mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
399 038 коммитов 615 Ветки 98 Теги 5,7 GiB
Граф коммитов

153 Коммитов

Автор SHA1 Сообщение Дата
Brian Smith dcacbfd4ce Bug 1073867, Part 3: Reject DSS end-entity certificates, r=mmc 
--HG--
extra : rebase_source : 76546b57aade1a15b394a2e53d8c12d62906dcac
 2014-12-24 00:51:52 -08:00
Brian Smith 899807654a Bug 1114701: Replace function pointers with function references, r=keeler 
--HG--
extra : rebase_source : 350e7f8170f6b1176e46b829026e9ee27b3303e5
 2014-12-23 12:43:25 -08:00
Brian Smith 510bbfd05d Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab
 2014-12-04 20:55:15 -08:00
Brian Smith 1543a46c03 Bug 1111399, Part 2: Implement RFC822 (email) name constraints, r=keeler 
--HG--
extra : rebase_source : 5905e247eee4d3562d741e6e9656dc4c40d821e4
 2014-12-20 08:15:35 -08:00
Brian Smith c61befa56f Bug 1111399, Part 1: Preconditions for RFC822 name constraints, r=keeler 
--HG--
extra : rebase_source : cd20b448a6c77ba27c86cb3d8e6c121f92a2ba93
 2014-12-20 07:35:44 -08:00
Brian Smith e0efc82826 Bug 1111398: Rename ValidDNSIDMatchType to IDRole, r=keeler 
--HG--
extra : rebase_source : a07e58b82a61db595711c0ab887bec70d4145888
 2014-12-13 22:29:58 -08:00
Brian Smith 87719d0a59 Bug 1111397: Refactor error handling for name matching, r=keeler 
--HG--
extra : rebase_source : 7b1061874d7b6e02a158085c3a6580a7fc718bbe
 2014-12-13 17:05:46 -08:00
David Keeler c3ba2c1217 bug 1108408 - GeneralName types such as otherName where the value is a SEQUENCE should have the CONSTRUCTED bit set r=briansmith 2014-12-08 13:39:19 -08:00
Brian Smith 346599ec9c Bug 1107791 Remove support for unusual wildcard names in certificates, r=keeler 
--HG--
extra : rebase_source : bd142d2e85059a0d0fd36325242553e94a7d4377
 2014-12-04 17:12:09 -08:00
Brian Smith bd9d21676a Bug 1107790: Remove support for absolute hostnames in presented DNS IDs and name constraints, r=keeler 
--HG--
extra : rebase_source : cf402f902196e729026d713cd6d62f5c3b889a12
 2014-12-08 16:42:54 -08:00
Brian Smith fc17106cf0 Bug 970542, Part 9: Better document name constraints as reference IDs, r=keeler 
--HG--
extra : rebase_source : 60413188771454081226d58d03156c15ce795ca7
 2014-10-26 11:26:26 -07:00
Brian Smith 65284e98f6 Bug 970542, Part 8: IPAddress name constraint tests, r=keeler 
--HG--
extra : rebase_source : e8cc0158248d4621da19dfef56089957af417f73
 2014-10-26 16:57:00 -07:00
Brian Smith 7dd909b9e5 Bug 970542, Part 5: New name constraint implementation, r=keeler, r=mmc 
--HG--
extra : rebase_source : 849161ac892b05e5ff2d5552c632fc647d309085
 2014-10-18 15:38:42 -07:00
Brian Smith 2e28de4900 Bug 970542, Part 4: DirectoryName name constraint matching, r=keeler 
--HG--
extra : rebase_source : 01770088851823ae1005227dcd43d82d015f4b0e
 2014-10-18 14:51:37 -07:00
Brian Smith 39a86a3659 Bug 970542, Part 3: IPAddress name constraint matching, r=keeler 
--HG--
extra : rebase_source : f47ef9ead3323704595b91873811d1ead2403839
 2014-10-17 13:02:26 -07:00
Brian Smith 8b38009a34 Bug 970542, Part 2: DNSName name constraint matching, r=keeler 
--HG--
extra : rebase_source : 50b1a7d5d9da97cc64e09d5e6cdc41b8200c3551
 2014-10-20 22:20:58 -07:00
Brian Smith 8d8b1cf373 Bug 970542, Part 1: Refactor name matching within CN AVAs to reduce duplicate logic, r=keeler 
--HG--
extra : rebase_source : f129b24c58377f34ac7d80ee7d5e8775635843ff
 2014-10-16 16:44:27 -07:00
David Keeler 3cd3e496aa bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith 
validThrough should now be the time through which, if passed in as the given
time to validate an OCSP response at, VerifyEncodedOCSPResponse will still
consider it trustworthy. After that time, it will be expired. This makes it
so the OCSP cache compares validity period responses consistently with
mozilla::pkix.
