mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
474 562 коммитов 613 Ветки 98 Теги 5,8 GiB
Граф коммитов

10250 Коммитов

Автор SHA1 Сообщение Дата
ffxbld 1d4acf2cee No bug, Automated HSTS preload list update from host bld-linux64-spot-312 - a=hsts-update 2016-04-16 04:49:07 -07:00
Cykesiopka 59774a5b4e Bug 1262645 - Address misc issues with nsGetUserCertChoice(). r=keeler 
The follow issues are fixed:
  - Returning a failure result when failing to get a pref value instead of more
    gracefully falling back to a default.
  - Using an enum instead of a more strongly typed enum class.
  - Using a pref branch instead of the preferred Preferences.h API.
  - Manual memory management.
  - Unnecessary use of pointers.

MozReview-Commit-ID: FKw5kBhnwxL

--HG--
extra : transplant_source : %21K%E2%83/%A5%AB%DB3%F4%FB%2CUD%9E%B6l%1C%3A%22
 2016-04-15 16:51:41 -07:00
Carsten "Tomcat" Book eae4a312af Bug 1261751 - Problems with OS X Sandboxed TempDir and Rules. r=bobowen r=gcp 
--HG--
extra : amend_source : 2011128c7e5406d7865da2b24f81facf7889cb0e
 2016-04-16 09:00:29 +02:00
Jonas Sicking d310d4dcee Fix unified-build bustage from bug 1264706. r=bustage 2016-04-15 15:21:38 -07:00
Jonas Sicking 32e5673b7a Fix linting bustage for bug 1264706. r=bustage 2016-04-15 15:12:39 -07:00
Jonas Sicking 9c521f30da Bug 1264706: Move nsILocalCertService, and implementation, to security/manager/ssl in order to alloow use w use elsewhere in gecko. r=dkeeler 
--HG--
rename : devtools/shared/security/LocalCertService.cpp => security/manager/ssl/LocalCertService.cpp
rename : devtools/shared/security/LocalCertService.h => security/manager/ssl/LocalCertService.h
rename : devtools/shared/security/nsILocalCertService.idl => security/manager/ssl/nsILocalCertService.idl
rename : devtools/shared/security/tests/unit/test_cert.js => security/manager/ssl/tests/unit/test_local_cert.js
 2016-04-15 14:52:13 -07:00
Julian Hector d9a01beca2 Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld 2016-04-13 12:41:19 +00:00
J.C. Jones 63f7ce5155 Bug 1244960 - Complete FIDO u2f NSSToken (Part 1). r=keeler, r=baku 
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
  onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
  with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.

Updates per keeler review comments:

- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review

April 11-12:

- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest

April 15:
- Rebase to latest

MozReview-Commit-ID: 6T8jNmwFvHJ

--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
 2016-04-15 09:29:12 -07:00
Tim Taubert 501a3b98fe Bug 1235634 - Construct nsNSSShutdownList::singleton lazily on first use r=keeler 2016-04-13 11:06:44 +02:00
Mark Goodwin 23e56a0fd2 Bug 1252882 - Add a Content Signature Service r=keeler,r=franziskus,r=Cykesiopka 
MozReview-Commit-ID: 2nS6vN3iDKe
 2016-04-13 13:26:01 +01:00
Mark Goodwin bc46a6a645 Bug 1252882 - Content-Signature Service - some tests r=keeler,r=fkiefer 
MozReview-Commit-ID: AQGAABvRbNZ
 2016-04-08 14:27:52 +01:00
Thomas Zimmermann e1b5ef463a Bug 1264226: Don't use '_COARSE' Posix clocks if not defined, r=jld 
Not all systems (i.e., Gonk) support CLOCK_MONOTONIC_COARSE and
CLOCK_REALTIME_COARSE. With this patch, we don't refer to them if
they are not supported.
 2016-04-14 10:12:39 +02:00
Cykesiopka c510e4037b Bug 1029173 - Clean up nsDataSignatureVerifier. r=keeler 
This patch does the following:
 - Implements nsNSSShutDownObject.
 - Replaces more raw pointers with smart pointers.
 - Fixes other misc issues.

