Граф коммитов

4046 Коммитов

Автор SHA1 Сообщение Дата
Cykesiopka 13116b6d68 Bug 1289151 - Remove obsolete nsIWalletService related code. r=jcj
It appears the wallet code was not included during the initial 2007 import of
code from CVS to Mercurial, so anything referencing wallet has been dead code
ever since.

MozReview-Commit-ID: BRTd1M0DsT0

--HG--
extra : transplant_source : %BC%FC%05%AE%B5%8C%DC%21J%DC%B4%B17M%19%AA%F3%B9%05L
2016-07-27 01:53:20 +08:00
Cykesiopka 4a43c75897 Bug 1287290 - Use ScopedAutoSECItem in PSM more. r=dkeeler
ScopedAutoSECItem is useful for:
1. Removing manual memory management.
2. Getting rid of this pattern:
   > UniqueSECItem item(SECITEM_AllocItem(nullptr, nullptr, 0));
   While this pattern works, ScopedAutoSECItem is slightly superior in that it
   doesn't unnecessarily cause a SECItem to be allocated from the heap.

MozReview-Commit-ID: 8DPD9gtzeru

--HG--
extra : transplant_source : %10l%27C%12%3E%08%85q%06%1A%FC%FB%DE%F9%A3%99%0AN%A1
2016-07-25 15:06:34 +08:00
Cykesiopka 8297eb8984 Bug 1281665 - Change nsIClientAuthDialogs.chooseCertificate() to use hostname instead of CN. r=keeler
chooseCertificate() currently uses a concatenation of the Common Name of the
server cert and the port of the server to allow the user to identify the server
requesting client authentication. Unfortunately, this approach is flawed, since
it doesn't take into account things like SAN entries, which might be very
different from the CN.

Using the hostname instead avoids this problem.

MozReview-Commit-ID: 6XjGCknWNi9

--HG--
extra : transplant_source : k%10N%7B%E8%A4%9B%C9%9A%23Q%D1%99%D2%A3%C0.%2B%7F%A5
2016-07-26 20:16:58 +08:00
Iris Hsiao caea40742f Backed out changeset 8dc198cd46ff (bug 1246540) for Mochitest failures 2016-07-27 13:14:07 +08:00
Kate McKinley c6650db185 Bug 1246540 HSTS Priming Proof of Concept
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-26 13:03:00 +08:00
Iris Hsiao a7c8429fc4 Backed out changeset d7e39be85498 (bug 1246540) for Mochitest failures 2016-07-27 11:15:52 +08:00
Kate McKinley 567ebcf321 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
2016-07-26 13:03:00 -04:00
Carsten "Tomcat" Book 25aa8617fc Backed out changeset 1825b8fa636a (bug 1246540) for bustage
--HG--
extra : rebase_source : 45defacae713b2c2f75813fea6f2f289ebc481cd
2016-07-26 12:52:15 +02:00
Kate McKinley 01cbd73591 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-25 12:37:00 +02:00
Franziskus Kiefer 249fa77287 Bug 1263793 - update SAN, r=mgoodwin,ulfr
MozReview-Commit-ID: HtMKl2gP1xi

--HG--
extra : rebase_source : 5173dda521679b2ce6c8caabb3b54cce4f658640
2016-07-25 09:44:19 +02:00
Carsten "Tomcat" Book 0a5622c093 Backed out changeset 640247e978ba (bug 1246540) for bustage 2016-07-24 15:59:31 +02:00
Kate McKinley 547500d5a7 Bug 1246540 - HSTS Priming Proof of Concept. r=honzab
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-22 18:35:00 +02:00
David Keeler f3ec60ef5f backout changeset 1a1d7ef3cb0e (bug 1279479) for causing WebRTC compatibility issues
The WebRTC implementation inherits cipher suite preferences from PSM and then
enables a few mandatory ones and disables a number of undesirable ones. If PSM
makes a change to a cipher suite preference that isn't in WebRTC's whitelist or
blacklist, compatibility issues can arise. See bug 1288246 for an example.

--HG--
rename : security/manager/ssl/tests/unit/test_fallback_cipher.js => security/manager/ssl/tests/unit/test_weak_crypto.js
2016-07-22 10:31:34 -07:00
Tom Tromey 5538d692d3 Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
This removes the unnecessary setting of c-basic-offset from all
python-mode files.

This was automatically generated using

    perl -pi -e 's/; *c-basic-offset: *[0-9]+//'

... on the affected files.

