Commit Graph

85 Commits

Author SHA1 Message Date
David Keeler
8be74b716b bug 1049095 - re-verify joinee certificate with joining hostname when joining connections r=briansmith r=mcmanus r=cviecco r=mmc r=rbarnes 2014-08-21 10:37:23 -07:00
David Keeler
843f8bbee8 bug 1030963 - remove non-standard window.crypto functions/properties r=jst r=briansmith r=glandium 2014-08-14 09:38:42 -07:00
Ehsan Akhgari
8d232f5b1b Bug 579517 follow-up: Remove NSPR types that crept in 2014-08-08 08:39:07 -04:00
Eric Rahm
0e0bb45c16 Bug 1047176 - Part 1: Disable warning C4640 in certverifier. r=keeler
--HG--
extra : rebase_source : a608f8704f57312902b05258ff53a4d1f2010cbc
2014-08-04 11:29:25 -07:00
Brian Smith
0441bbeeef Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler
--HG--
extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2
2014-08-02 08:49:12 -07:00
Brian Smith
1b48468046 Bug 1047792: Rely on mozilla::pkix to filter out expired certs instead of CERT_CreateSubjectCertList, r=keeler
--HG--
extra : rebase_source : 5182147037b69f0ac3c3cd060d6e2af71bfde2e7
2014-08-01 23:16:21 -07:00
Brian Smith
c0428247ef Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler
--HG--
extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478
2014-07-31 12:17:31 -07:00
Brian Smith
e3aee85ed9 Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c
2014-07-18 22:30:51 -07:00
Brian Smith
7417889c50 Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco
--HG--
extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4
2014-07-20 11:06:26 -07:00
Brian Smith
8d436cc99b Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler
--HG--
extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532
2014-07-18 11:48:49 -07:00
David Keeler
be17e2782a bug 1040889 - don't re-cache OCSP server failures if no fetch was attempted r=briansmith r=cviecco
--HG--
extra : rebase_source : e00c84e62ecca3e97794d3ceafcd1f5f618045d1
2014-07-25 16:59:22 -07:00
Mike Hommey
b99bba5c3f Bug 1041864 - Remove LIBRARY_NAMEs that aren't used. r=mshal 2014-07-23 08:39:56 +09:00
Cykesiopka
65dfa136df Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith 2014-07-15 19:49:00 -04:00
Brian Smith
46bdbab7f8 Bug 1038098: Save intermediate certificates during TLS handshake, r=keeler
--HG--
extra : rebase_source : 99e2551e78bc8eac91174e5320c15623ede26642
extra : histedit_source : c4af1c24b95b1b3c8a86d06575645b6ffc5308a6
2014-07-14 16:43:33 -07:00
Brian Smith
8fd4eed261 Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8
extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d
2014-07-06 19:36:05 -07:00
Brian Smith
16a3da199e Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad
extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb
2014-07-10 19:00:32 -07:00
Brian Smith
e230435e59 Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco
--HG--
extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc
2014-07-10 22:38:59 -07:00
Brian Smith
d66c74e652 Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc
extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605
2014-07-06 15:55:38 -07:00
Brian Smith
358b82e03b Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc
--HG--
extra : rebase_source : 68e6da2f1e1c7fa678ef4cc81d23cc6298709108
extra : histedit_source : feba4c589dbf004ee50e2dea1fca0809f8f97674
2014-07-03 21:49:56 -07:00
Brian Smith
0c6544f1f0 Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler
--HG--
extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e
2014-07-02 16:15:16 -07:00
Brian Smith
549189d132 Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler
--HG--
extra : rebase_source : e093922497d005734c590a59f175993a7715bce8
2014-07-03 16:59:42 -07:00
Brian Smith
f58287e30a Bug 1035034: Fix typo in CertVerifier, r=cviecco
--HG--
extra : rebase_source : b8871ee8cf1e156ef48d363ea49e8b82ab268d98
2014-07-06 19:15:13 -07:00
Brian Smith
2bd47f2cb9 Bug 975229: Remove NSS-based certificate verification, r=keeler
--HG--
extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9
2014-06-16 23:13:29 -07:00
Brian Smith
c214d0f55e Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
2014-06-20 10:10:51 -07:00
David Keeler
