Acording to crash reports, obsfucating the NSS DB locations did not help, so
this patch un-does the changes and un-migrates any migrated DB locations.
Differential Revision: https://phabricator.services.mozilla.com/D129323
Some crash reports appear to be indicating that initializing NSS' certificate
and key databases is taking on the order of minutes in some cases, which is
unexpected. One hypothesis is that third-party software is opening these DBs at
the same time that NSS is operating on them, causing contention and thus
slowness. This patch experimentally (in Nightly only) renames these DBs in the
hopes that third-party software might not recognize them as the DBs it's
looking for, and will thus leave them alone.
Differential Revision: https://phabricator.services.mozilla.com/D126028
Some crash reports appear to be indicating that initializing NSS' certificate
and key databases is taking on the order of minutes in some cases, which is
unexpected. One hypothesis is that third-party software is opening these DBs at
the same time that NSS is operating on them, causing contention and thus
slowness. This patch experimentally (in Nightly only) renames these DBs in the
hopes that third-party software might not recognize them as the DBs it's
looking for, and will thus leave them alone.
Differential Revision: https://phabricator.services.mozilla.com/D126028
Some crash reports appear to be indicating that initializing NSS' certificate
and key databases is taking on the order of minutes in some cases, which is
unexpected. One hypothesis is that third-party software is opening these DBs at
the same time that NSS is operating on them, causing contention and thus
slowness. This patch experimentally (in Nightly only) renames these DBs in the
hopes that third-party software might not recognize them as the DBs it's
looking for, and will thus leave them alone.
Differential Revision: https://phabricator.services.mozilla.com/D126028
Some crash reports appear to be indicating that initializing NSS' certificate
and key databases is taking on the order of minutes in some cases, which is
unexpected. One hypothesis is that third-party software is opening these DBs at
the same time that NSS is operating on them, causing contention and thus
slowness. This patch experimentally (in Nightly only) renames these DBs in the
hopes that third-party software might not recognize them as the DBs it's
looking for, and will thus leave them alone.
Differential Revision: https://phabricator.services.mozilla.com/D126028
NSS shutdown happens in ShutdownXPCOM, after PSM (namely, nsINSSComponent) has
been shut down. Unloading temporarily-loaded PKCS#11 modules like the built-in
roots module and the osclientcerts module when PSM shuts down is redundant,
because this will happen when NSS shuts down anyway. Furthermore, doing so can
run afoul of some race conditions in NSS, so removing this redundant code is
the way to go.
Differential Revision: https://phabricator.services.mozilla.com/D126141
Automatically generated path that adds flag `REQUIRES_UNIFIED_BUILD = True` to `moz.build`
when the module governed by the build config file is not buildable outside on the unified environment.
This needs to be done in order to have a hybrid build system that adds the possibility of combing
unified build components with ones that are built outside of the unified eco system.
Differential Revision: https://phabricator.services.mozilla.com/D122345
This patch converts the pinning preference
"security.cert_pinning.enforcement_level" to be static. It also removes some
unused pinning preferences and parameters.
Differential Revision: https://phabricator.services.mozilla.com/D117095
This patch converts the pinning preference
"security.cert_pinning.enforcement_level" to be static. It also removes some
unused pinning preferences and parameters.
Differential Revision: https://phabricator.services.mozilla.com/D117095
This patch converts the pinning preference
"security.cert_pinning.enforcement_level" to be static. It also removes some
unused pinning preferences and parameters.
Differential Revision: https://phabricator.services.mozilla.com/D117095
Bug 1689729 moved some certificate verification operations to the socket thread
using synchronous runnables. Unfortunately this caused a performance regression
that can't be addressed until all certificate verification operations that
involve NSS certificate resources happen on the socket thread. Until then, this
patch reverts that behavior.
Differential Revision: https://phabricator.services.mozilla.com/D115023
In some special cases the PK11_FindRawCertsWithSubject could return failure.
We don't want to return with failure but try the other slots before.
Differential Revision: https://phabricator.services.mozilla.com/D111261
Firefox sometimes caches intermediate certificates from verified connections in
case they are useful in the future. This operation involves modifying the NSS
cert database, and so should only be done on the socket thread (ideally when it
is idle).
Differential Revision: https://phabricator.services.mozilla.com/D106230
See bug 1689728. To avoid contention on NSS resources and thread-safety issues,
this patch dispatches synchronous events to the socket thread in
NSSCertDBTrustDomain::GetCertTrust and FindIssuer to gather information from
NSS rather than using NSS directly on the cert verification threads.
Differential Revision: https://phabricator.services.mozilla.com/D103514
Dana Keeler
John M. Schanck
Narcis Beleuzu
Marian-Vasile Laza
Butkovits Atila
Tim Huang
R. Martinho Fernandes
Andi-Bogdan Postelnicu
Iulian Moraru
Jan Horak
Moritz Birghan
Brindusan Cristian
Benjamin Beurdouche
Bogdan Tara
Dorel Luca
smolnar