The bulk of these files are moz.build files but there a few others as
well.

MozReview-Commit-ID: 2pPf3DEiZqx

--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
2016-07-14 10:16:42 -06:00
Franziskus Kiefer dd5231632f Bug 1263793 - Using content signature verifier for verifying remote newtab, r=keeler,mayhemer
MozReview-Commit-ID: ABXYYseKImq

--HG--
extra : rebase_source : 79614e5215e738dff9683ad447245bd830c887bf
2016-05-19 10:59:48 +02:00
Chris Peterson b175c9fdd5 Bug 1277106 - Part 2: Expand MOZ_UTF16() strings to u"" string literals. r=Waldo 2016-07-20 22:03:25 -07:00
Wes Kocher e2d9911273 Backed out changeset 21d8bb5af7b4 (bug 1263793) for leaks in various jobs CLOSED TREE 2016-07-20 11:16:37 -07:00
Franziskus Kiefer 9b9c643025 Bug 1263793 - Using content signature verifier for verifying remote newtab, r=keeler,mayhemer
MozReview-Commit-ID: CHUPgBr8WaC

--HG--
extra : rebase_source : 969bd058a157c7307b7a4d3c2a4c5d62e82b7489
2016-05-19 10:59:48 +02:00
Thomas Zimmermann 4bee1b2945 Bug 1288077: Forward declare arrays by including 'nsTArrayForwardDeclare.h', r=froydnj
MozReview-Commit-ID: 4RBeHDyhQgr
2016-07-20 17:29:36 +02:00
Masatoshi Kimura c37817e366 Bug 1250582 - Remove SSL_FALLBACK_LIMIT_REACHED telemetry. r=keeler
Bug 1084025 added this telemetry to measure the impact of bumping the fallback limit.
But we already bumped the fallback limit to TLS 1.2 long before. We will not need this kind of telemetry until we bump the fallback limit to TLS 1.3 that will not happen in the near future. So let's just remove wasting resource for now.

MozReview-Commit-ID: 22o8FirlYql

--HG--
extra : rebase_source : c04b6a7aa7bf8970b22c24dcb1d8f0184330cb43
2016-07-16 14:16:06 +09:00
David Keeler 56d2f86c86 bug 1284946 - remove usages-related APIs from nsIX509Cert r=Cykesiopka,Felipe,jcj
nsIX509Cert provided the APIs getUsagesArray, requestUsagesArrayAsync, and
getUsagesString. These APIs were problematic in that the synchronous ones would
cause certificate verification to block the main thread and the asynchronous one
was needlessly indirect in its definition (it made use of two additional
special-case xpidl types) and needlessly complex in its implementation (it
required nsNSSComponent to manually manage a background thread without the aid
of recent improvements in that area (e.g. CryptoTask)). Furthermore, these APIs
would return string descriptions of the usages the certificate in question had
been verified for rather than using more concrete identifiers or values. This
paradigm is usable but imprecise. The new nsIX509CertDB API
asyncVerifyCertAtTime is much more expressive, enforces off-main-thread
computation, and makes use of CryptoTask for a simple implementation. Using this
API, previous uses of the old nsIX509Cert APIs can be replaced. As an additional
benefit, this removes a ton of obsolete C++ code.

MozReview-Commit-ID: KXVTcjAKehu

--HG--
extra : rebase_source : 50c51f73b2b61ed0ad4dc9702cc5df470ce998bc
2016-07-06 14:45:36 -07:00
David Keeler 16124386f7 bug 1284946 - fix dialog parameter passing in browser_certViewer.js r=Cykesiopka
The changes in bug 1217602 missed that browser_certViewer.js should have been
updated to use a nsIDialogParamBlock instead of a (mock) nsIPKIParamBlock.
"Luckily" the test harness completely ignored the errors resulting from this
oversight.

MozReview-Commit-ID: JlA62L5PPW8

--HG--
extra : rebase_source : ec06cd026f3aec8cc7a7c032cd1c9a9c5a8e9536
2016-07-07 11:14:17 -07:00
Cykesiopka 97767e3585 Bug 1284438 - Enable more ESLint rules for PSM. r=mgoodwin
PSM JS code already pass these rules, so enabling these rules will just help
catch future bugs.

