f228ba40a1
bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin
...
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.
MozReview-Commit-ID: HCtZpPQVEGZ
--HG--
extra : rebase_source : 898ef37459723f1d8479cfdc58658ccb00e782a9
2016-03-04 17:06:33 -08:00
0926cc2911
Bug 1254653 - Add telemetry to measure how often we encounter EV certificates r=keeler
...
MozReview-Commit-ID: FvDpMGEJGLQ
--HG--
extra : rebase_source : 8dab354175e1a7b57450011bc50ffa6fd13448b7
2016-03-08 17:30:40 -05:00
1ca11b97af
merge mozilla-inbound to mozilla-central a=merge
2016-03-09 11:46:43 +01:00
3e380e6fa3
No bug, Automated HPKP preload list update from host bld-linux64-spot-223 - a=hpkp-update
2016-03-08 19:41:38 -08:00
a560947174
No bug, Automated HSTS preload list update from host bld-linux64-spot-223 - a=hsts-update
2016-03-08 19:41:36 -08:00
610314abc0
Bug 1253958 - Make getHSTSPreloadList.js and genHPKPStaticPins.js gracefully handle trailing whitespace in URL entries. r=dkeeler
...
MozReview-Commit-ID: Kyc7JzxVEo0
--HG--
extra : rebase_source : 009554017b7ec1e2c6e57430ee554eb94deb2a3a
2016-03-06 16:02:52 -08:00
0fb560192b
Bug 1253166 - Remove UI to override RC4 errors. r=keeler
2016-03-08 06:34:42 +09:00
e9c1221a17
Bug 1254306 - Do not check the fallback limit version for the RC4 fallback. r=keeler
2016-03-09 07:38:43 +09:00
777c075f0e
Bug 1253010 - part 3 - create all nsIDateTimeFormat instances directly; r=smontagu
2015-12-05 11:03:27 -05:00
ae4c78cdd2
Bug 1253010 - part 1 - refactor nsX509CertValidity time formatting; r=keeler
...
nsX509CertValidity has several copy-pasted routines that differ only
slightly in the parameters they use for formatting times. Let's have a
single place to do the formatting and pass in the appropriate
parameters.
2015-12-05 10:26:19 -05:00
bda0bd02db
Bug 1253194: Suppress -Wimplicit-fallthrough clang warning for intentional fallthrough in icu_utf.cc (which is imported code). r=bobowen
2016-03-04 09:00:40 -08:00
25babf4ea8
Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd
2016-01-28 10:36:00 -08:00
9b8bef561d
Bug 1245053, NSS_3_23_RTM, only version numbers finalized, no code changes, DONTBUILD
2016-03-03 10:53:54 +01:00
a650e7a431
Bug 1250254 - Enable ESLint "no-throw-literal" rule for PSM. r=dkeeler
...
MozReview-Commit-ID: LZcitO0FTWH
--HG--
rename : security/manager/.eslintrc => security/manager/.eslintrc.json
extra : transplant_source : %95%EA%08ofJn-l%3D%A2W%90%A6i%E4%5D%A1c%3E
2016-02-29 20:05:55 -08:00
8662000fad
bug 1049969 - add symbols file for the test pkcs11 module so it works on Windows r=jcj
...
MozReview-Commit-ID: KRaAmd7icd8
--HG--
extra : rebase_source : 2c0f1b8cf055574c01d6a6ef15af4246d00151bc
2016-03-01 17:12:38 -08:00
cff547515b
Bug 1250256 - Partially clean up nsSDR.cpp. r=keeler
...
MozReview-Commit-ID: FoS4oTjnd7F
--HG--
extra : transplant_source : %03%85%27T%06%E6%FB%FD%10%2C%F6%D9%92%F7I%60%B0%C1vr
2016-03-01 20:07:53 -08:00
e3710a089b
bug 1197314: Remove PR_snprintf calls in security/manager/ssl/ r=keeler
...
MozReview-Commit-ID: Kq5kWzC1UHU
2016-02-26 15:31:43 -08:00
3a39756220
bug 1250818 - remove certificate issuer organization to common name fallback r=Cykesiopka
...
Before this change, if a certificate's issuer DN did not have an organization
component, nsIX509Cert.issuerOrganization would fall back to using the issuer
common name. This was never a good idea, because this gave misleading
information to consumers of this interface. Furthermore, it appears that all
consumers of this interface already do such a fallback (for display purposes)
when they've determined that it's a reasonable thing to do.
MozReview-Commit-ID: p2gmSP0nZW
--HG--
extra : rebase_source : 2248ff01e8c0e9a79b27f4406fdc2f0a4ed98360
2016-02-26 13:18:02 -08:00
4d0d854bab
Bug 1173679 - Add tests for the "security.OCSP.enabled" pref. r=dkeeler
...
