Certificate verification failures that result from additional policy constraint
failures now use the error code
"MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED" (also known as
"Result::ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED", depending on the context).
MozReview-Commit-ID: 9rE7gRBapRF
--HG--
extra : rebase_source : 9a60900a86f9eebab58b973f3e8f776b2481a1ff
Before this patch, mozilla::pkix gtests would generate a public/private key pair
and stash it in a global variable. Since this wasn't part of XPCOM nor tracked
by the PSM/NSS shutdown machinery, it wouldn't get released at the appropriate
time. The solution to this is to generate the key and then essentially export it
as data, so no NSS objects are held alive. Since NSS considers private keys
stored in the persistent database sensitive and won't export them in the clear,
we "encrypt" the key material with an empty password so we can import it when
necessary. (While the gtests don't use persistent keys, the test utilties in the
gtests are also used by some xpcshell tests that do use persistent keys, hence
the need to encrypt the key material.)
--HG--
extra : rebase_source : df10c25a462a3ba0396f5ba4a43a52fb924548ff
extra : amend_source : d95722891e49a99c471046cd9c758e914a02838e
The gtest headers trigger many instances of this warning, due to their usage of
NULL instead of nullptr.
MozReview-Commit-ID: Dhv7mPHpZ7I
--HG--
extra : rebase_source : a272472e5cf9a946df3fb1b0ffe919bb0d52f093
The only reason this param is a pointer is so that it can be optional. It's not
an outparam -- the function does not (and does not intend to) modify it -- so
it should be declared as 'const' to make that clearer & to allow clients to
pass in pointers to const values.
MozReview-Commit-ID: HbF96YNfnSt
--HG--
extra : rebase_source : 674abeb4c68f6c3fcdbc38edaf19e739ef09a3f6
MSVC 2017 headers aren't warning free at the -Wall level.
Since PSM enables -Wall in some moz.build files, this breaks
--enable-warnings-as-errors builds.
As a temporary measure, disable enough warnings to get working builds.
MozReview-Commit-ID: G0oUsAYYct2
--HG--
extra : rebase_source : dc37783c89e66a54510c9940f9eaa5a4340ef43e
(adapted from bug 1349762 comment 0)
Google Trust Services (GTS) recently purchased two roots from GlobalSign that
are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC
Root CA - R4".
However, GTS does not have an EV audit, so we are going to turn off EV treatment
for both of those root certificates.
But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended
Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to
be used to migrate their customers off dependence on that root.
This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also
removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless
the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the
chain.
MozReview-Commit-ID: Ej9L9zTwoPN
--HG--
extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad
pkixocsp_VerifyEncodedResponse_GetCertTrust has a field trustDomain that
deliberately shadows the field it inherits from so that code doesn't use it by
accident.
MozReview-Commit-ID: 1Y4W6sA7lHD
--HG--
extra : rebase_source : d2d3180e6c65ea49255545216230525b96af010d
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
Also adds some missing l10n entries to nsserrors.properties (but not for errors
that are specific to TLS 1.3, since TLS 1.3 is not yet finalised).
MozReview-Commit-ID: A42fmTDTe8W
--HG--
extra : transplant_source : x%F7s%DB%05%B4%81%9Dm%FDC%A1f%B3%0D%7DR%C1%BA%B1
This is what Google suggests in its style guide, and somebody
already changed one of these comments to the new style.
--HG--
extra : rebase_source : fe3f7fc17a2fc09ad0ba01fa1511dc8dba7653e1
Andi-Bogdan Postelnicu
Narcis Beleuzu
Sylvestre Ledru
Sebastian Hengst
Franziskus Kiefer
Tristan Bourvon
David Keeler
manikishan
Tom Ritter
Nicolas Vigier
Daniel Holbert
Cykesiopka
Tim Taubert
Jan Beich
Wes Kocher
Dan Minor
Joel Maher
EKR
Julian Seward
David Cook
Sergei Chernov
Tom Tromey
Chris Peterson
Brian Smith