mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
625 355 коммитов 613 Ветки 98 Теги 5,8 GiB
Граф коммитов

44 Коммитов

Автор SHA1 Сообщение Дата
Franziskus Kiefer a52a8495f9 Bug 1479787 - use NSS mozpkix in Firefox, r=mt,keeler,glandium 
Differential Revision: https://phabricator.services.mozilla.com/D2725
Differential Revision: https://phabricator.services.mozilla.com/D2860

--HG--
extra : rebase_source : 189c13c2a3104c106fcabad5998af6cb2e20d4a5
 2018-10-02 14:59:34 +02:00
David Keeler 47263aefb3 bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj 
(adapted from bug 1349762 comment 0)
Google Trust Services (GTS) recently purchased two roots from GlobalSign that
are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC
Root CA - R4".

However, GTS does not have an EV audit, so we are going to turn off EV treatment
for both of those root certificates.

But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended
Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to
be used to migrate their customers off dependence on that root.

This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also
removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless
the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the
chain.

MozReview-Commit-ID: Ej9L9zTwoPN

--HG--
extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad
 2017-04-03 17:17:38 -07:00
Cykesiopka fa71c479fc Bug 1332636 - Remove PSM support for Firefox Marketplace apps and Trusted Hosted Apps. r=keeler 
THA was removed in Bug 1196988.

After Bug 1235869 and Bug 1238079, Firefox Marketplace apps are at most
supported by B2G, and B2G only code doesn't need to be in m-c anymore.

MozReview-Commit-ID: DAx5lRdYQo0

--HG--
extra : rebase_source : e7fc32195def3acda2d53a6e3cb969f1e8a9a9a1
 2017-02-06 23:43:38 +08:00
Cykesiopka e8b35af2ec Bug 1313715 - Avoid unnecessary uses of PR_SetError() under security/apps/ and security/certverifier/. r=keeler 
The PR_SetError() + PR_GetError() pattern is error prone and unnecessary.

Also fixes Bug 1254403.

MozReview-Commit-ID: DRI69xY4vxC

--HG--
extra : rebase_source : aa07c0dfb5cc2a203e772b415b7a75b27d9bad3c
 2016-12-14 20:10:25 +08:00
Sergei Chernov edb1f658f6 Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler 
MozReview-Commit-ID: HZwzSgxarTw

--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
 2016-06-15 11:11:00 +03:00
David Keeler c17f3a2733 bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj 
MozReview-Commit-ID: 88JhIU1pUji

--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
 2016-05-05 16:11:11 -07:00
Cykesiopka 128f004a1f Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler 
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes CERTCertList parameters of various functions to make ownership more
explicit.

MozReview-Commit-ID: EXqxTK6inqy

--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
 2016-05-05 14:56:36 -07:00
Cykesiopka 372fe1a598 Bug 1260643 - Convert most uses of ScopedCERTCertificate in PSM to UniqueCERTCertificate. r=keeler 
MozReview-Commit-ID: JnjoUd7d2M0

--HG--
extra : transplant_source : %99x%B6%F5%09%97%E6%60%B6%3C%3C%C2%D5vt%27%0C-%96%1B
 2016-04-20 01:14:22 -07:00
Nathan Froyd 2c2f66f499 Bug 1232454 - use UniquePtr<T[]> instead of nsAutoArrayPtr<T> in security/apps/; r=keeler 
As a nice side effect, we also fix a (rare) memory leak in
AppTrustDomain::SetTrustedRoot.
 2015-12-06 08:06:03 -05:00
Jonathan Hao e4b1f62b85 Bug 1178448 - Use imported CA in developer mode. r=keeler,valentin 2015-10-08 17:08:45 +08:00
Richard Barnes 990593f9cf Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler 2015-09-11 14:52:30 -04:00
Mark Goodwin 91782dab68 Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler) 2015-07-09 07:22:29 +01:00
Cykesiopka 0a9aea4ab2 Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler 
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
 2015-06-29 22:19:00 +02:00
David Keeler 4e7fc3055e bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes 2015-04-06 16:10:28 -07:00
Ehsan Akhgari 883849ee32 Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj 
This patch was automatically generated using the following script:

