ffxbld
1d4acf2cee
No bug, Automated HSTS preload list update from host bld-linux64-spot-312 - a=hsts-update
2016-04-16 04:49:07 -07:00
Cykesiopka
59774a5b4e
Bug 1262645 - Address misc issues with nsGetUserCertChoice(). r=keeler
...
The follow issues are fixed:
- Returning a failure result when failing to get a pref value instead of more
gracefully falling back to a default.
- Using an enum instead of a more strongly typed enum class.
- Using a pref branch instead of the preferred Preferences.h API.
- Manual memory management.
- Unnecessary use of pointers.
MozReview-Commit-ID: FKw5kBhnwxL
--HG--
extra : transplant_source : %21K%E2%83/%A5%AB%DB3%F4%FB%2CUD%9E%B6l%1C%3A%22
2016-04-15 16:51:41 -07:00
Carsten "Tomcat" Book
eae4a312af
Bug 1261751 - Problems with OS X Sandboxed TempDir and Rules. r=bobowen r=gcp
...
--HG--
extra : amend_source : 2011128c7e5406d7865da2b24f81facf7889cb0e
2016-04-16 09:00:29 +02:00
Jonas Sicking
d310d4dcee
Fix unified-build bustage from bug 1264706. r=bustage
2016-04-15 15:21:38 -07:00
Jonas Sicking
32e5673b7a
Fix linting bustage for bug 1264706. r=bustage
2016-04-15 15:12:39 -07:00
Jonas Sicking
9c521f30da
Bug 1264706: Move nsILocalCertService, and implementation, to security/manager/ssl in order to alloow use w use elsewhere in gecko. r=dkeeler
...
--HG--
rename : devtools/shared/security/LocalCertService.cpp => security/manager/ssl/LocalCertService.cpp
rename : devtools/shared/security/LocalCertService.h => security/manager/ssl/LocalCertService.h
rename : devtools/shared/security/nsILocalCertService.idl => security/manager/ssl/nsILocalCertService.idl
rename : devtools/shared/security/tests/unit/test_cert.js => security/manager/ssl/tests/unit/test_local_cert.js
2016-04-15 14:52:13 -07:00
Julian Hector
d9a01beca2
Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld
2016-04-13 12:41:19 +00:00
J.C. Jones
63f7ce5155
Bug 1244960 - Complete FIDO u2f NSSToken (Part 1). r=keeler, r=baku
...
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.
Updates per keeler review comments:
- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review
April 11-12:
- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest
April 15:
- Rebase to latest
MozReview-Commit-ID: 6T8jNmwFvHJ
--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
2016-04-15 09:29:12 -07:00
Tim Taubert
501a3b98fe
Bug 1235634 - Construct nsNSSShutdownList::singleton lazily on first use r=keeler
2016-04-13 11:06:44 +02:00
Mark Goodwin
23e56a0fd2
Bug 1252882 - Add a Content Signature Service r=keeler,r=franziskus,r=Cykesiopka
...
MozReview-Commit-ID: 2nS6vN3iDKe
2016-04-13 13:26:01 +01:00
Mark Goodwin
bc46a6a645
Bug 1252882 - Content-Signature Service - some tests r=keeler,r=fkiefer
...
MozReview-Commit-ID: AQGAABvRbNZ
2016-04-08 14:27:52 +01:00
Thomas Zimmermann
e1b5ef463a
Bug 1264226: Don't use '_COARSE' Posix clocks if not defined, r=jld
...
Not all systems (i.e., Gonk) support CLOCK_MONOTONIC_COARSE and
CLOCK_REALTIME_COARSE. With this patch, we don't refer to them if
they are not supported.
2016-04-14 10:12:39 +02:00
Cykesiopka
c510e4037b
Bug 1029173 - Clean up nsDataSignatureVerifier. r=keeler
...
This patch does the following:
- Implements nsNSSShutDownObject.
- Replaces more raw pointers with smart pointers.
- Fixes other misc issues.
MozReview-Commit-ID: HulWdonEbP8
--HG--
extra : transplant_source : %DC%27%14%AE%28%A2F%80%1F%2C%83L%D3h%A2%C7k%F0%1C%2B
2016-04-12 18:09:06 -07:00
Kai Engert
70551ded71
Bug 1258375, NSS_3_24_BETA6 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium
2016-04-12 14:40:44 +02:00
Chris Pearce
cb3b390405
Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed
...
