mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
578 737 коммитов 613 Ветки 98 Теги 5,8 GiB
Граф коммитов

331 Коммитов

Автор SHA1 Сообщение Дата
Igor 60cd1e3bb7 Bug 1296180 - Replace more uses of PR_ARRAY_SIZE with mozilla::ArrayLength. r=keeler,mt 2016-09-09 13:17:52 -07:00
Cykesiopka 80c7f24081 Bug 1274135 - Replace char_ptr_cast() and uint8_t_ptr_cast() with mozilla::BitwiseCast. r=keeler,valentin 
The functions aren't necessary now that we have BitwiseCast.

MozReview-Commit-ID: 2nzOuwAop4Y

--HG--
extra : rebase_source : 0cb2c16f484a81b2e77384564973b58ac2d10fb9
 2016-09-08 20:46:26 +08:00
Ryan VanderMeulen 57d3c61d9b Backed out changeset db5d2a3899c0 (bug 1274135) for bustage. 2016-09-07 20:52:18 -04:00
Cykesiopka 0193f94d53 Bug 1274135 - Replace char_ptr_cast() and uint8_t_ptr_cast() with mozilla::BitwiseCast. r=keeler,valentin 
The functions aren't necessary now that we have BitwiseCast.

MozReview-Commit-ID: 2nzOuwAop4Y

--HG--
extra : rebase_source : 196449249eec75b8eb10e59662231c3f4e83c268
 2016-09-01 15:58:51 +08:00
Cykesiopka 2e47d34ebc Bug 1256302 - Remove CertVerifier::InitCertVerifierLog(). r=jcj 2016-09-02 10:45:47 +02:00
Kan-Ru Chen b6d880aca1 Bug 1297276 - Rename mfbt/unused.h to mfbt/Unused.h for consistency. r=froydnj 
The patch is generated from following command:

  rgrep -l unused.h|xargs sed -i -e s,mozilla/unused.h,mozilla/Unused.h,

MozReview-Commit-ID: AtLcWApZfES


--HG--
rename : mfbt/unused.h => mfbt/Unused.h
 2016-08-24 14:47:04 +08:00
Cykesiopka 9529f2321e Bug 1294011 - Obviate manual calls to SECITEM_FreeItem() in PSM. r=keeler 
MozReview-Commit-ID: 7RNV0YNraBx

--HG--
extra : rebase_source : bd4c8981b52e3f5a504fc09958872415cf757eff
 2016-08-13 21:45:00 +08:00
Cykesiopka 2c9b1285df Bug 1289455 - Obviate manual CERT_DestroyCertificate() calls in PSM. r=dkeeler 
MozReview-Commit-ID: Aoi1VWvkNjp

--HG--
extra : transplant_source : B%8F9%E7%E8%84%7D%D1%7B%5Due%ED%9A%E8%DE%05%5B%E2D
 2016-08-05 23:57:44 +08:00
Sergei Chernov 21be681857 Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka 
MozReview-Commit-ID: IgcnyBH4Up

--HG--
extra : transplant_source : %98%A3%5E%B4%DA%89qI1%01A%F8%FF%C7%1FS%D4%23v%B3
 2016-07-05 08:35:06 +03:00
David Keeler 67199d7bf6 bug 1289885 - Enable VeriSign Class 3 Public PCA - G4 for EV in PSM r=jcj 
MozReview-Commit-ID: GDZnZcVCNl6

--HG--
extra : rebase_source : ffdfa0fac7d4114e1251d00ced4c6ca7aab1ec86
 2016-07-27 14:06:09 -07:00
Andi-Bogdan Postelnicu d19b17ffc3 Bug 1289366 - added return statement for CharToByte when assertion fails. r=keeler 
MozReview-Commit-ID: LDAamOxHdli

--HG--
extra : rebase_source : 7a180b058c3d756074b4cb2f56356c41eaf9919d
 2016-07-26 12:48:49 +03:00
Tom Tromey 5538d692d3 Bug 1286877 - do not set c-basic-offset for python-mode; r=gps 
This removes the unnecessary setting of c-basic-offset from all
python-mode files.

This was automatically generated using

    perl -pi -e 's/; *c-basic-offset: *[0-9]+//'

... on the affected files.

The bulk of these files are moz.build files but there a few others as
well.

MozReview-Commit-ID: 2pPf3DEiZqx

--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
 2016-07-14 10:16:42 -06:00
David Keeler a77caa9d20 bug 1274677 - Enable Certplus and OpenTrust root certificates for EV in PSM r=Cykesiopka 
MozReview-Commit-ID: 4rZ0NIEyKF6

--HG--
extra : rebase_source : 089184f70e3a6949da5211f464c51fb113db997a
 2016-07-15 14:51:08 -07:00
Sergei Chernov edb1f658f6 Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler 
MozReview-Commit-ID: HZwzSgxarTw

--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
 2016-06-15 11:11:00 +03:00
David Keeler 3fed4e5ecc bug 1272858 - use a name-agnostic method to find the built-in root PKCS#11 slot r=Cykesiopka 
Previously this implementation would use the expected names of the built-in
module and slot to get a handle on them. This doesn't work on distributions that
use other names. The new implementation searches through the slots from the
default module list for one where PK11_HasRootCerts returns true (which
indicates that NSS considers that slot to contain the default built-in root
list).

