Before this patch, nsNSSComponent initialization would call PK11_ConfigurePKCS11
with some localized strings, which contributed to startup time. Also,
PK11_UnconfigurePKCS11 was never called, so the memory allocated to these
strings would stick around forever. This patch addresses both of these problems
by not calling PK11_ConfigurePKCS11. This means that some properties of NSS'
internal "PKCS#11 slots/tokens" have to be localized when displaying them to the
user.
MozReview-Commit-ID: BbAgbgpFfFG
--HG--
extra : rebase_source : b633da8fea683675d0c0514a378954332afeb024
This patch moves all TLS error string handling to the frontend.
Dev-tools doesn't show the same error code as the page does anymore but only the error code as string.
All logging of these error messages has been removed.
Bug #: 1415279
Differential Revision: https://phabricator.services.mozilla.com/D607
--HG--
extra : rebase_source : 61e2d94cb21ef4c02b81448531609205c85a9707
Certificate verification failures that result from additional policy constraint
failures now use the error code
"MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED" (also known as
"Result::ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED", depending on the context).
MozReview-Commit-ID: 9rE7gRBapRF
--HG--
extra : rebase_source : 9a60900a86f9eebab58b973f3e8f776b2481a1ff
As of bug 1257362, the platform does not verify code signing certificates in
general, so anything involving the code signing trust of certificates can go.
MozReview-Commit-ID: 9g9kM62xfYZ
--HG--
extra : rebase_source : 5bec64e5f451c8433aff0de82a91f7bd54c24608
NSS command-line utilities may add a built-in root certificate module with the
name "Root Certs" if run on a profile that has a copy of the module file (which
is an unexpected configuration in general for Firefox). This can cause breakage.
To work around this, PSM now simply deletes any module named "Root Certs" at
startup. In an effort to prevent PSM from deleting unrelated modules
coincidentally named "Root Certs", we also prevent the user from using the
Firefox UI to name modules "Root Certs".
MozReview-Commit-ID: ABja3wpShO9
--HG--
extra : rebase_source : cfc62fb3fabf491a72f009601f3ec6973244642e
Incidentally, this means we can remove certificateUsageVerifyCA and
certificateUsageStatusResponder from CertVerifier, since we no longer use them.
MozReview-Commit-ID: Bbqn8fShfTm
--HG--
extra : rebase_source : 012cb08dcbe33fe889c9f6824959b1a02cd0bdc7
This changes does several things:
1. Changes some titles to include the word "driver" for better clarity.
2. Moves and cleans up the JS implementation of load_device.xul. Having a
cleaner implementation in a separate file makes the code easier to discover
and maintain.
3. Removes code that tries to show a special case message if a module was
already loaded.
3A. The backend code doesn't provide distinction from this case and failure to
add in general.
3B. The backend code would only return the error code being checked for if a
blank module name was provided.
4. Adds tests.
MozReview-Commit-ID: 8BxKWKw5rvp
--HG--
extra : rebase_source : 15a29bf7d46f523a11eac37c9f0c6efb2b5d0114
In general, any code that was using nsIX509Cert.nickname should be able to use
the attribute displayName (if using nickname for display purposes) or the
attribute dbKey (if using nickname as a unique identifier for a certificate).
MozReview-Commit-ID: G9CfMJDfLqe
--HG--
extra : rebase_source : 1c464dab8f028568cedd5a42cf87428b8bb63fc0
When doing TLS session resumption, the AuthCertificate hook is bypassed, which
means that the front-end doesn't know whether or not to show the EV indicator.
To deal with this, the platform attempts an EV verification. Before this patch,
this verification lacked much of the original context (e.g. stapled OCSP
responses, SCTs, the hostname, and in particular the first-party origin key).
Furthermore, it was unclear from a code architecture standpoint that a full
verification was even occurring. This patch brings the necessary context to the
verification and makes it much more clear that it is happening. It also takes
the opportunity to remove some unnecessary EV-related fields and information in
code and data structures that don't require it.
MozReview-Commit-ID: LTmZU4Z1YXL
--HG--
extra : rebase_source : 7db702f2037fae83c87fbb6aca75b4420544dff9
nsIDialogParamBlock isn't a great API, and is best avoided.
This patch also updates downloadcert.js to match modern PSM style, and adds a
test.
MozReview-Commit-ID: J2g2H0iBAn4
--HG--
extra : rebase_source : 9365f7b1c7a88caef84f0353e18510dcab9a5d32
The cert viewer currently supports two ways to pass a handle to the cert:
1. Passing the nickname of the cert via window.name.
2. Via an nsIDialogParamBlock, which is itself accessed through window.arguments.
Method 1 is unused and unnecessary.
Method 2 is overly complex: the relevant nsIX509Cert can just be passed directly.
This patch does the following:
1. Makes it so that there is only a single, straightforward way to pass a handle
to the cert.
2. Makes the cert viewer title localisable while we're nearby.
3. Renames viewCertDetails.js to better reflect the current use of the file.
MozReview-Commit-ID: pqtfNgvImT
--HG--
rename : security/manager/pki/resources/content/viewCertDetails.js => security/manager/pki/resources/content/certViewer.js
extra : rebase_source : 776a27111ab26cdcdc91b002890c43a3fe4f48e8
Deleting certs via the cert manager results in a confirmation dialog popping up.
This dialog contains a list of certs that were selected for deletion.
Currently, only the Common Name of each cert is used to represent it in the list.
This is a problem for certs that don't have a CN. More jarringly, the cert
manager itself falls back to various other attributes, so for example selecting
a cert that is represented by its OU ends up popping up a dialog where an empty
list is shown.
MozReview-Commit-ID: 3z4BebW8Ucd
--HG--
extra : rebase_source : 468eb3de470e3ec42471c80183a9c48ebfb130c9
extra : histedit_source : 90e1d2fc73aaba4ded68d933b6ea3a6092d60636
The code is used in comm-central, but is unused in mozilla-central. It will be
imported into comm-central in Bug 1297368.
MozReview-Commit-ID: BEY9BR0YRiD
--HG--
extra : rebase_source : 6d34c1e82cd749a009f26be50fde0537373f2f9e
prathiksha
Jonathan Kingston
monikamaheshwari
Cosmin Sabou
Tim Nguyen
Gijs Kruitbosch
Johann Hofmann
Andreea Pavel
Qinghao_Jack_Song
Paolo Amadini
trisha
arthur.iakab
shindli
David Keeler
Sylvestre Ledru
Franziskus Kiefer
Francesco Lodolo (:flod)
Matthew Noorenberghe
Evan Tseng
Cykesiopka
Sergei Chernov
Carsten "Tomcat" Book
Joseph Yeh