MozReview-Commit-ID: HulWdonEbP8

--HG--
extra : transplant_source : %DC%27%14%AE%28%A2F%80%1F%2C%83L%D3h%A2%C7k%F0%1C%2B
 2016-04-12 18:09:06 -07:00
Kai Engert 70551ded71 Bug 1258375, NSS_3_24_BETA6 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium 2016-04-12 14:40:44 +02:00
Chris Pearce cb3b390405 Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed 
MozReview-Commit-ID: C6bpItv1qpi
 2016-04-12 16:12:21 +12:00
Chris Pearce 114ad957d2 Bug 1245789 - Load Widevine CDM with sandbox level USER_RESTRICTED instead of USER_LOCKDOWN. r=bobowen 
Otherwise Widevine CDM won't load on Windows. Other GMPs are still loaded at USER_LOCKDOWN.

MozReview-Commit-ID: aCTG1tQuwt
 2016-04-12 16:12:20 +12:00
David Keeler b2887661d5 bug 1263221 - improve how PSM handles the visibility of __CERT_AddTempCertToPerm r=chmanchester,mgoodwin 
MozReview-Commit-ID: GXiXANNa6Op

--HG--
extra : rebase_source : ffb96a89aabd933f200e39d528d6f5f41e035d7e
 2016-04-08 10:30:32 -07:00
Kai Engert f8da0365fd Backout revision 36f75c2863a1, bug 1258375 2016-04-11 17:00:39 +02:00
Kai Engert b471460db8 Bug 1258375, NSS_3_24_BETA5 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium 2016-04-11 16:40:36 +02:00
Cykesiopka b883b2533f Bug 1259909 - Obviate char PORT_Free() calls in PSM. r=keeler 
Also converts the longer |UniquePtr<char, void(&)(void*)> foo(..., PORT_Free)|
to the shorter and equivalent |UniquePORTString foo(...)|.

MozReview-Commit-ID: LlrTNUYBP4V

--HG--
extra : transplant_source : afU%FB%0EC%3E%E0pm%A3-%0E%C8%83%CF%0A%B1%9E%ED
 2016-04-09 01:03:59 -07:00
Ryan VanderMeulen bb5308d31a Merge m-c to inbound. a=merge 2016-04-09 10:08:57 -04:00
ffxbld e7db699836 No bug, Automated HPKP preload list update from host bld-linux64-spot-428 - a=hpkp-update 2016-04-09 04:47:02 -07:00
ffxbld eae40b0bb0 No bug, Automated HSTS preload list update from host bld-linux64-spot-428 - a=hsts-update 2016-04-09 04:47:00 -07:00
Wes Kocher dfc7e5253f Merge m-c to inbound, a=merge 
MozReview-Commit-ID: 9YZdlIARozU
 2016-04-08 16:47:03 -07:00
Wes Kocher b6d0503738 Merge fx-team to central, a=merge 
MozReview-Commit-ID: yuSA0kqs0F
 2016-04-08 15:26:49 -07:00
Dave Townsend bf59524a62 Bug 1257246: Update security/manager for eslint 2. r=cykesiopka 
MozReview-Commit-ID: C04uJOhTbjw

--HG--
extra : rebase_source : 39fb9a3ce183b05e0b924563e055431828bab50d
extra : histedit_source : aacec3a02d251d0ec8e13e78900a6f53bc205ec3
 2016-04-05 11:32:28 -07:00
David Keeler 7dd242bb39 bug 1261936 - stop using the subject common name in certificate verification error messages r=Cykesiopka 
MozReview-Commit-ID: G08cV5GmNDh

--HG--
extra : rebase_source : c79b34d893e7acddc8ee02a6c354dcaa1de07d61
 2016-04-04 16:25:24 -07:00
Julian Hector 2d64db058c Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld 2016-04-06 19:48:23 +00:00
Tim Taubert 63c7f51d31 Bug 842818 - Make Crypto::GetRandomValues() work off the main thread r=baku,keeler,mt 2015-09-22 10:50:36 +02:00
Cykesiopka 54da7e65e7 Bug 1252384 - Remove nsICertTree.isHostPortOverride(). r=dkeeler 
It is unused since the changes in Bug 825583 landed.

