cd1c581c5d
No bug, Automated HPKP preload list update from host b-linux64-ix-0009 - a=hpkp-update
2014-11-01 03:19:47 -07:00
5c654c7c4c
No bug, Automated HSTS preload list update from host b-linux64-ix-0009 - a=hsts-update
2014-11-01 03:19:44 -07:00
6f9b6ed2cf
Bug 846489 - Part 1 - Expose error code on TransportSecurityInfo. r=keeler
2014-10-30 12:50:00 +01:00
b82ba6feba
Backed out changeset 5fb2f4662098 (bug 846498) for wrong bug number in commit message
2014-10-31 10:03:53 +01:00
bcda188339
Bug 1088915 - Stop offering RC4 in the first handshakes. r=keeler
2014-10-22 01:11:29 +09:00
2b45a125ae
Bug 947149 - Remove useless and even misleading word and dead code. r=keeler, dolske
2014-10-30 15:22:00 +01:00
d7c1f641cc
Bug 846498 - Expose error code on TransportSecurityInfo. r=keeler
2014-10-30 12:50:00 +01:00
2d31127cff
Reland Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : 3a5e3bc2e113035e9c88b571bac68f3dbe2c8f04
2014-10-28 15:28:38 -07:00
774861532b
Bug 1089104: Add support for TeletexString-encoded CN-IDs to CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : 320794deae857a574f509b7277ea64576abd37b3
2014-10-29 17:19:45 -07:00
228f03d6d1
Bug 1089393: Fix hex excape sequences ('\0x' -> '\x') in pkixnames_tests.cpp, r=mmc
...
--HG--
extra : rebase_source : a0136045ce9b957976f8eb2ef8ad6c9eae0a8ad7
2014-10-26 11:29:42 -07:00
3e0f2fd921
Bug 1004781: Actually remove the pinset (r=keeler)
2014-10-30 16:21:09 -07:00
1e19be7e65
Bug 1004781: Remove our pinset for facebook since it's in chromium now (r=keeler)
2014-10-30 16:14:19 -07:00
07d210cc76
bug 1085509 - follow-up to include forgotten Telemetry.h header (non-unified build bustage) r=bustage
2014-10-30 13:12:01 -07:00
2fa7ba1743
bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj
2014-10-29 16:25:16 -07:00
13b42021f6
bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc
2014-10-24 10:46:30 -07:00
436338cb49
Bug 1076385 - Sandbox the content process on Mac. r=smichaud
2014-10-30 13:33:17 -05:00
421fb1a714
Backed out changeset b4665be856d7 (bug 1089305) for frequent b2g/android xpcshell test failures
2014-10-30 15:26:02 +01:00
9c4c923488
Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler
2014-10-29 11:09:00 +01:00
2656d11288
Bug 1088950 - Adding some testing. r=dkeeler
2014-10-27 17:48:00 +01:00
2aa2c784b9
Bug 1088950 - Fix handling of inappropriate_fallback alert. r=keeler
2014-10-27 17:47:00 +01:00
47c853314f
Bug 1077148 part 4 - Add and use new moz.build templates for Gecko programs and libraries. r=gps
...
There are, sadly, many combinations of linkage in use throughout the tree.
The main differentiator, though, is between program/libraries related to
Gecko or not. Kind of. Some need mozglue, some don't. Some need dependent
linkage, some standalone.
Anyways, these new templates remove the need to manually define the
right dependencies against xpcomglue, nspr, mozalloc and mozglue
in most cases.
Places that build programs and were resetting MOZ_GLUE_PROGRAM_LDFLAGS
or that build libraries and were resetting MOZ_GLUE_LDFLAGS can now
just not use those Gecko-specific templates.
2014-10-30 13:06:12 +09:00
c7e81fdad6
Back out cset 9b72d139e817 (Bug 1063281, Part 9) due to compatibility regressions on a CLOSED TREE, a=ryanvm
...
