c12302354f
Bug 1228410, land NSS 3.22 Beta 2, r=nss-confcall
...
--HG--
rename : security/nss/tests/ssl_gtests/parsereport.sed => security/nss/tests/common/parsegtestreport.sed
2016-01-25 16:14:18 +01:00
adf7436ccc
Bug 1235089 - Split out OCSP Must Staple tests from test_ocsp_stapling.js to avoid intermittent time outs. r=keeler
...
test_ocsp_stapling.js can take ~290s to run on e.g. b2g-emu-x86-kk, which is very close to the default 300s limit.
Splitting out some tests should reduce the intermittent time outs.
--HG--
rename : security/manager/ssl/tests/unit/test_ocsp_stapling.js => security/manager/ssl/tests/unit/test_ocsp_must_staple.js
2016-01-24 02:24:00 -05:00
a747e7e178
Merge m-i to m-c, a=merge
2016-01-23 17:42:50 -08:00
09dc03c5a7
No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update
2016-01-23 04:36:34 -08:00
3da59d3c6d
No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update
2016-01-23 04:36:32 -08:00
e2fe0b8f62
Bug 1233328 - Part 2: Use SHA-256 StaticFingerprints directly instead of StaticPinset since the SHA-1 StaticFingerprints entry will always be null. r=keeler
2016-01-20 20:45:29 -08:00
638ba07af3
Bug 1233328 - Part 1: Ignore SHA-1 pins in PublicKeyPinningService.cpp. r=keeler
2016-01-20 20:40:01 -08:00
ab4e3a0d42
Bug 1218816 - Remove useless semicolons. Found by coccinelle. r=Ehsan
...
--HG--
extra : rebase_source : 7d2cc56b6553cd7a8d848d3c660f30735bd82eec
2016-01-22 16:58:49 +01:00
2af33cad3c
bug 1240173 - improve nsIX509Cert.dbKey r=Cykesiopka
...
--HG--
extra : rebase_source : 43ceae97c5188fff16e18a66d25a9fdba320bcc8
2016-01-15 14:33:56 -08:00
113252b726
bug 1239455 - rework telemetry for SHA-1 certificates to reflect possible policy states r=Cykesiopka,mgoodwin,rbarnes
...
Before this patch, we were measuring where SHA-1 was being used in TLS
certificates: nowhere, in end-entities, in intermediates, or in both. However,
the possible SHA-1 policies don't differentiate between end-entities and
intermediates and instead depended on whether or not each certificate has a
notBefore value after 2015 (i.e. >= 0:00:00 1 January 2016 UTC). We need to
gather telemetry on the possible policy configurations.
--HG--
extra : rebase_source : 301c821c8de16ffb924cd198dd0a4d3139536019
2016-01-13 12:50:42 -08:00
7d1bbd8088
Merge inbound to m-c. a=merge
2016-01-17 14:37:29 -05:00
45b07b40c1
No bug, Automated HPKP preload list update from host bld-linux64-spot-439 - a=hpkp-update
2016-01-16 04:03:46 -08:00
a2da16b4a2
No bug, Automated HSTS preload list update from host bld-linux64-spot-439 - a=hsts-update
2016-01-16 04:03:44 -08:00
68d44577b4
Bug 1237232 - Properly check the result of Vector append() calls in security/. r=keeler
2016-01-13 22:05:08 +01:00
17c8d8e45c
bug 1232766 - update the preloaded pinset for Google domains r=rbarnes
...
Also includes a script for making this process faster in the future.