 2014-11-21 10:43:43 -08:00
David Keeler cd0d5fbdc0 bug 1079658 - check for the id-pkix-ocsp-nocheck extension when decoding certificates r=briansmith 2014-11-03 11:35:15 -08:00
Brian Smith 774861532b Bug 1089104: Add support for TeletexString-encoded CN-IDs to CheckCertHostname, r=keeler 
--HG--
extra : rebase_source : 320794deae857a574f509b7277ea64576abd37b3
 2014-10-29 17:19:45 -07:00
Monica Chew e8c341b1fd Bug 1083539: Fix dropped return value check (r=keeler) 2014-10-23 17:07:45 -07:00
Brian Smith 6926e8bc53 Bug 1063281, Part 8: Rewrite PresentedDNSIDMatchesReferenceDNSID, r=keeler 
--HG--
extra : rebase_source : a74e8d89a3ddfe5f6af70f32d31f1dc06600d90a
 2014-10-15 19:21:35 -07:00
Brian Smith d7d68e721d Bug 1063281, Part 7: Implement IsValidPresentedDNSID, r=keeler 
--HG--
extra : rebase_source : 32d85980d8d486bb806e169a8241256ad57fa9d1
 2014-10-16 15:59:34 -07:00
Brian Smith 8d32c13ab3 Bug 1083539: Factor out common SEQUENCE unwrapping logic into reusable functions, r=mmc 
--HG--
extra : rebase_source : 93d669d3cbe178339fe59c1d9345c773b4e238d4
 2014-10-14 02:07:08 -07:00
Brian Smith bda4ef165a Bug 1063281, Part 6: Implement CheckCertHostname, r=keeler 
--HG--
extra : rebase_source : c28fe67d319f64b2efa326fd8649ef529c487c05
 2014-10-15 16:10:32 -07:00
Brian Smith 72d294039c Bug 1063281, Part 5: Implement DNS ID matching, r=keeler 
--HG--
extra : rebase_source : 5221245ce8da065d64a7ff17bdfde0e617562447
 2014-09-30 19:40:15 -07:00
Brian Smith 149817ebfc Bug 1063281, Part 4: Implement ParseIPv6Address, r=keeler 
--HG--
extra : rebase_source : 9a75a81a840591aaf73acd5be4d7ca504b6432e5
 2014-09-06 01:10:24 -07:00
Brian Smith 0e87ec98c7 Bug 1063281, Part 3: Implement ParseIPv4Address, r=keeler 
--HG--
extra : rebase_source : fbafcb7573be8fa83036a8fadbfa74938ab7a4a6
 2014-09-05 23:20:18 -07:00
Brian Smith 4a2c8b5274 Bug 1063281, Part 2: Implement IsValidDNSName, r=keeler 
--HG--
extra : rebase_source : 202898df26c7321f543ab7aeb222cdc6db67fe0d
 2014-09-30 14:41:39 -07:00
Brian Smith 3b8c2fc2a8 Bug 1063281, Part 1: Expose moilla::pkix::BackCert::GetSubjectAltName, r=keeler 
--HG--
extra : rebase_source : c89ae439a21f11fce66a785e8732ca8793d51936
 2014-08-17 17:24:20 -07:00
Cykesiopka 1c4af4e6a1 Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith 2014-10-18 15:18:00 +02:00
Carsten "Tomcat" Book e5ad1e7db2 Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests 2014-10-17 13:14:29 +02:00
Cykesiopka 01941f880c Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith 2014-10-16 05:13:00 +02:00
David Keeler 0a4f56b330 bug 1042889 - use a separate error for untrusted x509v1 certificates used as CAs r=briansmith 2014-10-15 10:38:51 -07:00
