Cykesiopka
|
55aef9cc65
|
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
|
2014-10-18 15:18:00 +02:00 |
|
Carsten "Tomcat" Book
|
f656e98577
|
Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests
|
2014-10-17 13:14:29 +02:00 |
|
Cykesiopka
|
02ea7fac18
|
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
|
2014-10-16 05:13:00 +02:00 |
|
David Keeler
|
28cf64b8af
|
bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco
|
2014-09-25 11:18:56 -07:00 |
|
Ehsan Akhgari
|
8d232f5b1b
|
Bug 579517 follow-up: Remove NSPR types that crept in
|
2014-08-08 08:39:07 -04:00 |
|
Brian Smith
|
0441bbeeef
|
Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler
--HG--
extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2
|
2014-08-02 08:49:12 -07:00 |
|
Brian Smith
|
1b48468046
|
Bug 1047792: Rely on mozilla::pkix to filter out expired certs instead of CERT_CreateSubjectCertList, r=keeler
--HG--
extra : rebase_source : 5182147037b69f0ac3c3cd060d6e2af71bfde2e7
|
2014-08-01 23:16:21 -07:00 |
|
Brian Smith
|
c0428247ef
|
Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler
--HG--
extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478
|
2014-07-31 12:17:31 -07:00 |
|
Brian Smith
|
e3aee85ed9
|
Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c
|
2014-07-18 22:30:51 -07:00 |
|
Brian Smith
|
7417889c50
|
Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco
--HG--
extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4
|
2014-07-20 11:06:26 -07:00 |
|
Brian Smith
|
8d436cc99b
|
Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler
--HG--
extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532
|
2014-07-18 11:48:49 -07:00 |
|
David Keeler
|
be17e2782a
|
bug 1040889 - don't re-cache OCSP server failures if no fetch was attempted r=briansmith r=cviecco
--HG--
extra : rebase_source : e00c84e62ecca3e97794d3ceafcd1f5f618045d1
|
2014-07-25 16:59:22 -07:00 |
|
Cykesiopka
|
65dfa136df
|
Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith
|
2014-07-15 19:49:00 -04:00 |
|
Brian Smith
|
8fd4eed261
|
Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8
extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d
|
2014-07-06 19:36:05 -07:00 |
|
Brian Smith
|
16a3da199e
|
Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad
extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb
|
2014-07-10 19:00:32 -07:00 |
|
Brian Smith
|
e230435e59
|
Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco
--HG--
extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc
|
2014-07-10 22:38:59 -07:00 |
|
Brian Smith
|
d66c74e652
|
Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc
extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605
|
2014-07-06 15:55:38 -07:00 |
|
Brian Smith
|
358b82e03b
|
Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc
--HG--
extra : rebase_source : 68e6da2f1e1c7fa678ef4cc81d23cc6298709108
extra : histedit_source : feba4c589dbf004ee50e2dea1fca0809f8f97674
|
2014-07-03 21:49:56 -07:00 |
|
Brian Smith
|
0c6544f1f0
|
Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler
--HG--
extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e
|
2014-07-02 16:15:16 -07:00 |
|
Brian Smith
|
549189d132
|
Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler
--HG--
extra : rebase_source : e093922497d005734c590a59f175993a7715bce8
|
2014-07-03 16:59:42 -07:00 |
|
Brian Smith
