Cykesiopka
6cc0362091
Bug 1167866 - Add result strings to PSM test_cert* xpcshell tests. r=keeler
2015-05-23 19:57:32 -07:00
Phil Ringnalda
199f7ab4ef
Merge m-i to m-c, a=merge
2015-05-23 13:31:21 -07:00
ffxbld
d0c500bd71
No bug, Automated HPKP preload list update from host bld-linux64-spot-023 - a=hpkp-update
2015-05-23 03:32:23 -07:00
ffxbld
4a12cdd4e2
No bug, Automated HSTS preload list update from host bld-linux64-spot-023 - a=hsts-update
2015-05-23 03:32:21 -07:00
Makoto Kato
d62075c412
Bug 958421 - XUL dialog for certificate is security/manager/pki/resouces is unnecessary on Firefox Android. r=snorp
2015-05-22 14:28:04 +09:00
Nathan Froyd
f61c010661
Bug 1160485 - remove implicit conversion from RefPtr<T> to TemporaryRef<T>; r=ehsan
...
Having this implicit conversion means that we can silently do extra
refcounting when it's completely unnecessary. It's also an obstacle to
making RefPtr more nsRefPtr-like, so let's get rid of it.
2015-05-01 09:14:16 -04:00
Tim Taubert
66b896c92f
Bug 1060112 - Don't treat OCSP responses omitting the requested certificate status as "unknown certificate" responses blocking the connection r=keeler
2015-05-21 13:39:34 -04:00
Eric Rahm
ccf1ec07c6
Bug 1165515 - Part 1: Convert PR_LOG to MOZ_LOG. r=froydnj
2015-05-21 13:22:04 -07:00
Nicholas Nethercote
5990994dda
Bug 1166586 (part 2) - Convert some easy PL_DHashTable{Init,Finish} cases. r=froydnj.
...
This patch converts easy cases, i.e. where the PL_DHashTableInit() call occurs
in a constructor and the PL_DHashTableFinish() call occurs in a destructor.
2015-05-04 22:59:24 -07:00
Ryan VanderMeulen
995bebec24
Backed out changeset 38ff380719e4 (bug 1166031) for test_WebCrypto_DH.html failures.
2015-05-20 22:05:15 -04:00
Ryan VanderMeulen
224bdbec3e
Bug 1166031 - Update NSS to NSS_3_19_1_BETA1. r=mt
2015-05-20 21:06:06 -04:00
David Keeler
0f00f328f3
Bug 1166031 - Update PSM xpcshell small RSA key test to reflect new error. r=Cykesiopka
...
Previously NSS would accept smaller RSA key sizes than PSM would in TLS handshakes. Now that the limit is the same, NSS handles the handshake termination with a different error code before PSM can make its own policy decision.
2015-05-21 12:57:03 -07:00
Ryan VanderMeulen
b1647b5e41
Bug 1166031 - Update NSS to NSS_3_19_1_BETA1. r=mt
2015-05-20 21:06:06 -04:00
Cykesiopka
06e1f43ea2
Bug 1166078 - Clean up and add expected result strings to test_hmac.js. r=keeler
2015-05-18 15:22:54 -07:00
Birunthan Mohanathas
9f65019493
Bug 1164714 - Flatten security/manager/pki/src/ directory. r=keeler
2015-05-19 10:47:42 -07:00
Birunthan Mohanathas
e9750de36b
Bug 1164714 - Flatten security/manager/pki/public/ directory. r=keeler
2015-05-19 10:47:38 -07:00
Eric Rahm
c5e63515bf
Bug 1165518 - Part 2: Replace prlog.h with Logging.h. rs=froydnj
2015-05-19 11:15:34 -07:00
David Keeler
af988c6fc0
bug 1165911 - do more safety checks when gathering successful TLS connection telemetry r=Cykesiopka
2015-05-18 10:37:38 -07:00
Nicholas Nethercote
35fffb1333
Back out a1f7ae44c7bb (bug 1164373) for causing intermittent test failures.
2015-05-18 19:00:54 -07:00
Carsten "Tomcat" Book
e5535efc49
merge mozilla-inbound to mozilla-central a=merge
2015-05-18 13:43:01 +02:00
cedric
b48a2260ab
Bug 1152842 - Remove legacy Download Manager support from test_bug383369.html. r=paolo
2015-05-11 17:43:15 -07:00
Richard Barnes
84216a7c40
Backed out changeset fe10feec1ede because of OCSP test failures
2015-05-16 16:38:34 -04:00
Richard Barnes
6384ecbf90
Bug 1010068
- Disable OCSP for DV certificates in Firefox for Android r=keeler
2015-05-15 16:17:47 -04:00
Phil Ringnalda
01393a8965
Merge m-c to m-i
2015-05-16 09:49:14 -07:00
Phil Ringnalda
66b8e8f803
Merge m-i to m-c, a=merge
2015-05-16 08:50:37 -07:00
ffxbld
fb722a1b1e
No bug, Automated HPKP preload list update from host bld-linux64-spot-152 - a=hpkp-update
2015-05-16 03:30:30 -07:00
ffxbld
4aece5ec95
No bug, Automated HSTS preload list update from host bld-linux64-spot-152 - a=hsts-update
2015-05-16 03:30:28 -07:00
Neil Rashbrook
441960eebc
Bug 1155963 Only allow NS_LITERAL_CSTRING to be used on compile-time literals r=froydnj,ehsan
2015-05-16 09:07:10 +01:00
Nicholas Nethercote
0addd071a9
Back out all four patches from bug 1161377. r=me.
...
Due to Android startup regressions (bug 1163066) and plugin crashes (bug
1165155).