--HG--
extra : rebase_source : cd9b43c3f66df3c5de337f2013fe61fae798b3ba
2014-10-28 12:30:53 -07:00
98dda84064
Backed out changeset 50650e0f0edf (bug 1085509) for causing perma failure in win7 xperf
2014-10-28 14:10:38 +01:00
b4bfea0bd6
Backed out changeset b591ad43d53e (bug 1085509)
2014-10-28 14:09:44 +01:00
90283cf32b
bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj
2014-10-27 09:32:33 -07:00
84883c42e4
bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc
2014-10-24 10:46:30 -07:00
97c5c90a44
Merge m-i to m-c, a=merge
2014-10-26 09:12:36 -07:00
a92f2bc083
No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update
2014-10-25 03:19:28 -07:00
3d5dc9dcf8
No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update
2014-10-25 03:19:26 -07:00
e8c341b1fd
Bug 1083539: Fix dropped return value check (r=keeler)
2014-10-23 17:07:45 -07:00
0130a12af3
Bug 886752 - Show TLS/SSL version in page info dialog. r=dao
2014-10-24 13:53:35 +02:00
cba793218d
Bug 886752 - Add TLS version to SSLStatus and additional cleanup. r=keeler
2014-10-24 13:53:34 +02:00
9c8e9bee73
Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18, landing beta 1, r=wtc
2014-10-25 00:34:34 +02:00
5ec3c350dd
Bug 1081242 - Make ASAN's error reporting work while sandboxed on Linux. r=kang
2014-10-21 11:18:00 +02:00
cfc481b264
Bug 1085497: Add Input::size_type, r=mmc
...
--HG--
extra : rebase_source : 098eae9234be99e683c0d44b35e1ec7058a086dd
2014-10-16 18:23:27 -07:00
e93675a04e
Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : 340eb682ba1f9dbd51652438433e7d0196494e1f
2014-09-21 17:43:29 -07:00
6926e8bc53
Bug 1063281, Part 8: Rewrite PresentedDNSIDMatchesReferenceDNSID, r=keeler
...
--HG--
extra : rebase_source : a74e8d89a3ddfe5f6af70f32d31f1dc06600d90a
2014-10-15 19:21:35 -07:00
d7d68e721d
Bug 1063281, Part 7: Implement IsValidPresentedDNSID, r=keeler
...
--HG--
extra : rebase_source : 32d85980d8d486bb806e169a8241256ad57fa9d1
2014-10-16 15:59:34 -07:00
8d32c13ab3
Bug 1083539: Factor out common SEQUENCE unwrapping logic into reusable functions, r=mmc
...
--HG--
extra : rebase_source : 93d669d3cbe178339fe59c1d9345c773b4e238d4
2014-10-14 02:07:08 -07:00
bda4ef165a
Bug 1063281, Part 6: Implement CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : c28fe67d319f64b2efa326fd8649ef529c487c05
2014-10-15 16:10:32 -07:00
72d294039c
Bug 1063281, Part 5: Implement DNS ID matching, r=keeler
...
--HG--
extra : rebase_source : 5221245ce8da065d64a7ff17bdfde0e617562447
2014-09-30 19:40:15 -07:00
149817ebfc
Bug 1063281, Part 4: Implement ParseIPv6Address, r=keeler
...
--HG--
extra : rebase_source : 9a75a81a840591aaf73acd5be4d7ca504b6432e5
2014-09-06 01:10:24 -07:00
0e87ec98c7
Bug 1063281, Part 3: Implement ParseIPv4Address, r=keeler
...
--HG--
extra : rebase_source : fbafcb7573be8fa83036a8fadbfa74938ab7a4a6
2014-09-05 23:20:18 -07:00
4a2c8b5274
Bug 1063281, Part 2: Implement IsValidDNSName, r=keeler
...
