281, Part 5: Implement DNS ID matching, r=keeler
--HG--
extra : rebase_source : 5221245ce8da065d64a7ff17bdfde0e617562447
2014-09-30 19:40:15 -07:00
Brian Smith
01eb47bf7f Bug 1063281, Part 4: Implement ParseIPv6Address, r=keeler
--HG--
extra : rebase_source : 9a75a81a840591aaf73acd5be4d7ca504b6432e5
2014-09-06 01:10:24 -07:00
Brian Smith
00bc1305f3 Bug 1063281, Part 3: Implement ParseIPv4Address, r=keeler
--HG--
extra : rebase_source : fbafcb7573be8fa83036a8fadbfa74938ab7a4a6
2014-09-05 23:20:18 -07:00
Brian Smith
6ee052c225 Bug 1063281, Part 2: Implement IsValidDNSName, r=keeler
--HG--
extra : rebase_source : 202898df26c7321f543ab7aeb222cdc6db67fe0d
2014-09-30 14:41:39 -07:00
Brian Smith
215865f531 Bug 1063281, Part 1: Expose moilla::pkix::BackCert::GetSubjectAltName, r=keeler
--HG--
extra : rebase_source : c89ae439a21f11fce66a785e8732ca8793d51936
2014-08-17 17:24:20 -07:00
David Keeler
316375ae78 backout f69fa3c13d1f (bug 1085509) for causing test_cert_overrides.js to fail 2014-10-23 11:50:17 -07:00
David Keeler
22cbd22ce6 bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj 2014-10-23 10:10:57 -07:00
ffxbld
91e5aad349 No bug, Automated HPKP preload list update from host bld-linux64-spot-1094 - a=hpkp-update 2014-10-22 14:02:48 -07:00
ffxbld
9c9a843e74 No bug, Automated HSTS preload list update from host bld-linux64-spot-1094 - a=hsts-update 2014-10-22 14:02:46 -07:00
David Keeler
b6b5289217 bug 1083085 - update where getHSTSPreloadList.js and genHPKPStaticPins.js think Chromium's lists are r=mmc DONTBUILD NPOTB 2014-10-21 15:20:02 -07:00
Martin Thomson
b3d201bbd0 Bug 1083058 - Adding pref to control TLS version fallback, r=keeler
From af667978f8915e6ebfaf02f8967b3d320d409a24 Mon Sep 17 00:00:00 2001
---
 netwerk/base/public/security-prefs.js              |  1 +
 security/manager/ssl/src/nsNSSIOLayer.cpp          | 21 +++++-
 security/manager/ssl/src/nsNSSIOLayer.h            |  2 +
 .../manager/ssl/tests/gtest/TLSIntoleranceTest.cpp | 76 +++++++++++++++++++---
 4 files changed, 90 insertions(+), 10 deletions(-)
2014-10-02 16:36:48 -07:00
Jed Davis
34c7984879 Bug 1078838 - Restrict clone(2) flags for sandboxed content processes. r=kang
--HG--
extra : amend_source : f80a3a672f5496f76d8649f0c8ab905044ea81ac
2014-10-20 12:29:25 -07:00
Carsten "Tomcat" Book
47b4591b6a merge mozilla-inbound to mozilla-central a=merge 2014-10-20 14:34:56 +02:00
ffxbld
e51d20859f No bug, Automated HPKP preload list update from host bld-linux64-spot-069 - a=hpkp-update 2014-10-18 03:18:53 -07:00
ffxbld
e6c773f9a6 No bug, Automated HSTS preload list update from host bld-linux64-spot-069 - a=hsts-update 2014-10-18 03:18:51 -07:00
Jim Mathies
635b225bf9 Bug 1083325 - Gracefully deal with null ssl status when serializing/deserializing TransportSecurityInfo. r=dkeeler 2014-10-16 14:11:19 -05:00
Cykesiopka
55aef9cc65 Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith 2014-10-18 15:18:00 +02:00
Cykesiopka
55c904e963 Bug 622859 - Tests for bug 622859. r=briansmith,keeler 2014-10-16 05:22:00 +02:00
Tanvi Vyas
a5be881b1c Bug 418354 - update test for bug 455367. Insecure image loads should be considered mixed display content regardless of whether image data was actually returned. r=honzab 2014-10-18 13:21:23 -07:00
David Keeler
8507d8fde6 bug 1042889 - test certificate overrides for untrusted x509v1 certificates used as CAs r=mmc 2014-10-15 10:42:13 -07:00
David Keeler