MozReview-Commit-ID: 2u2eu0aDqeH

--HG--
extra : transplant_source : f%5Ev%00%B6%8B%3E%5E%26%C3%10%25%D9%16%C1%98yhf%D2
 2016-04-06 07:02:17 -07:00
Bob Owen 907939a278 Bug 1256992 Part 2: Move SandboxBroker Initialization earlier and add telemetry and extra null checks. r=aklotz 
MozReview-Commit-ID: Fu05wLn27UG
 2016-04-07 08:28:14 +01:00
Wes Kocher 06944947a0 Backed out changeset 069c82269f81 (bug 1258375) for Windows xperf failures 
MozReview-Commit-ID: DwhDorbB2PO
 2016-04-06 16:51:48 -07:00
Kai Engert 02dd23b86a Bug 1258375, NSS_3_24_BETA4 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium 2016-04-06 21:43:36 +02:00
Cykesiopka efe5b47ede Bug 1260644 - Use UniquePLArenaPool to manage PLArenaPools in PSM. r=keeler 
MozReview-Commit-ID: HyLXbWoHMGz

--HG--
extra : rebase_source : 6164b7df51e11c4d3814a06bd41765d40be85a9d
 2016-04-04 17:35:24 -07:00
Tim Taubert 313721942c Bug 1261213 - Follow-up to make eslint happy r=bustage 2016-04-06 10:32:16 +02:00
Tim Taubert 96b0d713ad Bug 1261213 - make test_sts_privatebrowsing_perwindowpb.html work under e10s r=keeler,mrbkap,felipe 2016-04-05 12:52:19 +02:00
Cykesiopka 1f493434a0 Bug 1127158 - Remove brittle debug only flag math in nsSecureBrowserUIImpl.cpp. r=dkeeler 
MozReview-Commit-ID: 3d5mYDjzJwf

--HG--
extra : rebase_source : ce0b714b92d9deed79a8a9e24e0d8db4b9eef8c7
 2016-04-01 06:16:58 -07:00
timeless@mozdev.org cbc8dc0b64 Bug 550185 - Ensure nsCertTree::GetCellText returns an initialized value. r=kaie 
--HG--
extra : rebase_source : 4c4529a62c5acb7bba52e8cb94e69e795a85b7e1
 2016-04-04 21:18:00 +02:00
David Keeler 9825c57bc3 bug 1239166 - platform work to support Microsoft Family Safety functionality r=froydnj,mgoodwin,mhowell,rbarnes,vladan 
MozReview-Commit-ID: GhpJqJB97r9

--HG--
extra : rebase_source : e943c1e4d0f008ffd6b6bb4bb63e1daf27ae2c96
 2016-01-12 15:39:43 -08:00
David Keeler 6e4140d766 bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin 
MozReview-Commit-ID: 7xT6JGpOH1g

--HG--
extra : rebase_source : 0def29e8be898a2d975ee4390b3bc6a193766b1b
 2016-02-09 10:14:27 -08:00
Cykesiopka ed5502e22f Bug 1252722 - Add additional tests. r=keeler 
MozReview-Commit-ID: Ds5t8RSd1Mk

--HG--
extra : transplant_source : %92Nx%E8%7E%3A%E6%97w%8A%D0%102%7D%8D%93%A2%9D%A4%25
 2016-03-31 17:33:06 -07:00
Cykesiopka bc9cb4c633 Bug 1252722 - Improve handling of PK11_* function error codes. r=keeler 
MozReview-Commit-ID: DWNNXq8ZJ47

--HG--
extra : transplant_source : N%10%80%B2%9C%DEwu%0B%BF%FB%3B%D4%06%D8W%2AyBh
 2016-03-31 17:33:00 -07:00
Cykesiopka 531fe59f42 Bug 1252722 - Ensure arguments of all public methods are checked. r=keeler 
MozReview-Commit-ID: 5UJup8k8iGe

--HG--
extra : transplant_source : %D0v%7B%F2%60%04%E3%11%15_%AC%A0%D0%CE%0D%3A0q%96%24
 2016-03-31 17:32:53 -07:00
Cykesiopka 0ebbbafe4b Bug 1252722 - Use smart pointers for NSS resources. r=keeler 
MozReview-Commit-ID: Gg3DNjGiNIQ

--HG--
extra : transplant_source : _%AC%97%FA%DA%FF%FE%95%E5%D4%3C%BE%82%E4%24%D9F%ADB%89
 2016-03-31 17:31:55 -07:00
Cykesiopka db361c5c2d Bug 1252722 - Fully implement nsNSSShutDownObject everywhere. r=keeler 
MozReview-Commit-ID: 4OZ6tCdCGEP

--HG--
extra : transplant_source : U%27%E3%E2A%85%03%AC%FA%C9%9A%9Et%87%E9%F6s%FFy%AC
 2016-03-31 17:31:50 -07:00
David Keeler 581a304acb bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj 
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.

