mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
791 263 коммитов 613 Ветки 98 Теги 5,8 GiB
Граф коммитов

12 Коммитов

Автор SHA1 Сообщение Дата
Dana Keeler 7cd23429ff Bug 1088140 - support RSA-PSS signatures on certificates in the certificate verifier r=jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D141780
 2022-03-24 21:34:21 +00:00
Dana Keeler 3f93068a72 Bug 1756061 - PSM changes corresponding to mozilla::pkix signature verification changes in bug 1755092 r=jschanck 
Bug 1755092 changed how mozilla::pkix verifies signatures. This patch makes the
corresponding changes in PSM.

Depends on D140597

Differential Revision: https://phabricator.services.mozilla.com/D139202
 2022-03-10 23:21:00 +00:00
Dana Keeler 3d9ab91ab0 Bug 1605273 - only run CRLite on certificates with a CT SCT available r=jcj 
Because CAs can back-date a certificate (i.e. set the "notBefore" field to
earlier than when a certificate actually existed), the "notBefore" field can't
be relied on when determining when CRLite information is recent enough to check
a certificate with. To that end, this patch instead uses the earliest timestamp
from the embedded SCTs in the certificate being checked.

Differential Revision: https://phabricator.services.mozilla.com/D90599
 2020-09-24 18:10:05 +00:00
Bogdan Tara db9c89dbca Backed out 2 changesets (bug 1666567, bug 1605273) for test_crlite_filters.js failures CLOSED TREE 
UPGRADE_NSS_RELEASE

Backed out changeset 9bc4c7e79cd6 (bug 1666567)
Backed out changeset 22753d184de6 (bug 1605273)
 2020-09-24 06:57:27 +03:00
Dana Keeler 500beadbba Bug 1605273 - only run CRLite on certificates with a CT SCT available r=jcj 
Because CAs can back-date a certificate (i.e. set the "notBefore" field to
earlier than when a certificate actually existed), the "notBefore" field can't
be relied on when determining when CRLite information is recent enough to check
a certificate with. To that end, this patch instead uses the earliest timestamp
from the embedded SCTs in the certificate being checked.

Differential Revision: https://phabricator.services.mozilla.com/D90599
 2020-09-23 22:24:39 +00:00
Dana Keeler 13ed5551e3 bug 1594510 - update all TrustDomain implementations in mozilla-central due to the mozilla::pkix API change in bug 1593141 r=mbirghan 
Bug 1593141 adds a parameter to mozilla::pkix::TrustDomain::CheckRevocation.
This patch updates all TrustDomain implementations in mozilla-central to
reflect this.

Differential Revision: https://phabricator.services.mozilla.com/D52066

--HG--
extra : moz-landing-system : lando
 2019-11-15 18:26:45 +00:00
Sylvestre Ledru 265e672179 Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 
# ignore-this-changeset

--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022
 2018-11-30 11:46:48 +01:00
Dana Keeler dfade002b8 Bug 1503348 - (1/3) remove obsolete SignedTreeHead definitions and tests r=jcj 
The original implementation of Certificate Transparency included a definition
for the first version of the Signed Tree Head data structure but it was never
actually used. Now that we're implementing Binary Transparency, we need to
implement support for Signed Tree Head V2. Because the focus and approach are
different, the first step is to remove the original implementation.

Differential Revision: https://phabricator.services.mozilla.com/D11810

--HG--
extra : moz-landing-system : lando
 2018-11-27 18:58:07 +00:00
Franziskus Kiefer a52a8495f9 Bug 1479787 - use NSS mozpkix in Firefox, r=mt,keeler,glandium 
Differential Revision: https://phabricator.services.mozilla.com/D2725
Differential Revision: https://phabricator.services.mozilla.com/D2860

--HG--
extra : rebase_source : 189c13c2a3104c106fcabad5998af6cb2e20d4a5
 2018-10-02 14:59:34 +02:00
Dana Keeler 0c4b612622 Bug 1493788 - remove other mozilla-specific dependencies from certificate transparency implementation r=jcj 
This patch removes the remaining mozilla-specific dependencies from the
certificate transparency implementation.

Depends on D6845

Differential Revision: https://phabricator.services.mozilla.com/D6846

--HG--
extra : moz-landing-system : lando
 2018-10-01 16:20:57 +00:00
Dana Keeler 1661adeb86 Bug 1493788 - convert mozilla::Vector to std::vector in certificate transparency implementation r=jcj 
In order to make our certificate transparency implementation standalone, we
have to remove mozilla-specific dependencies such as mozilla::Vector.

