6028a138e9
Bug 1691122 - Remove subject common name fallback support in CertVerifier. r=keeler,necko-reviewers,kershaw
...
Differential Revision: https://phabricator.services.mozilla.com/D143808
2022-04-28 19:48:06 +00:00
94e2a597f6
Backed out changeset 0599b2a0913a (bug 1691122) for causing failures at test_peerConnection_basicAudioNATRelayTLS.html. CLOSED TREE
2022-04-28 03:58:05 +03:00
ea5479a8d7
Bug 1691122 - Remove subject common name fallback support in CertVerifier. r=keeler,necko-reviewers,kershaw
...
Differential Revision: https://phabricator.services.mozilla.com/D143808
2022-04-27 20:57:31 +00:00
3d9ab91ab0
Bug 1605273 - only run CRLite on certificates with a CT SCT available r=jcj
...
Because CAs can back-date a certificate (i.e. set the "notBefore" field to
earlier than when a certificate actually existed), the "notBefore" field can't
be relied on when determining when CRLite information is recent enough to check
a certificate with. To that end, this patch instead uses the earliest timestamp
from the embedded SCTs in the certificate being checked.
Differential Revision: https://phabricator.services.mozilla.com/D90599
2020-09-24 18:10:05 +00:00
db9c89dbca
Backed out 2 changesets (bug 1666567, bug 1605273) for test_crlite_filters.js failures CLOSED TREE
...
UPGRADE_NSS_RELEASE
Backed out changeset 9bc4c7e79cd6 (bug 1666567)
Backed out changeset 22753d184de6 (bug 1605273)
2020-09-24 06:57:27 +03:00
500beadbba
Bug 1605273 - only run CRLite on certificates with a CT SCT available r=jcj
...
Because CAs can back-date a certificate (i.e. set the "notBefore" field to
earlier than when a certificate actually existed), the "notBefore" field can't
be relied on when determining when CRLite information is recent enough to check
a certificate with. To that end, this patch instead uses the earliest timestamp
from the embedded SCTs in the certificate being checked.
Differential Revision: https://phabricator.services.mozilla.com/D90599
2020-09-23 22:24:39 +00:00
265e672179
Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format
...
# ignore-this-changeset
--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022
2018-11-30 11:46:48 +01:00
a52a8495f9
Bug 1479787 - use NSS mozpkix in Firefox, r=mt,keeler,glandium
...
Differential Revision: https://phabricator.services.mozilla.com/D2725
Differential Revision: https://phabricator.services.mozilla.com/D2860
--HG--
extra : rebase_source : 189c13c2a3104c106fcabad5998af6cb2e20d4a5
2018-10-02 14:59:34 +02:00
1661adeb86
Bug 1493788 - convert mozilla::Vector to std::vector in certificate transparency implementation r=jcj
...
In order to make our certificate transparency implementation standalone, we
have to remove mozilla-specific dependencies such as mozilla::Vector.
Depends on D6844
Differential Revision: https://phabricator.services.mozilla.com/D6845
--HG--
extra : moz-landing-system : lando
2018-10-01 20:27:13 +00:00
24a8ad1851
Bug 1493788 - move certificate/binary transparency implementation to its own directory r=jcj
...
Our current certificate transparency implementation (and the start of the binary
transparency implementation) can almost be used by itself as a standalone
library (for comparison, mozilla::pkix already has this property, as evidenced
by the "Library('mozillapkix')" line in security/pkix/moz.build and the
"'mozillapkix'" line in the USE_LIBS section of
security/manager/ssl/tests/unit/tlsserver/cmd/moz.build).
These changes make this code re-usable as a library so that we'll be able to use
it in the updater to verify binary/certificate transparency information.
This first patch simply moves the code to its own directory.
