https://bugzilla.mozilla.org/show_bug.cgi?id=1901295 introduced optional
HTTP3/QUIC UDP IO via quinn-udp instead of NSPR, see
`network.http.http3.use_nspr_for_io` pref. NSPR uses `recvfrom` syscall,
`quinn-udp` uses `recvmmsg` syscall.
With `network.http.network_access_on_socket_process.enabled` `true` and
`network.http.http3.use_nspr_for_io` `false` Firefox panics due to seccomp
disallowing a `recvmmsg` syscall.
This commit allows `recvmmsg` in the `SocketProcessSandboxPolicy`
`EvaluateSocketCall` function.
Differential Revision: https://phabricator.services.mozilla.com/D219110
This migrates SSL_SUCCESFUL_CERT_VALIDATION_TIME_MOZILLAPKIX,
SSL_INITIAL_FAILED_CERT_VALIDATION_TIME_MOZILLAPKIX, and
CERT_VALIDATION_HTTP_REQUEST_{CANCELED,SUCCEEDED,FAILED}_TIME to glean timing
distributions.
The certificate validation time metrics have had their precision increased from
milliseconds to microseconds.
Differential Revision: https://phabricator.services.mozilla.com/D219535
In bug 1874054, we made it so Firefox won't import a third party certificate if
it is already a known built-in root. This was to prevent roots that were
mistakenly identified as intermediates (as in, "inherits trust") from
overriding the trust settings of built-in roots and preventing chains being
built to those roots. Additionally, we were concerned about cases where a
built-in root had been set by the user to be distrusted, in which case
importing that root from the OS would unexpectedly make it trusted again.
Revisiting the first issue, this patch restricts this check to only
certificates identified as non-trust-anchors, so roots will still be imported.
As for the second issue, it turns out that we actually do want this feature to
work this way. This will enable (with some additional work) situations where a
built-in root has a distrust after date but the user wants that root to still
work as before. As for any discrepancies between the user's trust settings in
Firefox vs. their operating system, that's up to them to resolve.
Differential Revision: https://phabricator.services.mozilla.com/D218889
This updates the certificate transparency policy based on Chrome's policy,
found at https://googlechrome.github.io/CertificateTransparency/ct_policy.html.
Both it and the Chrome policy are similar to the Apple policy, found at
https://support.apple.com/en-us/103214.
Essentially, the policy can be satisfied in two ways, depending on the source
of the collected SCTs.
For embedded SCTs, at least one must be from a log that was Admissible
(Qualified, Usable, or ReadOnly) at the time of the check. There must be SCTs
from N distinct logs that were Admissible or Retired at the time of the check,
where N depends on the lifetime of the certificate. If the certificate lifetime
is less than or equal to 180 days, N is 2. Otherwise, N is 3. Among these SCTs,
at least two must be issued from distinct log operators.
For SCTs delivered via the TLS handshake or an OCSP response, at least two must
be from a log that was Admissible at the time of the check. Among these SCTs,
at least two must be issued from distinct log operators.
Differential Revision: https://phabricator.services.mozilla.com/D218800
After updating the Widevine plugin to 4.10.2830.0, we would crash on
startup of the plugin because it attempted to use the stat syscall.
Allow uses of stat for files that we have already opened / allowed
access to in the GMP sandbox.
Differential Revision: https://phabricator.services.mozilla.com/D218855
After updating the Widevine plugin to 4.10.2830.0, we would crash on
startup of the plugin because it attempted to use the stat syscall.
Allow uses of stat for files that we have already opened / allowed
access to in the GMP sandbox.
Differential Revision: https://phabricator.services.mozilla.com/D218855
The PSM client certificate PKCS#11 modules can take some time to return from
function calls like C_FindObjects* (because they involve synchronous dispatch
to another thread or process). When determining the trust for a certificate,
NSS will query all modules. Querying the PSM modules for trust is just a waste
of time, so this patch makes them return early if NSS is looking for attributes
that are irrelevant to their functionality.
Differential Revision: https://phabricator.services.mozilla.com/D218582
The PSM client certificate PKCS#11 modules can take some time to return from
function calls like C_FindObjects* (because they involve synchronous dispatch
to another thread or process). When determining the trust for a certificate,
NSS will query all modules. Querying the PSM modules for trust is just a waste
of time, so this patch makes them return early if NSS is looking for attributes
that are irrelevant to their functionality.
Differential Revision: https://phabricator.services.mozilla.com/D218582
This patch uses the log state information in the known CT log list to
differentiate qualified, usable, and readonly (collectively now referred to as
"admissible") logs from retired logs. This patch also takes the opportunity to
update the language in the implementation from "disqualified" to "retired" to
match the current terminology from the source data.
Differential Revision: https://phabricator.services.mozilla.com/D218266
This patch uses the log state information in the known CT log list to
differentiate qualified, usable, and readonly (collectively now referred to as
"admissible") logs from retired logs. This patch also takes the opportunity to
update the language in the implementation from "disqualified" to "retired" to
match the current terminology from the source data.
Differential Revision: https://phabricator.services.mozilla.com/D218266
This patch uses the log state information in the known CT log list to
differentiate qualified, usable, and readonly (collectively now referred to as
"admissible") logs from retired logs. This patch also takes the opportunity to
update the language in the implementation from "disqualified" to "retired" to
match the current terminology from the source data.
Differential Revision: https://phabricator.services.mozilla.com/D218266