Depends on D6844

Differential Revision: https://phabricator.services.mozilla.com/D6845

--HG--
extra : moz-landing-system : lando
 2018-10-01 20:27:13 +00:00
Dana Keeler 24a8ad1851 Bug 1493788 - move certificate/binary transparency implementation to its own directory r=jcj 
Our current certificate transparency implementation (and the start of the binary
transparency implementation) can almost be used by itself as a standalone
library (for comparison, mozilla::pkix already has this property, as evidenced
by the "Library('mozillapkix')" line in security/pkix/moz.build and the
"'mozillapkix'" line in the USE_LIBS section of
security/manager/ssl/tests/unit/tlsserver/cmd/moz.build).

These changes make this code re-usable as a library so that we'll be able to use
it in the updater to verify binary/certificate transparency information.

This first patch simply moves the code to its own directory.

Differential Revision: https://phabricator.services.mozilla.com/D6844

--HG--
rename : security/certverifier/BTInclusionProof.h => security/ct/BTInclusionProof.h
rename : security/certverifier/BTVerifier.cpp => security/ct/BTVerifier.cpp
rename : security/certverifier/BTVerifier.h => security/ct/BTVerifier.h
rename : security/certverifier/Buffer.cpp => security/ct/Buffer.cpp
rename : security/certverifier/Buffer.h => security/ct/Buffer.h
rename : security/certverifier/CTDiversityPolicy.cpp => security/ct/CTDiversityPolicy.cpp
rename : security/certverifier/CTDiversityPolicy.h => security/ct/CTDiversityPolicy.h
rename : security/certverifier/CTKnownLogs.h => security/ct/CTKnownLogs.h
rename : security/certverifier/CTLog.h => security/ct/CTLog.h
rename : security/certverifier/CTLogVerifier.cpp => security/ct/CTLogVerifier.cpp
rename : security/certverifier/CTLogVerifier.h => security/ct/CTLogVerifier.h
rename : security/certverifier/CTObjectsExtractor.cpp => security/ct/CTObjectsExtractor.cpp
rename : security/certverifier/CTObjectsExtractor.h => security/ct/CTObjectsExtractor.h
rename : security/certverifier/CTPolicyEnforcer.cpp => security/ct/CTPolicyEnforcer.cpp
rename : security/certverifier/CTPolicyEnforcer.h => security/ct/CTPolicyEnforcer.h
rename : security/certverifier/CTSerialization.cpp => security/ct/CTSerialization.cpp
rename : security/certverifier/CTSerialization.h => security/ct/CTSerialization.h
rename : security/certverifier/CTUtils.h => security/ct/CTUtils.h
rename : security/certverifier/CTVerifyResult.cpp => security/ct/CTVerifyResult.cpp
rename : security/certverifier/CTVerifyResult.h => security/ct/CTVerifyResult.h
rename : security/certverifier/MultiLogCTVerifier.cpp => security/ct/MultiLogCTVerifier.cpp
rename : security/certverifier/MultiLogCTVerifier.h => security/ct/MultiLogCTVerifier.h
rename : security/certverifier/SignedCertificateTimestamp.cpp => security/ct/SignedCertificateTimestamp.cpp
rename : security/certverifier/SignedCertificateTimestamp.h => security/ct/SignedCertificateTimestamp.h
rename : security/certverifier/SignedTreeHead.h => security/ct/SignedTreeHead.h
rename : security/certverifier/moz.build => security/ct/moz.build
rename : security/certverifier/tests/gtest/BTSerializationTest.cpp => security/ct/tests/gtest/BTSerializationTest.cpp
rename : security/certverifier/tests/gtest/CTDiversityPolicyTest.cpp => security/ct/tests/gtest/CTDiversityPolicyTest.cpp
rename : security/certverifier/tests/gtest/CTLogVerifierTest.cpp => security/ct/tests/gtest/CTLogVerifierTest.cpp
rename : security/certverifier/tests/gtest/CTObjectsExtractorTest.cpp => security/ct/tests/gtest/CTObjectsExtractorTest.cpp
rename : security/certverifier/tests/gtest/CTPolicyEnforcerTest.cpp => security/ct/tests/gtest/CTPolicyEnforcerTest.cpp
rename : security/certverifier/tests/gtest/CTSerializationTest.cpp => security/ct/tests/gtest/CTSerializationTest.cpp
rename : security/certverifier/tests/gtest/CTTestUtils.cpp => security/ct/tests/gtest/CTTestUtils.cpp
rename : security/certverifier/tests/gtest/CTTestUtils.h => security/ct/tests/gtest/CTTestUtils.h
rename : security/certverifier/tests/gtest/MultiLogCTVerifierTest.cpp => security/ct/tests/gtest/MultiLogCTVerifierTest.cpp
rename : security/certverifier/tests/gtest/moz.build => security/ct/tests/gtest/moz.build
extra : moz-landing-system : lando
 2018-10-01 16:20:41 +00:00