2015-05-14 21:48:43 -07:00
Wes Kocher
484229a7ff
Backed out changeset 17cfad44e12b (bug 1155963) for breaking b2g builds
2015-05-14 16:35:18 -07:00
Jed Davis
22bcabd0af
Bug 1162965 - Use /dev/shm instead of /tmp for sandbox chroot if possible. r=kang
2015-05-14 16:19:08 -07:00
Neil Rashbrook
5b5c002aaf
Bug 1155963 Only allow NS_LITERAL_CSTRING to be used on compile-time literals r=froydnj,ehsan
2015-05-15 00:00:33 +01:00
Cykesiopka
d7bf2e4a0b
Bug 1164409 - Reduce PSM xpcshell script code duplication. r=keeler
2015-05-15 02:28:00 -04:00
David Keeler
77060a5e28
bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
2015-04-06 16:10:28 -07:00
Nicholas Nethercote
8d5e9cca79
Bug 1164373 - Remove two static constructors involving PR_NewLogModule(). r=froydnj.
2015-05-13 18:02:56 -07:00
Nicholas Nethercote
37a9035e51
Bug 1161377 (part 3, attempt 2) - Convert some easy PL_DHashTable{Init,Finish} cases. r=froydnj.
2015-05-12 17:33:26 -07:00
David Major
68b0dee7c5
Bug 1149718: Fix wow_helper lib path for VS2015. r=glandium
2015-05-12 18:20:28 -04:00
David Keeler
8924191348
bug 1102436 - remove PublicKeyPinningService::CheckChainAgainstAllNames r=Cykesiopka
2015-05-07 11:06:07 -07:00
Cykesiopka
8f0e75f3c3
Bug 1163358 - Add "psm" tag to PSM xpcshell and mochitest manifests. r=dkeeler
2015-05-09 18:21:00 +02:00
Mike Hommey
ec07b959e5
Bug 1043692 - Add a DIST_INSTALL variable to moz.build, and replace NO_DIST_INSTALL with it. r=gps
2015-05-12 07:55:21 +09:00
Bob Owen
6bab3a7af4
Bug 1146874 Part 1: Check that Windows sandboxed process starts correctly. r=tabraldes
2015-05-11 08:24:39 +01:00
Nicholas Nethercote
bdb7128dd1
Backout c375efe78e07 (bug 1161377 part 3) for (probably) increasing the static constructor count and regressing Fennec start-up time. r=me.
2015-05-10 22:16:18 -07:00
Phil Ringnalda
cd38d9b5e8
Merge m-c to m-c, a=merge
2015-05-09 14:16:58 -07:00
ffxbld
ab2219f9d0
No bug, Automated HPKP preload list update from host bld-linux64-spot-270 - a=hpkp-update
2015-05-09 03:31:59 -07:00
ffxbld
b463f10047
No bug, Automated HSTS preload list update from host bld-linux64-spot-270 - a=hsts-update
2015-05-09 03:31:58 -07:00
Wes Kocher
fa0da51ac6
Merge fx-team to m-c a=merge
2015-05-08 10:29:41 -07:00
Eric Rahm
c0f39382bd
Bug 1162691 - Part 2: Wrap expensive calls in PR_LOG_TEST. r=froydnj
...
Check that logging is enabled before performing potentially expensive
operations.
2015-05-08 14:36:34 -07:00
Eric Rahm
3c0f5bf63e
Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj
...
PR_LOGGING is now always defined, we can remove #ifdefs checking for it.
2015-05-08 14:36:33 -07:00
Daniel Veditz
3bab854bdd
Bug 1038072 - signature verification for JAR files unpacked into a directory. r=keeler
2015-05-05 20:21:00 +02:00
Bob Owen
46c30cdbd5
Bug 1158773: Use the same initial and delayed integrity level for Windows content sandbox level 0. r=tabraldes
2015-05-06 10:11:56 +01:00
L. David Baron
ffb6e08be2
Back out changeset a02ea85607a2 (bug 1038072) for widespread test failures (at least Linux, Android, and Mulet), on a CLOSED TREE.
2015-05-06 09:58:55 +02:00
Daniel Veditz
d2b1ef4d0e
Bug 1038072 - signature verification for JAR files unpacked into a directory. r=keeler
2015-05-05 20:21:00 +02:00
Nicholas Nethercote
02e9b810da
Bug 1161377 (part 3) - Convert some easy PL_DHashTable{Init,Finish} cases. r=froydnj.
...
This patch converts easy cases, i.e. where the PL_DHashTableInit() call occurs
in a constructor and the PL_DHashTableFinish() call occurs in a destructor.
2015-05-04 22:59:24 -07:00
Mark Goodwin
de6b7028f1
Bug 1128607 - Test the freshness check for OneCRL (r=keeler)
2015-05-07 18:54:07 +01:00
Mark Goodwin
9e5913dddb
Bug 1128607 - Add freshness check for OneCRL (r=keeler)
2015-05-07 18:54:05 +01:00
Patrick McManus
726e9673d3
bug 1153212 - 2/2 Necko explicitly track origin vs routed host and give psm only origin r=dkeeler r=hurley IGNORE IDL
...
Allow necko to simultaneously track the dual concept of routed host
and origin (authenticated host). The origin is given to the socket
provider and the routed host is inserted at DNS lookup time as if it
were a SRV or CNAME.
2015-04-09 11:31:59 -04:00
Patrick McManus
a2982caa07
bug 1153212 - 1/2 revert 90d6a38931fa to make room for better fix r=backout
2015-05-07 13:16:26 -04:00
Kai Engert
8ea2fcf08e
Bug 1144055
, Upgrade Firefox to use NSS 3.19, landing NSS_3_19_RTM
2015-05-04 21:34:38 +02:00
Cykesiopka
fa466bc83d
Bug 1153446 - Replace instances of double spacing with single spacing in nsserrors.properties. r=dkeeler
2015-05-01 02:40:00 +02:00
Phil Ringnalda
48398662cf
Merge m-i to m-c, a=merge
2015-05-02 10:02:17 -07:00
ffxbld
904d847525
No bug, Automated HPKP preload list update from host bld-linux64-spot-137 - a=hpkp-update
2015-05-02 03:30:49 -07:00
ffxbld
9a9af4a556
No bug, Automated HSTS preload list update from host bld-linux64-spot-137 - a=hsts-update
2015-05-02 03:30:48 -07:00
Mike Hommey
b673a97a25
Bug 1134923 - Remove NS_Alloc/NS_Realloc/NS_Free. r=nfroyd
...
