00f176ef95
Bug 972702 - Make Cert Viewer details tab content resizable. r=keeler
2014-05-27 20:58:00 +02:00
b07e3b1b23
Bug 1016442 - Make mozilla cdn sites production on built-in list. r=mmc
...
--HG--
extra : rebase_source : 5d937b61ab86c974210dcc83735cd4308bff018e
2014-05-27 10:53:40 -07:00
d142e79073
Backed out changeset d5da62e82faf (bug 995801) for test_browserElement_oop_SecurityChange.html failures.
...
CLOSED TREE
2014-05-27 14:27:40 -04:00
82eb078310
bug 995801 - cache nsNSSCertificate::mCachedEVStatus on disk r=mayhemer
2014-01-10 11:13:03 -08:00
8d8df0c940
Bug 998803 - Add support for RSA encryption and signing to WebCrypto API. r=bz,dkeeler
2014-05-23 15:29:00 +02:00
785d39a051
No bug, Automated HSTS preload list update from host bld-linux64-spot-1068 - a=hsts-update
2014-05-24 03:14:12 -07:00
5d9a310465
Bug 1004351: Enable production mode for twitter pins (r=keeler)
2014-05-22 15:11:07 -07:00
404c8597ce
Bug 1014344: Use Google's root pems in addition to their intermediate certs (r=keeler)
2014-05-22 15:09:45 -07:00
4f4ef533f5
Bug 1009794: Update NSS to NSS_3_16_2_BETA2, which also includes fixes
...
for bug 999893, bug 1011090, bug 1009785, bug 421391, and bug 1011229.
2014-05-22 12:31:09 -07:00
d0a5ea9350
Bug 622332 - Show cert SHA-256 fingerprint and remove MD5 fingerprint. r=keeler
2014-05-22 00:52:00 +02:00
aea8617b92
Bug 869836 - Part 7: Use AppendLiteral instead of Append where possible. r=ehsan
2014-05-22 06:48:51 +03:00
58641805f1
Bug 869836 - Part 6: Use EqualsLiteral instead of Equals where possible. r=ehsan
2014-05-22 06:48:51 +03:00
189593520f
Bug 869836 - Part 4: Use EqualsLiteral instead of `Equals(NS_LITERAL_STRING(...))`. r=ehsan
2014-05-22 06:48:51 +03:00
0e6f3a6562
Bug 869836 - Part 3: Use `Append('c')` instead of `AppendLiteral("c")`. r=ehsan
2014-05-22 06:48:51 +03:00
19bebbc68d
Bug 869836 - Part 2: Use AppendLiteral instead of `Append(NS_LITERAL_STRING(...))`. r=ehsan
2014-05-22 06:48:50 +03:00
d16b3320e8
Bug 1010594 - Part 2/2 tests - r=keeler
...
--HG--
extra : rebase_source : 4ca9623b815544edc58308544fa85b192c2f31f3
2014-05-19 13:26:23 -07:00
0c9b112b38
Bug 1010594 - Part 1/2 OCSP url check - r=briansmith
...
--HG--
extra : rebase_source : 0b26339d33db90722401ae1d8ac255d0390aea30
2014-05-16 13:53:14 -07:00
e7518a4528
Bug 1009635 - PreloadedHPKP.json should also contain production/exclusion lists. r=keeler
...
--HG--
extra : rebase_source : 46c13e490358f26b21191d6d783d795897ceea63
2014-05-15 08:04:54 -07:00
2b33a87b1f
Bug 995385 - Ensure that NSS is initialzed for CryptoTasks. r=dkeeler
2014-05-16 15:47:00 -04:00
a597c57860
Bug 1009452 - inherit stdout and stderr into the content process to allow logging. r=aklotz
2014-05-14 16:09:31 +01:00
9f78dc2ea0
Bug 920372 - Fix socketcall whitelisting on i386. r=kang
2014-05-20 18:38:14 -07:00
f6ffcab30d
Bug 920372 - Allow tgkill only for threads of the calling process itself. r=kang
2014-05-20 18:38:06 -07:00
ebb89f61f4
Bug 920372 - Use Chromium seccomp-bpf compiler to dynamically build sandbox program. r=kang
2014-05-20 18:37:53 -07:00
9e94aea459
Bug 920372 - Import Chromium seccomp-bpf compiler, rev 4c08f442d2588a2c7cfaa117a55bd87d2ac32f9a. r=kang
...