MozReview-Commit-ID: 8GxtgdbaS3P

--HG--
extra : rebase_source : d1bed911f2d5d40229ea06556fee0848668e98b6
 2016-03-28 12:52:40 -07:00
Cykesiopka 7167af4f5a Bug 1251801 - Ensure arguments of all public methods are checked. r=keeler 
MozReview-Commit-ID: 1UQ4thOmUGb

--HG--
extra : transplant_source : V%24o%40%403%BF%B4o%5E%F5%28%91%B8%8A%E2%E3%E9%8B%BF
 2016-03-29 18:14:29 -07:00
Cykesiopka 703b7ef6b1 Bug 1251801 - Improve handling of PK11_* function error codes. r=keeler 
MozReview-Commit-ID: 18acVVAuapm

--HG--
extra : transplant_source : %C3%FD%1D%BF/%E4%A5%BBl%DE%03%BC%0E%CA%04%D8%C6%0Fze
 2016-03-29 18:14:29 -07:00
Cykesiopka b2f33b0ba8 Bug 1251801 - Fully implement nsNSSShutDownObject and obviate manual NSS resource management. r=keeler 
MozReview-Commit-ID: A7a9TVikRPh

--HG--
extra : transplant_source : v%CE%9Df%F6%0AaqJ%D5A%07%B0%2A.%E2%01c%C5%A5
 2016-03-29 18:14:28 -07:00
Wes Kocher caea64b900 Backed out changeset 3ff2b12ffedc (bug 1254667) for upsetting the test_ocsp_caching.js gods on android CLOSED TREE 
MozReview-Commit-ID: JaJXHxKEAvu
 2016-03-29 16:38:18 -07:00
David Keeler 4a9f753dd1 bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj 
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.

MozReview-Commit-ID: 8GxtgdbaS3P

--HG--
extra : rebase_source : 7e81131a6c215bf7af514f150ebe2eb16a5c612a
 2016-03-28 12:52:40 -07:00
Martin Thomson 83f1770c2c Bug 1238001 - Allow TLS info to be updated on renegotiation, r=keeler 
MozReview-Commit-ID: KJaPgEwTvhv

--HG--
extra : rebase_source : f7d0025eca46e191d23aee182c9ace58b7d59b8b
extra : amend_source : 7e98ef0aa34b0c2def205644e1ab9e576417930d
 2016-02-23 08:00:00 -08:00
ffxbld b83f7e6b04 No bug, Automated HPKP preload list update from host bld-linux64-spot-413 - a=hpkp-update 2016-03-28 14:10:40 -04:00
ffxbld fbba08e207 No bug, Automated HSTS preload list update from host bld-linux64-spot-413 - a=hsts-update 2016-03-28 14:10:40 -04:00
Kyle Huey d9265a3eaf Bug 1259294: Part 2 - Use MOZ_ALWAYS_SUCCEEDS. r=froydnj 2016-03-28 10:28:15 -07:00
Cykesiopka e05e655f1b Bug 1258298 - Switch more Scoped.h templates in PSM to UniquePtr equivalents. r=keeler 
MozReview-Commit-ID: 8VOhiuNOlBX

--HG--
extra : amend_source : 70d01c7a061c4b751d643d1277e3185ccf348e54
 2016-03-24 18:30:37 -07:00
Cykesiopka e031eef545 Bug 1259149 - Add additional tests for the nsIPK11* and nsIPKCS11* implementations. r=keeler 
After these additions, the majority of the API surface should be covered.