MozReview-Commit-ID: BQurIgVY8os
--HG--
extra : transplant_source : Z%25%16_%EB%0ABe%98%1B%F5%E5%FE%8C%AA%F0%18%90%16%AB
2016-02-28 17:49:06 -08:00
7f956c0bfb
merge mozilla-inbound to mozilla-central a=merge
2016-02-29 11:35:30 +01:00
b9a9010687
Bug 1249595 - Enable 11 more ESLint rules for PSM. r=keeler
...
MozReview-Commit-ID: FxS9SPRMMxf
--HG--
extra : transplant_source : %18%08%F0%EB%E3%AD%3E%F7%94%80%05%C0%D0P%5Co.%940%7E
2016-02-26 12:35:34 -08:00
6ca62e9a7f
Bug 1245053, Upgrade Mozilla 47 to use NSS 3.23, land RC0, r=me
2016-02-26 11:23:11 +01:00
896a7362d7
Bug 1247860 - Enable ChaCha20/Poly1305 cipher suites r=emk,keeler
2016-02-26 12:37:19 +01:00
a1c1defa04
bug 1199850 - remove unnecessary PSM xpcshell extended key usage tests r=Cykesiopka,jcj
...
MozReview-Commit-ID: 8Uz4bN87872
--HG--
extra : rebase_source : a3021481a40c7e974a3b756021e274beeb7f30d6
2016-02-24 14:20:01 -08:00
3cdbeb2bd6
Bug 1237847 - [e10s] Null deref crash when running test_pluginstream_newstream.html; r=bobowen
...
Modify the Mac sandbox to allow temporary files to be created in a
parent-specified subdirectory of NS_OS_TEMP_DIR. This is similar to the
Windows approach. The parent provides a UUID in a preference which is
used by the content process to form the subdirectory name.
MozReview-Commit-ID: 6BONpfZz8ZI
--HG--
extra : rebase_source : ad18e091918356a1a40c13f1453972b4512ad476
2016-02-25 15:26:13 -08:00
6a5ff52e36
backing out c815269c99c8, bug 1245053, CLOSED TREE
2016-02-25 18:51:37 +01:00
48201519cb
Bug 1245053, test NSS_3_23_BETA7, r=me
2016-02-25 15:35:08 +01:00
e232fcd2d4
Merge mozilla-central to mozilla-inbound
2016-02-25 11:59:05 +01:00
3695dd59e0
merge mozilla-inbound to mozilla-central a=merge
2016-02-25 11:57:51 +01:00
45a1207cdf
Bug 1201437 - Make cert override tests check for STATE_CERT_USER_OVERRIDDEN. r=keeler
...
MozReview-Commit-ID: G6KQPXHbEPL
--HG--
extra : rebase_source : 9ed61d521996d96d2d18f5d602439bedc46393c0
2016-02-24 22:45:12 -08:00
0147157053
Bug 1201437 - Add new WebProgress state flag for user-overridden cert. r=keeler
...
MozReview-Commit-ID: cvBYSZykK0
--HG--
extra : rebase_source : 68038f9d21a33efac139eedd26636f815217d2d6
2016-02-24 22:46:52 -08:00
a150859d8e
Bug 1248874 - Replace Scoped.h templates used only by PSM in ScopedNSSTypes.h with UniquePtr equivalents. r=dkeeler
...
MozReview-Commit-ID: 5OClBV522lv
--HG--
extra : transplant_source : G%A3%3B%A0%AC%0D%25%F2%C5K%DC8%0F%90%1B%7Bf%E0%93%F7
2016-02-18 06:01:39 -08:00
f64795a71b
Bug 1246365 - Enable eslint "comma-spacing" and "semi" rules for PSM. r=keeler
...
MozReview-Commit-ID: 7FVcD7O9mpG
--HG--
extra : transplant_source : R%C3B%B73%0A%9E%FA%83_%CF%FE%86O%B4%FF%C4f%EB%9C
2016-02-18 21:16:50 -08:00
da44ab790c
Bug 1220237 - Remove uses of nsIEnumerator from PSM. r=keeler
...
MozReview-Commit-ID: 3FhBCqnJz4n
--HG--
extra : transplant_source : %1B%9B%40%EAzK%A2%F6%B0%FF%FF%A3O%A6%D7%25c%DD%F1U
2016-02-24 17:42:45 -08:00
5553a6adbf
Bug 1245053, landing NSS_3_23_BETA5, r=mt
2016-02-23 00:50:19 +01:00
f9727da7b1
Bug 1188045 - Part 1: Move the definition of sandboxTarget::Instance() out-of-line; r=bobowen,glandium
...
