c3156846d5
No Bug, mozilla-central repo-update HSTS HPKP remote-settings ct-logs - r=release-managers,dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D224744
2024-10-07 12:10:36 +00:00
fe3bbd6804
Bug 1922146 - Adjust xpcshell skip-if conditions for mac to include os_version/processor. r=aryx,necko-reviewers,anti-tracking-reviewers,kershaw,bvandersloot
...
Differential Revision: https://phabricator.services.mozilla.com/D224269
2024-10-04 12:18:36 +00:00
a3869c9097
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D224459
2024-10-03 12:01:35 +00:00
38c0390019
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D224098
2024-09-30 14:19:54 +00:00
34acbe3c45
Bug 1920142 - part 3: support for clubcard-based CRLite filters. r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D223404
2024-09-26 17:51:15 +00:00
178de4c554
Bug 1920142 - part 2: vendor clubcard and clubcard-crlite. r=keeler,supply-chain-reviewers
...
Differential Revision: https://phabricator.services.mozilla.com/D223011
2024-09-26 17:51:14 +00:00
24c9813d2d
Bug 1920142 - part 1: pull CascadeWithMetadata out of SecurityState. r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D223010
2024-09-26 17:51:14 +00:00
abf7d15687
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D223748
2024-09-26 13:24:49 +00:00
5efc76ec48
Backed out 3 changesets (bug 1920142) for causing xpcshell failures related to CRLite. CLOSED TREE
...
Backed out changeset e570a580175f (bug 1920142)
Backed out changeset adc5b04fed20 (bug 1920142)
Backed out changeset 444e0a86272e (bug 1920142)
2024-09-26 08:17:47 +03:00
e312fd8299
Bug 1920142 - part 3: support for clubcard-based CRLite filters. r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D223404
2024-09-26 04:01:50 +00:00
144944eab8
Bug 1920142 - part 2: vendor clubcard and clubcard-crlite. r=keeler,supply-chain-reviewers
...
Differential Revision: https://phabricator.services.mozilla.com/D223011
2024-09-26 04:01:49 +00:00
f1d6061181
Bug 1920142 - part 1: pull CascadeWithMetadata out of SecurityState. r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D223010
2024-09-26 04:01:49 +00:00
bb60c5a48b
Backed out 3 changesets (bug 1920142) for causing bustages complaining about clubcard.
...
Backed out changeset 0d796ae0c81b (bug 1920142)
Backed out changeset c2e8d6b1e681 (bug 1920142)
Backed out changeset 499d722ea77f (bug 1920142)
2024-09-26 03:11:20 +03:00
f97b5fcf7e
Bug 1920142 - part 3: support for clubcard-based CRLite filters. r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D223404
2024-09-25 23:23:20 +00:00
a9a2cac131
Bug 1920142 - part 2: vendor clubcard and clubcard-crlite. r=keeler,supply-chain-reviewers
...
Differential Revision: https://phabricator.services.mozilla.com/D223011
2024-09-25 23:23:19 +00:00
691af0bcc2
Bug 1920142 - part 1: pull CascadeWithMetadata out of SecurityState. r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D223010
2024-09-25 23:23:19 +00:00
b6a12a0b35
Bug 1920561 - only check certificate transparency for certificates issued by built-in roots r=jschanck,extension-reviewers,rpl
...
Differential Revision: https://phabricator.services.mozilla.com/D223201
2024-09-25 15:14:59 +00:00
ce9049a342
Bug 1920268 - Remove more unnecessary MochiKit includes in tests (security/manager/) r=keeler
...
Depends on D223040
Differential Revision: https://phabricator.services.mozilla.com/D223041
2024-09-24 21:11:35 +00:00
65880eb504
Backed out changeset 745d7a55915a (bug 1920561) for causing mochitest failures at test_ext_webrequest_getSecurityInfo.html CLOSED TREE
2024-09-24 04:26:19 +03:00
a7d2d8ec7b
Bug 1920561 - only check certificate transparency for certificates issued by built-in roots r=jschanck
...