They are kept around for the sake of the standalone glue, which is used
for e.g. webapprt, which doesn't have direct access to jemalloc, and thus
still needs a wrapper to go through the xpcom function list and get to
jemalloc from there.
2015-05-01 09:40:30 +09:00
Nicholas Nethercote
29a54c9b3b
Bug 1159972 - Remove the fallible version of PL_DHashTableInit(). r=froydnj.
...
It's no longer needed now that entry storage isn't allocated there. (The other
possible causes of failures in that function are less interesting and simply
crashing is a reasonable thing to do for them.)
This also makes PL_DNewHashTable() infallible, so I removed some
now-unnecessary checks of its result.
2015-04-29 16:38:29 -07:00
Bob Owen
0693a1dc83
Bug 1150515: Set the subsystem to WINDOWS,5.02 for wow_helper so that it runs on WinXP 64-bit. r=glandium
2015-04-30 09:48:03 +01:00
Masatoshi Kimura
931590121a
Bug 1145844 - Update fallback whitelist. r=keeler
2015-04-29 13:48:53 +09:00
Andrew Bartlett
0b2e75f4be
Bug 734229 - Partially address by refusing to re-negotiate on NTLM. r=mayhemer, r=keeler
...
Now only one NTLM Negotiate packet will be sent per connection, rather
than again after a failed authentication. The problem situation is
triggered due to failed Negotiate authentication, and is probably more
complex.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2014-11-28 11:34:06 +13:00
David Major
c92c020b89
Bug 1157835: Remove the MSVC_ENABLE_PGO flag from the build system. r=glandium
2015-04-27 19:59:27 -04:00
Carsten "Tomcat" Book
3923c05342
merge fx-team to mozilla-central a=merge
2015-04-27 12:34:03 +02:00
Carsten "Tomcat" Book
18a440fd0e
merge mozilla-inbound to mozilla-central a=merge
2015-04-27 12:00:14 +02:00
ffxbld
bbd9aed0be
No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update
2015-04-25 03:32:33 -07:00
ffxbld
9fd30e6020
No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update
2015-04-25 03:32:31 -07:00
Jed Davis
8f10995d7b
Bug 1154184 - Don't use Linux sandbox gtest dir if not building tests. r=gps
2015-04-24 17:36:08 -07:00
Dave Townsend
80ce794097
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz
2015-03-31 11:32:40 -07:00
Carsten "Tomcat" Book
1a74144837
merge mozilla-inbound to mozilla-central a=merge
2015-04-24 14:37:13 +02:00
Richard Barnes
20b75325f3
Bug 1121982 - Update PSM to use NSS name constraints
2015-04-23 20:26:29 -04:00
Fabrice Desré
854266d52c
Bug 1144600 - Don't crash when submitting <keygen> on b2g r=dkeeler
2015-04-23 13:35:49 -07:00
Blake Kaplan
1047b7458f
Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler
2015-04-22 12:55:23 -07:00
Steven Michaud
2bb57bcd7a
Bug 1153809 - Loosen Mac content process sandbox rules for NVidia and Intel HD 3000 graphics hardware. r=areinald
2015-04-22 14:56:09 -05:00
David Keeler
f9b93560f0
bug 1157873 - remove certificates from CNNIC whitelist that aren't in the Pilot Certificate Transparency log r=rbarnes
...
Also remove certificates where notBefore is on or after 1 April 2015.
2015-04-21 16:07:33 -07:00
Nathan Toone
1b81ed134e
Bug 1124076 followup - fix the build when PR_LOGGING is not defined. r=mrbkap
2015-04-23 13:24:57 -07:00
David Keeler
7783f33c8b
bug 1081128 - test_pinning.js takes ~300 seconds on b2g debug emulator - request a longer timeout for it r=Cykesiopka
2015-04-22 11:06:36 -07:00
Kai Engert
d7a44b34ec
Bug 1144055
- Upgrade Firefox 39 to use NSS 3.19, r=nss-confcall
2015-04-23 21:16:20 +02:00
Francois Marier
29cbc60a12
Bug 1147212 - Add support for goog-unwanted-shavar. r=gcp,r=matej,r=smaug
2015-04-22 21:01:37 +12:00
Carsten "Tomcat" Book
407c282220
Backed out changeset 7f3cf84c11a9 (bug 1124076) for bustage on a CLOSED TREE
2015-04-22 13:44:23 +02:00
Blake Kaplan
87c47ee4e8
Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler
2015-04-21 14:56:00 +02:00
Ehsan Akhgari
d278570d19
Bug 1153348 - Add an analysis to prohibit operator bools which aren't marked as either explicit or MOZ_IMPLICIT; r=jrmuizel
...
This is the counterpart to the existing analysis to catch
constructors which aren't marked as either explicit or
MOZ_IMPLICIT.
2015-04-21 21:40:49 -04:00
André Reinald
12017521df
Bug 1150765 - Add sandbox rules to allow hardware rendering of OpenGL on Mac. r=smichaud
2015-04-21 11:17:16 +02:00
Patrick McManus
d428323d51
bug 1153212 - Alt-Svc Fixes r=dkeeler r=hurley
2015-04-13 17:11:59 -04:00
Kai Engert
ce1263979f
Bug 1144055
, Upgrade Firefox 39 to use NSS 3.19, NSS_3_19_BETA4 to pick up bug 1155279
2015-04-20 21:46:19 +02:00
Phil Ringnalda
842c8df579
Merge m-i to m-c, a=merge
2015-04-18 16:36:32 -07:00
ffxbld
a3972bfdfc
No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update
2015-04-18 03:29:47 -07:00
ffxbld
09e813d086
No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update
2015-04-18 03:29:45 -07:00
David Keeler
3ba6c83d36
bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith
2015-04-08 16:17:39 -07:00
Kai Engert
85b84c3c46
Bug 1144055
- Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA2, r=nss-confcall
2015-04-17 13:49:43 +02:00
Neil Deakin
dd30a1f3eb
Bug 1153248, re-enable a bunch of tests that now work with e10s, r=billm
2015-04-16 15:38:12 -04:00
David Keeler
5f4152c364
bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes
2015-04-07 17:29:05 -07:00
Kai Engert
b5518439bf
Bug 1144055
- Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA3, r=nss-confcall
2015-04-17 18:43:30 +02:00
David Keeler
34e15cf320
bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past
2015-03-25 11:04:49 -07:00
Brian Smith
0d03a12ce8
Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler
2015-04-14 05:33:03 -10:00
Brian Smith
d853e2e6d1
Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler
...
