Commit Graph

3355 Commits

Author SHA1 Message Date
David Keeler
77182daa23 bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin 2015-06-17 16:02:08 -07:00
Bobby Holley
106e778c81 Bug 1188696 - Hoist nsRefPtr.h into MFBT. r=froydnj 2015-07-29 10:44:59 -07:00
Douglas Bagnall
5c0b4667d0 Bug 1046421 - Do not disclose the system hostname via NTLM handler. r=honzab
The hostname here is matched on the AD DC to the userWorkstations
attribute, however this is on a total trust basis in terms of what the
client specifies here.

The impact of this patch is that a user who is restricted by this
attribute to log on to only certain (Windows, in reality)
workstations, may not be able to perform a manual NTLM logon to an
intranet site, unless they set network.generic-ntlm-auth.workstation
to the name of their workstation (actually, any host in that list).

The default value is set to WORKSTATION.

This patch was originally written by Andrew Bartlett, and modified by
Douglas Bagnall following review feedback from Honza Bambas and Tim
Brown.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2015-07-24 13:36:11 +12:00
David Keeler
7c2fefeaff bug 1187029 - convert test_bug480509.html to an xpcshell test r=jcj 2015-07-23 13:31:45 -07:00
Steven Michaud
48cca4b17d Bug 1175881 - about:sync-log can't read files on OS X with e10s on and content process sandbox enabled. r=areinald 2015-07-28 12:09:34 -05:00
David Keeler
93e401cbb4 bug 1179660 - define 'now' as the first second of the current year for pycert r=Cykesiopka
This is to avoid a dependency on the buildid so we don't have to
regenerate all of the test certificate with every ./mach build.
This can cause problems very near midnight on New Year's Eve.
If this happens, kick off a new build and get back to the party.
2015-07-15 16:20:54 -07:00
Xidorn Quan
3c16d312d0 Bug 1187173 - Disable warning C4623 on security/certverifier. r=briansmith 2015-07-24 13:38:12 +10:00
Jed Davis
e59798bc11 Bug 1186709 - Remove MOZ_IMPLICIT from security/sandbox/chromium. r=bobowen 2015-07-23 08:28:00 -04:00
Jed Davis
dc4e9622a9 Bug 1157864 - Record chromium patch applied in previous commit. r=me 2015-07-22 15:48:49 -07:00
Felix Janda
cb817362ed Bug 1157864 - chromium sandbox: Fix compilation for systems without <sys/cdefs.h>. r=jld 2015-02-05 22:41:38 +01:00
Masatoshi Kimura
ae243a88cc Bug 1181562 - Update fallback whitelist. r=keeler 2015-07-22 20:35:26 +09:00
Nicholas Nethercote
4afee01f75 Bug 1182959 (part 5) - Use nsTHashtable::Iterator in nsCertOverrideService. r=honzab. 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
25f6039e81 Bug 1182959 (part 4) - Remove BlocklistSaveInfo. r=honzab. 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
459d99f3cd Bug 1182959 (part 3) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
7ab28d7df4 Bug 1182959 (part 2) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
8964637d70 Bug 1182959 (part 1) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 2015-07-20 17:12:03 -07:00
Jed Davis
4f7c3a8066 Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=gdestuynder r=glandium
This gives us a logging macro that's safe to use in async signal context
(cf. bug 1046210, where we needed this and didn't have it).

This patch also changes one of the format strings to work with
SafeSPrintf's format string dialect; upstream would probably take a
patch to handle those letters, but this is easier.
2015-07-09 12:09:00 +02:00
Jed Davis
bad4183e1d Bug 1181704 - Import chromium SafeSPrintf. r=bobowen
This also imports the unit tests but doesn't arrange to run them.
Including the tests in our xul-gtest is possible but not trivial: there
are logging dependencies, and they use a different #include path for
gtest.h (which we'd need to patch).

