826cd3d4e3
Bug 1211568, land NSS_3_21_RTM r=martin.thomson, and adjust Makefiles r=mh
2015-11-13 18:03:01 +01:00
a954826958
Bug 901698 - Some tests for OCSP-must-staple; r=keeler
2015-11-13 16:49:09 +00:00
31adb1a5c5
Bug 901698 - Implement OCSP-must-staple; r=keeler
2015-11-13 16:49:08 +00:00
a1cf24355b
bug 1223466 - update extended validation information to deal with root removals in NSS 3.21 r=mgoodwin
...
These entries were removed:
from bug 1204962:
CN=TC TrustCenter Universal CA III,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE
SHA-256: 309B4A87F6CA56C93169AAA99C6D988854D7892BD5437E2D07B29CBEDA55D35D
SHA-1: 9656CD7B57969895D0E141466806FBB8C6110687
from bug 1204997:
CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
SHA-256: 793CBF4559B9FDE38AB22DF16869F69881AE14C4B0139AC788A78A1AFCCA02FB
SHA-1: D3C063F219ED073E34AD5D750B327629FFD59AF2
from bug 1208461:
CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
SHA-256: 85FB2F91DD12275A0145B636534F84024AD68B69B8EE88684FF711375805B348
SHA-1: 58119F0E128287EA50FDD987456F4F78DCFAD6D4
2015-11-10 10:13:18 -08:00
ea2623adb5
Merge m-c to inbound, a=merge
...
--HG--
extra : commitid : 93SodIi80b2
2015-11-11 17:12:26 -08:00
fa64c65e7c
Bug 1219088 - Clear the session cache when a weak crypto override is revoked. r=keeler
2015-11-11 23:13:34 +09:00
4b8e5ced0f
Bug 1223131 - Don't remove a host from the whitelist if the version fallback was needed. r=keeler
2015-11-12 07:18:37 +09:00
eac2db7101
Bug 1215723 - Part 5: Add an automated test; r=keeler
2015-10-30 15:30:00 -04:00
eb4d13fb3b
Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler
2015-10-30 15:30:00 -04:00
78ee50aca4
Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler
2015-10-30 15:30:00 -04:00
9aa975d49d
Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler
2015-10-30 15:30:00 -04:00
3810eb599b
Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler
...
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
2015-11-02 12:33:00 -05:00
29b3d15dde
bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg
2015-10-30 10:37:22 -07:00
4c7afc9339
Backed out 5 changesets (bug 1215723) for android S4 bustage
...
Backed out changeset 2a945ce1cd40 (bug 1215723)
Backed out changeset dd7f58b60ddc (bug 1215723)
Backed out changeset 62dbb95bd79a (bug 1215723)
Backed out changeset b31ac98bb3c8 (bug 1215723)
Backed out changeset 228cdfaa82c1 (bug 1215723)
--HG--
extra : commitid : 70ygtTBi2V5
2015-11-06 15:19:35 -08:00
334376c936
Bug 1215723 - Part 5: Add an automated test; r=keeler
2015-10-30 15:30:00 -04:00
498c385ee1
Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler
2015-10-30 15:30:00 -04:00
06479e6793
Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler
2015-10-30 15:30:00 -04:00
999f1ba408
Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler
2015-10-30 15:30:00 -04:00
6e561438d9
Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler
...
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
2015-11-02 12:33:00 -05:00
7380482a28
bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj
2015-10-26 16:02:19 -07:00
37b7f2920b
Backed out changeset ae1885cf1fd6 (bug 1218596) for windows build bustage CLOSED TREE
...
--HG--
extra : commitid : 6GZJDFkoL81
2015-11-05 17:48:53 -08:00
762aba02cd
Bug 1221453 - Use ObjDirPaths for GENERATED_INCLUDES and merge with LOCAL_INCLUDES. r=gps
2015-11-06 09:59:21 +09:00
9d11e85ed9
bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj
2015-10-26 16:02:19 -07:00
8ffd9ff2ed
Bug 1218999 - Back out changeset 5f32b2bcfa43 (bug 1188468) in favor of a more efficient solution. r=glandium
...
Bug 118468 landed an option for FileAvoidWrite to always write to an output
file, whether or not the contents would be changed. This was to address a
problem caused by not updating mtimes when building GENERATED_FILES, but
undoes the purpose of FileAvoidWrite and isn't really necessary.
This is addressed in a subsequent commit by unconditionally updating
mtimes when processing GENERATED_FILES.
--HG--
extra : commitid : AfOhgUstokq
2015-11-03 10:23:04 -08:00
34ca9c027f
Bug 1110935 - Part 3 - Remove now unnecessary temp variables. r=keeler
2015-11-02 22:11:00 +01:00
f625d9c9b9
Bug 1110935 - Part 2 - Remove ReentrantMonitor and ReentrantMonitorAutoEnter uses. r=keeler
2015-11-02 22:10:00 +01:00
9e34144349
Bug 1110935 - Part 1 - Assert we're on the main thread on public methods. r=keeler
2015-11-02 22:09:00 +01:00
7c5e9caf26
Back out changeset bda43f333e1a (bug 1211568) for "Could not find EV root in NSS storage" assertion failures
...
CLOSED TREE
2015-11-10 08:18:47 -08:00
a24d95bb6d
Bug 1211568, land NSS_3_21_RTM r=martin.thomson, and adjust Makefiles r=mh
2015-11-10 16:24:15 +01:00
8be1ae39c7
Bug 1207790 - Fix sandbox build for older Linux distributions. r=gdestuynder
2015-10-30 15:13:00 +01:00
9985829ecc
Bug 1219392 - Capitalize mozilla::unused to avoid conflicts. r=froydnj
2015-11-02 07:53:26 +02:00
581125e850
Bug 1186817 - Replace nsBaseHashtable::EnumerateRead() calls in security/ with iterators. r=keeler
...