MozReview-Commit-ID: C6bpItv1qpi
2016-04-12 16:12:21 +12:00
Chris Pearce
114ad957d2
Bug 1245789 - Load Widevine CDM with sandbox level USER_RESTRICTED instead of USER_LOCKDOWN. r=bobowen
...
Otherwise Widevine CDM won't load on Windows. Other GMPs are still loaded at USER_LOCKDOWN.
MozReview-Commit-ID: aCTG1tQuwt
2016-04-12 16:12:20 +12:00
David Keeler
b2887661d5
bug 1263221 - improve how PSM handles the visibility of __CERT_AddTempCertToPerm r=chmanchester,mgoodwin
...
MozReview-Commit-ID: GXiXANNa6Op
--HG--
extra : rebase_source : ffb96a89aabd933f200e39d528d6f5f41e035d7e
2016-04-08 10:30:32 -07:00
Kai Engert
f8da0365fd
Backout revision 36f75c2863a1, bug 1258375
2016-04-11 17:00:39 +02:00
Kai Engert
b471460db8
Bug 1258375, NSS_3_24_BETA5 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium
2016-04-11 16:40:36 +02:00
Cykesiopka
b883b2533f
Bug 1259909 - Obviate char PORT_Free() calls in PSM. r=keeler
...
Also converts the longer |UniquePtr<char, void(&)(void*)> foo(..., PORT_Free)|
to the shorter and equivalent |UniquePORTString foo(...)|.
MozReview-Commit-ID: LlrTNUYBP4V
--HG--
extra : transplant_source : afU%FB%0EC%3E%E0pm%A3-%0E%C8%83%CF%0A%B1%9E%ED
2016-04-09 01:03:59 -07:00
Ryan VanderMeulen
bb5308d31a
Merge m-c to inbound. a=merge
2016-04-09 10:08:57 -04:00
ffxbld
e7db699836
No bug, Automated HPKP preload list update from host bld-linux64-spot-428 - a=hpkp-update
2016-04-09 04:47:02 -07:00
ffxbld
eae40b0bb0
No bug, Automated HSTS preload list update from host bld-linux64-spot-428 - a=hsts-update
2016-04-09 04:47:00 -07:00
Wes Kocher
dfc7e5253f
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: 9YZdlIARozU
2016-04-08 16:47:03 -07:00
Wes Kocher
b6d0503738
Merge fx-team to central, a=merge
...
MozReview-Commit-ID: yuSA0kqs0F
2016-04-08 15:26:49 -07:00
Dave Townsend
bf59524a62
Bug 1257246: Update security/manager for eslint 2. r=cykesiopka
...
MozReview-Commit-ID: C04uJOhTbjw
--HG--
extra : rebase_source : 39fb9a3ce183b05e0b924563e055431828bab50d
extra : histedit_source : aacec3a02d251d0ec8e13e78900a6f53bc205ec3
2016-04-05 11:32:28 -07:00
David Keeler
7dd242bb39
bug 1261936 - stop using the subject common name in certificate verification error messages r=Cykesiopka
...
MozReview-Commit-ID: G08cV5GmNDh
--HG--
extra : rebase_source : c79b34d893e7acddc8ee02a6c354dcaa1de07d61
2016-04-04 16:25:24 -07:00
Julian Hector
2d64db058c
Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld
2016-04-06 19:48:23 +00:00
Tim Taubert
63c7f51d31
Bug 842818 - Make Crypto::GetRandomValues() work off the main thread r=baku,keeler,mt
2015-09-22 10:50:36 +02:00
Cykesiopka
54da7e65e7
Bug 1252384 - Remove nsICertTree.isHostPortOverride(). r=dkeeler
...
It is unused since the changes in Bug 825583 landed.
MozReview-Commit-ID: 2u2eu0aDqeH
--HG--
extra : transplant_source : f%5Ev%00%B6%8B%3E%5E%26%C3%10%25%D9%16%C1%98yhf%D2
2016-04-06 07:02:17 -07:00
Bob Owen
907939a278
Bug 1256992 Part 2: Move SandboxBroker Initialization earlier and add telemetry and extra null checks. r=aklotz
...
