7d1c7e0014
Bug 1209351 (part 5) - Optimize nsTHashTable::RemoveEntry() usage in security/. r=keeler.
...
--HG--
extra : rebase_source : 74877baad7a7e019c7151efaad96d7b8ccc4b6f5
2015-09-24 20:44:31 -07:00
e2da61623b
Bug 1178518 - Add an AppTrustedRoot for signed packaged app. r=keeler
2015-09-07 15:28:21 +08:00
990593f9cf
Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
2015-09-11 14:52:30 -04:00
f44287005f
Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
...
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
2015-08-27 20:44:53 -07:00
3a47f061c9
Bug 1196988 - Remove THA support. r=gwagner
2015-08-21 10:00:54 -07:00
91782dab68
Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
2015-07-09 07:22:29 +01:00
0a9aea4ab2
Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
...
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
2015-06-29 22:19:00 +02:00
75c4bebb79
Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
...
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
PR_LOG_ERROR -> LogLevel::Error
PR_LOG_WARNING -> LogLevel::Warning
PR_LOG_WARN -> LogLevel::Warning
PR_LOG_INFO -> LogLevel::Info
PR_LOG_DEBUG -> LogLevel::Debug
PR_LOG_NOTICE -> LogLevel::Debug
PR_LOG_VERBOSE -> LogLevel::Verbose
Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.
Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
2015-06-03 15:25:57 -07:00
79ea9f2368
Bug 1170431 part 0 - Use the *Path classes for GENERATED_FILES scripts and inputs. r=gps
2015-06-03 07:10:12 +09:00
5471309381
Backed out 14 changesets (bug 1165515) for linux x64 e10s m2 test failures
...
Backed out changeset d68dcf2ef372 (bug 1165515)
Backed out changeset 7c3b45a47811 (bug 1165515)
Backed out changeset b668b617bef2 (bug 1165515)
Backed out changeset d0916e1283a2 (bug 1165515)
Backed out changeset ac4dc7489942 (bug 1165515)
Backed out changeset e9632ce8bc65 (bug 1165515)
Backed out changeset c16d215cc7e4 (bug 1165515)
Backed out changeset e4d474f3c51a (bug 1165515)
Backed out changeset d87680bf9f7c (bug 1165515)
Backed out changeset b3c0a45ba99e (bug 1165515)
Backed out changeset 9370fa197674 (bug 1165515)
Backed out changeset 50970d668ca1 (bug 1165515)
Backed out changeset ffa4eb6d24b9 (bug 1165515)
Backed out changeset 5fcf1203cc1d (bug 1165515)
--HG--
extra : rebase_source : 6fb850d063cbabe738f97f0380302153e3eae97a
2015-06-02 13:05:56 +02:00
a9afd68cef
Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
...
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
PR_LOG_ERROR -> LogLevel::Error
PR_LOG_WARNING -> LogLevel::Warning
PR_LOG_WARN -> LogLevel::Warning
PR_LOG_INFO -> LogLevel::Info
PR_LOG_DEBUG -> LogLevel::Debug
PR_LOG_NOTICE -> LogLevel::Debug
PR_LOG_VERBOSE -> LogLevel::Verbose
Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.
Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
2015-06-01 22:17:33 -07:00
4e9f80ed2e
Backed out 14 changesets (bug 1165515) for b2g mochitest-6 permafail CLOSED TREE
...
Backed out changeset 9b97e2aa2ed9 (bug 1165515)
Backed out changeset 150606c022a2 (bug 1165515)
Backed out changeset 4e875a488349 (bug 1165515)
Backed out changeset 467e7feeb546 (bug 1165515)
Backed out changeset d6b6cc373197 (bug 1165515)
Backed out changeset 0615265b593c (bug 1165515)
Backed out changeset fafd1dce9f08 (bug 1165515)
Backed out changeset d1df869245f9 (bug 1165515)
Backed out changeset 6876a7c63611 (bug 1165515)
Backed out changeset b7841c94a9a3 (bug 1165515)
Backed out changeset e5e3617f7c73 (bug 1165515)
Backed out changeset 39be3db95978 (bug 1165515)
Backed out changeset 0ec74176f8de (bug 1165515)
Backed out changeset 5b928dd10d71 (bug 1165515)
2015-06-01 17:57:58 -07:00
f82c0e7caf
Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
...
