mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
481 124 коммитов 613 Ветки 98 Теги 5,9 GiB
Граф коммитов

10374 Коммитов

Автор SHA1 Сообщение Дата
David Keeler 7dd242bb39 bug 1261936 - stop using the subject common name in certificate verification error messages r=Cykesiopka 
MozReview-Commit-ID: G08cV5GmNDh

--HG--
extra : rebase_source : c79b34d893e7acddc8ee02a6c354dcaa1de07d61
 2016-04-04 16:25:24 -07:00
Julian Hector 2d64db058c Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld 2016-04-06 19:48:23 +00:00
Tim Taubert 63c7f51d31 Bug 842818 - Make Crypto::GetRandomValues() work off the main thread r=baku,keeler,mt 2015-09-22 10:50:36 +02:00
Cykesiopka 54da7e65e7 Bug 1252384 - Remove nsICertTree.isHostPortOverride(). r=dkeeler 
It is unused since the changes in Bug 825583 landed.

MozReview-Commit-ID: 2u2eu0aDqeH

--HG--
extra : transplant_source : f%5Ev%00%B6%8B%3E%5E%26%C3%10%25%D9%16%C1%98yhf%D2
 2016-04-06 07:02:17 -07:00
Bob Owen 907939a278 Bug 1256992 Part 2: Move SandboxBroker Initialization earlier and add telemetry and extra null checks. r=aklotz 
MozReview-Commit-ID: Fu05wLn27UG
 2016-04-07 08:28:14 +01:00
Wes Kocher 06944947a0 Backed out changeset 069c82269f81 (bug 1258375) for Windows xperf failures 
MozReview-Commit-ID: DwhDorbB2PO
 2016-04-06 16:51:48 -07:00
Kai Engert 02dd23b86a Bug 1258375, NSS_3_24_BETA4 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium 2016-04-06 21:43:36 +02:00
Cykesiopka efe5b47ede Bug 1260644 - Use UniquePLArenaPool to manage PLArenaPools in PSM. r=keeler 
MozReview-Commit-ID: HyLXbWoHMGz

--HG--
extra : rebase_source : 6164b7df51e11c4d3814a06bd41765d40be85a9d
 2016-04-04 17:35:24 -07:00
Tim Taubert 313721942c Bug 1261213 - Follow-up to make eslint happy r=bustage 2016-04-06 10:32:16 +02:00
Tim Taubert 96b0d713ad Bug 1261213 - make test_sts_privatebrowsing_perwindowpb.html work under e10s r=keeler,mrbkap,felipe 2016-04-05 12:52:19 +02:00
Cykesiopka 1f493434a0 Bug 1127158 - Remove brittle debug only flag math in nsSecureBrowserUIImpl.cpp. r=dkeeler 
MozReview-Commit-ID: 3d5mYDjzJwf

--HG--
extra : rebase_source : ce0b714b92d9deed79a8a9e24e0d8db4b9eef8c7
 2016-04-01 06:16:58 -07:00
timeless@mozdev.org cbc8dc0b64 Bug 550185 - Ensure nsCertTree::GetCellText returns an initialized value. r=kaie 
--HG--
extra : rebase_source : 4c4529a62c5acb7bba52e8cb94e69e795a85b7e1
 2016-04-04 21:18:00 +02:00
David Keeler 9825c57bc3 bug 1239166 - platform work to support Microsoft Family Safety functionality r=froydnj,mgoodwin,mhowell,rbarnes,vladan 
MozReview-Commit-ID: GhpJqJB97r9

--HG--
extra : rebase_source : e943c1e4d0f008ffd6b6bb4bb63e1daf27ae2c96
 2016-01-12 15:39:43 -08:00
David Keeler 6e4140d766 bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin 
MozReview-Commit-ID: 7xT6JGpOH1g

--HG--
extra : rebase_source : 0def29e8be898a2d975ee4390b3bc6a193766b1b
 2016-02-09 10:14:27 -08:00
Cykesiopka ed5502e22f Bug 1252722 - Add additional tests. r=keeler 
MozReview-Commit-ID: Ds5t8RSd1Mk

--HG--
extra : transplant_source : %92Nx%E8%7E%3A%E6%97w%8A%D0%102%7D%8D%93%A2%9D%A4%25
 2016-03-31 17:33:06 -07:00
Cykesiopka bc9cb4c633 Bug 1252722 - Improve handling of PK11_* function error codes. r=keeler 
MozReview-Commit-ID: DWNNXq8ZJ47

--HG--
extra : transplant_source : N%10%80%B2%9C%DEwu%0B%BF%FB%3B%D4%06%D8W%2AyBh
 2016-03-31 17:33:00 -07:00
Cykesiopka 531fe59f42 Bug 1252722 - Ensure arguments of all public methods are checked. r=keeler 
MozReview-Commit-ID: 5UJup8k8iGe

--HG--
extra : transplant_source : %D0v%7B%F2%60%04%E3%11%15_%AC%A0%D0%CE%0D%3A0q%96%24
 2016-03-31 17:32:53 -07:00
Cykesiopka 0ebbbafe4b Bug 1252722 - Use smart pointers for NSS resources. r=keeler 
MozReview-Commit-ID: Gg3DNjGiNIQ

--HG--
extra : transplant_source : _%AC%97%FA%DA%FF%FE%95%E5%D4%3C%BE%82%E4%24%D9F%ADB%89
 2016-03-31 17:31:55 -07:00
Cykesiopka db361c5c2d Bug 1252722 - Fully implement nsNSSShutDownObject everywhere. r=keeler 
MozReview-Commit-ID: 4OZ6tCdCGEP

--HG--
extra : transplant_source : U%27%E3%E2A%85%03%AC%FA%C9%9A%9Et%87%E9%F6s%FFy%AC
 2016-03-31 17:31:50 -07:00
David Keeler 581a304acb bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj 
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.

MozReview-Commit-ID: 8GxtgdbaS3P

--HG--
extra : rebase_source : d1bed911f2d5d40229ea06556fee0848668e98b6
 2016-03-28 12:52:40 -07:00
Cykesiopka 7167af4f5a Bug 1251801 - Ensure arguments of all public methods are checked. r=keeler 
MozReview-Commit-ID: 1UQ4thOmUGb

--HG--
extra : transplant_source : V%24o%40%403%BF%B4o%5E%F5%28%91%B8%8A%E2%E3%E9%8B%BF
 2016-03-29 18:14:29 -07:00
Cykesiopka 703b7ef6b1 Bug 1251801 - Improve handling of PK11_* function error codes. r=keeler 
MozReview-Commit-ID: 18acVVAuapm

--HG--
extra : transplant_source : %C3%FD%1D%BF/%E4%A5%BBl%DE%03%BC%0E%CA%04%D8%C6%0Fze
 2016-03-29 18:14:29 -07:00
Cykesiopka b2f33b0ba8 Bug 1251801 - Fully implement nsNSSShutDownObject and obviate manual NSS resource management. r=keeler 
MozReview-Commit-ID: A7a9TVikRPh

--HG--
extra : transplant_source : v%CE%9Df%F6%0AaqJ%D5A%07%B0%2A.%E2%01c%C5%A5
 2016-03-29 18:14:28 -07:00
Wes Kocher caea64b900 Backed out changeset 3ff2b12ffedc (bug 1254667) for upsetting the test_ocsp_caching.js gods on android CLOSED TREE 
MozReview-Commit-ID: JaJXHxKEAvu
 2016-03-29 16:38:18 -07:00
David Keeler 4a9f753dd1 bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj 
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.

MozReview-Commit-ID: 8GxtgdbaS3P

--HG--
extra : rebase_source : 7e81131a6c215bf7af514f150ebe2eb16a5c612a
 2016-03-28 12:52:40 -07:00
Martin Thomson 83f1770c2c Bug 1238001 - Allow TLS info to be updated on renegotiation, r=keeler 
MozReview-Commit-ID: KJaPgEwTvhv

--HG--
extra : rebase_source : f7d0025eca46e191d23aee182c9ace58b7d59b8b
extra : amend_source : 7e98ef0aa34b0c2def205644e1ab9e576417930d
 2016-02-23 08:00:00 -08:00
ffxbld b83f7e6b04 No bug, Automated HPKP preload list update from host bld-linux64-spot-413 - a=hpkp-update 2016-03-28 14:10:40 -04:00
ffxbld fbba08e207 No bug, Automated HSTS preload list update from host bld-linux64-spot-413 - a=hsts-update 2016-03-28 14:10:40 -04:00
Kyle Huey d9265a3eaf Bug 1259294: Part 2 - Use MOZ_ALWAYS_SUCCEEDS. r=froydnj 2016-03-28 10:28:15 -07:00
Cykesiopka e05e655f1b Bug 1258298 - Switch more Scoped.h templates in PSM to UniquePtr equivalents. r=keeler 
MozReview-Commit-ID: 8VOhiuNOlBX

--HG--
extra : amend_source : 70d01c7a061c4b751d643d1277e3185ccf348e54
 2016-03-24 18:30:37 -07:00
Cykesiopka e031eef545 Bug 1259149 - Add additional tests for the nsIPK11* and nsIPKCS11* implementations. r=keeler 
After these additions, the majority of the API surface should be covered.