MozReview-Commit-ID: Fu05wLn27UG
2016-04-07 08:28:14 +01:00
Wes Kocher
06944947a0
Backed out changeset 069c82269f81 (bug 1258375) for Windows xperf failures
...
MozReview-Commit-ID: DwhDorbB2PO
2016-04-06 16:51:48 -07:00
Kai Engert
02dd23b86a
Bug 1258375, NSS_3_24_BETA4 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium
2016-04-06 21:43:36 +02:00
Cykesiopka
efe5b47ede
Bug 1260644 - Use UniquePLArenaPool to manage PLArenaPools in PSM. r=keeler
...
MozReview-Commit-ID: HyLXbWoHMGz
--HG--
extra : rebase_source : 6164b7df51e11c4d3814a06bd41765d40be85a9d
2016-04-04 17:35:24 -07:00
Tim Taubert
313721942c
Bug 1261213 - Follow-up to make eslint happy r=bustage
2016-04-06 10:32:16 +02:00
Tim Taubert
96b0d713ad
Bug 1261213 - make test_sts_privatebrowsing_perwindowpb.html work under e10s r=keeler,mrbkap,felipe
2016-04-05 12:52:19 +02:00
Cykesiopka
1f493434a0
Bug 1127158 - Remove brittle debug only flag math in nsSecureBrowserUIImpl.cpp. r=dkeeler
...
MozReview-Commit-ID: 3d5mYDjzJwf
--HG--
extra : rebase_source : ce0b714b92d9deed79a8a9e24e0d8db4b9eef8c7
2016-04-01 06:16:58 -07:00
timeless@mozdev.org
cbc8dc0b64
Bug 550185 - Ensure nsCertTree::GetCellText returns an initialized value. r=kaie
...
--HG--
extra : rebase_source : 4c4529a62c5acb7bba52e8cb94e69e795a85b7e1
2016-04-04 21:18:00 +02:00
David Keeler
9825c57bc3
bug 1239166 - platform work to support Microsoft Family Safety functionality r=froydnj,mgoodwin,mhowell,rbarnes,vladan
...
MozReview-Commit-ID: GhpJqJB97r9
--HG--
extra : rebase_source : e943c1e4d0f008ffd6b6bb4bb63e1daf27ae2c96
2016-01-12 15:39:43 -08:00
David Keeler
6e4140d766
bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin
...
MozReview-Commit-ID: 7xT6JGpOH1g
--HG--
extra : rebase_source : 0def29e8be898a2d975ee4390b3bc6a193766b1b
2016-02-09 10:14:27 -08:00
Cykesiopka
ed5502e22f
Bug 1252722 - Add additional tests. r=keeler
...
MozReview-Commit-ID: Ds5t8RSd1Mk
--HG--
extra : transplant_source : %92Nx%E8%7E%3A%E6%97w%8A%D0%102%7D%8D%93%A2%9D%A4%25
2016-03-31 17:33:06 -07:00
Cykesiopka
bc9cb4c633
Bug 1252722 - Improve handling of PK11_* function error codes. r=keeler
...
MozReview-Commit-ID: DWNNXq8ZJ47
--HG--
extra : transplant_source : N%10%80%B2%9C%DEwu%0B%BF%FB%3B%D4%06%D8W%2AyBh
2016-03-31 17:33:00 -07:00
Cykesiopka
531fe59f42
Bug 1252722 - Ensure arguments of all public methods are checked. r=keeler
...
MozReview-Commit-ID: 5UJup8k8iGe
--HG--
extra : transplant_source : %D0v%7B%F2%60%04%E3%11%15_%AC%A0%D0%CE%0D%3A0q%96%24
2016-03-31 17:32:53 -07:00
Cykesiopka
0ebbbafe4b
Bug 1252722 - Use smart pointers for NSS resources. r=keeler
...
MozReview-Commit-ID: Gg3DNjGiNIQ
--HG--
extra : transplant_source : _%AC%97%FA%DA%FF%FE%95%E5%D4%3C%BE%82%E4%24%D9F%ADB%89
2016-03-31 17:31:55 -07:00
Cykesiopka
db361c5c2d
Bug 1252722 - Fully implement nsNSSShutDownObject everywhere. r=keeler
...