Differential Revision: https://phabricator.services.mozilla.com/D223201
2024-09-23 21:48:18 +00:00
948693acf2
No Bug, mozilla-central repo-update HSTS HPKP remote-settings mobile-experiments ct-logs - r=release-managers,RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D223116
2024-09-23 12:28:10 +00:00
f0f4d86cb2
Bug 1919770 - Remove global constructor from security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D222794
2024-09-23 05:09:12 +00:00
654c15479b
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D222774
2024-09-19 11:21:49 +00:00
e233ba3ebc
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D222274
2024-09-16 11:44:48 +00:00
a049a486d6
Bug 1918484 - replace xyber768d00 with mlkem768x25519 in PSM. r=keeler,necko-reviewers,kershaw
...
Differential Revision: https://phabricator.services.mozilla.com/D222019
2024-09-13 00:34:44 +00:00
dd5ddff145
Bug 1900619 - Don't use SHA1 for password integrity when creating modern crypto pkcs12 files. r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D222022
2024-09-12 21:09:46 +00:00
c39b99b6f6
Bug 1900619 - Follow up to add include. r=smolnar
...
Differential Revision: https://phabricator.services.mozilla.com/D222014
2024-09-12 17:26:08 +00:00
ad9c508d7d
Bug 1900619 - Enable security.pki.use_modern_crypto_with_pkcs12 by default. r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D212563
2024-09-12 15:48:06 +00:00
ed7b7882ac
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,diannaS
...
Differential Revision: https://phabricator.services.mozilla.com/D221946
2024-09-12 11:49:58 +00:00
b3461332f5
Bug 1914064 - extend AppTrustDomain to support multiple trust anchors r=jschanck,mach-reviewers
...
Differential Revision: https://phabricator.services.mozilla.com/D221393
2024-09-10 23:14:13 +00:00
3d8c6d5e9e
Bug 1917826 - Remove global initializer for nsClientAuthRemember::SentinelValue r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D221628
2024-09-10 16:13:11 +00:00
56c40beb48
Bug 1915008 - leak mResultTask if dispatch fails in certificate verification r=jschanck
...
Differential Revision: https://phabricator.services.mozilla.com/D221381
2024-09-09 20:55:21 +00:00
f4e2248f90
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D221485
2024-09-09 14:26:29 +00:00
e5a5905f6d
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D221125
2024-09-05 11:56:25 +00:00
22ffbfd8d5
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D220796
2024-09-03 00:30:52 +00:00
8f420e436b
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - a=repo-update
...
Differential Revision: https://phabricator.services.mozilla.com/D220547
2024-08-29 11:02:47 +00:00
a8969ce634
Bug 1911746 - land NSS NSS_3_104_BETA1 UPGRADE_NSS_RELEASE, r=keeler
...
Differential Revision: https://phabricator.services.mozilla.com/D220342
2024-08-27 23:51:01 +00:00
d23884fc6e
Bug 1915285 - check in KnownRootHashes.json changes that should have accompanied bug 1909978 DONTBUILD NPOTB r=jschanck
...
Differential Revision: https://phabricator.services.mozilla.com/D220348
2024-08-27 23:51:01 +00:00
ee6e30ec73
Bug 1361177 - add more comprehensive certificate transparency integration tests r=jschanck
...
Differential Revision: https://phabricator.services.mozilla.com/D220197
2024-08-27 23:27:19 +00:00
22f25e8e72
No Bug, mozilla-central repo-update HSTS HPKP remote-settings ct-logs - r=release-managers,RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D220104
2024-08-26 11:40:04 +00:00
a19c1703bb
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,diannaS
...
Differential Revision: https://phabricator.services.mozilla.com/D219868
2024-08-22 14:55:20 +00:00
a8893783e8
Bug 1913794 - migrate some PSM timing telemetry histograms to glean timing distributions r=jschanck
...