This is required so that delay-loading xul.dll works with clang-cl.
2016-02-22 09:55:09 -05:00
62bd6f7a62
bug 1248099 - add extended key usage tests for mozilla::pkix r=Cykesiopka,jcj
...
MozReview-Commit-ID: 9rXn5Q1wsnx
--HG--
extra : rebase_source : f598007d568c7394898294d66b1845a173f97dc2
2016-02-12 17:24:54 -08:00
51a37ae665
bug 1241650 - remove nsIX509CertDB.findCertNicknames r=mgoodwin
...
MozReview-Commit-ID: JtU7H5qGvge
--HG--
extra : rebase_source : fae856a160e5cc987702794f805030b2d1cc3533
2016-01-21 15:14:31 -08:00
156ed9a0ed
Bug 1247580 P2 Add gtest to ensure we can continue to deserialize old security info strings. r=bz
2016-02-17 07:18:00 -08:00
7382b7bc31
Bug 1247580 P1 Allow old nsIX509Cert serialized objects to be read off disk. r=bz
2016-02-17 07:18:00 -08:00
e5ab49e43e
Bug 1247847 - Use smart pointers in nsNSSCertHelper.cpp to manage NSS resources. r=keeler
...
This lets us remove things like gotos in the code, and makes resource ownership slightly clearer.
MozReview-Commit-ID: Kucn7exhLd7
--HG--
extra : transplant_source : %27%FF%D2tjLI%9B5ep%21%B7%FA%92%08%14%07%12%C6
2016-02-16 16:25:09 -08:00
eb91d4f287
Bug 1244245 - Enable eslint "curly" rule for PSM. r=keeler
...
Also includes minor cleanup.
MozReview-Commit-ID: CHgbTIa3s2O
--HG--
extra : transplant_source : %FD%ACi%DE%3E%28%0D%D2_%5Dc%1Dk%E6%E8%EDw%D5%FA%93
2016-02-16 17:27:49 -08:00
be2b50a7f8
Bug 1248252 - Improper outdated octal constant syntax in M-C tree. Use '0o' prefix. r=dao
...
Be warned. Do not attemp to change the .js "test" source code in ./js
They are meant to check
- the outdated 0666 octal constant is still parsed correctly,
- the outdated 0666 octal constant raises syntax error flag
in strict mode, etc.
So leave them alone.
2016-02-15 08:57:00 +01:00
be7b0e4539
Backed out 2 changesets (bug 1247250) for bustage. r=bustage on a CLOSED TREE
...
Backed out changeset 8aded3a039f5 (bug 1247250)
Backed out changeset 374e6d0abf0e (bug 1247250)
2016-02-12 00:42:48 +01:00
8e3a5c71be
Bug 1247250 - followup: fix comments to reflect the review comment. r=keeler DONTBUILD
2016-02-12 07:43:21 +09:00
e40094eb48
Bug 1247250 - Enable TLS 1.3 draft 11 anti-downgrade on non-secure fallback. r=keeler
2016-02-12 07:36:37 +09:00
103a609a33
Bug 1243193 - Use Assert.throws() more in PSM tests. r=keeler
2016-02-10 21:40:00 +01:00
686438c658
Bug 1164581 - Adding an overload for NS_ProxyRelease that accepts already_AddRefed, and removing all the others. r=bobbyholley
2016-02-10 08:23:00 +01:00
28c09863cb
bug 1241564 - remove EV treatment for TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı SHA-1 root certificate r=Cykesiopka
...
MozReview-Commit-ID: 9ktEj2kgfYo
2016-02-09 13:30:22 -08:00
5ceb0c8a89
bug 1246765 - remove unnecessary resource://app/ registration from getHSTSPreloadList.js r=Cykesiopka DONTBUILD NPOTB
2016-02-08 12:56:34 -08:00
19922e4976
Bug 503515 - Try and ensure exported certificates include an extension by default. r=keeler
...
--HG--
extra : rebase_source : b3d595ae962d70afc208b34afe616b6ef88133a8
2016-02-09 00:17:00 +01:00
ed46787107
Bug 1219369: In Windows debug builds allow write access to TEMP for logging purposes. r=tabraldes
2016-02-09 08:31:18 +00:00
880b7f8386
Bug 1245053, land NSS_3_23_BETA4, r=me, includes a makefile change to adjust for NSS changes, patch by EKR, r=kaie
2016-02-08 16:16:25 +01:00
5b358688b7
Backed out changeset c18e29c1b369 (bug 1164581) for cpp unit tests test failures
...