--HG--
extra : histedit_source : ec44c79c05d3fb73cd720a9d5315ff781af812f1
2015-10-30 07:50:09 -07:00
1443993537
bug 1218515 - flip pinning-test.badssl.com into production mode r=jcj DONTBUILD NPOTB
...
pinning-test.badssl.com is a test domain for preloaded HPKP (HTTP Public Key
Pinning - see RFC 7469). By specifying a pinset corresponding to no known keys,
this domain should fail with a key pinning error by default. Also, the
includeSubdomains option is set, so any subdomains should fail as well.
Since Gecko incorporates preloaded pinsets from Chromium, this pinset is already
defined. This patch merely switches it from test mode to production mode (well,
to be more accurate, this patch sets up the input for the automated script that
will make the code change that will put the pinset into production mode).
2015-10-26 14:39:25 -07:00
44936aabb2
Bug 1217320 - Remove more XPIDL signature comments in .cpp files. r=froydnj
...
Comment-only, DONTBUILD.
2015-10-27 06:54:25 +02:00
3b82e8f390
bug 1217602 - remove nsIPKIParamBlock r=Cykesiopka
...
nsIPKIParamBlock was unnecessary.
2015-10-22 13:11:40 -07:00
44509e6e7e
Merge m-c to inbound.
...
--HG--
extra : rebase_source : b7fe225cdd43cb770c7d7a1e8d2be6a52678aa7a
2015-10-24 15:03:15 -04:00
53f7cca550
No bug, Automated HPKP preload list update from host bld-linux64-spot-508 - a=hpkp-update
2015-10-24 03:47:13 -07:00
dfb1f8693f
No bug, Automated HSTS preload list update from host bld-linux64-spot-508 - a=hsts-update
2015-10-24 03:47:11 -07:00
4ec261d0e7
Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=keeler
2015-10-23 05:13:00 -04:00
3d02a2da65
Bug 1216469 - Bypass verification for signed packages from trust origins. r=valentin
2015-10-22 17:09:44 +08:00
23a0cee1a8
bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin
...
nsPSMUITracker was problematic. Apparently it was originally intended to prevent
NSS shutdown while NSS-related UI operations were going on (such as choosing a
client certificate). However, when nsNSSComponent would receive the event that
told it to shutdown NSS, it would attempt to call
mShutdownObjectList->evaporateAllNSSResources(), which would call
mActivityState.restrictActivityToCurrentThread(), which failed if such a UI
operation was in progress. This actually prevented the important part of
evaporateAllNSSResources, which is the releasing of all NSS objects in use by
PSM objects. Importantly, nsNSSComponent didn't check for or handle this failure
and proceeded to call NSS_Shutdown(), leaving PSM in an inconsistent state where
it thought it was okay to keep using the NSS objects it had when in fact it
wasn't.
In any case, nsPSMUITracker isn't really necessary as long as we have the
nsNSSShutDownPreventionLock mechanism, which mostly works and is what we should
use instead (or not at all, if no such lock is needed for the operation being
performed (for example, if no NSS functions are being called)).
2015-10-16 14:31:57 -07:00
e31f20875c
Bug 1215734 - Expand GeckoMediaPlugin sandbox policy for Clang 3.7 ASan. r=kang
2015-10-22 11:19:37 -07:00
0cb71c483c
Bug 1157515 - CipherSuiteChangeObserver should clean itself up. r=keeler
2015-10-22 09:21:51 -07:00
9507291e59
Bug 1211568 - Update NSS to 3.21 Beta 3, r=kaie
...
--HG--
extra : commitid : 2fCIZ27Gd2I
extra : rebase_source : 57ff0dcc9361618ea53aac7ebea83460cba1c390
2015-10-23 11:39:23 -07:00
6ad41c8aee
Bug 1215796 - Remove the static fallback whitelist. r=keeler
2015-10-22 21:37:40 +09:00
5feda64143
Bug 1214981 - Disable output stream buffering. r=keeler
2015-10-21 15:23:00 -04:00
ceefa2939a
Merge b2ginbound to central, a=merge
2015-10-21 16:37:24 -07:00
b8596f28a2
Merge inbound to m-c a=merge
2015-10-21 16:28:43 -07:00
7eceb8f4c5
Bug 1203159 - Clean up various tests after DevTools resource move. r=me
2015-10-21 14:18:29 -05:00
e4b1f62b85
Bug 1178448 - Use imported CA in developer mode. r=keeler,valentin
2015-10-08 17:08:45 +08:00
886c72f81f
Bug 1215795 - Fix documentation in nsIWeakCryptoOverride.idl. r=keeler IGNORE IDL
2015-10-20 20:29:56 +09:00
ea5d701c66
Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures
2015-10-20 12:40:18 +02:00
a922dcab99
Bug 1215200, NSPR_4_10_10_RTM and NSS 3_20_1_RTM, bump version requirements, r=keeler
2015-10-20 12:34:15 +02:00
f21d36e95a
Bug 1215779 - Remove broken (non-EC) DSA keygen code. r=keeler
2015-10-19 22:54:00 +02:00
fa99ba4063
Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=dkeeler
...
--HG--
extra : rebase_source : 14756428ea3f8bc41d746a2e71a5d4914e96f33c
2015-10-17 09:04:43 -07:00
2233e7518a
Bug 1187031: Move back to using USER_LOCKDOWN for the GMP sandbox policy on Windows. r=aklotz
...
