diff --git a/dom/crypto/moz.build b/dom/crypto/moz.build index 3ebc7b45a3cf..15568974ff68 100644 --- a/dom/crypto/moz.build +++ b/dom/crypto/moz.build @@ -30,7 +30,6 @@ FINAL_LIBRARY = 'xul' LOCAL_INCLUDES += [ '/security/manager/ssl', - '/security/pkix/include', '/xpcom/build', ] diff --git a/dom/media/gtest/moz.build b/dom/media/gtest/moz.build index ee3e9ea70fcb..bf5bc5bf3890 100644 --- a/dom/media/gtest/moz.build +++ b/dom/media/gtest/moz.build @@ -85,7 +85,6 @@ LOCAL_INCLUDES += [ '/dom/media/platforms', '/dom/media/platforms/agnostic', '/security/certverifier', - '/security/pkix/include', ] FINAL_LIBRARY = 'xul-gtest' diff --git a/dom/u2f/moz.build b/dom/u2f/moz.build index 540ee17a45ca..0752bbd64247 100644 --- a/dom/u2f/moz.build +++ b/dom/u2f/moz.build @@ -25,8 +25,6 @@ LOCAL_INCLUDES += [ '/dom/crypto', '/dom/webauthn', '/security/manager/ssl', - '/security/pkix/include', - '/security/pkix/lib', ] MOCHITEST_MANIFESTS += ['tests/mochitest.ini'] diff --git a/dom/webauthn/WebAuthnUtil.cpp b/dom/webauthn/WebAuthnUtil.cpp index 4ed20af96b80..d4d944652067 100644 --- a/dom/webauthn/WebAuthnUtil.cpp +++ b/dom/webauthn/WebAuthnUtil.cpp @@ -7,7 +7,7 @@ #include "mozilla/dom/WebAuthnUtil.h" #include "nsIEffectiveTLDService.h" #include "nsNetUtil.h" -#include "pkixutil.h" +#include "mozpkix/pkixutil.h" namespace mozilla { namespace dom { diff --git a/dom/webauthn/moz.build b/dom/webauthn/moz.build index 1761d90ed55e..39009a215cee 100644 --- a/dom/webauthn/moz.build +++ b/dom/webauthn/moz.build @@ -60,8 +60,6 @@ LOCAL_INCLUDES += [ '/dom/base', '/dom/crypto', '/security/manager/ssl', - '/security/pkix/include', - '/security/pkix/lib', ] if CONFIG['OS_ARCH'] == 'WINNT': diff --git a/netwerk/base/moz.build b/netwerk/base/moz.build index a1331f3a9431..7b4f41ad0763 100644 --- a/netwerk/base/moz.build +++ b/netwerk/base/moz.build @@ -301,7 +301,6 @@ LOCAL_INCLUDES += [ '/dom/base', '/netwerk/protocol/http', '/netwerk/socket', - '/security/pkix/include' ] if CONFIG['CC_TYPE'] in ('clang', 'gcc'): diff --git a/netwerk/protocol/http/moz.build b/netwerk/protocol/http/moz.build index d315cd3ee2e2..fea295b0284e 100644 --- a/netwerk/protocol/http/moz.build +++ b/netwerk/protocol/http/moz.build @@ -127,7 +127,6 @@ LOCAL_INCLUDES += [ '/dom/base', '/netwerk/base', '/netwerk/cookie', - '/security/pkix/include', ] EXTRA_COMPONENTS += [ diff --git a/netwerk/protocol/http/nsHttpConnection.cpp b/netwerk/protocol/http/nsHttpConnection.cpp index 0b1a3d3109eb..2a95b394c9be 100644 --- a/netwerk/protocol/http/nsHttpConnection.cpp +++ b/netwerk/protocol/http/nsHttpConnection.cpp @@ -39,7 +39,7 @@ #include "nsProxyRelease.h" #include "nsSocketTransport2.h" #include "nsStringStream.h" -#include "pkix/pkixnss.h" +#include "mozpkix/pkixnss.h" #include "sslt.h" #include "NSSErrorsService.h" #include "TunnelUtils.h" diff --git a/old-configure.in b/old-configure.in index 2a446e5ff944..f896067ee08e 100644 --- a/old-configure.in +++ b/old-configure.in @@ -1776,8 +1776,8 @@ if test -n "$_USE_SYSTEM_NSS"; then AM_PATH_NSS(3.40, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])]) fi +NSS_CFLAGS="$NSS_CFLAGS -I${DIST}/include/nss" if test -z "$MOZ_SYSTEM_NSS"; then - NSS_CFLAGS="-I${DIST}/include/nss" case "${OS_ARCH}" in # Only few platforms have been tested with GYP WINNT|Darwin|Linux|DragonFly|FreeBSD|NetBSD|OpenBSD|SunOS) diff --git a/security/apps/AppSignatureVerification.cpp b/security/apps/AppSignatureVerification.cpp index 586607c615c3..6e01a2d9f5ad 100644 --- a/security/apps/AppSignatureVerification.cpp +++ b/security/apps/AppSignatureVerification.cpp @@ -36,8 +36,8 @@ #include "nsProxyRelease.h" #include "nsString.h" #include "nsTHashtable.h" -#include "pkix/pkix.h" -#include "pkix/pkixnss.h" +#include "mozpkix/pkix.h" +#include "mozpkix/pkixnss.h" #include "plstr.h" #include "secmime.h" diff --git a/security/apps/AppTrustDomain.cpp b/security/apps/AppTrustDomain.cpp index 9aa823320546..dea243b1562e 100644 --- a/security/apps/AppTrustDomain.cpp +++ b/security/apps/AppTrustDomain.cpp @@ -17,7 +17,7 @@ #include "nsIX509CertDB.h" #include "nsNSSCertificate.h" #include "nsNetUtil.h" -#include "pkix/pkixnss.h" +#include "mozpkix/pkixnss.h" #include "prerror.h" // Generated by gen_cert_header.py, which gets called by the build system. diff --git a/security/apps/AppTrustDomain.h b/security/apps/AppTrustDomain.h index 1cedd45b80b5..ff1fd46cbea1 100644 --- a/security/apps/AppTrustDomain.h +++ b/security/apps/AppTrustDomain.h @@ -7,7 +7,7 @@ #ifndef AppTrustDomain_h #define AppTrustDomain_h -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" #include "mozilla/StaticMutex.h" #include "mozilla/UniquePtr.h" #include "nsDebug.h" diff --git a/security/apps/moz.build b/security/apps/moz.build index 03d11cf78f62..0f830214d5f7 100644 --- a/security/apps/moz.build +++ b/security/apps/moz.build @@ -17,7 +17,6 @@ FINAL_LIBRARY = 'xul' LOCAL_INCLUDES += [ '/security/certverifier', '/security/manager/ssl', - '/security/pkix/include', '/third_party/rust/cose-c/include', ] diff --git a/security/certverifier/BRNameMatchingPolicy.h b/security/certverifier/BRNameMatchingPolicy.h index 009f21440f89..d5bc1f5668f2 100644 --- a/security/certverifier/BRNameMatchingPolicy.h +++ b/security/certverifier/BRNameMatchingPolicy.h @@ -7,7 +7,7 @@ #ifndef BRNameMatchingPolicy_h #define BRNameMatchingPolicy_h -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" namespace mozilla { namespace psm { diff --git a/security/certverifier/CertVerifier.cpp b/security/certverifier/CertVerifier.cpp index 04b6356e7132..365d042588b1 100644 --- a/security/certverifier/CertVerifier.cpp +++ b/security/certverifier/CertVerifier.cpp @@ -23,8 +23,8 @@ #include "nsPromiseFlatString.h" #include "nsServiceManagerUtils.h" #include "pk11pub.h" -#include "pkix/pkix.h" -#include "pkix/pkixnss.h" +#include "mozpkix/pkix.h" +#include "mozpkix/pkixnss.h" #include "secmod.h" using namespace mozilla::ct; diff --git a/security/certverifier/CertVerifier.h b/security/certverifier/CertVerifier.h index e1fbc3d74124..b44c23ec6380 100644 --- a/security/certverifier/CertVerifier.h +++ b/security/certverifier/CertVerifier.h @@ -17,7 +17,7 @@ #include "mozilla/TimeStamp.h" #include "mozilla/UniquePtr.h" #include "nsString.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" #if defined(_MSC_VER) #pragma warning(push) diff --git a/security/certverifier/ExtendedValidation.cpp b/security/certverifier/ExtendedValidation.cpp index 803f2ed8f8ce..077f61a54fb9 100644 --- a/security/certverifier/ExtendedValidation.cpp +++ b/security/certverifier/ExtendedValidation.cpp @@ -16,7 +16,7 @@ #include "nsDependentString.h" #include "nsString.h" #include "pk11pub.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" namespace mozilla { namespace psm { diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp index 94a5f4aca3d3..bb7b0bc5200b 100644 --- a/security/certverifier/NSSCertDBTrustDomain.cpp +++ b/security/certverifier/NSSCertDBTrustDomain.cpp @@ -28,9 +28,9 @@ #include "nsThreadUtils.h" #include "nss.h" #include "pk11pub.h" -#include "pkix/Result.h" -#include "pkix/pkix.h" -#include "pkix/pkixnss.h" +#include "mozpkix/Result.h" +#include "mozpkix/pkix.h" +#include "mozpkix/pkixnss.h" #include "prerror.h" #include "secerr.h" diff --git a/security/certverifier/NSSCertDBTrustDomain.h b/security/certverifier/NSSCertDBTrustDomain.h index 070017fb6a32..97462500642b 100644 --- a/security/certverifier/NSSCertDBTrustDomain.h +++ b/security/certverifier/NSSCertDBTrustDomain.h @@ -13,7 +13,7 @@ #include "mozilla/TimeStamp.h" #include "nsICertBlocklist.h" #include "nsString.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" #include "secmodt.h" namespace mozilla { namespace psm { diff --git a/security/certverifier/OCSPCache.cpp b/security/certverifier/OCSPCache.cpp index ad2ac8f50745..5d982a47ec4b 100644 --- a/security/certverifier/OCSPCache.cpp +++ b/security/certverifier/OCSPCache.cpp @@ -28,7 +28,7 @@ #include "NSSCertDBTrustDomain.h" #include "pk11pub.h" -#include "pkix/pkixnss.h" +#include "mozpkix/pkixnss.h" #include "ScopedNSSTypes.h" #include "secerr.h" diff --git a/security/certverifier/OCSPCache.h b/security/certverifier/OCSPCache.h index f5acd8a8fbad..427cdb2ad4b3 100644 --- a/security/certverifier/OCSPCache.h +++ b/security/certverifier/OCSPCache.h @@ -28,8 +28,8 @@ #include "hasht.h" #include "mozilla/Mutex.h" #include "mozilla/Vector.h" -#include "pkix/Result.h" -#include "pkix/Time.h" +#include "mozpkix/Result.h" +#include "mozpkix/Time.h" #include "prerror.h" #include "seccomon.h" diff --git a/security/certverifier/OCSPVerificationTrustDomain.h b/security/certverifier/OCSPVerificationTrustDomain.h index 26375d9566a3..f8771bc429a0 100644 --- a/security/certverifier/OCSPVerificationTrustDomain.h +++ b/security/certverifier/OCSPVerificationTrustDomain.h @@ -7,7 +7,7 @@ #ifndef mozilla_psm__OCSPVerificationTrustDomain_h #define mozilla_psm__OCSPVerificationTrustDomain_h -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" #include "NSSCertDBTrustDomain.h" namespace mozilla { namespace psm { diff --git a/security/certverifier/moz.build b/security/certverifier/moz.build index fb79cef2ec1e..115697fb14f4 100644 --- a/security/certverifier/moz.build +++ b/security/certverifier/moz.build @@ -29,13 +29,10 @@ if not CONFIG['NSS_NO_EV_CERTS']: LOCAL_INCLUDES += [ '/security/ct', '/security/manager/ssl', - '/security/pkix/include', - '/security/pkix/lib', ] DIRS += [ '../ct', - '../pkix', ] TEST_DIRS += [ diff --git a/security/ct/BTVerifier.h b/security/ct/BTVerifier.h index badb4cf5d09e..59f86f266841 100644 --- a/security/ct/BTVerifier.h +++ b/security/ct/BTVerifier.h @@ -8,8 +8,8 @@ #define BTVerifier_h #include "BTInclusionProof.h" -#include "pkix/Input.h" -#include "pkix/Result.h" +#include "mozpkix/Input.h" +#include "mozpkix/Result.h" namespace mozilla { namespace ct { diff --git a/security/ct/CTDiversityPolicy.h b/security/ct/CTDiversityPolicy.h index f0ba8a45db33..a344527f0d81 100644 --- a/security/ct/CTDiversityPolicy.h +++ b/security/ct/CTDiversityPolicy.h @@ -10,7 +10,7 @@ #include "CTLog.h" #include "CTVerifyResult.h" #include "certt.h" -#include "pkix/Result.h" +#include "mozpkix/Result.h" namespace mozilla { namespace ct { diff --git a/security/ct/CTLogVerifier.cpp b/security/ct/CTLogVerifier.cpp index d03a71a67c07..51fe86db5803 100644 --- a/security/ct/CTLogVerifier.cpp +++ b/security/ct/CTLogVerifier.cpp @@ -10,8 +10,8 @@ #include "CTSerialization.h" #include "hasht.h" -#include "pkix/pkixnss.h" -#include "pkixutil.h" +#include "mozpkix/pkixnss.h" +#include "mozpkix/pkixutil.h" namespace mozilla { namespace ct { diff --git a/security/ct/CTLogVerifier.h b/security/ct/CTLogVerifier.h index e338f49caac0..f74aee608f6a 100644 --- a/security/ct/CTLogVerifier.h +++ b/security/ct/CTLogVerifier.h @@ -13,9 +13,9 @@ #include "CTUtils.h" #include "SignedCertificateTimestamp.h" #include "SignedTreeHead.h" -#include "pkix/Input.h" -#include "pkix/Result.h" -#include "pkix/pkix.h" +#include "mozpkix/Input.h" +#include "mozpkix/Result.h" +#include "mozpkix/pkix.h" namespace mozilla { namespace ct { diff --git a/security/ct/CTObjectsExtractor.cpp b/security/ct/CTObjectsExtractor.cpp index 43939b6ace78..485a7181b3de 100644 --- a/security/ct/CTObjectsExtractor.cpp +++ b/security/ct/CTObjectsExtractor.cpp @@ -10,8 +10,8 @@ #include #include "hasht.h" -#include "pkix/pkixnss.h" -#include "pkixutil.h" +#include "mozpkix/pkixnss.h" +#include "mozpkix/pkixutil.h" namespace mozilla { namespace ct { diff --git a/security/ct/CTObjectsExtractor.h b/security/ct/CTObjectsExtractor.h index 88bca3a3fb4b..c201aaabc57c 100644 --- a/security/ct/CTObjectsExtractor.h +++ b/security/ct/CTObjectsExtractor.h @@ -7,8 +7,8 @@ #ifndef CTObjectsExtractor_h #define CTObjectsExtractor_h -#include "pkix/Input.h" -#include "pkix/Result.h" +#include "mozpkix/Input.h" +#include "mozpkix/Result.h" #include "SignedCertificateTimestamp.h" namespace mozilla { namespace ct { diff --git a/security/ct/CTPolicyEnforcer.h b/security/ct/CTPolicyEnforcer.h index 9ff63490e76f..99cba49e8e35 100644 --- a/security/ct/CTPolicyEnforcer.h +++ b/security/ct/CTPolicyEnforcer.h @@ -9,7 +9,7 @@ #include "CTLog.h" #include "CTVerifyResult.h" -#include "pkix/Result.h" +#include "mozpkix/Result.h" namespace mozilla { namespace ct { diff --git a/security/ct/CTSerialization.h b/security/ct/CTSerialization.h index 499f75cc21d7..d3c5e5ec8c09 100644 --- a/security/ct/CTSerialization.h +++ b/security/ct/CTSerialization.h @@ -9,8 +9,8 @@ #include -#include "pkix/Input.h" -#include "pkix/Result.h" +#include "mozpkix/Input.h" +#include "mozpkix/Result.h" #include "SignedCertificateTimestamp.h" #include "SignedTreeHead.h" diff --git a/security/ct/CTUtils.h b/security/ct/CTUtils.h index e4e9ddb83f50..8d061789d344 100644 --- a/security/ct/CTUtils.h +++ b/security/ct/CTUtils.h @@ -13,8 +13,8 @@ #include "keyhi.h" #include "keythi.h" #include "pk11pub.h" -#include "pkix/Input.h" -#include "pkix/Result.h" +#include "mozpkix/Input.h" +#include "mozpkix/Result.h" #define MOZILLA_CT_ARRAY_LENGTH(x) (sizeof(x) / sizeof((x)[0])) diff --git a/security/ct/MultiLogCTVerifier.h b/security/ct/MultiLogCTVerifier.h index cf850193c48d..81927d617505 100644 --- a/security/ct/MultiLogCTVerifier.h +++ b/security/ct/MultiLogCTVerifier.h @@ -11,9 +11,9 @@ #include "CTLogVerifier.h" #include "CTVerifyResult.h" -#include "pkix/Input.h" -#include "pkix/Result.h" -#include "pkix/Time.h" +#include "mozpkix/Input.h" +#include "mozpkix/Result.h" +#include "mozpkix/Time.h" #include "SignedCertificateTimestamp.h" namespace mozilla { namespace ct { diff --git a/security/ct/SignedCertificateTimestamp.h b/security/ct/SignedCertificateTimestamp.h index 7dee9e460f69..3af31eb4d1a8 100644 --- a/security/ct/SignedCertificateTimestamp.h +++ b/security/ct/SignedCertificateTimestamp.h @@ -8,8 +8,8 @@ #define SignedCertificateTimestamp_h #include "Buffer.h" -#include "pkix/Input.h" -#include "pkix/Result.h" +#include "mozpkix/Input.h" +#include "mozpkix/Result.h" // Structures related to Certificate Transparency (RFC 6962). namespace mozilla { namespace ct { diff --git a/security/ct/moz.build b/security/ct/moz.build index c001f2684d98..43ecb19072a9 100644 --- a/security/ct/moz.build +++ b/security/ct/moz.build @@ -31,15 +31,6 @@ UNIFIED_SOURCES += [ 'SignedCertificateTimestamp.cpp', ] -LOCAL_INCLUDES += [ - '/security/pkix/include', - '/security/pkix/lib', -] - -DIRS += [ - '../pkix', -] - TEST_DIRS += [ 'tests/gtest', ] diff --git a/security/ct/tests/gtest/CTTestUtils.cpp b/security/ct/tests/gtest/CTTestUtils.cpp index 56b80ce27cf0..51b200b7076a 100644 --- a/security/ct/tests/gtest/CTTestUtils.cpp +++ b/security/ct/tests/gtest/CTTestUtils.cpp @@ -12,13 +12,13 @@ #include "BTInclusionProof.h" #include "CTSerialization.h" #include "gtest/gtest.h" -#include "pkix/Input.h" -#include "pkix/pkix.h" -#include "pkix/pkixnss.h" -#include "pkix/pkixtypes.h" -#include "pkix/Result.h" -#include "pkixcheck.h" -#include "pkixutil.h" +#include "mozpkix/Input.h" +#include "mozpkix/pkix.h" +#include "mozpkix/pkixnss.h" +#include "mozpkix/pkixtypes.h" +#include "mozpkix/Result.h" +#include "mozpkix/pkixcheck.h" +#include "mozpkix/pkixutil.h" #include "SignedCertificateTimestamp.h" #include "SignedTreeHead.h" diff --git a/security/ct/tests/gtest/CTTestUtils.h b/security/ct/tests/gtest/CTTestUtils.h index 7ed9ea2a7417..56983b46d8e0 100644 --- a/security/ct/tests/gtest/CTTestUtils.h +++ b/security/ct/tests/gtest/CTTestUtils.h @@ -9,8 +9,8 @@ #include -#include "pkix/Input.h" -#include "pkix/Time.h" +#include "mozpkix/Input.h" +#include "mozpkix/Time.h" #include "seccomon.h" #include "SignedCertificateTimestamp.h" #include "SignedTreeHead.h" diff --git a/security/ct/tests/gtest/moz.build b/security/ct/tests/gtest/moz.build index bf31e7b82058..1614eefa2c1c 100644 --- a/security/ct/tests/gtest/moz.build +++ b/security/ct/tests/gtest/moz.build @@ -17,8 +17,6 @@ SOURCES += [ LOCAL_INCLUDES += [ '../..', - '/security/pkix/include', - '/security/pkix/lib', ] if not CONFIG['MOZ_DEBUG']: diff --git a/security/manager/ssl/CSTrustDomain.cpp b/security/manager/ssl/CSTrustDomain.cpp index e0fbf285ebd4..a133cc278085 100644 --- a/security/manager/ssl/CSTrustDomain.cpp +++ b/security/manager/ssl/CSTrustDomain.cpp @@ -12,7 +12,7 @@ #include "NSSCertDBTrustDomain.h" #include "nsServiceManagerUtils.h" #include "nsThreadUtils.h" -#include "pkix/pkixnss.h" +#include "mozpkix/pkixnss.h" using namespace mozilla::pkix; diff --git a/security/manager/ssl/CSTrustDomain.h b/security/manager/ssl/CSTrustDomain.h index 5d502ecb28a8..d7a2e8c47129 100644 --- a/security/manager/ssl/CSTrustDomain.h +++ b/security/manager/ssl/CSTrustDomain.h @@ -7,7 +7,7 @@ #ifndef CSTrustDomain_h #define CSTrustDomain_h -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" #include "mozilla/StaticMutex.h" #include "mozilla/UniquePtr.h" #include "nsDebug.h" diff --git a/security/manager/ssl/CertBlocklist.cpp b/security/manager/ssl/CertBlocklist.cpp index 53fd7c32ea9e..638c8b2a267e 100644 --- a/security/manager/ssl/CertBlocklist.cpp +++ b/security/manager/ssl/CertBlocklist.cpp @@ -26,7 +26,7 @@ #include "nsPromiseFlatString.h" #include "nsTHashtable.h" #include "nsThreadUtils.h" -#include "pkix/Input.h" +#include "mozpkix/Input.h" #include "prtime.h" NS_IMPL_ISUPPORTS(CertBlocklist, nsICertBlocklist) diff --git a/security/manager/ssl/CertBlocklist.h b/security/manager/ssl/CertBlocklist.h index 601d5258b28a..3a28d2fba291 100644 --- a/security/manager/ssl/CertBlocklist.h +++ b/security/manager/ssl/CertBlocklist.h @@ -14,7 +14,7 @@ #include "nsIX509CertDB.h" #include "nsString.h" #include "nsTHashtable.h" -#include "pkix/Input.h" +#include "mozpkix/Input.h" #define NS_CERT_BLOCKLIST_CID \ {0x11aefd53, 0x2fbb, 0x4c92, {0xa0, 0xc1, 0x05, 0x32, 0x12, 0xae, 0x42, 0xd0} } diff --git a/security/manager/ssl/ContentSignatureVerifier.cpp b/security/manager/ssl/ContentSignatureVerifier.cpp index a63f56a04597..ec02fdc56a4a 100644 --- a/security/manager/ssl/ContentSignatureVerifier.cpp +++ b/security/manager/ssl/ContentSignatureVerifier.cpp @@ -23,8 +23,8 @@ #include "nsSecurityHeaderParser.h" #include "nsStreamUtils.h" #include "nsWhitespaceTokenizer.h" -#include "pkix/pkix.