MozReview-Commit-ID: AXM2VoG8jBP

--HG--
extra : transplant_source : 4h%89%5BV7%C6%FB%B2%80%CE%B16%DC%22%BA%20%09%FB%92
2016-07-06 01:59:03 +08:00
Carsten "Tomcat" Book 8262976cf1 merge fx-team to mozilla-central a=merge 2016-07-12 10:57:34 +02:00
David Keeler 48c3eabeea bug 1286067 - add missing parameter for second test case added in bug 1284840 r=emk
MozReview-Commit-ID: 3aQBZeGLjxn

--HG--
extra : rebase_source : bff6a016e806aaec3b79e3aa2ff29fa33ba6663c
2016-07-11 14:35:55 -07:00
Masatoshi Kimura 25ce2ba428 Bug 1284840 - Don't forget TLS intolerance when a DHE-based cipher is used. r=keeler
MozReview-Commit-ID: 70pa7lCLAxQ

--HG--
extra : rebase_source : f7ac3984139ebab86997041550e255c80a90fda2
2016-07-09 13:44:10 +09:00
Johann Hofmann 22b8fe594a Bug 1253771 - Add previous state info to mixed content callback. r=tanvi r=florian
MozReview-Commit-ID: 5msNz97psok

--HG--
extra : rebase_source : 640f86c3cc0b9b5a842a0c104cb269915b727b4b
extra : histedit_source : 6ca75dac152d5135089f9053eb91440058b124e4
2016-04-27 10:38:26 +02:00
Carsten "Tomcat" Book 838f21f656 merge mozilla-inbound to mozilla-central a=merge 2016-07-08 11:58:46 +02:00
Wes Kocher b5739bf710 Bug 1285052 - Followup to fix eslint a=me
--HG--
extra : rebase_source : 32803bdd9e5ec564709645d0e1cba1f0d781b7e5
2016-07-07 11:29:13 -07:00
Richard Barnes 8fc350a13d Bug 1285052 - Enforce a maximum max-age for HPKP r=keeler
MozReview-Commit-ID: 1LD02GkqzTe

--HG--
extra : rebase_source : 127c9dd479b6a48e72da378a4df357a1bba1e6f3
2016-07-06 19:16:29 -04:00
Cykesiopka 54a22335cb Bug 1281569 - Remove unnecessary step of converting nsIX509Certs to Raw DER just to create a CERTCertificate in nsNSSCertificateDB. r=keeler
There are a few places in nsNSSCertificateDB.cpp where the following is done:
1. GetRawDER() is called on a nsIX509Cert to obtain the DER representation of
   the cert.
2. The DER is used to construct a CERTCertificate for use with NSS functions.

This step of converting to the DER is unnecessary, since GetCert() will provide
an already constructed CERTCertificate.

MozReview-Commit-ID: 35KMYI7dCXc

--HG--
extra : transplant_source : %CA%ED%AC/%E3%29D%BB%8D%0F%A9Y%19%B2%E7a%1B%BE%ADv
2016-07-05 02:59:18 -07:00
David Keeler 0b291c778a bug 1023621 - add asynchronous certificate verification API r=Cykesiopka
This API (nsIX509CertDB.asyncVerifyCertAtTime) will eventually replace
nsIX509Cert.getUsagesArray, nsIX509Cert.requestUsagesArrayAsync, and
nsIX509Cert.getUsagesString because those APIs are architecturally problematic
and don't give very precise information in any case.

MozReview-Commit-ID: OzQaBnDRIo

--HG--
extra : rebase_source : 270de8dfa5ed5221a1e012661161842c0afb3e70
2016-06-30 14:09:18 -07:00
Cykesiopka 90d2c0d630 Bug 1281955 - Don't Adopt() NSS allocated strings in PSM to avoid using the wrong deallocator. r=dkeeler
There are a few places in PSM where the result of an NSS function returning
char* is adopted by e.g. an nsXPIDLCString, which will use the wrong deallocator
when the string eventually gets destroyed.

This is basically Bug 1281564, but the free() call is buried within the Mozilla
string code instead.

MozReview-Commit-ID: HVSMyRpLnjS

--HG--
extra : transplant_source : Msmc%DB%16%23%87%00%A1%05%ABB%0BD%97%3B%A1%E7x
2016-06-29 18:42:37 -07:00
Sergei Chernov edb1f658f6 Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler
MozReview-Commit-ID: HZwzSgxarTw

--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
2016-06-15 11:11:00 +03:00
Carsten "Tomcat" Book 3a42c363cc merge mozilla-inbound to mozilla-central a=merge 2016-06-30 12:33:41 +02:00
Cykesiopka d93f9d1b28 Bug 1282004 - Convert TestMD4 CPP unit test into a GTest. r=mgoodwin
Nothing in the file requires functionality provided by the CPP unit test harness,
so making the file a GTest makes it more accessible.