6dc7ca62d1 bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith 2014-06-20 09:01:57 -07:00
Brian Smith
84f52d8461 Bug 1006812: Use mozilla::pkix::der to decode the key usage extension, r=keeler
--HG--
extra : rebase_source : e445c913994dc027e1179543d7b6cab2505e734d
2014-06-19 00:13:20 -07:00
Brian Smith
81e6beaa4b Bug 1022970: Switch from UNIFIED_SOURCES back to SOURCES in security/pkix, security/certverifier, and security/manager/ssl/src, r=keeler
--HG--
extra : rebase_source : 7d45d018be6b23af199c1e9c858fb5bb3bb5a01b
2014-06-16 22:57:55 -07:00
Brian Smith
8db16ecca0 Bug 1026371: Remove useless comments in CertVerifier.cpp, r=cviecco
--HG--
extra : rebase_source : 58444ab17c68bcde6938540b3b074af55e417687
2014-06-16 23:37:53 -07:00
David Keeler
c251954bfe bug 1017826 - follow-up to fix indentation r=me a=whitespace-only DONTBUILD 2014-06-17 09:14:00 -07:00
Harsh Pathak
ca13d59d69 Bug 1017826 - prevent a potential memory leak in OCSPCache::Put. r=keeler 2014-06-16 20:27:00 +02:00
Brian Smith
f3ab0b43c6 Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
--HG--
extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8
2014-06-05 15:18:32 -07:00
David Keeler
cb6b2b4ade bug 1019198 - fail handshake if given an expired OCSP response and fetching a new one fails r=briansmith 2014-06-06 09:20:50 -07:00
Brian Smith
c9249cca82 Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
--HG--
extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f
2014-06-03 10:47:25 -07:00
Camilo Viecco
fc11f7c21d Bug 991815 - Part 1/2 - Allow intermediate OCSP responses up to 1 year old. r=keeler
--HG--
extra : rebase_source : 28d5336da1dc44932b92ce2c59fca5fcb2b8a3d8
2014-05-30 16:12:36 -07:00
Brian Smith
833425eae1 Bug 1010634, Part 6: Enable -Wall with a few exceptions for certverifier, r=cviecco
--HG--
extra : rebase_source : 611f0d65e7edb74345a4a599a6606de37e3da75e
2014-05-15 21:56:23 -07:00
Brian Smith
7a871c3cee Bug 1010634, Part 3: Fix more warnings in CertVerifier, r=cviecco
--HG--
extra : rebase_source : 21e79fbc472aeccec7df213e0cd8d99bebfbff75
2014-05-29 20:17:53 -07:00
Cykesiopka
ea035ab7a4 Bug 917510 - Replace SHA-1 fingerprints of EV certs in ExtendedValidation.cpp with SHA-2 fingerprints. r=briansmith, r=kwilson 2014-05-30 00:01:00 -04:00
David Keeler
56379872a2 bug 1006710 - add class of PSM errors to SEC and SSL errors r=briansmith 2014-05-28 15:28:03 -07:00
Camilo Viecco
44bf536cc4 Bug 1005142 - Part 1/2 - Add OCSP get capabilities to OCSPRequestor. r=keeler
--HG--
extra : rebase_source : ee4a86bf02a466a31de8b0b6cd7ce375a7f28c6d
2014-05-21 15:42:21 -07:00
Camilo Viecco
1eac4f4b6c Bug 1010594 - Part 1/2 OCSP url check - r=briansmith
--HG--
extra : rebase_source : 0b26339d33db90722401ae1d8ac255d0390aea30
2014-05-16 13:53:14 -07:00
Monica Chew
1d542c52b2 Bug 1011269: Forgot to qref to pick up keeler's changes (r=keeler) 2014-05-19 13:24:41 -07:00
Monica Chew
8bc2f051f9 Bug 1011269: Add CertVerifier::pinningEnforceTestMode (r=keeler) 2014-05-19 13:04:40 -07:00
Brian Smith
ed25ac818b Bug 1010634, Part 1: Fix compiler warnings in certverifier, r=cviecco
--HG--
extra : rebase_source : f8d925f042040368b038b62bc1d0c9d4d6d04618
2014-05-14 17:46:32 -07:00
Brian Smith
b3711e99df Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
2014-05-15 18:59:52 -07:00
Brian Smith
e1de62ff87 Bug 1006041: Use mozilla::pkix::der for decoding the extended key usage extension, r=keeler
--HG--
extra : rebase_source : b4b62f117d653784eb6ad058554faf520a1bd90b
2014-05-14 01:02:34 -07:00
Gervase Markham
4ce70c195e Bug 1007195 - Change licensing on mozilla::pkix to dual Apache 2/MPL 2. r=briansmith. 2014-05-14 14:37:25 +01:00
David Keeler
6c916db011 bug 982248 - NSSCertDBTrustDomain: specify timeout for OCSP requests r=briansmith 2014-05-01 15:07:55 -07:00
Brian Smith
6b71be8400 Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
2014-04-25 16:29:26 -07:00
Camilo Viecco
06f960a801 Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
--HG--
extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca
2014-02-05 14:49:10 -08:00
David Keeler
2a77846f27 bug 977865 - mozilla::pkix: add backoff for ocsp fetching when a responder fails r=cviecco 2014-04-28 16:38:15 -07:00