0de76a4c17
Merge b2g-inbound to m-c a=merge CLOSED TREE
2015-03-03 17:02:21 -08:00
6cb15b84a0
Bug 1012549 - 0004. Support read private key in keystore. r=dkeeler r=qdot
2015-02-28 21:54:24 +08:00
3b4360319c
bug 1085506 - gather telemetry for TLS handshake certificate verification errors r=rbarnes
2015-02-27 11:14:29 -08:00
f4a1822554
Bug 1130757 - tests for bug 1130757. r=dkeeler
...
--HG--
extra : rebase_source : 7b047f5bddf3544ca82d3b8875925acdbdb02ea5
2015-03-02 08:19:00 +01:00
3133a37202
Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler
...
--HG--
extra : rebase_source : ce8cff0735865c00f33102b82c31af35145bda2c
2015-02-26 04:38:00 +01:00
de906ce3ce
Bug 1130418 - Remove broken e-mail cert trust editing UI. r=emk
...
--HG--
extra : rebase_source : fb4c89e251e2ce3e4d9cf002a0cda4166a589a2c
2015-03-02 19:54:00 +01:00
4419d0186e
Bug 1130413 - Remove unused nsITokenPasswordDialogs::GetPassword() function. r=jjones
...
--HG--
extra : rebase_source : 85b9e442d6b5be401fdd389cc251add8a633bb23
2015-02-26 13:05:00 +01:00
b17feb3f40
Merge inbound to m-c a=merge
2015-03-02 12:12:47 -08:00
8084ed7b82
No bug, Automated HPKP preload list update from host bld-linux64-spot-044 - a=hpkp-update
2015-02-28 03:27:43 -08:00
94776e3384
No bug, Automated HSTS preload list update from host bld-linux64-spot-044 - a=hsts-update
2015-02-28 03:27:41 -08:00
8c48f9f304
Bug 1137470 - Upgrade Firefox to NSS 3.18, landing NSS_3_18_BETA7, r=nss-confcall
2015-02-26 23:29:08 +01:00
d01ea02613
bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith
2015-02-24 15:48:05 -08:00
a7d78c82c0
Bug 1136388. Change nsIDocumentLoaderFactory and nsIURIContentListener to take MIME types as an XPCOM string, not a char*. r=smaug
2015-02-25 10:26:51 -05:00
c5b6b444f2
Bug 1134942 - Whitelist fstatat and unlinkat for B2G content processes. r=gdestuynder
2015-02-20 12:16:00 +01:00
2672d3b5d3
Bug 1077864, Part 3: update nsserrors.properties so error message gets localized.
2015-02-23 16:04:23 -08:00
06b7804e70
Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
...
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
2015-02-14 16:59:02 -08:00
27cb600f2f
Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler
...
--HG--
extra : rebase_source : d0c599f7fc29b5fbcb7d8cd97980a3f39d39f515
2015-02-14 15:59:38 -08:00
bdb4294871
Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler
...
--HG--
extra : rebase_source : 9a2ca8cb370169f675557987a6b1cc0dedb24ff6
2015-02-22 16:59:03 -08:00
f2235a16db
Bug 1135407: Factor out duplicate logic in tests, r=keeler
...
--HG--
extra : rebase_source : d93eef89cb6596cf35e2ebef29030423cf027f0b
2015-02-21 14:12:38 -08:00
baf73d756f
Bug 1135745 - Disable the reserved-id-macro macro in security/pkix; r=briansmith
2015-02-23 13:40:09 -05:00
fd0387315e
Merge inbound to m-c. a=merge
2015-02-21 16:40:27 -05:00
c2dabe6507
No bug, Automated HPKP preload list update from host bld-linux64-spot-148 - a=hpkp-update
2015-02-21 03:32:26 -08:00
00bf62f9f5
No bug, Automated HSTS preload list update from host bld-linux64-spot-148 - a=hsts-update
2015-02-21 03:32:24 -08:00
256a142a70
Bug 1083344 - Tighten rules for Mac OS content process sandbox - "rules part". r=smichaud
...
--HG--
extra : histedit_source : f703a6a8abbf500cb882263426776fdb138b73a3
2015-02-21 13:06:34 +01:00
70a296a23b
Bug 1083344 - Tighten rules for Mac OS content process sandbox - "core part". r=smichaud
...
--HG--
extra : histedit_source : 3c904474c57dbf086365cc6b26a55c34b2b449ae
2015-02-18 14:10:27 +01:00
ffe59cf419
Bug 1133618 - Move test SHA1 function to pkixtestutil.cpp. r=mmc
...
--HG--
extra : histedit_source : ef579a4958356a12974b1f0f69ab2d6070ff8e65
2015-02-16 16:37:03 -08:00
bbf8006735
Bug 1130754 - Make PublicKeyAlgorithm an enum class. r=keeler
...