MozReview-Commit-ID: CvpEX6Cm94d

--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_list.js => security/manager/ssl/tests/unit/test_pkcs11_module.js
extra : transplant_source : %B3%E0%09%B9%E4b%D0A%F0%00r%08%1F%9Dm%E7%CC9%E3l
 2016-03-24 18:29:39 -07:00
Ted Mielczarek 815dd278b6 bug 1259753 - fix some C++ unittests to use ScopedXPCOM to init XPCOM. r=ms2ger 
MozReview-Commit-ID: B6xdlB9Di0y

--HG--
extra : rebase_source : 182d29d677c77ae6780260f5fc9b0792bdd98f84
extra : amend_source : 1e4fa2453d6773bd1e63f52b7aa3bf61e61600ff
 2016-03-25 10:04:37 -04:00
Nathan Froyd 8cd3125d35 Bug 1255438 - fix OS X warning bustage and reopen this CLOSED TREE; r=me 2016-03-25 10:09:01 -04:00
Nathan Froyd 0e58a8d0a5 Bug 1255438 - create nsI{Mutable,}Array directly; r=keeler 2016-03-25 09:36:25 -04:00
Nathan Froyd e1d8b92ec6 Bug 1255425 - part 2 - pack kSTSPreloadList into a more efficient format; r=keeler 
Entries in kSTSPreloadList currently look like:

class nsSTSPreload
{
  public:
    const char *mHost;
    const bool mIncludeSubdomains;
};

This is inefficient for a couple of reasons:

* The structure has a bunch of wasted space: it takes 8 bytes on 32-bit
  platforms and 16 bytes on 64-bit platforms, even though it only uses 5
  and 9 bytes, respectively.

* The |const char*| requires additional space in the form of relocations
  (at least on Linux/Android), which doubles the space cost of
  individual entries.  (The space cost of the relocations is mitigated
  somewhat on Linux and Android because of elfhack, but there's still
  extra cost in the on-disk format and during the load of libxul to
  process those relocations.)

* The relocations the structure requires means that the data in it can't
  be shared between processes, which is important for e10s with multiple
  content processes.

We can make it more efficient by structuring it like so:

static const char kSTSPreloadHosts[] = {
  // One giant character array containing the hosts, in order:
  //   "example.com\0example.org\0example.test\0..."
  // Use an array rather than a literal string due to compiler limitations.
};

struct nsSTSPreload
{
  // An index into kSTSPreloadHosts for the hostname.
  uint32_t mHostIndex: 31;
  // We use the same datatype for both members so that MSVC will pack
  // the bitfields into a single uint32_t.
  uint32_t mIncludeSubdomains: 1;
};

nsSTSPreload now has no wasted space and is significantly smaller,
especially on 64-bit platforms (saves ~29K on 32-bit platforms and ~85K
on 64-bit platforms).  This organization does add a couple extra
operations to searching for preload list entries, depending on your
platform, but the space savings make it worth it.
 2016-03-24 15:09:28 -04:00
Nathan Froyd b2490bf812 Bug 1255425 - part 1 - clearly delineate steps when outputting HSTS preload list; r=keeler 
The main loop of |output| tweaks entries, filters out entries based on
some conditions, and writes out the actual entries we're going to use.
Let's separate those three steps so it's clearer what's happening where.
 2016-03-11 15:35:47 -05:00
David Keeler 08f83f4f99 bug 1257969 - update test_pinning_dynamic.js test certificates to not use subject common name for name information r=jcj 
MozReview-Commit-ID: 1NpjJO9r8ma

--HG--
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec
extra : rebase_source : 9fa95f73f616da87f19bf8c5f7749b02b52b9696
 2016-03-18 14:14:00 -07:00
Gregory Szorc 6a9168778b Bug 1124033 - Disable C4311 and C4312 in directories exhibiting warnings; r=ehsan 
There are a long tail of C4311 and C4312 warnings in VS2015. Rather than
wait until all of them are fixed to land VS2015, we're taking the easy
way out and disabling these warnings in every directory currently
exhibiting a warning. This is evil. But it is a lesser evil than
globally disabling C4311 and C4312. At least with this approach new
C4311 and C4312 warnings in directories that aren't suppressing them
shouldn't be introduced.

MozReview-Commit-ID: 2cwWrjMD6B9

--HG--
extra : rebase_source : 3e7b8ea042765fdf138f5ca93a0f9dab75a95fcd
 2016-03-23 17:19:20 -07:00
David Keeler eabc80d212 bug 1258579 - remove some unnecessary time-related globals from mozilla::pkix tests r=Cykesiopka 
MozReview-Commit-ID: C0XPTdO4Ab7

--HG--
extra : rebase_source : cb97b17cc5f3bd2fe1fe2bd13cae5447e029c14d
 2016-03-22 10:26:30 -07:00
Bob Owen db4259c176 Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley 2016-03-23 08:10:43 +00:00
Cykesiopka c343159d73 Bug 1253108 - Enable ESLint "strict" rule for PSM. r=keeler 
MozReview-Commit-ID: 4wElZ8Guq9z

--HG--
extra : rebase_source : 60fb87c33d041994f35cbf9fd2fb3a55bd753bc6
 2016-03-19 03:07:13 -07:00
Boris Zbarsky bc347a401b Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:35 -04:00
Boris Zbarsky 42b3bbe27a Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky 54987c5cc1 Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky efa07c06d1 Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Sebastian Hengst 0e9bf1445a Backed out changeset 6e95ee3cd4c6 (bug 1257919) 2016-03-22 21:10:21 +01:00
Sebastian Hengst e6e4d30446 Backed out changeset c4faeb0be959 (bug 1257919) 2016-03-22 21:10:12 +01:00
Sebastian Hengst 336c2cc4ae Backed out changeset 08f1c7239cdf (bug 1257919) 2016-03-22 21:10:01 +01:00
Sebastian Hengst 8b2bf79a7a Backed out changeset ff81c52375ba (bug 1257919) 2016-03-22 21:09:32 +01:00
Boris Zbarsky 8062407932 Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:35 -04:00
Boris Zbarsky 5df498fbd2 Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky cc563df19f Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky 38af226a36 Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Carsten "Tomcat" Book 0262976513 Backed out changeset 917819510b3f (bug 1235634) for memory leaks on a CLOSED TREE 2016-03-22 16:08:55 +01:00
Tim Taubert 5706816622 Bug 1235634 - Construct nsNSSShutdownList::singleton lazily on first use r=keeler 2016-03-22 15:13:05 +01:00
Carsten "Tomcat" Book 417d5d9533 Backed out changeset 0fedfd441a06 (bug 1256992) for gtest failures 2016-03-22 09:54:55 +01:00
Bob Owen 72e4566fa4 Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley 2016-03-22 07:40:03 +00:00
Cykesiopka 1a9cf03eb1 Bug 1251009 - Remove unused nsICertificateDialogs.notifyCACertExists() method. r=keeler, r=mfinkle 
MozReview-Commit-ID: 5CFAsy5e1Cl

--HG--
extra : rebase_source : eed2fc5d3511c140dfe6046079347e9a881e2803
 2016-03-16 12:48:59 -07:00
Cykesiopka 9e0106d044 Bug 1004149 - Add some missing OCSP URL tests. r=keeler 
MozReview-Commit-ID: Iiyv6sMKEWV

--HG--
extra : transplant_source : S%CCT/%B2%7C%F1%3E%D4%A6%C4%C2%AA%F0%AA%40%DF%F2%29d
 2016-03-18 21:11:09 -07:00
Cykesiopka bdfc5290f6 Bug 1004149 - Return mozilla::pkix::Result values in nsNSSHttpInterface functions. r=keeler 
MozReview-Commit-ID: Kx1E3HLP7zC

