4354953b4f
Bug 1118486 - Part 1: Use `= delete` instead of MOZ_DELETE directly; r=Waldo
...
Most of this patch (with the exception of dom/bindings/Codegen.py) was
generated by the following bash script:
#!/bin/bash
function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
! -wholename "*security/nss*" \
! -wholename "*/.hg*" \
! -wholename "*/.git*" \
! -wholename "obj-*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_DELETE '= delete'
2015-01-08 23:19:05 -05:00
e7d2f9cd12
bug 1101194 - follow-up to fix bustage in TestCertDB r=bustage on a CLOSED TREE
...
Turns out there was a code path that resulted in attempting to acquire a lock
on the DataStorage mutex when one had already been acquired, resulting in
deadlock. This fixes it.
2015-01-08 10:56:07 -08:00
d11cf2ca74
bug 1101194 - add telemetry for DataStorage table size r=mgoodwin
2015-01-07 13:23:07 -08:00
d98fab56db
Bug 989485 - Split test_cert_eku.js into multiple files to avoid time outs. r=keeler
2015-01-08 01:15:00 -05:00
411a94b05a
Bug 1118024 - Use new PL_DHashTable{Add,Lookup,Remove} functions. r=nfroyd
2015-01-05 20:27:28 -06:00
b29b970426
bug 1114741 - have nsRandomGenerator guard against NSS shutdown r=jcj
...
nsRandomGenerator uses NSS resources but does not prevent against NSS shutting
down while doing so. To fix this, nsRandomGenerator must implement
nsNSSShutDownObject.
2015-01-05 16:11:26 -08:00
665cc5846c
Bug 1116559 - Remove the code to handle shutdown-cleanse from the cert override service code; r=keeler
...
shutdown-cleanse has not been a thing for quite a while.
2015-01-05 21:01:27 -05:00
1b02f46484
Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
...
NTLMv2 is the default.
This adds a new preference:
network.ntlm.force-generic-ntlm-v1
This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.
To support this, we also:
- Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"
- Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"
- Remove LM code from internal NTLM handler
The LM response should essentially never be sent, the last practical
use case was CIFS connections to Windows 9X, I have never seen a web
server that could only do LM
It is removed before the NTLMv2 work is done so as to avoid having 3
possible states here (LM, NTLM, NTLMv2) to control via preferences.
Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-22 15:55:00 -05:00
9f997b2894
Merge m-i to m-c, a=merge
2015-01-03 20:02:33 -08:00
cb0e685792
No bug, Automated HPKP preload list update from host bld-linux64-spot-100 - a=hpkp-update
2015-01-03 03:20:27 -08:00
c84a6316bf
No bug, Automated HSTS preload list update from host bld-linux64-spot-100 - a=hsts-update
2015-01-03 03:20:25 -08:00
848f74a40d
Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler
2014-12-22 20:26:49 +11:00
580310c5b8
Bug 1115076 - Wait for about:privatebrowsing to load in test_sts_privatebrowsing_perwindowpb.html; r=jdm
2014-12-31 09:32:03 -05:00
5f97b938f2
Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith
2015-01-02 09:02:04 -05:00
5f30b892c8
No bug, Automated HPKP preload list update from host b-linux64-ix-0002 - a=hpkp-update
2014-12-27 03:21:29 -08:00
3739aa349f
No bug, Automated HSTS preload list update from host b-linux64-ix-0002 - a=hsts-update
2014-12-27 03:21:25 -08:00
057c4c5a8e
Bug 1110835 - Simplify some code nsSecureBrowserUIImpl around UpdateSecurityState. r=keeler
2014-12-25 21:31:11 +01:00
a325bfdb20
Bug 1114295 - Remove the dead pref for TLS_DHE_DSS_WITH_AES_128_CBC_SHA. r=keeler
2014-12-24 22:21:12 +09:00
b45a1a0c90
Bug 764496 - Make EV detection work in content processes. r=keeler,kanru
2014-12-24 14:04:24 +01:00
c3edf3a511
Backed out changeset 8fd0df8e208c (bug 423758) for bustage
2014-12-22 09:05:34 +01:00
d741102951
Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
...
NTLMv2 is the default.
This adds a new preference:
network.ntlm.force-generic-ntlm-v1
This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.
To support this, we also:
- Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"
- Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"
- Remove LM code from internal NTLM handler
The LM response should essentially never be sent, the last practical
use case was CIFS connections to Windows 9X, I have never seen a web
server that could only do LM
It is removed before the NTLMv2 work is done so as to avoid having 3
possible states here (LM, NTLM, NTLMv2) to control via preferences.
Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-18 17:25:00 +01:00
79b6885780
Merge m-c to m-i
...
--HG--
extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e
2014-12-20 12:19:27 -08:00
6d9b691066
No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update
2014-12-20 03:20:57 -08:00
02fdacaf29
No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update
2014-12-20 03:20:56 -08:00
301128304a
Bug 1103816 - Add support for gonk-L to android_stub.h, r=glandium
2014-12-16 21:35:09 -05:00
83b87ab7f1
Bug 1113313 - Rename these functions to better reflect what they do. r=billm
...