MozReview-Commit-ID: CvpEX6Cm94d

--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_list.js => security/manager/ssl/tests/unit/test_pkcs11_module.js
extra : transplant_source : %B3%E0%09%B9%E4b%D0A%F0%00r%08%1F%9Dm%E7%CC9%E3l
 2016-03-24 18:29:39 -07:00
Ted Mielczarek 815dd278b6 bug 1259753 - fix some C++ unittests to use ScopedXPCOM to init XPCOM. r=ms2ger 
MozReview-Commit-ID: B6xdlB9Di0y

--HG--
extra : rebase_source : 182d29d677c77ae6780260f5fc9b0792bdd98f84
extra : amend_source : 1e4fa2453d6773bd1e63f52b7aa3bf61e61600ff
 2016-03-25 10:04:37 -04:00
Nathan Froyd 8cd3125d35 Bug 1255438 - fix OS X warning bustage and reopen this CLOSED TREE; r=me 2016-03-25 10:09:01 -04:00
Nathan Froyd 0e58a8d0a5 Bug 1255438 - create nsI{Mutable,}Array directly; r=keeler 2016-03-25 09:36:25 -04:00
Nathan Froyd e1d8b92ec6 Bug 1255425 - part 2 - pack kSTSPreloadList into a more efficient format; r=keeler 
Entries in kSTSPreloadList currently look like:

class nsSTSPreload
{
  public:
    const char *mHost;
    const bool mIncludeSubdomains;
};

This is inefficient for a couple of reasons:

* The structure has a bunch of wasted space: it takes 8 bytes on 32-bit
  platforms and 16 bytes on 64-bit platforms, even though it only uses 5
  and 9 bytes, respectively.

* The |const char*| requires additional space in the form of relocations
  (at least on Linux/Android), which doubles the space cost of
  individual entries.  (The space cost of the relocations is mitigated
  somewhat on Linux and Android because of elfhack, but there's still
  extra cost in the on-disk format and during the load of libxul to
  process those relocations.)

* The relocations the structure requires means that the data in it can't
  be shared between processes, which is important for e10s with multiple
  content processes.

We can make it more efficient by structuring it like so:

static const char kSTSPreloadHosts[] = {
  // One giant character array containing the hosts, in order:
  //   "example.com\0example.org\0example.test\0..."
  // Use an array rather than a literal string due to compiler limitations.
};

struct nsSTSPreload
{
  // An index into kSTSPreloadHosts for the hostname.
  uint32_t mHostIndex: 31;
  // We use the same datatype for both members so that MSVC will pack
  // the bitfields into a single uint32_t.
  uint32_t mIncludeSubdomains: 1;
};

nsSTSPreload now has no wasted space and is significantly smaller,
especially on 64-bit platforms (saves ~29K on 32-bit platforms and ~85K
on 64-bit platforms).  This organization does add a couple extra
operations to searching for preload list entries, depending on your
platform, but the space savings make it worth it.
 2016-03-24 15:09:28 -04:00
Nathan Froyd b2490bf812 Bug 1255425 - part 1 - clearly delineate steps when outputting HSTS preload list; r=keeler 
The main loop of |output| tweaks entries, filters out entries based on
some conditions, and writes out the actual entries we're going to use.
Let's separate those three steps so it's clearer what's happening where.
 2016-03-11 15:35:47 -05:00
David Keeler 08f83f4f99 bug 1257969 - update test_pinning_dynamic.js test certificates to not use subject common name for name information r=jcj 
MozReview-Commit-ID: 1NpjJO9r8ma

--HG--
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec
extra : rebase_source : 9fa95f73f616da87f19bf8c5f7749b02b52b9696
 2016-03-18 14:14:00 -07:00
Gregory Szorc 6a9168778b Bug 1124033 - Disable C4311 and C4312 in directories exhibiting warnings; r=ehsan 
There are a long tail of C4311 and C4312 warnings in VS2015. Rather than
wait until all of them are fixed to land VS2015, we're taking the easy
way out and disabling these warnings in every directory currently
exhibiting a warning. This is evil. But it is a lesser evil than
globally disabling C4311 and C4312. At least with this approach new
C4311 and C4312 warnings in directories that aren't suppressing them
shouldn't be introduced.