--HG--
extra : transplant_source : %F0%068%83%E21dM-%FE%7C%EC1%1E%05h%E6%1D%271
 2016-03-18 21:11:03 -07:00
Cykesiopka 6698ff0184 Bug 1004149 - Remove some dead code. r=keeler 
MozReview-Commit-ID: JF6IgVCEUVe

--HG--
extra : transplant_source : %B5%E0%F4%20%8C%BC%CF%23a%2B%DB%A5kG%D6%98%CC%D1%1D%23
 2016-03-18 21:10:54 -07:00
ffxbld ce9073e1b8 No bug, Automated HPKP preload list update from host bld-linux64-spot-543 - a=hpkp-update 2016-03-19 04:43:32 -07:00
ffxbld a593c802bf No bug, Automated HSTS preload list update from host bld-linux64-spot-543 - a=hsts-update 2016-03-19 04:43:30 -07:00
David Keeler 3db46cef2e bug 1240118 - add functionality to treat a test certificate as a built-in root r=mgoodwin 
MozReview-Commit-ID: GJMd2zEAcmX

--HG--
extra : rebase_source : d2d55c593368b4e5d8562484673a1018dc5ad02d
 2016-03-15 17:19:00 -07:00
Cykesiopka e6008c2304 Bug 1251011 - Enable ESLint "no-undef" rule for PSM. r=keeler r=mossop 
MozReview-Commit-ID: 1lbwWWkJjqq

--HG--
extra : rebase_source : 10fa76138cb5c4ac53b2b49f99b26ce3748f9fff
 2016-03-16 16:50:33 -07:00
Gregory Szorc 4ab279264e Bug 1257036 - Disable C4302 to unblock compilation on VS2015; r=bobowen 
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. But the warning
occurs in third party code, so my hands are tied.

MozReview-Commit-ID: A0UF2RHJzVo

--HG--
extra : rebase_source : 3fc5300f6f67274162f4d65fd83eb9c18b4bf716
 2016-03-16 13:27:59 -07:00
David Keeler d27e176906 bug 1236964 - enable Certum Trusted Network CA 2 root certificate for EV treatment r=jcj 
MozReview-Commit-ID: 8QlBgAdXjlm

--HG--
extra : rebase_source : 07affb67f289f9d460e3eac147dcd44945da182d
 2016-03-15 16:08:15 -07:00
David Keeler fceae4c33d bug 1256495 - temporarily check build-time-generated PSM xpcshell test certificates in to the tree r=Cykesiopka 
MozReview-Commit-ID: GIJgI4mFpGL

--HG--
extra : rebase_source : 143f72f3c8d6c0ac41151b9db38bec2fbaacd76b
 2016-03-14 17:30:36 -07:00
Cykesiopka 301ab6716b Bug 1250258 - Partially clean up nsNSSCertificateDB.cpp import methods. r=keeler 
MozReview-Commit-ID: Dbk5N1FwdWB

--HG--
extra : rebase_source : d97d4802af2f41218be2d210a8ecdb9bf1885122
 2016-03-16 03:54:26 -07:00
Brian Smith 30373af60a Bug 1189020 - Replace |// unnamed namespace| with |// namespace| in mozilla::pkix. r=Cykesiopka 
This is what Google suggests in its style guide, and somebody
already changed one of these comments to the new style.

--HG--
extra : rebase_source : fe3f7fc17a2fc09ad0ba01fa1511dc8dba7653e1
 2016-03-16 07:10:00 +01:00
Nathan Toone 4557e5f651 Bug 1092004 - Use getdtablesize for non-gonk builds as well. r=glandium 
When building non-gonk builds, ANDROID_VERSION is not set.  Beginning with NDK 11, getdtablesize is no longer included.  This means that we should use the stub version of the function that is defined in android_stub.h for all android platforms.  This patch moves the function out of the "#if ANDROID_VERSION >=21" block so that all android code can use it.

Adding glandium as the reviewer, because he reviewed the original patch at bug 1103816.

MozReview-Commit-ID: 2NmUl5XuvDS

--HG--
extra : transplant_source : %03%8C/%E0%20t%D0%3Al4%D4Oh%CB_%07%8A%24r%CC
 2016-03-14 16:19:12 -06:00
Nicholas Nethercote a2f068b2ad Bug 1253085 - Remove the |PLDHashTable*| argument from PLDHash{HashKey,MatchEntry}. r=froydnj. 
This is easy because it's never needed.

--HG--
extra : rebase_source : 78830dab41c40a1544fa55fc69ca9c1c6709d767
 2016-03-16 15:33:44 +11:00
Tooru Fujisawa 50608d5d55 Bug 1256088 - Merge mock app-info implementation into AppInfo.jsm. r=gps 2016-03-16 16:58:29 +09:00
Nicholas Nethercote e098d1b141 Bug 1255655 - Const-ify kPinset_* arrays. r=cykesiopka. 
--HG--
extra : rebase_source : b8c360a7c79bd3e79d30210cd8e624e3e4eae7c3
 2016-03-11 13:54:41 +11:00
Mike Shal 0ea1e0d44b Bug 1256011 - Remove security/manager/ssl/tests/unit/pkcs11testmodule/Makefile.in; r=ted 
MozReview-Commit-ID: qM1XuSSCoX
 2016-03-14 19:21:45 -04:00
Gregory Szorc 3ff1fe40e4 Bug 1256484 - Disable C4456 and C4458 to unblock compilation on VS2015; r=keeler 
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. So hopefully
someone fixes the underlying problem someday. However, there are tons
of ignored warnings in security/certverifier, so I guess the workaround
in this patch is par for the course.

MozReview-Commit-ID: 7GZ9RpkxnwT

--HG--
extra : rebase_source : 023a438b6458fb4859018cde421d51072f0f0490
 2016-03-14 23:57:33 -07:00
Gregory Szorc b58a16b4d9 Bug 1256499 - Disable C4311 and C4312 to unblock compilation on VS2015; r=bobowen 
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. But the warning
occurs in third party code, so my hands are tied.

MozReview-Commit-ID: BCXQcEejre9

--HG--
extra : rebase_source : a36a432edc834ec806dd4341f247143b178902a4
 2016-03-15 11:28:52 -07:00
Gregory Szorc 7aa5c525a3 Bug 1256490 - Disable C4302 to unblock compilation on VS2015; r=bobowen 
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. But the warning
occurs in third party code, so my hands are tied.

MozReview-Commit-ID: 6n8nl517Ly

--HG--
extra : rebase_source : 19c1c012e1ddf15accbdf1a1050e4d607f9c7b31
 2016-03-14 17:00:09 -07:00
Mark Goodwin 985802557a Bug 1224531 - Provide a mechanism for the updater to drive kinto collection sync r=rnewman,mossop 
There are two parts to this change. The first is a module to drive kinto
collection sync. This gives server-provided last-update times to each module
managing collection information so that data is only fetched when updates are
necessary. This also keeps track of when pings last took place (for future use)
and any apparent difference between client and server clock (we need this later
for the content signing work).

Currently only one module (the kinto version of the OneCRL client) consumes this
information, though more will follow.

The second is a minor change to nsBlocklistService.js to ensure that this ping
takes place whenever the existing blocklist ping happens.

MozReview-Commit-ID: 7SN03AOJ4Wc
 2016-03-15 08:55:23 +00:00
David Keeler 61a9a234f8 bug 1255153 - (re)move redundant xpcshell name constraint tests to gtests r=Cykesiopka,jcj 
MozReview-Commit-ID: 8eFSIhB1RId

--HG--
extra : rebase_source : 63b147b8bdc9f2961b2f56723ac5baa0e2564684
 2016-03-09 14:33:31 -08:00
David Keeler 2f0004e1be bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin 
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.

MozReview-Commit-ID: HCtZpPQVEGZ

--HG--
extra : rebase_source : 759e9c5a7bb14f14a77e62eae2ba40c085f04ccd
 2016-03-04 17:06:33 -08:00
Franziskus Kiefer bd54ab19d3 Bug 1226928 - signature verification for content-signing, r=keeler,mayhemer 2016-03-14 11:56:35 +01:00
Franziskus Kiefer de6c5e883a Bug 1226928 - remove Wshadow warning in ScopedNSSTypes, r=keeler 2016-03-14 11:56:25 +01:00
Ryan VanderMeulen da1885e860 Merge inbound to m-c. a=merge 2016-03-12 15:23:38 -05:00
ffxbld 7e46a33af1 No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update 2016-03-12 04:40:14 -08:00
ffxbld 0391ff34f5 No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update 2016-03-12 04:40:12 -08:00
Wes Kocher e7883e4059 Backed out changeset 490eb9194ae1 (bug 1228175) for TestIsCertBuiltInRoot failures on at least Android 
MozReview-Commit-ID: 7kpuhoY0CJw
 2016-03-09 14:22:36 -08:00
David Keeler f228ba40a1 bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin 
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.

