ea0e5ac119
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused
2015-01-07 06:08:00 +01:00
4354953b4f
Bug 1118486 - Part 1: Use `= delete` instead of MOZ_DELETE directly; r=Waldo
...
Most of this patch (with the exception of dom/bindings/Codegen.py) was
generated by the following bash script:
#!/bin/bash
function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
! -wholename "*security/nss*" \
! -wholename "*/.hg*" \
! -wholename "*/.git*" \
! -wholename "obj-*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_DELETE '= delete'
2015-01-08 23:19:05 -05:00
e7d2f9cd12
bug 1101194 - follow-up to fix bustage in TestCertDB r=bustage on a CLOSED TREE
...
Turns out there was a code path that resulted in attempting to acquire a lock
on the DataStorage mutex when one had already been acquired, resulting in
deadlock. This fixes it.
2015-01-08 10:56:07 -08:00
9d9e763d45
Bug 1107731, upgrade Mozilla 37 to use NSS 3.18 (this is beta 5), r=wtc
2015-01-08 19:40:05 +01:00
d11cf2ca74
bug 1101194 - add telemetry for DataStorage table size r=mgoodwin
2015-01-07 13:23:07 -08:00
d98fab56db
Bug 989485 - Split test_cert_eku.js into multiple files to avoid time outs. r=keeler
2015-01-08 01:15:00 -05:00
c1795f4024
Bug 1118599 - Remove now-unneeded MOZILLA_PKIX_ENUM_CLASS workaround for GCC enum class bugs. r=mmc
2015-01-06 18:28:09 -08:00
411a94b05a
Bug 1118024 - Use new PL_DHashTable{Add,Lookup,Remove} functions. r=nfroyd
2015-01-05 20:27:28 -06:00
08e140cb0d
Bug 1110760 - Build and Package Chromium Sandbox wow_helper. r=gps
2015-01-08 10:44:41 +09:00
d4e8fd3af2
Bug 1110760 - Increase the chances of the wow_helper target code symbols being in the assumed order. r=aklotz
2015-01-08 10:44:41 +09:00
cc298a9892
Bug 1110760 - Import Chromium Sandbox wow_helper code. r=aklotz
2015-01-08 10:44:40 +09:00
b29b970426
bug 1114741 - have nsRandomGenerator guard against NSS shutdown r=jcj
...
nsRandomGenerator uses NSS resources but does not prevent against NSS shutting
down while doing so. To fix this, nsRandomGenerator must implement
nsNSSShutDownObject.
2015-01-05 16:11:26 -08:00
33ab8e9b66
bug 1118554 - make android's stdcxx work r=glandium
2015-01-06 23:34:31 -05:00
b8ce64b2a8
Bug 1073867, Part 5: Make DSS test faster, r=mmc
...
--HG--
extra : rebase_source : 5d3ae5b6c777382d69134d5c38fca0c52c93c3a2
extra : histedit_source : 15209d1249d2eb638143409404cbbe15f0a2715b
2014-12-24 17:56:10 -08:00
f8c3848cd7
Bug 1117611 - Fix shadowed variable in SandboxBroker::SetSecurityLevelForContentProcess(). r=bobowen.
...
--HG--
extra : rebase_source : 29f25cc34bd5f66bac2454c30613344fb63a92b5
2015-01-05 15:54:22 -08:00
665cc5846c
Bug 1116559 - Remove the code to handle shutdown-cleanse from the cert override service code; r=keeler
...
shutdown-cleanse has not been a thing for quite a while.
2015-01-05 21:01:27 -05:00
1b02f46484
Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
...
NTLMv2 is the default.
This adds a new preference:
network.ntlm.force-generic-ntlm-v1
This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.
To support this, we also:
- Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"
- Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"
- Remove LM code from internal NTLM handler
The LM response should essentially never be sent, the last practical
use case was CIFS connections to Windows 9X, I have never seen a web
server that could only do LM
It is removed before the NTLMv2 work is done so as to avoid having 3
possible states here (LM, NTLM, NTLMv2) to control via preferences.
Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-22 15:55:00 -05:00
566e222bca
Bug 1117003 - Backout cset ca3c73188295 (Bug 1115903, Part 2), r=ehsan
2015-01-02 12:26:14 -08:00
9f997b2894
Merge m-i to m-c, a=merge
2015-01-03 20:02:33 -08:00
cb0e685792
No bug, Automated HPKP preload list update from host bld-linux64-spot-100 - a=hpkp-update
2015-01-03 03:20:27 -08:00
c84a6316bf
No bug, Automated HSTS preload list update from host bld-linux64-spot-100 - a=hsts-update
2015-01-03 03:20:25 -08:00
ff754b5ae0
Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj
...
--HG--
extra : rebase_source : 6c8575de36355521baf69bba89eba530cd4e8b09
2014-12-26 23:49:47 -08:00
68b341641d
Bug 1115903, Remove VS2010 workarounds, r=mmc
...
--HG--
extra : rebase_source : 742973c0f2d547371fbeca72e384053c70b5ba0f
2014-12-26 21:39:54 -08:00
f52e40c633
Bug 1115761, Part 4: Add "fall through" comment, r=jcj
...
--HG--
extra : rebase_source : 1e40d7d7d85c1a02eb6195ecee1038ea40a6a9ab
2014-12-26 15:07:56 -08:00
f118650ad8
Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj
...
--HG--
extra : rebase_source : b11b172fac76c7845d2a97cabf1bad9e04a50367
2014-12-23 14:51:52 -08:00
2d40b79203
Bug 1115761, Part 2: Use NotReached more consistently in pkixnss.cpp, r=jcj
...