Newly imported:
* sandbox/linux/seccomp-bpf/
* sandbox/linux/sandbox_export.h
* base/posix/eintr_wrapper.h
Updated:
* base/basictypes.h
* base/macros.h
At the time of this writing (see future patches for this bug) the only
things we're using from sandbox/linux/seccomp-bpf/ are codegen.cc and
basicblock.cc, and the header files they require. However, we may use
more of this code in the future, and it seems cleaner in general to
import the entire subtree.
2014-05-20 18:37:45 -07:00
e9868c3934
Bug 1013504: Introduce error file for genHPKPStaticPins.js (r=keeler)
2014-05-20 13:25:02 -07:00
5f5fc30c16
Bug 1005375 - Add an API that allows CryptoTasks to be created without being dispatched
2014-05-03 08:50:00 +02:00
84e89d2fa5
Bug 1007708 - Part 1: Fix warnings in security/pkix/test/ and mark as FAIL_ON_WARNINGS. r=briansmith
2014-05-17 20:12:10 -07:00
88108c8e9f
Bug 1011269: Forgot to qref to pick up keeler's changes (r=keeler)
2014-05-19 13:24:41 -07:00
7683ced05a
Bug 1011269: Add CertVerifier::pinningEnforceTestMode (r=keeler)
2014-05-19 13:04:40 -07:00
cc40dbbc9d
bug 986150 - fix some comments in mozilla::pkix DER tests r=mmc
2014-05-19 12:14:51 -07:00
3a148b5121
bug 986150 - test mozilla::pkix::der::OptionalBoolean r=mmc
2014-05-19 12:14:44 -07:00
c7191763ea
bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith
2014-05-14 10:05:32 -07:00
1793f7acdc
bug 1002814 - retry PK11_GenerateKeyPair when it fails non-fatally r=briansmith
2014-05-19 11:13:04 -07:00
51f64d5cbb
Bug 972201 - Remove the MOZ_B2G_CERTDATA hack. r=briansmith
2014-05-18 15:42:42 +02:00
5b464da977
No bug, Automated HSTS preload list update from host bld-linux64-spot-358 - a=hsts-update
2014-05-17 03:15:04 -07:00
fe9fcc5bec
Bug 1010634, Part 1: Fix compiler warnings in certverifier, r=cviecco
...
--HG--
extra : rebase_source : f8d925f042040368b038b62bc1d0c9d4d6d04618
2014-05-14 17:46:32 -07:00
2912321bc5
Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
...
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
2014-05-15 18:59:52 -07:00
f834909bb0
Bug 1010581: Document Expect/Match/Skip terminology in mozilla::pkix::der and make that code more consistent, r=keeler
...
--HG--
extra : rebase_source : 12aa2e1e9eed4f32a75732a65cbfaba9789d5d39
2014-05-14 19:30:09 -07:00
077fb4cfcf
Bug 1006041: Use mozilla::pkix::der for decoding the extended key usage extension, r=keeler
...
--HG--
extra : rebase_source : b4b62f117d653784eb6ad058554faf520a1bd90b
2014-05-14 01:02:34 -07:00
921579aca0
Bug 989564, Part 2: Remove CERTCertificate dependency from CheckBasicConstraints, r=keeler
...
--HG--
extra : rebase_source : c0ce62f44109cbcdf65da770a1154814733a6b49
2014-04-25 20:27:27 -07:00
33238b8f26
Bug 989564, Part 1: Decode basic constraints extension using mozilla::pkix::der, r=keeler
...