MozReview-Commit-ID: 4OZ6tCdCGEP
--HG--
extra : transplant_source : U%27%E3%E2A%85%03%AC%FA%C9%9A%9Et%87%E9%F6s%FFy%AC
2016-03-31 17:31:50 -07:00
David Keeler
581a304acb
bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj
...
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.
MozReview-Commit-ID: 8GxtgdbaS3P
--HG--
extra : rebase_source : d1bed911f2d5d40229ea06556fee0848668e98b6
2016-03-28 12:52:40 -07:00
Cykesiopka
7167af4f5a
Bug 1251801 - Ensure arguments of all public methods are checked. r=keeler
...
MozReview-Commit-ID: 1UQ4thOmUGb
--HG--
extra : transplant_source : V%24o%40%403%BF%B4o%5E%F5%28%91%B8%8A%E2%E3%E9%8B%BF
2016-03-29 18:14:29 -07:00
Cykesiopka
703b7ef6b1
Bug 1251801 - Improve handling of PK11_* function error codes. r=keeler
...
MozReview-Commit-ID: 18acVVAuapm
--HG--
extra : transplant_source : %C3%FD%1D%BF/%E4%A5%BBl%DE%03%BC%0E%CA%04%D8%C6%0Fze
2016-03-29 18:14:29 -07:00
Cykesiopka
b2f33b0ba8
Bug 1251801 - Fully implement nsNSSShutDownObject and obviate manual NSS resource management. r=keeler
...
MozReview-Commit-ID: A7a9TVikRPh
--HG--
extra : transplant_source : v%CE%9Df%F6%0AaqJ%D5A%07%B0%2A.%E2%01c%C5%A5
2016-03-29 18:14:28 -07:00
Wes Kocher
caea64b900
Backed out changeset 3ff2b12ffedc (bug 1254667) for upsetting the test_ocsp_caching.js gods on android CLOSED TREE
...
MozReview-Commit-ID: JaJXHxKEAvu
2016-03-29 16:38:18 -07:00
David Keeler
4a9f753dd1
bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj
...
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.
MozReview-Commit-ID: 8GxtgdbaS3P
--HG--
extra : rebase_source : 7e81131a6c215bf7af514f150ebe2eb16a5c612a
2016-03-28 12:52:40 -07:00
Martin Thomson
83f1770c2c
Bug 1238001 - Allow TLS info to be updated on renegotiation, r=keeler
...
MozReview-Commit-ID: KJaPgEwTvhv
--HG--
extra : rebase_source : f7d0025eca46e191d23aee182c9ace58b7d59b8b
extra : amend_source : 7e98ef0aa34b0c2def205644e1ab9e576417930d
2016-02-23 08:00:00 -08:00
ffxbld
b83f7e6b04
No bug, Automated HPKP preload list update from host bld-linux64-spot-413 - a=hpkp-update
2016-03-28 14:10:40 -04:00
ffxbld
fbba08e207
No bug, Automated HSTS preload list update from host bld-linux64-spot-413 - a=hsts-update
2016-03-28 14:10:40 -04:00
Kyle Huey
d9265a3eaf
Bug 1259294: Part 2 - Use MOZ_ALWAYS_SUCCEEDS. r=froydnj
2016-03-28 10:28:15 -07:00
Cykesiopka
e05e655f1b
Bug 1258298 - Switch more Scoped.h templates in PSM to UniquePtr equivalents. r=keeler
...
MozReview-Commit-ID: 8VOhiuNOlBX
--HG--
extra : amend_source : 70d01c7a061c4b751d643d1277e3185ccf348e54
2016-03-24 18:30:37 -07:00
Cykesiopka
e031eef545
Bug 1259149 - Add additional tests for the nsIPK11* and nsIPKCS11* implementations. r=keeler
...
After these additions, the majority of the API surface should be covered.
MozReview-Commit-ID: CvpEX6Cm94d
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_list.js => security/manager/ssl/tests/unit/test_pkcs11_module.js
extra : transplant_source : %B3%E0%09%B9%E4b%D0A%F0%00r%08%1F%9Dm%E7%CC9%E3l
2016-03-24 18:29:39 -07:00
Ted Mielczarek
815dd278b6
bug 1259753 - fix some C++ unittests to use ScopedXPCOM to init XPCOM. r=ms2ger
...