--HG--
extra : rebase_source : 80647fc11d40d822dc042af1d797cb34062a84ab
2014-12-23 22:35:53 -08:00
95a228e3fe
Bug 1115761, Part 1: Remove obsolete references to NSS stuff in comments, r=jcj
...
--HG--
extra : rebase_source : 65af59d9695b424f057b40c54aab6973a39bcc25
2014-12-26 12:40:45 -08:00
a5f0730d19
Bug 1035414, Part 2: Always check subject's issuer matches issuer's subject, r=jcj
...
--HG--
extra : rebase_source : a75eca6ed909fa4f241b1a736656b7e8c99eb3ea
2014-12-26 10:13:18 -08:00
13010b71a5
Bug 1035414, Part 1: Test issuer/subject name matching, r=jcj
...
--HG--
extra : rebase_source : 8faab27888502083565db3681f10a310b69b1845
2014-12-26 11:35:48 -08:00
aeda384b1a
Bug 1073867, Part 4: Test that DSS end-entity certificates are rejected, r=mmc
...
--HG--
extra : rebase_source : 7cfdcdf08f2ae8909062b8803de6702ab47ec65a
2014-12-26 11:40:51 -08:00
dcacbfd4ce
Bug 1073867, Part 3: Reject DSS end-entity certificates, r=mmc
...
--HG--
extra : rebase_source : 76546b57aade1a15b394a2e53d8c12d62906dcac
2014-12-24 00:51:52 -08:00
848f74a40d
Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler
2014-12-22 20:26:49 +11:00
580310c5b8
Bug 1115076 - Wait for about:privatebrowsing to load in test_sts_privatebrowsing_perwindowpb.html; r=jdm
2014-12-31 09:32:03 -05:00
5f97b938f2
Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith
2015-01-02 09:02:04 -05:00
5f30b892c8
No bug, Automated HPKP preload list update from host b-linux64-ix-0002 - a=hpkp-update
2014-12-27 03:21:29 -08:00
3739aa349f
No bug, Automated HSTS preload list update from host b-linux64-ix-0002 - a=hsts-update
2014-12-27 03:21:25 -08:00
3fdb27bb49
Bug 1112487 - The signing certificates with key usage only non-repudiation is taken as invalid for signing. r=keeler
2014-12-17 21:31:00 -05:00
057c4c5a8e
Bug 1110835 - Simplify some code nsSecureBrowserUIImpl around UpdateSecurityState. r=keeler
2014-12-25 21:31:11 +01:00
a325bfdb20
Bug 1114295 - Remove the dead pref for TLS_DHE_DSS_WITH_AES_128_CBC_SHA. r=keeler
2014-12-24 22:21:12 +09:00
b45a1a0c90
Bug 764496 - Make EV detection work in content processes. r=keeler,kanru
2014-12-24 14:04:24 +01:00
c5b4fd868c
Bug 1115181: Remove pkixnss.h dependency from pkixcert_signature_algorithm_tests, r=keeler
...
--HG--
extra : rebase_source : 2a4e11338b06d33ab8ad1536dc05c082db330d68
2014-12-23 14:51:16 -08:00
63c92c06cd
Bug 1070444: Remove NSS dependencies in pkixbuild_tests.cpp, r=keeler
...
--HG--
extra : rebase_source : f07e38d40f1644cce30191f5d8ab29ac06582683
2014-12-22 01:20:59 -08:00
899807654a
Bug 1114701: Replace function pointers with function references, r=keeler
...
--HG--
extra : rebase_source : 350e7f8170f6b1176e46b829026e9ee27b3303e5
2014-12-23 12:43:25 -08:00
3aec4f3024
Bug 1114671: Use function pointer (instead of reference) in pkix/bind.h, for consistency & to fix -Wignored-qualifiers build warning for 'const'. r=briansmith
2014-12-22 13:04:36 -08:00
99245555c6
Bug 1107666, Part 2: Further fix for SSL_OCSP_STAPLING telemetry, r=keeler
...
--HG--
extra : rebase_source : b2dbbd4eaa8aea019b40eddfc19fb8af20ef3a4c
2014-12-20 07:03:57 -08:00
c3edf3a511
Backed out changeset 8fd0df8e208c (bug 423758) for bustage
2014-12-22 09:05:34 +01:00
b47d94a0c8
Bug 968451 - Document the exported functions exposed from mozilla::pkix (pkix/pkix.h). r=keeler
2014-12-19 12:25:00 +01:00
d741102951
Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
...
NTLMv2 is the default.
This adds a new preference:
network.ntlm.force-generic-ntlm-v1
This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.
To support this, we also:
- Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"
- Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"
- Remove LM code from internal NTLM handler
The LM response should essentially never be sent, the last practical
use case was CIFS connections to Windows 9X, I have never seen a web
server that could only do LM
It is removed before the NTLMv2 work is done so as to avoid having 3
possible states here (LM, NTLM, NTLMv2) to control via preferences.
Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-18 17:25:00 +01:00
79b6885780
Merge m-c to m-i
...
--HG--
extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e
2014-12-20 12:19:27 -08:00
6d9b691066
No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update
2014-12-20 03:20:57 -08:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
Ehsan Akhgari
David Keeler
Kai Engert
Cykesiopka
Brian Smith
Michael Pruett
Mike Hommey
Bob Owen
Brad Lassey
Nicholas Nethercote
Andrew Bartlett
Phil Ringnalda
ffxbld
David Erceg
Kaspar Brand
Tom Schuster
Masatoshi Kimura
Daniel Holbert
Carsten "Tomcat" Book
J.C. Jones