Upstream revision: df7cc6c04725630dd4460f29d858a77507343b24.
2015-07-09 12:04:00 +02:00
David Keeler
7ac0d92807 bug 1178988 - GenerateOCSPResponse: load certs/keys in two phases r=Cykesiopka
This was initially done to work around a readdir-related bug in the B2G ICS
emulator, but then it turned out that test_ocsp_url.js still fails in ways that
are unreproducible outside of mozilla-inbound on that platform, so it was
disabled (r=sworkman). It's still a good idea, though, to avoid any potential
future issues with readdir not being reentrant.
2015-07-15 14:12:02 -07:00
David Keeler
359bd103d4 bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka
Also enable loading of certificates and private keys into GenerateOCSPResponse
2015-06-04 17:03:48 -07:00
David Keeler
893b8954ec bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin 2015-06-30 14:35:42 -07:00
Ryan VanderMeulen
2a13b2456b Merge m-c to inbound. a=merge 2015-07-19 22:38:28 -04:00
Benjamin Peterson
0dd708e3a8 no bug - fix typo and grammar in comment r=me DONTBUILD 2015-07-19 18:07:43 -07:00
ffxbld
c56f7fab6d No bug, Automated HPKP preload list update from host bld-linux64-spot-135 - a=hpkp-update 2015-07-18 03:35:51 -07:00
ffxbld
a53fa199eb No bug, Automated HSTS preload list update from host bld-linux64-spot-135 - a=hsts-update 2015-07-18 03:35:49 -07:00
Mark Goodwin
8b0c418e25 Bug 1183822 - Add an OCSP test for signers with SHA-1 certificates (r=keeler) 2015-07-17 17:07:50 +01:00
Mark Goodwin
2e80867ccc Bug 1183822 - fix OCSP verification failures (r=keeler)
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
2015-07-17 17:07:48 +01:00
Mark Goodwin
46b7226fea Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka) 2015-07-17 17:07:47 +01:00
Wes Kocher
6216b9587e Backed out 3 changesets (bug 1178988) for ocsp orange CLOSED TREE
Backed out changeset 7fb6a9114916 (bug 1178988)
Backed out changeset 2700ec4adc3e (bug 1178988)
Backed out changeset 07b9c2331ac1 (bug 1178988)
2015-07-17 17:49:46 -07:00
Mark Goodwin
10d4e93718 Backed out changeset ec1b5a7d05e9 (bug 1183065) 2015-07-17 10:37:00 +01:00
Mark Goodwin
adead3a8a3 Backed out changeset fb6cbb4ada54 (bug 1183822) 2015-07-17 10:36:58 +01:00
Mark Goodwin
57cd103b84 Backed out changeset f324dcfaab40 (bug 1183822) 2015-07-17 10:36:56 +01:00
Mark Goodwin
8605e4aed2 Bug 1183822 - Add an OCSP test for signers with SHA-1 certificates (r=keeler) 2015-07-17 10:04:17 +01:00
Mark Goodwin
80b97ddffc Bug 1183822 - fix OCSP verification failures (r=keeler)
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
2015-07-17 10:03:56 +01:00
Mark Goodwin
00edef09b4 Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka) 2015-07-17 10:03:21 +01:00
David Keeler
b27333093c bug 1178988 - work around PR_ReadDir bug on B2G ICS emulator by loading certs/keys in two phases r=Cykesiopka 2015-07-15 14:12:02 -07:00
David Keeler
e54426e7bc bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka
Also enable loading of certificates and private keys into GenerateOCSPResponse
2015-06-04 17:03:48 -07:00
David Keeler
998a66c12a bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin 2015-06-30 14:35:42 -07:00
Cykesiopka
a0279ce7ca Bug 1179678 - Add result strings to misc PSM xpcshell tests. r=keeler 2015-07-14 23:19:00 +02:00
Wes Kocher
3ce60d2f05 Backed out 2 changesets (bug 1181704) for static build bustage CLOSED TREE
Backed out changeset fbf7aca43c3a (bug 1181704)
Backed out changeset 8864c0587ced (bug 1181704)
2015-07-13 16:51:17 -07:00
Jed Davis
2f2012818b Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=kang r=glandium
This gives us a logging macro that's safe to use in async signal context
(cf. bug 1046210, where we needed this and didn't have it).

This patch also changes one of the format strings to work with
SafeSPrintf's format string dialect; upstream would probably take a
patch to handle those letters, but this is easier.
2015-07-13 16:17:58 -07:00
Jed Davis
db8c6b5327 Bug 1181704 - Import chromium SafeSPrintf. r=bobowen
This does not include the upstream unit tests.  Including the tests
in our xul-gtest is possible but not trivial: there are logging
dependencies, and they use a different #include path for gtest.h (which
we'd need to patch).

Upstream revision: df7cc6c04725630dd4460f29d858a77507343b24.
2015-07-13 16:17:58 -07:00
Birunthan Mohanathas
e52329c788 Bug 1182996 - Fix and add missing namespace comments. rs=ehsan
The bulk of this commit was generated by running:

  run-clang-tidy.py \
    -checks='-*,llvm-namespace-comment' \
    -header-filter=^/.../mozilla-central/.* \
    -fix
2015-07-13 08:25:42 -07:00
Carsten "Tomcat" Book
108daa6a0d merge mozilla-inbound to mozilla-central a=merge 2015-07-13 11:51:14 +02:00
ffxbld
6a03db2cc6 No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update 2015-07-11 03:33:38 -07:00
ffxbld
5802404a13 No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update 2015-07-11 03:33:36 -07:00
David Keeler
2c108fdd54 bug 1181376 - convert test_bug480619.html to an xpcshell test r=mgoodwin 2015-07-07 16:09:56 -07:00
Geoff Brown
495b7cbfe1 Bug 1026290 - Update mochitest-chrome manifests for android; r=jgriffin 2015-07-10 14:41:59 -06:00
Mark Goodwin
2845785c4e Bug 1159155 - Add telemetry probe for SHA-1 usage - some tests (r=keeler) 2015-07-09 07:22:32 +01:00
Mark Goodwin
fc2d7be9e8 Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler) 2015-07-09 07:22:29 +01:00