Jonathan Hao
|
3d02a2da65
|
Bug 1216469 - Bypass verification for signed packages from trust origins. r=valentin
|
2015-10-22 17:09:44 +08:00 |
|
Jonathan Hao
|
e4b1f62b85
|
Bug 1178448 - Use imported CA in developer mode. r=keeler,valentin
|
2015-10-08 17:08:45 +08:00 |
|
Jonathan Hao
|
e2da61623b
|
Bug 1178518 - Add an AppTrustedRoot for signed packaged app. r=keeler
|
2015-09-07 15:28:21 +08:00 |
Richard Barnes
|
990593f9cf
|
Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
|
2015-09-11 14:52:30 -04:00 |
Fabrice Desré
|
3a47f061c9
|
Bug 1196988 - Remove THA support. r=gwagner
|
2015-08-21 10:00:54 -07:00 |
Mark Goodwin
|
91782dab68
|
Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
|
2015-07-09 07:22:29 +01:00 |
Cykesiopka
|
0a9aea4ab2
|
Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
|
2015-06-29 22:19:00 +02:00 |
David Keeler
|
4e7fc3055e
|
bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
|
2015-04-06 16:10:28 -07:00 |
Eric Rahm
|
4eceb82c1f
|
Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj
PR_LOGGING is now always defined, we can remove #ifdefs checking for it.
|
2015-05-08 14:36:33 -07:00 |
Dave Townsend
|
7b5d12ad46
|
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
|
2015-03-31 11:32:40 -07:00 |
Carsten "Tomcat" Book
|
30b01a14e8
|
Backed out changeset f99621542727 (bug 1038068) for test failures in test_corrupt.js etc on a CLOSED TREE
|
2015-04-23 09:09:30 +02:00 |
|
Dave Townsend
|
2fb50ac667
|
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
extra : amend_source : 4aa3ae86e2afc75529e880ab962c67163405248b
|
2015-03-31 11:32:40 -07:00 |
Wes Kocher
|
9adc1fecb8
|
Backed out changeset 3b48e1a81a17 (bug 1038068) for xpcshell orange even after a clobbering IGNORE IDL
--HG--
extra : amend_source : 086173e953ae46aa2292993601380ab04884b1ac
|
2015-04-21 18:21:52 -07:00 |
|
Dave Townsend
|
f4b5328e0d
|
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). IGNORE IDL. r=dveditz
--HG--
extra : rebase_source : a48282c6b3f10391e9492d4f0a89cef8697ea622
extra : amend_source : 17c0645d0577dad789b2d9b4879459327fcef1f7
|
2015-03-31 11:32:40 -07:00 |
|
Cykesiopka
|
171babfad4
|
Bug 1139177 - RSA public key size checking cleanups. r=keeler
|
2015-03-05 16:41:00 +01:00 |
Brian Smith
|
06b7804e70
|
Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
|
2015-02-14 16:59:02 -08:00 |
|
Brian Smith
|
a89b90ea7f
|
Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
|
2015-02-07 12:14:31 -08:00 |
|
Brian Smith
|
b0f87b9b6c
|
Bug 1122841, Part 2: Centralize checking of public key, r=keeler
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
|
2015-02-02 16:17:08 -08:00 |
|
Brian Smith
|
f118650ad8
|
Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj
--HG--
extra : rebase_source : b11b172fac76c7845d2a97cabf1bad9e04a50367
|
2014-12-23 14:51:52 -08:00 |
|
Cykesiopka
|
1c4af4e6a1
|
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
|
2014-10-18 15:18:00 +02:00 |
|
Carsten "Tomcat" Book
|
e5ad1e7db2
|
Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests
|
2014-10-17 13:14:29 +02:00 |
|
Cykesiopka
|
01941f880c
|
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
|
2014-10-16 05:13:00 +02:00 |
|
Eric Rahm
|
8d715a7fe4
|
Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan
|
2014-10-08 13:17:32 -07:00 |
|
Wes Kocher
|
445e1466e9
|
Backed out 5 changesets (bug 806819) for WinXP test failures on a CLOSED TREE
Backed out changeset 009ae35b0c67 (bug 806819)
Backed out changeset 5a57f87f5061 (bug 806819)
Backed out changeset f06cd735b5b3 (bug 806819)
Backed out changeset e25a2a8d4af4 (bug 806819)
Backed out changeset 70a167982c3f (bug 806819)
|
2014-10-06 16:32:50 -07:00 |
|
Eric Rahm
|
80d2b8bba6
|
Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan
--HG--
extra : rebase_source : c96eea1c12ea8c19314393f0e8b4b57a4316a61d
|
2014-10-06 13:08:20 -07:00 |
|
David Keeler
|
fd860abf57
|
bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco
|
2014-09-25 11:18:56 -07:00 |
Vlatko Markovic
|
8818f4947f
|
Bug 1059216 - Verification of Trusted Hosted Apps manifest signature, part 1. r=dkeeler,rlb
|
2014-09-22 07:58:59 -07:00 |
Ehsan Akhgari
|
7257b2f870
|
Bug 579517 follow-up: Remove NSPR types that crept in
|
2014-08-08 08:39:07 -04:00 |
|
Brian Smith
|
0ccaf0860c
|
Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler
--HG--
extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2
|
2014-08-02 08:49:12 -07:00 |
|
Brian Smith
|
de725ae5ef
|
Bug 1047792: Rely on mozilla::pkix to filter out expired certs instead of CERT_CreateSubjectCertList, r=keeler
--HG--
extra : rebase_source : 5182147037b69f0ac3c3cd060d6e2af71bfde2e7
|
2014-08-01 23:16:21 -07:00 |
|
Brian Smith
|
d77dac0580
