Before this patch, the certificate verifier would only attempt to build a
trusted path to a root with the first recognized EV OID in the end-entity
certificate. Thus, if an end-entity certificate had more than one EV OID, it
could fail to verify as EV if an intermediate or root had the "wrong" EV OID.
This patch addresses this shortcoming by trying to build a path with each
recognized EV OID in the end-entity certificate until it finds one that works.
Differential Revision: https://phabricator.services.mozilla.com/D149319
Certificate error overrides made in non-private contexts should be availble in
private contexts as well (but not vice-versa).
Differential Revision: https://phabricator.services.mozilla.com/D149296
Add a preference for whether to remove ECH GREASE extensions when retrying a connection. This repurposes the flag which was previously present but not actually functional.
Differential Revision: https://phabricator.services.mozilla.com/D147191
The biggest set of APIs from ns[T]StringObsolete which are still heavily used
are the string searching APIs. It appears the intention was for these to be
replaced by the `FindInReadable` APIs, however that doesn't appear to have
happened.
In addition, the APIs have some quirks around their handling of mixed character
widths. These APIs generally supported both narrow strings and the native
string type, probably because char16_t string literals weren't available until
c++11. Finally they also used easy-to-confuse unlabeled boolean and integer
optional arguments to control behaviour.
These patches do the following major changes to the searching APIs:
1. The ASCII case-insensitive search method was split out as
LowerCaseFindASCII, rather than using a boolean. This should be less
error-prone and more explicit, and allows the method to continue to use
narrow string literals for all string types (as only ASCII is supported).
2. The other [R]Find methods were restricted to only support arguments with
matching character types. I considered adding a FindASCII method which would
use narrow string literals for both wide and narrow strings but it would've
been the same amount of work as changing all of the literals to unicode
literals.
This ends up being the bulk of the changes in the patch.
3. All find methods were re-implemented using std::basic_string_view's find
algorithm or stl algorithms to reduce code complexity, and avoid the need to
carry around the logic from nsStringObsolete.cpp.
4. The implementations were moved to nsTStringRepr.cpp.
5. An overload of Find was added to try to catch callers which previously
called `Find(..., false)` or `Find(..., true)` to set case-sensitivity, due
to booleans normally implicitly coercing to `index_type`. This should
probably be removed at some point, but may be useful during the transition.
Differential Revision: https://phabricator.services.mozilla.com/D148300
This changes the behavior of CRLite when configured in `ConfirmRevocations`
mode (the default mode on nightly and early beta). Under the new definition,
ConfirmRevocations mode fails closed when OCSP fails open. In particular, a
certificate will be marked as "Revoked" in the following scenarios:
- CRLite returns "Revoked" and the certificate does not list an OCSP URL,
- CRLite returns "Revoked" and the OCSP responder is unreachable,
- CRLite returns "Revoked" and the OCSP responder returns an error.
Differential Revision: https://phabricator.services.mozilla.com/D148686
Add a preference for whether to remove ECH GREASE extensions when retrying a connection. This repurposes the flag which was previously present but not actually functional.
Differential Revision: https://phabricator.services.mozilla.com/D147191
Before this patch, the content signature verifier
(nsIContentSignatureVerifier/ContentSignatureVerifier) would identify the root
it trusted based on the value of a preference. This patch changes the
implementation to require a specified hard-coded root to trust as with add-on
signature verification.
Depends on D146644
Differential Revision: https://phabricator.services.mozilla.com/D146645
Before this patch, the app signature verification code lived in security/apps/.
The majority of the rest of PSM is in security/manager/ssl/ and there's little
reason to have that extra directory for the app signature verification
implementation alone.
Differential Revision: https://phabricator.services.mozilla.com/D146644
This introduces a breaking change: the buckets cannot be changed via preferences anymore.
Before landing this patch, we should have a released a new version of the Remote Settings DevTools that is compatible with this new API.
Differential Revision: https://phabricator.services.mozilla.com/D145455
The ability to customize this preference name has very little value. We introduced this feature when we refactored our ad-hoc Kinto clients into a single RemoteSetting client.
Renaming this preference means that the DevTools will display an empty field until settings are resynced.
Differential Revision: https://phabricator.services.mozilla.com/D145454
This patch won't actually build, because a few bits of code are used
for both nsIFactory::createInstance and static components, and static
components are not fixed until the next patch.
The first place is nsLoadGroupConstructor, which uses an nsIFactory
macro to create a static component constructor. (This could be worked
around by expanding the macro to the state before this patch.)
The other issue is that nsAppShellConstructor is used in an nsIFactory
on OSX, but as a static component on all other platforms. This could
be worked around by wrapping nsAppShellConstructor in an adaptor that
passes in the extra null argument to nsAppShellConstructor.
Differential Revision: https://phabricator.services.mozilla.com/D146456
This also upgrades the headers crate to 0.3.7. Webdriver depends on warp 0.2,
which depends on headers 0.3. But headers < 0.3.7 depends on sha-1 < 0.10. We
need sha-1 and sha2 at the same minor version to avoid duplicate block-buffer,
generic-array, and digest crates.
Differential Revision: https://phabricator.services.mozilla.com/D146010
This patch removes the redundant nsICryptoHMAC interface and implementation,
updates front-end code to use WebCrypto, and changes back-end code to use the
helper class HMAC introduced by this patch.
This also removes the last uses of nsIKeyObject and nsIKeyObjectFactory, and
thus those interfaces and implementations as well.
Differential Revision: https://phabricator.services.mozilla.com/D145656
Chrome's transport_security_state_static.pins (used by Gecko to glean static
pinning information) recently added a timestamp to note its creation time.