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkix.h" +#include "mozpkix/pkixtypes.h" #include "secerr.h" NS_IMPL_ISUPPORTS(ContentSignatureVerifier, diff --git a/security/manager/ssl/NSSErrorsService.cpp b/security/manager/ssl/NSSErrorsService.cpp index c8afcc42c083..539e0773fe9a 100644 --- a/security/manager/ssl/NSSErrorsService.cpp +++ b/security/manager/ssl/NSSErrorsService.cpp @@ -6,7 +6,7 @@ #include "nsNSSComponent.h" #include "nsServiceManagerUtils.h" -#include "pkix/pkixnss.h" +#include "mozpkix/pkixnss.h" #include "secerr.h" #include "sslerr.h" diff --git a/security/manager/ssl/PublicKeyPinningService.cpp b/security/manager/ssl/PublicKeyPinningService.cpp index cfd56945b392..fa6bb4183c36 100644 --- a/security/manager/ssl/PublicKeyPinningService.cpp +++ b/security/manager/ssl/PublicKeyPinningService.cpp @@ -15,7 +15,7 @@ #include "nsISiteSecurityService.h" #include "nsServiceManagerUtils.h" #include "nsSiteSecurityService.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" #include "seccomon.h" #include "sechash.h" diff --git a/security/manager/ssl/PublicKeyPinningService.h b/security/manager/ssl/PublicKeyPinningService.h index 550199385abf..161a1c6fdcbd 100644 --- a/security/manager/ssl/PublicKeyPinningService.h +++ b/security/manager/ssl/PublicKeyPinningService.h @@ -11,7 +11,7 @@ #include "nsNSSCertificate.h" #include "nsString.h" #include "nsTArray.h" -#include "pkix/Time.h" +#include "mozpkix/Time.h" namespace mozilla { class OriginAttributes; diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp index 0a64d6e78e25..b0e05b4df612 100644 --- a/security/manager/ssl/SSLServerCertVerification.cpp +++ b/security/manager/ssl/SSLServerCertVerification.cpp @@ -130,8 +130,8 @@ #include "nsString.h" #include "nsURLHelper.h" #include "nsXPCOMCIDInternal.h" -#include "pkix/pkix.h" -#include "pkix/pkixnss.h" +#include "mozpkix/pkix.h" +#include "mozpkix/pkixnss.h" #include "secerr.h" #include "secoidt.h" #include "secport.h" diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp index 269d708b17bf..22b690a9fa1f 100644 --- a/security/manager/ssl/TransportSecurityInfo.cpp +++ b/security/manager/ssl/TransportSecurityInfo.cpp @@ -23,7 +23,7 @@ #include "nsReadableUtils.h" #include "nsServiceManagerUtils.h" #include "nsXULAppAPI.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" #include "secerr.h" //#define DEBUG_SSL_VERBOSE //Enable this define to get minimal diff --git a/security/manager/ssl/TransportSecurityInfo.h b/security/manager/ssl/TransportSecurityInfo.h index e1522a9de097..4484f0cd1488 100644 --- a/security/manager/ssl/TransportSecurityInfo.h +++ b/security/manager/ssl/TransportSecurityInfo.h @@ -20,7 +20,7 @@ #include "nsITransportSecurityInfo.h" #include "nsNSSCertificate.h" #include "nsString.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" namespace mozilla { namespace psm { diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build index ff4ba23eaab5..d78de5334406 100644 --- a/security/manager/ssl/moz.build +++ b/security/manager/ssl/moz.build @@ -176,7 +176,6 @@ LOCAL_INCLUDES += [ '/dom/base', '/dom/crypto', '/security/certverifier', - '/security/pkix/include', ] LOCAL_INCLUDES += [ @@ -201,6 +200,10 @@ if not CONFIG['MOZ_SYSTEM_NSS']: 'crmf', ] +# mozpkix is linked statically from the in-tree sources independent of whether +# system NSS is used or not. +USE_LIBS += [ 'mozpkix' ] + include('/ipc/chromium/chromium-config.mozbuild') if CONFIG['CC_TYPE'] in ('clang', 'gcc'): diff --git a/security/manager/ssl/nsCertTree.cpp b/security/manager/ssl/nsCertTree.cpp index 5db3bc6719ec..22d45b58fc20 100644 --- a/security/manager/ssl/nsCertTree.cpp +++ b/security/manager/ssl/nsCertTree.cpp @@ -23,7 +23,7 @@ #include "nsXPCOMCID.h" #include "nsString.h" #include "nsTreeColumns.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" using namespace mozilla; diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp index 87ea3a4022a5..8cad2bf7257b 100644 --- a/security/manager/ssl/nsNSSCallbacks.cpp +++ b/security/manager/ssl/nsNSSCallbacks.cpp @@ -33,7 +33,7 @@ #include "nsProtectedAuthThread.h" #include "nsProxyRelease.h" #include "nsStringStream.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" #include "ssl.h" #include "sslproto.h" diff --git a/security/manager/ssl/nsNSSCallbacks.h b/security/manager/ssl/nsNSSCallbacks.h index b0b8d5c4bf60..c4c0e91a1548 100644 --- a/security/manager/ssl/nsNSSCallbacks.h +++ b/security/manager/ssl/nsNSSCallbacks.h @@ -14,7 +14,7 @@ #include "nspr.h" #include "nsString.h" #include "pk11func.