--HG--
extra : rebase_source : fb6fd434c8e3f4b5fa53ea645a54c07cab207894
2016-02-08 11:17:38 +01:00
7c3a491022
Bug 1247250 - Enable TLS 1.3 anti-downgrade on non-secure fallback. r=keeler
2016-02-24 19:35:00 +09:00
69cf7e035f
Bug 1164581 - Adding an overload for NS_ProxyRelease that accepts already_AddRefed, and removing all the others. r=bobbyholley
...
--HG--
extra : rebase_source : 3c6bba6613a14e48239d302bdd0f7fe2e322265d
2016-02-07 10:56:00 +01:00
7e014d6be0
Bug 1243182 - Enable eslint "space-infix-ops" rule for PSM. r=keeler
...
Also includes minor cleanups.
2016-02-06 21:05:02 -08:00
6a5e8155c8
Bug 1064402 - Part 2: Remove nsIX509CertDB.importServerCertificate() and nsIX509Cert::SERVER_CERT support in importCertsFromFile(). r=keeler
2016-02-06 20:41:11 -08:00
370bac0f07
Bug 1064402 - Part 1: Remove Import button in Servers tab of the Certificate Manager. r=keeler
...
It no longer serves any useful purpose:
1. It is no longer possible to add explicit trust for server certs post Bug 825583.
1A. The Add Exception feature is better suited for this anyways.
2. It isn't possible to set explicit distrust in the Cert Manager, only remove explicit trust.
3. Importing may also inadvertently cause verification failures (see Bug 1202636
2016-02-06 20:40:57 -08:00
1e1cca77d4
Bug 1243180 - Enable eslint "no-trailing-spaces" rule for PSM. r=keeler
...
Also does some minor cleanup.
2016-02-03 01:51:00 +01:00
addf646a4c
Bug 1241646 - remove unused token arguments from nsIX509CertDB r=keeler
2016-01-30 13:50:58 +05:30
d3fd404b9b
Bug 1244062, NSPR_4_12_BETA2, and Bug 1245053, NSS_3_23_BETA2
2016-02-02 11:50:47 +01:00
73686ad0d7
Bug 1173371 Part 2: Change Chromium sandbox to allow rules for files on network drives to be added. a=aklotz
2016-02-01 08:59:00 +00:00
0b2edad801
Bug 1173371 Part 1: Take Chromium commit 0e49d029d5a1a25d971880b9e44d67ac70b31a80 for sandbox code. r=aklotz
...
From Chromium commit comment:
Sandbox: Add support for file system policies that use implied device paths.
A policy rule of the form \HarddiskVolume0\Foo\bar allows sandboxed code
to use \\.\HarddiskVolume0\Foo\bar directly.
2016-02-01 08:59:00 +00:00
282a183d55
Bug 1241821 - Create a SecurityReporter component for TLS Error Reports r=mossop, keeler
...
This takes the TLS Error Reporting functionality used in the aboutNetError.xhtml
and aboutCertError.xhtml error pages and moves it to its own component. This
allows us to make use of this same error reporting functionality from elsewhere.
Notably, this allows us to send error reports for issues that occur when loading
subresources.
The xpcshell test included is in security/manager/ssl/tests because we need to
make use of tlsserver functionality from the PSM tests.
2016-01-30 08:07:38 +00:00
91efc5a86c
Bug 1241764: Replace nsPIDOMWindow with nsPIDOMWindowInner/Outer. r=mrbkap,smaug
2016-01-30 09:05:36 -08:00
543c164cdc
Backed out 2 changesets (bug 1241821) for android build bustage CLOSED TREE
...
Backed out changeset ae7246d654c8 (bug 1241821)
Backed out changeset bdecb787f1a2 (bug 1241821)
--HG--
extra : commitid : HdwYW6HntXi
2016-01-29 14:57:27 -08:00
1f2034ed37
Followup to Bug 1241821 - ESLint fix
...
--HG--
extra : commitid : 5Pf2Sf7gxj9
2016-01-29 14:36:13 -08:00
e7ee60296d
Bug 1241821 - Create a SecurityReporter component for TLS Error Reports r=mossop, keeler
...
This takes the TLS Error Reporting functionality used in the aboutNetError.xhtml
and aboutCertError.xhtml error pages and moves it to its own component. This
allows us to make use of this same error reporting functionality from elsewhere.
Notably, this allows us to send error reports for issues that occur when loading
subresources.
The xpcshell test included is in security/manager/ssl/tests because we need to
make use of tlsserver functionality from the PSM tests.
2016-01-29 13:45:17 +00:00
a40af4aa59
Backed out changeset 7ec471c99263 (bug 1219482) to hopefully fix the intermittent hazard failures CLOSED TREE
...