MozReview-Commit-ID: B6xdlB9Di0y
--HG--
extra : rebase_source : 182d29d677c77ae6780260f5fc9b0792bdd98f84
extra : amend_source : 1e4fa2453d6773bd1e63f52b7aa3bf61e61600ff
2016-03-25 10:04:37 -04:00
Nathan Froyd
8cd3125d35
Bug 1255438 - fix OS X warning bustage and reopen this CLOSED TREE; r=me
2016-03-25 10:09:01 -04:00
Nathan Froyd
0e58a8d0a5
Bug 1255438 - create nsI{Mutable,}Array directly; r=keeler
2016-03-25 09:36:25 -04:00
Nathan Froyd
e1d8b92ec6
Bug 1255425
- part 2 - pack kSTSPreloadList into a more efficient format; r=keeler
...
Entries in kSTSPreloadList currently look like:
class nsSTSPreload
{
public:
const char *mHost;
const bool mIncludeSubdomains;
};
This is inefficient for a couple of reasons:
* The structure has a bunch of wasted space: it takes 8 bytes on 32-bit
platforms and 16 bytes on 64-bit platforms, even though it only uses 5
and 9 bytes, respectively.
* The |const char*| requires additional space in the form of relocations
(at least on Linux/Android), which doubles the space cost of
individual entries. (The space cost of the relocations is mitigated
somewhat on Linux and Android because of elfhack, but there's still
extra cost in the on-disk format and during the load of libxul to
process those relocations.)
* The relocations the structure requires means that the data in it can't
be shared between processes, which is important for e10s with multiple
content processes.
We can make it more efficient by structuring it like so:
static const char kSTSPreloadHosts[] = {
// One giant character array containing the hosts, in order:
// "example.com\0example.org\0example.test\0..."
// Use an array rather than a literal string due to compiler limitations.
};
struct nsSTSPreload
{
// An index into kSTSPreloadHosts for the hostname.
uint32_t mHostIndex: 31;
// We use the same datatype for both members so that MSVC will pack
// the bitfields into a single uint32_t.
uint32_t mIncludeSubdomains: 1;
};
nsSTSPreload now has no wasted space and is significantly smaller,
especially on 64-bit platforms (saves ~29K on 32-bit platforms and ~85K
on 64-bit platforms). This organization does add a couple extra
operations to searching for preload list entries, depending on your
platform, but the space savings make it worth it.
2016-03-24 15:09:28 -04:00
Nathan Froyd
b2490bf812
Bug 1255425
- part 1 - clearly delineate steps when outputting HSTS preload list; r=keeler
...
The main loop of |output| tweaks entries, filters out entries based on
some conditions, and writes out the actual entries we're going to use.
Let's separate those three steps so it's clearer what's happening where.
2016-03-11 15:35:47 -05:00
David Keeler
08f83f4f99
bug 1257969 - update test_pinning_dynamic.js test certificates to not use subject common name for name information r=jcj
...
MozReview-Commit-ID: 1NpjJO9r8ma
--HG--
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec
extra : rebase_source : 9fa95f73f616da87f19bf8c5f7749b02b52b9696
2016-03-18 14:14:00 -07:00
Gregory Szorc
6a9168778b
Bug 1124033 - Disable C4311 and C4312 in directories exhibiting warnings; r=ehsan
...
There are a long tail of C4311 and C4312 warnings in VS2015. Rather than
wait until all of them are fixed to land VS2015, we're taking the easy
way out and disabling these warnings in every directory currently
exhibiting a warning. This is evil. But it is a lesser evil than
globally disabling C4311 and C4312. At least with this approach new
C4311 and C4312 warnings in directories that aren't suppressing them
shouldn't be introduced.
MozReview-Commit-ID: 2cwWrjMD6B9
--HG--
extra : rebase_source : 3e7b8ea042765fdf138f5ca93a0f9dab75a95fcd
2016-03-23 17:19:20 -07:00
David Keeler
eabc80d212
bug 1258579 - remove some unnecessary time-related globals from mozilla::pkix tests r=Cykesiopka
...
