The rationale behind nsIEntropyCollector was to supplement NSS' source of
entropy with randomness from mouse move events. This obviously doesn't work on
platforms without a mouse (e.g. mobile platforms). Furthermore, as NSS seeds its
random number generator with robust randomness from the operating system, this
is unnecessary anyway. The primary concern is that initialization of the random
number generator must happen after forking, which is exactly what we do with the
child process in e10s mode.
MozReview-Commit-ID: GYQDElSCZy0
--HG--
extra : rebase_source : 6273a78203121c4d4ddf3ed97451f393ceef4b88
The (more) modern Mozilla string classes can be used instead, which at the very
least provide built in automatic memory management and performance improvements.
MozReview-Commit-ID: 4l2Er5rkeI0
--HG--
extra : transplant_source : %A1%16%AB%02m%CA%25HfW%40%96Mq%0D%F0%91%9C%99%29
ScopedPK11SlotInfo is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
Also changes PK11SlotInfo parameters of various functions to make ownership more
explicit, and replaces some manual management of PK11SlotInfo pointers.
MozReview-Commit-ID: JtNH2lJsjwx
--HG--
extra : rebase_source : 9d764e0dd3a1f2df14c16f8f14a3c5392770c9a1
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
Also changes CERTCertList parameters of various functions to make ownership more
explicit.
MozReview-Commit-ID: EXqxTK6inqy
--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.
MozReview-Commit-ID: 1VS4Dney4WX
--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf
Also adds some missing l10n entries to nsserrors.properties (but not for errors
that are specific to TLS 1.3, since TLS 1.3 is not yet finalised).
MozReview-Commit-ID: A42fmTDTe8W
--HG--
extra : transplant_source : x%F7s%DB%05%B4%81%9Dm%FDC%A1f%B3%0D%7DR%C1%BA%B1
Key size enforcement for TLS certificates happens at two levels: PSM and NSS.
PSM enforces a minimum of 1024 bits. NSS enforces a minimum of 1023 bits by
default. The NSS error is not overridable, but the PSM error is. This change
allows users to connect to devices with small RSA keys (as little as 512 bits)
using the certificate error override functionality.
MozReview-Commit-ID: 2TZ8c4I3hXC
--HG--
extra : rebase_source : a9c550f15261c711e789a670c90c129c65802ff0
This change replaces the hardcoded 'sourceis' in nsIContentSignatureVerifier and
ContentSignatureVerifier.cpp with a string parameter which allows the caller
to specify which hostname the signing certificate must be valid for. This allows
us to create and use new signing certificates without having to wait for new
sources to ride the trains.
MozReview-Commit-ID: KGpOVOuJrk3
David Keeler
Cykesiopka
Chuck Lee
Randell Jesup
Andi-Bogdan Postelnicu
Carsten "Tomcat" Book
ffxbld
Kyle Huey
Haik Aftandilian
Kai Engert
Gian-Carlo Pascutto
Nicholas Nethercote
Wes Kocher
Jared Wein
Julian Hector
Daniel Veditz
Phil Ringnalda
Mark Goodwin
Jacek Caban
Sebastian Hengst