Differential Revision: https://phabricator.services.mozilla.com/D6844
--HG--
rename : security/certverifier/BTInclusionProof.h => security/ct/BTInclusionProof.h
rename : security/certverifier/BTVerifier.cpp => security/ct/BTVerifier.cpp
rename : security/certverifier/BTVerifier.h => security/ct/BTVerifier.h
rename : security/certverifier/Buffer.cpp => security/ct/Buffer.cpp
rename : security/certverifier/Buffer.h => security/ct/Buffer.h
rename : security/certverifier/CTDiversityPolicy.cpp => security/ct/CTDiversityPolicy.cpp
rename : security/certverifier/CTDiversityPolicy.h => security/ct/CTDiversityPolicy.h
rename : security/certverifier/CTKnownLogs.h => security/ct/CTKnownLogs.h
rename : security/certverifier/CTLog.h => security/ct/CTLog.h
rename : security/certverifier/CTLogVerifier.cpp => security/ct/CTLogVerifier.cpp
rename : security/certverifier/CTLogVerifier.h => security/ct/CTLogVerifier.h
rename : security/certverifier/CTObjectsExtractor.cpp => security/ct/CTObjectsExtractor.cpp
rename : security/certverifier/CTObjectsExtractor.h => security/ct/CTObjectsExtractor.h
rename : security/certverifier/CTPolicyEnforcer.cpp => security/ct/CTPolicyEnforcer.cpp
rename : security/certverifier/CTPolicyEnforcer.h => security/ct/CTPolicyEnforcer.h
rename : security/certverifier/CTSerialization.cpp => security/ct/CTSerialization.cpp
rename : security/certverifier/CTSerialization.h => security/ct/CTSerialization.h
rename : security/certverifier/CTUtils.h => security/ct/CTUtils.h
rename : security/certverifier/CTVerifyResult.cpp => security/ct/CTVerifyResult.cpp
rename : security/certverifier/CTVerifyResult.h => security/ct/CTVerifyResult.h
rename : security/certverifier/MultiLogCTVerifier.cpp => security/ct/MultiLogCTVerifier.cpp
rename : security/certverifier/MultiLogCTVerifier.h => security/ct/MultiLogCTVerifier.h
rename : security/certverifier/SignedCertificateTimestamp.cpp => security/ct/SignedCertificateTimestamp.cpp
rename : security/certverifier/SignedCertificateTimestamp.h => security/ct/SignedCertificateTimestamp.h
rename : security/certverifier/SignedTreeHead.h => security/ct/SignedTreeHead.h
rename : security/certverifier/moz.build => security/ct/moz.build
rename : security/certverifier/tests/gtest/BTSerializationTest.cpp => security/ct/tests/gtest/BTSerializationTest.cpp
rename : security/certverifier/tests/gtest/CTDiversityPolicyTest.cpp => security/ct/tests/gtest/CTDiversityPolicyTest.cpp
rename : security/certverifier/tests/gtest/CTLogVerifierTest.cpp => security/ct/tests/gtest/CTLogVerifierTest.cpp
rename : security/certverifier/tests/gtest/CTObjectsExtractorTest.cpp => security/ct/tests/gtest/CTObjectsExtractorTest.cpp
rename : security/certverifier/tests/gtest/CTPolicyEnforcerTest.cpp => security/ct/tests/gtest/CTPolicyEnforcerTest.cpp
rename : security/certverifier/tests/gtest/CTSerializationTest.cpp => security/ct/tests/gtest/CTSerializationTest.cpp
rename : security/certverifier/tests/gtest/CTTestUtils.cpp => security/ct/tests/gtest/CTTestUtils.cpp
rename : security/certverifier/tests/gtest/CTTestUtils.h => security/ct/tests/gtest/CTTestUtils.h
rename : security/certverifier/tests/gtest/MultiLogCTVerifierTest.cpp => security/ct/tests/gtest/MultiLogCTVerifierTest.cpp
rename : security/certverifier/tests/gtest/moz.build => security/ct/tests/gtest/moz.build
extra : moz-landing-system : lando
2018-10-01 16:20:41 +00:00
John Schanck
Butkovits Atila
Dana Keeler
Bogdan Tara
Sylvestre Ledru
Franziskus Kiefer