Граф коммитов

171 Коммитов

Автор SHA1 Сообщение Дата
Brian Smith 17375cc8b3 Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8
extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d
2014-07-06 19:36:05 -07:00
Brian Smith c162caba82 Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad
extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb
2014-07-10 19:00:32 -07:00
Brian Smith b14f27897b Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco
--HG--
extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc
2014-07-10 22:38:59 -07:00
Brian Smith 3f110246be Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc
extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605
2014-07-06 15:55:38 -07:00
Brian Smith 783ead1861 Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc
--HG--
extra : rebase_source : 68e6da2f1e1c7fa678ef4cc81d23cc6298709108
extra : histedit_source : feba4c589dbf004ee50e2dea1fca0809f8f97674
2014-07-03 21:49:56 -07:00
Brian Smith f5ec8594e7 Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler
--HG--
extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e
2014-07-02 16:15:16 -07:00
Brian Smith 89e560be23 Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler
--HG--
extra : rebase_source : e093922497d005734c590a59f175993a7715bce8
2014-07-03 16:59:42 -07:00
Brian Smith 949d837110 Bug 1035034: Fix typo in CertVerifier, r=cviecco
--HG--
extra : rebase_source : b8871ee8cf1e156ef48d363ea49e8b82ab268d98
2014-07-06 19:15:13 -07:00
Brian Smith 2d9e74e8ee Bug 975229: Remove NSS-based certificate verification, r=keeler
--HG--
extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9
2014-06-16 23:13:29 -07:00
Brian Smith ca4f473450 Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
2014-06-20 10:10:51 -07:00
David Keeler c13f6d39c7 bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith 2014-06-20 09:01:57 -07:00
Brian Smith b76e937c55 Bug 1006812: Use mozilla::pkix::der to decode the key usage extension, r=keeler
--HG--
extra : rebase_source : e445c913994dc027e1179543d7b6cab2505e734d
2014-06-19 00:13:20 -07:00
Brian Smith d779fddb49 Bug 1022970: Switch from UNIFIED_SOURCES back to SOURCES in security/pkix, security/certverifier, and security/manager/ssl/src, r=keeler
--HG--
extra : rebase_source : 7d45d018be6b23af199c1e9c858fb5bb3bb5a01b
2014-06-16 22:57:55 -07:00
Brian Smith 30fd4b4013 Bug 1026371: Remove useless comments in CertVerifier.cpp, r=cviecco
--HG--
extra : rebase_source : 58444ab17c68bcde6938540b3b074af55e417687
2014-06-16 23:37:53 -07:00
David Keeler 29ec0cc30a bug 1017826 - follow-up to fix indentation r=me a=whitespace-only DONTBUILD 2014-06-17 09:14:00 -07:00
Harsh Pathak 6c21b7c10e Bug 1017826 - prevent a potential memory leak in OCSPCache::Put. r=keeler 2014-06-16 20:27:00 +02:00
Brian Smith 67bd0799fb Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
--HG--
extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8
2014-06-05 15:18:32 -07:00
David Keeler 5f24a86888 bug 1019198 - fail handshake if given an expired OCSP response and fetching a new one fails r=briansmith 2014-06-06 09:20:50 -07:00
Brian Smith 279c66a9b8 Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
--HG--
extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f
2014-06-03 10:47:25 -07:00
Camilo Viecco 5bce267045 Bug 991815 - Part 1/2 - Allow intermediate OCSP responses up to 1 year old. r=keeler
--HG--
extra : rebase_source : 28d5336da1dc44932b92ce2c59fca5fcb2b8a3d8
2014-05-30 16:12:36 -07:00
Brian Smith 103251c410 Bug 1010634, Part 6: Enable -Wall with a few exceptions for certverifier, r=cviecco
--HG--
extra : rebase_source : 611f0d65e7edb74345a4a599a6606de37e3da75e