MozReview-Commit-ID: HCtZpPQVEGZ

--HG--
extra : rebase_source : 898ef37459723f1d8479cfdc58658ccb00e782a9
 2016-03-04 17:06:33 -08:00
Richard Barnes 0926cc2911 Bug 1254653 - Add telemetry to measure how often we encounter EV certificates r=keeler 
MozReview-Commit-ID: FvDpMGEJGLQ

--HG--
extra : rebase_source : 8dab354175e1a7b57450011bc50ffa6fd13448b7
 2016-03-08 17:30:40 -05:00
Carsten "Tomcat" Book 1ca11b97af merge mozilla-inbound to mozilla-central a=merge 2016-03-09 11:46:43 +01:00
ffxbld 3e380e6fa3 No bug, Automated HPKP preload list update from host bld-linux64-spot-223 - a=hpkp-update 2016-03-08 19:41:38 -08:00
ffxbld a560947174 No bug, Automated HSTS preload list update from host bld-linux64-spot-223 - a=hsts-update 2016-03-08 19:41:36 -08:00
Cykesiopka 610314abc0 Bug 1253958 - Make getHSTSPreloadList.js and genHPKPStaticPins.js gracefully handle trailing whitespace in URL entries. r=dkeeler 
MozReview-Commit-ID: Kyc7JzxVEo0

--HG--
extra : rebase_source : 009554017b7ec1e2c6e57430ee554eb94deb2a3a
 2016-03-06 16:02:52 -08:00
Masatoshi Kimura 0fb560192b Bug 1253166 - Remove UI to override RC4 errors. r=keeler 2016-03-08 06:34:42 +09:00
Masatoshi Kimura e9c1221a17 Bug 1254306 - Do not check the fallback limit version for the RC4 fallback. r=keeler 2016-03-09 07:38:43 +09:00
Nathan Froyd 777c075f0e Bug 1253010 - part 3 - create all nsIDateTimeFormat instances directly; r=smontagu 2015-12-05 11:03:27 -05:00
Nathan Froyd ae4c78cdd2 Bug 1253010 - part 1 - refactor nsX509CertValidity time formatting; r=keeler 
nsX509CertValidity has several copy-pasted routines that differ only
slightly in the parameters they use for formatting times.  Let's have a
single place to do the formatting and pass in the appropriate
parameters.
 2015-12-05 10:26:19 -05:00
Daniel Holbert bda0bd02db Bug 1253194: Suppress -Wimplicit-fallthrough clang warning for intentional fallthrough in icu_utf.cc (which is imported code). r=bobowen 2016-03-04 09:00:40 -08:00
sajitk 25babf4ea8 Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
Kai Engert 9b8bef561d Bug 1245053, NSS_3_23_RTM, only version numbers finalized, no code changes, DONTBUILD 2016-03-03 10:53:54 +01:00
Cykesiopka a650e7a431 Bug 1250254 - Enable ESLint "no-throw-literal" rule for PSM. r=dkeeler 
MozReview-Commit-ID: LZcitO0FTWH

--HG--
rename : security/manager/.eslintrc => security/manager/.eslintrc.json
extra : transplant_source : %95%EA%08ofJn-l%3D%A2W%90%A6i%E4%5D%A1c%3E
 2016-02-29 20:05:55 -08:00
David Keeler 8662000fad bug 1049969 - add symbols file for the test pkcs11 module so it works on Windows r=jcj 
MozReview-Commit-ID: KRaAmd7icd8

--HG--
extra : rebase_source : 2c0f1b8cf055574c01d6a6ef15af4246d00151bc
 2016-03-01 17:12:38 -08:00
Cykesiopka cff547515b Bug 1250256 - Partially clean up nsSDR.cpp. r=keeler 
MozReview-Commit-ID: FoS4oTjnd7F

--HG--
extra : transplant_source : %03%85%27T%06%E6%FB%FD%10%2C%F6%D9%92%F7I%60%B0%C1vr
 2016-03-01 20:07:53 -08:00
Aniket Vyas e3710a089b bug 1197314: Remove PR_snprintf calls in security/manager/ssl/ r=keeler 
MozReview-Commit-ID: Kq5kWzC1UHU
 2016-02-26 15:31:43 -08:00
David Keeler 3a39756220 bug 1250818 - remove certificate issuer organization to common name fallback r=Cykesiopka 
Before this change, if a certificate's issuer DN did not have an organization
component, nsIX509Cert.issuerOrganization would fall back to using the issuer
common name. This was never a good idea, because this gave misleading
information to consumers of this interface. Furthermore, it appears that all
consumers of this interface already do such a fallback (for display purposes)
when they've determined that it's a reasonable thing to do.

MozReview-Commit-ID: p2gmSP0nZW

--HG--
extra : rebase_source : 2248ff01e8c0e9a79b27f4406fdc2f0a4ed98360
 2016-02-26 13:18:02 -08:00
Cykesiopka 4d0d854bab Bug 1173679 - Add tests for the "security.OCSP.enabled" pref. r=dkeeler 
MozReview-Commit-ID: BQurIgVY8os

--HG--
extra : transplant_source : Z%25%16_%EB%0ABe%98%1B%F5%E5%FE%8C%AA%F0%18%90%16%AB
 2016-02-28 17:49:06 -08:00
Carsten "Tomcat" Book 7f956c0bfb merge mozilla-inbound to mozilla-central a=merge 2016-02-29 11:35:30 +01:00
Cykesiopka b9a9010687 Bug 1249595 - Enable 11 more ESLint rules for PSM. r=keeler 
MozReview-Commit-ID: FxS9SPRMMxf

--HG--
extra : transplant_source : %18%08%F0%EB%E3%AD%3E%F7%94%80%05%C0%D0P%5Co.%940%7E
 2016-02-26 12:35:34 -08:00
Kai Engert 6ca62e9a7f Bug 1245053, Upgrade Mozilla 47 to use NSS 3.23, land RC0, r=me 2016-02-26 11:23:11 +01:00
Tim Taubert 896a7362d7 Bug 1247860 - Enable ChaCha20/Poly1305 cipher suites r=emk,keeler 2016-02-26 12:37:19 +01:00
David Keeler a1c1defa04 bug 1199850 - remove unnecessary PSM xpcshell extended key usage tests r=Cykesiopka,jcj 
MozReview-Commit-ID: 8Uz4bN87872

--HG--
extra : rebase_source : a3021481a40c7e974a3b756021e274beeb7f30d6
 2016-02-24 14:20:01 -08:00
Haik Aftandilian 3cdbeb2bd6 Bug 1237847 - [e10s] Null deref crash when running test_pluginstream_newstream.html; r=bobowen 
Modify the Mac sandbox to allow temporary files to be created in a
parent-specified subdirectory of NS_OS_TEMP_DIR. This is similar to the
Windows approach. The parent provides a UUID in a preference which is
used by the content process to form the subdirectory name.

