gecko-dev

Граф коммитов

Автор	SHA1	Сообщение	Дата
Sergei Chernov	edb1f658f6	Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler MozReview-Commit-ID: HZwzSgxarTw --HG-- extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4	2016-06-15 11:11:00 +03:00
David Keeler	c17f3a2733	bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj MozReview-Commit-ID: 88JhIU1pUji --HG-- rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76	2016-05-05 16:11:11 -07:00
Cykesiopka	8f7bebaa5c	Bug 160122 - Stop using PR_smprintf in PSM. r=keeler The (more) modern Mozilla string classes can be used instead, which at the very least provide built in automatic memory management and performance improvements. MozReview-Commit-ID: 4l2Er5rkeI0 --HG-- extra : transplant_source : %A1%16%AB%02m%CA%25HfW%40%96Mq%0D%F0%91%9C%99%29	2016-05-10 23:38:55 -07:00
Cykesiopka	391584fd9d	Bug 1270005 - Replace uses of ScopedPK11SlotInfo with UniquePK11SlotInfo in PSM. r=keeler ScopedPK11SlotInfo is based on Scoped.h, which is deprecated in favour of the standardised UniquePtr. Also changes PK11SlotInfo parameters of various functions to make ownership more explicit, and replaces some manual management of PK11SlotInfo pointers. MozReview-Commit-ID: JtNH2lJsjwx --HG-- extra : rebase_source : 9d764e0dd3a1f2df14c16f8f14a3c5392770c9a1	2016-05-09 18:02:40 -07:00
Cykesiopka	128f004a1f	Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the standardised UniquePtr. Also changes CERTCertList parameters of various functions to make ownership more explicit. MozReview-Commit-ID: EXqxTK6inqy --HG-- extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6	2016-05-05 14:56:36 -07:00
David Keeler	113252b726	bug 1239455 - rework telemetry for SHA-1 certificates to reflect possible policy states r=Cykesiopka,mgoodwin,rbarnes Before this patch, we were measuring where SHA-1 was being used in TLS certificates: nowhere, in end-entities, in intermediates, or in both. However, the possible SHA-1 policies don't differentiate between end-entities and intermediates and instead depended on whether or not each certificate has a notBefore value after 2015 (i.e. >= 0:00:00 1 January 2016 UTC). We need to gather telemetry on the possible policy configurations. --HG-- extra : rebase_source : 301c821c8de16ffb924cd198dd0a4d3139536019	2016-01-13 12:50:42 -08:00
David Keeler	29b3d15dde	bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg	2015-10-30 10:37:22 -07:00
Richard Barnes	990593f9cf	Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler	2015-09-11 14:52:30 -04:00
Mark Goodwin	f2b116c0d6	Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)	2015-08-21 15:14:08 +01:00
Mark Goodwin	91782dab68	Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)	2015-07-09 07:22:29 +01:00
Cykesiopka	0a9aea4ab2	Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler --HG-- extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256	2015-06-29 22:19:00 +02:00
David Keeler	4e7fc3055e	bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes	2015-04-06 16:10:28 -07:00
Brian Smith	b1035c0992	Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler --HG-- extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745	2015-04-12 19:57:48 -10:00
Ehsan Akhgari	883849ee32	Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj This patch was automatically generated using the following script: function convert() { echo "Converting $1 to $2..." find . \ ! -wholename "/.git" \ ! -wholename "obj-ff-dbg" \ -type f \ $ -iname ".cpp" \ -o -iname ".h" \ -o -iname ".c" \ -o -iname ".cc" \ -o -iname ".idl" \ -o -iname ".ipdl" \ -o -iname ".ipdlh" \ -o -iname "*.mm" $ \| \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert MOZ_OVERRIDE override convert MOZ_FINAL final	2015-03-21 12:28:04 -04:00
Cykesiopka	171babfad4	Bug 1139177 - RSA public key size checking cleanups. r=keeler	2015-03-05 16:41:00 +01:00
David Keeler	d01ea02613	bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith	2015-02-24 15:48:05 -08:00
Brian Smith	06b7804e70	Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler --HG-- extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f	2015-02-14 16:59:02 -08:00
Brian Smith	a89b90ea7f	Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler --HG-- extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6 extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d	2015-02-07 12:14:31 -08:00
Brian Smith	b0f87b9b6c	Bug 1122841, Part 2: Centralize checking of public key, r=keeler --HG-- extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b extra : source : d470b5a68bf915cfb12f0e948e1492463092883c	2015-02-02 16:17:08 -08:00
TheKK	3cda0706de	Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz	2015-01-23 06:17:00 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)	ea0e5ac119	Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused	2015-01-07 06:08:00 +01:00
