Граф коммитов

8133 Коммитов

Автор SHA1 Сообщение Дата
Brian Smith 485e9d1aab Bug 921885: Use insanity::pkix for EV cert verification when insanity::pkix is the selected implementation, r=cviecco, r=keeler
--HG--
extra : rebase_source : b1fd1f8eace675484b3c2d568e5e74f767f1d2ad
2014-02-23 22:15:53 -08:00
Brian Smith 605160af41 Bug 921886: Add certificate policiy support to insanity::pkix, r=keeler, r=cviecco
--HG--
extra : rebase_source : 6522e2c2f57f59fe23c0ed0c838f1f54236bdafc
2014-02-24 12:37:45 -08:00
Brian Smith 616dec9611 Bug 970810: Expand name constraint tests to test insanity::pkix, r=cviecco
--HG--
extra : rebase_source : b8190690743a12623c7524429215fc7d8a8dea49
extra : histedit_source : fd9877f98303dd237b302e6c606ca11f4c36fd7c
2014-02-25 01:15:52 -08:00
Camilo Viecco 35bf5876f6 Bug 900727: Add name constraints to psm in xpcshell. r=bsmith 2013-12-12 10:28:06 -08:00
Brian Smith c3a50adf07 Bug 975122: Allow cert error overrides when insanity::pkix is used, r?cviecco, r?keeler
--HG--
extra : rebase_source : 47f5e779a16c462e40baa2d9cec2e83946c9076c
2014-02-22 19:08:06 -08:00
Raymond Etornam Agbeame(:retornam) 46c4d5f834 Bug 970614 - Remove code wrapped in #if 0 ... #endif blocks in PSM. r=keeler 2014-02-24 09:41:55 -05:00
Jed Davis 065803a376 Bug 971128 - Add sched_yield to seccomp whitelist. r=kang 2014-02-22 18:58:59 -08:00
Jed Davis de99e18e18 Bug 970562 - Add sched_getscheduler to seccomp whitelist. r=kang 2014-02-22 18:58:59 -08:00
Ehsan Akhgari 9a39fcfd00 Bug 935778 - Part 0.3: Spray some more MOZ_DECLARE_REFCOUNTED_TYPENAME across the tree 2014-02-20 23:07:24 -05:00
David Keeler bf37f06673 bug 969479 - only prevent TLS fallback for STARTTLS r=briansmith 2014-02-20 15:14:32 -08:00
Brian R. Bondy 99f63f63b5 Bug 974979 - Browser crashes after trying to restart a crashed e10s process. r=aklotz 2014-02-20 12:58:04 -05:00
Brian R. Bondy 0551446474 Bug 928061 - Enable separate Desktop in Windows sandbox policy. r=aklotz 2014-02-20 12:37:22 -05:00
Jed Davis ad35f7df7c Bug 974230 - Adjust sandbox so that socket() simply fails. r=kang
This is a workaround for issues with the SCTP code (bug 969715) and
NSPR's IPv6 support (bug 936320).
