gecko-dev

Граф коммитов

Автор	SHA1	Сообщение	Дата
David Keeler	3c315d18c3	bug 1102436 - remove PublicKeyPinningService::CheckChainAgainstAllNames r=Cykesiopka	2015-05-07 11:06:07 -07:00
Eric Rahm	4eceb82c1f	Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj PR_LOGGING is now always defined, we can remove #ifdefs checking for it.	2015-05-08 14:36:33 -07:00
Mark Goodwin	f82bee04e1	Bug 1128607 - Add freshness check for OneCRL (r=keeler)	2015-05-07 18:54:05 +01:00
Richard Barnes	ee333796b2	Bug 1121982 - Update PSM to use NSS name constraints	2015-04-23 20:26:29 -04:00
David Keeler	5ff51a7744	bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes	2015-04-07 17:29:05 -07:00
Jan Beich	5ab8ccdeac	Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith	2015-04-14 14:30:09 +02:00
Brian Smith	b1035c0992	Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler --HG-- extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745	2015-04-12 19:57:48 -10:00
Mark Goodwin	1b0d6fb879	Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused)	2015-03-31 15:10:09 -07:00
Cykesiopka	171babfad4	Bug 1139177 - RSA public key size checking cleanups. r=keeler	2015-03-05 16:41:00 +01:00
Mark Goodwin	3133a37202	Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler --HG-- extra : rebase_source : ce8cff0735865c00f33102b82c31af35145bda2c	2015-02-26 04:38:00 +01:00
David Keeler	d01ea02613	bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith	2015-02-24 15:48:05 -08:00
Brian Smith	06b7804e70	Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler --HG-- extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f	2015-02-14 16:59:02 -08:00
Brian Smith	a89b90ea7f	Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler --HG-- extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6 extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d	2015-02-07 12:14:31 -08:00
Brian Smith	b0f87b9b6c	Bug 1122841, Part 2: Centralize checking of public key, r=keeler --HG-- extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b extra : source : d470b5a68bf915cfb12f0e948e1492463092883c	2015-02-02 16:17:08 -08:00
TheKK	3cda0706de	Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz	2015-01-23 06:17:00 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)	ea0e5ac119	Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused	2015-01-07 06:08:00 +01:00
Brian Smith	f118650ad8	Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj --HG-- extra : rebase_source : b11b172fac76c7845d2a97cabf1bad9e04a50367	2014-12-23 14:51:52 -08:00
Brian Smith	99245555c6	Bug 1107666, Part 2: Further fix for SSL_OCSP_STAPLING telemetry, r=keeler --HG-- extra : rebase_source : b2dbbd4eaa8aea019b40eddfc19fb8af20ef3a4c	2014-12-20 07:03:57 -08:00
Brian Smith	0cd5238974	Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler --HG-- extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4	2014-12-11 23:22:35 -08:00
David Keeler	d9a62a4cc2	bug 1020237 - follow-up to fix build bustage r=bustage on a CLOSED TREE	2014-12-05 10:12:58 -08:00
David Keeler	d97c7ea664	bug 1020237 - prefer root certificates to non-root certificates in NSSCertDBTrustDomain::FindIssuer r=briansmith	2014-12-04 13:37:01 -08:00
Carsten "Tomcat" Book	64b43466f7	Backed out changeset b38a8e2203a1 (bug 1024809) for Android 4 perma failures	2014-11-28 12:23:19 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)	4fc60a106f	Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. (r=keeler,Unfocused)	2014-11-27 23:36:00 +01:00
Carsten "Tomcat" Book	4155be994b	Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage	2014-11-27 16:30:41 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)	ce5a887c60	Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused	2014-11-27 04:12:00 +01:00
David Keeler	3cd3e496aa	bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith validThrough should now be the time through which, if passed in as the given time to validate an OCSP response at, VerifyEncodedOCSPResponse will still consider it trustworthy. After that time, it will be expired. This makes it so the OCSP cache compares validity period responses consistently with mozilla::pkix.	2014-11-21 10:43:43 -08:00
Cykesiopka	1c4af4e6a1	Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith	2014-10-18 15:18:00 +02:00
Carsten "Tomcat" Book	e5ad1e7db2	Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests	2014-10-17 13:14:29 +02:00
Cykesiopka	01941f880c	Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith	2014-10-16 05:13:00 +02:00
David Keeler	fd860abf57	bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco	2014-09-25 11:18:56 -07:00
Ehsan Akhgari	7257b2f870	Bug 579517 follow-up: Remove NSPR types that crept in	2014-08-08 08:39:07 -04:00
Brian Smith	0ccaf0860c	Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler --HG-- extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2	2014-08-02 08:49:12 -07:00
Brian Smith	de725ae5ef	Bug 1047792: Rely on mozilla::pkix to filter out expired certs instead of CERT_CreateSubjectCertList, r=keeler --HG-- extra : rebase_source : 5182147037b69f0ac3c3cd060d6e2af71bfde2e7	2014-08-01 23:16:21 -07:00
Brian Smith	d77dac0580	Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler --HG-- extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478	2014-07-31 12:17:31 -07:00
Brian Smith	ffe743ee06	Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler --HG-- extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c	2014-07-18 22:30:51 -07:00
Brian Smith	5f56fc60d6	Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco --HG-- extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4	2014-07-20 11:06:26 -07:00
Brian Smith	c45dc156d1	Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler --HG-- extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532	2014-07-18 11:48:49 -07:00
David Keeler	67d0a99f3a	bug 1040889 - don't re-cache OCSP server failures if no fetch was attempted r=briansmith r=cviecco --HG-- extra : rebase_source : e00c84e62ecca3e97794d3ceafcd1f5f618045d1	2014-07-25 16:59:22 -07:00
Cykesiopka	0289b45f0c	Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith	2014-07-15 19:49:00 -04:00
Brian Smith	17375cc8b3	Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler --HG-- extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8 extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d	2014-07-06 19:36:05 -07:00
Brian Smith	c162caba82	Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler --HG-- extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb	2014-07-10 19:00:32 -07:00
Brian Smith	b14f27897b	Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco --HG-- extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc	2014-07-10 22:38:59 -07:00
Brian Smith	3f110246be	Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler --HG-- extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605	2014-07-06 15:55:38 -07:00
Brian Smith	783ead1861	Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc --HG-- extra : rebase_source : 68e6da2f1e1c7fa678ef4cc81d23cc6298709108 extra : histedit_source : feba4c589dbf004ee50e2dea1fca0809f8f97674	2014-07-03 21:49:56 -07:00
Brian Smith	f5ec8594e7	Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler --HG-- extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e	2014-07-02 16:15:16 -07:00
Brian Smith	89e560be23	Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler --HG-- extra : rebase_source : e093922497d005734c590a59f175993a7715bce8	2014-07-03 16:59:42 -07:00
Brian Smith	2d9e74e8ee	Bug 975229: Remove NSS-based certificate verification, r=keeler --HG-- extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9	2014-06-16 23:13:29 -07:00
Brian Smith	ca4f473450	Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler --HG-- extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418	2014-06-20 10:10:51 -07:00
David Keeler	c13f6d39c7	bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith	2014-06-20 09:01:57 -07:00
Brian Smith	67bd0799fb	Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler --HG-- extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8	2014-06-05 15:18:32 -07:00

1 2

74 Коммитов