--HG--
extra : commitid : B8zmd9Xadpz
2016-01-29 10:15:34 -08:00
2f1d53a477
Bug 1228410, land NSS_3_22_RTM, r=nss-confcall
2016-01-29 12:16:10 +01:00
c663839ade
Bug 1240871 - Don't allow implicit "async" in IPDL (r=mccr8,billm)
2016-01-28 20:56:37 -08:00
1b0525a9d3
Bug 1219482 - Replace PRLogModuleInfo with LazyLogModule in security subdirectory. r=froydnj
...
--HG--
extra : rebase_source : 7aed4d8669dccd1270a88a0cacfa254e3b9f5950
2016-01-28 10:36:00 -05:00
1890b549c4
bug 1242032 - change some pipnss logging output from Debug to Verbose r=Cykesiopka
...
Logging output that happens with every TLS socket poll, read, or write
should really be Verbose, not Debug.
--HG--
extra : amend_source : 455a72faa041e51b5356410d7c216aa1fdadc6c6
2016-01-27 13:04:33 -08:00
32b5d6c545
bug 1241317 - gather telemetry on prevalence of FIPS r=jcj r=vladan
2016-01-21 11:22:12 -08:00
92b2943e68
Merge mozilla-central to mozilla-inbound
2016-01-27 12:10:56 +01:00
b9e929e1a7
merge mozilla-inbound to mozilla-central a=merge
2016-01-27 11:59:49 +01:00
7ccd56ad60
Bug 1242254 - Enable initial set of eslint rules for PSM. r=dkeeler
...
These rules are copied from toolkit/.eslintrc (with non-passing rules excluded and previously commented out and passing rules included).
--HG--
extra : rebase_source : 0afa42350cc961cbb3cf6d985b3978f4dc5d3dcb
2016-01-24 02:35:36 -08:00
c9747f9ecf
Bug 1232582 - Sort PSM xpcshell.ini and fix --tag psm to actually run all tests. r=keeler
2016-01-26 20:23:00 +01:00
90dcd6df86
Bug 1241614 - don't overflow:auto the container, use em to size the dialog to avoid hidpi visibility issues, r=dolske,ttaubert
...
--HG--
extra : commitid : DaBFhFU1YtS
extra : rebase_source : 28c1f92fcabe8a46fe40e805a763f7a508b592c0
2016-01-22 11:18:54 +00:00
c12302354f
Bug 1228410, land NSS 3.22 Beta 2, r=nss-confcall
...
--HG--
rename : security/nss/tests/ssl_gtests/parsereport.sed => security/nss/tests/common/parsegtestreport.sed
2016-01-25 16:14:18 +01:00
adf7436ccc
Bug 1235089 - Split out OCSP Must Staple tests from test_ocsp_stapling.js to avoid intermittent time outs. r=keeler
...
test_ocsp_stapling.js can take ~290s to run on e.g. b2g-emu-x86-kk, which is very close to the default 300s limit.
Splitting out some tests should reduce the intermittent time outs.
--HG--
rename : security/manager/ssl/tests/unit/test_ocsp_stapling.js => security/manager/ssl/tests/unit/test_ocsp_must_staple.js
2016-01-24 02:24:00 -05:00
a747e7e178
Merge m-i to m-c, a=merge
2016-01-23 17:42:50 -08:00
09dc03c5a7
No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update
2016-01-23 04:36:34 -08:00
3da59d3c6d
No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update
2016-01-23 04:36:32 -08:00
e2fe0b8f62
Bug 1233328 - Part 2: Use SHA-256 StaticFingerprints directly instead of StaticPinset since the SHA-1 StaticFingerprints entry will always be null. r=keeler
2016-01-20 20:45:29 -08:00
638ba07af3
Bug 1233328 - Part 1: Ignore SHA-1 pins in PublicKeyPinningService.cpp. r=keeler
2016-01-20 20:40:01 -08:00
ab4e3a0d42
Bug 1218816 - Remove useless semicolons. Found by coccinelle. r=Ehsan
...
--HG--
extra : rebase_source : 7d2cc56b6553cd7a8d848d3c660f30735bd82eec
2016-01-22 16:58:49 +01:00
2af33cad3c
bug 1240173 - improve nsIX509Cert.dbKey r=Cykesiopka
...
--HG--
extra : rebase_source : 43ceae97c5188fff16e18a66d25a9fdba320bcc8
2016-01-15 14:33:56 -08:00
113252b726
bug 1239455 - rework telemetry for SHA-1 certificates to reflect possible policy states r=Cykesiopka,mgoodwin,rbarnes
...