We used to avoid using Nested and NestedOf because they were based on
bind and it was difficult to maintain our std::bind polyfill. Now that
we use lambdas, it is easy to use Nested and NestedOf, so we should do
so wherever it makes the code clearer.
2015-04-14 05:32:46 -10:00
Brian Smith
a710d38eed
Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler
...
Also fixes the wrong comment. The syntax for version in OCSP and X.509
certs is identical.
2015-04-14 05:32:29 -10:00
Brian Smith
debda06173
Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler
2015-04-14 05:06:41 -10:00
Nathan Froyd
a9747433e3
Bug 1137437 - move security/apps/ cert header generation to moz.build; r=mshal,keeler
...
Moving the cert header generation to GENERATED_FILES means that we can
delete all the manually-written out rules; we can also delete the
export:: rule because the build system automatically builds
GENERATED_FILES during the export phase. For ease of converion, we opt
to create an empty trusted-app-public.der cert for manifest-signing-root.inc;
partners are free to overwrite that cert with their own.
2015-02-27 12:50:49 -05:00
Mike Hommey
bb5d54f699
Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith
...
This avoids -Wunused-variable fatal warnings with GCC 5.0
2015-04-15 09:21:23 +09:00
Landry Breuil
13c5620ed7
Bug 1153090 followup - consistently use sizeof(hash) r=dkeeler
2015-04-14 22:19:18 +02:00
Landry Breuil
3022662159
Bug 1153090 - Unaligned access in cert block list (r=keeler)
2015-04-14 21:19:52 +02:00
Jan Beich
15f244431a
Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith
2015-04-14 14:30:09 +02:00
Brian Smith
168218d0b3
Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler
...
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.
2015-04-13 00:28:11 -10:00
Brian Smith
27c206b435
Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler
2015-04-12 19:57:48 -10:00
Carsten "Tomcat" Book
94670e1674
merge mozilla-inbound to mozilla-central a=merge
2015-04-13 12:00:00 +02:00
ffxbld
a5ae47a99d
No bug, Automated HPKP preload list update from host bld-linux64-spot-009 - a=hpkp-update
2015-04-11 03:29:55 -07:00
ffxbld
f89f580ff8
No bug, Automated HSTS preload list update from host bld-linux64-spot-009 - a=hsts-update
2015-04-11 03:29:53 -07:00
Jed Davis
bd4374a0cc
Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang
...
This needs more unit tests for the various pieces of what's going on
here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but
that's nontrivial due to needing a single-threaded process -- and
currently they can't be run on Mozilla's CI anyway due to needing user
namespaces, and local testing can just try using GMP and manually
inspecting the child process. So that will be a followup.
2015-04-10 18:05:19 -07:00
Jed Davis
a25b210578
Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang
...
Using the equivalent of release assertions in the patch after this one
is easier to justify if I can't come up with vaguely legitimate reasons
why they might fail; this detects the ones I thought of.
2015-04-10 18:05:19 -07:00
Jed Davis
4bcdc2879f
Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent
...
This means that B2G plugin-container must (dynamically) link against
libmozsandbox in order to call into it before initializing Binder.
(Desktop Linux plugin-container already contains the sandbox code.)
2015-04-10 18:05:19 -07:00
Jed Davis
08099f9875
Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang
2015-04-10 18:05:19 -07:00
Mark Goodwin
6fcd7d356b
Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler
2015-03-30 08:57:00 +02:00
David Keeler
b819bfd2cb
bug 1147085 - remove nsINSSCertCache (replace it with nsIX509CertDB.getCerts()) r=Cykesiopka
2015-04-03 14:01:05 -07:00
Patrick McManus
f1ecabdf6a
Bug 1152895 - remove dead code in nsSSLIOLayerSetOptions r=dkeeler
2015-04-09 13:40:04 -04:00
Cykesiopka
70bff0b01f
Bug 1147725 - Disable test_ocsp_fetch_method.js and test_ocsp_url.js on slow B2G Emulator debug builds. r=keeler
2015-04-06 14:05:00 +02:00
Bob Owen
72b3de6331
Bug 1149483: Change content sandbox level 1 to a working low integrity sandbox. r=tabraldes, r=billm
2015-04-05 14:01:38 +01:00
Phil Ringnalda
4c814af933
Merge m-i to m-c, a=merge
2015-04-04 09:59:17 -07:00
ffxbld
8c99f061fc
No bug, Automated HPKP preload list update from host bld-linux64-spot-220 - a=hpkp-update
2015-04-04 03:27:46 -07:00
ffxbld
f4241dc1de
No bug, Automated HSTS preload list update from host bld-linux64-spot-220 - a=hsts-update
2015-04-04 03:27:44 -07:00
Steven Michaud
aa2d63ddad
Bug 1110911 - Move Mac sandboxing code into plugin-container. r=cpearce,areinald,jld
2015-04-03 11:51:41 -05:00
Cykesiopka
442b83c70d
Bug 1149805 - Switch head_psm.js to Assert.jsm methods and add expected result strings. r=keeler
2015-04-02 05:50:00 -04:00
Cykesiopka
c4456e9497
Bug 488480 - Correct documentation about the function hasMatchingOverride() in nsICertOverrideService.idl. Original patch by Johnathan Nightingale. r=keeler
...