MozReview-Commit-ID: FaAtF0blCwV

--HG--
rename : security/manager/ssl/tests/compiled/TestMD4.cpp => security/manager/ssl/tests/gtest/MD4Test.cpp
extra : transplant_source : edV%1F%0B97%1B%25%FA%0ABH%14%F5%A2Ms/%7E
2016-06-27 09:06:51 -07:00
Cykesiopka 3f7ca34d26 Bug 1282004 - Make it easier to run all PSM GTests at once. r=mgoodwin
Currently, running all the PSM GTests involves providing a filter that catches
all the various tests. This is annoying and error prone.

The changes here make running all PSM GTests as easy as:
  mach gtest "psm*"

MozReview-Commit-ID: EqaysNvwJaQ

--HG--
extra : transplant_source : %0CCM%99%12%18%8D%B9%DD%84%0C%A06%0Ba%AD%A7%EB%B3%FB
2016-06-27 09:06:43 -07:00
David Keeler 3fed4e5ecc bug 1272858 - use a name-agnostic method to find the built-in root PKCS#11 slot r=Cykesiopka
Previously this implementation would use the expected names of the built-in
module and slot to get a handle on them. This doesn't work on distributions that
use other names. The new implementation searches through the slots from the
default module list for one where PK11_HasRootCerts returns true (which
indicates that NSS considers that slot to contain the default built-in root
list).

MozReview-Commit-ID: LmX27hQfFJU

--HG--
extra : rebase_source : 50383dcc77257fe08ce2c7d908e95cda7c4bbe9d
2016-06-23 15:43:47 -07:00
David Keeler fbd578cfcf bug 826783 - make certificate viewer more flexible about its minimum size r=mgoodwin
This makes the certificate viewer able to shrink itself down a bit on small
screen sizes. Without this patch, the "Close" button would be off the screen on
small resolutions like 1024x768. On larger screen sizes, this patch should have
no effect on the initial size of the certificate viewer window (although it now
can be made smaller manually).

MozReview-Commit-ID: IET9dxx23Xc

--HG--
extra : rebase_source : 487c88d626df7184502226b9ce02410adc504f12
2016-06-24 10:23:18 -07:00
Masatoshi Kimura 759c6d2a52 Bug 1279479 - Hide DHE cipher suites from the first handshake. r=keeler
MozReview-Commit-ID: BXZm6EMaLy2

--HG--
rename : security/manager/ssl/tests/unit/test_weak_crypto.js => security/manager/ssl/tests/unit/test_fallback_cipher.js
extra : rebase_source : 925361a6114fa5b09f74e2f61e504a1e3b938805
2016-06-23 03:48:02 +09:00
Cykesiopka 577a05865b Bug 307081 - Make nsIClientAuthDialogs::ChooseCertificate() pass an nsIArray of nsIX509Certs, not strings. r=kats,keeler
This provides implementations of ChooseCertificate() with more flexibility, and
allows callers of ChooseCertificate() to be less complex.

A portion of this work involves reimplementing
nsNSSCertificate::FormatUIStrings() in JS and improving UI strings for l10n.

MozReview-Commit-ID: CE7Uc2ntwmZ

--HG--
extra : transplant_source : R%A8eC%CEO2%DC%20%F7%B4V%F3g%E6h%EB%D5%8D3
2016-06-24 00:12:16 -07:00
Cykesiopka 313db6b516 Bug 307081 - Clean up nsIClientAuthDialogs.idl and implementations. r=kats,keeler
This fixes the following in the IDL:
1. Misleading or unclear parameter names in the IDL. |cn| in practice is the
   concatenation of the CN of the server cert and the port of the server, and
   |issuer| is the Organization of the issuer cert of the server cert.
2. Use of the |wstring| type. |AString| is generally preferred, and has the
   benefit of letting implementations skip null checks due to the use of
   references.
3. Using an explicit |canceled| outparam instead of just setting a return type.
   There is no need for the outparam if the return type can be used.
4. Using |long| (int32_t) for |selectedIndex|. |unsigned long| (uint32_t) is
   more logical, and paves the way for future changes.