MozReview-Commit-ID: C0XPTdO4Ab7
--HG--
extra : rebase_source : cb97b17cc5f3bd2fe1fe2bd13cae5447e029c14d
2016-03-22 10:26:30 -07:00
Bob Owen
db4259c176
Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley
2016-03-23 08:10:43 +00:00
Cykesiopka
c343159d73
Bug 1253108 - Enable ESLint "strict" rule for PSM. r=keeler
...
MozReview-Commit-ID: 4wElZ8Guq9z
--HG--
extra : rebase_source : 60fb87c33d041994f35cbf9fd2fb3a55bd753bc6
2016-03-19 03:07:13 -07:00
Boris Zbarsky
bc347a401b
Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:35 -04:00
Boris Zbarsky
42b3bbe27a
Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Boris Zbarsky
54987c5cc1
Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Boris Zbarsky
efa07c06d1
Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Sebastian Hengst
0e9bf1445a
Backed out changeset 6e95ee3cd4c6 (bug 1257919)
2016-03-22 21:10:21 +01:00
Sebastian Hengst
e6e4d30446
Backed out changeset c4faeb0be959 (bug 1257919)
2016-03-22 21:10:12 +01:00
Sebastian Hengst
336c2cc4ae
Backed out changeset 08f1c7239cdf (bug 1257919)
2016-03-22 21:10:01 +01:00
Sebastian Hengst
8b2bf79a7a
Backed out changeset ff81c52375ba (bug 1257919)
2016-03-22 21:09:32 +01:00
Boris Zbarsky
8062407932
Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:35 -04:00
Boris Zbarsky
5df498fbd2
Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Boris Zbarsky
cc563df19f
Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Boris Zbarsky
38af226a36
Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Carsten "Tomcat" Book
0262976513
Backed out changeset 917819510b3f (bug 1235634) for memory leaks on a CLOSED TREE
2016-03-22 16:08:55 +01:00
Tim Taubert
5706816622
Bug 1235634 - Construct nsNSSShutdownList::singleton lazily on first use r=keeler
2016-03-22 15:13:05 +01:00
Carsten "Tomcat" Book
417d5d9533
Backed out changeset 0fedfd441a06 (bug 1256992) for gtest failures
2016-03-22 09:54:55 +01:00
Bob Owen
72e4566fa4
Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley
2016-03-22 07:40:03 +00:00
Cykesiopka
1a9cf03eb1
Bug 1251009 - Remove unused nsICertificateDialogs.notifyCACertExists() method. r=keeler, r=mfinkle
...
MozReview-Commit-ID: 5CFAsy5e1Cl
--HG--
extra : rebase_source : eed2fc5d3511c140dfe6046079347e9a881e2803
2016-03-16 12:48:59 -07:00
Cykesiopka
9e0106d044
Bug 1004149 - Add some missing OCSP URL tests. r=keeler
...
MozReview-Commit-ID: Iiyv6sMKEWV
--HG--
extra : transplant_source : S%CCT/%B2%7C%F1%3E%D4%A6%C4%C2%AA%F0%AA%40%DF%F2%29d
2016-03-18 21:11:09 -07:00
Cykesiopka
bdfc5290f6
Bug 1004149 - Return mozilla::pkix::Result values in nsNSSHttpInterface functions. r=keeler
...
MozReview-Commit-ID: Kx1E3HLP7zC
--HG--
extra : transplant_source : %F0%068%83%E21dM-%FE%7C%EC1%1E%05h%E6%1D%271
2016-03-18 21:11:03 -07:00
Cykesiopka
6698ff0184
Bug 1004149 - Remove some dead code. r=keeler
...
MozReview-Commit-ID: JF6IgVCEUVe
--HG--
extra : transplant_source : %B5%E0%F4%20%8C%BC%CF%23a%2B%DB%A5kG%D6%98%CC%D1%1D%23
2016-03-18 21:10:54 -07:00
ffxbld
ce9073e1b8
No bug, Automated HPKP preload list update from host bld-linux64-spot-543 - a=hpkp-update
2016-03-19 04:43:32 -07:00
ffxbld
a593c802bf
No bug, Automated HSTS preload list update from host bld-linux64-spot-543 - a=hsts-update
2016-03-19 04:43:30 -07:00
David Keeler
3db46cef2e
bug 1240118
- add functionality to treat a test certificate as a built-in root r=mgoodwin
...