MozReview-Commit-ID: 6BONpfZz8ZI

--HG--
extra : rebase_source : ad18e091918356a1a40c13f1453972b4512ad476
 2016-02-25 15:26:13 -08:00
Kai Engert 6a5ff52e36 backing out c815269c99c8, bug 1245053, CLOSED TREE 2016-02-25 18:51:37 +01:00
Kai Engert 48201519cb Bug 1245053, test NSS_3_23_BETA7, r=me 2016-02-25 15:35:08 +01:00
Carsten "Tomcat" Book e232fcd2d4 Merge mozilla-central to mozilla-inbound 2016-02-25 11:59:05 +01:00
Carsten "Tomcat" Book 3695dd59e0 merge mozilla-inbound to mozilla-central a=merge 2016-02-25 11:57:51 +01:00
Nihanth Subramanya 45a1207cdf Bug 1201437 - Make cert override tests check for STATE_CERT_USER_OVERRIDDEN. r=keeler 
MozReview-Commit-ID: G6KQPXHbEPL

--HG--
extra : rebase_source : 9ed61d521996d96d2d18f5d602439bedc46393c0
 2016-02-24 22:45:12 -08:00
Nihanth Subramanya 0147157053 Bug 1201437 - Add new WebProgress state flag for user-overridden cert. r=keeler 
MozReview-Commit-ID: cvBYSZykK0

--HG--
extra : rebase_source : 68038f9d21a33efac139eedd26636f815217d2d6
 2016-02-24 22:46:52 -08:00
Cykesiopka a150859d8e Bug 1248874 - Replace Scoped.h templates used only by PSM in ScopedNSSTypes.h with UniquePtr equivalents. r=dkeeler 
MozReview-Commit-ID: 5OClBV522lv

--HG--
extra : transplant_source : G%A3%3B%A0%AC%0D%25%F2%C5K%DC8%0F%90%1B%7Bf%E0%93%F7
 2016-02-18 06:01:39 -08:00
Cykesiopka f64795a71b Bug 1246365 - Enable eslint "comma-spacing" and "semi" rules for PSM. r=keeler 
MozReview-Commit-ID: 7FVcD7O9mpG

--HG--
extra : transplant_source : R%C3B%B73%0A%9E%FA%83_%CF%FE%86O%B4%FF%C4f%EB%9C
 2016-02-18 21:16:50 -08:00
Cykesiopka da44ab790c Bug 1220237 - Remove uses of nsIEnumerator from PSM. r=keeler 
MozReview-Commit-ID: 3FhBCqnJz4n

--HG--
extra : transplant_source : %1B%9B%40%EAzK%A2%F6%B0%FF%FF%A3O%A6%D7%25c%DD%F1U
 2016-02-24 17:42:45 -08:00
Kai Engert 5553a6adbf Bug 1245053, landing NSS_3_23_BETA5, r=mt 2016-02-23 00:50:19 +01:00
Ehsan Akhgari f9727da7b1 Bug 1188045 - Part 1: Move the definition of sandboxTarget::Instance() out-of-line; r=bobowen,glandium 
This is required so that delay-loading xul.dll works with clang-cl.
 2016-02-22 09:55:09 -05:00
David Keeler 62bd6f7a62 bug 1248099 - add extended key usage tests for mozilla::pkix r=Cykesiopka,jcj 
MozReview-Commit-ID: 9rXn5Q1wsnx

--HG--
extra : rebase_source : f598007d568c7394898294d66b1845a173f97dc2
 2016-02-12 17:24:54 -08:00
David Keeler 51a37ae665 bug 1241650 - remove nsIX509CertDB.findCertNicknames r=mgoodwin 
MozReview-Commit-ID: JtU7H5qGvge

--HG--
extra : rebase_source : fae856a160e5cc987702794f805030b2d1cc3533
 2016-01-21 15:14:31 -08:00
Ben Kelly 156ed9a0ed Bug 1247580 P2 Add gtest to ensure we can continue to deserialize old security info strings. r=bz 2016-02-17 07:18:00 -08:00
Ben Kelly 7382b7bc31 Bug 1247580 P1 Allow old nsIX509Cert serialized objects to be read off disk. r=bz 2016-02-17 07:18:00 -08:00
Cykesiopka e5ab49e43e Bug 1247847 - Use smart pointers in nsNSSCertHelper.cpp to manage NSS resources. r=keeler 
This lets us remove things like gotos in the code, and makes resource ownership slightly clearer.

MozReview-Commit-ID: Kucn7exhLd7

--HG--
extra : transplant_source : %27%FF%D2tjLI%9B5ep%21%B7%FA%92%08%14%07%12%C6
 2016-02-16 16:25:09 -08:00
Cykesiopka eb91d4f287 Bug 1244245 - Enable eslint "curly" rule for PSM. r=keeler 
Also includes minor cleanup.

MozReview-Commit-ID: CHgbTIa3s2O

--HG--
extra : transplant_source : %FD%ACi%DE%3E%28%0D%D2_%5Dc%1Dk%E6%E8%EDw%D5%FA%93
 2016-02-16 17:27:49 -08:00
ISHIKAWA, Chiaki be2b50a7f8 Bug 1248252 - Improper outdated octal constant syntax in M-C tree. Use '0o' prefix. r=dao 
Be warned. Do not attemp to change the .js "test" source code in ./js
They are meant to check

 - the outdated 0666 octal constant is still parsed correctly,
 - the outdated 0666 octal constant raises syntax error flag
   in strict mode, etc.

So leave them alone.
 2016-02-15 08:57:00 +01:00
Sebastian Hengst be7b0e4539 Backed out 2 changesets (bug 1247250) for bustage. r=bustage on a CLOSED TREE 
Backed out changeset 8aded3a039f5 (bug 1247250)
Backed out changeset 374e6d0abf0e (bug 1247250)
 2016-02-12 00:42:48 +01:00
Masatoshi Kimura 8e3a5c71be Bug 1247250 - followup: fix comments to reflect the review comment. r=keeler DONTBUILD 2016-02-12 07:43:21 +09:00
Masatoshi Kimura e40094eb48 Bug 1247250 - Enable TLS 1.3 draft 11 anti-downgrade on non-secure fallback. r=keeler 2016-02-12 07:36:37 +09:00
Cykesiopka 103a609a33 Bug 1243193 - Use Assert.throws() more in PSM tests. r=keeler 2016-02-10 21:40:00 +01:00
Aidin Gharibnavaz 686438c658 Bug 1164581 - Adding an overload for NS_ProxyRelease that accepts already_AddRefed, and removing all the others. r=bobbyholley 2016-02-10 08:23:00 +01:00
David Keeler 28c09863cb bug 1241564 - remove EV treatment for TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı SHA-1 root certificate r=Cykesiopka 
MozReview-Commit-ID: 9ktEj2kgfYo
 2016-02-09 13:30:22 -08:00
David Keeler 5ceb0c8a89 bug 1246765 - remove unnecessary resource://app/ registration from getHSTSPreloadList.js r=Cykesiopka DONTBUILD NPOTB 2016-02-08 12:56:34 -08:00
Cykesiopka 19922e4976 Bug 503515 - Try and ensure exported certificates include an extension by default. r=keeler 
--HG--
extra : rebase_source : b3d595ae962d70afc208b34afe616b6ef88133a8
 2016-02-09 00:17:00 +01:00
Bob Owen ed46787107 Bug 1219369: In Windows debug builds allow write access to TEMP for logging purposes. r=tabraldes 2016-02-09 08:31:18 +00:00
Kai Engert 880b7f8386 Bug 1245053, land NSS_3_23_BETA4, r=me, includes a makefile change to adjust for NSS changes, patch by EKR, r=kaie 2016-02-08 16:16:25 +01:00
Carsten "Tomcat" Book 5b358688b7 Backed out changeset c18e29c1b369 (bug 1164581) for cpp unit tests test failures 
--HG--
extra : rebase_source : fb6fd434c8e3f4b5fa53ea645a54c07cab207894
 2016-02-08 11:17:38 +01:00
Masatoshi Kimura 7c3a491022 Bug 1247250 - Enable TLS 1.3 anti-downgrade on non-secure fallback. r=keeler 2016-02-24 19:35:00 +09:00
Aidin Gharibnavaz 69cf7e035f Bug 1164581 - Adding an overload for NS_ProxyRelease that accepts already_AddRefed, and removing all the others. r=bobbyholley 
--HG--
extra : rebase_source : 3c6bba6613a14e48239d302bdd0f7fe2e322265d
 2016-02-07 10:56:00 +01:00
Cykesiopka 7e014d6be0 Bug 1243182 - Enable eslint "space-infix-ops" rule for PSM. r=keeler 
Also includes minor cleanups.
 2016-02-06 21:05:02 -08:00
Cykesiopka 6a5e8155c8 Bug 1064402 - Part 2: Remove nsIX509CertDB.importServerCertificate() and nsIX509Cert::SERVER_CERT support in importCertsFromFile(). r=keeler 2016-02-06 20:41:11 -08:00
Cykesiopka 370bac0f07 Bug 1064402 - Part 1: Remove Import button in Servers tab of the Certificate Manager. r=keeler 
It no longer serves any useful purpose:
1. It is no longer possible to add explicit trust for server certs post Bug 825583.
1A. The Add Exception feature is better suited for this anyways.
2. It isn't possible to set explicit distrust in the Cert Manager, only remove explicit trust.
3. Importing may also inadvertently cause verification failures (see Bug 1202636).
 2016-02-06 20:40:57 -08:00
Cykesiopka 1e1cca77d4 Bug 1243180 - Enable eslint "no-trailing-spaces" rule for PSM. r=keeler 
Also does some minor cleanup.
 2016-02-03 01:51:00 +01:00
simplyblue addf646a4c Bug 1241646 - remove unused token arguments from nsIX509CertDB r=keeler 2016-01-30 13:50:58 +05:30
Kai Engert d3fd404b9b Bug 1244062, NSPR_4_12_BETA2, and Bug 1245053, NSS_3_23_BETA2 2016-02-02 11:50:47 +01:00
Bob Owen 73686ad0d7 Bug 1173371 Part 2: Change Chromium sandbox to allow rules for files on network drives to be added. a=aklotz 2016-02-01 08:59:00 +00:00
Bob Owen 0b2edad801 Bug 1173371 Part 1: Take Chromium commit 0e49d029d5a1a25d971880b9e44d67ac70b31a80 for sandbox code. r=aklotz 
From Chromium commit comment:
Sandbox: Add support for file system policies that use implied device paths.