MozReview-Commit-ID: 2cwWrjMD6B9

--HG--
extra : rebase_source : 3e7b8ea042765fdf138f5ca93a0f9dab75a95fcd
 2016-03-23 17:19:20 -07:00
David Keeler eabc80d212 bug 1258579 - remove some unnecessary time-related globals from mozilla::pkix tests r=Cykesiopka 
MozReview-Commit-ID: C0XPTdO4Ab7

--HG--
extra : rebase_source : cb97b17cc5f3bd2fe1fe2bd13cae5447e029c14d
 2016-03-22 10:26:30 -07:00
Bob Owen db4259c176 Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley 2016-03-23 08:10:43 +00:00
Cykesiopka c343159d73 Bug 1253108 - Enable ESLint "strict" rule for PSM. r=keeler 
MozReview-Commit-ID: 4wElZ8Guq9z

--HG--
extra : rebase_source : 60fb87c33d041994f35cbf9fd2fb3a55bd753bc6
 2016-03-19 03:07:13 -07:00
Boris Zbarsky bc347a401b Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:35 -04:00
Boris Zbarsky 42b3bbe27a Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky 54987c5cc1 Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky efa07c06d1 Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Sebastian Hengst 0e9bf1445a Backed out changeset 6e95ee3cd4c6 (bug 1257919) 2016-03-22 21:10:21 +01:00
Sebastian Hengst e6e4d30446 Backed out changeset c4faeb0be959 (bug 1257919) 2016-03-22 21:10:12 +01:00
Sebastian Hengst 336c2cc4ae Backed out changeset 08f1c7239cdf (bug 1257919) 2016-03-22 21:10:01 +01:00
Sebastian Hengst 8b2bf79a7a Backed out changeset ff81c52375ba (bug 1257919) 2016-03-22 21:09:32 +01:00
Boris Zbarsky 8062407932 Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:35 -04:00
Boris Zbarsky 5df498fbd2 Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky cc563df19f Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky 38af226a36 Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Carsten "Tomcat" Book 0262976513 Backed out changeset 917819510b3f (bug 1235634) for memory leaks on a CLOSED TREE 2016-03-22 16:08:55 +01:00
Tim Taubert 5706816622 Bug 1235634 - Construct nsNSSShutdownList::singleton lazily on first use r=keeler 2016-03-22 15:13:05 +01:00
Carsten "Tomcat" Book 417d5d9533 Backed out changeset 0fedfd441a06 (bug 1256992) for gtest failures 2016-03-22 09:54:55 +01:00
Bob Owen 72e4566fa4 Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley 2016-03-22 07:40:03 +00:00
Cykesiopka 1a9cf03eb1 Bug 1251009 - Remove unused nsICertificateDialogs.notifyCACertExists() method. r=keeler, r=mfinkle 
MozReview-Commit-ID: 5CFAsy5e1Cl

--HG--
extra : rebase_source : eed2fc5d3511c140dfe6046079347e9a881e2803
 2016-03-16 12:48:59 -07:00
Cykesiopka 9e0106d044 Bug 1004149 - Add some missing OCSP URL tests. r=keeler 
MozReview-Commit-ID: Iiyv6sMKEWV

--HG--
extra : transplant_source : S%CCT/%B2%7C%F1%3E%D4%A6%C4%C2%AA%F0%AA%40%DF%F2%29d
 2016-03-18 21:11:09 -07:00
Cykesiopka bdfc5290f6 Bug 1004149 - Return mozilla::pkix::Result values in nsNSSHttpInterface functions. r=keeler 
MozReview-Commit-ID: Kx1E3HLP7zC

--HG--
extra : transplant_source : %F0%068%83%E21dM-%FE%7C%EC1%1E%05h%E6%1D%271
 2016-03-18 21:11:03 -07:00
Cykesiopka 6698ff0184 Bug 1004149 - Remove some dead code. r=keeler 
MozReview-Commit-ID: JF6IgVCEUVe

--HG--
extra : transplant_source : %B5%E0%F4%20%8C%BC%CF%23a%2B%DB%A5kG%D6%98%CC%D1%1D%23
 2016-03-18 21:10:54 -07:00
ffxbld ce9073e1b8 No bug, Automated HPKP preload list update from host bld-linux64-spot-543 - a=hpkp-update 2016-03-19 04:43:32 -07:00
ffxbld a593c802bf No bug, Automated HSTS preload list update from host bld-linux64-spot-543 - a=hsts-update 2016-03-19 04:43:30 -07:00
David Keeler 3db46cef2e bug 1240118 - add functionality to treat a test certificate as a built-in root r=mgoodwin 
MozReview-Commit-ID: GJMd2zEAcmX