David Keeler 42cd9ec5ca bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith 2014-10-07 09:35:42 -07:00
David Keeler 71bd008415 backout 9815045d0c5a (bug 1058812 1/3) for mochitest orange on a CLOSED TREE 2014-10-08 12:10:46 -07:00
David Keeler 5606be5b15 bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith 2014-10-07 09:35:42 -07:00
Brian Smith 864c184e30 bug 1045739 - (1/2) mozilla::pkix: stop checking revocation for expired certificates r=keeler 2014-08-14 12:02:55 -07:00
David Keeler fd860abf57 bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco 2014-09-25 11:18:56 -07:00
Richard Barnes f07a938b7c Bug 1045973 - sec_error_extension_value_invalid: mozilla::pkix does not accept certificates with x509v3 extensions in x509v1 or x509v2 certificates r=keeler 2014-09-23 16:48:54 -04:00
David Keeler 06b4f5bba9 bug 1060929 - mozilla::pkix: allow explicit encodings of default-valued BOOLEANs for compatibility r=briansmith 2014-09-22 09:26:10 -07:00
Richard Barnes 211a288b8e Backed out changeset 40d6ccba44f1 (bug 1045973) 2014-09-22 15:40:19 -04:00
Richard Barnes d86025defe Bug 1045973 - sec_error_extension_value_invalid: mozilla::pkix does not accept certificates with x509v3 extensions in x509v1 or x509v2 certificates 2014-09-22 14:22:02 -04:00
Brian Smith c5500b85df Bug 1065264: Use MOZILLA_PKIX_MAP_LIST to define mozilla::pkix::Result, r=keeler 
--HG--
extra : rebase_source : a91f7ab118f802fed6441edf00a245fe90c8e506
 2014-09-10 00:17:24 -07:00
Camilo Viecco 9a1ec24aef Bug 1067565 - Built-in pins expires decades later. r=keeler 2014-09-15 17:17:12 -07:00
Brian Smith c857f8e0f4 Bug 1063013, Part 4: Move MapResultToName and MAP_LIST out of pkixnss.h/pkixnss.cpp, r=keeler 
--HG--
rename : security/pkix/lib/pkixnss.cpp => security/pkix/lib/pkixresult.cpp
extra : rebase_source : 2fec0a279f7ef6acdd7ac8bf749190eef33df70d
 2014-08-31 19:42:36 -07:00
Brian Smith 8b26ecac0b Bug 1061021, Part 1: Stop using NSS to encode names in tests, r=keeler 
--HG--
extra : rebase_source : 1fa1826fe356314e80784915e08d5a787bf2259f
 2014-08-30 23:11:23 -07:00
Brian Smith a6be0bc849 Bug 1059924, Part 1: Centralize tag and length decoding in mozilla::pkix's DER decoder, r=keeler 
--HG--
extra : rebase_source : 6702a599f07cf83deac832eab0712dc716ea2561
 2014-09-02 22:03:30 -07:00
David Keeler a250e4de47 bug 1057123 - mozilla::pkix: allow end-entity certificates to assert keyCertSign in some cases r=briansmith 2014-09-03 10:12:55 -07:00
Brian Smith ede2da1dd5 Bug 1057791: Switch PR_ASSERT to assert in pkixcheck.cpp, r=keeler 
--HG--
extra : rebase_source : a63e822eed9914046127c466f7e5c4f0e3e84361
extra : histedit_source : fc9d16f67cc349f5c7d3964c5dc58de1e5b9e986
 2014-08-17 16:50:45 -07:00