|
2bd47f2cb9
|
Bug 975229: Remove NSS-based certificate verification, r=keeler
--HG--
extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9
|
2014-06-16 23:13:29 -07:00 |
|
Brian Smith
|
c214d0f55e
|
Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
|
2014-06-20 10:10:51 -07:00 |
|
David Keeler
|
6dc7ca62d1
|
bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith
|
2014-06-20 09:01:57 -07:00 |
|
Brian Smith
|
f3ab0b43c6
|
Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
--HG--
extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8
|
2014-06-05 15:18:32 -07:00 |
|
David Keeler
|
cb6b2b4ade
|
bug 1019198 - fail handshake if given an expired OCSP response and fetching a new one fails r=briansmith
|
2014-06-06 09:20:50 -07:00 |
|
Brian Smith
|
c9249cca82
|
Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
--HG--
extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f
|
2014-06-03 10:47:25 -07:00 |
|
Camilo Viecco
|
fc11f7c21d
|
Bug 991815 - Part 1/2 - Allow intermediate OCSP responses up to 1 year old. r=keeler
--HG--
extra : rebase_source : 28d5336da1dc44932b92ce2c59fca5fcb2b8a3d8
|
2014-05-30 16:12:36 -07:00 |
|
David Keeler
|
56379872a2
|
bug 1006710 - add class of PSM errors to SEC and SSL errors r=briansmith
|
2014-05-28 15:28:03 -07:00 |
|
Camilo Viecco
|
44bf536cc4
|
Bug 1005142 - Part 1/2 - Add OCSP get capabilities to OCSPRequestor. r=keeler
--HG--
extra : rebase_source : ee4a86bf02a466a31de8b0b6cd7ce375a7f28c6d
|
2014-05-21 15:42:21 -07:00 |
|
Brian Smith
|
ed25ac818b
|
Bug 1010634, Part 1: Fix compiler warnings in certverifier, r=cviecco
--HG--
extra : rebase_source : f8d925f042040368b038b62bc1d0c9d4d6d04618
|
2014-05-14 17:46:32 -07:00 |
|
Brian Smith
|
b3711e99df
|
Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
|
2014-05-15 18:59:52 -07:00 |
|
David Keeler
|
6c916db011
|
bug 982248 - NSSCertDBTrustDomain: specify timeout for OCSP requests r=briansmith
|
2014-05-01 15:07:55 -07:00 |
|
Brian Smith
|
6b71be8400
|
Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
|
2014-04-25 16:29:26 -07:00 |
|
Camilo Viecco
|
06f960a801
|
Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
--HG--
extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca
|
2014-02-05 14:49:10 -08:00 |
|
David Keeler
|
2a77846f27
|
bug 977865 - mozilla::pkix: add backoff for ocsp fetching when a responder fails r=cviecco
|
2014-04-28 16:38:15 -07:00 |
|
David Keeler
|
676eaf13b4
|
bug 985201 - rename insanity::pkix to mozilla::pkix r=cviecco r=briansmith
--HG--
rename : security/insanity/include/insanity/ScopedPtr.h => security/pkix/include/pkix/ScopedPtr.h
rename : security/insanity/include/insanity/bind.h => security/pkix/include/pkix/bind.h
rename : security/insanity/include/insanity/nullptr.h => security/pkix/include/pkix/nullptr.h
rename : security/insanity/include/insanity/pkix.h => security/pkix/include/pkix/pkix.h
rename : security/insanity/include/insanity/pkixtypes.h => security/pkix/include/pkix/pkixtypes.h
rename : security/insanity/lib/pkixbind.cpp => security/pkix/lib/pkixbind.cpp
rename : security/insanity/lib/pkixbuild.cpp => security/pkix/lib/pkixbuild.cpp
rename : security/insanity/lib/pkixcheck.cpp => security/pkix/lib/pkixcheck.cpp
rename : security/insanity/lib/pkixcheck.h => security/pkix/lib/pkixcheck.h
rename : security/insanity/lib/pkixder.cpp => security/pkix/lib/pkixder.cpp