A policy rule of the form \HarddiskVolume0\Foo\bar allows sandboxed code
to use \\.\HarddiskVolume0\Foo\bar directly.
 2016-02-01 08:59:00 +00:00
Mark Goodwin 282a183d55 Bug 1241821 - Create a SecurityReporter component for TLS Error Reports r=mossop, keeler 
This takes the TLS Error Reporting functionality used in the aboutNetError.xhtml
and aboutCertError.xhtml error pages and moves it to its own component. This
allows us to make use of this same error reporting functionality from elsewhere.
Notably, this allows us to send error reports for issues that occur when loading
subresources.
The xpcshell test included is in security/manager/ssl/tests because we need to
make use of tlsserver functionality from the PSM tests.
 2016-01-30 08:07:38 +00:00
Kyle Huey 91efc5a86c Bug 1241764: Replace nsPIDOMWindow with nsPIDOMWindowInner/Outer. r=mrbkap,smaug 2016-01-30 09:05:36 -08:00
Wes Kocher 543c164cdc Backed out 2 changesets (bug 1241821) for android build bustage CLOSED TREE 
Backed out changeset ae7246d654c8 (bug 1241821)
Backed out changeset bdecb787f1a2 (bug 1241821)

--HG--
extra : commitid : HdwYW6HntXi
 2016-01-29 14:57:27 -08:00
Wes Kocher 1f2034ed37 Followup to Bug 1241821 - ESLint fix 
--HG--
extra : commitid : 5Pf2Sf7gxj9
 2016-01-29 14:36:13 -08:00
Mark Goodwin e7ee60296d Bug 1241821 - Create a SecurityReporter component for TLS Error Reports r=mossop, keeler 
This takes the TLS Error Reporting functionality used in the aboutNetError.xhtml
and aboutCertError.xhtml error pages and moves it to its own component. This
allows us to make use of this same error reporting functionality from elsewhere.
Notably, this allows us to send error reports for issues that occur when loading
subresources.
The xpcshell test included is in security/manager/ssl/tests because we need to
make use of tlsserver functionality from the PSM tests.
 2016-01-29 13:45:17 +00:00
Wes Kocher a40af4aa59 Backed out changeset 7ec471c99263 (bug 1219482) to hopefully fix the intermittent hazard failures CLOSED TREE 
--HG--
extra : commitid : B8zmd9Xadpz
 2016-01-29 10:15:34 -08:00
Kai Engert 2f1d53a477 Bug 1228410, land NSS_3_22_RTM, r=nss-confcall 2016-01-29 12:16:10 +01:00
Bill McCloskey c663839ade Bug 1240871 - Don't allow implicit "async" in IPDL (r=mccr8,billm) 2016-01-28 20:56:37 -08:00
sajitk 1b0525a9d3 Bug 1219482 - Replace PRLogModuleInfo with LazyLogModule in security subdirectory. r=froydnj 
--HG--
extra : rebase_source : 7aed4d8669dccd1270a88a0cacfa254e3b9f5950
 2016-01-28 10:36:00 -05:00
David Keeler 1890b549c4 bug 1242032 - change some pipnss logging output from Debug to Verbose r=Cykesiopka 
Logging output that happens with every TLS socket poll, read, or write
should really be Verbose, not Debug.

--HG--
extra : amend_source : 455a72faa041e51b5356410d7c216aa1fdadc6c6
 2016-01-27 13:04:33 -08:00
David Keeler 32b5d6c545 bug 1241317 - gather telemetry on prevalence of FIPS r=jcj r=vladan 2016-01-21 11:22:12 -08:00
Carsten "Tomcat" Book 92b2943e68 Merge mozilla-central to mozilla-inbound 2016-01-27 12:10:56 +01:00
Carsten "Tomcat" Book b9e929e1a7 merge mozilla-inbound to mozilla-central a=merge 2016-01-27 11:59:49 +01:00
Cykesiopka 7ccd56ad60 Bug 1242254 - Enable initial set of eslint rules for PSM. r=dkeeler 
These rules are copied from toolkit/.eslintrc (with non-passing rules excluded and previously commented out and passing rules included).

--HG--
extra : rebase_source : 0afa42350cc961cbb3cf6d985b3978f4dc5d3dcb
 2016-01-24 02:35:36 -08:00
Cykesiopka c9747f9ecf Bug 1232582 - Sort PSM xpcshell.ini and fix --tag psm to actually run all tests. r=keeler 2016-01-26 20:23:00 +01:00
Gijs Kruitbosch 90dcd6df86 Bug 1241614 - don't overflow:auto the container, use em to size the dialog to avoid hidpi visibility issues, r=dolske,ttaubert 
--HG--
extra : commitid : DaBFhFU1YtS
extra : rebase_source : 28c1f92fcabe8a46fe40e805a763f7a508b592c0
 2016-01-22 11:18:54 +00:00
Kai Engert c12302354f Bug 1228410, land NSS 3.22 Beta 2, r=nss-confcall 
--HG--
rename : security/nss/tests/ssl_gtests/parsereport.sed => security/nss/tests/common/parsegtestreport.sed
 2016-01-25 16:14:18 +01:00
Cykesiopka adf7436ccc Bug 1235089 - Split out OCSP Must Staple tests from test_ocsp_stapling.js to avoid intermittent time outs. r=keeler 
test_ocsp_stapling.js can take ~290s to run on e.g. b2g-emu-x86-kk, which is very close to the default 300s limit.
Splitting out some tests should reduce the intermittent time outs.

--HG--
rename : security/manager/ssl/tests/unit/test_ocsp_stapling.js => security/manager/ssl/tests/unit/test_ocsp_must_staple.js
 2016-01-24 02:24:00 -05:00
Phil Ringnalda a747e7e178 Merge m-i to m-c, a=merge 2016-01-23 17:42:50 -08:00
ffxbld 09dc03c5a7 No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update 2016-01-23 04:36:34 -08:00
ffxbld 3da59d3c6d No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update 2016-01-23 04:36:32 -08:00
Cykesiopka e2fe0b8f62 Bug 1233328 - Part 2: Use SHA-256 StaticFingerprints directly instead of StaticPinset since the SHA-1 StaticFingerprints entry will always be null. r=keeler 2016-01-20 20:45:29 -08:00
Cykesiopka 638ba07af3 Bug 1233328 - Part 1: Ignore SHA-1 pins in PublicKeyPinningService.cpp. r=keeler 2016-01-20 20:40:01 -08:00
Sylvestre Ledru ab4e3a0d42 Bug 1218816 - Remove useless semicolons. Found by coccinelle. r=Ehsan 
--HG--
extra : rebase_source : 7d2cc56b6553cd7a8d848d3c660f30735bd82eec
 2016-01-22 16:58:49 +01:00
David Keeler 2af33cad3c bug 1240173 - improve nsIX509Cert.dbKey r=Cykesiopka 
--HG--
extra : rebase_source : 43ceae97c5188fff16e18a66d25a9fdba320bcc8
 2016-01-15 14:33:56 -08:00
David Keeler 113252b726 bug 1239455 - rework telemetry for SHA-1 certificates to reflect possible policy states r=Cykesiopka,mgoodwin,rbarnes 
Before this patch, we were measuring where SHA-1 was being used in TLS
certificates: nowhere, in end-entities, in intermediates, or in both. However,
the possible SHA-1 policies don't differentiate between end-entities and
intermediates and instead depended on whether or not each certificate has a
notBefore value after 2015 (i.e. >= 0:00:00 1 January 2016 UTC). We need to
gather telemetry on the possible policy configurations.