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
PR_LOG_ERROR -> LogLevel::Error
PR_LOG_WARNING -> LogLevel::Warning
PR_LOG_WARN -> LogLevel::Warning
PR_LOG_INFO -> LogLevel::Info
PR_LOG_DEBUG -> LogLevel::Debug
PR_LOG_NOTICE -> LogLevel::Debug
PR_LOG_VERBOSE -> LogLevel::Verbose
Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.
Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
2015-06-01 14:31:01 -07:00
ae04912e48
Bug 1164714 - Flatten security/manager/ssl/src/ directory. r=keeler
...
--HG--
rename : security/manager/ssl/src/CryptoTask.cpp => security/manager/ssl/CryptoTask.cpp
rename : security/manager/ssl/src/CryptoTask.h => security/manager/ssl/CryptoTask.h
rename : security/manager/ssl/src/CryptoUtil.h => security/manager/ssl/CryptoUtil.h
rename : security/manager/ssl/src/IntolerantFallbackList.inc => security/manager/ssl/IntolerantFallbackList.inc
rename : security/manager/ssl/src/NSSErrorsService.cpp => security/manager/ssl/NSSErrorsService.cpp
rename : security/manager/ssl/src/NSSErrorsService.h => security/manager/ssl/NSSErrorsService.h
rename : security/manager/ssl/src/PPSMContentDownloader.ipdl => security/manager/ssl/PPSMContentDownloader.ipdl
rename : security/manager/ssl/src/PSMContentListener.cpp => security/manager/ssl/PSMContentListener.cpp
rename : security/manager/ssl/src/PSMContentListener.h => security/manager/ssl/PSMContentListener.h
rename : security/manager/ssl/src/PSMRunnable.cpp => security/manager/ssl/PSMRunnable.cpp
rename : security/manager/ssl/src/PSMRunnable.h => security/manager/ssl/PSMRunnable.h
rename : security/manager/ssl/src/PublicSSL.h => security/manager/ssl/PublicSSL.h
rename : security/manager/ssl/src/SSLServerCertVerification.cpp => security/manager/ssl/SSLServerCertVerification.cpp
rename : security/manager/ssl/src/SSLServerCertVerification.h => security/manager/ssl/SSLServerCertVerification.h
rename : security/manager/ssl/src/ScopedNSSTypes.h => security/manager/ssl/ScopedNSSTypes.h
rename : security/manager/ssl/src/SharedCertVerifier.h => security/manager/ssl/SharedCertVerifier.h
rename : security/manager/ssl/src/SharedSSLState.cpp => security/manager/ssl/SharedSSLState.cpp
rename : security/manager/ssl/src/SharedSSLState.h => security/manager/ssl/SharedSSLState.h
rename : security/manager/ssl/src/TransportSecurityInfo.cpp => security/manager/ssl/TransportSecurityInfo.cpp
rename : security/manager/ssl/src/TransportSecurityInfo.h => security/manager/ssl/TransportSecurityInfo.h
rename : security/manager/ssl/src/md4.c => security/manager/ssl/md4.c
rename : security/manager/ssl/src/md4.h => security/manager/ssl/md4.h
rename : security/manager/ssl/src/nsCertOverrideService.cpp => security/manager/ssl/nsCertOverrideService.cpp
rename : security/manager/ssl/src/nsCertOverrideService.h => security/manager/ssl/nsCertOverrideService.h
rename : security/manager/ssl/src/nsCertPicker.cpp => security/manager/ssl/nsCertPicker.cpp
rename : security/manager/ssl/src/nsCertPicker.h => security/manager/ssl/nsCertPicker.h
rename : security/manager/ssl/src/nsCertTree.cpp => security/manager/ssl/nsCertTree.cpp
rename : security/manager/ssl/src/nsCertTree.h => security/manager/ssl/nsCertTree.h
rename : security/manager/ssl/src/nsCertVerificationThread.cpp => security/manager/ssl/nsCertVerificationThread.cpp
rename : security/manager/ssl/src/nsCertVerificationThread.h => security/manager/ssl/nsCertVerificationThread.h
rename : security/manager/ssl/src/nsClientAuthRemember.cpp => security/manager/ssl/nsClientAuthRemember.cpp