IGNORE IDL
2015-04-02 05:45:00 -04:00
Nathan Froyd
65f6c06592
Bug 1143651 - don't use CallQueryInterface when the compiler can do the cast for us; r=ehsan
2015-03-12 13:20:29 -04:00
Cykesiopka
f3a36bd993
Bug 1147726: Disable test_keysize_ev.js on slow B2G Emulator debug builds. r=dkeeler
2015-03-31 11:53:00 +02:00
Brian Smith
922814a6c1
Bug 1146057: Remove support for GCC 4.6, r=keeler
...
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.
2015-03-30 20:18:46 -10:00
Bob Owen
666e96adb9
Bug 1119878 Part 2: Change IPC code to hold ProcessID instead of ProcessHandle. r=billm, r=dvander, r=aklotz, r=cpearce
2015-04-01 09:40:35 +01:00
Bob Owen
8e1e75d04b
Bug 1119878 Part 1: Change SandboxTarget to hold sandbox target services to provide functions. r=aklotz, r=glandium, r=cpearce
2015-04-01 09:40:35 +01:00
Mike Hommey
ccd2a9b975
Bug 1134920 - Use moz_xmalloc/moz_xrealloc/free instead of nsMemory::Alloc/Realloc/Free. r=nfroyd
2015-04-01 13:51:45 +09:00
Mark Goodwin
bead98d47f
Bug 1138848 - Tests for modified OneCRL (r=keeler, unfocused)
...
* * *
* * *
give blocklist debug info to NSPR_LOG
2015-03-31 15:10:19 -07:00
Mark Goodwin
695994d59d
Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused)
2015-03-31 15:10:09 -07:00
David Keeler
a66b3817f5
bug 844351 - remove nsISSLErrorListener r=cykesiopka
2015-03-24 16:00:10 -07:00
Cykesiopka
192d5ad67e
Bug 1147247 - Use PRErrorCodeSuccess constant instead of literal 0 to represent success in PSM xpcshell tests. r=dkeeler
2015-03-27 23:16:00 +01:00
David Cooper
a267ad8c56
Bug 667471 - Pretty print names of ECDSA with SHA-2 algorithms in Certificate Viewer. r=dkeeler
2015-03-27 23:13:00 +01:00
Mike Hommey
4da5ed0b71
Bug 1138293 - Use malloc/free/realloc/calloc instead of moz_malloc/moz_free/moz_realloc/moz_calloc. r=njn
...
The distinction between moz_malloc/moz_free and malloc/free is not
interesting. We are inconsistent in our use of one or the other, and
I wouldn't be surprised if we are mixing them anyways.
2015-03-31 12:32:49 +09:00
Brian Smith
b43440444d
Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler
2015-02-26 13:10:13 -08:00
Brian Smith
e23ee1cce5
Bug 1136278, Part 1: Refactor algorithm identifiers in tests, r=keeler
...
This will make it easier to expand the tests to additional
signature algorithms and additional public key types.
2015-02-26 16:11:41 -08:00
Andrew McCreight
78ef3a55a4
Bug 1147572 - Remove implementation language field from DOM class info. r=jst
2015-03-30 10:45:39 -07:00
Jan-Ivar Bruaroey
ab8a60ff50
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, florian, billm, jesup
2015-03-03 09:51:05 -05:00
Andrew McCreight
4b767927e9
Bug 1148070 - Change nsIClassInfo::getHelperForLanguage() to getScriptableHelper(). r=bholley
2015-03-29 07:52:54 -07:00
Randell Jesup
19225aa9cf
Backed out 6 changesets (bug 1046245) on a CLOSED TREE
2015-03-29 01:42:32 -04:00
Jan-Ivar Bruaroey
eee0d4f6d2
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
Phil Ringnalda
f45c1bd02b
Back out 6 changesets (bug 1046245) for thinking that MSVC would have anything to do with a __PRETTY_FUNCTION__
...
CLOSED TREE
Backed out changeset 9e3ecca831d8 (bug 1046245)
Backed out changeset 87dc145f4da8 (bug 1046245)
Backed out changeset 01606cf19a77 (bug 1046245)
Backed out changeset 2ed2b15fe940 (bug 1046245)
Backed out changeset 2b99b193828a (bug 1046245)
Backed out changeset d1ac67faccbb (bug 1046245)
2015-03-28 19:57:17 -07:00
Jan-Ivar Bruaroey
6e995cbffd
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
Ryan VanderMeulen
4da777479a
Backed out 6 changesets (bug 1046245) for bustage on a CLOSED TREE.
...
