Phil Ringnalda
577013867e
Merge m-i to m-c, a=merge
2015-01-03 20:02:33 -08:00
ffxbld
5968e9ce33
No bug, Automated HPKP preload list update from host bld-linux64-spot-100 - a=hpkp-update
2015-01-03 03:20:27 -08:00
ffxbld
44b7deef25
No bug, Automated HSTS preload list update from host bld-linux64-spot-100 - a=hsts-update
2015-01-03 03:20:25 -08:00
Brian Smith
47e92f2b3c
Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj
...
--HG--
extra : rebase_source : 6c8575de36355521baf69bba89eba530cd4e8b09
2014-12-26 23:49:47 -08:00
Brian Smith
39853892f9
Bug 1115903, Remove VS2010 workarounds, r=mmc
...
--HG--
extra : rebase_source : 742973c0f2d547371fbeca72e384053c70b5ba0f
2014-12-26 21:39:54 -08:00
Brian Smith
17c1065e6f
Bug 1115761, Part 4: Add "fall through" comment, r=jcj
...
--HG--
extra : rebase_source : 1e40d7d7d85c1a02eb6195ecee1038ea40a6a9ab
2014-12-26 15:07:56 -08:00
Brian Smith
a1d102d4f2
Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj
...
--HG--
extra : rebase_source : b11b172fac76c7845d2a97cabf1bad9e04a50367
2014-12-23 14:51:52 -08:00
Brian Smith
b3bf235584
Bug 1115761, Part 2: Use NotReached more consistently in pkixnss.cpp, r=jcj
...
--HG--
extra : rebase_source : 80647fc11d40d822dc042af1d797cb34062a84ab
2014-12-23 22:35:53 -08:00
Brian Smith
b88b8f38dd
Bug 1115761, Part 1: Remove obsolete references to NSS stuff in comments, r=jcj
...
--HG--
extra : rebase_source : 65af59d9695b424f057b40c54aab6973a39bcc25
2014-12-26 12:40:45 -08:00
Brian Smith
e3671889ff
Bug 1035414, Part 2: Always check subject's issuer matches issuer's subject, r=jcj
...
--HG--
extra : rebase_source : a75eca6ed909fa4f241b1a736656b7e8c99eb3ea
2014-12-26 10:13:18 -08:00
Brian Smith
68fac13f07
Bug 1035414, Part 1: Test issuer/subject name matching, r=jcj
...
--HG--
extra : rebase_source : 8faab27888502083565db3681f10a310b69b1845
2014-12-26 11:35:48 -08:00
Brian Smith
df0803d83c
Bug 1073867, Part 4: Test that DSS end-entity certificates are rejected, r=mmc
...
--HG--
extra : rebase_source : 7cfdcdf08f2ae8909062b8803de6702ab47ec65a
2014-12-26 11:40:51 -08:00
Brian Smith
257741f645
Bug 1073867, Part 3: Reject DSS end-entity certificates, r=mmc
...
--HG--
extra : rebase_source : 76546b57aade1a15b394a2e53d8c12d62906dcac
2014-12-24 00:51:52 -08:00
David Erceg
86c1c8ddf5
Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler
2014-12-22 20:26:49 +11:00
Ehsan Akhgari
0d12ab6f75
Bug 1115076 - Wait for about:privatebrowsing to load in test_sts_privatebrowsing_perwindowpb.html; r=jdm
2014-12-31 09:32:03 -05:00
Ehsan Akhgari
8d1f34cb76
Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith
2015-01-02 09:02:04 -05:00
ffxbld
c859dae2e4
No bug, Automated HPKP preload list update from host b-linux64-ix-0002 - a=hpkp-update
2014-12-27 03:21:29 -08:00
ffxbld
bc4966f0aa
No bug, Automated HSTS preload list update from host b-linux64-ix-0002 - a=hsts-update
2014-12-27 03:21:25 -08:00
Kaspar Brand
6542374a70
Bug 1112487 - The signing certificates with key usage only non-repudiation is taken as invalid for signing. r=keeler
2014-12-17 21:31:00 -05:00
Tom Schuster
2d05106e74
Bug 1110835 - Simplify some code nsSecureBrowserUIImpl around UpdateSecurityState. r=keeler
2014-12-25 21:31:11 +01:00
Masatoshi Kimura
bf2b64547c
Bug 1114295 - Remove the dead pref for TLS_DHE_DSS_WITH_AES_128_CBC_SHA. r=keeler
2014-12-24 22:21:12 +09:00
Tom Schuster
8d71a7d0ca
Bug 764496 - Make EV detection work in content processes. r=keeler,kanru
2014-12-24 14:04:24 +01:00
Brian Smith
3c27e21f16
Bug 1115181: Remove pkixnss.h dependency from pkixcert_signature_algorithm_tests, r=keeler
...
--HG--
extra : rebase_source : 2a4e11338b06d33ab8ad1536dc05c082db330d68
2014-12-23 14:51:16 -08:00
Brian Smith
d72d293161
Bug 1070444: Remove NSS dependencies in pkixbuild_tests.cpp, r=keeler
...
--HG--
extra : rebase_source : f07e38d40f1644cce30191f5d8ab29ac06582683
2014-12-22 01:20:59 -08:00
Brian Smith
2e3f19b2fa
Bug 1114701: Replace function pointers with function references, r=keeler
...
--HG--
extra : rebase_source : 350e7f8170f6b1176e46b829026e9ee27b3303e5
2014-12-23 12:43:25 -08:00
Daniel Holbert
33c7419e62
Bug 1114671: Use function pointer (instead of reference) in pkix/bind.h, for consistency & to fix -Wignored-qualifiers build warning for 'const'. r=briansmith
2014-12-22 13:04:36 -08:00
Brian Smith
e7cd1a4936
Bug 1107666, Part 2: Further fix for SSL_OCSP_STAPLING telemetry, r=keeler
...
