mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
500 532 коммитов 615 Ветки 98 Теги 5,7 GiB
Граф коммитов

208 Коммитов

Автор SHA1 Сообщение Дата
David Cook 7d4c71cc9c Bug 1115718 - Check for empty issuer name in mozilla::pkix; r=keeler 
MozReview-Commit-ID: 6Ymgo7dQE7b

--HG--
extra : rebase_source : 54ee27fd46c2139125a40deabb11a6aca04c84bc
 2016-07-28 20:36:18 -05:00
Sergei Chernov 21be681857 Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka 
MozReview-Commit-ID: IgcnyBH4Up

--HG--
extra : transplant_source : %98%A3%5E%B4%DA%89qI1%01A%F8%FF%C7%1FS%D4%23v%B3
 2016-07-05 08:35:06 +03:00
Sergei Chernov edb1f658f6 Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler 
MozReview-Commit-ID: HZwzSgxarTw

--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
 2016-06-15 11:11:00 +03:00
Julian Seward 8562142079 Bug 1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 SHA1_End. r=dkeeler. 
--HG--
extra : rebase_source : d8e517c891212c0b7794e7db433f6ed626c4cac5
 2016-05-30 15:25:52 +02:00
David Keeler c17f3a2733 bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj 
MozReview-Commit-ID: 88JhIU1pUji

--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
 2016-05-05 16:11:11 -07:00
Cykesiopka 33825b4eb1 Bug 1257031 - Return more informative error code when encountering invalid integers rather than SEC_ERROR_BAD_DER. r=keeler 
Also adds some missing l10n entries to nsserrors.properties (but not for errors
that are specific to TLS 1.3, since TLS 1.3 is not yet finalised).

MozReview-Commit-ID: A42fmTDTe8W

--HG--
extra : transplant_source : x%F7s%DB%05%B4%81%9Dm%FDC%A1f%B3%0D%7DR%C1%BA%B1
 2016-04-21 16:41:22 -07:00
David Keeler 6e4140d766 bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin 
MozReview-Commit-ID: 7xT6JGpOH1g

--HG--
extra : rebase_source : 0def29e8be898a2d975ee4390b3bc6a193766b1b
 2016-02-09 10:14:27 -08:00
Brian Smith 30373af60a Bug 1189020 - Replace |// unnamed namespace| with |// namespace| in mozilla::pkix. r=Cykesiopka 
This is what Google suggests in its style guide, and somebody
already changed one of these comments to the new style.

--HG--
extra : rebase_source : fe3f7fc17a2fc09ad0ba01fa1511dc8dba7653e1
 2016-03-16 07:10:00 +01:00
Mark Goodwin 31adb1a5c5 Bug 901698 - Implement OCSP-must-staple; r=keeler 2015-11-13 16:49:08 +00:00
Richard Barnes 990593f9cf Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler 2015-09-11 14:52:30 -04:00
Jacek Caban b15946229a Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith 2015-09-09 14:16:59 +02:00
Ryan VanderMeulen c7fdbe4d0f Backed out changeset 982be1bbebdf (bug 1199624) for Windows bustage. 2015-08-30 17:09:09 -04:00
Jacek Caban c8309c6328 Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith 2015-08-29 07:59:00 -04:00
Mark Goodwin 91782dab68 Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler) 2015-07-09 07:22:29 +01:00
Cykesiopka 0a9aea4ab2 Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler 
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
 2015-06-29 22:19:00 +02:00
Tim Taubert ab7196486a Bug 1060112 - Don't treat OCSP responses omitting the requested certificate status as "unknown certificate" responses blocking the connection r=keeler 2015-05-21 13:39:34 -04:00
David Keeler 4e7fc3055e bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes 2015-04-06 16:10:28 -07:00
David Keeler e69f0f4b4b bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith 2015-04-08 16:17:39 -07:00
Brian Smith 95bd8011e6 Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler 
--HG--
extra : rebase_source : caf903d29b0adc22fcc7e87e4fa0019cfa48007e
 2015-04-14 05:33:03 -10:00
Brian Smith f124561818 Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler 
We used to avoid using Nested and NestedOf because they were based on
bind and it was difficult to maintain our std::bind polyfill. Now that
we use lambdas, it is easy to use Nested and NestedOf, so we should do
so wherever it makes the code clearer.