2014-05-15 21:56:23 -07:00
Brian Smith 84170040f4 Bug 1010634, Part 3: Fix more warnings in CertVerifier, r=cviecco
--HG--
extra : rebase_source : 21e79fbc472aeccec7df213e0cd8d99bebfbff75
2014-05-29 20:17:53 -07:00
Cykesiopka fe5e0f327b Bug 917510 - Replace SHA-1 fingerprints of EV certs in ExtendedValidation.cpp with SHA-2 fingerprints. r=briansmith, r=kwilson 2014-05-30 00:01:00 -04:00
David Keeler 4434286b6b bug 1006710 - add class of PSM errors to SEC and SSL errors r=briansmith 2014-05-28 15:28:03 -07:00
Camilo Viecco f051695b8d Bug 1005142 - Part 1/2 - Add OCSP get capabilities to OCSPRequestor. r=keeler
--HG--
extra : rebase_source : ee4a86bf02a466a31de8b0b6cd7ce375a7f28c6d
2014-05-21 15:42:21 -07:00
Camilo Viecco 0c9b112b38 Bug 1010594 - Part 1/2 OCSP url check - r=briansmith
--HG--
extra : rebase_source : 0b26339d33db90722401ae1d8ac255d0390aea30
2014-05-16 13:53:14 -07:00
Monica Chew 88108c8e9f Bug 1011269: Forgot to qref to pick up keeler's changes (r=keeler) 2014-05-19 13:24:41 -07:00
Monica Chew 7683ced05a Bug 1011269: Add CertVerifier::pinningEnforceTestMode (r=keeler) 2014-05-19 13:04:40 -07:00
Brian Smith fe9fcc5bec Bug 1010634, Part 1: Fix compiler warnings in certverifier, r=cviecco
--HG--
extra : rebase_source : f8d925f042040368b038b62bc1d0c9d4d6d04618
2014-05-14 17:46:32 -07:00
Brian Smith 2912321bc5 Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
2014-05-15 18:59:52 -07:00
Brian Smith 077fb4cfcf Bug 1006041: Use mozilla::pkix::der for decoding the extended key usage extension, r=keeler
--HG--
extra : rebase_source : b4b62f117d653784eb6ad058554faf520a1bd90b
2014-05-14 01:02:34 -07:00
Gervase Markham a28ceb8833 Bug 1007195 - Change licensing on mozilla::pkix to dual Apache 2/MPL 2. r=briansmith. 2014-05-14 14:37:25 +01:00
David Keeler 9bf8c7f01d bug 982248 - NSSCertDBTrustDomain: specify timeout for OCSP requests r=briansmith 2014-05-01 15:07:55 -07:00
Brian Smith 9ae1a34e11 Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
2014-04-25 16:29:26 -07:00
Camilo Viecco a54a4f05cf Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
--HG--
extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca
2014-02-05 14:49:10 -08:00
David Keeler 388e440bec bug 977865 - mozilla::pkix: add backoff for ocsp fetching when a responder fails r=cviecco 2014-04-28 16:38:15 -07:00
Camilo Viecco 930ccc7d4e Bug 987816 - Part 1/3. Allow verifying with certificateUsageVerifyCA. r=dkeeler
--HG--
extra : rebase_source : 7530839c9c02d56936e322f897de96d80a60a18f
2014-03-28 10:21:30 -07:00
Wes Kocher 116cedb60f Backed out 2 changesets (bug 987816) for xpcshell orange
Backed out changeset 245d0cb5a7b3 (bug 987816)
Backed out changeset b714220dd39d (bug 987816)
2014-03-28 16:57:12 -07:00
Camilo Viecco 828e5f79ad Bug 987816 - certificateUsageVerifyCA is OK verifcation option. r=dkeeler
--HG--
extra : rebase_source : 0e000dc85705e1c61773e8fc73425fe80e0b9134
2014-03-28 10:21:30 -07:00
David Keeler b1405bc489 bug 985201 - rename insanity::pkix to mozilla::pkix r=cviecco r=briansmith
--HG--
rename : security/insanity/include/insanity/ScopedPtr.h => security/pkix/include/pkix/ScopedPtr.h
rename : security/insanity/include/insanity/bind.h => security/pkix/include/pkix/bind.h
rename : security/insanity/include/insanity/nullptr.h => security/pkix/include/pkix/nullptr.h
rename : security/insanity/include/insanity/pkix.h => security/pkix/include/pkix/pkix.h
rename : security/insanity/include/insanity/pkixtypes.h => security/pkix/include/pkix/pkixtypes.h
rename : security/insanity/lib/pkixbind.cpp => security/pkix/lib/pkixbind.cpp
rename : security/insanity/lib/pkixbuild.cpp => security/pkix/lib/pkixbuild.cpp