--HG--
extra : rebase_source : 301c821c8de16ffb924cd198dd0a4d3139536019
 2016-01-13 12:50:42 -08:00
David Keeler 263b6bd7fe bug 1239609 - audit nsNSSShutDownObject destructors for correctness r=Cykesiopka,sworkman 
--HG--
extra : rebase_source : 3a20138211bfab811fb3adb2d7b0030a3b742b3b
 2016-01-22 14:49:39 -08:00
Patrick McManus e9fb442d3d Bug 1240168 - weak_crypto test assumed blocking semantics from main thread r=keeler 2016-01-15 15:30:20 -05:00
Tim Taubert 38e4db6e5e Bug 1191936 - Implement RSA-PSS signing and verification r=rbarnes,smaug 2015-10-13 20:22:43 +02:00
Ryan VanderMeulen 7d1bbd8088 Merge inbound to m-c. a=merge 2016-01-17 14:37:29 -05:00
ffxbld 45b07b40c1 No bug, Automated HPKP preload list update from host bld-linux64-spot-439 - a=hpkp-update 2016-01-16 04:03:46 -08:00
ffxbld a2da16b4a2 No bug, Automated HSTS preload list update from host bld-linux64-spot-439 - a=hsts-update 2016-01-16 04:03:44 -08:00
Jan de Mooij 68d44577b4 Bug 1237232 - Properly check the result of Vector append() calls in security/. r=keeler 2016-01-13 22:05:08 +01:00
David Keeler 17c8d8e45c bug 1232766 - update the preloaded pinset for Google domains r=rbarnes 
Also includes a script for making this process faster in the future.
 2015-12-28 12:30:14 -08:00
Chris Peterson 3f4e7bf8d5 Bug 1235188 - Fix -Wformat warnings in security/certverifier/. r=keeler 
security/certverifier/NSSCertDBTrustDomain.cpp:433:26 [-Wformat] format specifies type 'long' but the argument has underlying type 'int'
security/certverifier/NSSCertDBTrustDomain.cpp:433:48 [-Wformat] format specifies type 'long long' but the argument has type 'mozilla::pkix::Time'
 2015-12-28 18:41:54 -07:00
ffxbld 9c54b2fdae No bug, Automated HPKP preload list update from host bld-linux64-spot-506 - a=hpkp-update 2016-01-09 04:38:50 -08:00
ffxbld 98b790fabc No bug, Automated HSTS preload list update from host bld-linux64-spot-506 - a=hsts-update 2016-01-09 04:38:48 -08:00
Shu-yu Guo 1768759efb Bug 1220564 - Update chrome code uses of genexprs and legacy comprehensions. (r=billm) 2016-01-06 16:02:16 -08:00
David Keeler 83aec61b67 bug 1230377 - part 2/2: simplify nsIKeyObject and nsIKeyObjectFactory r=jcj 
nsIKeyObject and nsIKeyObjectFactory defined an interface that was largely
unimplemented. This cuts the interface back to what actually exists in code.

--HG--
extra : rebase_source : 6241e801c3bd7f17518af648158fcfdcd0bda9cf
 2015-12-04 10:36:51 -08:00
David Keeler 3da7665447 bug 1230377 - part 1/2: ensure nsKeyObject releases NSS resources on shutdown r=jcj 
--HG--
extra : rebase_source : 869dfb9450224677a05ac8566056872e8ff82c82
 2015-12-03 16:22:34 -08:00
Ehsan Akhgari 1f26ea8aca Bug 1214305 - Part 10: Clean up global DataStorage references in the child process; r=keeler 2016-01-04 16:30:02 -05:00
ffxbld 67ff8ead96 No bug, Automated HPKP preload list update from host bld-linux64-spot-389 - a=hpkp-update 2016-01-02 04:05:33 -08:00
ffxbld 5b3f84c48b No bug, Automated HSTS preload list update from host bld-linux64-spot-389 - a=hsts-update 2016-01-02 04:05:31 -08:00
Chris Peterson 4034ee65b8 Bug 1235308 - Fix -Wimplicit-fallthrough warnings in security/. r=keeler 
security/certverifier/NSSCertDBTrustDomain.cpp:282:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsNSSComponent.cpp:149:3 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsSecureBrowserUIImpl.cpp:1406:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
 2015-12-25 00:03:35 -07:00
ffxbld eb1ef42d57 No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update 2015-12-26 04:05:29 -08:00
ffxbld 3af3c75cc9 No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update 2015-12-26 04:05:27 -08:00
Mike Hommey d7478b6b1e Bug 1234955 - Make TEST_DIRS a SPECIAL_VARIABLE. r=gps 
Using TEST_DIRS is nothing more than a shortcut for

if CONFIG['ENABLE_TESTS']:
    DIRS += [...]

As such, we might as well remove it being a separate variable, and use some
Context magic to just fill DIRS when ENABLE_TESTS is set.

The security/manager/ssl/tests/unit/moz.build change ensures that the order
of DIRS before the change is kept, not because it matters, but because it
allows to confirm that nothing else is modified by this change.
 2015-12-24 13:12:49 +09:00
Nathan Froyd 2c2f66f499 Bug 1232454 - use UniquePtr<T[]> instead of nsAutoArrayPtr<T> in security/apps/; r=keeler 
As a nice side effect, we also fix a (rare) memory leak in
AppTrustDomain::SetTrustedRoot.
 2015-12-06 08:06:03 -05:00
Wes Kocher b71c3763d0 Backed out changeset f103fd636405 (bug 1232582) for b2g debug xpcshell failures in test_name_constraints.js 2015-12-21 11:01:22 -08:00
Carsten "Tomcat" Book 537c84d51c Merge mozilla-central to mozilla-inbound 2015-12-21 11:54:26 +01:00
ffxbld 0349798a7f No bug, Automated HPKP preload list update from host bld-linux64-spot-573 - a=hpkp-update 2015-12-19 04:09:26 -08:00
ffxbld beab6972e5 No bug, Automated HSTS preload list update from host bld-linux64-spot-573 - a=hsts-update 2015-12-19 04:09:24 -08:00
Cykesiopka 20d4ccd20d Bug 1232582 - Sort PSM xpcshell.ini and fix --tag psm to actually run all tests. r=dkeeler 
--HG--
extra : transplant_source : X%02%F1%9Cq%90%8B%0D%04K%C1%1E%A0%BB%F5%7D%2Bs%1BQ
 2015-12-17 07:55:54 -08:00
Cykesiopka 05919374b8 Bug 1229284 - Remove support for SHA-1 hashes in genHPKPStaticPins.js. r=keeler 2015-12-17 07:52:00 +01:00
David Keeler cf2300da93 bug 1230994 - December 2015 batch of EV root CA changes r=mgoodwin 
Adds:
  bug 1193480:
    CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
    CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
  bug 1147675:
    CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A...,L=Ankara,C=TR
  bug 1230985:
    OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
  bug 1213044:
    CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
 2015-12-14 14:44:44 -08:00
Carsten "Tomcat" Book ee3a10a104 Merge mozilla-central to mozilla-inbound 2015-12-16 12:03:47 +01:00
Nick Alexander 151142df55 Bug 1227248 - Part 2: Add GeneratedTest{Certificate,Key} mozbuild templates. r=gps 
--HG--
extra : commitid : 793A1duvlom
extra : rebase_source : 5a8fa9f0fb76dceb19525986381cb2a28676601b
extra : histedit_source : aebc6e99e83aaafba08626517850ff4ee23e4c82
 2015-12-14 11:50:56 -08:00
Jed Davis 48de284e31 Bug 1222500 - Handle unexpected thread creation better on desktop Linux. r=gdestuynder 2015-11-30 18:21:00 +01:00
Masatoshi Kimura 4bd144165f Bug 1224875 - Enable TLS extended master secret. r=keeler 2015-12-13 12:09:18 +09:00
ffxbld d729dd725a No bug, Automated HPKP preload list update from host bld-linux64-spot-1077 - a=hpkp-update 2015-12-12 04:08:02 -08:00
ffxbld 28f9941a1a No bug, Automated HSTS preload list update from host bld-linux64-spot-1077 - a=hsts-update 2015-12-12 04:08:00 -08:00
Magnus Melin b3dba24f5a Bug 1200567 - ensure shipped blocklist.xml doesn't affect the test_cert_blocklist.js. r=dkeeler 
Caused comm-central TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/unit/test_cert_blocklist.js | - revocations.txt should be as expected
 2015-12-10 19:08:09 +02:00
Ryan VanderMeulen ec5f2e23e7 Merge m-c to inbound. a=merge 
--HG--
rename : browser/.eslintrc => storage/.eslintrc
rename : devtools/.eslintrc => toolkit/components/extensions/.eslintrc
extra : rebase_source : 5b2d39a455c81a001bd26e7bc85e7fbacdb79171
 2015-12-05 15:27:33 -05:00
Ryan VanderMeulen 289a16635a Merge fx-team to m-c. a=merge 2015-12-05 15:09:41 -05:00
ffxbld 4dd525a926 No bug, Automated HPKP preload list update from host bld-linux64-spot-049 - a=hpkp-update 2015-12-05 04:05:19 -08:00
ffxbld d2a4d282da No bug, Automated HSTS preload list update from host bld-linux64-spot-049 - a=hsts-update 2015-12-05 04:05:17 -08:00
Panos Astithas 92b2551106 Bug 1207146 - Add a link to expert technical information in the cert error page. r=Gijs,keeler 2015-12-04 19:46:13 +02:00
Bob Owen 05eb71c3a0 Bug 1229804: Use the correct string length in Windows sandbox logging. r=tabraldes 2015-12-03 11:19:14 +00:00
Carsten "Tomcat" Book df451fe7b0 merge mozilla-inbound to mozilla-central a=merge 2015-12-03 12:00:42 +01:00
ffxbld d661411aa5 No bug, Automated HPKP preload list update from host bld-linux64-spot-369 - a=hpkp-update 2015-12-02 14:59:16 -08:00
ffxbld eb8afa37f2 No bug, Automated HSTS preload list update from host bld-linux64-spot-369 - a=hsts-update 2015-12-02 14:59:14 -08:00
Mike Hommey 4005d567f9 Bug 1225682 - Don't use nsAuto{,C}String as class member variables in security/manager/. r=keeler 2015-12-02 11:04:37 +09:00
Xidorn Quan fb855297f6 Bug 1229587 part 2 - Use verbose format to disable C4061 to workaround bug of VS2015u1. r=keeler 
--HG--
extra : source : 96b812b70961a22ae01a377eb9aaaf405ed13349
 2015-12-03 09:29:42 +11:00
Xidorn Quan 8cd346c251 Bug 1229587 part 1 - Disable C4464 warning newly added in VS2015u1. r=keeler 
--HG--
extra : source : 1c79d789b2de950e8024d857f9315ea362141969
 2015-12-03 09:29:42 +11:00
Cykesiopka cb705a63a6 Bug 1224968 - Support public key input to unbreak periodic HPKP updates. r=keeler 
be448badb1%5E!/#F0 switched SHA1 hashes to public keys for static pins. This broke genHPKPStaticPins.js and thus periodic HPKP updates, since the file doesn't handle public keys.