--HG--
extra : rebase_source : 89560218a69596868cb8a93c69ee72656b0abf77
2014-05-05 09:55:57 -07:00
94e8967a9f
Bug 1007844: Implement per-host telemetry for pin violations for AMO and aus4 (r=keeler)
2014-05-15 16:56:51 -07:00
010f4a4ced
Bug 1006594: Implement moz-specific telemetry (r=keeler)
2014-05-14 16:36:46 -07:00
aa1dddedcd
backout dfc04fd0a41f (bug 1002814) for gtest breakage
2014-05-14 11:08:20 -07:00
478d0a6460
bug 1005266 - disable strict timeout checking in test_ocsp_timeout.js on WinXP because of frequent failures r=mmc
2014-05-14 09:57:10 -07:00
cd165343b0
bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith
2014-05-14 10:05:32 -07:00
1e673cbacc
bug 1006804 - psm interface for kea size and make kea available in preliminary handshake r=keeler r=honzab
2014-05-06 17:22:25 -04:00
a28ceb8833
Bug 1007195 - Change licensing on mozilla::pkix to dual Apache 2/MPL 2. r=briansmith.
2014-05-14 14:37:25 +01:00
730c8da49a
Bug 1009720: Telemetry for CERT_PINNING_TEST_RESULTS (r=keeler)
2014-05-13 13:50:13 -07:00
2bf68f16b6
bug 1005355 - look for PSM test binaries in /data/local/xpcb/ on Android/B2G r=mmc
2014-05-12 14:38:00 -07:00
9aae1d6105
Bug 772756: Implement sha1 support, import Chrome's pinsets wholesale, add test mode (r=cviecco,keeler)
2014-05-08 17:18:50 -07:00
364ad99c8f
Merge mozilla-central to mozilla-inbound
2014-05-12 13:48:01 +02:00
0eef94abf9
merge mozilla-inbound to mozilla-central
2014-05-12 13:33:19 +02:00
849b0f7cb9
No bug, Automated HSTS preload list update from host bld-linux64-spot-382 - a=hsts-update
2014-05-10 03:26:08 -07:00
729caf70d4
Bug 1005309 - Fixed MSVC detection.
...
--HG--
extra : rebase_source : 0b61de1270eb861234539de675c2d381e217f55c
2014-05-12 11:01:22 +02:00
e1c350091f
bug 1005266 - specify a timeout for the socket in test_ocsp_timeout.js r=mmc
2014-05-09 15:17:43 -07:00
4f866e23df
Bug 1007986 - Remove 1024 bit roots from mozilla pin list. r=mmc
2014-05-09 10:58:47 -07:00
675aff56b2
bug 1007962 - CreateEncodedCertificate should take a SECItem as its serialNumber argument r=mmc
2014-05-08 15:33:38 -07:00
ea0182ae63
bug 1007813 - match CreateEncodedCertificate declaration to its definition r=mmc
2014-05-08 11:51:50 -07:00
fe569bf1f2
Bug 979703: Update NSS to NSS_3_16_2_BETA1.
...
Fix bugs in intel-gcm-x86-masm.asm and re-enable the
Intel AES assembly code. (The fix is by Shay Gueron of Intel.)
Remove an unnecessary loop in intel-gcm-x64-masm.asm r=agl.
2014-05-08 14:28:47 -07:00
baff68ca81
Bug 1000354: Fix comment and make test clearer (r=keeler)
2014-05-07 15:48:23 -07:00
5a3bee8d99
Bug 997987 - Remove usage of nsIScriptSecurityManager::GetSubjectPrincipal. r=Ms2ger
2014-05-06 15:43:03 -07:00
3ab8eb01df
Bug 1004832 - Add tgkill to seccomp-bpf whitelist. r=kang
2014-05-02 16:57:00 +02:00
b529036d7c
Bug 1006107 - Disable pining by default, setup pinning for *.addons.mozilla.org. r=dkeeler
...
--HG--
extra : rebase_source : 93b1dbd5dc31490424060729a3941deffa8ee1d5
2014-05-05 13:59:32 -07:00
d4f27e6065
Bug 993569: Update to NSS 3.16.1 and NSPR 4.10.5. r=kaie.
2014-05-05 13:51:39 -07:00
7b1596592f
Bug 1005364: Disable pinning for all mozilla properties (r=keeler)
2014-05-04 15:36:38 -07:00
c92ecd7e9b
Bug 1005667: Fix build warning due to buggy test code in pkixtestutil.cpp, r=dholbert
2014-05-04 11:04:48 -07:00
75f6d3a530
Bug 1005309, Part 2: Enable extended compiler warnings (-W4 -Wall) in mozilla::pkix, r=mmc
...