rename : security/manager/ssl/src/nsClientAuthRemember.h => security/manager/ssl/nsClientAuthRemember.h
rename : security/manager/ssl/src/nsCrypto.cpp => security/manager/ssl/nsCrypto.cpp
rename : security/manager/ssl/src/nsCrypto.h => security/manager/ssl/nsCrypto.h
rename : security/manager/ssl/src/nsCryptoHash.cpp => security/manager/ssl/nsCryptoHash.cpp
rename : security/manager/ssl/src/nsCryptoHash.h => security/manager/ssl/nsCryptoHash.h
rename : security/manager/ssl/src/nsDataSignatureVerifier.cpp => security/manager/ssl/nsDataSignatureVerifier.cpp
rename : security/manager/ssl/src/nsDataSignatureVerifier.h => security/manager/ssl/nsDataSignatureVerifier.h
rename : security/manager/ssl/src/nsKeyModule.cpp => security/manager/ssl/nsKeyModule.cpp
rename : security/manager/ssl/src/nsKeyModule.h => security/manager/ssl/nsKeyModule.h
rename : security/manager/ssl/src/nsKeygenHandler.cpp => security/manager/ssl/nsKeygenHandler.cpp
rename : security/manager/ssl/src/nsKeygenHandler.h => security/manager/ssl/nsKeygenHandler.h
rename : security/manager/ssl/src/nsKeygenHandlerContent.cpp => security/manager/ssl/nsKeygenHandlerContent.cpp
rename : security/manager/ssl/src/nsKeygenHandlerContent.h => security/manager/ssl/nsKeygenHandlerContent.h
rename : security/manager/ssl/src/nsKeygenThread.cpp => security/manager/ssl/nsKeygenThread.cpp
rename : security/manager/ssl/src/nsKeygenThread.h => security/manager/ssl/nsKeygenThread.h
rename : security/manager/ssl/src/nsNSSASN1Object.cpp => security/manager/ssl/nsNSSASN1Object.cpp
rename : security/manager/ssl/src/nsNSSASN1Object.h => security/manager/ssl/nsNSSASN1Object.h
rename : security/manager/ssl/src/nsNSSCallbacks.cpp => security/manager/ssl/nsNSSCallbacks.cpp
rename : security/manager/ssl/src/nsNSSCallbacks.h => security/manager/ssl/nsNSSCallbacks.h
rename : security/manager/ssl/src/nsNSSCertHelper.cpp => security/manager/ssl/nsNSSCertHelper.cpp
rename : security/manager/ssl/src/nsNSSCertHelper.h => security/manager/ssl/nsNSSCertHelper.h
rename : security/manager/ssl/src/nsNSSCertTrust.cpp => security/manager/ssl/nsNSSCertTrust.cpp
rename : security/manager/ssl/src/nsNSSCertTrust.h => security/manager/ssl/nsNSSCertTrust.h
rename : security/manager/ssl/src/nsNSSCertValidity.cpp => security/manager/ssl/nsNSSCertValidity.cpp
rename : security/manager/ssl/src/nsNSSCertValidity.h => security/manager/ssl/nsNSSCertValidity.h
rename : security/manager/ssl/src/nsNSSCertificate.cpp => security/manager/ssl/nsNSSCertificate.cpp
rename : security/manager/ssl/src/nsNSSCertificate.h => security/manager/ssl/nsNSSCertificate.h
rename : security/manager/ssl/src/nsNSSCertificateDB.cpp => security/manager/ssl/nsNSSCertificateDB.cpp
rename : security/manager/ssl/src/nsNSSCertificateDB.h => security/manager/ssl/nsNSSCertificateDB.h
rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp => security/manager/ssl/nsNSSCertificateFakeTransport.cpp
rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.h => security/manager/ssl/nsNSSCertificateFakeTransport.h
rename : security/manager/ssl/src/nsNSSComponent.cpp => security/manager/ssl/nsNSSComponent.cpp
rename : security/manager/ssl/src/nsNSSComponent.h => security/manager/ssl/nsNSSComponent.h
rename : security/manager/ssl/src/nsNSSErrors.cpp => security/manager/ssl/nsNSSErrors.cpp
rename : security/manager/ssl/src/nsNSSHelper.h => security/manager/ssl/nsNSSHelper.h
rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/nsNSSIOLayer.cpp
rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/nsNSSIOLayer.h
