Cykesiopka
|
0289b45f0c
|
Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith
|
2014-07-15 19:49:00 -04:00 |
Brian Smith
|
8483b958ad
|
Bug 1038837: Factor out mozilla::pkix::Input into a separate header, r=mmc
--HG--
rename : security/pkix/lib/pkixder.h => security/pkix/include/pkix/Input.h
rename : security/pkix/lib/pkixutil.h => security/pkix/include/pkix/Result.h
extra : rebase_source : 09bac0a183932f721cdfd32936595867e4dc26ce
|
2014-07-13 13:17:36 -07:00 |
Brian Smith
|
96c220acca
|
Bug 1038828: Replace mozilla::pkix::der::Result with uses of mozilla::pkix::Result, r=mmc
--HG--
rename : security/pkix/lib/pkixutil.h => security/pkix/include/pkix/Result.h
extra : rebase_source : e385af4bab665627aa5d434db04830065cbc641f
|
2014-07-15 10:33:49 -07:00 |
Brian Smith
|
17375cc8b3
|
Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8
extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d
|
2014-07-06 19:36:05 -07:00 |
Brian Smith
|
c162caba82
|
Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad
extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb
|
2014-07-10 19:00:32 -07:00 |
Brian Smith
|
b14f27897b
|
Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco
--HG--
extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc
|
2014-07-10 22:38:59 -07:00 |
Brian Smith
|
94e53dc0be
|
Bug 1035942: Decide whether to consider end-entity CN as a dnsName in CheckNameConstraints instead of in BuildCertChain, r=cviecco
--HG--
extra : rebase_source : 19c5949253e4e631b0bd841f17f000885001b327
extra : histedit_source : dce57eb862a2a13d07d11fdf6917afcf6cb4136c
|
2014-07-08 13:04:17 -07:00 |
Brian Smith
|
3f110246be
|
Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc
extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605
|
2014-07-06 15:55:38 -07:00 |
Camilo Viecco
|
867a197ca1
|
Bug 1030204 - 1/2 Name constraint ANSSI(DCISS) Root cert in mozilla::pkix. r=keeler
--HG--
extra : rebase_source : 221ca75af601649731bf83cace2e6b0edcd4b2ab
|
2014-07-08 16:16:26 -07:00 |
Brian Smith
|
783ead1861
|
Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc
--HG--
extra : rebase_source : 68e6da2f1e1c7fa678ef4cc81d23cc6298709108
extra : histedit_source : feba4c589dbf004ee50e2dea1fca0809f8f97674
|
2014-07-03 21:49:56 -07:00 |
Brian Smith
|
f5ec8594e7
|
Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler
--HG--
extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e
|
2014-07-02 16:15:16 -07:00 |
Brian Smith
|
4c63d2fa78
|
Bug 1033563, Part 2: Convert mozilla::pkix::BuildForwardInner into an iterator-type thing, r=keeler
--HG--
extra : rebase_source : 175e308191441035db4f3eed4a855205bab1a3f3
|
2014-07-02 15:03:58 -07:00 |
Brian Smith
|
172778c87b
|
Bug 1033563, Part 1: Move revocation checking code from mozilla::pkix::BuildForward to BuildForwardInner, r=keeler
--HG--
extra : rebase_source : 0f11eb64ffb00d953c39d81f4877067bd173eadd
|
2014-07-02 12:21:41 -07:00 |
Brian Smith
|
89e560be23
|
Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler
--HG--
extra : rebase_source : e093922497d005734c590a59f175993a7715bce8
|
2014-07-03 16:59:42 -07:00 |
Brian Smith
|
e614192751
|
Bug 1029247, Part 1: Add new overload to mozilla::pkix::bind, r=keeler
--HG--
extra : rebase_source : 7a9dc499ed6ad038e4840953744a9fcd6578290b
|
2014-06-21 18:06:30 -07:00 |
Brian Smith
|
b8878b14f6
|
Bug 1034412: Clarify definition of mozilla::pkix::der::SEQUENCE, r=mmc
--HG--