MozReview-Commit-ID: GJMd2zEAcmX
--HG--
extra : rebase_source : d2d55c593368b4e5d8562484673a1018dc5ad02d
2016-03-15 17:19:00 -07:00
Cykesiopka
e6008c2304
Bug 1251011 - Enable ESLint "no-undef" rule for PSM. r=keeler r=mossop
...
MozReview-Commit-ID: 1lbwWWkJjqq
--HG--
extra : rebase_source : 10fa76138cb5c4ac53b2b49f99b26ce3748f9fff
2016-03-16 16:50:33 -07:00
Gregory Szorc
4ab279264e
Bug 1257036 - Disable C4302 to unblock compilation on VS2015; r=bobowen
...
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. But the warning
occurs in third party code, so my hands are tied.
MozReview-Commit-ID: A0UF2RHJzVo
--HG--
extra : rebase_source : 3fc5300f6f67274162f4d65fd83eb9c18b4bf716
2016-03-16 13:27:59 -07:00
David Keeler
d27e176906
bug 1236964
- enable Certum Trusted Network CA 2 root certificate for EV treatment r=jcj
...
MozReview-Commit-ID: 8QlBgAdXjlm
--HG--
extra : rebase_source : 07affb67f289f9d460e3eac147dcd44945da182d
2016-03-15 16:08:15 -07:00
David Keeler
fceae4c33d
bug 1256495 - temporarily check build-time-generated PSM xpcshell test certificates in to the tree r=Cykesiopka
...
MozReview-Commit-ID: GIJgI4mFpGL
--HG--
extra : rebase_source : 143f72f3c8d6c0ac41151b9db38bec2fbaacd76b
2016-03-14 17:30:36 -07:00
Cykesiopka
301ab6716b
Bug 1250258 - Partially clean up nsNSSCertificateDB.cpp import methods. r=keeler
...
MozReview-Commit-ID: Dbk5N1FwdWB
--HG--
extra : rebase_source : d97d4802af2f41218be2d210a8ecdb9bf1885122
2016-03-16 03:54:26 -07:00
Brian Smith
30373af60a
Bug 1189020 - Replace |// unnamed namespace| with |// namespace| in mozilla::pkix. r=Cykesiopka
...
This is what Google suggests in its style guide, and somebody
already changed one of these comments to the new style.
--HG--
extra : rebase_source : fe3f7fc17a2fc09ad0ba01fa1511dc8dba7653e1
2016-03-16 07:10:00 +01:00
Nathan Toone
4557e5f651
Bug 1092004 - Use getdtablesize for non-gonk builds as well. r=glandium
...
When building non-gonk builds, ANDROID_VERSION is not set. Beginning with NDK 11, getdtablesize is no longer included. This means that we should use the stub version of the function that is defined in android_stub.h for all android platforms. This patch moves the function out of the "#if ANDROID_VERSION >=21" block so that all android code can use it.
Adding glandium as the reviewer, because he reviewed the original patch at bug 1103816.
MozReview-Commit-ID: 2NmUl5XuvDS
--HG--
extra : transplant_source : %03%8C/%E0%20t%D0%3Al4%D4Oh%CB_%07%8A%24r%CC
2016-03-14 16:19:12 -06:00
Nicholas Nethercote
a2f068b2ad
Bug 1253085 - Remove the |PLDHashTable*| argument from PLDHash{HashKey,MatchEntry}. r=froydnj.
...
This is easy because it's never needed.
--HG--
extra : rebase_source : 78830dab41c40a1544fa55fc69ca9c1c6709d767
2016-03-16 15:33:44 +11:00
Tooru Fujisawa
50608d5d55
Bug 1256088 - Merge mock app-info implementation into AppInfo.jsm. r=gps
2016-03-16 16:58:29 +09:00
Nicholas Nethercote
e098d1b141
Bug 1255655 - Const-ify kPinset_* arrays. r=cykesiopka.
...
--HG--
extra : rebase_source : b8c360a7c79bd3e79d30210cd8e624e3e4eae7c3
2016-03-11 13:54:41 +11:00