--HG--
extra : rebase_source : b2dbbd4eaa8aea019b40eddfc19fb8af20ef3a4c
2014-12-20 07:03:57 -08:00
Carsten "Tomcat" Book
0b4b40c804
Backed out changeset 8fd0df8e208c (bug 423758) for bustage
2014-12-22 09:05:34 +01:00
J.C. Jones
2a55f8138d
Bug 968451 - Document the exported functions exposed from mozilla::pkix (pkix/pkix.h). r=keeler
2014-12-19 12:25:00 +01:00
Andrew Bartlett
1b11a5e146
Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
...
NTLMv2 is the default.
This adds a new preference:
network.ntlm.force-generic-ntlm-v1
This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.
To support this, we also:
- Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"
- Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"
- Remove LM code from internal NTLM handler
The LM response should essentially never be sent, the last practical
use case was CIFS connections to Windows 9X, I have never seen a web
server that could only do LM
It is removed before the NTLMv2 work is done so as to avoid having 3
possible states here (LM, NTLM, NTLMv2) to control via preferences.
Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-18 17:25:00 +01:00
Phil Ringnalda
5015a7c40e
Merge m-c to m-i
...
--HG--
extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e
2014-12-20 12:19:27 -08:00
ffxbld
2e74909c2f
No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update
2014-12-20 03:20:57 -08:00
ffxbld
bf0ab57a50
No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update
2014-12-20 03:20:56 -08:00
Michael Wu
14f46b1099
Bug 1103816 - Add support for gonk-L to android_stub.h, r=glandium
2014-12-16 21:35:09 -05:00
Blake Kaplan
0a4a7c82ef
Bug 1113313 - Rename these functions to better reflect what they do. r=billm
...
--HG--
extra : rebase_source : ae61b3dd6dd5ce50a131a640060d7be57e562e4d
2014-12-19 12:07:04 -05:00
Brian Smith
aac41f8e45
Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler
...
--HG--
extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea
2014-12-15 20:49:42 -08:00
Brian Smith
1d6f6a61f9
Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab
2014-12-04 20:55:15 -08:00
Brian Smith
ee192894d6
Bug 1111399, Part 2: Implement RFC822 (email) name constraints, r=keeler
...
--HG--
extra : rebase_source : 5905e247eee4d3562d741e6e9656dc4c40d821e4
2014-12-20 08:15:35 -08:00
Brian Smith
0c55f197b8
Bug 1111399, Part 1: Preconditions for RFC822 name constraints, r=keeler
...
--HG--
extra : rebase_source : cd20b448a6c77ba27c86cb3d8e6c121f92a2ba93
2014-12-20 07:35:44 -08:00
Brian Smith
49557a456e
Bug 1111398: Rename ValidDNSIDMatchType to IDRole, r=keeler
...
--HG--
extra : rebase_source : a07e58b82a61db595711c0ab887bec70d4145888
2014-12-13 22:29:58 -08:00
Brian Smith
202319530d
Bug 1111397, Part 2: Remove test_bug484111.html, r=keeler
...
--HG--
extra : rebase_source : 56617ea82e9028295203173d1ea5e6ccfdbf9722
2014-12-14 21:51:26 -08:00
Brian Smith
5fdc768a51
Bug 1111397: Refactor error handling for name matching, r=keeler
...
--HG--
extra : rebase_source : 7b1061874d7b6e02a158085c3a6580a7fc718bbe
2014-12-13 17:05:46 -08:00
Ryan VanderMeulen
d2ebc2ac1b
Merge inbound to m-c. a=merge
...
CLOSED TREE
2014-12-17 20:53:20 -05:00
Brian Smith
ab604352ec
Bug 952863, Part 2: Remove dead code for non-ECDHE TLS False Start, r=keeler
...
--HG--
extra : rebase_source : 47ee95682f769b8e10aaf55b0f4fccfef1fcdea0
2014-12-10 10:13:18 -08:00
Nathan Froyd
a25f7bb7ef
Bug 1112608 - use GENERATED_INCLUDES in security/manager/{boot,pki}/src/; r=mshal
...
The sole use of Makefile.in in the security/manager/{boot,pki}/src/
directories is so we can add $(DIST)/public/nss to INCLUDES.
GENERATED_INCLUDES can be used to handle this case instead, at the cost
of hardcoding the path to $(DIST). This seems reasonable enough, since
a number of moz.build files already know about dist/ and its location
within the objdir.
2014-12-17 11:02:19 -05:00
Kai-Zhen Li
5e505281df
bug 1102277 - Update seccomp filter for newer bionic. r=jld
2014-11-21 01:07:15 +08:00
Brian Smith
c2c84b2d85
Bug 1111392: Add tests for malformed name constraints where there are no names of the constrained type, r=keeler
...
--HG--
extra : rebase_source : 048619553c7725eee1cb73df64faae8c8890c995
2014-10-30 16:48:31 -07:00
Brian Smith
711e0958fb
Bug 952863, Part 1: Require ECDHE for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : d983e440de5be7c097a3e0f4afe0de805c540919
2014-12-12 11:39:01 -08:00
Masatoshi Kimura
7e7387fa88
Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus
2014-12-13 20:09:01 +09:00
Brian Smith
16e97557a6
Bug 1084025, Part 3: Clean up some bits, r=keeler, r=emk
...
--HG--
extra : rebase_source : 7aa1de4e9c391bf3e3cd5df79c62fff4546a8c67
2014-12-12 16:42:41 -08:00