extra : rebase_source : 3e139a66133c1d7916fbc13c7cec2b12e9545122
|
2014-06-30 21:58:34 -07:00 |
Brian Smith
|
493ba137ec
|
Bug 1033103: Add and use mozilla::pkix::der::ExpectTagAndGetTLV, r=keeler
--HG--
extra : rebase_source : 16461be12705998799f5c84e2043d68b0c431cb0
|
2014-07-01 13:25:43 -07:00 |
Brian Smith
|
4fdd6599dc
|
Bug 1032947: Change CheckNameConstraints to construct CERTCertificate instances when needed, r=keeler
--HG--
extra : rebase_source : d0bf802f4ff3fe9900ed7444c046617aa27faea9
|
2014-06-26 14:22:20 -07:00 |
Brian Smith
|
fb1fde93b7
|
Bug 1019770: Use mozilla::pkix::der to decode times and certificate validity period, r=cviecco
--HG--
extra : rebase_source : 2b1fa83599c4d0748757b25b56f65e10d41504c8
|
2014-06-24 21:48:12 -07:00 |
Wes Kocher
|
a2eaaf7841
|
Backed out changeset 5ea9b7bd2db5 (bug 1019770)
|
2014-07-01 17:43:47 -07:00 |
Wes Kocher
|
ea7141a1d8
|
Backed out changeset f97578949399 (bug 1032947)
|
2014-07-01 17:43:33 -07:00 |
Brian Smith
|
cd8fb3a537
|
Bug 1032947: Change CheckNameConstraints to construct CERTCertificate instances when needed, r=keeler
--HG--
extra : rebase_source : 64bd4c390f708213242e0d4987b7117b0049d02a
|
2014-06-26 14:22:20 -07:00 |
Brian Smith
|
7f7734a4ba
|
Bug 1019770: Use mozilla::pkix::der to decode times and certificate validity period, r=cviecco
--HG--
extra : rebase_source : 05e348b4ae9bb88fdd0895ec5dcec55993ca17c4
|
2014-06-24 21:48:12 -07:00 |
Brian Smith
|
fcdcfb823b
|
Bug 1031022: Go back to accepting explicit encoding of v1 for certificates and OCSP responses, r=cviecco
--HG--
extra : rebase_source : f0adf63879a48db6c036cce1a3e9a7b65e44fc4e
|
2014-06-26 17:03:48 -07:00 |
Brian Smith
|
f97af56e30
|
Bug 1029341: Factor out decoding of certificate/OCSP extensions, r=keeler
--HG--
extra : rebase_source : a1d66b75838e9dfad486f5654db6d977e5c1d97a
extra : histedit_source : 34e05d8b3d94500b9cb4f1e311f8fe526b97ba6e
|
2014-06-24 21:52:50 -07:00 |
Brian Smith
|
73c952f2fb
|
Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco
--HG--
extra : rebase_source : 7e91710ed7cd6e68875c2d26f0b503835968e1f2
extra : histedit_source : e07446cad5edbf6cbb048304bc2b2af4395410db
|
2014-06-25 01:32:06 -07:00 |
Brian Smith
|
e88af673ae
|
Bug 1029992, Improve AlgorithmIdentifier decoding in mozilla::pkix, r=cviecco
--HG--
extra : rebase_source : dec7d3e00afe3a9e433f789baf09c0c41679b0e2
extra : histedit_source : 47657cfde7a266b5d5322b024800abe316e9dbd6
|
2014-06-24 21:47:50 -07:00 |
Carsten "Tomcat" Book
|
ec63c69c72
|
Backed out changeset 4f21e9bc729a (bug 1029364) for B2G Device and Emulator Bustage on a CLOSED TREE
|
2014-06-25 10:01:17 +02:00 |
Carsten "Tomcat" Book
|
a198d5204e
|
Backed out changeset a10da316a35f (bug 1029341)
|
2014-06-25 10:00:42 +02:00 |
Brian Smith
|
abcf9d2012
|
Bug 1029341: Factor out decoding of certificate/OCSP extensions, r=keeler
--HG--
extra : rebase_source : e307bea95d29cf78c9eaa7ddb1f2b2c195a59dc9
|
2014-06-24 21:52:50 -07:00 |
Brian Smith
|
f9aac2f45e
|
Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco
--HG--
extra : rebase_source : 79d5f29c2af1ec77d6bb8a7936bb0a17f28e8d52
|
2014-06-19 16:17:28 -07:00 |
Brian Smith
|
ca4f473450
|
Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
|
2014-06-20 10:10:51 -07:00 |
David Keeler
|
c13f6d39c7
|
bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith
|
2014-06-20 09:01:57 -07:00 |
Brian Smith
|
b76e937c55
|
Bug 1006812: Use mozilla::pkix::der to decode the key usage extension, r=keeler