--HG--
extra : rebase_source : 033574a0b26582753baec003becfaf15bbd85003
extra : histedit_source : 2d52c47f92b8f694203c2eb580b37be78ccf2f9c
2014-05-03 17:50:26 -07:00
fc861849bc
Bug 1005309, Part 1: Improve type conversion and error checking for hashing done in mozilla::pkix's pkixocsp.cpp. r=mmc
...
--HG--
extra : rebase_source : 79c248ebc45d722249ae7adbbd2527dc9985f6f0
extra : histedit_source : 8ea66942cec4252d9d7e625da22b5ad9964485a1
2014-05-02 11:53:06 -07:00
f0a3398f72
Bug 1005256: Improve parameter validation in mozilla::pkix::der::Input::GetSECItem, r=mmc
...
--HG--
extra : rebase_source : 93b65e103c86747ddaf463e639aacffdf7ccb08f
extra : histedit_source : 10ef0ab13fb9de710ea3c589600db4632f9cf4a0
2014-05-02 11:52:10 -07:00
a46aa03484
Bug 1005208: Rename issuerKeyHash to keyHash in mozilla::pkix's pkixocsp.cpp, r=mmc
...
--HG--
extra : rebase_source : ede4ed17cb56e3e52325ecadc2c5ded33c4a6013
extra : histedit_source : b727000e81bbc8afa6b9f8188b97065f59da45ad
2014-05-02 10:40:03 -07:00
20a90d85b4
Bug 1005198: Make it easy to create test certificates in GTest tests, r=keeler
...
--HG--
extra : rebase_source : 0b1ec263a5a1ce1856afb12f11ea4c35c2aa55d0
extra : histedit_source : 40a3a3fc1993de0fcdeb5593a1a1df4dc94832b8
2014-04-25 19:57:40 -07:00
46be226687
No bug, Automated HSTS preload list update from host bld-linux64-spot-043 - a=hsts-update
2014-05-03 03:18:44 -07:00
4cbe45bef4
bug 1004270 - use SQL cert/key DBs in PSM tests so we can run them on Android r=briansmith
2014-05-02 15:06:29 -07:00
1388a9d276
Bug 951315 - Add telemetry to PK pinning. r=dkeeler
2014-04-30 17:04:00 -07:00
8d3acf320f
Bug 1002696 - Minimum set of changes to make genHPKPStaticPins.js productionizable. r=cviecco, dkeeler
...
--HG--
rename : security/manager/boot/src/PreloadedHPKPins.json => security/manager/tools/PreloadedHPKPins.json
rename : security/manager/boot/src/genHPKPStaticPins.js => security/manager/tools/genHPKPStaticPins.js
2014-05-01 14:48:37 -07:00
9bf8c7f01d
bug 982248 - NSSCertDBTrustDomain: specify timeout for OCSP requests r=briansmith
2014-05-01 15:07:55 -07:00
6c43d7c225
Bug 1003290: Fix OID parser template type, r=keeler
...
--HG--
extra : rebase_source : c33e450b84234ae7471118c2f8749593a59d9298
2014-04-25 16:31:30 -07:00
9ae1a34e11
Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
...
--HG--
extra : rebase_source : 3f67f48d1f4150df0830f89e6c07bbbf3a8fc7e8
2014-04-25 16:29:26 -07:00
456d4f8a4d
Bug 1002929: Avoid implicit conversion of Result to boolean in mozilla::der::GeneralizedTime, r=keeler
...
--HG--
extra : rebase_source : 8966d41f1837611b83ac84b347aeddfade9bc949
2014-04-24 16:08:30 -07:00
7de05bc8ba
Bug 998057: Add tests for certificate pinning (r=cviecco,dkeeler)
2014-04-30 20:11:35 -07:00
1d5150d986
Backed out changeset 9c8fbf297d51
...
Camilo did not land his patch that this depends on, my bad.