b04293a184 bug 1042889 - allow overrides for untrusted x509v1 certificates used as CAs r=mmc 2014-10-15 10:39:57 -07:00
David Keeler
c9ae3b2932 bug 1042889 - use a separate error for untrusted x509v1 certificates used as CAs r=briansmith 2014-10-15 10:38:51 -07:00
Bob Owen
37221a3864 Bug 1080567: Don't report registry NAME_NOT_FOUND errors for the Windows warn only sandbox. r=tabraldes 2014-10-13 15:12:28 +01:00
Martin Thomson
4298271729 Bug 1076983 - Disabling SSL 3.0 with pref 2014-10-14 17:17:35 -07:00
Jon Morton
0f167a14a3 Bug 979835: Port BoxObject and its subclasses to WebIDL. r=khuey sr=bz
--HG--
rename : layout/xul/nsIPopupBoxObject.idl => dom/webidl/PopupBoxObject.webidl
rename : layout/xul/tree/nsITreeBoxObject.idl => dom/webidl/TreeBoxObject.webidl
rename : layout/xul/nsBoxObject.cpp => layout/xul/BoxObject.cpp
rename : layout/xul/nsBoxObject.h => layout/xul/BoxObject.h
rename : layout/xul/nsListBoxObject.cpp => layout/xul/ListBoxObject.cpp
rename : layout/xul/nsMenuBoxObject.cpp => layout/xul/MenuBoxObject.cpp
rename : layout/xul/nsPopupBoxObject.cpp => layout/xul/PopupBoxObject.cpp
2014-10-14 13:15:21 -07:00
Jed Davis
1f08c3f878 Bug 1080077 - For sandbox failures with no crash reporter, log the C stack. r=kang
This is mostly for ASAN builds, which --disable-crash-reporter, but also
fixes a related papercut: debug builds don't use the crash reporter
unless overridden with an environment variable.

Note: this is Linux-only, so NS_StackWalk is always part of the build;
see also bug 1063455.
2014-10-13 18:48:17 -07:00
Mike Hommey
bc934346c7 Bug 1080994 - Build libclearkey without a dependency on mozalloc or mozglue. r=dkeeler,r=cpearce 2014-10-14 07:13:25 +09:00
Sylvestre Ledru
ec92f8ed2c Bug 1081935 - Missing UUID bump. r=gavin a=me 2014-10-13 17:27:42 +02:00
Ryan VanderMeulen
012100ceed Merge inbound to m-c. a=merge 2014-10-11 16:16:00 -04:00
ffxbld
9b13bee499 No bug, Automated HPKP preload list update from host bld-linux64-spot-412 - a=hpkp-update 2014-10-11 03:18:06 -07:00
ffxbld
deea483db8 No bug, Automated HSTS preload list update from host bld-linux64-spot-412 - a=hsts-update 2014-10-11 03:18:03 -07:00
Stephen Pohl
6b7b767456 Bug 1077282: Cleanup uses of GreD vs GreBinD, introcuded by v2 signature changes on OSX. Based on initial patch by rstrong. r=bsmedberg 2014-10-10 15:06:57 -04:00
Kai Engert
486d122683 Bug 1075686, Update Mozilla 35 to use NSS 3.17.2, RTM 2014-10-10 19:16:08 +02:00
Patrick McManus
a798c39649 bug 1003448 - HTTP/2 Alternate Service and Opportunistic Security [1/2 PSM] r=keeler 2014-08-20 16:30:16 -04:00
Brian Smith
6749824172 Bug 1078108: Use a longer OCSP response validity period in tests, r=keeler 2014-10-05 17:18:11 -07:00
Carsten "Tomcat" Book
17a5703e4c Backed out changeset b885a82dc02a (bug 1078108) for breaking B2g ICS Builds 2014-10-10 09:01:45 +02:00
Brian Smith
306c069e30 Bug 1078108: Use a longer OCSP response validity period in tests, r=keeler
--HG--
extra : rebase_source : 3115275b2b1c5337cbea0fd43a2221fcd54dadc1
extra : source : bb5694e268255b6549ccaaaddca74fbb83d4bda1
2014-10-05 17:18:11 -07:00
Brian Smith
e140b5a93a Bug 1077926: Make test certificate generation faster by reusing key, r=keeler
--HG--
extra : rebase_source : 8734920020e0889ea6cac1e878b182326bbf81d6
2014-10-07 18:30:47 -07:00
Wan-Teh Chang
c8cbfbe327 Bug 1075686: Update Mozilla 35 to use NSS 3.17.2 Beta 2.
This fixes bug 1049435.