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" using mozilla::OriginAttributes; using mozilla::TimeDuration; diff --git a/security/manager/ssl/nsNSSCertificate.cpp b/security/manager/ssl/nsNSSCertificate.cpp index 5d61c6abd91e..c69b5517cbef 100644 --- a/security/manager/ssl/nsNSSCertificate.cpp +++ b/security/manager/ssl/nsNSSCertificate.cpp @@ -35,9 +35,9 @@ #include "nsThreadUtils.h" #include "nsUnicharUtils.h" #include "nspr.h" -#include "pkix/pkixnss.h" -#include "pkix/pkixtypes.h" -#include "pkix/Result.h" +#include "mozpkix/pkixnss.h" +#include "mozpkix/pkixtypes.h" +#include "mozpkix/Result.h" #include "prerror.h" #include "secasn1.h" #include "secder.h" diff --git a/security/manager/ssl/nsNSSCertificateDB.cpp b/security/manager/ssl/nsNSSCertificateDB.cpp index 6aea9cf0dbd9..deb90e1e6b41 100644 --- a/security/manager/ssl/nsNSSCertificateDB.cpp +++ b/security/manager/ssl/nsNSSCertificateDB.cpp @@ -15,6 +15,9 @@ #include "mozilla/Casting.h" #include "mozilla/Services.h" #include "mozilla/Unused.h" +#include "mozpkix/Time.h" +#include "mozpkix/pkixnss.h" +#include "mozpkix/pkixtypes.h" #include "nsArray.h" #include "nsArrayUtils.h" #include "nsCOMPtr.h" @@ -37,9 +40,6 @@ #include "nsReadableUtils.h" #include "nsThreadUtils.h" #include "nspr.h" -#include "pkix/Time.h" -#include "pkix/pkixnss.h" -#include "pkix/pkixtypes.h" #include "secasn1.h" #include "secder.h" #include "secerr.h" diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index b5683d9e8788..06fff93b73fd 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -52,7 +52,7 @@ #include "nsXULAppAPI.h" #include "nss.h" #include "p12plcy.h" -#include "pkix/pkixnss.h" +#include "mozpkix/pkixnss.h" #include "secerr.h" #include "secmod.h" #include "ssl.h" diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp index c1b3c86ef99f..b756ddcd734a 100644 --- a/security/manager/ssl/nsNSSIOLayer.cpp +++ b/security/manager/ssl/nsNSSIOLayer.cpp @@ -38,8 +38,8 @@ #include "nsNSSHelper.h" #include "nsPrintfCString.h" #include "nsServiceManagerUtils.h" -#include "pkix/pkixnss.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixnss.h" +#include "mozpkix/pkixtypes.h" #include "prmem.h" #include "prnetdb.h" #include "secder.h" diff --git a/security/manager/ssl/nsPKCS12Blob.cpp b/security/manager/ssl/nsPKCS12Blob.cpp index 28e68cbf8a5c..89af7b226184 100644 --- a/security/manager/ssl/nsPKCS12Blob.cpp +++ b/security/manager/ssl/nsPKCS12Blob.cpp @@ -21,7 +21,7 @@ #include "nsReadableUtils.h" #include "nsThreadUtils.h" #include "p12plcy.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" #include "secerr.h" using namespace mozilla; diff --git a/security/manager/ssl/nsSiteSecurityService.h b/security/manager/ssl/nsSiteSecurityService.h index 00af90dc34d5..f9e8a32828ed 100644 --- a/security/manager/ssl/nsSiteSecurityService.h +++ b/security/manager/ssl/nsSiteSecurityService.h @@ -14,7 +14,7 @@ #include "nsISiteSecurityService.h" #include "nsString.h" #include "nsTArray.h" -#include "pkix/pkixtypes.h" +#include "mozpkix/pkixtypes.h" #include "prtime.h" class nsIURI; diff --git a/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp index e8c6fb1094b6..c29ffe086aca 100644 --- a/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp +++ b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp @@ -11,8 +11,8 @@ #include "mozilla/Casting.h" #include "mozilla/Sprintf.h" #include "nss.h" -#include "pkix/pkixtypes.h" -#include "pkixtestutil.h" +#include "mozpkix/pkixtypes.h" +#include "mozpkix/test/pkixtestutil.h" #include "prerr.h" #include "secerr.h" diff --git a/security/manager/ssl/tests/gtest/moz.build b/security/manager/ssl/tests/gtest/moz.build index 3274beef68ab..5a2650fddd64 100644 --- a/security/manager/ssl/tests/gtest/moz.build +++ b/security/manager/ssl/tests/gtest/moz.build @@ -18,8 +18,6 @@ SOURCES += [ LOCAL_INCLUDES += [ '/security/certverifier', '/security/manager/ssl', - '/security/pkix/include', - '/security/pkix/test/lib', '/third_party/rust/cose-c/include', ] diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build b/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build index c9fd0cc422ac..44dd5fdcec7f 100644 --- a/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build +++ b/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build @@ -16,10 +16,9 @@ LOCAL_INCLUDES += [ ] USE_LIBS += [ - 'mozillapkix', + 'mozpkix', 'nspr', 'nss', - 'pkixtestutil', 'tlsserver', ] diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp index 9af09b8bc3af..824556d6002c 100644 --- a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp +++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp @@ -6,8 +6,8 @@ #include -#include "pkixtestutil.h" -#include "pkixtestnss.h" +#include "mozpkix/test/pkixtestutil.h" +#include "mozpkix/test/pkixtestnss.h" #include "TLSServer.h" #include "secder.h" #include "secerr.h" diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/moz.build b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build index 5b28e4a5541f..09b919b3d6b1 100644 --- a/security/manager/ssl/tests/unit/tlsserver/lib/moz.build +++ b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build @@ -9,9 +9,8 @@ UNIFIED_SOURCES += [ 'TLSServer.cpp', ] -LOCAL_INCLUDES += [ - '../../../../../../pkix/include', - '../../../../../../pkix/test/lib', +USE_LIBS += [ + 'mozpkix-testlib', ] Library('tlsserver') diff --git a/security/moz.build b/security/moz.build index 699c09a1a182..6d2c6b52cc95 100644 --- a/security/moz.build +++ b/security/moz.build @@ -19,130 +19,137 @@ with Files("nss.symbols"): if CONFIG['MOZ_SYSTEM_NSS']: Library('nss') OS_LIBS += CONFIG['NSS_LIBS'] + +include('/build/gyp_base.mozbuild') +if CONFIG['MOZ_FOLD_LIBS']: + GeckoSharedLibrary('nss', linkage=None) + # TODO: The library name can be changed when bug 845217 is fixed. + SHARED_LIBRARY_NAME = 'nss3' + + USE_LIBS += [ + 'nspr4', + 'nss3_static', + 'nssutil', + 'plc4', + 'plds4', + 'smime3_static', + 'ssl', + ] + + OS_LIBS += CONFIG['REALTIME_LIBS'] + + SYMBOLS_FILE = 'nss.symbols' + # This changes the default targets in the NSS build, among + # other things. + gyp_vars['moz_fold_libs'] = 1 + # Some things in NSS need to link against nssutil, which + # gets folded, so this tells them what to link against. + gyp_vars['moz_folded_library_name'] = 'nss' + # Force things in NSS that want to link against NSPR to link + # against the folded library. + gyp_vars['nspr_libs'] = 'nss' +elif not CONFIG['MOZ_SYSTEM_NSS']: + Library('nss') + USE_LIBS += [ + 'nss3', + 'nssutil3', + 'smime3', + 'sqlite', + 'ssl3', + ] + gyp_vars['nspr_libs'] = 'nspr' else: - include('/build/gyp_base.mozbuild') - if CONFIG['MOZ_FOLD_LIBS']: - GeckoSharedLibrary('nss', linkage=None) - # TODO: The library name can be changed when bug 845217 is fixed. - SHARED_LIBRARY_NAME = 'nss3' + # Build mozpkix and mozpkix-test only + gyp_vars['nspr_libs'] = 'nspr' + gyp_vars['mozpkix_only'] = 1 - USE_LIBS += [ - 'nspr4', - 'nss3_static', - 'nssutil', - 'plc4', - 'plds4', - 'smime3_static', - 'ssl', - ] +# This disables building some NSS tools. +gyp_vars['mozilla_client'] = 1 +# We run shlibsign as part of packaging, not build. +gyp_vars['sign_libs'] = 0 +gyp_vars['python'] = CONFIG['PYTHON'] +# The NSS gyp files do not have a default for this. +gyp_vars['nss_dist_dir'] = '$PRODUCT_DIR/dist' +# NSS wants to put public headers in $nss_dist_dir/public/nss by default, +# which would wind up being mapped to dist/include/public/nss (by +# gyp_reader's `handle_copies`). +# This forces it to put them in dist/include/nss. +gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist' +gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin' +# We don't currently build NSS tests. +gyp_vars['disable_tests'] = 1 +if CONFIG['NSS_DISABLE_DBM']: + gyp_vars['disable_dbm'] = 1 +gyp_vars['disable_libpkix'] = 1 +# pkg-config won't reliably find zlib on our builders, so just force it. +# System zlib is only used for modutil and signtool unless +# SSL zlib is enabled, which we are disabling immediately below this. +gyp_vars['zlib_libs'] = '-lz' +gyp_vars['ssl_enable_zlib'] = 0 +# System sqlite here is the in-tree mozsqlite. +gyp_vars['use_system_sqlite'] = 1 +gyp_vars['sqlite_libs'] = 'sqlite' - OS_LIBS += CONFIG['REALTIME_LIBS'] - SYMBOLS_FILE = 'nss.symbols' - # This changes the default targets in the NSS build, among - # other things. - gyp_vars['moz_fold_libs'] = 1 - # Some things in NSS need to link against nssutil, which - # gets folded, so this tells them what to link against. - gyp_vars['moz_folded_library_name'] = 'nss' - # Force things in NSS that want to link against NSPR to link - # against the folded library. - gyp_vars['nspr_libs'] = 'nss' - else: - Library('nss') - USE_LIBS += [ - 'nss3', - 'nssutil3', - 'smime3', - 'sqlite', - 'ssl3', - ] - gyp_vars['nspr_libs'] = 'nspr' +if CONFIG['MOZ_SYSTEM_NSPR']: + gyp_vars['nspr_include_dir'] = '%' + CONFIG['NSPR_INCLUDE_DIR'] + gyp_vars['nspr_lib_dir'] = '%' + CONFIG['NSPR_LIB_DIR'] +else: + gyp_vars['nspr_include_dir'] = '!