--HG--
extra : rebase_source : 1157d16320b3b211e3ce612b75782e8bd9c55f30
 2015-04-14 05:32:46 -10:00
Brian Smith d09798e9f5 Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler 
Also fixes the wrong comment. The syntax for version in OCSP and X.509
certs is identical.

--HG--
extra : rebase_source : 744a2998ce8c55a61fbbc1966bc22e4903fa2484
 2015-04-14 05:32:29 -10:00
Brian Smith 0cac719ba9 Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler 
--HG--
extra : rebase_source : 899eaed19b13edc9c257f0ab212d447bb54e607d
 2015-04-14 05:06:41 -10:00
Brian Smith 566d65be48 Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler 
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.

--HG--
rename : security/pkix/include/pkix/ScopedPtr.h => security/pkix/lib/ScopedPtr.h
extra : rebase_source : 206bfb32aa5a04a4719f28b4aca59fe2f0abbec3
 2015-04-13 00:28:11 -10:00
David Keeler 2cf7194567 bug 1143085 - allow subject alternative name extensions to be empty for compatibility r=briansmith a=kwierso 
--HG--
extra : amend_source : 89b8233b57049a3d2886aa08cd85c57e6faa693e
 2015-03-16 14:00:33 -07:00
David Keeler cc58dd5d1a Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching. r=briansmith 2015-03-03 13:34:45 -08:00
Brian Smith 06b7804e70 Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler 
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
 2015-02-14 16:59:02 -08:00
Brian Smith 27cb600f2f Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler 
--HG--
extra : rebase_source : d0c599f7fc29b5fbcb7d8cd97980a3f39d39f515
 2015-02-14 15:59:38 -08:00
Brian Smith bdb4294871 Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler 
--HG--
extra : rebase_source : 9a2ca8cb370169f675557987a6b1cc0dedb24ff6
 2015-02-22 16:59:03 -08:00
Brian Smith bbf8006735 Bug 1130754 - Make PublicKeyAlgorithm an enum class. r=keeler 
--HG--
extra : histedit_source : 14d321bc2cbdf749fd05994571ca439ee62ab973
 2015-02-14 13:25:09 -08:00
Cykesiopka 47f24e15e4 Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler 2015-02-18 15:56:00 -05:00
Brian Smith a89b90ea7f Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler 
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
 2015-02-07 12:14:31 -08:00
Brian Smith b0f87b9b6c Bug 1122841, Part 2: Centralize checking of public key, r=keeler 
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
 2015-02-02 16:17:08 -08:00
Brian Smith dbc534e182 Bug 1122841, Part 1: Add PositiveInteger parser, r=keeler 
--HG--
extra : rebase_source : 50d79951398e44bf2718c0f071962aa00660fec2
 2015-02-06 18:21:20 -08:00
Brian Smith 3920fcd650 Bug 1128413, Part 3: Enable more compiler warnings, r=mmc 
--HG--
extra : rebase_source : 2d17605e6b9296b74493526e052b771be18d4260
 2015-02-07 14:38:40 -08:00
Brian Smith 6254cc408e Bug 1128413, Part 2: Don't use double underscores any more 
--HG--
extra : rebase_source : 5f550089aea320231ca2398126fc7f03e5dffc37
 2015-01-31 19:51:46 -08:00
Brian Smith a4ceeff7d4 Bug 1128413, Part 1: Fix switch-related warnings, r=mmc 