Backed out changeset 222c2f9e3bc9 (bug 1046245)
Backed out changeset 4251eef464a2 (bug 1046245)
Backed out changeset 592f4cc23197 (bug 1046245)
Backed out changeset 5bfb9a1c0550 (bug 1046245)
Backed out changeset e966a5df87b6 (bug 1046245)
Backed out changeset 609f3ca64004 (bug 1046245)
2015-03-28 16:24:25 -04:00
Jan-Ivar Bruaroey
5f0e601fcd
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
Phil Ringnalda
870ac05194
Merge m-i to m-c, a=merge
2015-03-28 11:44:16 -07:00
ffxbld
28fbf92074
No bug, Automated HPKP preload list update from host bld-linux64-spot-1005 - a=hpkp-update
2015-03-28 03:27:37 -07:00
ffxbld
be5331225c
No bug, Automated HSTS preload list update from host bld-linux64-spot-1005 - a=hsts-update
2015-03-28 03:27:36 -07:00
Andrea Marchesini
b212600c95
Bug 1148527 - Indentation fix after bug 1145631, r=ehsan
2015-03-27 18:52:19 +00:00
Kai Engert
045c1c7065
Bug 1144055
- Upgrade Firefox 39 to use NSS 3.18.1, land NSS_3_18_1_BETA1, r=nss-confcall
2015-03-26 20:39:25 +01:00
Tanvi Vyas
24698cb937
Bug 947079 - Hack to prevent getting a mixed content icon on a fully secure page. r=keeler
2015-03-26 11:54:53 -07:00
Bob Owen
1eda62eb8d
Bug 1147446: Chromium patch to fix memory leak in Windows sandbox sharedmem_ipc_server.cc. r=aklotz
2015-03-26 08:06:04 +00:00
Cykesiopka
3d56eac828
Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler relanding on a CLOSED TREE
2015-03-25 17:29:05 -07:00
Wes Kocher
7895e32a5e
Backed out changeset 3a38c3d97f44 (bug 996872) on the theory that it somehow broke lots of tests, forcing a prolonged CLOSED TREE
2015-03-25 14:40:44 -07:00
Cykesiopka
bd57240c9d
Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler
2015-03-25 11:40:46 -07:00
Wes Kocher
0d9c0798af
Merge m-c to inbound a=merge CLOSED TREE
2015-03-23 16:51:22 -07:00
Edwin Flores
31eadf18b7
Bug 1146192 - Whitelist sched_yield syscall in GMP sandbox on Linux DONTBUILD CLOSED TREE - r=jld
2015-03-24 10:56:49 +13:00
Edwin Flores
13fe1731fe
Bug 1146192 - Backed out changeset d2918bcf0d90 for missing bug number - r=me
2015-03-24 10:53:10 +13:00
Jed Davis
0f3b12d8c5
Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang
2015-03-19 11:57:00 -04:00
Phil Ringnalda
b39967c514
Merge m-c to m-i
2015-03-21 12:50:09 -07:00
Phil Ringnalda
c847599e4d
Merge m-i to m-c, a=merge
2015-03-21 12:31:07 -07:00
ffxbld
1f8ea0c488
No bug, Automated HPKP preload list update from host bld-linux64-spot-1002 - a=hpkp-update
2015-03-21 03:30:42 -07:00
ffxbld
703ee2d45b
No bug, Automated HSTS preload list update from host bld-linux64-spot-1002 - a=hsts-update
2015-03-21 03:30:40 -07:00
Ehsan Akhgari
33bb32f549
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj
...
This patch was automatically generated using the following script:
function convert() {
echo "Converting $1 to $2..."
find . \
! -wholename "*/.git*" \
! -wholename "obj-ff-dbg*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.c" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_OVERRIDE override
convert MOZ_FINAL final
2015-03-21 12:28:04 -04:00
Edwin Flores
7a76516d84
Bug 1XXXXXX - Whitelist sched_yield syscall in GMP sandbox on Linux - r=jld
2015-03-24 09:55:36 +13:00
David Keeler
d2ce6abf90
bug 1143085 - allow subject alternative name extensions to be empty for compatibility r=briansmith a=kwierso
2015-03-16 14:00:33 -07:00
Jed Davis
15de7894cc
Bug 1144580 - Whitelist pselect6 in content seccomp-bpf policy. r=kang
2015-03-18 15:30:00 +01:00
Masatoshi Kimura
1999ec07b4
Bug 1133187 - Update fallback whitelist. r=keeler
2015-03-18 15:36:00 +01:00
Jed Davis
d2a1fdfdb7
Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang
...
See bug, and comment at top of SandboxInfo.cpp, for rationale.
Bonus fix: reword comment about nested namespace limit; the exact limit
is 33 (not counting the root) but doesn't particularly matter.
2015-03-17 22:50:00 +01:00
Cykesiopka
11f5f6058d
Bug 1131227 - Make the about:certerror Unknown Issuer string mention missing intermediates and unimported roots. r=keeler
2015-03-17 14:33:00 +01:00
Masatoshi Kimura
b23f9dc54f
Bug 1143082 - Fix a message in the mixed content UI. r=dolske
2015-03-17 20:34:58 +09:00
Jed Davis
d0d9f194e4
Bug 1141885 - Make readlink() fail instead of allowing it, for B2G content processes. r=kang
2015-03-13 13:47:56 -07:00
André Reinald
f3598cf103
Bug 1083344 - Tighten rules for Mac OS content process sandbox on 10.9 and 10.10. r=smichaud
...
Allow read to whole filesystem until chrome:// and file:// URLs are brokered through another process.
Except $HOME/Library in which we allow only access to profile add-ons subdir.
Add level 2, which allows read only from $HOME and /tmp (while still restricting $HOME/Library.
Change default back to 1.
2015-03-12 17:42:50 +01:00
ffxbld
4837382e9e
No bug, Automated HPKP preload list update from host bld-linux64-spot-532 - a=hpkp-update
2015-03-14 03:26:00 -07:00
ffxbld
7ad0e5a9f3
No bug, Automated HSTS preload list update from host bld-linux64-spot-532 - a=hsts-update
2015-03-14 03:25:58 -07:00
Nathan Froyd
8ddefeed54
Bug 1142503 - don't use QueryInterface when the compiler can do the cast for us; r=ehsan
...
Calling QueryInterface with a statically known IID should typically not
be necessary. In those cases where it's not, the compiler can do the
cast for us, though we have to supply the reference-counting that
QueryInterface would do.
In passing, several redundant null-checks for the result of |new T| have
been deleted.
2015-03-12 09:43:50 -04:00
Jed Davis
da39e0a7e8
Bug 1142263 - Specify all syscall parameters when doing CLONE_NEWUSER detection; f=bwc r=kang
2015-03-13 13:01:28 +01:00
Jed Davis
64382897a9
Bug 906996 - Remove unlink from B2G content process syscall whitelist. r=kang
2015-03-11 12:39:00 +01:00
David Keeler
793bd87d86
bug 1102443 - fix leak in key pinning logging by removing an unnecessary function call r=cykesiopka
...
Also took the opportunity to fix the logging message, since it didn't accurately
describe the information that was being printed.