/dist/include/nspr' + gyp_vars['nspr_lib_dir'] = '' # gyp wants a value, but we don't need + # it to be valid. - # This disables building some NSS tools. - gyp_vars['mozilla_client'] = 1 - # We run shlibsign as part of packaging, not build. - gyp_vars['sign_libs'] = 0 - gyp_vars['python'] = CONFIG['PYTHON'] - # The NSS gyp files do not have a default for this. - gyp_vars['nss_dist_dir'] = '$PRODUCT_DIR/dist' - # NSS wants to put public headers in $nss_dist_dir/public/nss by default, - # which would wind up being mapped to dist/include/public/nss (by - # gyp_reader's `handle_copies`). - # This forces it to put them in dist/include/nss. - gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist' - gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin' - # We don't currently build NSS tests. - gyp_vars['disable_tests'] = 1 - if CONFIG['NSS_DISABLE_DBM']: - gyp_vars['disable_dbm'] = 1 - gyp_vars['disable_libpkix'] = 1 - # pkg-config won't reliably find zlib on our builders, so just force it. - # System zlib is only used for modutil and signtool unless - # SSL zlib is enabled, which we are disabling immediately below this. - gyp_vars['zlib_libs'] = '-lz' - gyp_vars['ssl_enable_zlib'] = 0 - # System sqlite here is the in-tree mozsqlite. - gyp_vars['use_system_sqlite'] = 1 - gyp_vars['sqlite_libs'] = 'sqlite' +# The Python scripts that detect clang need it to be set as CC +# in the environment, which isn't true here. I don't know that +# setting that would be harmful, but we already have this information +# anyway. +if CONFIG['CC_TYPE'] in ('clang', 'clang-cl'): + gyp_vars['cc_is_clang'] = 1 +if CONFIG['GCC_USE_GNU_LD']: + gyp_vars['cc_use_gnu_ld'] = 1 - if CONFIG['MOZ_SYSTEM_NSPR']: - gyp_vars['nspr_include_dir'] = '%' + CONFIG['NSPR_INCLUDE_DIR'] - gyp_vars['nspr_lib_dir'] = '%' + CONFIG['NSPR_LIB_DIR'] - else: - gyp_vars['nspr_include_dir'] = '!/dist/include/nspr' - gyp_vars['nspr_lib_dir'] = '' # gyp wants a value, but we don't need - # it to be valid. +GYP_DIRS += ['nss'] +GYP_DIRS['nss'].input = 'nss/nss.gyp' +GYP_DIRS['nss'].variables = gyp_vars - # The Python scripts that detect clang need it to be set as CC - # in the environment, which isn't true here. I don't know that - # setting that would be harmful, but we already have this information - # anyway. - if CONFIG['CC_TYPE'] in ('clang', 'clang-cl'): - gyp_vars['cc_is_clang'] = 1 - if CONFIG['GCC_USE_GNU_LD']: - gyp_vars['cc_use_gnu_ld'] = 1 - - GYP_DIRS += ['nss'] - GYP_DIRS['nss'].input = 'nss/nss.gyp' - GYP_DIRS['nss'].variables = gyp_vars - - sandbox_vars = { - # NSS explicitly exports its public symbols - # with linker scripts. - 'COMPILE_FLAGS': { - 'VISIBILITY': [], - # XXX: We should fix these warnings. - 'WARNINGS_AS_ERRORS': [], - }, - # NSS' build system doesn't currently build NSS with PGO. - # We could probably do so, but not without a lot of - # careful consideration. - 'NO_PGO': True, - } - if CONFIG['OS_TARGET'] == 'WINNT': - if CONFIG['CPU_ARCH'] == 'x86': - # This should really be the default. - sandbox_vars['ASFLAGS'] = ['-safeseh'] - if CONFIG['MOZ_FOLD_LIBS_FLAGS']: - sandbox_vars['CFLAGS'] = CONFIG['MOZ_FOLD_LIBS_FLAGS'] - if CONFIG['OS_TARGET'] == 'Android': - sandbox_vars['CFLAGS'] = [ - '-include', TOPSRCDIR + '/security/manager/android_stub.h', - # Setting sandbox_vars['DEFINES'] is broken currently. - '-DCHECK_FORK_GETPID', - ] - if CONFIG['ANDROID_VERSION']: - sandbox_vars['CFLAGS'] += ['-DANDROID_VERSION=' + CONFIG['ANDROID_VERSION']] - GYP_DIRS['nss'].sandbox_vars = sandbox_vars - GYP_DIRS['nss'].no_chromium = True - GYP_DIRS['nss'].no_unified = True - # This maps action names from gyp files to - # Python scripts that can be used in moz.build GENERATED_FILES. - GYP_DIRS['nss'].action_overrides = { - 'generate_certdata_c': 'generate_certdata.py', - 'generate_mapfile': 'generate_mapfile.py', - } +sandbox_vars = { + # NSS explicitly exports its public symbols + # with linker scripts. + 'COMPILE_FLAGS': { + 'VISIBILITY': [], + # XXX: We should fix these warnings. + 'WARNINGS_AS_ERRORS': [], + }, + # NSS' build system doesn't currently build NSS with PGO. + # We could probably do so, but not without a lot of + # careful consideration. + 'NO_PGO': True, +} +if CONFIG['OS_TARGET'] == 'WINNT': + if CONFIG['CPU_ARCH'] == 'x86': + # This should really be the default. + sandbox_vars['ASFLAGS'] = ['-safeseh'] + if CONFIG['MOZ_FOLD_LIBS_FLAGS']: + sandbox_vars['CFLAGS'] = CONFIG['MOZ_FOLD_LIBS_FLAGS'] +if CONFIG['OS_TARGET'] == 'Android': + sandbox_vars['CFLAGS'] = [ + '-include', TOPSRCDIR + '/security/manager/android_stub.h', + # Setting sandbox_vars['DEFINES'] is broken currently. + '-DCHECK_FORK_GETPID', + ] + if CONFIG['ANDROID_VERSION']: + sandbox_vars['CFLAGS'] += ['-DANDROID_VERSION=' + CONFIG['ANDROID_VERSION']] +if CONFIG['MOZ_SYSTEM_NSS']: + sandbox_vars['CXXFLAGS'] = CONFIG['NSS_CFLAGS'] +GYP_DIRS['nss'].sandbox_vars = sandbox_vars +GYP_DIRS['nss'].no_chromium = True +GYP_DIRS['nss'].no_unified = True +# This maps action names from gyp files to +# Python scripts that can be used in moz.build GENERATED_FILES. +GYP_DIRS['nss'].action_overrides = { + 'generate_certdata_c': 'generate_certdata.py', + 'generate_mapfile': 'generate_mapfile.py', +} if CONFIG['NSS_EXTRA_SYMBOLS_FILE']: DEFINES['NSS_EXTRA_SYMBOLS_FILE'] = CONFIG['NSS_EXTRA_SYMBOLS_FILE']