This also removes turning off optimization for the Load function. That was an
attempt to fix the side-by-side loading. It may also have helped with ensuring
that the memsets were not optimized, but that has been fixed by Bug 1208892.
2015-10-21 08:46:57 +01:00
01583602a9
Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat
...
The bulk of this commit was generated with a script, executed at the top
level of a typical source code checkout. The only non-machine-generated
part was modifying MFBT's moz.build to reflect the new naming.
CLOSED TREE makes big refactorings like this a piece of cake.
# The main substitution.
find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
xargs perl -p -i -e '
s/nsRefPtr\.h/RefPtr\.h/g; # handle includes
s/nsRefPtr ?</RefPtr</g; # handle declarations and variables
'
# Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h.
perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h
# Handle nsRefPtr.h itself, a couple places that define constructors
# from nsRefPtr, and code generators specially. We do this here, rather
# than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename
# things like nsRefPtrHashtable.
perl -p -i -e 's/nsRefPtr/RefPtr/g' \
mfbt/nsRefPtr.h \
xpcom/glue/nsCOMPtr.h \
xpcom/base/OwningNonNull.h \
ipc/ipdl/ipdl/lower.py \
ipc/ipdl/ipdl/builtin.py \
dom/bindings/Codegen.py \
python/lldbutils/lldbutils/utils.py
# In our indiscriminate substitution above, we renamed
# nsRefPtrGetterAddRefs, the class behind getter_AddRefs. Fix that up.
find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \
xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g'
if [ -d .git ]; then
git mv mfbt/nsRefPtr.h mfbt/RefPtr.h
else
hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h
fi
--HG--
rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
2015-10-18 01:24:48 -04:00
583afa0965
Bug 1207245 - part 3 - switch all uses of mozilla::RefPtr<T> to nsRefPtr<T>; r=ehsan
...
This commit was generated using the following script, executed at the
top level of a typical source code checkout.
# Don't modify select files in mfbt/ because it's not worth trying to
# tease out the dependencies currently.
#
# Don't modify anything in media/gmp-clearkey/0.1/ because those files
# use their own RefPtr, defined in their own RefCounted.h.
find . -name '*.cpp' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
grep -v 'mfbt/RefPtr.h' | \
grep -v 'mfbt/nsRefPtr.h' | \
grep -v 'mfbt/RefCounted.h' | \
grep -v 'media/gmp-clearkey/0.1/' | \
xargs perl -p -i -e '
s/mozilla::RefPtr/nsRefPtr/g; # handle declarations in headers
s/\bRefPtr</nsRefPtr</g; # handle local variables in functions
s#mozilla/RefPtr.h#mozilla/nsRefPtr.h#; # handle #includes
s#mfbt/RefPtr.h#mfbt/nsRefPtr.h#; # handle strange #includes
'
# |using mozilla::RefPtr;| is OK; |using nsRefPtr;| is invalid syntax.
find . -name '*.cpp' -o -name '*.mm' | xargs sed -i -e '/using nsRefPtr/d'
# RefPtr.h used |byRef| for dealing with COM-style outparams.
# nsRefPtr.h uses |getter_AddRefs|.
# Fixup that mismatch.
find . -name '*.cpp' -o -name '*.h'| \
xargs perl -p -i -e 's/byRef/getter_AddRefs/g'
2015-10-18 00:40:10 -04:00
9ea53214d8
Merge f-t to m-c, a=merge
2015-10-17 11:19:46 -07:00
df1ce0b4c5
Merge m-i to m-c, a=merge
2015-10-17 10:16:55 -07:00
39d37ae7b8
No bug, Automated HPKP preload list update from host bld-linux64-spot-1092 - a=hpkp-update
2015-10-17 04:10:53 -07:00
7b8e76fcc8
No bug, Automated HSTS preload list update from host bld-linux64-spot-1092 - a=hsts-update
2015-10-17 04:10:51 -07:00
82af783064
Bug 1207137 - Set a security state flag when weak crypto override is needed. r=keeler
2015-10-17 09:38:30 +09:00
3556fa0bdc
Bug 1215200, NSPR_4_10_10_RC1 and NSS_3_20_1_RC0, r=dkeeler
2015-10-16 15:29:23 +02:00
3c1a47a734
bug 1215270 - remove some unused functions from nsNSSShutDown.h r=Cykesiopka
...
nsNSSShutDownList::isUIActive() and areSSLSocketsActive() should probably have
been removed as part of bug 807757.
2015-10-15 13:22:13 -07:00
d45a6e832d
Backed out changeset b46b688e6295 (bug 1215200) for build bustage ON A CLOSED TREE
2015-10-16 11:52:10 +05:30
8826499e8a
Bug 1215200, Upgrade to NSPR 4.10.10 and NSS 3.20.1, landing release candidate tags, r=dkeeler
2015-10-16 08:04:16 +02:00
f4c563b057
Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler
...
--HG--
rename : netwerk/test/unit/test_tls_server.js => security/manager/ssl/tests/unit/test_weak_crypto.js
2015-10-15 05:48:27 +09:00
17a3104f22
Backed out changeset 66e3972e9150 (bug 1168635)
2015-10-14 16:28:41 +02:00
00d864d313
Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler
...
--HG--
rename : netwerk/test/unit/test_tls_server.js => security/manager/ssl/tests/unit/test_weak_crypto.js
2015-10-14 21:12:35 +09:00
49f91fb31f
bug 1209695 - fold mochitest test_bug413909.html into xpcshell test_cert_overrides.js r=mgoodwin
...
test_bug413909.html doesn't need to be a mochitest. Furthermore,
test_cert_overrides.js tests a lot of the same functionality.
