990593f9cf
Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
2015-09-11 14:52:30 -04:00
b15946229a
Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
2015-09-09 14:16:59 +02:00
f44287005f
Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
...
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
2015-08-27 20:44:53 -07:00
c7fdbe4d0f
Backed out changeset 982be1bbebdf (bug 1199624) for Windows bustage.
2015-08-30 17:09:09 -04:00
c8309c6328
Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
2015-08-29 07:59:00 -04:00
7da4ee35ba
Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
2015-08-21 15:27:22 +09:00
b85471d7e8
Backout changesets af1b36497559 and 1d52ab626597 (bug 1189891) for pkix bustage
2015-08-21 15:05:38 +09:00
067b45951a
Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
2015-08-21 14:29:19 +09:00
a8939590de
Bug 1182996 - Fix and add missing namespace comments. rs=ehsan
...
The bulk of this commit was generated by running:
run-clang-tidy.py \
-checks='-*,llvm-namespace-comment' \
-header-filter=^/.../mozilla-central/.* \
-fix
2015-07-13 08:25:42 -07:00
91782dab68
Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
2015-07-09 07:22:29 +01:00
0a9aea4ab2
Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
...
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
2015-06-29 22:19:00 +02:00
ab7196486a
Bug 1060112 - Don't treat OCSP responses omitting the requested certificate status as "unknown certificate" responses blocking the connection r=keeler
2015-05-21 13:39:34 -04:00
4e7fc3055e
bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
2015-04-06 16:10:28 -07:00
e69f0f4b4b
bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith
2015-04-08 16:17:39 -07:00
95bd8011e6
Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler
...
--HG--
extra : rebase_source : caf903d29b0adc22fcc7e87e4fa0019cfa48007e
2015-04-14 05:33:03 -10:00
f124561818
Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler
...
We used to avoid using Nested and NestedOf because they were based on
bind and it was difficult to maintain our std::bind polyfill. Now that
we use lambdas, it is easy to use Nested and NestedOf, so we should do
so wherever it makes the code clearer.
--HG--
extra : rebase_source : 1157d16320b3b211e3ce612b75782e8bd9c55f30
2015-04-14 05:32:46 -10:00
d09798e9f5
Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler
...
Also fixes the wrong comment. The syntax for version in OCSP and X.509
certs is identical.
--HG--
extra : rebase_source : 744a2998ce8c55a61fbbc1966bc22e4903fa2484
2015-04-14 05:32:29 -10:00
0cac719ba9
Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler
...
--HG--
extra : rebase_source : 899eaed19b13edc9c257f0ab212d447bb54e607d
2015-04-14 05:06:41 -10:00
67e9dfaaf8
Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith
...
This avoids -Wunused-variable fatal warnings with GCC 5.0
2015-04-15 09:21:23 +09:00
566d65be48
Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler
...
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.
--HG--
rename : security/pkix/include/pkix/ScopedPtr.h => security/pkix/lib/ScopedPtr.h
extra : rebase_source : 206bfb32aa5a04a4719f28b4aca59fe2f0abbec3
2015-04-13 00:28:11 -10:00
a0437d5b8f
Bug 1146057: Remove support for GCC 4.6, r=keeler
...
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.
--HG--
extra : rebase_source : 0f104f16be9e7c1ff87bbdd0d4ba6700b1081fb8
2015-03-30 20:18:46 -10:00
36b7acc82a
Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler
...
--HG--
extra : rebase_source : 7bb0327749fd013ba5de17483d21a9e9f21eb07a
extra : source : 9f3617a5b85a8a2ae9a82c0f0584b413a9b635b4
2015-02-26 13:10:13 -08:00
3ab08d7fdb
Bug 1136278, Part 1: Refactor algorithm identifiers in tests, r=keeler
...
This will make it easier to expand the tests to additional
signature algorithms and additional public key types.
--HG--
extra : rebase_source : 256923fff83d58732b6c995a4096b773fdbb28c1
2015-02-26 16:11:41 -08:00
2cf7194567
bug 1143085 - allow subject alternative name extensions to be empty for compatibility r=briansmith a=kwierso
...
--HG--
extra : amend_source : 89b8233b57049a3d2886aa08cd85c57e6faa693e
2015-03-16 14:00:33 -07:00
cc58dd5d1a
Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching. r=briansmith
2015-03-03 13:34:45 -08:00
06b7804e70
Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
...
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
2015-02-14 16:59:02 -08:00
27cb600f2f
Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler
...
--HG--
extra : rebase_source : d0c599f7fc29b5fbcb7d8cd97980a3f39d39f515
2015-02-14 15:59:38 -08:00
bdb4294871
Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler
...
--HG--
extra : rebase_source : 9a2ca8cb370169f675557987a6b1cc0dedb24ff6
2015-02-22 16:59:03 -08:00
f2235a16db
Bug 1135407: Factor out duplicate logic in tests, r=keeler
...
