51c75f9eac
No bug, Automated HPKP preload list update from host bld-linux64-spot-560 - a=hpkp-update
2015-09-19 03:46:51 -07:00
c354c7fbb7
No bug, Automated HSTS preload list update from host bld-linux64-spot-560 - a=hsts-update
2015-09-19 03:46:49 -07:00
21a9e609d5
Backed out changeset a08287c70962 (bug 1203312) for b2g xpcshell failures
2015-09-18 12:53:24 -07:00
4cfc799e53
bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin
2015-08-24 15:53:07 -07:00
163979ae9f
Bug 1196039 - Telemetry for certificate lifetime. r=rbarnes,vladan
2015-09-17 10:04:52 -07:00
647b520991
Bug 1201135 - Rename pldhash.{h,cpp} to PLDHashTable.{h,cpp}. r=mccr8.
...
--HG--
rename : xpcom/glue/pldhash.cpp => xpcom/glue/PLDHashTable.cpp
rename : xpcom/glue/pldhash.h => xpcom/glue/PLDHashTable.h
extra : rebase_source : 06b9d30db96ed78500fd44d9c0b51609103508a3
2015-09-15 20:49:53 -07:00
e23a8d38a3
Bug 1205302 - Disallow intercepting OCSP requests; r=jdm
2015-09-16 19:15:32 -04:00
2ee4fd783b
Bug 1121760 (part 6) - Move all remaining PL_DHash*() functions into PLDHashTable. r=poiru.
...
--HG--
extra : rebase_source : 3cdc975507170d783b02d70f7c7d95c6bf2e1bcd
2015-09-14 14:23:47 -07:00
59683492e5
Bug 1121760 (part 3) - Remove PL_DHashTableRemove(). r=poiru.
...
--HG--
extra : rebase_source : c34d693de4aca45f2ea05c2767c8b1007c89df29
2015-09-14 14:23:24 -07:00
479244f7c9
Bug 1121760 (part 2) - Remove PL_DHashTableAdd(). r=poiru.
...
--HG--
extra : rebase_source : 41eb939bfb5c925cba58b1af57abce9a4e5fdb30
2015-09-14 14:23:12 -07:00
fcfdd8f54b
Bug 1121760 (part 1) - Remove PL_DHashTableSearch(). r=poiru.
...
--HG--
extra : rebase_source : 770e1f49a451ecbadd778e071b204611e27cf701
2015-05-21 00:34:25 -07:00
64db2267cf
Bug 1202902 - Mass replace toplevel 'let' with 'var' in preparation for global lexical scope. (rs=jorendorff)
2015-09-15 11:19:45 -07:00
2cdc0c814f
Bug 443811 - Use long date format for cert date output. r=keeler
...
--HG--
extra : rebase_source : cdd9b41b40125489e55171c1ece54bbd2a0cf947
2015-09-13 23:33:00 +02:00
990593f9cf
Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
2015-09-11 14:52:30 -04:00
c09a97364f
No bug, Automated HPKP preload list update from host bld-linux64-spot-542 - a=hpkp-update
2015-09-12 03:39:46 -07:00
28a278226f
No bug, Automated HSTS preload list update from host bld-linux64-spot-542 - a=hsts-update
2015-09-12 03:39:44 -07:00
b212375b7e
Bug 1016555 - Disable OCSP checking for certificates covered by OneCRL r=keeler
...
1) Added some comments to firefox.js to explain the relationship between
extensions.blocklist.interval and security.onecrl.maximum_staleness_in_seconds
2) Modified default values in firefox.js and mobile.js to set maximum staleness
to 1.25x blocklist interval
3) modified the tests_ev_certs.js xpcshell test to cope with larger maximum
staleness values to address test failures
2015-09-10 11:10:07 +01:00
b1cf90c1e5
Bug 1202526 (part 5) - Use PLDHashTable::RemoveEntry() in nsSecureBrowserUIImpl. r=dkeeler.
...
This avoids repeating the hash table search in order to remove the entry.
2015-09-07 19:20:16 -07:00
41bdcbc2ac
No bug, Automated HPKP preload list update from host bld-linux64-spot-1098 - a=hpkp-update
2015-09-05 03:41:54 -07:00
3ee4abd6a6
No bug, Automated HSTS preload list update from host bld-linux64-spot-1098 - a=hsts-update
2015-09-05 03:41:52 -07:00
db0b8dcf48
bug 1196853 - convert test_cert_signatures.js to generate certificates at build time r=jcj
...
Also add additional testcases that weren't in the original test (tampered
signatures had been tested, but tampered certificates hadn't been covered).
2015-08-19 15:59:49 -07:00
d5250da6de
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2015-09-03 13:59:53 -07:00
1d00751ccd
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2015-09-03 13:59:50 -07:00
dbfc3317da
Bug 1201024 - Disable unrestricted RC4 fallback and add RC4-only servers to the fallback whitelist. r=cykesiopka
2015-09-03 21:50:52 +09:00
5744a154e2
Bug 1197607, Automated hsts & hpkp updates are failing on mozilla-central, mozilla-aurora, mozilla-esr38, r=cykesiopka
2015-09-03 22:07:42 +12:00
dbd45351dc
Bug 1195789 - Update fallback whitelist. r=cykesiopka
2015-09-02 00:44:04 +09:00
f44287005f
Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
...