rename : security/manager/ssl/src/nsNSSModule.cpp => security/manager/ssl/nsNSSModule.cpp
rename : security/manager/ssl/src/nsNSSShutDown.cpp => security/manager/ssl/nsNSSShutDown.cpp
rename : security/manager/ssl/src/nsNSSShutDown.h => security/manager/ssl/nsNSSShutDown.h
rename : security/manager/ssl/src/nsNSSVersion.cpp => security/manager/ssl/nsNSSVersion.cpp
rename : security/manager/ssl/src/nsNSSVersion.h => security/manager/ssl/nsNSSVersion.h
rename : security/manager/ssl/src/nsNTLMAuthModule.cpp => security/manager/ssl/nsNTLMAuthModule.cpp
rename : security/manager/ssl/src/nsNTLMAuthModule.h => security/manager/ssl/nsNTLMAuthModule.h
rename : security/manager/ssl/src/nsPK11TokenDB.cpp => security/manager/ssl/nsPK11TokenDB.cpp
rename : security/manager/ssl/src/nsPK11TokenDB.h => security/manager/ssl/nsPK11TokenDB.h
rename : security/manager/ssl/src/nsPKCS11Slot.cpp => security/manager/ssl/nsPKCS11Slot.cpp
rename : security/manager/ssl/src/nsPKCS11Slot.h => security/manager/ssl/nsPKCS11Slot.h
rename : security/manager/ssl/src/nsPKCS12Blob.cpp => security/manager/ssl/nsPKCS12Blob.cpp
rename : security/manager/ssl/src/nsPKCS12Blob.h => security/manager/ssl/nsPKCS12Blob.h
rename : security/manager/ssl/src/nsPSMBackgroundThread.cpp => security/manager/ssl/nsPSMBackgroundThread.cpp
rename : security/manager/ssl/src/nsPSMBackgroundThread.h => security/manager/ssl/nsPSMBackgroundThread.h
rename : security/manager/ssl/src/nsProtectedAuthThread.cpp => security/manager/ssl/nsProtectedAuthThread.cpp
rename : security/manager/ssl/src/nsProtectedAuthThread.h => security/manager/ssl/nsProtectedAuthThread.h
rename : security/manager/ssl/src/nsRandomGenerator.cpp => security/manager/ssl/nsRandomGenerator.cpp
rename : security/manager/ssl/src/nsRandomGenerator.h => security/manager/ssl/nsRandomGenerator.h
rename : security/manager/ssl/src/nsSDR.cpp => security/manager/ssl/nsSDR.cpp
rename : security/manager/ssl/src/nsSDR.h => security/manager/ssl/nsSDR.h
rename : security/manager/ssl/src/nsSSLSocketProvider.cpp => security/manager/ssl/nsSSLSocketProvider.cpp
rename : security/manager/ssl/src/nsSSLSocketProvider.h => security/manager/ssl/nsSSLSocketProvider.h
rename : security/manager/ssl/src/nsSSLStatus.cpp => security/manager/ssl/nsSSLStatus.cpp
rename : security/manager/ssl/src/nsSSLStatus.h => security/manager/ssl/nsSSLStatus.h
rename : security/manager/ssl/src/nsSmartCardMonitor.cpp => security/manager/ssl/nsSmartCardMonitor.cpp
rename : security/manager/ssl/src/nsSmartCardMonitor.h => security/manager/ssl/nsSmartCardMonitor.h
rename : security/manager/ssl/src/nsTLSSocketProvider.cpp => security/manager/ssl/nsTLSSocketProvider.cpp
rename : security/manager/ssl/src/nsTLSSocketProvider.h => security/manager/ssl/nsTLSSocketProvider.h
rename : security/manager/ssl/src/nsUsageArrayHelper.cpp => security/manager/ssl/nsUsageArrayHelper.cpp
rename : security/manager/ssl/src/nsUsageArrayHelper.h => security/manager/ssl/nsUsageArrayHelper.h
rename : security/manager/ssl/src/nsVerificationJob.h => security/manager/ssl/nsVerificationJob.h
2015-05-26 10:31:23 -07:00
3925a960aa
Bug 1165515 - Part 1: Convert PR_LOG to MOZ_LOG. r=froydnj
2015-05-21 13:22:04 -07:00
4879ae86f4
Bug 1165518 - Part 2: Replace prlog.h with Logging.h. rs=froydnj
2015-05-19 11:15:34 -07:00
4e7fc3055e
bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
2015-04-06 16:10:28 -07:00
4eceb82c1f
Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj
...
PR_LOGGING is now always defined, we can remove #ifdefs checking for it.