This migrates SSL_SUCCESFUL_CERT_VALIDATION_TIME_MOZILLAPKIX,
SSL_INITIAL_FAILED_CERT_VALIDATION_TIME_MOZILLAPKIX, and
CERT_VALIDATION_HTTP_REQUEST_{CANCELED,SUCCEEDED,FAILED}_TIME to glean timing
distributions.
The certificate validation time metrics have had their precision increased from
milliseconds to microseconds.
Differential Revision: https://phabricator.services.mozilla.com/D219535
2024-08-19 22:03:24 +00:00
e752d71de0
No Bug, mozilla-central repo-update HSTS HPKP remote-settings ct-logs - r=release-managers,diannaS
...
Differential Revision: https://phabricator.services.mozilla.com/D219494
2024-08-19 15:11:35 +00:00
49fee342b8
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,diannaS
...
Differential Revision: https://phabricator.services.mozilla.com/D219233
2024-08-16 07:23:15 +00:00
2c12afd0df
Bug 1912344 - only filter non-trust-anchors if they are known built-in roots when loading third-party certificates r=jschanck
...
In bug 1874054, we made it so Firefox won't import a third party certificate if
it is already a known built-in root. This was to prevent roots that were
mistakenly identified as intermediates (as in, "inherits trust") from
overriding the trust settings of built-in roots and preventing chains being
built to those roots. Additionally, we were concerned about cases where a
built-in root had been set by the user to be distrusted, in which case
importing that root from the OS would unexpectedly make it trusted again.
Revisiting the first issue, this patch restricts this check to only
certificates identified as non-trust-anchors, so roots will still be imported.
As for the second issue, it turns out that we actually do want this feature to
work this way. This will enable (with some additional work) situations where a
built-in root has a distrust after date but the user wants that root to still
work as before. As for any discrepancies between the user's trust settings in
Firefox vs. their operating system, that's up to them to resolve.
Differential Revision: https://phabricator.services.mozilla.com/D218889
2024-08-12 19:42:25 +00:00
49686e9766
Bug 1912120 - implement updated certificate transparency policy r=jschanck
...
This updates the certificate transparency policy based on Chrome's policy,
found at https://googlechrome.github.io/CertificateTransparency/ct_policy.html .
Both it and the Chrome policy are similar to the Apple policy, found at
https://support.apple.com/en-us/103214 .
Essentially, the policy can be satisfied in two ways, depending on the source
of the collected SCTs.
For embedded SCTs, at least one must be from a log that was Admissible
(Qualified, Usable, or ReadOnly) at the time of the check. There must be SCTs
from N distinct logs that were Admissible or Retired at the time of the check,
where N depends on the lifetime of the certificate. If the certificate lifetime
is less than or equal to 180 days, N is 2. Otherwise, N is 3. Among these SCTs,
at least two must be issued from distinct log operators.
For SCTs delivered via the TLS handshake or an OCSP response, at least two must
be from a log that was Admissible at the time of the check. Among these SCTs,
at least two must be issued from distinct log operators.
Differential Revision: https://phabricator.services.mozilla.com/D218800
2024-08-12 19:41:58 +00:00
0376d39eaf
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes ct-logs - r=release-managers,dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D219055
2024-08-12 15:13:54 +00:00
52f3f87abe
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - r=release-managers,dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D218828
2024-08-08 11:55:28 +00:00
ddfb0b5c0a
Bug 1911193 - update known certificate transparency logs in periodic-updates task r=leplatrem
...
Differential Revision: https://phabricator.services.mozilla.com/D218370
2024-08-07 18:57:08 +00:00
13939e6a33
Backed out changeset f5d5579141d4 (bug 1911193) for causing docker images bustages CLOSED TREE
2024-08-07 22:12:31 +03:00
ffxbld
Joel Maher
John Schanck
Iulian Moraru
Butkovits Atila
Dana Keeler
Gregory Pappas
Cristina Horotan
serge-sans-paille
Kai Engert
Noemi Erli