--HG--
extra : rebase_source : e445c913994dc027e1179543d7b6cab2505e734d
|
2014-06-19 00:13:20 -07:00 |
David Keeler
|
8bf1ded425
|
bug 1020993 - properly handle unknown critical extensions in BackCert::Init r=briansmith
|
2014-06-09 13:57:44 -07:00 |
Brian Smith
|
8b0f8d773d
|
Bug 1020683, Part 3: Fix build bustage, a=BUSTAGE on a CLOSED TREE
--HG--
extra : rebase_source : 8eaa3eae911b0e75129988d58a19e5e76257b369
|
2014-06-06 12:04:36 -07:00 |
Brian Smith
|
e0cd7eb210
|
Bug 1020682: Simplify mozilla::pkix results cert chain construction and make it more efficient, r=cviecco
--HG--
extra : rebase_source : 69cb8ea66e075c89bbcbab3ca115cc2ccc95fa4f
|
2014-06-04 01:28:44 -07:00 |
Brian Smith
|
f9aa591c9a
|
Bug 1020683, Part 2: Remove more references to CERTCertificate from mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 9dce7585975fb23fe04f5714ece18645b22b2261
|
2014-06-04 00:03:28 -07:00 |
Brian Smith
|
67bd0799fb
|
Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
--HG--
extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8
|
2014-06-05 15:18:32 -07:00 |
Brian Smith
|
86f062c18f
|
Bug 1018411: Factor out signed data parsing in mozilla::pkix into a reusable and separately-testable function, r=keeler
--HG--
extra : rebase_source : d65a760f9f8efb656f238794019bd451ca163c0b
|
2014-05-31 18:54:34 -07:00 |
Brian Smith
|
279c66a9b8
|
Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
--HG--
extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f
|
2014-06-03 10:47:25 -07:00 |
Brian Smith
|
d7a28e81d0
|
Bug 1018633: Simplify the max cert chain length check code in mozilla::pkix and make it more efficient, r=cviecco
--HG--
extra : rebase_source : 7fa4cc6c1b46357abed0c57c6e24c622049c5acb
|
2014-05-31 16:32:58 -07:00 |
Brian Smith
|
151ad4b5a6
|
Bug 1001188: Set the error code when the max cert chain length limit is exceeded, r=cviecco
--HG--
extra : rebase_source : ce9e1faa083f5c679e20a2b6d9e8d482462e75b0
|
2014-05-31 16:55:54 -07:00 |
Brian Smith
|
efadae2e83
|
Bug 1018064: Replace mozilla::pkix::der::Input::Match with mozilla::pkix::der::Input::MatchRest, r=mmc
--HG--
extra : rebase_source : 5c5b14cf23b1e40854d241cbc482de40b01ac494
|
2014-05-29 22:09:45 -07:00 |
Brian Smith
|
4c65ffea41
|
Bug 1018061: Have mozilla::pkix::der::Input::Read use EnsureLength instead of its own checks, r=mmc
--HG--
extra : rebase_source : f46d6b9bdcd7d7a272fb39f22312a89d2695db56
|
2014-05-29 23:36:30 -07:00 |
Camilo Viecco
|
5bce267045
|
Bug 991815 - Part 1/2 - Allow intermediate OCSP responses up to 1 year old. r=keeler
--HG--
extra : rebase_source : 28d5336da1dc44932b92ce2c59fca5fcb2b8a3d8
|
2014-05-30 16:12:36 -07:00 |
Brian Smith
|
3b00a198b6
|
Bug 1018033: Prevent buffer read overflow due to integer overflow in mozilla::pkix::der::Input::EnsureLength, r=keeler
--HG--
extra : rebase_source : e4e88d61e448fa475a106a06b9f32181906fba0f
|
2014-05-29 23:37:40 -07:00 |
David Keeler
|
c7191763ea
|
bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith
|
2014-05-14 10:05:32 -07:00 |
Brian Smith
|
2912321bc5
|
Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
|
2014-05-15 18:59:52 -07:00 |
Brian Smith
|
f834909bb0
|
Bug 1010581: Document Expect/Match/Skip terminology in mozilla::pkix::der and make that code more consistent, r=keeler
--HG--
extra : rebase_source : 12aa2e1e9eed4f32a75732a65cbfaba9789d5d39
|
2014-05-14 19:30:09 -07:00 |