2015-05-08 14:36:33 -07:00
7b4994dfc8
Bug 1038072 - signature verification for JAR files unpacked into a directory. r=keeler
...
--HG--
extra : rebase_source : 5728bfc05f8326f5392a787d38bc64ec8dbefe21
extra : source : a02ea85607a2c0989f057053858125fa5046763b
2015-05-05 20:21:00 +02:00
7b5d12ad46
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz
...
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
2015-03-31 11:32:40 -07:00
30b01a14e8
Backed out changeset f99621542727 (bug 1038068) for test failures in test_corrupt.js etc on a CLOSED TREE
2015-04-23 09:09:30 +02:00
2fb50ac667
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz
...
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
extra : amend_source : 4aa3ae86e2afc75529e880ab962c67163405248b
2015-03-31 11:32:40 -07:00
9adc1fecb8
Backed out changeset 3b48e1a81a17 (bug 1038068) for xpcshell orange even after a clobbering IGNORE IDL
...
--HG--
extra : amend_source : 086173e953ae46aa2292993601380ab04884b1ac
2015-04-21 18:21:52 -07:00
f4b5328e0d
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). IGNORE IDL. r=dveditz
...
--HG--
extra : rebase_source : a48282c6b3f10391e9492d4f0a89cef8697ea622
extra : amend_source : 17c0645d0577dad789b2d9b4879459327fcef1f7
2015-03-31 11:32:40 -07:00
5389bbbf54
Bug 1137437 - move security/apps/ cert header generation to moz.build; r=mshal,keeler
...
Moving the cert header generation to GENERATED_FILES means that we can
delete all the manually-written out rules; we can also delete the
export:: rule because the build system automatically builds
GENERATED_FILES during the export phase. For ease of converion, we opt
to create an empty trusted-app-public.der cert for manifest-signing-root.inc;
partners are free to overwrite that cert with their own.
2015-02-27 12:50:49 -05:00
b1035c0992
Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler
...
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
2015-04-12 19:57:48 -10:00
883849ee32
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj
...
This patch was automatically generated using the following script:
function convert() {
echo "Converting $1 to $2..."
find . \
! -wholename "*/.git*" \
! -wholename "obj-ff-dbg*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.c" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_OVERRIDE override
convert MOZ_FINAL final
2015-03-21 12:28:04 -04:00
171babfad4
Bug 1139177 - RSA public key size checking cleanups. r=keeler
2015-03-05 16:41:00 +01:00
06b7804e70
Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
...
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
2015-02-14 16:59:02 -08:00
a89b90ea7f
Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler
...
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
2015-02-07 12:14:31 -08:00
b0f87b9b6c
Bug 1122841, Part 2: Centralize checking of public key, r=keeler
...
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
2015-02-02 16:17:08 -08:00
5f97b938f2
Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith
2015-01-02 09:02:04 -05:00
f118650ad8
Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj
...
--HG--
extra : rebase_source : b11b172fac76c7845d2a97cabf1bad9e04a50367
2014-12-23 14:51:52 -08:00
1c4af4e6a1
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
2014-10-18 15:18:00 +02:00
e5ad1e7db2
Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests
2014-10-17 13:14:29 +02:00
01941f880c
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
2014-10-16 05:13:00 +02:00
7fffd05532
Bug 806819 - Part 4: Add files that were excluded from unified builds back in. r=ehsan
2014-10-08 13:19:14 -07:00
8d715a7fe4
Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan
2014-10-08 13:17:32 -07:00
445e1466e9
Backed out 5 changesets (bug 806819) for WinXP test failures on a CLOSED TREE
...
Backed out changeset 009ae35b0c67 (bug 806819)
Backed out changeset 5a57f87f5061 (bug 806819)
Backed out changeset f06cd735b5b3 (bug 806819)
Backed out changeset e25a2a8d4af4 (bug 806819)
Backed out changeset 70a167982c3f (bug 806819)
2014-10-06 16:32:50 -07:00
53a247fb00
Bug 806819 - Part 4: Add files that were excluded from unified builds back in. r=ehsan
...
--HG--
extra : rebase_source : 49a3f57d94fc94702f1604175c4e206091b67197
2014-10-06 13:11:24 -07:00
80d2b8bba6
Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan
...