2014-02-20 09:35:44 -05:00
Jed Davis 3a2e9e491d Bug 966547 - Switch sipcc from named to anonymous sockets on Unix. r=jesup, r=kang 2014-02-20 09:35:26 -05:00
Jed Davis c630909fd0 Bug 974227 - Allow readlink while sandboxed to work around bug 964455. r=kang 2014-02-19 15:55:42 -05:00
Brian Smith e88542c25c Bug 915931, Part 4: Expand OCSP xpcshell tests to test insanity::pkix, r=keeler
--HG--
extra : rebase_source : e645de251c459d6fa38996bb7bfd35e21eaf3b72
2014-02-17 13:19:54 -08:00
Brian Smith f438b228f2 Bug 973268: Return better error codes and make simple cert error override processing work for insanity::pkix, r=keeler, r=cviecco
--HG--
extra : rebase_source : 596e7a67b8631bb6a52c20d569fe433aa5e86cec
2014-02-11 00:46:05 -08:00
Brian Smith 46ac0ca312 Bug 915931, Part 3: Integrate insanity::pkix OCSP support, r=keeler, r=cviecco
--HG--
extra : rebase_source : 4b54682ca6d97e2ec7709b9a5c93ddea71126f8b
2014-02-16 17:35:40 -08:00
Brian Smith 62dbaed7c1 Bug 915931, Part 2: Add OCSP request encoding to insanity::pkix, r=keeler
--HG--
extra : rebase_source : c07713a417c2bc03d4c18f0c7dbddd19b4532390
2014-02-06 16:57:49 -08:00
Brian Smith 3a9c1abfb2 Bug 878932, Part 1: Add OCSP response parsing & validation to insanity::pkix, r=keeler
--HG--
extra : rebase_source : 23771eaf97f67e5feb69d50a0c96dd4da31ae964
extra : source : b0511882e4c94c0960ef8533b381e8d72706172e
2014-02-16 18:09:06 -08:00
Ehsan Akhgari 9df66916f4 Bug 973405 - Move some misc LOCAL_INCLUDES to moz.build; r=glandium 2014-02-18 08:49:12 -05:00
Ms2ger 33da18c67e Bug 968856 - Move unconditional LOCAL_INCLUDES into moz.build; r=mshal 2014-02-15 21:24:59 +01:00
Phil Ringnalda b463b1af44 Merge m-i to m-c 2014-02-15 09:54:57 -08:00
ffxbld 24cc811748 No bug, Automated HSTS preload list update from host bld-linux64-spot-071 - a=hsts-update 2014-02-15 03:20:10 -08:00
Vaibhav Agarwal 2ae37b022e Bug 970925 - convert testing/mochitest/android.json into skip-if statements in mochitest.ini files; r=jmaher 2014-02-15 04:53:02 -05:00
Brian Smith 55de0043ed Bug 896620: Revert deletion of security/build/b2g-app-root-cert.der, which was intended for bug 972201, r=me (thanks Ehsan) 2014-02-14 19:45:58 -08:00
Brian Smith 2f3036a251 Bug 896620: Make marketplace certs work on in all products, r=keeler
--HG--
extra : source : 86ec7137a8892f75918c77e605df970f5b96ef62
extra : histedit_source : 33326790804d49e6ec658626116ebf870d94d445
2014-02-14 14:37:07 -08:00
Brian Smith 5e8b57441e Bug 967153: Update to NSS 3.16 beta 2 (NSS_3_16_BETA2), r=me
--HG--
extra : source : e7b156a508d35034735e0cb44e5f73d6e8b76cc7
2014-02-13 16:43:27 -08:00
Brian R. Bondy 88633c121b Bug 969559 - Set delayed restricted integrity in child process to block off pipe and file access after LowerToken call. r=aklotz 2014-02-14 11:07:16 -05:00
Wes Kocher 3211da1532 Merge m-c to inbound on a CLOSED TREE 2014-02-13 18:50:08 -08:00
David Keeler 844f0490ec bug 967975 - certificate error override telemetry r=briansmith
--HG--
rename : security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp => security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
2014-02-13 14:53:29 -08:00
Ryan VanderMeulen 8fdb0c669b Merge m-c to b2g-inbound. 2014-02-13 10:32:21 -05:00
Jed Davis abe287ce8a Bug 971370 - Fix seccomp whitelist errors caused by strace bug. r=kang 2014-02-13 09:47:16 -05:00
Guillaume Destuynder 5957791d98 bug 948620 - Add env variable MOZ_DISABLE_CONTENT_SANDBOX to disable sandbox at runtime. r=jld 2014-02-13 16:26:28 -08:00
