David Keeler
|
29b3d15dde
|
bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg
|
2015-10-30 10:37:22 -07:00 |
Richard Barnes
|
990593f9cf
|
Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
|
2015-09-11 14:52:30 -04:00 |
Mark Goodwin
|
f2b116c0d6
|
Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)
|
2015-08-21 15:14:08 +01:00 |
|
Mark Goodwin
|
91782dab68
|
Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
|
2015-07-09 07:22:29 +01:00 |
Cykesiopka
|
0a9aea4ab2
|
Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
|
2015-06-29 22:19:00 +02:00 |
|
David Keeler
|
4e7fc3055e
|
bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
|
2015-04-06 16:10:28 -07:00 |
Brian Smith
|
b1035c0992
|
Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
|
2015-04-12 19:57:48 -10:00 |
Ehsan Akhgari
|
883849ee32
|
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj
This patch was automatically generated using the following script:
function convert() {
echo "Converting $1 to $2..."
find . \
! -wholename "*/.git*" \
! -wholename "obj-ff-dbg*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.c" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_OVERRIDE override
convert MOZ_FINAL final
|
2015-03-21 12:28:04 -04:00 |
|
Cykesiopka
|
171babfad4
|
Bug 1139177 - RSA public key size checking cleanups. r=keeler
|
2015-03-05 16:41:00 +01:00 |
|
David Keeler
|
d01ea02613
|
bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith
|
2015-02-24 15:48:05 -08:00 |
|
Brian Smith
|
06b7804e70
|
Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
|
2015-02-14 16:59:02 -08:00 |
|
Brian Smith
|
a89b90ea7f
|
Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
|
2015-02-07 12:14:31 -08:00 |
|
Brian Smith
|
b0f87b9b6c
|
Bug 1122841, Part 2: Centralize checking of public key, r=keeler
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
|
2015-02-02 16:17:08 -08:00 |
TheKK
|
3cda0706de
|
Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz
|
2015-01-23 06:17:00 +01:00 |
|
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
|
ea0e5ac119
|
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused
|
2015-01-07 06:08:00 +01:00 |
|
Brian Smith
|
0cd5238974
|
Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
|
2014-12-11 23:22:35 -08:00 |
Carsten "Tomcat" Book
|
64b43466f7
|
Backed out changeset b38a8e2203a1 (bug 1024809) for Android 4 perma failures
|
2014-11-28 12:23:19 +01:00 |
|
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
|
4fc60a106f
|
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. (r=keeler,Unfocused)
|
2014-11-27 23:36:00 +01:00 |
|
Carsten "Tomcat" Book
|
4155be994b
|
Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage
|
2014-11-27 16:30:41 +01:00 |
|
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
|
ce5a887c60
|
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused
|
2014-11-27 04:12:00 +01:00 |
|
Cykesiopka
|
1c4af4e6a1
|
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
|
2014-10-18 15:18:00 +02:00 |
|
Carsten "Tomcat" Book
|
e5ad1e7db2
|
Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests
|
2014-10-17 13:14:29 +02:00 |
|
Cykesiopka
|
01941f880c
|
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
|
2014-10-16 05:13:00 +02:00 |
|
David Keeler
|
fd860abf57
|
bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco
|
2014-09-25 11:18:56 -07:00 |
|
Brian Smith
|
0ccaf0860c
|
Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler
--HG--
extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2
|
2014-08-02 08:49:12 -07:00 |
|
Brian Smith
|
d77dac0580
|
Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler
--HG--
extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478
|
2014-07-31 12:17:31 -07:00 |
|
Brian Smith
|
ffe743ee06
|
Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c
|
2014-07-18 22:30:51 -07:00 |
|
Brian Smith
|
5f56fc60d6
|
Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco
--HG--
extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4
|
2014-07-20 11:06:26 -07:00 |
|
Brian Smith
|
c45dc156d1
|
Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler
--HG--
extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532
|
2014-07-18 11:48:49 -07:00 |
|
Cykesiopka
|
0289b45f0c
|
Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith
|
2014-07-15 19:49:00 -04:00 |
|
Brian Smith
|
17375cc8b3
|
Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8
extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d
|
2014-07-06 19:36:05 -07:00 |
|
Brian Smith
|
c162caba82
|
Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad
extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb
|
2014-07-10 19:00:32 -07:00 |
|
Brian Smith
|
3f110246be
|
Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc
extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605
|
2014-07-06 15:55:38 -07:00 |
|
Brian Smith
|
f5ec8594e7
|
Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler
--HG--
extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e
|
2014-07-02 16:15:16 -07:00 |
|
Brian Smith
|
89e560be23
|
Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler
--HG--
extra : rebase_source : e093922497d005734c590a59f175993a7715bce8
|
2014-07-03 16:59:42 -07:00 |
|
Brian Smith
|
2d9e74e8ee
|
Bug 975229: Remove NSS-based certificate verification, r=keeler
--HG--
extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9
|
2014-06-16 23:13:29 -07:00 |
|
Brian Smith
|
ca4f473450
|
Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
|
2014-06-20 10:10:51 -07:00 |
|
David Keeler
|
c13f6d39c7
|
bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith
|
2014-06-20 09:01:57 -07:00 |
|
Brian Smith
|
67bd0799fb
|
Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
--HG--
extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8
|
2014-06-05 15:18:32 -07:00 |
|
Brian Smith
|
279c66a9b8
|
Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
--HG--
extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f
|
2014-06-03 10:47:25 -07:00 |
Camilo Viecco
|
5bce267045
|
Bug 991815 - Part 1/2 - Allow intermediate OCSP responses up to 1 year old. r=keeler
--HG--
extra : rebase_source : 28d5336da1dc44932b92ce2c59fca5fcb2b8a3d8
|
2014-05-30 16:12:36 -07:00 |
|
Camilo Viecco
|
f051695b8d
|
Bug 1005142 - Part 1/2 - Add OCSP get capabilities to OCSPRequestor. r=keeler
--HG--
extra : rebase_source : ee4a86bf02a466a31de8b0b6cd7ce375a7f28c6d
|
2014-05-21 15:42:21 -07:00 |
|
Brian Smith
|
2912321bc5
|
Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
|
2014-05-15 18:59:52 -07:00 |
|
Brian Smith
|
9ae1a34e11
|
Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
|
2014-04-25 16:29:26 -07:00 |
|
Camilo Viecco
|
a54a4f05cf
|
Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
--HG--
extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca
|
2014-02-05 14:49:10 -08:00 |
|
David Keeler
|
388e440bec
|
bug 977865 - mozilla::pkix: add backoff for ocsp fetching when a responder fails r=cviecco
|
2014-04-28 16:38:15 -07:00 |
|
David Keeler
|
b1405bc489
|
bug 985201 - rename insanity::pkix to mozilla::pkix r=cviecco r=briansmith
--HG--
rename : security/insanity/include/insanity/ScopedPtr.h => security/pkix/include/pkix/ScopedPtr.h
rename : security/insanity/include/insanity/bind.h => security/pkix/include/pkix/bind.h
rename : security/insanity/include/insanity/nullptr.h => security/pkix/include/pkix/nullptr.h
rename : security/insanity/include/insanity/pkix.h => security/pkix/include/pkix/pkix.h
rename : security/insanity/include/insanity/pkixtypes.h => security/pkix/include/pkix/pkixtypes.h
rename : security/insanity/lib/pkixbind.cpp => security/pkix/lib/pkixbind.cpp
rename : security/insanity/lib/pkixbuild.cpp => security/pkix/lib/pkixbuild.cpp
rename : security/insanity/lib/pkixcheck.cpp => security/pkix/lib/pkixcheck.cpp
rename : security/insanity/lib/pkixcheck.h => security/pkix/lib/pkixcheck.h
rename : security/insanity/lib/pkixder.cpp => security/pkix/lib/pkixder.cpp
rename : security/insanity/lib/pkixder.h => security/pkix/lib/pkixder.h
rename : security/insanity/lib/pkixkey.cpp => security/pkix/lib/pkixkey.cpp
rename : security/insanity/lib/pkixocsp.cpp => security/pkix/lib/pkixocsp.cpp
rename : security/insanity/lib/pkixutil.h => security/pkix/lib/pkixutil.h
rename : security/insanity/moz.build => security/pkix/moz.build
rename : security/insanity/test/lib/moz.build => security/pkix/test/lib/moz.build
rename : security/insanity/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestutil.cpp
rename : security/insanity/test/lib/pkixtestutil.h => security/pkix/test/lib/pkixtestutil.h
|
2014-03-20 14:29:21 -07:00 |
|
David Keeler
|
5e64bb5ea4
|
bug 915932 - cache OCSP responses when using insanity::pkix r=cviecco r=briansmith
|
2014-03-12 13:08:48 -07:00 |
|
Brian Smith
|
485e9d1aab
|
Bug 921885: Use insanity::pkix for EV cert verification when insanity::pkix is the selected implementation, r=cviecco, r=keeler
--HG--
extra : rebase_source : b1fd1f8eace675484b3c2d568e5e74f767f1d2ad
|
2014-02-23 22:15:53 -08:00 |
|
Brian Smith
|
605160af41
|
Bug 921886: Add certificate policiy support to insanity::pkix, r=keeler, r=cviecco
--HG--
extra : rebase_source : 6522e2c2f57f59fe23c0ed0c838f1f54236bdafc
|
2014-02-24 12:37:45 -08:00 |