--HG--
extra : rebase_source : d93eef89cb6596cf35e2ebef29030423cf027f0b
2015-02-21 14:12:38 -08:00
baf73d756f
Bug 1135745 - Disable the reserved-id-macro macro in security/pkix; r=briansmith
2015-02-23 13:40:09 -05:00
ffe59cf419
Bug 1133618 - Move test SHA1 function to pkixtestutil.cpp. r=mmc
...
--HG--
extra : histedit_source : ef579a4958356a12974b1f0f69ab2d6070ff8e65
2015-02-16 16:37:03 -08:00
bbf8006735
Bug 1130754 - Make PublicKeyAlgorithm an enum class. r=keeler
...
--HG--
extra : histedit_source : 14d321bc2cbdf749fd05994571ca439ee62ab973
2015-02-14 13:25:09 -08:00
47f24e15e4
Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler
2015-02-18 15:56:00 -05:00
a89b90ea7f
Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler
...
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
2015-02-07 12:14:31 -08:00
b0f87b9b6c
Bug 1122841, Part 2: Centralize checking of public key, r=keeler
...
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
2015-02-02 16:17:08 -08:00
dbc534e182
Bug 1122841, Part 1: Add PositiveInteger parser, r=keeler
...
--HG--
extra : rebase_source : 50d79951398e44bf2718c0f071962aa00660fec2
2015-02-06 18:21:20 -08:00
1bb835dbca
Bug 1128413, Part 4: Fix warnings in mozilla-config.h and gcc-stl-wrapper.template.h, r=glandium
...
--HG--
extra : rebase_source : 7ba4fb8a0bd11648908e2790e86ce3bb4517aeb7
2015-02-02 17:35:19 -08:00
3920fcd650
Bug 1128413, Part 3: Enable more compiler warnings, r=mmc
...
--HG--
extra : rebase_source : 2d17605e6b9296b74493526e052b771be18d4260
2015-02-07 14:38:40 -08:00
6254cc408e
Bug 1128413, Part 2: Don't use double underscores any more
...
--HG--
extra : rebase_source : 5f550089aea320231ca2398126fc7f03e5dffc37
2015-01-31 19:51:46 -08:00
a4ceeff7d4
Bug 1128413, Part 1: Fix switch-related warnings, r=mmc
...
--HG--
extra : rebase_source : 3d70c2a4ae8f9705a8a2c56c2f49e50fe4711ea9
2015-02-02 14:21:27 -08:00
eb24c24fb9
Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler
...
--HG--
extra : rebase_source : de63f37cdef477d96c1aef8253feca7013ba3bfd
2015-02-06 11:18:20 -08:00
b28b423c32
Bug 1126128 - Mark TestTrustDomain::VerifySignedData as override; r=bsmith
2015-01-27 08:33:24 -05:00
d080be3549
Backed out changeset 45921e3d9773 (bug 1117034) because of build bustage on a CLOSED TREE
2015-01-26 21:52:40 -05:00
56e3b70f4e
Bug 1117034 - Mark some overridden functions in the tree as override
2015-01-26 21:14:12 -05:00
1cd331c2e4
bug 1125261 - mozilla::pkix: handle comparing single, relative labels with wildcards r=briansmith
...
e.g. handle comparing "localhost" with "*.example.com"
2015-01-23 15:56:53 -08:00
4137bc060d
Bug 1125673: Mark method 'FindIssuer' as 'override' in pkixocsp_VerifyEncodedOCSPResponse.cpp, to fix clang warning. r=briansmith
2015-01-26 10:40:07 -08:00
590cc7dc4a
Bug 1077790 - Make mozilla::pkix::CheckPublicKeySize() accept specific elliptic curves only. r=briansmith
...
--HG--
extra : rebase_source : 2eab41b647a78ef3a5ea9cf9710704e35c65803a
2015-01-21 17:20:16 -08:00
2968c94831
Bug 1114703: Remove mozilla::pkix's polyfill for std::bind, r=mmc
...
--HG--
extra : rebase_source : 11457f210c7f7534db2e6ebe1a8328985ff6d8b0
2015-01-21 04:00:40 -08:00
29d3c0ed37
Bug 1122835, Part 2: Simplify BitStringWithNoUnusedBits, r=keeler
...
--HG--
extra : rebase_source : 2beb4ceb866299454c3e9f5b93ac83a18c8fd1c2
2014-12-27 22:39:47 -08:00
f6753ef626
Bug 1122835: Add missing return value checks for Input::SkipToEnd, r=keeler
...
--HG--
extra : rebase_source : 9b445e3d73d643364355f18307cf13447a5726e8
2014-12-27 23:12:46 -08:00
Richard Barnes
Jacek Caban
Nicholas Nethercote
Ryan VanderMeulen
Mike Hommey
Birunthan Mohanathas
Mark Goodwin
Cykesiopka
Tim Taubert
David Keeler
Brian Smith
Ehsan Akhgari
Daniel Holbert