Brian Smith a729acfc4a Bug 971178, Part 4: Expand test_intermediates_basic_constraints.js test insanity::pkix, r=cviecco
--HG--
extra : rebase_source : b419a3087b3d327c9a48d984551abeac4943be7a
2014-02-11 16:24:45 -08:00
Brian Smith c03179e90d Bug 971178, Part 3: Expand test_certificate_usages.js test insanity::pkix, r=cviecco
--HG--
extra : rebase_source : 3810925d18767d1b04f8a47004a0ab7a631e5b4b
2014-02-11 01:42:41 -08:00
Brian Smith 6244fe0622 Bug 971178, Part 2: Make test_getchains.js test insanity::pkix, r=cviecco
--HG--
extra : rebase_source : ff9620bad6b20a84cf179af7ffa7a74f6ffd6640
2014-02-11 01:42:55 -08:00
Brian Smith f889071ce9 Bug 971178, Part 1: Expand test_cert_signatures.js test insanity::pkix, r=cviecco
--HG--
extra : rebase_source : 90cf68bdb50b8499aeda3e14c476977db9e43c2a
2014-02-11 01:42:24 -08:00
Jeff Walden 4e3e68dab2 Bug 969165 - Convert Atomic<T> where T != bool but is used as a bool over to Atomic<bool>, now that it's supported, in security/manager/. r=bsmith
--HG--
extra : rebase_source : 3632af6471e41d099a0948542d26a7df527efaad
2014-02-06 22:17:07 -08:00
Camilo Viecco 48c389203c Bug 877376: Add tests for intermediate CA basic constraints and KU/EKU, r=briansmith
--HG--
extra : rebase_source : b831ab0e459af4ea0f43a1184e32b333f43b2f01
2013-05-23 10:15:19 -07:00
Brian Smith c4a2fff324 Bug 878932, Part 2: Make certificate verification implementation prefs dynamic, r=cviecco
--HG--
extra : rebase_source : 4b413cfd8e122ee4e0fea64d624285856e2cb0cb
2014-01-20 15:55:12 -08:00
Brian Smith 6195eb652a Bug 878932, Part 1: add insanity::pkix as an option for certificate verification, r=keeler, r=cviecco
--HG--
extra : rebase_source : c1f75dff6ac7f32e082517af701654abebaee250
2014-02-10 11:41:12 -08:00
Brian Smith 4da7c9f410 Bug 970512: Remove uninteresting cases for certificate usage verification, r=cviecco
--HG--
extra : rebase_source : 6df6dcfb39f8b4e2cd063115470af04675c0f768
extra : source : 56e0904260b417ce181e2a35978f6d77e78ef2c2
2013-10-13 23:34:28 -07:00
Brian Smith 4542eaa79b Bug 969938: Stop adding id-KP-OCSPSigning EKU to CA certificates in tests, r=cviecco
--HG--
extra : rebase_source : 9f5e42ea788e63fb93e3a37632be12093096e63d
2014-02-08 21:01:39 -08:00
Brian Smith 8e7f744db6 Bug 921896: Check name constraints in insanity::pkix, r=cviecco, r=keeler
--HG--
extra : rebase_source : 6d3e77670a5553b477a881609cc30f5f4140294c
extra : source : 2545cd47894a95323b718eb4f82be6d744019c7a
2014-02-10 15:25:23 -08:00
Brian Smith 0f4fcd3fcf Bug 968359: Allow the direct validation of CA certificates in insanity::pkix, r=keeler, r=cviecco
--HG--
extra : rebase_source : f27870f2a648ad012d24b99d9e4f85daf17e9397
extra : source : 002e9043461b40a911903258d723c37133dbc79c
2013-09-13 00:09:08 -07:00
Brian Smith 9e617fc0fc Bug 921895: Check extended key usage in insanity::pkix, r=keeler, r=cviecco
--HG--
extra : rebase_source : f8faa0b9269a40dd28850c9444f4723d1dad8451
extra : source : 32ea705bdfd196e037060b3bb7da081c1eed356d
2014-02-08 15:00:32 -08:00
David Keeler 7c08b2051b bug 961528 - holepunch chart.apis.google.com from the HSTS preload list r=briansmith 2014-02-11 10:21:57 -08:00
Ehsan Akhgari e4f4a283cc Bug 970727 - Move DEFFILE to moz.build; r=mshal 2014-02-11 11:28:54 -05:00
Ehsan Akhgari d91d200572 Bug 969757 - Remove the dead code in our tree which pretends to support OS/2; r=roc,mcmanus,gps,jorendorf,bsmedberg sr=bsmedberg 2014-02-10 17:57:01 -05:00