--HG--
extra : rebase_source : 202898df26c7321f543ab7aeb222cdc6db67fe0d
2014-09-30 14:41:39 -07:00
3b8c2fc2a8
Bug 1063281, Part 1: Expose moilla::pkix::BackCert::GetSubjectAltName, r=keeler
...
--HG--
extra : rebase_source : c89ae439a21f11fce66a785e8732ca8793d51936
2014-08-17 17:24:20 -07:00
c78d7b0266
backout f69fa3c13d1f (bug 1085509) for causing test_cert_overrides.js to fail
2014-10-23 11:50:17 -07:00
39a7d91875
bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj
2014-10-23 10:10:57 -07:00
918c518e8b
No bug, Automated HPKP preload list update from host bld-linux64-spot-1094 - a=hpkp-update
2014-10-22 14:02:48 -07:00
7c18fd1d5d
No bug, Automated HSTS preload list update from host bld-linux64-spot-1094 - a=hsts-update
2014-10-22 14:02:46 -07:00
46c48f2321
bug 1083085 - update where getHSTSPreloadList.js and genHPKPStaticPins.js think Chromium's lists are r=mmc DONTBUILD NPOTB
2014-10-21 15:20:02 -07:00
e4182ac689
Bug 1083058 - Adding pref to control TLS version fallback, r=keeler
...
From af667978f8915e6ebfaf02f8967b3d320d409a24 Mon Sep 17 00:00:00 2001
---
netwerk/base/public/security-prefs.js | 1 +
security/manager/ssl/src/nsNSSIOLayer.cpp | 21 +++++-
security/manager/ssl/src/nsNSSIOLayer.h | 2 +
.../manager/ssl/tests/gtest/TLSIntoleranceTest.cpp | 76 +++++++++++++++++++---
4 files changed, 90 insertions(+), 10 deletions(-)
2014-10-02 16:36:48 -07:00
82a97e04c9
Bug 1078838 - Restrict clone(2) flags for sandboxed content processes. r=kang
...
--HG--
extra : amend_source : f80a3a672f5496f76d8649f0c8ab905044ea81ac
2014-10-20 12:29:25 -07:00
db53227352
merge mozilla-inbound to mozilla-central a=merge
2014-10-20 14:34:56 +02:00
0c786b120d
No bug, Automated HPKP preload list update from host bld-linux64-spot-069 - a=hpkp-update
2014-10-18 03:18:53 -07:00
a20f696cba
No bug, Automated HSTS preload list update from host bld-linux64-spot-069 - a=hsts-update
2014-10-18 03:18:51 -07:00
5dcb538c28
Bug 1083325 - Gracefully deal with null ssl status when serializing/deserializing TransportSecurityInfo. r=dkeeler
2014-10-16 14:11:19 -05:00
1c4af4e6a1
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
2014-10-18 15:18:00 +02:00
c30bd575d3
Bug 622859 - Tests for bug 622859. r=briansmith,keeler
2014-10-16 05:22:00 +02:00
12cc245a41
Bug 418354 - update test for bug 455367. Insecure image loads should be considered mixed display content regardless of whether image data was actually returned. r=honzab
2014-10-18 13:21:23 -07:00
8c488b9625
bug 1042889 - test certificate overrides for untrusted x509v1 certificates used as CAs r=mmc
2014-10-15 10:42:13 -07:00
36e798be2b
bug 1042889 - allow overrides for untrusted x509v1 certificates used as CAs r=mmc
2014-10-15 10:39:57 -07:00
0a4f56b330
bug 1042889 - use a separate error for untrusted x509v1 certificates used as CAs r=briansmith
2014-10-15 10:38:51 -07:00
64a69cb8af
Bug 1080567: Don't report registry NAME_NOT_FOUND errors for the Windows warn only sandbox. r=tabraldes
2014-10-13 15:12:28 +01:00
e10ee742fd
Bug 1076983 - Disabling SSL 3.0 with pref
2014-10-14 17:17:35 -07:00
1700296f02
Bug 979835: Port BoxObject and its subclasses to WebIDL. r=khuey sr=bz
...