2015-12-28 12:30:14 -08:00
3f4e7bf8d5
Bug 1235188 - Fix -Wformat warnings in security/certverifier/. r=keeler
...
security/certverifier/NSSCertDBTrustDomain.cpp:433:26 [-Wformat] format specifies type 'long' but the argument has underlying type 'int'
security/certverifier/NSSCertDBTrustDomain.cpp:433:48 [-Wformat] format specifies type 'long long' but the argument has type 'mozilla::pkix::Time'
2015-12-28 18:41:54 -07:00
9c54b2fdae
No bug, Automated HPKP preload list update from host bld-linux64-spot-506 - a=hpkp-update
2016-01-09 04:38:50 -08:00
98b790fabc
No bug, Automated HSTS preload list update from host bld-linux64-spot-506 - a=hsts-update
2016-01-09 04:38:48 -08:00
1768759efb
Bug 1220564 - Update chrome code uses of genexprs and legacy comprehensions. (r=billm)
2016-01-06 16:02:16 -08:00
83aec61b67
bug 1230377 - part 2/2: simplify nsIKeyObject and nsIKeyObjectFactory r=jcj
...
nsIKeyObject and nsIKeyObjectFactory defined an interface that was largely
unimplemented. This cuts the interface back to what actually exists in code.
--HG--
extra : rebase_source : 6241e801c3bd7f17518af648158fcfdcd0bda9cf
2015-12-04 10:36:51 -08:00
3da7665447
bug 1230377 - part 1/2: ensure nsKeyObject releases NSS resources on shutdown r=jcj
...
--HG--
extra : rebase_source : 869dfb9450224677a05ac8566056872e8ff82c82
2015-12-03 16:22:34 -08:00
1f26ea8aca
Bug 1214305 - Part 10: Clean up global DataStorage references in the child process; r=keeler
2016-01-04 16:30:02 -05:00
67ff8ead96
No bug, Automated HPKP preload list update from host bld-linux64-spot-389 - a=hpkp-update
2016-01-02 04:05:33 -08:00
5b3f84c48b
No bug, Automated HSTS preload list update from host bld-linux64-spot-389 - a=hsts-update
2016-01-02 04:05:31 -08:00
4034ee65b8
Bug 1235308 - Fix -Wimplicit-fallthrough warnings in security/. r=keeler
...
security/certverifier/NSSCertDBTrustDomain.cpp:282:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsNSSComponent.cpp:149:3 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsSecureBrowserUIImpl.cpp:1406:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
2015-12-25 00:03:35 -07:00
eb1ef42d57
No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update
2015-12-26 04:05:29 -08:00
3af3c75cc9
No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update
2015-12-26 04:05:27 -08:00
d7478b6b1e
Bug 1234955 - Make TEST_DIRS a SPECIAL_VARIABLE. r=gps
...
Using TEST_DIRS is nothing more than a shortcut for
if CONFIG['ENABLE_TESTS']:
DIRS += [...]
As such, we might as well remove it being a separate variable, and use some
Context magic to just fill DIRS when ENABLE_TESTS is set.
The security/manager/ssl/tests/unit/moz.build change ensures that the order
of DIRS before the change is kept, not because it matters, but because it
allows to confirm that nothing else is modified by this change.
2015-12-24 13:12:49 +09:00
2c2f66f499
Bug 1232454 - use UniquePtr<T[]> instead of nsAutoArrayPtr<T> in security/apps/; r=keeler
...
As a nice side effect, we also fix a (rare) memory leak in
AppTrustDomain::SetTrustedRoot.
2015-12-06 08:06:03 -05:00
b71c3763d0
Backed out changeset f103fd636405 (bug 1232582) for b2g debug xpcshell failures in test_name_constraints.js
2015-12-21 11:01:22 -08:00
537c84d51c
Merge mozilla-central to mozilla-inbound
2015-12-21 11:54:26 +01:00
0349798a7f
No bug, Automated HPKP preload list update from host bld-linux64-spot-573 - a=hpkp-update
2015-12-19 04:09:26 -08:00
beab6972e5
No bug, Automated HSTS preload list update from host bld-linux64-spot-573 - a=hsts-update
2015-12-19 04:09:24 -08:00
20d4ccd20d
Bug 1232582 - Sort PSM xpcshell.ini and fix --tag psm to actually run all tests. r=dkeeler
...