The changes here mostly mirror ba1f296240.
 2015-12-01 00:30:00 +01:00
Cykesiopka ee7d82a508 Bug 1228794 - Convert test_getchain.js to generate certificates at build time. r=keeler 
With this change, CertUtils.py is no longer needed.

--HG--
extra : rebase_source : 2e7c7f82c17fd44d97fc68f657f3c313f4b4d125
 2015-12-01 00:28:00 +01:00
Bogdan Postelnicu d61cdc0082 Bug 1228346 - initialize mOCSPMustStapleEnabled in constructor. r=dkeeler 
--HG--
extra : rebase_source : be8c14f84b53f6e546ff242b40208ec3a1f1be03
 2015-11-26 07:40:00 +01:00
David Keeler a328c0c4e8 bug 986956 - only ever initialize NSS once per process r=Cykesiopka r=mgoodwin 
As a consequence, if NSS is initialized when there is no profile directory, NSS
will not persist changes. Other failures may occur (e.g. see bug 1216882).
 2015-11-19 13:31:52 -08:00
Mark Goodwin 7c0ac05619 Bug 1227970 - Perform preference checks to allow OCSP Bypass for OneCRL via Kinto r=keeler 
--HG--
extra : commitid : 5UjOTtwGffb
extra : rebase_source : 3ab4f4702056bde2fc6a1c4b22f5ed6abc59b918
 2015-11-26 16:57:21 +00:00
Carsten "Tomcat" Book 4e4b15962c Merge mozilla-central to mozilla-inbound 2015-11-25 13:57:30 +01:00
Jonathan Hao 7882aa6f0e Bug 1225422 - Update the PrivilegedPackageRoot certificate. r=keeler 2015-11-19 15:08:05 +08:00
Julian Hector 4b2655c8d9 Bug 1215303 - Part 2 - automatically enable broker when in permissive mode r=jld 2015-11-13 12:29:47 +00:00
Julian Hector 46f56a1f0e Bug 1215303 - Part 1 - add permissive mode r=jld 2015-11-13 12:27:45 +00:00
Ben Bucksch 2572e8c3db Bug 1200802 - Accept RFC1929 SOCKS credentials in proxyInfo. r=michal 2015-11-24 22:56:00 +01:00
Carsten "Tomcat" Book 5f1ac1afb3 merge mozilla-inbound to mozilla-central a=merge 2015-11-23 14:08:50 +01:00
ffxbld 8ad105e9a0 No bug, Automated HPKP preload list update from host bld-linux64-spot-1073 - a=hpkp-update 2015-11-21 03:49:57 -08:00
ffxbld 71a59e9585 No bug, Automated HSTS preload list update from host bld-linux64-spot-1073 - a=hsts-update 2015-11-21 03:49:55 -08:00
David Keeler 05b2bbbd51 bug 1230234 - fix a leak in client auth certificate handling r=Cykesiopka 
Looks like this was essentially a copy/paste error. See changeset 04b4ea333800,
which appears to have landed as part of bug 675221 (the bug number annotation in
that commit message is incorrect).
 2015-12-03 12:43:23 -08:00
Mark Goodwin 854efb9851 Bug 1224467 - Add a preference for controlling whether oneCRL blocklists are updated via AMO. Also add a test. r=keeler,mossop 2015-11-18 11:53:54 +00:00
Carsten "Tomcat" Book a22ff2640a Merge mozilla-central to mozilla-inbound 2015-11-17 12:33:46 +01:00
Carsten "Tomcat" Book 6f7666a6c8 merge fx-team to mozilla-central a=merge 2015-11-17 12:10:03 +01:00
ffxbld 869bf240ee No bug, Automated HPKP preload list update from host bld-linux64-spot-383 - a=hpkp-update 2015-11-17 00:44:58 -08:00
ffxbld a3e192d586 No bug, Automated HSTS preload list update from host bld-linux64-spot-383 - a=hsts-update 2015-11-17 00:44:56 -08:00
Cykesiopka af62dfe8e5 Bug 1224478 - Replace do_check_* calls with their Assert.jsm equivalents in PSM xpcshell tests. r=keeler 
Also replaces if-do_throw() blocks with equivalent Assert.jsm method calls.
 2015-11-16 22:53:00 +01:00
Wes Kocher c0ece6bf0d Merge m-c to fx-team, a=merge 
--HG--
extra : commitid : 2bzybQqlwy0
 2015-11-16 17:28:26 -08:00
Panos Astithas d9c75611cd Make 'Go Back' button work even when there is nothing to go back to (bug 1221084); r=paolo 2015-11-16 15:37:27 +02:00
Cykesiopka c10edfff85 Bug 1224481 - Comment out CA certs removed in NSS 3.21 in PreloadedHPKPins.json to keep periodic Static HPKP updates working. r=dkeeler 
--HG--
extra : transplant_source : %EAM%5D1%93%28H%BA%82%C0%0F%BB%3D%9E%40%8B%BCx%EB%03
 2015-11-13 07:28:28 -08:00
Cykesiopka fedad480ea Bug 1222903 - Reject EV status for EV EE certs that are valid for longer than 27 months as well. r=keeler 2015-11-13 07:42:00 +01:00
David Keeler eae048cea6 bug 1222179 - remove unnecessary observation topics in nsNSSComponent r=Cykesiopka 
nsNSSComponent would (unnecessarily) observe "profile-change-net-teardown" and
"profile-change-net-restore". Now it no longer does.
 2015-11-12 16:21:33 -08:00