--HG--
extra : rebase_source : c96eea1c12ea8c19314393f0e8b4b57a4316a61d
2014-10-06 13:08:20 -07:00
fd860abf57
bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco
2014-09-25 11:18:56 -07:00
8818f4947f
Bug 1059216 - Verification of Trusted Hosted Apps manifest signature, part 1. r=dkeeler,rlb
2014-09-22 07:58:59 -07:00
2915e7de92
Bug 1059208 - Add scripts for signing manifest files of Trusted Hosted Apps r=dkeeler
2014-09-22 07:58:59 -07:00
e160a6a6da
Bug 1059204 - Prepare verification code for reuse. r=rlb
2014-09-19 20:13:47 -07:00
b562d97c7e
Bug 1042006 - Replace reviewers-dev certificate. r=fabrice
...
--HG--
extra : rebase_source : 517822e6712853c4e0d5ce664e0d60b980382c3b
2014-08-21 00:12:00 -04:00
7257b2f870
Bug 579517 follow-up: Remove NSPR types that crept in
2014-08-08 08:39:07 -04:00
0ccaf0860c
Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler
...
--HG--
extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2
2014-08-02 08:49:12 -07:00
de725ae5ef
Bug 1047792: Rely on mozilla::pkix to filter out expired certs instead of CERT_CreateSubjectCertList, r=keeler
...
--HG--
extra : rebase_source : 5182147037b69f0ac3c3cd060d6e2af71bfde2e7
2014-08-01 23:16:21 -07:00
d77dac0580
Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler
...
--HG--
extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478
2014-07-31 12:17:31 -07:00
ffe743ee06
Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c
2014-07-18 22:30:51 -07:00
5f56fc60d6
Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco
...
--HG--
extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4
2014-07-20 11:06:26 -07:00
c45dc156d1
Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler
...
--HG--
extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532
2014-07-18 11:48:49 -07:00
3236b9594b
Bug 1021345 - Allow apps to be installed from the Marketplace staging server. r=fabrice
2014-07-23 13:20:25 +02:00
0289b45f0c
Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith
2014-07-15 19:49:00 -04:00
17375cc8b3
Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8
extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d
2014-07-06 19:36:05 -07:00
c162caba82
Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad
extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb
2014-07-10 19:00:32 -07:00
b14f27897b
Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco
...
--HG--
extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc
2014-07-10 22:38:59 -07:00
3f110246be
Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc
extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605
2014-07-06 15:55:38 -07:00
783ead1861
Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc
...
--HG--
extra : rebase_source : 68e6da2f1e1c7fa678ef4cc81d23cc6298709108
extra : histedit_source : feba4c589dbf004ee50e2dea1fca0809f8f97674
2014-07-03 21:49:56 -07:00
f5ec8594e7
Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler
...
--HG--
extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e
2014-07-02 16:15:16 -07:00
89e560be23
Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler
...
--HG--
extra : rebase_source : e093922497d005734c590a59f175993a7715bce8
2014-07-03 16:59:42 -07:00
7c4b2ba847
Bug 643041 - Merge nsIX509Cert2 and nsIX509Cert3 into nsIX509Cert, and merge nsIX509CertDB2 into nsIX509CertDB. r=keeler
...
--HG--
extra : rebase_source : 5283c637e45dbee9f741d56cda54fdef1afce16e
2014-07-03 22:09:24 -07:00
bd8f23ccd6
Bug 1028643: Convert nsISignatureVerifier to use CertVerifier (mozilla::pkix) and move nsISignatureVerifier functionality to nsIDataSignatureVerifier, r=keeler
...
--HG--
extra : rebase_source : 14f6f5dedd7145d574ac5b4c86b6ad42b6716ae8
extra : histedit_source : f891fbe80c4ca9fc62849bc2d6d8ffad372a6bf0
2014-06-22 18:50:22 -07:00
ca4f473450
Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
...
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
2014-06-20 10:10:51 -07:00
b76e937c55
Bug 1006812: Use mozilla::pkix::der to decode the key usage extension, r=keeler
...
--HG--
extra : rebase_source : e445c913994dc027e1179543d7b6cab2505e734d
2014-06-19 00:13:20 -07:00
67bd0799fb
Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
...
--HG--
extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8
2014-06-05 15:18:32 -07:00
279c66a9b8
Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
...