rename : security/insanity/lib/pkixcheck.cpp => security/pkix/lib/pkixcheck.cpp
rename : security/insanity/lib/pkixcheck.h => security/pkix/lib/pkixcheck.h
rename : security/insanity/lib/pkixder.cpp => security/pkix/lib/pkixder.cpp
rename : security/insanity/lib/pkixder.h => security/pkix/lib/pkixder.h
rename : security/insanity/lib/pkixkey.cpp => security/pkix/lib/pkixkey.cpp
rename : security/insanity/lib/pkixocsp.cpp => security/pkix/lib/pkixocsp.cpp
rename : security/insanity/lib/pkixutil.h => security/pkix/lib/pkixutil.h
rename : security/insanity/moz.build => security/pkix/moz.build
rename : security/insanity/test/lib/moz.build => security/pkix/test/lib/moz.build
rename : security/insanity/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestutil.cpp
rename : security/insanity/test/lib/pkixtestutil.h => security/pkix/test/lib/pkixtestutil.h
2014-03-20 14:29:21 -07:00
David Keeler 09232f13e6 bug 969048 - adjust OCSP stapling telemetry for insanity::pkix r=briansmith r=cviecco 2014-03-13 09:41:03 -07:00
David Keeler 5e64bb5ea4 bug 915932 - cache OCSP responses when using insanity::pkix r=cviecco r=briansmith 2014-03-12 13:08:48 -07:00
David Keeler a0bbe0c0fb bug 982403 - separate the compilation of certverifier and insanity::pkix r=cviecco r=briansmith
--HG--
rename : security/certverifier/moz.build => security/insanity/moz.build
2014-03-12 13:08:18 -07:00
Camilo Viecco 0e5ef28180 Bug 962740 - Batch of 3 CA Certs to be granted EV capabilites. r=keeler 2014-02-26 14:41:02 -08:00
David Keeler 954d7d0bfb Bug 974715 - Create more flexible OCSP response generation code. r=briansmith, r=cviecco 2014-03-10 14:04:31 -07:00
Brian Smith dbb4eb51fe Bug 978528: Return the correct error message when no potential issuers are found during path bulding in insanitY::pkix, r=cviecco
--HG--
extra : rebase_source : 71f806312ad322bc2971e7efaea2da217b07efad
2014-03-01 20:55:51 -08:00
Brian Smith 485e9d1aab Bug 921885: Use insanity::pkix for EV cert verification when insanity::pkix is the selected implementation, r=cviecco, r=keeler
--HG--
extra : rebase_source : b1fd1f8eace675484b3c2d568e5e74f767f1d2ad
2014-02-23 22:15:53 -08:00
Brian Smith 605160af41 Bug 921886: Add certificate policiy support to insanity::pkix, r=keeler, r=cviecco
--HG--
extra : rebase_source : 6522e2c2f57f59fe23c0ed0c838f1f54236bdafc
2014-02-24 12:37:45 -08:00
Brian Smith c3a50adf07 Bug 975122: Allow cert error overrides when insanity::pkix is used, r?cviecco, r?keeler
--HG--
extra : rebase_source : 47f5e779a16c462e40baa2d9cec2e83946c9076c
2014-02-22 19:08:06 -08:00
Brian Smith 46ac0ca312 Bug 915931, Part 3: Integrate insanity::pkix OCSP support, r=keeler, r=cviecco
--HG--
extra : rebase_source : 4b54682ca6d97e2ec7709b9a5c93ddea71126f8b
2014-02-16 17:35:40 -08:00
Brian Smith 3a9c1abfb2 Bug 878932, Part 1: Add OCSP response parsing & validation to insanity::pkix, r=keeler
--HG--
extra : rebase_source : 23771eaf97f67e5feb69d50a0c96dd4da31ae964
extra : source : b0511882e4c94c0960ef8533b381e8d72706172e
2014-02-16 18:09:06 -08:00
Brian Smith 2f3036a251 Bug 896620: Make marketplace certs work on in all products, r=keeler
--HG--
extra : source : 86ec7137a8892f75918c77e605df970f5b96ef62
extra : histedit_source : 33326790804d49e6ec658626116ebf870d94d445
2014-02-14 14:37:07 -08:00
Brian Smith 6195eb652a Bug 878932, Part 1: add insanity::pkix as an option for certificate verification, r=keeler, r=cviecco
--HG--
extra : rebase_source : c1f75dff6ac7f32e082517af701654abebaee250
2014-02-10 11:41:12 -08:00
Camilo Viecco 2111455ed0 Bug 790809 - Add callback for in libpkix for extra app checks (in usage sslserver). r=dkeeler 2014-02-05 14:49:14 -08:00