Brian Smith	0cd5238974	Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler --HG-- extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4	2014-12-11 23:22:35 -08:00
Carsten "Tomcat" Book	64b43466f7	Backed out changeset b38a8e2203a1 (bug 1024809) for Android 4 perma failures	2014-11-28 12:23:19 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)	4fc60a106f	Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. (r=keeler,Unfocused)	2014-11-27 23:36:00 +01:00
Carsten "Tomcat" Book	4155be994b	Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage	2014-11-27 16:30:41 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)	ce5a887c60	Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused	2014-11-27 04:12:00 +01:00
Cykesiopka	1c4af4e6a1	Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith	2014-10-18 15:18:00 +02:00
Carsten "Tomcat" Book	e5ad1e7db2	Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests	2014-10-17 13:14:29 +02:00
Cykesiopka	01941f880c	Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith	2014-10-16 05:13:00 +02:00
David Keeler	fd860abf57	bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco	2014-09-25 11:18:56 -07:00
Brian Smith	0ccaf0860c	Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler --HG-- extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2	2014-08-02 08:49:12 -07:00
Brian Smith	d77dac0580	Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler --HG-- extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478	2014-07-31 12:17:31 -07:00
Brian Smith	ffe743ee06	Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler --HG-- extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c	2014-07-18 22:30:51 -07:00
Brian Smith	5f56fc60d6	Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco --HG-- extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4	2014-07-20 11:06:26 -07:00
Brian Smith	c45dc156d1	Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler --HG-- extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532	2014-07-18 11:48:49 -07:00
Cykesiopka	0289b45f0c	Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith	2014-07-15 19:49:00 -04:00
Brian Smith	17375cc8b3	Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler --HG-- extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8 extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d	2014-07-06 19:36:05 -07:00
Brian Smith	c162caba82	Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler --HG-- extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb	2014-07-10 19:00:32 -07:00
Brian Smith	3f110246be	Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler --HG-- extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605	2014-07-06 15:55:38 -07:00
Brian Smith	f5ec8594e7	Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler --HG-- extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e	2014-07-02 16:15:16 -07:00
Brian Smith	89e560be23	Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler --HG-- extra : rebase_source : e093922497d005734c590a59f175993a7715bce8	2014-07-03 16:59:42 -07:00
Brian Smith	2d9e74e8ee	Bug 975229: Remove NSS-based certificate verification, r=keeler --HG-- extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9	2014-06-16 23:13:29 -07:00
Brian Smith	ca4f473450	Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler --HG-- extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418	2014-06-20 10:10:51 -07:00
David Keeler	c13f6d39c7	bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith	2014-06-20 09:01:57 -07:00
Brian Smith	67bd0799fb	Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler --HG-- extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8	2014-06-05 15:18:32 -07:00
Brian Smith	279c66a9b8	Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler --HG-- extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f	2014-06-03 10:47:25 -07:00
Camilo Viecco	5bce267045	Bug 991815 - Part 1/2 - Allow intermediate OCSP responses up to 1 year old. r=keeler --HG-- extra : rebase_source : 28d5336da1dc44932b92ce2c59fca5fcb2b8a3d8	2014-05-30 16:12:36 -07:00
Camilo Viecco	f051695b8d	Bug 1005142 - Part 1/2 - Add OCSP get capabilities to OCSPRequestor. r=keeler --HG-- extra : rebase_source : ee4a86bf02a466a31de8b0b6cd7ce375a7f28c6d	2014-05-21 15:42:21 -07:00
Brian Smith	2912321bc5	Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler --HG-- extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a	2014-05-15 18:59:52 -07:00
Brian Smith	9ae1a34e11	Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc --HG-- extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8	2014-04-25 16:29:26 -07:00

1 2

62 Коммитов