function convert() {
echo "Converting $1 to $2..."
find . \
       ! -wholename "*/.git*" \
       ! -wholename "obj-ff-dbg*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.c" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_OVERRIDE override
convert MOZ_FINAL final
 2015-03-21 12:28:04 -04:00
Cykesiopka 171babfad4 Bug 1139177 - RSA public key size checking cleanups. r=keeler 2015-03-05 16:41:00 +01:00
Brian Smith 06b7804e70 Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler 
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
 2015-02-14 16:59:02 -08:00
Brian Smith a89b90ea7f Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler 
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
 2015-02-07 12:14:31 -08:00
Brian Smith b0f87b9b6c Bug 1122841, Part 2: Centralize checking of public key, r=keeler 
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
 2015-02-02 16:17:08 -08:00
Ehsan Akhgari 5f97b938f2 Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith 2015-01-02 09:02:04 -05:00
Cykesiopka 1c4af4e6a1 Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith 2014-10-18 15:18:00 +02:00
David Keeler fd860abf57 bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco 2014-09-25 11:18:56 -07:00
Brian Smith 0ccaf0860c Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler 
--HG--
extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2
 2014-08-02 08:49:12 -07:00
Brian Smith d77dac0580 Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler 
--HG--
extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478
 2014-07-31 12:17:31 -07:00
Brian Smith ffe743ee06 Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c
 2014-07-18 22:30:51 -07:00
Brian Smith 5f56fc60d6 Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco 
--HG--
extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4
 2014-07-20 11:06:26 -07:00
Brian Smith c45dc156d1 Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler 
--HG--
extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532
 2014-07-18 11:48:49 -07:00
Cykesiopka 0289b45f0c Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith 2014-07-15 19:49:00 -04:00
Brian Smith 17375cc8b3 Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8
extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d
 2014-07-06 19:36:05 -07:00
Brian Smith c162caba82 Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad
extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb
 2014-07-10 19:00:32 -07:00
Brian Smith 3f110246be Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc
extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605
 2014-07-06 15:55:38 -07:00
Brian Smith 783ead1861 Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc 
--HG--
extra : rebase_source : 68e6da2f1e1c7fa678ef4cc81d23cc6298709108
extra : histedit_source : feba4c589dbf004ee50e2dea1fca0809f8f97674
 2014-07-03 21:49:56 -07:00
Brian Smith f5ec8594e7 Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler 
--HG--
extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e
 2014-07-02 16:15:16 -07:00
Brian Smith 89e560be23 Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler 
--HG--
extra : rebase_source : e093922497d005734c590a59f175993a7715bce8
 2014-07-03 16:59:42 -07:00
Brian Smith ca4f473450 Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler 
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
 2014-06-20 10:10:51 -07:00
Brian Smith 67bd0799fb Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler 
--HG--
extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8
 2014-06-05 15:18:32 -07:00
Brian Smith 279c66a9b8 Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler 
--HG--
extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f
 2014-06-03 10:47:25 -07:00
Brian Smith 2912321bc5 Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler 
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
 2014-05-15 18:59:52 -07:00
Brian Smith 9ae1a34e11 Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc 
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
 2014-04-25 16:29:26 -07:00
Camilo Viecco a54a4f05cf Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler 
--HG--
extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca
 2014-02-05 14:49:10 -08:00
David Keeler b1405bc489 bug 985201 - rename insanity::pkix to mozilla::pkix r=cviecco r=briansmith 
--HG--
rename : security/insanity/include/insanity/ScopedPtr.h => security/pkix/include/pkix/ScopedPtr.h
rename : security/insanity/include/insanity/bind.h => security/pkix/include/pkix/bind.h
rename : security/insanity/include/insanity/nullptr.h => security/pkix/include/pkix/nullptr.h
rename : security/insanity/include/insanity/pkix.h => security/pkix/include/pkix/pkix.h
rename : security/insanity/include/insanity/pkixtypes.h => security/pkix/include/pkix/pkixtypes.h
rename : security/insanity/lib/pkixbind.cpp => security/pkix/lib/pkixbind.cpp
rename : security/insanity/lib/pkixbuild.cpp => security/pkix/lib/pkixbuild.cpp
rename : security/insanity/lib/pkixcheck.cpp => security/pkix/lib/pkixcheck.cpp
rename : security/insanity/lib/pkixcheck.h => security/pkix/lib/pkixcheck.h
rename : security/insanity/lib/pkixder.cpp => security/pkix/lib/pkixder.cpp
rename : security/insanity/lib/pkixder.h => security/pkix/lib/pkixder.h
rename : security/insanity/lib/pkixkey.cpp => security/pkix/lib/pkixkey.cpp
rename : security/insanity/lib/pkixocsp.cpp => security/pkix/lib/pkixocsp.cpp
rename : security/insanity/lib/pkixutil.h => security/pkix/lib/pkixutil.h
rename : security/insanity/moz.build => security/pkix/moz.build
rename : security/insanity/test/lib/moz.build => security/pkix/test/lib/moz.build
rename : security/insanity/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestutil.cpp
rename : security/insanity/test/lib/pkixtestutil.h => security/pkix/test/lib/pkixtestutil.h
 2014-03-20 14:29:21 -07:00
Brian Smith 605160af41 Bug 921886: Add certificate policiy support to insanity::pkix, r=keeler, r=cviecco 
--HG--
extra : rebase_source : 6522e2c2f57f59fe23c0ed0c838f1f54236bdafc
 2014-02-24 12:37:45 -08:00
Brian Smith 46ac0ca312 Bug 915931, Part 3: Integrate insanity::pkix OCSP support, r=keeler, r=cviecco 
--HG--
extra : rebase_source : 4b54682ca6d97e2ec7709b9a5c93ddea71126f8b
 2014-02-16 17:35:40 -08:00
Brian Smith 2f3036a251 Bug 896620: Make marketplace certs work on in all products, r=keeler 
--HG--
extra : source : 86ec7137a8892f75918c77e605df970f5b96ef62
extra : histedit_source : 33326790804d49e6ec658626116ebf870d94d445
 2014-02-14 14:37:07 -08:00