--HG--
extra : rebase_source : d2d55c593368b4e5d8562484673a1018dc5ad02d
 2016-03-15 17:19:00 -07:00
Cykesiopka e6008c2304 Bug 1251011 - Enable ESLint "no-undef" rule for PSM. r=keeler r=mossop 
MozReview-Commit-ID: 1lbwWWkJjqq

--HG--
extra : rebase_source : 10fa76138cb5c4ac53b2b49f99b26ce3748f9fff
 2016-03-16 16:50:33 -07:00
Gregory Szorc 4ab279264e Bug 1257036 - Disable C4302 to unblock compilation on VS2015; r=bobowen 
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. But the warning
occurs in third party code, so my hands are tied.

MozReview-Commit-ID: A0UF2RHJzVo

--HG--
extra : rebase_source : 3fc5300f6f67274162f4d65fd83eb9c18b4bf716
 2016-03-16 13:27:59 -07:00
David Keeler d27e176906 bug 1236964 - enable Certum Trusted Network CA 2 root certificate for EV treatment r=jcj 
MozReview-Commit-ID: 8QlBgAdXjlm

--HG--
extra : rebase_source : 07affb67f289f9d460e3eac147dcd44945da182d
 2016-03-15 16:08:15 -07:00
David Keeler fceae4c33d bug 1256495 - temporarily check build-time-generated PSM xpcshell test certificates in to the tree r=Cykesiopka 
MozReview-Commit-ID: GIJgI4mFpGL

--HG--
extra : rebase_source : 143f72f3c8d6c0ac41151b9db38bec2fbaacd76b
 2016-03-14 17:30:36 -07:00
Cykesiopka 301ab6716b Bug 1250258 - Partially clean up nsNSSCertificateDB.cpp import methods. r=keeler 
MozReview-Commit-ID: Dbk5N1FwdWB

--HG--
extra : rebase_source : d97d4802af2f41218be2d210a8ecdb9bf1885122
 2016-03-16 03:54:26 -07:00
Brian Smith 30373af60a Bug 1189020 - Replace |// unnamed namespace| with |// namespace| in mozilla::pkix. r=Cykesiopka 
This is what Google suggests in its style guide, and somebody
already changed one of these comments to the new style.

--HG--
extra : rebase_source : fe3f7fc17a2fc09ad0ba01fa1511dc8dba7653e1
 2016-03-16 07:10:00 +01:00
Nathan Toone 4557e5f651 Bug 1092004 - Use getdtablesize for non-gonk builds as well. r=glandium 
When building non-gonk builds, ANDROID_VERSION is not set.  Beginning with NDK 11, getdtablesize is no longer included.  This means that we should use the stub version of the function that is defined in android_stub.h for all android platforms.  This patch moves the function out of the "#if ANDROID_VERSION >=21" block so that all android code can use it.

Adding glandium as the reviewer, because he reviewed the original patch at bug 1103816.

MozReview-Commit-ID: 2NmUl5XuvDS

--HG--
extra : transplant_source : %03%8C/%E0%20t%D0%3Al4%D4Oh%CB_%07%8A%24r%CC
 2016-03-14 16:19:12 -06:00
Nicholas Nethercote a2f068b2ad Bug 1253085 - Remove the |PLDHashTable*| argument from PLDHash{HashKey,MatchEntry}. r=froydnj. 
This is easy because it's never needed.

--HG--
extra : rebase_source : 78830dab41c40a1544fa55fc69ca9c1c6709d767
 2016-03-16 15:33:44 +11:00
Tooru Fujisawa 50608d5d55 Bug 1256088 - Merge mock app-info implementation into AppInfo.jsm. r=gps 2016-03-16 16:58:29 +09:00
Nicholas Nethercote e098d1b141 Bug 1255655 - Const-ify kPinset_* arrays. r=cykesiopka. 
--HG--
extra : rebase_source : b8c360a7c79bd3e79d30210cd8e624e3e4eae7c3
 2016-03-11 13:54:41 +11:00