2014-04-30 20:01:34 -07:00
68b3043845
Bug 998057: Add tests for certificate pinning (r=cviecco,dkeeler)
2014-04-30 19:56:03 -07:00
18421a4364
Bug 998057: Add test pinset to the pin generator (r=cviecco)
...
--HG--
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.der => security/manager/boot/src/default-ee.der
2014-04-30 15:30:44 -07:00
a54a4f05cf
Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
...
--HG--
extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca
2014-02-05 14:49:10 -08:00
aaca84b128
Bug 1003604 - Make nsNSSShutDownObject::isAlreadyShutDown() const. r=dkeeler
2014-04-29 17:45:00 +02:00
3a5329b969
Bug 952650 (part 11) - Remove JSVAL_TO_INT. r=njn.
...
--HG--
extra : rebase_source : 41923458bbf8fd957c9a57685df4969f1190bd9f
2014-04-27 19:55:08 -07:00
9a92d22f5a
Bug 952650 (part 9) - Remove JSVAL_IS_INT. r=njn.
...
--HG--
extra : rebase_source : dc0c170914c2370c218cdbbe671d2a68628f5a87
2014-04-27 19:47:02 -07:00
d3fe3aaf5d
Bug 952650 (part 1) - Remove JSVAL_IS_NULL. r=terrence.
...
--HG--
extra : rebase_source : 83d1cdaf71260fd99b688c23303ceb2de7b00031
2014-04-27 19:30:51 -07:00
5cf2107a2e
Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 4. This disables
...
the new Intel AES assembly code on Windows. r=kaie.
2014-04-29 16:13:03 -07:00
9d294dbe70
Bug 744204 - Allow Key pining part 1 - Built-in Pinning Service. r=keeler
2013-06-20 10:35:43 -07:00
388e440bec
bug 977865 - mozilla::pkix: add backoff for ocsp fetching when a responder fails r=cviecco
2014-04-28 16:38:15 -07:00
4cbf0ef630
Bug 998067: Add utility code for making it easier to create GTests based on NSS, r=keeler
...
--HG--
extra : rebase_source : 8ae08d1ccc9329aa567cfc7ac590ddb026155bae
2014-04-16 21:38:01 -07:00
8c0e54d6a8
Bug 1000544: Use "Fail(x, y)" instead of "PR_SetError(y, 0); return x;" more consistently, r=mmc
...
--HG--
extra : rebase_source : 96addac738b8ffe39c7a92d546388d5f13fc2340
2014-04-23 14:13:32 -07:00
bd4b0a0668
Bug 1000482: Remove unused stapledOCSPResponse parmaeter from BuildForwardInner, r=mmc, r=keeler
...
--HG--
extra : rebase_source : b5d67d3488aa3df5690a7dd2b76495ac4986a723
2014-04-23 13:42:38 -07:00
d6bedee1bf
Bug 1000483: Remove unused isTrustAnchor parameter from CheckKeyUsage, r=cviecco
...
--HG--
extra : rebase_source : 96e7b76362d6219193c814d35c332aae2ed5b48f
2014-04-23 13:38:19 -07:00
8063163ac9
Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 3. The main change
...
is https://hg.mozilla.org/projects/nss/rev/7e8485a5ed49 .
2014-04-27 20:39:24 -07:00
5f1fde8824
Bug 900908 - Part 3: Change uses of numbered macros in nsIClassInfoImpl.h/nsISupportsImpl.h to the variadic variants. r=froydnj
2014-04-27 03:06:00 -04:00
345123d0ec
Merge m-c to inbound.
2014-04-26 21:41:26 -04:00
01fcf1ea9e
No bug, Automated HSTS preload list update from host bld-linux64-spot-425 - a=hsts-update
2014-04-26 03:23:23 -07:00
Cykesiopka
Camilo Viecco
Ryan VanderMeulen
David Keeler
Richard Barnes
ffxbld
Monica Chew
Wan-Teh Chang
Birunthan Mohanathas
Bob Owen
Jed Davis
Chris Peterson
Marco Castelluccio
Brian Smith
Patrick McManus
Gervase Markham
Carsten "Tomcat" Book
Jacek Caban
Bobby Holley
Rodrigo Rodriguez Jr.