2014-10-09 10:58:30 -07:00
David Keeler
937b096a0e bug 1058812 - (3/3) mozilla::pkix: test handling unsupported signature algorithms r=briansmith 2014-10-08 09:48:15 -07:00
David Keeler
c67c1933ed bug 1058812 - (2/3) mozilla::pkix: use ByteStrings to identify signature algorithm parameters in tests r=briansmith 2014-10-08 09:33:59 -07:00
David Keeler
9979fee183 bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith 2014-10-07 09:35:42 -07:00
Eric Rahm
96050f224f Bug 806819 - Part 4: Add files that were excluded from unified builds back in. r=ehsan 2014-10-08 13:19:14 -07:00
Eric Rahm
f6bb65afb3 Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan 2014-10-08 13:17:32 -07:00
David Keeler
2365116a20 backout 9815045d0c5a (bug 1058812 1/3) for mochitest orange on a CLOSED TREE 2014-10-08 12:10:46 -07:00
David Keeler
b0402cdef6 backout 9692998f547e (bug 1058812 2/3) for mochitest orange on a CLOSED TREE 2014-10-08 12:10:10 -07:00
David Keeler
18c65fce36 backout 0097b4ffaf33 (bug 1058812 3/3) for mochitest orange on a CLOSED TREE 2014-10-08 12:09:26 -07:00
David Keeler
07681b6723 bug 1058812 - (3/3) mozilla::pkix: test handling unsupported signature algorithms r=briansmith 2014-10-08 09:48:15 -07:00
David Keeler
faa766739b bug 1058812 - (2/3) mozilla::pkix: use ByteStrings to identify signature algorithm parameters in tests r=briansmith 2014-10-08 09:33:59 -07:00
David Keeler
8f06bfc89b bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith 2014-10-07 09:35:42 -07:00
Brian Smith
e4133f2c4c Bug 1077887: Work around old GCC "enum class" bug, r=mmc
--HG--
extra : rebase_source : 983e8d8bcfded10d1d1dca793d610996b40b444d
2014-10-04 18:45:31 -07:00
Brian Smith
2730c76967 Bug 1077859: Make ENCODING_FAILED safe to use in static initializers, r=mmc
--HG--
extra : rebase_source : f0483e775c6fefc256fc9527b1b1118086cc121f
2014-10-03 15:52:38 -07:00
Andrew Halberstadt
2da4ee197d Bug 1066735 - Remove root b2g and android specific xpcshell manifests, r=chmanchester 2014-10-07 18:18:28 -04:00
David Keeler
68456b113e bug 1077891 - update getHSTSPreloadList.js to reflect changes to nsISiteSecurityService r=mmc DONTBUILD NPOTB 2014-10-06 11:28:15 -07:00
Ehsan Akhgari
e03d04d490 Fix one bad implicit constructor in pkix, no bug, blanket-rs=bsmith 2014-10-07 09:46:59 -04:00
Carsten "Tomcat" Book
4db01a78b9 Backed out changeset 76000f9f12da (bug 1077859) for causing frequent Mac OSX XPCshell test failures 2014-10-07 12:53:42 +02:00
Carsten "Tomcat" Book
8f7d4fa0be Backed out changeset 16fe1b9eb9e6 (bug 1077887) 2014-10-07 12:53:03 +02:00
Carsten "Tomcat" Book
6444abac58 Backed out changeset 124b04c01c71 (bug 1077926) 2014-10-07 12:52:49 +02:00
Brian Smith
fd8a9ac2f7 Bug 1077926: Make test certificate generation faster by reusing key, r=keeler
--HG--
extra : rebase_source : 360fe925397688c1d0a2386c4974def6b571f0d4
2014-10-05 00:29:43 -07:00
Brian Smith
2bfce39740 Bug 1077887: Work around old GCC "enum class" bug, r=mmc
--HG--
extra : rebase_source : ce707672dfc0587760c09701fd6adbe26c874916
2014-10-04 18:45:31 -07:00
Brian Smith
08d0bdccf5 Bug 1077859: Make ENCODING_FAILED safe to use in static initializers, r=mmc
--HG--
extra : rebase_source : 78e1410ab6c94bd6b20a78208a2421db338aed94
2014-10-03 15:52:38 -07:00
Wes Kocher
5d7f3c7007 Backed out 5 changesets (bug 806819) for WinXP test failures on a CLOSED TREE
Backed out changeset 009ae35b0c67 (bug 806819)
Backed out changeset 5a57f87f5061 (bug 806819)
Backed out changeset f06cd735b5b3 (bug 806819)
Backed out changeset e25a2a8d4af4 (bug 806819)
Backed out changeset 70a167982c3f (bug 806819)
2014-10-06 16:32:50 -07:00
Eric Rahm
e523216532 Bug 806819 - Part 4: Add files that were excluded from unified builds back in. r=ehsan
--HG--
extra : rebase_source : 49a3f57d94fc94702f1604175c4e206091b67197
2014-10-06 13:11:24 -07:00
Eric Rahm
baf96b6e07 Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan
--HG--
extra : rebase_source : c96eea1c12ea8c19314393f0e8b4b57a4316a61d
2014-10-06 13:08:20 -07:00
Nicholas Nethercote
b21b892183 Bug 1062709 (part 2, attempt 2) - Clean up stack printing and fixing. r=dbaron.