--HG--
extra : rebase_source : 3d70c2a4ae8f9705a8a2c56c2f49e50fe4711ea9
 2015-02-02 14:21:27 -08:00
Cykesiopka eb24c24fb9 Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler 
--HG--
extra : rebase_source : de63f37cdef477d96c1aef8253feca7013ba3bfd
 2015-02-06 11:18:20 -08:00
David Keeler 1cd331c2e4 bug 1125261 - mozilla::pkix: handle comparing single, relative labels with wildcards r=briansmith 
e.g. handle comparing "localhost" with "*.example.com"
 2015-01-23 15:56:53 -08:00
Cykesiopka 590cc7dc4a Bug 1077790 - Make mozilla::pkix::CheckPublicKeySize() accept specific elliptic curves only. r=briansmith 
--HG--
extra : rebase_source : 2eab41b647a78ef3a5ea9cf9710704e35c65803a
 2015-01-21 17:20:16 -08:00
Brian Smith 2968c94831 Bug 1114703: Remove mozilla::pkix's polyfill for std::bind, r=mmc 
--HG--
extra : rebase_source : 11457f210c7f7534db2e6ebe1a8328985ff6d8b0
 2015-01-21 04:00:40 -08:00
Brian Smith 29d3c0ed37 Bug 1122835, Part 2: Simplify BitStringWithNoUnusedBits, r=keeler 
--HG--
extra : rebase_source : 2beb4ceb866299454c3e9f5b93ac83a18c8fd1c2
 2014-12-27 22:39:47 -08:00
Brian Smith f6753ef626 Bug 1122835: Add missing return value checks for Input::SkipToEnd, r=keeler 
--HG--
extra : rebase_source : 9b445e3d73d643364355f18307cf13447a5726e8
 2014-12-27 23:12:46 -08:00
Brian Smith cc811435fd Bug 1115906, Part 3: Make formatting of struct/class/enum class more consistent, r=keeler 
--HG--
extra : rebase_source : 0ba4b630b93775ff68abc583238ba2525b8d56f5
 2015-01-13 16:53:34 -08:00
Brian Smith e538f2d921 Bug 1115906, Part 2: Annotate classes and member functions with override and final, r=keeler 
--HG--
extra : rebase_source : 79bb236bef83ed3e884d73e029ac29a5aa999840
extra : source : d14d86bcebd38be80d00a263c3145eb0dbcc53cd
 2015-01-13 16:54:10 -08:00
Brian Smith 825d71887a Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler 
--HG--
rename : security/pkix/include/pkix/nullptr.h => security/pkix/include/pkix/stdkeywords.h
extra : rebase_source : 9cacd9729ac4cfb1e4bf920c8afdffb831b60d36
extra : source : f673d05dfc9a6d830e5e3c01976b41588cc70ead
 2015-01-07 14:53:11 -08:00
Masatoshi Kimura 1c35db3bcc Bug 1120664 - Rename mozilla::pkix::Result::ERROR_INVALID_TIME to avoid collision with a macro defined in windows.h. r=bsmith 2015-01-15 07:24:18 +09:00
Brian Smith 89a83cfb14 Bug 1118122: Reland Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj 
--HG--
extra : rebase_source : 9fae7948648e355f2ac15275a343ac0806f82f3b
 2015-01-12 23:12:01 -08:00
Brian Smith c1795f4024 Bug 1118599 - Remove now-unneeded MOZILLA_PKIX_ENUM_CLASS workaround for GCC enum class bugs. r=mmc 2015-01-06 18:28:09 -08:00
Brian Smith 566e222bca Bug 1117003 - Backout cset ca3c73188295 (Bug 1115903, Part 2), r=ehsan 2015-01-02 12:26:14 -08:00
Brian Smith ff754b5ae0 Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj 
--HG--
extra : rebase_source : 6c8575de36355521baf69bba89eba530cd4e8b09
 2014-12-26 23:49:47 -08:00