--HG--
extra : rebase_source : ae61b3dd6dd5ce50a131a640060d7be57e562e4d
2014-12-19 12:07:04 -05:00
932b9471a2
Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler
...
--HG--
extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea
2014-12-15 20:49:42 -08:00
510bbfd05d
Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab
2014-12-04 20:55:15 -08:00
beff7d1c02
Bug 1111397, Part 2: Remove test_bug484111.html, r=keeler
...
--HG--
extra : rebase_source : 56617ea82e9028295203173d1ea5e6ccfdbf9722
2014-12-14 21:51:26 -08:00
123a9716ca
Bug 952863, Part 2: Remove dead code for non-ECDHE TLS False Start, r=keeler
...
--HG--
extra : rebase_source : 47ee95682f769b8e10aaf55b0f4fccfef1fcdea0
2014-12-10 10:13:18 -08:00
0c4895658a
Bug 1112608 - use GENERATED_INCLUDES in security/manager/{boot,pki}/src/; r=mshal
...
The sole use of Makefile.in in the security/manager/{boot,pki}/src/
directories is so we can add $(DIST)/public/nss to INCLUDES.
GENERATED_INCLUDES can be used to handle this case instead, at the cost
of hardcoding the path to $(DIST). This seems reasonable enough, since
a number of moz.build files already know about dist/ and its location
within the objdir.
2014-12-17 11:02:19 -05:00
9725dd6a70
Bug 952863, Part 1: Require ECDHE for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : d983e440de5be7c097a3e0f4afe0de805c540919
2014-12-12 11:39:01 -08:00
ab4b12e208
Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus
2014-12-13 20:09:01 +09:00
7a433f6905
Bug 1084025, Part 3: Clean up some bits, r=keeler, r=emk
...
--HG--
extra : rebase_source : 7aa1de4e9c391bf3e3cd5df79c62fff4546a8c67
2014-12-12 16:42:41 -08:00
0cd5238974
Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler
...
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
2014-12-11 23:22:35 -08:00
63de38c180
Bug 1101969: Disable pinning on media.mozilla.com (r=keeler)
2014-12-12 09:10:57 -08:00
04d69a9f5b
Bug 1004781: Enable pinning for facebook in production mode (r=keeler)
2014-12-12 09:10:53 -08:00
7f05080219
Bug 940787: Stop requiring ALPN/NPN for False Start, r=keeler
...
--HG--
extra : rebase_source : f8946e1fc631f2458807a559104a1dca01f444ac
2014-12-10 10:50:48 -08:00
cc0b0eeed3
Bug 1109766: Require AES-GCM for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : 8370c628863e644131ed1fbe6b8e49b5dc1215dc
2014-12-10 10:19:00 -08:00
9c1c9d03e6
Bug 861310: Require TLS 1.2 for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : d4bb253a84270c84acdf7ed4f84bc0186231e521
2014-12-10 10:04:45 -08:00
9cae71d8a9
Bug 1109252 - Make remaining PSM test cert generation scripts print out cert information as necessary. r=keeler
2014-12-10 21:32:00 +01:00
7e1828ba3d
Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler
2014-12-09 12:07:00 -05:00
6df9a55b46
Bug 978426 - Re-enable test_sts_preloadlist_perwindowpb.js on B2G. r=dkeeler
2014-12-09 11:37:00 +01:00
81f8d7a489
Bug 1107787: Disable TLS_DHE_DSS_WITH_AES_128_CBC_SHA, r=keeler
...
--HG--
extra : rebase_source : 063d859c69adc8deba9d1842f4bd42a9b862bbe5
2014-12-04 19:50:58 -08:00
5bd7eba3e4
Bug 1037098: Remove preferences for cipher suites disabled in bug 1036765, r=keeler
...
--HG--
extra : rebase_source : b033bea062c8cafecd93830fa54f4cf184fa28df
2014-12-04 19:47:17 -08:00
1bdab6fe7b
Backed out changesets fb903f13f215, 9c5c712698e4, and 36d257ead3da (bug 1092835) for causing test_csp_allow_https_schemes.html permafail on Android 2.3.
...
CLOSED TREE
2014-12-09 14:00:47 -05:00
487b1516b0
Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus
2014-12-10 00:54:06 +09:00
5167dadd93
Bug 1093724 - Add a range check to the TLS version prefs loading code. r=keeler
2014-12-09 21:48:29 +09:00
b95c85162f
Bug 1084025 - Add telemetry to measure failures due to not falling back. r=keeler
2014-12-09 07:19:05 +09:00
cf57e57455
merge mozilla-inbound to mozilla-central a=merge
2014-12-08 12:48:58 +01:00
Ehsan Akhgari
David Keeler
Cykesiopka
Michael Pruett
Andrew Bartlett
Phil Ringnalda
ffxbld
David Erceg
Tom Schuster
Masatoshi Kimura
Carsten "Tomcat" Book
Michael Wu
Blake Kaplan
Brian Smith
Nathan Froyd
Monica Chew
Ryan VanderMeulen