This patch updates genHPKPStaticPins.js to handle the timestamp's presence by
ignoring it.
This also removes the obsolete security/manager/tools/genHPKPStaticPins.js.
The canonical version of that file is
taskcluster/docker/periodic-updates/scripts/genHPKPStaticPins.js.
Differential Revision: https://phabricator.services.mozilla.com/D146226
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Depends on D145152
Differential Revision: https://phabricator.services.mozilla.com/D145390
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Depends on D145151
Differential Revision: https://phabricator.services.mozilla.com/D145152
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Depends on D145150
Differential Revision: https://phabricator.services.mozilla.com/D145151
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Differential Revision: https://phabricator.services.mozilla.com/D145150
With MOZ_FORMAT_PRINTF annotations, the compiler expects a wchar_t*, and
it won't automatically consider char16ptr_t to be compatible with that.
While handling strings, there's one case of formatting that doesn't need
to use %S at all.
Differential Revision: https://phabricator.services.mozilla.com/D144919
In future parts, TaskQueue will require extra initialization to be performed
which cannot happen in a constructor, as it takes references to the TaskQueue
object itself, which will require the introduction of a helper method. This
patch switches all callers of the TaskQueue constructor to use the new method.
Differential Revision: https://phabricator.services.mozilla.com/D142604
dom/system/PathUtils.cpp(77,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return false;
^~~~~
ipc/chromium/src/chrome/common/ipc_channel_win.cc(479,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return true;
^~~~
mozglue/misc/PreXULSkeletonUI.cpp(1263,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return 0;
^
mozglue/tests/TestPEExportSection.cpp(348,12): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return 0;
^
security/manager/ssl/OSReauthenticator.cpp(428,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return NS_OK;
^~~~~
toolkit/components/maintenanceservice/maintenanceservice.cpp(214,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return 0;
^
widget/windows/WindowsUIUtils.cpp(383,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return false;
^~~~~
Differential Revision: https://phabricator.services.mozilla.com/D144661
Scanning for client certificates involves looking through each slot in each
PKCS#11 module. There may be many certificates that don't have corresponding
private keys in the NSS softoken, so it's more efficient to search for private
keys and then find any matching certificates. This reasoning also applies to
the NSS builtin roots module, which is the change this patch makes.
Differential Revision: https://phabricator.services.mozilla.com/D143859
This patch changes the default behaviour of `download()`.
- Previous file-based behaviour was moved to `downloadToDisk()` and `deleteFromDisk()`. Existing consumers were migrated to avoid behaviour change.
- `download()` has now `{useCache: true}` by default, option was dropped, and `deleteCached()` is now `deleteDownloaded()`
Differential Revision: https://phabricator.services.mozilla.com/D141980
This patch changes the default behaviour of `download()`.
- Previous file-based behaviour was moved to `downloadToDisk()` and `deleteFromDisk()`. Existing consumers were migrated to avoid behaviour change.
- `download()` has now `{useCache: true}` by default, option was dropped, and `deleteCached()` is now `deleteDownloaded()`
Differential Revision: https://phabricator.services.mozilla.com/D141980
Before this patch, nsISiteSecurityService APIs took "flags" parameters that
differentiated private contexts from not private contexts. However, these
parameters were redundant with respect to origin attributes, which led to some
confusion for consumers of these APIs. This patch removes these parameters in
favor of using origin attributes.
Differential Revision: https://phabricator.services.mozilla.com/D142901
The Baseline Requirements no longer require an OCSP URI for EV certificate
intermediates. Since OneCRL covers intermediates anyways, OCSP checking for
intermediates can be skipped entirely.
Differential Revision: https://phabricator.services.mozilla.com/D142369
All commands declaring a virtualenv will have them activated before the
command executes. Removes all now-redundant manual activations of
declared virtualenvs.
Commands that don't declare a virtualenv will still implicitly be
associated with the "common" virtualenv, but unlike explicit
virtualenv declarations it'll have to be activated manually, just
like it was before this patch.
To smooth the migration with existing usages, virtualenv activation
behaviour was changed slightly: if attempting to activate a new
virtualenv, but the source venv is already command venv, then raise an
exception. (In the future, we should improve testability of
virtualenv scaffolding logic so that tests can be added for this
sort of thing.) This did cause some issues with some tests, which
will be solved more cleanly with bug 1724273. In the meantime,
minimal modifications were made to failing tests to keep them green:
* `test_command_line.py` was activating the `common` virtualenv so
that it could install `mozproxy`, and use its CLI. Instead, I
modified the test to use `mozproxy` using the "module" interface
(`python -m mozproxy ...`). At that point, `MozbuildObject` was
unnecessary and usages were replaced with simpler variants.
* `test_vendor.py` needed its explicit `activate_virtualenv()` call
patched out. It still needs to use a virtualenv's Python
executable, but due to `sys.executable` now being kept up-to-date
as of bug 1717051, it could be used directly.
Differential Revision: https://phabricator.services.mozilla.com/D122892
DataStorage writes should be atomic to avoid losing data if writing is
interrupted. Additionally, on mobile, if the app is backgrounded, it is more
likely to be killed, so an asynchronous write should be kicked off to hopefully
avoid losing data.
Differential Revision: https://phabricator.services.mozilla.com/D140788
Automatically generated rewrites of all ParamTraits and IPDLParamTraits
implementations in-tree to use IPC::Message{Reader,Writer}.
Differential Revision: https://phabricator.services.mozilla.com/D140004
This change does not build without the automatically rewritten changes from
part 3c, as every IPC::ParamTraits and IPDLParamTraits implementation needs to
be updated at once, but these are the manual changes which are required and not
handled by the automatic script.
Differential Revision: https://phabricator.services.mozilla.com/D140001