This just moves the unique parts from the old test to a new home
in the xpcshell test (to be specific, some IDN handling and that
"port" -1 is the same as port 443).
2015-09-29 13:24:19 -07:00
a5c0ea6d4f
Merge m-c to mozilla-inbound
2015-10-12 11:58:46 +02:00
2b1a321946
merge mozilla-inbound to mozilla-central a=merge
2015-10-12 11:57:06 +02:00
214a24da25
No bug, Automated HPKP preload list update from host bld-linux64-spot-138 - a=hpkp-update
2015-10-10 03:46:02 -07:00
8aa9ed515a
No bug, Automated HSTS preload list update from host bld-linux64-spot-138 - a=hsts-update
2015-10-10 03:46:00 -07:00
3363f1775d
Bug 1167627 - Part 6: Use mozinfo in security/. r=dkeeler
2015-10-11 21:49:00 +02:00
e6a62c4d9d
Bug 1213151 - Part 2: Use SpecialPowers.cleanUpSTSData() in a few tests; r=jdm
2015-10-09 10:56:19 -04:00
faf361396a
Bug 1201935 - Allow reading from TmpD in OS X content processes. r=smichaud
...
--HG--
extra : rebase_source : 68565c447e3731e9c562514e8355044cfd8c28b9
2015-10-07 13:41:00 +02:00
2be3b53afa
Bug 1205962 - Address some pylint complaints about pycert.py and pykey.py, r=keeler
...
Also adds more uses of enumerate() to simplify code.
--HG--
extra : amend_source : 758eee481fa2d93f984f090aaa443b3b5756fb1f
2015-10-05 23:24:14 -07:00
1ae9d0519b
Bug 930258 - Part 3: a file broker policy for the B2G emulator. r=kang
2015-10-07 22:13:08 -07:00
562c4e7b57
Bug 930258 - Part 2: seccomp-bpf integration. r=kang
2015-10-07 22:13:08 -07:00
bd859174ac
Bug 930258 - Part 1: The file broker, and unit tests for it. r=kang f=froydnj
2015-10-07 22:13:08 -07:00
9b75f2c0d5
bug 975763 - move test_certificate_overrides.html to test_cert_override_bits_mismatches.js r=mgoodwin
...
test_certificate_overrides.html didn't need to be a mochitest.
2015-09-29 12:39:54 -07:00
08997000eb
Backed out 2 changesets (bug 1202902) to recking bug 1202902 to be able to reopen inbound on a CLOSED TREE
...
Backed out changeset 647025383676 (bug 12029021202902
2015-10-07 14:03:21 +02:00
e7ef778c9d
Backed out 1 changesets (bug 1202902) for causing merge conflicts to mozilla-central
...
Backed out changeset cfc1820361f5 (bug 1202902
2015-10-07 12:13:45 +02:00
d06b6030f6
Bug 1202902 - Scripted fix the world.
2015-10-06 14:00:31 -07:00
65ad5a613b
Bug 1210941 P10 Use LOAD_BYPASS_SERVICE_WORKER in nsNSSCallbacks. r=ehsan
2015-10-06 06:37:07 -07:00
5955ecaffd
Bug 1191414 - gather telemetry on usage of <keygen>. r=keeler,r=vladan
...
--HG--
extra : rebase_source : 69aed7cd26800c9a6c6975ab24bf3e5bb3c77730
2015-09-22 09:52:58 -07:00
9bd6e9ee5a
Backed out changeset c288fb0952fb (bug 1211568) for build bustage CLOSED TREE
2015-10-05 15:56:08 -07:00
118b9ae5d0
Bug 1211568 - Upgrade Firefox 44 to NSS 3.21, landing NSS_3_21_Beta2, r=mt
...
--HG--
extra : rebase_source : 498e86da715351a7d1712d07e790f8691fd8d213
2015-10-05 22:42:28 +02:00
0db519c66f
Bug 1207401 - Send B2G sandbox logging to both stderr and logcat. r=kang
2015-10-05 09:21:39 -07:00
96010550f8
Bug 1207972: Move to using USER_INTERACTIVE and JOB_INTERACTIVE by default for the Windows content sandbox. r=tabraldes
2015-10-05 11:10:46 +01:00
7d1c7e0014
Bug 1209351 (part 5) - Optimize nsTHashTable::RemoveEntry() usage in security/. r=keeler.
...
--HG--
extra : rebase_source : 74877baad7a7e019c7151efaad96d7b8ccc4b6f5
2015-09-24 20:44:31 -07:00
1d51d1b32a
Merge m-i to m-c, a=merge
2015-10-03 15:37:39 -07:00
30f46ea33e
No bug, Automated HPKP preload list update from host bld-linux64-spot-410 - a=hpkp-update
2015-10-03 03:44:51 -07:00
bde4cad906
No bug, Automated HSTS preload list update from host bld-linux64-spot-410 - a=hsts-update
2015-10-03 03:44:49 -07:00
a81ffd22d7
bug 1205767 - prevent memory leak when generating an EC key with <keygen> r=ttaubert
2015-09-17 14:57:24 -07:00
ab6dcb335c
Bug 1207499 - Part 8: Remove use of expression closure from security/. r=keeler
...
--HG--
extra : commitid : CRZpUoDhoRa
extra : rebase_source : b04cc9260a59cc53f406181c67e6db4560677022
2015-09-23 18:42:19 +09:00
f0941953dd
Bug 278689 - Multiple Certificates with the same subject are not shown in the digital signature select cert combo (only one is shown) r=dkeeler
...