--HG--
rename : layout/xul/nsIPopupBoxObject.idl => dom/webidl/PopupBoxObject.webidl
rename : layout/xul/tree/nsITreeBoxObject.idl => dom/webidl/TreeBoxObject.webidl
rename : layout/xul/nsBoxObject.cpp => layout/xul/BoxObject.cpp
rename : layout/xul/nsBoxObject.h => layout/xul/BoxObject.h
rename : layout/xul/nsListBoxObject.cpp => layout/xul/ListBoxObject.cpp
rename : layout/xul/nsMenuBoxObject.cpp => layout/xul/MenuBoxObject.cpp
rename : layout/xul/nsPopupBoxObject.cpp => layout/xul/PopupBoxObject.cpp
2014-10-14 13:15:21 -07:00
56cddbd763
Bug 1080077 - For sandbox failures with no crash reporter, log the C stack. r=kang
...
This is mostly for ASAN builds, which --disable-crash-reporter, but also
fixes a related papercut: debug builds don't use the crash reporter
unless overridden with an environment variable.
Note: this is Linux-only, so NS_StackWalk is always part of the build;
see also bug 1063455.
2014-10-13 18:48:17 -07:00
951b27b2b0
Bug 1080994 - Build libclearkey without a dependency on mozalloc or mozglue. r=dkeeler,r=cpearce
2014-10-14 07:13:25 +09:00
20095be902
Bug 1081935 - Missing UUID bump. r=gavin a=me
2014-10-13 17:27:42 +02:00
ad3210dd8e
Merge inbound to m-c. a=merge
2014-10-11 16:16:00 -04:00
aa2c9e3dc4
No bug, Automated HPKP preload list update from host bld-linux64-spot-412 - a=hpkp-update
2014-10-11 03:18:06 -07:00
662e6c9a21
No bug, Automated HSTS preload list update from host bld-linux64-spot-412 - a=hsts-update
2014-10-11 03:18:03 -07:00
0b58cd9573
Bug 1077282: Cleanup uses of GreD vs GreBinD, introcuded by v2 signature changes on OSX. Based on initial patch by rstrong. r=bsmedberg
2014-10-10 15:06:57 -04:00
2251b66f13
Bug 1075686, Update Mozilla 35 to use NSS 3.17.2, RTM
2014-10-10 19:16:08 +02:00
9c3bce6805
bug 1003448 - HTTP/2 Alternate Service and Opportunistic Security [1/2 PSM] r=keeler
2014-08-20 16:30:16 -04:00
0cacd2ed70
Bug 1078108: Use a longer OCSP response validity period in tests, r=keeler
2014-10-05 17:18:11 -07:00
da90427b6c
Backed out changeset b885a82dc02a (bug 1078108) for breaking B2g ICS Builds
2014-10-10 09:01:45 +02:00
2565f9b33d
Bug 1078108: Use a longer OCSP response validity period in tests, r=keeler
...
--HG--
extra : rebase_source : 3115275b2b1c5337cbea0fd43a2221fcd54dadc1
extra : source : bb5694e268255b6549ccaaaddca74fbb83d4bda1
2014-10-05 17:18:11 -07:00
201e27f5f3
Bug 1077926: Make test certificate generation faster by reusing key, r=keeler
...
--HG--
extra : rebase_source : 8734920020e0889ea6cac1e878b182326bbf81d6
2014-10-07 18:30:47 -07:00
de5513f839
Bug 1075686: Update Mozilla 35 to use NSS 3.17.2 Beta 2.
...
This fixes bug 1049435.