Before this patch, we were measuring where SHA-1 was being used in TLS
certificates: nowhere, in end-entities, in intermediates, or in both. However,
the possible SHA-1 policies don't differentiate between end-entities and
intermediates and instead depended on whether or not each certificate has a
notBefore value after 2015 (i.e. >= 0:00:00 1 January 2016 UTC). We need to
gather telemetry on the possible policy configurations.
--HG--
extra : rebase_source : 301c821c8de16ffb924cd198dd0a4d3139536019
2016-01-13 12:50:42 -08:00
263b6bd7fe
bug 1239609 - audit nsNSSShutDownObject destructors for correctness r=Cykesiopka,sworkman
...
--HG--
extra : rebase_source : 3a20138211bfab811fb3adb2d7b0030a3b742b3b
2016-01-22 14:49:39 -08:00
e9fb442d3d
Bug 1240168 - weak_crypto test assumed blocking semantics from main thread r=keeler
2016-01-15 15:30:20 -05:00
38e4db6e5e
Bug 1191936 - Implement RSA-PSS signing and verification r=rbarnes,smaug
2015-10-13 20:22:43 +02:00
7d1bbd8088
Merge inbound to m-c. a=merge
2016-01-17 14:37:29 -05:00
45b07b40c1
No bug, Automated HPKP preload list update from host bld-linux64-spot-439 - a=hpkp-update
2016-01-16 04:03:46 -08:00
a2da16b4a2
No bug, Automated HSTS preload list update from host bld-linux64-spot-439 - a=hsts-update
2016-01-16 04:03:44 -08:00
68d44577b4
Bug 1237232 - Properly check the result of Vector append() calls in security/. r=keeler
2016-01-13 22:05:08 +01:00
17c8d8e45c
bug 1232766 - update the preloaded pinset for Google domains r=rbarnes
...
Also includes a script for making this process faster in the future.
2015-12-28 12:30:14 -08:00
3f4e7bf8d5
Bug 1235188 - Fix -Wformat warnings in security/certverifier/. r=keeler
...
security/certverifier/NSSCertDBTrustDomain.cpp:433:26 [-Wformat] format specifies type 'long' but the argument has underlying type 'int'
security/certverifier/NSSCertDBTrustDomain.cpp:433:48 [-Wformat] format specifies type 'long long' but the argument has type 'mozilla::pkix::Time'
2015-12-28 18:41:54 -07:00
9c54b2fdae
No bug, Automated HPKP preload list update from host bld-linux64-spot-506 - a=hpkp-update
2016-01-09 04:38:50 -08:00
98b790fabc
No bug, Automated HSTS preload list update from host bld-linux64-spot-506 - a=hsts-update
2016-01-09 04:38:48 -08:00
1768759efb
Bug 1220564 - Update chrome code uses of genexprs and legacy comprehensions. (r=billm)
2016-01-06 16:02:16 -08:00
83aec61b67
bug 1230377 - part 2/2: simplify nsIKeyObject and nsIKeyObjectFactory r=jcj
...
nsIKeyObject and nsIKeyObjectFactory defined an interface that was largely
unimplemented. This cuts the interface back to what actually exists in code.
--HG--
extra : rebase_source : 6241e801c3bd7f17518af648158fcfdcd0bda9cf
2015-12-04 10:36:51 -08:00
3da7665447
bug 1230377 - part 1/2: ensure nsKeyObject releases NSS resources on shutdown r=jcj
...
--HG--
extra : rebase_source : 869dfb9450224677a05ac8566056872e8ff82c82
2015-12-03 16:22:34 -08:00
1f26ea8aca
Bug 1214305 - Part 10: Clean up global DataStorage references in the child process; r=keeler
2016-01-04 16:30:02 -05:00
67ff8ead96
No bug, Automated HPKP preload list update from host bld-linux64-spot-389 - a=hpkp-update
2016-01-02 04:05:33 -08:00
5b3f84c48b
No bug, Automated HSTS preload list update from host bld-linux64-spot-389 - a=hsts-update
2016-01-02 04:05:31 -08:00
4034ee65b8
Bug 1235308 - Fix -Wimplicit-fallthrough warnings in security/. r=keeler
...
security/certverifier/NSSCertDBTrustDomain.cpp:282:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsNSSComponent.cpp:149:3 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsSecureBrowserUIImpl.cpp:1406:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
2015-12-25 00:03:35 -07:00
eb1ef42d57
No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update
2015-12-26 04:05:29 -08:00
3af3c75cc9
No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update
2015-12-26 04:05:27 -08:00
d7478b6b1e
Bug 1234955 - Make TEST_DIRS a SPECIAL_VARIABLE. r=gps
...