--HG--
extra : histedit_source : 14d321bc2cbdf749fd05994571ca439ee62ab973
2015-02-14 13:25:09 -08:00
2bdace7384
Bug 1127339 - Detect SSLv3-only server in PSM. r=keeler
2015-02-21 17:20:22 +09:00
31ea56f770
Bug 1097622 - Add test cases for certs that have notBefore times earlier than the UNIX epoch. r=dkeeler
2015-02-17 06:15:00 -05:00
47f24e15e4
Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler
2015-02-18 15:56:00 -05:00
37b3759ab9
Bug 1097622 - Rename (mE|e)rrorCodeExpired variables to (mE|e)rrorCodeTime. r=dkeeler
2015-02-17 06:12:00 -05:00
17cbaa2849
Bug 1133187 - Update fallback whitelist. r=keeler
2015-02-19 04:12:59 +09:00
0101cbcbce
Bug 1124039 - Allow RC4 only for whitelisted hosts. r=keeler
2015-02-19 04:12:58 +09:00
6b89f2db74
Bug 1137179 - Add wildcard support to the static fallback list. r=keeler
2015-02-28 08:53:44 +09:00
a64db6ab58
Bug 1136471 - Remove unused nsIIdentityInfo.getValidEVPolicyOid(). r=dkeeler
2015-02-26 13:05:00 -05:00
fc8fe2bd7c
Bug 1083344 - Add "allow" sandbox rules to fix mochitests on OSX 10.9 and 10.10. r=smichaud
2015-02-27 16:55:35 +01:00
5ef9f4d21f
Bug 1133283 - Remove nonstandard expression closures from security/manager/ssl/tests. r=keeler
2015-01-24 23:48:22 -08:00
372a8a591d
bug 1123671 - if a non-overridable error is encountered when processing an overridable certificate error, report the non-overridable error r=mmc r=jcj
...
Also, SEC_ERROR_UNTRUSTED_ISSUER and SEC_ERROR_UNTRUSTED_CERT are not actually overridable, so don't pretend they are.
2015-01-23 14:04:44 -08:00
ce50eac5c5
Bug 1012549 - 0001. Support import PKCS12 certificate. r=dkeeler r=vchang
2015-02-28 21:54:16 +08:00
b88b7049eb
Bug 1099296 - Attach LoadInfo to remaining callers of ioService and ProtocolHandlers - in security/ (r=keeler)
2015-02-17 10:09:40 -08:00
e2399947f4
Merge mozilla-central to mozilla-inbound
2015-02-16 16:14:51 +01:00
08fafcb3e2
merge mozilla-inbound to mozilla-central a=merge
2015-02-16 15:59:56 +01:00
99b5f33384
No bug, Automated HPKP preload list update from host bld-linux64-spot-1093 - a=hpkp-update
2015-02-14 03:21:57 -08:00
c9826729b7
No bug, Automated HSTS preload list update from host bld-linux64-spot-1093 - a=hsts-update
2015-02-14 03:21:55 -08:00
eb132d66f6
Bug 1131880 - Modify the condition to disallow PR_CONNECT_RESET_ERROR on fallback. r=keeler
2015-02-16 20:03:06 +09:00
7e78ba3eec
Backout 9507662057de (bug 1130670) and c731517a47e8 (bug 1124039) due to compatibility issues
2015-02-16 19:55:15 +09:00
6786219e1f
Bug 1120937 - Properly initialize string fields from the PKCS#11 test module. r=keeler
...
The string fields need to be padded with spaces, according to what
PK11_MakeString does to find the end of the string.
While here, factor all the string manipulations in the test module and
use some C++ template magic to do the right thing.
This changes the static asserts from (with clang):
pkcs11testmodule.cpp:45:3: error: static_assert failed
"TestManufacturerID too long - make it shorter"
static_assert(sizeof(TestManufacturerID) <= sizeof(pInfo->manufacturerID),
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
to:
pkcs11testmodule.cpp:46:3: error: static_assert failed
"DestSize >= SrcSize - 1"
static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1");
^ ~~~~~~~~~~~~~~~~~~~~~~~
pkcs11testmodule.cpp:58:3: note: in instantiation of function
template specialization 'CopyString<32, 63>' requested here
CopyString(pInfo->manufacturerID, TestManufacturerID);
^
which actually gives more information than before: it gives the length of
both buffers.
2015-02-13 10:29:18 +09:00
1b6561194e
Bug 1130670 - Remove dead code that tracks strongCipherStatus. r=keeler
2015-02-14 15:16:04 +09:00
3a7b0a9f57
Bug 1131901 (part 1) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj.
...
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.
--HG--
extra : rebase_source : 526d96ab65e4d7d71197b90d086d19fbdd79b7b5
2015-02-02 14:48:58 -08:00
d92c1180e0
Bug 1130405 - Remove unused pippki strings. r=jcj
2015-02-11 05:08:00 -05:00
Wes Kocher
Chuck Lee
David Keeler
Mark Goodwin
Cykesiopka
ffxbld
Kai Engert
Boris Zbarsky
Jed Davis
Brian Smith
Ehsan Akhgari
Ryan VanderMeulen
André Reinald
Masatoshi Kimura
Chris Peterson
Christoph Kerschbaumer
Carsten "Tomcat" Book
Mike Hommey
Nicholas Nethercote