rename : security/insanity/lib/pkixder.h => security/pkix/lib/pkixder.h
rename : security/insanity/lib/pkixkey.cpp => security/pkix/lib/pkixkey.cpp
rename : security/insanity/lib/pkixocsp.cpp => security/pkix/lib/pkixocsp.cpp
rename : security/insanity/lib/pkixutil.h => security/pkix/lib/pkixutil.h
rename : security/insanity/moz.build => security/pkix/moz.build
rename : security/insanity/test/lib/moz.build => security/pkix/test/lib/moz.build
rename : security/insanity/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestutil.cpp
rename : security/insanity/test/lib/pkixtestutil.h => security/pkix/test/lib/pkixtestutil.h
|
2014-03-20 14:29:21 -07:00 |
|
David Keeler
|
609e9a9f16
|
bug 969048 - adjust OCSP stapling telemetry for insanity::pkix r=briansmith r=cviecco
|
2014-03-13 09:41:03 -07:00 |
|
David Keeler
|
8fc5d6daee
|
bug 915932 - cache OCSP responses when using insanity::pkix r=cviecco r=briansmith
|
2014-03-12 13:08:48 -07:00 |
|
Brian Smith
|
2f3b70ffb5
|
Bug 978528: Return the correct error message when no potential issuers are found during path bulding in insanitY::pkix, r=cviecco
--HG--
extra : rebase_source : 71f806312ad322bc2971e7efaea2da217b07efad
|
2014-03-01 20:55:51 -08:00 |
|
Brian Smith
|
c13108b590
|
Bug 921885: Use insanity::pkix for EV cert verification when insanity::pkix is the selected implementation, r=cviecco, r=keeler
--HG--
extra : rebase_source : b1fd1f8eace675484b3c2d568e5e74f767f1d2ad
|
2014-02-23 22:15:53 -08:00 |
|
Brian Smith
|
64ea6aa0a3
|
Bug 921886: Add certificate policiy support to insanity::pkix, r=keeler, r=cviecco
--HG--
extra : rebase_source : 6522e2c2f57f59fe23c0ed0c838f1f54236bdafc
|
2014-02-24 12:37:45 -08:00 |
|
Brian Smith
|
144b29ee4c
|
Bug 915931, Part 3: Integrate insanity::pkix OCSP support, r=keeler, r=cviecco
--HG--
extra : rebase_source : 4b54682ca6d97e2ec7709b9a5c93ddea71126f8b
|
2014-02-16 17:35:40 -08:00 |
|
Brian Smith
|
83e4eaa908
|
Bug 896620: Make marketplace certs work on in all products, r=keeler
--HG--
extra : source : 86ec7137a8892f75918c77e605df970f5b96ef62
extra : histedit_source : 33326790804d49e6ec658626116ebf870d94d445
|
2014-02-14 14:37:07 -08:00 |
|
Brian Smith
|
bbf60e0ee9
|
Bug 878932, Part 1: add insanity::pkix as an option for certificate verification, r=keeler, r=cviecco
--HG--
extra : rebase_source : c1f75dff6ac7f32e082517af701654abebaee250
|
2014-02-10 11:41:12 -08:00 |
|
Brian Smith
|
75350facfc
|
Bug 891066, Part 9: Move DisableMD5 to NSSCertDBTrustDomain, r=dkeeler
--HG--
extra : rebase_source : aaf658c12a74fc53f1591333f10d54e78fe1d992
|
2014-01-20 01:30:25 -08:00 |
|
Brian Smith
|
90ca67f6b9
|
Bug 891066, Part 6: Move SSL server cert verification logic to security/certverifier, r=cviecco
--HG--
extra : rebase_source : e30b5b46e075c52651bb5320b17660f85a50abbb
extra : source : ef41444d0a7d1f6697c7a4d431fffe8db1724605
|
2013-07-08 16:30:59 -07:00 |
|
Brian Smith
|
21a0a7d458
|
Bug 891066, Part 4: Fix indention, r=me, a=whitespace-only
--HG--
extra : rebase_source : 0b9dad2a331b729f614b9b3ee29793a3c89ae053
extra : source : 651a8ef41d0611f0dbc72cbd663071958fea649b
|
2013-09-19 13:39:36 -07:00 |
|
Brian Smith
|
c4e883c95b
|
Bug 891066, Part 3: Move more initialization of NSS to security/certverifier, r=keeler
--HG--
extra : rebase_source : 33aad105028f849d0bbe1c37b60eab50f2f22c88
|
2014-01-20 22:10:33 -08:00 |
|