2014-10-09 10:58:30 -07:00
a052b67f71
bug 1058812 - (3/3) mozilla::pkix: test handling unsupported signature algorithms r=briansmith
2014-10-08 09:48:15 -07:00
af214d36f8
bug 1058812 - (2/3) mozilla::pkix: use ByteStrings to identify signature algorithm parameters in tests r=briansmith
2014-10-08 09:33:59 -07:00
42cd9ec5ca
bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith
2014-10-07 09:35:42 -07:00
7fffd05532
Bug 806819 - Part 4: Add files that were excluded from unified builds back in. r=ehsan
2014-10-08 13:19:14 -07:00
8d715a7fe4
Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan
2014-10-08 13:17:32 -07:00
71bd008415
backout 9815045d0c5a (bug 1058812 1/3) for mochitest orange on a CLOSED TREE
2014-10-08 12:10:46 -07:00
6e65e0bca0
backout 9692998f547e (bug 1058812 2/3) for mochitest orange on a CLOSED TREE
2014-10-08 12:10:10 -07:00
4279bb931d
backout 0097b4ffaf33 (bug 1058812 3/3) for mochitest orange on a CLOSED TREE
2014-10-08 12:09:26 -07:00
3718659874
bug 1058812 - (3/3) mozilla::pkix: test handling unsupported signature algorithms r=briansmith
2014-10-08 09:48:15 -07:00
7ad555939c
bug 1058812 - (2/3) mozilla::pkix: use ByteStrings to identify signature algorithm parameters in tests r=briansmith
2014-10-08 09:33:59 -07:00
5606be5b15
bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith
2014-10-07 09:35:42 -07:00
7c87c719cd
Bug 1077887: Work around old GCC "enum class" bug, r=mmc
...
--HG--
extra : rebase_source : 983e8d8bcfded10d1d1dca793d610996b40b444d
2014-10-04 18:45:31 -07:00
121791c43f
Bug 1077859: Make ENCODING_FAILED safe to use in static initializers, r=mmc
...
--HG--
extra : rebase_source : f0483e775c6fefc256fc9527b1b1118086cc121f
2014-10-03 15:52:38 -07:00
d292ee73f1
Bug 1066735 - Remove root b2g and android specific xpcshell manifests, r=chmanchester
2014-10-07 18:18:28 -04:00
4ae95106e2
bug 1077891 - update getHSTSPreloadList.js to reflect changes to nsISiteSecurityService r=mmc DONTBUILD NPOTB
2014-10-06 11:28:15 -07:00
15ca5186a6
Fix one bad implicit constructor in pkix, no bug, blanket-rs=bsmith
2014-10-07 09:46:59 -04:00
811400331c
Backed out changeset 76000f9f12da (bug 1077859) for causing frequent Mac OSX XPCshell test failures
2014-10-07 12:53:42 +02:00
f3c6c6a49b
Backed out changeset 16fe1b9eb9e6 (bug 1077887)
2014-10-07 12:53:03 +02:00
2dbcab7289
Backed out changeset 124b04c01c71 (bug 1077926)
2014-10-07 12:52:49 +02:00
655ade7a8b
Bug 1077926: Make test certificate generation faster by reusing key, r=keeler
...
--HG--
extra : rebase_source : 360fe925397688c1d0a2386c4974def6b571f0d4
2014-10-05 00:29:43 -07:00
1fc729071e
Bug 1077887: Work around old GCC "enum class" bug, r=mmc
...
--HG--
extra : rebase_source : ce707672dfc0587760c09701fd6adbe26c874916
2014-10-04 18:45:31 -07:00
ffxbld
Garrett Robinson
Carsten "Tomcat" Book
Masatoshi Kimura
Brian Smith
Monica Chew
David Keeler
André Reinald
Cykesiopka
Martin Thomson
Mike Hommey
Phil Ringnalda
Tom Schuster
Kai Engert
Jed Davis
Jim Mathies
Tanvi Vyas
Bob Owen
Jon Morton
Sylvestre Ledru
Ryan VanderMeulen
Stephen Pohl
Patrick McManus
Wan-Teh Chang
Eric Rahm
Andrew Halberstadt
Ehsan Akhgari