|
Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler
--HG--
extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478
|
2014-07-31 12:17:31 -07:00 |
|
Brian Smith
|
ffe743ee06
|
Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c
|
2014-07-18 22:30:51 -07:00 |
|
Brian Smith
|
5f56fc60d6
|
Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco
--HG--
extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4
|
2014-07-20 11:06:26 -07:00 |
|
Brian Smith
|
c45dc156d1
|
Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler
--HG--
extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532
|
2014-07-18 11:48:49 -07:00 |
Marco Castelluccio
|
3236b9594b
|
Bug 1021345 - Allow apps to be installed from the Marketplace staging server. r=fabrice
|
2014-07-23 13:20:25 +02:00 |
|
Cykesiopka
|
0289b45f0c
|
Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith
|
2014-07-15 19:49:00 -04:00 |
|
Brian Smith
|
17375cc8b3
|
Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8
extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d
|
2014-07-06 19:36:05 -07:00 |
|
Brian Smith
|
c162caba82
|
Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad
extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb
|
2014-07-10 19:00:32 -07:00 |
|
Brian Smith
|
b14f27897b
|
Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco
--HG--
extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc
|
2014-07-10 22:38:59 -07:00 |
|
Brian Smith
|
3f110246be
|
Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc
extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605
|
2014-07-06 15:55:38 -07:00 |
|
Brian Smith
|
f5ec8594e7
|
Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler
--HG--
extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e
|
2014-07-02 16:15:16 -07:00 |
|
Brian Smith
|
89e560be23
|
Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler
--HG--
extra : rebase_source : e093922497d005734c590a59f175993a7715bce8
|
2014-07-03 16:59:42 -07:00 |
|
Brian Smith
|
ca4f473450
|
Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
|
2014-06-20 10:10:51 -07:00 |
|
Brian Smith
|
67bd0799fb
|
Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
--HG--
extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8
|
2014-06-05 15:18:32 -07:00 |
|
Brian Smith
|
279c66a9b8
|
Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
--HG--
extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f
|
2014-06-03 10:47:25 -07:00 |
|
Marco Castelluccio
|
51f64d5cbb
|
Bug 972201 - Remove the MOZ_B2G_CERTDATA hack. r=briansmith
|
2014-05-18 15:42:42 +02:00 |
|
Brian Smith
|
2912321bc5
|
Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
|
2014-05-15 18:59:52 -07:00 |
|
Brian Smith
|
9ae1a34e11
|
Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
|
2014-04-25 16:29:26 -07:00 |
|
David Keeler
|
b1405bc489
|
bug 985201 - rename insanity::pkix to mozilla::pkix r=cviecco r=briansmith
--HG--
rename : security/insanity/include/insanity/ScopedPtr.h => security/pkix/include/pkix/ScopedPtr.h
rename : security/insanity/include/insanity/bind.h => security/pkix/include/pkix/bind.h
rename : security/insanity/include/insanity/nullptr.h => security/pkix/include/pkix/nullptr.h
rename : security/insanity/include/insanity/pkix.h => security/pkix/include/pkix/pkix.h
rename : security/insanity/include/insanity/pkixtypes.h => security/pkix/include/pkix/pkixtypes.h
rename : security/insanity/lib/pkixbind.cpp => security/pkix/lib/pkixbind.cpp
rename : security/insanity/lib/pkixbuild.cpp => security/pkix/lib/pkixbuild.cpp
rename : security/insanity/lib/pkixcheck.cpp => security/pkix/lib/pkixcheck.cpp
rename : security/insanity/lib/pkixcheck.h => security/pkix/lib/pkixcheck.h
rename : security/insanity/lib/pkixder.cpp => security/pkix/lib/pkixder.cpp
rename : security/insanity/lib/pkixder.h => security/pkix/lib/pkixder.h
rename : security/insanity/lib/pkixkey.cpp => security/pkix/lib/pkixkey.cpp
rename : security/insanity/lib/pkixocsp.cpp => security/pkix/lib/pkixocsp.cpp
rename : security/insanity/lib/pkixutil.h => security/pkix/lib/pkixutil.h
rename : security/insanity/moz.build => security/pkix/moz.build
rename : security/insanity/test/lib/moz.build => security/pkix/test/lib/moz.build
rename : security/insanity/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestutil.cpp
rename : security/insanity/test/lib/pkixtestutil.h => security/pkix/test/lib/pkixtestutil.h
|
2014-03-20 14:29:21 -07:00 |
|
Brian Smith
|
dbb4eb51fe
|
Bug 978528: Return the correct error message when no potential issuers are found during path bulding in insanitY::pkix, r=cviecco
--HG--
extra : rebase_source : 71f806312ad322bc2971e7efaea2da217b07efad
|
2014-03-01 20:55:51 -08:00 |