Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.
MozReview-Commit-ID: 8GxtgdbaS3P
--HG--
extra : rebase_source : d1bed911f2d5d40229ea06556fee0848668e98b6
After these additions, the majority of the API surface should be covered.
MozReview-Commit-ID: CvpEX6Cm94d
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_list.js => security/manager/ssl/tests/unit/test_pkcs11_module.js
extra : transplant_source : %B3%E0%09%B9%E4b%D0A%F0%00r%08%1F%9Dm%E7%CC9%E3l
Entries in kSTSPreloadList currently look like:
class nsSTSPreload
{
public:
const char *mHost;
const bool mIncludeSubdomains;
};
This is inefficient for a couple of reasons:
* The structure has a bunch of wasted space: it takes 8 bytes on 32-bit
platforms and 16 bytes on 64-bit platforms, even though it only uses 5
and 9 bytes, respectively.
* The |const char*| requires additional space in the form of relocations
(at least on Linux/Android), which doubles the space cost of
individual entries. (The space cost of the relocations is mitigated
somewhat on Linux and Android because of elfhack, but there's still
extra cost in the on-disk format and during the load of libxul to
process those relocations.)
* The relocations the structure requires means that the data in it can't
be shared between processes, which is important for e10s with multiple
content processes.
We can make it more efficient by structuring it like so:
static const char kSTSPreloadHosts[] = {
// One giant character array containing the hosts, in order:
// "example.com\0example.org\0example.test\0..."
// Use an array rather than a literal string due to compiler limitations.
};
struct nsSTSPreload
{
// An index into kSTSPreloadHosts for the hostname.
uint32_t mHostIndex: 31;
// We use the same datatype for both members so that MSVC will pack
// the bitfields into a single uint32_t.
uint32_t mIncludeSubdomains: 1;
};
nsSTSPreload now has no wasted space and is significantly smaller,
especially on 64-bit platforms (saves ~29K on 32-bit platforms and ~85K
on 64-bit platforms). This organization does add a couple extra
operations to searching for preload list entries, depending on your
platform, but the space savings make it worth it.
The main loop of |output| tweaks entries, filters out entries based on
some conditions, and writes out the actual entries we're going to use.
Let's separate those three steps so it's clearer what's happening where.
When building non-gonk builds, ANDROID_VERSION is not set. Beginning with NDK 11, getdtablesize is no longer included. This means that we should use the stub version of the function that is defined in android_stub.h for all android platforms. This patch moves the function out of the "#if ANDROID_VERSION >=21" block so that all android code can use it.
Adding glandium as the reviewer, because he reviewed the original patch at bug 1103816.
MozReview-Commit-ID: 2NmUl5XuvDS
--HG--
extra : transplant_source : %03%8C/%E0%20t%D0%3Al4%D4Oh%CB_%07%8A%24r%CC
There are two parts to this change. The first is a module to drive kinto
collection sync. This gives server-provided last-update times to each module
managing collection information so that data is only fetched when updates are
necessary. This also keeps track of when pings last took place (for future use)
and any apparent difference between client and server clock (we need this later
for the content signing work).
Currently only one module (the kinto version of the OneCRL client) consumes this
information, though more will follow.
The second is a minor change to nsBlocklistService.js to ensure that this ping
takes place whenever the existing blocklist ping happens.
MozReview-Commit-ID: 7SN03AOJ4Wc
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.
MozReview-Commit-ID: HCtZpPQVEGZ
--HG--
extra : rebase_source : 759e9c5a7bb14f14a77e62eae2ba40c085f04ccd