Brian Smith af88fb50b0 Bug 921891, part 3: Add basic building and verification, r=keeler, r=cviecco
--HG--
extra : rebase_source : 7b01773c47445efc40941ae251d03f505f429be6
extra : source : 2a36da04b931740858d51023b2cc8ef7528ef740
2014-02-02 21:21:00 -08:00
Daniel Holbert 6dabf48731 Bug 968323: Declare prlog variables inside #ifdef PR_LOGGING instead of MOZ_LOGGING, in /security, to fix build failures in --disable-logging builds. r=briansmith 2014-02-05 22:11:26 -08:00
Daniel Holbert e75f701087 Bug 968491: Mark security/certverifier/ as FAIL_ON_WARNINGS. r=briansmith 2014-02-05 22:11:24 -08:00
Camilo Viecco be133e87b2 Bug 968491 helper-patch: Temporarily #ifdef out static function 'insertErrorIntoVerifyLog' to address Wunused-function build warning. r=briansmith 2014-02-05 22:11:16 -08:00
Brian Smith d5d6180d11 Bug 921887: Add minimal DER decoder to insanity::pkix, r=keeler
--HG--
extra : rebase_source : 12becc63c3f1d4f04f0164d236b6759e9f4e81cc
extra : source : 6db5ba057f8d557eaf238d35d539e4c3dc08be1a
2013-09-29 12:08:33 -07:00
Brian Smith 5abecfbefe Bug 921890: Add key extraction and signature verification to insanity::pkix, r=keeler, r=cviecco
--HG--
extra : rebase_source : c94380aedc563b3eecddb9bcac60b532f5799eee
extra : source : e33ed267eeee330807dff6c6347e11c0a4e86809
2013-10-01 01:08:42 -07:00
Brian Smith 2944942221 Bug 967175: Remove EV entries for ValiCert (Go Daddy) roots removed in bug 936304, r=kwilson
--HG--
extra : rebase_source : b87998d88f38057d37b7518cf1f4fb485c505b31
2014-02-03 14:29:05 -08:00
Camilo Viecco 97ab153856 Bug 962693: Add function to add arbitrary errors to tail of verifylog. r=keeler 2014-01-24 14:13:25 -08:00
Camilo Viecco 7257212a64 Bug 962833: ensure-certverify-returns secfailure on MUST_BE_EV and no ev certificate. r=dkeeler 2014-01-24 13:57:35 -08:00
Brian Smith ccb3f48598 Bug 891066, Part 9: Move DisableMD5 to NSSCertDBTrustDomain, r=dkeeler
--HG--
extra : rebase_source : aaf658c12a74fc53f1591333f10d54e78fe1d992
2014-01-20 01:30:25 -08:00
Brian Smith 9d23ee7fc7 Bug 891066, Part 8: Add stapled OCSP response to CertVerifier, r=cviecco
--HG--
extra : rebase_source : ffe0762228d1217cb51e2f8fad2e0605d7d61344
extra : source : f721d60b6bf74467381590457ce3542f83a2f43a
2013-09-27 19:53:36 -07:00
Brian Smith 12a2ffda37 Bug 891066, Part 7: Give CertVerifier its own NSPR logging module, r=cviecco
--HG--
extra : rebase_source : a6b38c4026fe70c9789cbe4830df57c943382f5b
extra : source : 591daff856840016c979ed9b4fdbed4ed68f22a6
2013-07-10 23:47:09 -07:00
Brian Smith 213974a8d4 Bug 891066, Part 6: Move SSL server cert verification logic to security/certverifier, r=cviecco
--HG--
extra : rebase_source : e30b5b46e075c52651bb5320b17660f85a50abbb
extra : source : ef41444d0a7d1f6697c7a4d431fffe8db1724605
2013-07-08 16:30:59 -07:00
Brian Smith 4488103b73 Bug 891066, Part 5: Switch to security::pkix::ScopedCERTCertList, r=cviecco
--HG--
extra : rebase_source : 59015f864e612f18a2f7bb62092b692ae8d47853
extra : source : 31f68b8a192b45720fe931176cdc0565e8c6fd80
2014-01-22 17:13:19 -08:00
Brian Smith 5ce3726857 Bug 891066, Part 4: Fix indention, r=me, a=whitespace-only
--HG--
extra : rebase_source : 0b9dad2a331b729f614b9b3ee29793a3c89ae053
extra : source : 651a8ef41d0611f0dbc72cbd663071958fea649b
2013-09-19 13:39:36 -07:00
Brian Smith 3091f37853 Bug 891066, Part 3: Move more initialization of NSS to security/certverifier, r=keeler
--HG--
extra : rebase_source : 33aad105028f849d0bbe1c37b60eab50f2f22c88
2014-01-20 22:10:33 -08:00
Brian Smith c1583f22ce Bug 891066, part 2: Move CertVerifier to security/certverifier, r=keeler
--HG--
extra : rebase_source : dd59a391825b776b075e855660c2488105e2d741
2014-01-26 19:36:28 -08:00