--HG--
extra : rebase_source : 442661d99de1c5786c04d49cfcd96a672d3077be
2015-09-05 07:52:00 +02:00
30706f9f69
bug 1187994 - remove unused file CryptoUtil.h r=jcj
...
This probably should have been removed as part of bug 891066.
2015-07-27 09:56:14 -07:00
ae6538ad30
bug 1203312 - split tlsserver certificates into ocsp_certs and bad_certs r=mgoodwin
...
The B2G emulators apparently take ~5 minutes to read 50 certificates into
memory, which causes intermittent test timeouts. This is an attempt to
reduce the number of certificates needed to be read at any given time.
--HG--
rename : security/manager/ssl/tests/unit/tlsserver/badSubjectAltNames.pem.certspec => security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/beforeEpoch.pem.certspec => security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/beforeEpochINT.pem.certspec => security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/beforeEpochIssuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ca-used-as-end-entity.pem.certspec => security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.key.keyspec => security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/eeIssuedByNonCA.pem.certspec => security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/eeIssuedByV1Cert.pem.certspec => security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/expired-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/expiredINT.pem.certspec => security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/expiredissuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.key.keyspec => security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/inadequateKeySizeEE.pem.certspec => security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/inadequatekeyusage-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ipAddressAsDNSNameInSAN.pem.certspec => security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/md5signature-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/md5signature.pem.certspec => security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-notYetValid.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-untrusted-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-untrusted.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatchCN.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/moz.build => security/manager/ssl/tests/unit/bad_certs/moz.build
rename : security/manager/ssl/tests/unit/tlsserver/noValidNames.pem.certspec => security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/notYetValid.pem.certspec => security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/notYetValidINT.pem.certspec => security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/notYetValidIssuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/nsCertTypeCritical.pem.certspec => security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/nsCertTypeCriticalWithExtKeyUsage.pem.certspec => security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/nsCertTypeNotCritical.pem.certspec => security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/other-issuer-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.key.keyspec => security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.pem.certspec => security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/self-signed-EE-with-cA-true.pem.certspec => security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/selfsigned-inadequateEKU.pem.certspec => security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/selfsigned.pem.certspec => security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-ca.pem.certspec => security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-int.pem.certspec => security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/unknownissuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/untrusted-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/untrustedissuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/v1Cert.pem.certspec => security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ca-used-as-end-entity.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.key.keyspec => security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/delegatedSHA1Signer.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/delegatedSigner.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerFromIntermediate.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerNoExtKeyUsage.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ocspEEWithIntermediate.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ocspOtherEndEntity.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.key.keyspec => security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.key.keyspec => security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-ca.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-int.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/same-issuer-ee.pem.certspec => security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-int-ee.pem.certspec => security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec
2015-09-22 17:03:15 -07:00
74e470d1ac
bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin
2015-08-24 15:53:07 -07:00
03aa14625c
No bug, Automated HPKP preload list update from host bld-linux64-spot-363 - a=hpkp-update
2015-09-26 03:40:59 -07:00
1b40f22c12
No bug, Automated HSTS preload list update from host bld-linux64-spot-363 - a=hsts-update
2015-09-26 03:40:57 -07:00
e2da61623b
Bug 1178518 - Add an AppTrustedRoot for signed packaged app. r=keeler
2015-09-07 15:28:21 +08:00
51c75f9eac
No bug, Automated HPKP preload list update from host bld-linux64-spot-560 - a=hpkp-update
2015-09-19 03:46:51 -07:00
c354c7fbb7
No bug, Automated HSTS preload list update from host bld-linux64-spot-560 - a=hsts-update
2015-09-19 03:46:49 -07:00
21a9e609d5
Backed out changeset a08287c70962 (bug 1203312) for b2g xpcshell failures
2015-09-18 12:53:24 -07:00
4cfc799e53
bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin
2015-08-24 15:53:07 -07:00
163979ae9f
Bug 1196039 - Telemetry for certificate lifetime. r=rbarnes,vladan
2015-09-17 10:04:52 -07:00
647b520991
Bug 1201135 - Rename pldhash.{h,cpp} to PLDHashTable.{h,cpp}. r=mccr8.
...
--HG--
rename : xpcom/glue/pldhash.cpp => xpcom/glue/PLDHashTable.cpp
rename : xpcom/glue/pldhash.h => xpcom/glue/PLDHashTable.h
extra : rebase_source : 06b9d30db96ed78500fd44d9c0b51609103508a3
2015-09-15 20:49:53 -07:00
e23a8d38a3
Bug 1205302 - Disallow intercepting OCSP requests; r=jdm
2015-09-16 19:15:32 -04:00
2ee4fd783b
Bug 1121760 (part 6) - Move all remaining PL_DHash*() functions into PLDHashTable. r=poiru.
...
--HG--
extra : rebase_source : 3cdc975507170d783b02d70f7c7d95c6bf2e1bcd
2015-09-14 14:23:47 -07:00
59683492e5
Bug 1121760 (part 3) - Remove PL_DHashTableRemove(). r=poiru.
...
--HG--
extra : rebase_source : c34d693de4aca45f2ea05c2767c8b1007c89df29
2015-09-14 14:23:24 -07:00
479244f7c9
Bug 1121760 (part 2) - Remove PL_DHashTableAdd(). r=poiru.
...
--HG--
extra : rebase_source : 41eb939bfb5c925cba58b1af57abce9a4e5fdb30
2015-09-14 14:23:12 -07:00
fcfdd8f54b
Bug 1121760 (part 1) - Remove PL_DHashTableSearch(). r=poiru.
...