2015-03-12 14:31:26 -07:00
Jonathan Griffin
84011a87cc
Bug 1116187 - Disable failing mochitest-chrome tests for B2G, r=gbrown
2015-02-06 16:30:37 -08:00
David Keeler
f4d016a5d3
bug 1138332 - re-allow overrides for certificates signed by non-CA certificates r=mmc
2015-03-11 11:11:22 -07:00
Cykesiopka
ee6ade0540
Bug 1141815 - Remove nsIDOMCryptoDialogs interface and associated implementation; r=keeler
2015-03-12 10:24:05 +01:00
David Keeler
9019ce9211
bug 1138716 - update PSM data structures that depend on root CA changes r=mmc
2015-03-23 10:36:55 -07:00
Kai Engert
6c2147ca71
Bug 1137470, remove the documentation patch file, because it's no longer reverted locally, DONTBUILD
2015-03-20 13:38:13 +01:00
Kai Engert
0430fa01a9
Bug 1137470, Upgrade Firefox 38 to use NSS 3.18, land NSS_3_18_RTM, r=nss-confcall
2015-03-20 13:32:58 +01:00
Cykesiopka
dc77495477
Bug 1121117 - Add fuzz time to workaround non-monotonicity of Date(). r=keeler
2015-03-19 19:57:00 +01:00
Bob Owen
9438a86ad1
Bug 1145432: Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz
2015-03-20 07:53:37 +00:00
Ehsan Akhgari
c27574a87c
Bug 1140767 - Build more files in security/manager in unified mode; r=dkeeler
2015-03-10 22:52:22 -04:00
Bob Owen
4b39d1da28
Bug 1141169: Add moz.build BUG_COMPONENT metadata for security/sandbox/ r=jld
2015-03-10 08:03:12 +00:00
Bob Owen
9a4eb936ac
Bug 1137166: Change the Content moreStrict sandbox pref to an integer to indicate the level of sandboxing. r=tabraldes
2015-03-10 08:03:12 +00:00
Mike Hommey
e4b247f703
Bug 868814 - Fold mozalloc library into mozglue. r=njn
2015-03-10 10:01:52 +09:00
Masatoshi Kimura
40a54ff159
Bug 1106470 - Drop SSLv3 support entirely from PSM. r=keeler
2015-03-10 01:22:59 +09:00
Jed Davis
9e0d0967f3
Bug 1137007 - Detect namespace and SECCOMP_FILTER_FLAG_TSYNC support in SandboxInfo. r=kang, r=Unfocused
...
Currently, only user namespace support is detected. This is targeted at
desktop, where (1) user namespace creation is effectively a prerequisite
for unsharing any other namespace, and (2) any kernel with user
namespace support almost certainly has all the others.
Bonus fix: remove extra copy of sandbox flag key names in about:support;
if JS property iteration order ever ceases to follow creation order, the
table rows could be permuted, but this doesn't really matter.
2015-03-06 13:59:00 -05:00
David Keeler
f9447481df
Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching. r=briansmith
2015-03-03 13:34:45 -08:00
Phil Ringnalda
aafe5c8706
Merge m-c to m-i
2015-03-07 19:39:49 -08:00
Phil Ringnalda
0218d6bb94
Merge m-i to m-c, a=merge
2015-03-07 19:11:54 -08:00
ffxbld
9d36331df9
No bug, Automated HPKP preload list update from host bld-linux64-spot-157 - a=hpkp-update
2015-03-07 03:27:15 -08:00
ffxbld
efe016bbfd
No bug, Automated HSTS preload list update from host bld-linux64-spot-157 - a=hsts-update
2015-03-07 03:27:13 -08:00
David Keeler
9d2c240868
bug 1129771 - disable IPv6 in PSM xpcshell TLS connection tests due to failures on OS X 10.10 r=cykesiopka a=ryanvm on a CLOSED TREE
...
In the process of investigating the intermittent failures listed in
bug 1129771, I discovered that the code would frequently get stuck connecting
to [::1] (where no server was listening) and wouldn't fall back to trying
127.0.0.1 (where the test server was listening). This change prevents the code
attempting to connect to [::1]. There probably is an underlying bug here, but
it appears to be in OS X itself and I have neither the time nor expertise to
investigate further.
2015-03-04 13:41:11 -08:00
Cykesiopka
a89929ad29
Bug 1139177 - RSA public key size checking cleanups. r=keeler
2015-03-05 16:41:00 +01:00
Jed Davis
c8b3a23fcc
Bug 1140111 - Whitelist readlinkat along with readlink. r=kang
2015-03-07 10:44:23 -05:00
Kai Engert
3d42ff284d
Bug 1137470, landing NSS_3_18_RC0 minus bug 1132496, r=nss-confcall
2015-03-07 14:49:00 +01:00
David Keeler
2a097b53b6
bug 1137538 - remove nsIIdentityInfo and nsNSSSocketInfo::GetPreviousCert r=mayhemer
2015-02-27 11:33:36 -08:00
Masatoshi Kimura
926928febc
Bug 1138882 - Add a pref to enable unrestricted RC4 fallback. r=keeler
2015-03-05 22:51:31 +09:00
Cykesiopka
73a56cbbda
Bug 1121117 - Add some logging to test_ocsp_timeout.js to ease debugging. r=dkeeler
2015-03-03 14:25:00 +01:00
Wes Kocher
6fef6d1fd8
Merge b2g-inbound to m-c a=merge CLOSED TREE
2015-03-03 17:02:21 -08:00
Chuck Lee
ae761fb055
Bug 1012549 - 0004. Support read private key in keystore. r=dkeeler r=qdot
2015-02-28 21:54:24 +08:00
David Keeler
292ae08e69
bug 1085506 - gather telemetry for TLS handshake certificate verification errors r=rbarnes
2015-02-27 11:14:29 -08:00
Mark Goodwin
3c388dbb12
Bug 1130757 - tests for bug 1130757. r=dkeeler
2015-03-02 08:19:00 +01:00
Mark Goodwin
663d50d01d
Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler
2015-02-26 04:38:00 +01:00
Cykesiopka
d4fbd76026
Bug 1130418 - Remove broken e-mail cert trust editing UI. r=emk
2015-03-02 19:54:00 +01:00
Cykesiopka
427f94114a
Bug 1130413 - Remove unused nsITokenPasswordDialogs::GetPassword() function. r=jjones
2015-02-26 13:05:00 +01:00
Wes Kocher
e8af47da16
Merge inbound to m-c a=merge
2015-03-02 12:12:47 -08:00
ffxbld
9ef92bbf7c
No bug, Automated HPKP preload list update from host bld-linux64-spot-044 - a=hpkp-update
2015-02-28 03:27:43 -08:00
ffxbld
1893a50754
No bug, Automated HSTS preload list update from host bld-linux64-spot-044 - a=hsts-update
2015-02-28 03:27:41 -08:00
Kai Engert
43f744a2b0
Bug 1137470 - Upgrade Firefox to NSS 3.18, landing NSS_3_18_BETA7, r=nss-confcall
2015-02-26 23:29:08 +01:00
David Keeler
04a248a258
bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith
2015-02-24 15:48:05 -08:00
Boris Zbarsky
8d06e45b3d
Bug 1136388. Change nsIDocumentLoaderFactory and nsIURIContentListener to take MIME types as an XPCOM string, not a char*. r=smaug
2015-02-25 10:26:51 -05:00
Jed Davis
232064fbf4
Bug 1134942 - Whitelist fstatat and unlinkat for B2G content processes. r=gdestuynder
2015-02-20 12:16:00 +01:00
Brian Smith
745bea4592
Bug 1077864, Part 3: update nsserrors.properties so error message gets localized.