--HG--
extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f
2014-06-03 10:47:25 -07:00
4434286b6b
bug 1006710 - add class of PSM errors to SEC and SSL errors r=briansmith
2014-05-28 15:28:03 -07:00
51f64d5cbb
Bug 972201 - Remove the MOZ_B2G_CERTDATA hack. r=briansmith
2014-05-18 15:42:42 +02:00
2912321bc5
Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
...
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
2014-05-15 18:59:52 -07:00
077fb4cfcf
Bug 1006041: Use mozilla::pkix::der for decoding the extended key usage extension, r=keeler
...
--HG--
extra : rebase_source : b4b62f117d653784eb6ad058554faf520a1bd90b
2014-05-14 01:02:34 -07:00
9ae1a34e11
Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
...
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
2014-04-25 16:29:26 -07:00
a54a4f05cf
Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
...
--HG--
extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca
2014-02-05 14:49:10 -08:00
b1405bc489
bug 985201 - rename insanity::pkix to mozilla::pkix r=cviecco r=briansmith
...
--HG--
rename : security/insanity/include/insanity/ScopedPtr.h => security/pkix/include/pkix/ScopedPtr.h
rename : security/insanity/include/insanity/bind.h => security/pkix/include/pkix/bind.h
rename : security/insanity/include/insanity/nullptr.h => security/pkix/include/pkix/nullptr.h
rename : security/insanity/include/insanity/pkix.h => security/pkix/include/pkix/pkix.h
rename : security/insanity/include/insanity/pkixtypes.h => security/pkix/include/pkix/pkixtypes.h
rename : security/insanity/lib/pkixbind.cpp => security/pkix/lib/pkixbind.cpp
rename : security/insanity/lib/pkixbuild.cpp => security/pkix/lib/pkixbuild.cpp
rename : security/insanity/lib/pkixcheck.cpp => security/pkix/lib/pkixcheck.cpp
rename : security/insanity/lib/pkixcheck.h => security/pkix/lib/pkixcheck.h
rename : security/insanity/lib/pkixder.cpp => security/pkix/lib/pkixder.cpp
rename : security/insanity/lib/pkixder.h => security/pkix/lib/pkixder.h
rename : security/insanity/lib/pkixkey.cpp => security/pkix/lib/pkixkey.cpp
rename : security/insanity/lib/pkixocsp.cpp => security/pkix/lib/pkixocsp.cpp
rename : security/insanity/lib/pkixutil.h => security/pkix/lib/pkixutil.h
rename : security/insanity/moz.build => security/pkix/moz.build
rename : security/insanity/test/lib/moz.build => security/pkix/test/lib/moz.build
rename : security/insanity/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestutil.cpp
rename : security/insanity/test/lib/pkixtestutil.h => security/pkix/test/lib/pkixtestutil.h
2014-03-20 14:29:21 -07:00
dbb4eb51fe
Bug 978528: Return the correct error message when no potential issuers are found during path bulding in insanitY::pkix, r=cviecco
...
--HG--
extra : rebase_source : 71f806312ad322bc2971e7efaea2da217b07efad
2014-03-01 20:55:51 -08:00
605160af41
Bug 921886: Add certificate policiy support to insanity::pkix, r=keeler, r=cviecco
...
--HG--
extra : rebase_source : 6522e2c2f57f59fe23c0ed0c838f1f54236bdafc
2014-02-24 12:37:45 -08:00
46ac0ca312
Bug 915931, Part 3: Integrate insanity::pkix OCSP support, r=keeler, r=cviecco
...
--HG--
extra : rebase_source : 4b54682ca6d97e2ec7709b9a5c93ddea71126f8b
2014-02-16 17:35:40 -08:00
2f3036a251
Bug 896620: Make marketplace certs work on in all products, r=keeler
...
--HG--
extra : source : 86ec7137a8892f75918c77e605df970f5b96ef62
extra : histedit_source : 33326790804d49e6ec658626116ebf870d94d445
2014-02-14 14:37:07 -08:00
Nicholas Nethercote
Jonathan Hao
Richard Barnes
Fabrice Desré
Mark Goodwin
Cykesiopka
Eric Rahm
Mike Hommey
Carsten "Tomcat" Book
Wes Kocher
Birunthan Mohanathas
David Keeler
Daniel Veditz
Dave Townsend
Nathan Froyd
Brian Smith
Ehsan Akhgari
Vlatko Markovic
Robin Thunell
Marco Castelluccio
Harsh Pathak
Camilo Viecco