--HG--
extra : rebase_source : 770e1f49a451ecbadd778e071b204611e27cf701
2015-05-21 00:34:25 -07:00
64db2267cf
Bug 1202902 - Mass replace toplevel 'let' with 'var' in preparation for global lexical scope. (rs=jorendorff)
2015-09-15 11:19:45 -07:00
2cdc0c814f
Bug 443811 - Use long date format for cert date output. r=keeler
...
--HG--
extra : rebase_source : cdd9b41b40125489e55171c1ece54bbd2a0cf947
2015-09-13 23:33:00 +02:00
990593f9cf
Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
2015-09-11 14:52:30 -04:00
c09a97364f
No bug, Automated HPKP preload list update from host bld-linux64-spot-542 - a=hpkp-update
2015-09-12 03:39:46 -07:00
28a278226f
No bug, Automated HSTS preload list update from host bld-linux64-spot-542 - a=hsts-update
2015-09-12 03:39:44 -07:00
218db8d580
Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir, tighten earlier patch. r=areinald
2015-09-10 15:32:42 -05:00
b212375b7e
Bug 1016555 - Disable OCSP checking for certificates covered by OneCRL r=keeler
...
1) Added some comments to firefox.js to explain the relationship between
extensions.blocklist.interval and security.onecrl.maximum_staleness_in_seconds
2) Modified default values in firefox.js and mobile.js to set maximum staleness
to 1.25x blocklist interval
3) modified the tests_ev_certs.js xpcshell test to cope with larger maximum
staleness values to address test failures
2015-09-10 11:10:07 +01:00
4b37ff400c
Bug 1200336: Apply fix for Chromium issue 482784 for sandbox bug when built with VS2015. r=tabraldes
2015-09-10 08:25:20 +01:00
52cee33b7e
Bug 1199481 - Complain more when entering sandboxing code as root. r=kang
2015-08-28 13:37:00 +02:00
7c8e037b3f
Bug 1199413 - Fix MOZ_DISABLE_GMP_SANDBOX so it disables all the sandboxing. r=kang
...
Bonus fix: don't start the chroot helper unless we're going to use
it. For this to matter, you'd need a system with unprivileged user
namespaces but no seccomp-bpf (or fake it with env vars) *and* to set
media.gmp.insecure.allow, so this is more to set a good example for
future changes to this code than for functional reasons.
2015-08-28 12:18:00 +02:00
b1cf90c1e5
Bug 1202526 (part 5) - Use PLDHashTable::RemoveEntry() in nsSecureBrowserUIImpl. r=dkeeler.
...
This avoids repeating the hash table search in order to remove the entry.
2015-09-07 19:20:16 -07:00
b15946229a
Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
2015-09-09 14:16:59 +02:00
866768c43e
Bug 1197943: Turn off MITIGATION_STRICT_HANDLE_CHECKS for NPAPI process sandbox for causing hangs. r=aklotz
2015-09-09 08:45:25 +01:00
cd5643f4d3
Bug 1201438: Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy
2015-09-08 11:18:12 +01:00
41bdcbc2ac
No bug, Automated HPKP preload list update from host bld-linux64-spot-1098 - a=hpkp-update
2015-09-05 03:41:54 -07:00
3ee4abd6a6
No bug, Automated HSTS preload list update from host bld-linux64-spot-1098 - a=hsts-update
2015-09-05 03:41:52 -07:00
6dbfc47ad8
Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir. r=areinald
2015-09-03 19:28:30 -05:00
db0b8dcf48
bug 1196853 - convert test_cert_signatures.js to generate certificates at build time r=jcj
...
Also add additional testcases that weren't in the original test (tampered
signatures had been tested, but tampered certificates hadn't been covered).
2015-08-19 15:59:49 -07:00
d5250da6de
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2015-09-03 13:59:53 -07:00
1d00751ccd
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2015-09-03 13:59:50 -07:00
dbfc3317da
Bug 1201024 - Disable unrestricted RC4 fallback and add RC4-only servers to the fallback whitelist. r=cykesiopka
2015-09-03 21:50:52 +09:00
5744a154e2
Bug 1197607, Automated hsts & hpkp updates are failing on mozilla-central, mozilla-aurora, mozilla-esr38, r=cykesiopka
2015-09-03 22:07:42 +12:00
dbd45351dc
Bug 1195789 - Update fallback whitelist. r=cykesiopka
2015-09-02 00:44:04 +09:00
f44287005f
Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
...
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
2015-08-27 20:44:53 -07:00
c7fdbe4d0f
Backed out changeset 982be1bbebdf (bug 1199624) for Windows bustage.
2015-08-30 17:09:09 -04:00
c8309c6328
Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
2015-08-29 07:59:00 -04:00
0d6549c972
Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. r=keeler
...
--HG--
extra : transplant_source : %90%28%11%DB%E53%93%7C%F2%D6%5Ek%CC%DC%BE%FAe%F2%896
2015-08-24 22:53:42 -07:00
7073895edf
Bug 1196403 - Apply crbug/522201 to support Windows 10 build 10525. r=bobowen
2015-08-25 19:21:08 +09:00
dbaa85ce62
Bug 1188468 - Allow script to force updating a generated file even if the file is actually not changed. r=gps
...
--HG--
extra : source : 47b56f2495030d77c446215d8822c31fc32f23b7
2015-08-25 10:07:43 +10:00
2ee5d006b7
bug 1194013 - convert test_name_constraints.js to generate certificates at build time r=Cykesiopka,mgoodwin
2015-08-11 16:40:38 -07:00
5b75ad5195
Merge inbound to m-c. a=merge
2015-08-23 17:18:36 -04:00
3a47f061c9
Bug 1196988 - Remove THA support. r=gwagner
2015-08-21 10:00:54 -07:00
369ec3ac0f
Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester
...