Using TEST_DIRS is nothing more than a shortcut for
if CONFIG['ENABLE_TESTS']:
DIRS += [...]
As such, we might as well remove it being a separate variable, and use some
Context magic to just fill DIRS when ENABLE_TESTS is set.
The security/manager/ssl/tests/unit/moz.build change ensures that the order
of DIRS before the change is kept, not because it matters, but because it
allows to confirm that nothing else is modified by this change.
2015-12-24 13:12:49 +09:00
2c2f66f499
Bug 1232454 - use UniquePtr<T[]> instead of nsAutoArrayPtr<T> in security/apps/; r=keeler
...
As a nice side effect, we also fix a (rare) memory leak in
AppTrustDomain::SetTrustedRoot.
2015-12-06 08:06:03 -05:00
b71c3763d0
Backed out changeset f103fd636405 (bug 1232582) for b2g debug xpcshell failures in test_name_constraints.js
2015-12-21 11:01:22 -08:00
537c84d51c
Merge mozilla-central to mozilla-inbound
2015-12-21 11:54:26 +01:00
0349798a7f
No bug, Automated HPKP preload list update from host bld-linux64-spot-573 - a=hpkp-update
2015-12-19 04:09:26 -08:00
beab6972e5
No bug, Automated HSTS preload list update from host bld-linux64-spot-573 - a=hsts-update
2015-12-19 04:09:24 -08:00
20d4ccd20d
Bug 1232582 - Sort PSM xpcshell.ini and fix --tag psm to actually run all tests. r=dkeeler
...
--HG--
extra : transplant_source : X%02%F1%9Cq%90%8B%0D%04K%C1%1E%A0%BB%F5%7D%2Bs%1BQ
2015-12-17 07:55:54 -08:00
05919374b8
Bug 1229284 - Remove support for SHA-1 hashes in genHPKPStaticPins.js. r=keeler
2015-12-17 07:52:00 +01:00
cf2300da93
bug 1230994 - December 2015 batch of EV root CA changes r=mgoodwin
...
Adds:
bug 1193480:
CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
bug 1147675:
CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A...,L=Ankara,C=TR
bug 1230985:
OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
bug 1213044:
CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
2015-12-14 14:44:44 -08:00
ee3a10a104
Merge mozilla-central to mozilla-inbound
2015-12-16 12:03:47 +01:00
151142df55
Bug 1227248 - Part 2: Add GeneratedTest{Certificate,Key} mozbuild templates. r=gps
...
--HG--
extra : commitid : 793A1duvlom
extra : rebase_source : 5a8fa9f0fb76dceb19525986381cb2a28676601b
extra : histedit_source : aebc6e99e83aaafba08626517850ff4ee23e4c82
2015-12-14 11:50:56 -08:00
48de284e31
Bug 1222500 - Handle unexpected thread creation better on desktop Linux. r=gdestuynder
2015-11-30 18:21:00 +01:00
4bd144165f
Bug 1224875 - Enable TLS extended master secret. r=keeler
2015-12-13 12:09:18 +09:00
d729dd725a
No bug, Automated HPKP preload list update from host bld-linux64-spot-1077 - a=hpkp-update
2015-12-12 04:08:02 -08:00
28f9941a1a
No bug, Automated HSTS preload list update from host bld-linux64-spot-1077 - a=hsts-update
2015-12-12 04:08:00 -08:00
b3dba24f5a
Bug 1200567 - ensure shipped blocklist.xml doesn't affect the test_cert_blocklist.js. r=dkeeler
...
Caused comm-central TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/unit/test_cert_blocklist.js | - revocations.txt should be as expected
2015-12-10 19:08:09 +02:00
ec5f2e23e7
Merge m-c to inbound. a=merge
...
--HG--
rename : browser/.eslintrc => storage/.eslintrc
rename : devtools/.eslintrc => toolkit/components/extensions/.eslintrc
extra : rebase_source : 5b2d39a455c81a001bd26e7bc85e7fbacdb79171
2015-12-05 15:27:33 -05:00
289a16635a
Merge fx-team to m-c. a=merge
2015-12-05 15:09:41 -05:00
4dd525a926
No bug, Automated HPKP preload list update from host bld-linux64-spot-049 - a=hpkp-update
2015-12-05 04:05:19 -08:00
d2a4d282da
No bug, Automated HSTS preload list update from host bld-linux64-spot-049 - a=hsts-update
2015-12-05 04:05:17 -08:00
92b2551106
Bug 1207146 - Add a link to expert technical information in the cert error page. r=Gijs,keeler
2015-12-04 19:46:13 +02:00
05eb71c3a0
Bug 1229804: Use the correct string length in Windows sandbox logging. r=tabraldes
2015-12-03 11:19:14 +00:00
df451fe7b0
merge mozilla-inbound to mozilla-central a=merge
2015-12-03 12:00:42 +01:00
d661411aa5
No bug, Automated HPKP preload list update from host bld-linux64-spot-369 - a=hpkp-update
2015-12-02 14:59:16 -08:00
eb8afa37f2
No bug, Automated HSTS preload list update from host bld-linux64-spot-369 - a=hsts-update
2015-12-02 14:59:14 -08:00
4005d567f9
Bug 1225682 - Don't use nsAuto{,C}String as class member variables in security/manager/. r=keeler
2015-12-02 11:04:37 +09:00
fb855297f6
Bug 1229587 part 2 - Use verbose format to disable C4061 to workaround bug of VS2015u1. r=keeler
...