--HG--
extra : rebase_source : 626fd23a14ec90cfc9807c3d555169ec6463d19d
2014-09-01 22:56:05 -07:00
Nicholas Nethercote
0249afcc66 Bug 1062709 (part 1, attempt 2) - Add a frame number argument to NS_WalkStackCallback. r=dbaron.
--HG--
extra : rebase_source : 4f7060a9ae0bed180899651c50e8ea8857e72d63
2014-09-10 21:47:01 -07:00
Neil Rashbrook
7c73c026c4 Bug 1075976 Clean up XPCOM string usage r=keeler 2014-10-05 22:09:39 +01:00
Phil Ringnalda
8c2c4a4fac Merge m-i to m-c, a=merge 2014-10-05 09:34:55 -07:00
Phil Ringnalda
c05e0f7e3f Backed out 2 changesets (bug 1003448) since their dependency was backed out
CLOSED TREE

Backed out changeset 61f98b1d29f9 (bug 1003448)
Backed out changeset 8e947d1636f1 (bug 1003448)
2014-10-04 20:10:19 -07:00
ffxbld
0b156609b3 No bug, Automated HPKP preload list update from host bld-linux64-spot-197 - a=hpkp-update 2014-10-04 03:19:30 -07:00
ffxbld
15b739a2e7 No bug, Automated HSTS preload list update from host bld-linux64-spot-197 - a=hsts-update 2014-10-04 03:19:28 -07:00
Ed Morley
e322389145 Backed out changeset a0b82c954206 (bug 1062709) for Windows mochitest 5 hangs 2014-10-03 15:06:16 +01:00
Ed Morley
ed062efcdf Backed out changeset 7a1b7d7eba12 (bug 1062709) 2014-10-03 15:05:26 +01:00
Ryan VanderMeulen
e5793f09bd Backed out 3 changesets (bug 1076129, bug 1003448) for frequent xpcshell crashes on a CLOSED TREE.
Backed out changeset 3034162ee435 (bug 1003448)
Backed out changeset 086fe4b0ba14 (bug 1003448)
Backed out changeset 1babd65ebec7 (bug 1076129)
2014-10-02 15:53:21 -04:00
Patrick McManus
1239a3e897 bug 1003448 - HTTP/2 Alternate Service and Opportunistic Security [1/2 PSM] r=keeler 2014-08-20 16:30:16 -04:00
Ryan VanderMeulen
990ae72de0 Merge m-c to inbound. a=merge 2014-10-02 13:14:06 -04:00
Martin Thomson
e675583d7e Bug 1072382 - Remove version intolerance marker on inappropriate_fallback alert, r=keeler 2014-10-02 10:03:30 -07:00
Nicholas Nethercote
5b9ce4cc06 Bug 1062709 (part 2) - Clean up stack printing and fixing. r=dbaron.
--HG--
extra : rebase_source : 18158d4474cb8826813a3866eba57b710e14db99
2014-09-01 22:56:05 -07:00
Nicholas Nethercote
270fd1eda7 Bug 1062709 (part 1) - Add a frame number argument to NS_WalkStackCallback. r=dbaron.
--HG--
extra : rebase_source : 0f9b2d6310433ed56f5552706fcf2a96571aee25
2014-09-10 21:47:01 -07:00
David Keeler
767a1d9034 bug 1045739 - (part 2/2) mozilla::pkix: test that revocation checking doesn't occur for expired certificates r=mmc 2014-10-01 10:20:31 -07:00
Brian Smith
d127e047f2 bug 1045739 - (1/2) mozilla::pkix: stop checking revocation for expired certificates r=keeler 2014-08-14 12:02:55 -07:00
Kai Engert
844cc762a0 Bug 1075686, pick up NSS 3.17.2 beta 1 to fix bug 1057161 2014-10-01 19:30:41 +02:00
Carsten "Tomcat" Book
1f82b2fb58 merge fx-team to mozilla-central a=merge 2014-09-30 15:10:47 +02:00
Cykesiopka
1554cac9c3 Bug 1073865 - Add missing SSL_ERROR l10n strings v1. r=dkeeler 2014-09-27 14:02:00 +02:00
Camilo Viecco
836f2a96a1 Bug 787133 - (hpkp) Part 2/2. Tests r=keeler 2014-09-29 20:31:08 -07:00
Stephen Pohl
cf2ca1fd7c Mac v2 signing - Bug 1060562 - Update xpcshell-tests for the new v2 bundle structure on OSX. r=jmaher 2014-09-29 11:51:29 -07:00
ffxbld
82669e5c8b No bug, Automated HPKP preload list update from host bld-linux64-spot-046 - a=hpkp-update 2014-09-27 03:16:58 -07:00
ffxbld
7cfa347a42 No bug, Automated HSTS preload list update from host bld-linux64-spot-046 - a=hsts-update 2014-09-27 03:16:56 -07:00