--HG--
extra : commitid : 6kGKslC9h14
2015-08-18 11:26:14 -07:00
641cf3a3ad
Bug 1194135, set NSS version to final 3.20 tag, no code change, DONTBUILD
2015-08-19 18:41:53 +02:00
fe6faf7d6b
Backed out changeset 688775a8227f (bug 1136892) for mass bustage prompting a CLOSED TREE
2015-08-18 11:58:05 -07:00
10a7d6a5b9
Bug 1195606 - Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking)
2015-08-18 09:54:09 -07:00
f2b116c0d6
Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)
2015-08-21 15:14:08 +01:00
7da4ee35ba
Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
2015-08-21 15:27:22 +09:00
b85471d7e8
Backout changesets af1b36497559 and 1d52ab626597 (bug 1189891) for pkix bustage
2015-08-21 15:05:38 +09:00
067b45951a
Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
2015-08-21 14:29:19 +09:00
c51baf3ae9
bug 1116409: switch update server to sha2 cert; update in-tree pinning. r=rstrong,snorp,mfinkle,dkeeler
2015-08-20 17:50:51 -04:00
b4174da7d8
Bug 1195615 - Log a web console warning when a HPKP header is ignored due to a non-built in root cert. r=keeler
2015-08-20 14:33:29 -07:00
dde975f7a0
Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester
...
--HG--
extra : commitid : FN6nc0Yis2o
2015-08-18 11:26:14 -07:00
2755fa9a57
Bug 1190086 - Use new String::Contains(char) method more widely r=froydnj
...
--HG--
extra : rebase_source : 81df1495200d3734ea1c4c13818ae764a445f4b3
2015-08-14 00:49:15 +02:00
23a9820f27
bug 1190603 - rename prime256v1 to secp256r1 in test_keysize.js to reduce confusion r=Cykesiopka
...
OpenSSL refers to the curve in question as 'prime256v1', but rfc 5480,
mozilla::pkix, and the test framework refer to it as secp256r1, so we
should be consistent.
--HG--
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
2015-08-05 13:39:11 -07:00
70897766ec
bug 1190603 - convert test_keysize.js to generate certificates at build time r=Cykesiopka
2015-08-03 17:02:58 -07:00
ff2ceb15ed
Bug 1193298 - Part 2: Use .get() to convert from RefPtr to raw pointer. r=froydnj
2015-08-11 06:45:00 -04:00
b7a032eb04
Bug 1004011 - Support SECCOMP_FILTER_FLAG_TSYNC if available. r=kang
...
--HG--
extra : rebase_source : 32be610d889fedb518e062a4a416331be21378d3
2015-08-11 16:30:00 -04:00
7b0ea8ee04
Bug 1182551 - Updating nsSecureBrowserUIImpl so that insecure pages with mixed content iframes don't get marked as broken. r=keeler
2015-08-13 17:13:48 -07:00
531a2c1719
Bug 1194135, Update Mozilla to NSS 3.20, r=mt
2015-08-13 11:31:23 +02:00
8f318ea950
Bug 1193021 - clean up reference-counting in security/; r=keeler
2015-07-01 13:10:53 -04:00
7ce068b7e9
bug 1190532 - change default key specification from implicit to explicit in pycert.py r=Cykesiopka
...
Previously using an empty string would result in pycert.py returning the
default shared RSA key. This resulted in empty keyspec files being added
to the tree, which was confusing. This should end the confusion by making
the key specification process explicit rather than implicit.
2015-08-06 11:35:40 -07:00
948094db6e
bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin
2015-07-30 10:20:52 -07:00
8238eb63a4
Bug 1190794, land final NSS_3_19_3_RTM tag, no code change, DONTBUILD
2015-08-07 20:19:06 +02:00
c3c571a9ee
Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler
2015-08-07 13:41:49 +09:00
d9d018971e
Bug 1164609 - Remove EV treatment for expired Buypass Class 3 CA 1 root certificate. r=keeler
...
--HG--
extra : rebase_source : 65e2c8746098d8fb2cd5347b557c23a3832d435a
2015-08-07 00:21:00 +02:00
fca5cdc8bc
Backed out changeset 9618f92995ab (bug 1166323) for linux x64 test bustage on a CLOSED TREE
2015-08-07 07:24:40 +02:00
6fb6d7a35c
Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler
2015-08-07 13:41:49 +09:00
ba03e3c181
Backed out 2 changesets (bug 1016555, bug 1189427) for making Android 4.3 API11+ debug X3 perma fail in test_ev_certs.js
...
Backed out changeset ebd4e3880403 (bug 1189427
2015-08-06 11:51:27 +02:00
d93ee984a0
Bug 1124649 - Part 1 - Add specific error messages for various types of STS and PKP header failures. r=keeler,hurley
...
--HG--
extra : rebase_source : 8210ed5f89cec8c42d5a78b9101f1c54d91e04c6
2015-08-05 07:51:00 +02:00
ae2c1351bc
bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin
2015-07-30 10:20:52 -07:00
7315345693
Bug 1191100 - Remove XPIDL signature comments in .cpp files. r=ehsan
...
Comment-only so DONTBUILD.
2015-08-04 16:17:36 -07:00
80c4460491
Bug 1190794, Update to NSS 3.19.3 to pick up ca-certificates v 2.5, landing NSS_3_19_3_RC0, r=kwilson
2015-08-04 22:37:05 +02:00
59ef11f506
bug 1188100 - fold PSM's test_client_cert.js into necko's test_tls_server.js r=mcmanus
...