--HG--
extra : transplant_source : X%02%F1%9Cq%90%8B%0D%04K%C1%1E%A0%BB%F5%7D%2Bs%1BQ
2015-12-17 07:55:54 -08:00
05919374b8
Bug 1229284 - Remove support for SHA-1 hashes in genHPKPStaticPins.js. r=keeler
2015-12-17 07:52:00 +01:00
cf2300da93
bug 1230994 - December 2015 batch of EV root CA changes r=mgoodwin
...
Adds:
bug 1193480:
CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
bug 1147675:
CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A...,L=Ankara,C=TR
bug 1230985:
OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
bug 1213044:
CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
2015-12-14 14:44:44 -08:00
ee3a10a104
Merge mozilla-central to mozilla-inbound
2015-12-16 12:03:47 +01:00
151142df55
Bug 1227248 - Part 2: Add GeneratedTest{Certificate,Key} mozbuild templates. r=gps
...
--HG--
extra : commitid : 793A1duvlom
extra : rebase_source : 5a8fa9f0fb76dceb19525986381cb2a28676601b
extra : histedit_source : aebc6e99e83aaafba08626517850ff4ee23e4c82
2015-12-14 11:50:56 -08:00
48de284e31
Bug 1222500 - Handle unexpected thread creation better on desktop Linux. r=gdestuynder
2015-11-30 18:21:00 +01:00
4bd144165f
Bug 1224875 - Enable TLS extended master secret. r=keeler
2015-12-13 12:09:18 +09:00
d729dd725a
No bug, Automated HPKP preload list update from host bld-linux64-spot-1077 - a=hpkp-update
2015-12-12 04:08:02 -08:00
28f9941a1a
No bug, Automated HSTS preload list update from host bld-linux64-spot-1077 - a=hsts-update
2015-12-12 04:08:00 -08:00
b3dba24f5a
Bug 1200567 - ensure shipped blocklist.xml doesn't affect the test_cert_blocklist.js. r=dkeeler
...
Caused comm-central TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/unit/test_cert_blocklist.js | - revocations.txt should be as expected
2015-12-10 19:08:09 +02:00
ec5f2e23e7
Merge m-c to inbound. a=merge
...
--HG--
rename : browser/.eslintrc => storage/.eslintrc
rename : devtools/.eslintrc => toolkit/components/extensions/.eslintrc
extra : rebase_source : 5b2d39a455c81a001bd26e7bc85e7fbacdb79171
2015-12-05 15:27:33 -05:00
289a16635a
Merge fx-team to m-c. a=merge
2015-12-05 15:09:41 -05:00
4dd525a926
No bug, Automated HPKP preload list update from host bld-linux64-spot-049 - a=hpkp-update
2015-12-05 04:05:19 -08:00
d2a4d282da
No bug, Automated HSTS preload list update from host bld-linux64-spot-049 - a=hsts-update
2015-12-05 04:05:17 -08:00
92b2551106
Bug 1207146 - Add a link to expert technical information in the cert error page. r=Gijs,keeler
2015-12-04 19:46:13 +02:00
05eb71c3a0
Bug 1229804: Use the correct string length in Windows sandbox logging. r=tabraldes
2015-12-03 11:19:14 +00:00
df451fe7b0
merge mozilla-inbound to mozilla-central a=merge
2015-12-03 12:00:42 +01:00
Kai Engert
Cykesiopka
Phil Ringnalda
ffxbld
Sylvestre Ledru
David Keeler
Ryan VanderMeulen
Jan de Mooij
Chris Peterson
Shu-yu Guo
Ehsan Akhgari
Mike Hommey
Nathan Froyd
Wes Kocher
Carsten "Tomcat" Book
Nick Alexander
Jed Davis
Masatoshi Kimura
Magnus Melin
Panos Astithas
Bob Owen