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
2015-08-27 20:44:53 -07:00
0d6549c972
Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. r=keeler
...
--HG--
extra : transplant_source : %90%28%11%DB%E53%93%7C%F2%D6%5Ek%CC%DC%BE%FAe%F2%896
2015-08-24 22:53:42 -07:00
dbaa85ce62
Bug 1188468 - Allow script to force updating a generated file even if the file is actually not changed. r=gps
...
--HG--
extra : source : 47b56f2495030d77c446215d8822c31fc32f23b7
2015-08-25 10:07:43 +10:00
2ee5d006b7
bug 1194013 - convert test_name_constraints.js to generate certificates at build time r=Cykesiopka,mgoodwin
2015-08-11 16:40:38 -07:00
5b75ad5195
Merge inbound to m-c. a=merge
2015-08-23 17:18:36 -04:00
3a47f061c9
Bug 1196988 - Remove THA support. r=gwagner
2015-08-21 10:00:54 -07:00
369ec3ac0f
Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester
...
--HG--
extra : commitid : 6kGKslC9h14
2015-08-18 11:26:14 -07:00
fe6faf7d6b
Backed out changeset 688775a8227f (bug 1136892) for mass bustage prompting a CLOSED TREE
2015-08-18 11:58:05 -07:00
10a7d6a5b9
Bug 1195606 - Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking)
2015-08-18 09:54:09 -07:00
f2b116c0d6
Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)
2015-08-21 15:14:08 +01:00
c51baf3ae9
bug 1116409: switch update server to sha2 cert; update in-tree pinning. r=rstrong,snorp,mfinkle,dkeeler
2015-08-20 17:50:51 -04:00
b4174da7d8
Bug 1195615 - Log a web console warning when a HPKP header is ignored due to a non-built in root cert. r=keeler
2015-08-20 14:33:29 -07:00
dde975f7a0
Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester
...
--HG--
extra : commitid : FN6nc0Yis2o
2015-08-18 11:26:14 -07:00
2755fa9a57
Bug 1190086 - Use new String::Contains(char) method more widely r=froydnj
...
--HG--
extra : rebase_source : 81df1495200d3734ea1c4c13818ae764a445f4b3
2015-08-14 00:49:15 +02:00
23a9820f27
bug 1190603 - rename prime256v1 to secp256r1 in test_keysize.js to reduce confusion r=Cykesiopka
...
OpenSSL refers to the curve in question as 'prime256v1', but rfc 5480,
mozilla::pkix, and the test framework refer to it as secp256r1, so we
should be consistent.
--HG--
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
2015-08-05 13:39:11 -07:00
70897766ec
bug 1190603 - convert test_keysize.js to generate certificates at build time r=Cykesiopka
2015-08-03 17:02:58 -07:00
ff2ceb15ed
Bug 1193298 - Part 2: Use .get() to convert from RefPtr to raw pointer. r=froydnj
2015-08-11 06:45:00 -04:00
7b0ea8ee04
Bug 1182551 - Updating nsSecureBrowserUIImpl so that insecure pages with mixed content iframes don't get marked as broken. r=keeler
2015-08-13 17:13:48 -07:00
8f318ea950
Bug 1193021 - clean up reference-counting in security/; r=keeler
2015-07-01 13:10:53 -04:00
7ce068b7e9
bug 1190532 - change default key specification from implicit to explicit in pycert.py r=Cykesiopka
...
Previously using an empty string would result in pycert.py returning the
default shared RSA key. This resulted in empty keyspec files being added
to the tree, which was confusing. This should end the confusion by making
the key specification process explicit rather than implicit.
2015-08-06 11:35:40 -07:00
948094db6e
bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin
2015-07-30 10:20:52 -07:00
ba03e3c181
Backed out 2 changesets (bug 1016555, bug 1189427) for making Android 4.3 API11+ debug X3 perma fail in test_ev_certs.js
...
Backed out changeset ebd4e3880403 (bug 1189427
2015-08-06 11:51:27 +02:00
d93ee984a0
Bug 1124649 - Part 1 - Add specific error messages for various types of STS and PKP header failures. r=keeler,hurley
...
--HG--
extra : rebase_source : 8210ed5f89cec8c42d5a78b9101f1c54d91e04c6
2015-08-05 07:51:00 +02:00
ae2c1351bc
bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin
2015-07-30 10:20:52 -07:00
ffxbld
Wes Kocher
David Keeler
Kate McKinley
Nicholas Nethercote
Ehsan Akhgari
Shu-yu Guo
Cykesiopka
Richard Barnes
Mark Goodwin
Masatoshi Kimura
Nick Thomas
Xidorn Quan
Ryan VanderMeulen
Fabrice Desré
Jonathan Griffin
Christoph Kerschbaumer
Ben Hearsum
Arnaud Bienner
Aryeh Gregor
Tanvi Vyas
Nathan Froyd
Carsten "Tomcat" Book