--HG--
rename : security/manager/ssl/tests/unit/test_client_cert/cert_dialog.js => netwerk/test/unit/client_cert_chooser.js
rename : security/manager/ssl/tests/unit/test_client_cert/cert_dialog.manifest => netwerk/test/unit/client_cert_chooser.manifest
extra : amend_source : 249efd8e1bc537cf14b3199865df18b8aba62d10
2015-07-29 14:27:54 -07:00
49d83b3b7d
Merge mozilla-central to mozilla-inbound
2015-08-03 15:45:57 +02:00
6b441cd90a
merge mozilla-inbound to mozilla-central a=merge
2015-08-03 13:56:39 +02:00
50e851b877
Bug 830801 - Part 2. Remove NOMINMAX define from moz.build. r=mshal
2015-08-03 10:07:09 +09:00
abb4d538ee
No bug, Automated HPKP preload list update from host bld-linux64-spot-317 - a=hpkp-update
2015-08-01 03:34:19 -07:00
ae7af3ea3c
No bug, Automated HSTS preload list update from host bld-linux64-spot-317 - a=hsts-update
2015-08-01 03:34:17 -07:00
b44231402a
No bug, Automated HPKP preload list update from host bld-linux64-spot-010 - a=hpkp-update
2015-07-30 13:51:28 -07:00
eb03434709
No bug, Automated HSTS preload list update from host bld-linux64-spot-010 - a=hsts-update
2015-07-30 13:51:26 -07:00
8a9392bf5e
Bug 1189166 - Cleanup some PSM test generation files post Bug 1181823. r=dkeeler
...
--HG--
extra : rebase_source : 4f0310323c3e7ac7e9e8c453d41aa0ef9cbd910a
2015-07-29 23:56:33 -07:00
77826e3c4a
Bug 1171796: Add sandbox rule for child process NSPR log file on Windows. r=bbondy
...
This also moves the initialization of the sandbox TargetServices to earlier in
plugin-container.cpp content_process_main, because it needs to happen before
xul.dll loads.
2015-07-30 10:04:42 +01:00
b49becac5d
bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin
2015-06-17 16:02:08 -07:00
97b9240b34
Bug 1188696 - Hoist nsRefPtr.h into MFBT. r=froydnj
2015-07-29 10:44:59 -07:00
5cea0a9df6
Bug 1046421 - Do not disclose the system hostname via NTLM handler. r=honzab
...
The hostname here is matched on the AD DC to the userWorkstations
attribute, however this is on a total trust basis in terms of what the
client specifies here.
The impact of this patch is that a user who is restricted by this
attribute to log on to only certain (Windows, in reality)
workstations, may not be able to perform a manual NTLM logon to an
intranet site, unless they set network.generic-ntlm-auth.workstation
to the name of their workstation (actually, any host in that list).
The default value is set to WORKSTATION.
This patch was originally written by Andrew Bartlett, and modified by
Douglas Bagnall following review feedback from Honza Bambas and Tim
Brown.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2015-07-24 13:36:11 +12:00
1b1d908d0f
bug 1187029 - convert test_bug480509.html to an xpcshell test r=jcj
2015-07-23 13:31:45 -07:00
265ad075b1
Bug 1175881 - about:sync-log can't read files on OS X with e10s on and content process sandbox enabled. r=areinald
2015-07-28 12:09:34 -05:00
3a4c2d822a
bug 1179660 - define 'now' as the first second of the current year for pycert r=Cykesiopka
...
This is to avoid a dependency on the buildid so we don't have to
regenerate all of the test certificate with every ./mach build.
This can cause problems very near midnight on New Year's Eve.
If this happens, kick off a new build and get back to the party.
2015-07-15 16:20:54 -07:00
cec576a922
Bug 1187173 - Disable warning C4623 on security/certverifier. r=briansmith
...
--HG--
extra : source : 9f3acfedff8cf4a26266bb578dc69727e799c0cf
extra : amend_source : cb1d0a6e8c6d9199429159cb9a20484f5aa95b8d
2015-07-24 13:38:12 +10:00
315c4ad9c2
Bug 1186709 - Remove MOZ_IMPLICIT from security/sandbox/chromium. r=bobowen
2015-07-23 08:28:00 -04:00
39f6ab2a28
Bug 1157864 - Record chromium patch applied in previous commit. r=me
2015-07-22 15:48:49 -07:00
acfe5cf4cf
Bug 1157864 - chromium sandbox: Fix compilation for systems without <sys/cdefs.h>. r=jld
2015-02-05 22:41:38 +01:00
0e28f550d3
Bug 1181562 - Update fallback whitelist. r=keeler
2015-07-22 20:35:26 +09:00
Kai Engert
Mark Goodwin
David Keeler
Wes Kocher
Masatoshi Kimura
Ehsan Akhgari
Mike Hommey
Chris Manchester
Cykesiopka
Phil Ringnalda
Jed Davis
Birunthan Mohanathas
Ryan VanderMeulen
ffxbld
Jonathan Hao
Andrew McCreight
Martin Thomson
J. Ryan Stinnett
Carsten "Tomcat" Book
Bob Owen
Nathan Froyd
Nigel Babu
Hiroyuki Ikezoe
Shu-yu Guo
Ben Kelly
Kate McKinley
Nicholas Nethercote
Tooru Fujisawa
Kaspar Brand
Richard Barnes
Steven Michaud
Jacek Caban
Nick Thomas
Makoto Kato
Xidorn Quan
Fabrice Desré
Jonathan Griffin
Christoph Kerschbaumer
Ben Hearsum
Arnaud Bienner
Aryeh Gregor
Tanvi Vyas
Bobby Holley
Douglas Bagnall
Felix Janda