--HG--
extra : source : 96b812b70961a22ae01a377eb9aaaf405ed13349
2015-12-03 09:29:42 +11:00
8cd346c251
Bug 1229587 part 1 - Disable C4464 warning newly added in VS2015u1. r=keeler
...
--HG--
extra : source : 1c79d789b2de950e8024d857f9315ea362141969
2015-12-03 09:29:42 +11:00
cb705a63a6
Bug 1224968 - Support public key input to unbreak periodic HPKP updates. r=keeler
...
be448badb1ba1f296240
2015-12-01 00:30:00 +01:00
ee7d82a508
Bug 1228794 - Convert test_getchain.js to generate certificates at build time. r=keeler
...
With this change, CertUtils.py is no longer needed.
--HG--
extra : rebase_source : 2e7c7f82c17fd44d97fc68f657f3c313f4b4d125
2015-12-01 00:28:00 +01:00
d61cdc0082
Bug 1228346 - initialize mOCSPMustStapleEnabled in constructor. r=dkeeler
...
--HG--
extra : rebase_source : be8c14f84b53f6e546ff242b40208ec3a1f1be03
2015-11-26 07:40:00 +01:00
a328c0c4e8
bug 986956 - only ever initialize NSS once per process r=Cykesiopka r=mgoodwin
...
As a consequence, if NSS is initialized when there is no profile directory, NSS
will not persist changes. Other failures may occur (e.g. see bug 1216882).
2015-11-19 13:31:52 -08:00
7c0ac05619
Bug 1227970 - Perform preference checks to allow OCSP Bypass for OneCRL via Kinto r=keeler
...
--HG--
extra : commitid : 5UjOTtwGffb
extra : rebase_source : 3ab4f4702056bde2fc6a1c4b22f5ed6abc59b918
2015-11-26 16:57:21 +00:00
4e4b15962c
Merge mozilla-central to mozilla-inbound
2015-11-25 13:57:30 +01:00
7882aa6f0e
Bug 1225422 - Update the PrivilegedPackageRoot certificate. r=keeler
2015-11-19 15:08:05 +08:00
4b2655c8d9
Bug 1215303 - Part 2 - automatically enable broker when in permissive mode r=jld
2015-11-13 12:29:47 +00:00
46f56a1f0e
Bug 1215303 - Part 1 - add permissive mode r=jld
2015-11-13 12:27:45 +00:00
2572e8c3db
Bug 1200802 - Accept RFC1929 SOCKS credentials in proxyInfo. r=michal
2015-11-24 22:56:00 +01:00
5f1ac1afb3
merge mozilla-inbound to mozilla-central a=merge
2015-11-23 14:08:50 +01:00
8ad105e9a0
No bug, Automated HPKP preload list update from host bld-linux64-spot-1073 - a=hpkp-update
2015-11-21 03:49:57 -08:00
David Keeler
Richard Barnes
Carsten "Tomcat" Book
ffxbld
Cykesiopka
Masatoshi Kimura
Nathan Froyd
Daniel Holbert
sajitk
Kai Engert
Aniket Vyas
Tim Taubert
Haik Aftandilian
Nihanth Subramanya
Ehsan Akhgari
Ben Kelly
ISHIKAWA, Chiaki
Sebastian Hengst
Aidin Gharibnavaz
Bob Owen
simplyblue
Mark Goodwin
Kyle Huey
Wes Kocher
Bill McCloskey
Gijs Kruitbosch
Phil Ringnalda
Sylvestre Ledru
Patrick McManus
Tim Taubert
Ryan VanderMeulen
Jan de Mooij
Chris Peterson
Shu-yu Guo
Mike Hommey
Nick Alexander
Jed Davis
Magnus Melin
Panos Astithas
Xidorn Quan
Bogdan Postelnicu
Jonathan Hao
Julian Hector
Ben Bucksch