This fixes the following in the Android implementation:
1. Lack of checks to ensure the QueryInterface() call succeeded. In practice,
   the call will always succeed, but it's good practice to check anyways.
2. Setting a variable to an nsIPrefService instance initially, then later
   setting it to a pref branch instance later on. This is confusing and
   unnecessary.

This fixes the following in the desktop implementation:
1. Lack of null pointer checking.
2. Trying to get a parent window ref off a context that doesn't actually support
   doing so.
3. Setting a variable to an nsIPrefService instance initially, then later
   setting it to a pref branch instance later on. This is confusing and
   unnecessary.
4. Abusal of the CAPS bundle.
5. Unnecessary variables.
6. Variables declared far away from where they are used.
7. Variable shadowing.
8. Style issues.
9. Lack of documentation.

This also fixes the following:
1. Lack of localisation notes.

MozReview-Commit-ID: FTc6XecJd6h

--HG--
extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.-
2016-06-24 00:12:11 -07:00
Cykesiopka 1bc7589c72 Bug 307081 - Expose nsNSSCertificate.cpp GetKeyUsagesString() as the keyUsages attribute on nsIX509Cert. r=keeler
This allows nsNSSCertificate::FormatUIStrings() to be reimplemented in JS, which
is a necessary step for making nsIClientAuthDialogs::ChooseCertificate() pass an
nsIArray of nsIX509Certs.

Also removes some deprecated and unused constants.

MozReview-Commit-ID: CJITKVlUEtP

--HG--
extra : transplant_source : %1C%09%B2%B5%F4%C4%28%1A%B2%E5%CFsu%8B%B6W%8El%9Cn
2016-06-24 00:12:06 -07:00
Cykesiopka 97ab4b046e Bug 1281564 - Fix misuses of free() as the deallocator in PSM. r=keeler
There are a few places in PSM where free() is used to free memory allocated by
NSS instead of PORT_Free() (or higher level deallocation functions that end up
calling PORT_Free()).

In practice, PORT_Free() is just a wrapper around PR_Free(), which is just a
wrapper around free() if we don't ask NSPR to use a zone allocator.
Gecko explicitly tells NSPR not to use a zone allocator, so the changes here are
mainly for making the code more obviously correct.

This patch also includes some misc cleanup.

MozReview-Commit-ID: 9Ccg5OwlhWR

--HG--
extra : rebase_source : 768979a4bedb1cbdab2398d2a416429d9a241dd6
2016-06-22 15:56:11 -07:00
Cykesiopka 26dc8be640 Bug 1280331 - Update HPKP preload script URL to deal with renaming of transport_security_state_static.certs. r=keeler
4361f2ad66
renamed transport_security_state_static.certs to
transport_security_state_static.pins, so the URL needs to be updated to avoid
a 404.

MozReview-Commit-ID: 1FmYdi0mMcI

--HG--
extra : rebase_source : 25ebf2290cab6ee12f98bc65972b696c45d506d0
2016-06-21 16:11:57 -07:00
Masatoshi Kimura bdcdded91f Bug 1281084 - Enable TLS 1.3 PSK-resumption for AES-256-GCM and ChaCha20/Poly1305. r=keeler 2016-06-22 21:55:13 +09:00
Mark Goodwin d3dde26071 Bug 1280224 - Initial values for the content signature root pref are ignored. r=keeler
MozReview-Commit-ID: 9y8wsVcz0hz
2016-06-21 15:24:52 +01:00
David Keeler 540b8f3d01 bug 1278041 - skip TLS Feature checks so HPKP can be set r=mgoodwin
This is safe because TLS Feature checks have already been done when connecting
to the site in the first place.

MozReview-Commit-ID: HfbcrAv4bCJ

--HG--
extra : rebase_source : d1f22c1a4e2c8535e10bd071c937a1aac7b8e2fd
2016-06-20 16:36:36 -07:00
Onno Ekker f1de083a08 Bug 1279953 - Ambiguous string usage for "not encrypted page". r=dolske
--HG--
extra : rebase_source : e6ea020d8b98e9bef2e895e5312edc47d839cc2c
2016-06-13 22:14:04 +02:00
David Keeler febcbb464f bug 1278605 - ensure that nsICertOverrideService can be implemented in JS r=Cykesiopka
MozReview-Commit-ID: KSVeraWuRPZ

--HG--
extra : rebase_source : 15f7abb08b57c8525e44f39c5e10c9cc5299dc47
2016-06-07 11:27:33 -07:00