2015-02-23 16:04:23 -08:00
Brian Smith
e4dfaf9d35
Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
2015-02-14 16:59:02 -08:00
Brian Smith
a44a7d430b
Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler
2015-02-14 15:59:38 -08:00
Brian Smith
8aa85cf009
Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler
2015-02-22 16:59:03 -08:00
Brian Smith
3365c67a40
Bug 1135407: Factor out duplicate logic in tests, r=keeler
2015-02-21 14:12:38 -08:00
Ehsan Akhgari
7270bff2c4
Bug 1135745 - Disable the reserved-id-macro macro in security/pkix; r=briansmith
2015-02-23 13:40:09 -05:00
Ryan VanderMeulen
f1dae981be
Merge inbound to m-c. a=merge
2015-02-21 16:40:27 -05:00
ffxbld
eef00bd3dc
No bug, Automated HPKP preload list update from host bld-linux64-spot-148 - a=hpkp-update
2015-02-21 03:32:26 -08:00
ffxbld
a0e4678d63
No bug, Automated HSTS preload list update from host bld-linux64-spot-148 - a=hsts-update
2015-02-21 03:32:24 -08:00
André Reinald
7f6c61c6b3
Bug 1083344 - Tighten rules for Mac OS content process sandbox - "rules part". r=smichaud
...
--HG--
extra : histedit_source : f703a6a8abbf500cb882263426776fdb138b73a3
2015-02-21 13:06:34 +01:00
André Reinald
0f64952695
Bug 1083344 - Tighten rules for Mac OS content process sandbox - "core part". r=smichaud
...
--HG--
extra : histedit_source : 3c904474c57dbf086365cc6b26a55c34b2b449ae
2015-02-18 14:10:27 +01:00
Brian Smith
bfd52ee2fd
Bug 1133618 - Move test SHA1 function to pkixtestutil.cpp. r=mmc
...
--HG--
extra : histedit_source : ef579a4958356a12974b1f0f69ab2d6070ff8e65
2015-02-16 16:37:03 -08:00
Brian Smith
56eb4fcacf
Bug 1130754 - Make PublicKeyAlgorithm an enum class. r=keeler
...
--HG--
extra : histedit_source : 14d321bc2cbdf749fd05994571ca439ee62ab973
2015-02-14 13:25:09 -08:00
Masatoshi Kimura
50d0e8393e
Bug 1127339 - Detect SSLv3-only server in PSM. r=keeler
2015-02-21 17:20:22 +09:00
Cykesiopka
9d854c725f
Bug 1097622 - Add test cases for certs that have notBefore times earlier than the UNIX epoch. r=dkeeler
2015-02-17 06:15:00 -05:00
Cykesiopka
46f192d5a1
Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler
2015-02-18 15:56:00 -05:00
Cykesiopka
e2b4441c11
Bug 1097622 - Rename (mE|e)rrorCodeExpired variables to (mE|e)rrorCodeTime. r=dkeeler
2015-02-17 06:12:00 -05:00
Masatoshi Kimura
d2252a6393
Bug 1133187 - Update fallback whitelist. r=keeler
2015-02-19 04:12:59 +09:00
Masatoshi Kimura
e322360a68
Bug 1124039 - Allow RC4 only for whitelisted hosts. r=keeler
2015-02-19 04:12:58 +09:00
Masatoshi Kimura
4dcc62555f
Bug 1137179 - Add wildcard support to the static fallback list. r=keeler
2015-02-28 08:53:44 +09:00
Cykesiopka
43d63e50dc
Bug 1136471 - Remove unused nsIIdentityInfo.getValidEVPolicyOid(). r=dkeeler
2015-02-26 13:05:00 -05:00
André Reinald
29bb5c62b7
Bug 1083344 - Add "allow" sandbox rules to fix mochitests on OSX 10.9 and 10.10. r=smichaud
2015-02-27 16:55:35 +01:00
Chris Peterson
949860b4a1
Bug 1133283 - Remove nonstandard expression closures from security/manager/ssl/tests. r=keeler
2015-01-24 23:48:22 -08:00
David Keeler
ea529f0499
bug 1123671 - if a non-overridable error is encountered when processing an overridable certificate error, report the non-overridable error r=mmc r=jcj
...
Also, SEC_ERROR_UNTRUSTED_ISSUER and SEC_ERROR_UNTRUSTED_CERT are not actually overridable, so don't pretend they are.
2015-01-23 14:04:44 -08:00
Chuck Lee
ac8c6a4cd0
Bug 1012549 - 0001. Support import PKCS12 certificate. r=dkeeler r=vchang
2015-02-28 21:54:16 +08:00