MozReview-Commit-ID: LmX27hQfFJU

--HG--
extra : rebase_source : 50383dcc77257fe08ce2c7d908e95cda7c4bbe9d
 2016-06-23 15:43:47 -07:00
David Keeler baead5135e bug 1277240 - don't import trust anchors in SaveIntermediateCerts r=Cykesiopka 
MozReview-Commit-ID: KHwA2LJSeUS

--HG--
extra : rebase_source : e1f7a469d2dc8608adf4b0172f99d9adb192bbb5
 2016-06-02 13:17:14 -07:00
Sergei Chernov d46c2e938b Bug 1241574 - Certificate Transparency - base definitions and serialization to/from TLS wire format. r=keeler, r=Cykesiopka 
MozReview-Commit-ID: KmJOr2crof7

--HG--
extra : transplant_source : %97%2A%03p%7CP%09%CA%60J%D22%91%3C%C1%C9%B8%C6%89%D8
 2016-04-11 16:17:25 +03:00
Cykesiopka 0b04616a47 Bug 1271496 - Stop using Scoped.h in non-exported PSM code. r=keeler 
Scoped.h is deprecated in favour of the standardised UniquePtr.

This patch removes use of Scoped.h everywhere in PSM except ScopedNSSTypes.h,
which is exported. Other consumers of ScopedNSSTypes.h can move off Scoped.h
at their own pace.

This patch also changes parameters and return types of various functions to make
ownership more explicit.

MozReview-Commit-ID: BFbtCDjENzy

--HG--
extra : transplant_source : %0B%C7%9F%40%FA9%A4%F2%5E%0D%92%1C%A6%A49%94%C3%7E%1Cz
 2016-05-23 19:50:26 -07:00
Cykesiopka 1d22abcec2 Bug 1271953 - Remove nss_addEscape(). r=mgoodwin 
The function basically duplicates existing Mozilla string class functionality.

MozReview-Commit-ID: 9IFEXuT9cW1

--HG--
extra : rebase_source : 0d0c4492a63f7a168b6092fdb2e1bf8ec09d5308
 2016-05-16 09:04:09 -07:00
Cykesiopka 6b12fc8650 Bug 1271501 - Use mozilla::BitwiseCast instead of reinterpret_cast in PSM. r=keeler 
mozilla::BitwiseCast does the same thing, but provides static asserts that
mitigate some of the risk of using reinterpret_cast.

MozReview-Commit-ID: ENQ8QC6Nl9o

--HG--
extra : rebase_source : c1725c8363c0f7f9877601de5ab5f152ef4d0439
 2016-05-18 21:20:56 -07:00
Cykesiopka 5e0c49ff77 Bug 1271501 - Remove unnecessary uses of reinterpret_cast in PSM. r=keeler 
These uses of reinterpret_cast are either pointless, or can be removed via
refactoring.

MozReview-Commit-ID: Aw2rlJfrT6J

--HG--
extra : rebase_source : 243d6c38eedc086c59d47c93d4a57cb6a922910a
 2016-05-18 18:58:40 -07:00
Cykesiopka 18c21f386e Bug 1271495 - Replace uses of ScopedPK11Context with UniquePK11Context. r=keeler,mcmanus 
ScopedPK11Context is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

MozReview-Commit-ID: HE8UY1hOuph

--HG--
extra : transplant_source : 4%BF%81M%09Q-%2A%E6%04%86i%18%1B%3CL%90%88%04%C7
 2016-05-13 05:53:57 -07:00
Chris Peterson 353ee65255 Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium 2016-05-11 00:00:01 -07:00
David Keeler c17f3a2733 bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj 
MozReview-Commit-ID: 88JhIU1pUji

--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
 2016-05-05 16:11:11 -07:00
Cykesiopka 8f7bebaa5c Bug 160122 - Stop using PR_smprintf in PSM. r=keeler 
The (more) modern Mozilla string classes can be used instead, which at the very
least provide built in automatic memory management and performance improvements.

MozReview-Commit-ID: 4l2Er5rkeI0

--HG--
extra : transplant_source : %A1%16%AB%02m%CA%25HfW%40%96Mq%0D%F0%91%9C%99%29
 2016-05-10 23:38:55 -07:00
Cykesiopka 391584fd9d Bug 1270005 - Replace uses of ScopedPK11SlotInfo with UniquePK11SlotInfo in PSM. r=keeler 
ScopedPK11SlotInfo is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes PK11SlotInfo parameters of various functions to make ownership more
explicit, and replaces some manual management of PK11SlotInfo pointers.

MozReview-Commit-ID: JtNH2lJsjwx

--HG--
extra : rebase_source : 9d764e0dd3a1f2df14c16f8f14a3c5392770c9a1
 2016-05-09 18:02:40 -07:00
Cykesiopka 128f004a1f Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler 
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes CERTCertList parameters of various functions to make ownership more
explicit.

MozReview-Commit-ID: EXqxTK6inqy

--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
 2016-05-05 14:56:36 -07:00
David Keeler 1fdc1bdd0a bug 1267463 - add a more nuanced subject common name fallback option for prerelease channels r=Cykesiopka,jcj 
MozReview-Commit-ID: 1vHXrPAHTRm

--HG--
extra : rebase_source : dddd8ae973d1d793890bbfc44d9fe84ef4a47ee2
 2016-04-25 15:55:18 -07:00
Cykesiopka 372fe1a598 Bug 1260643 - Convert most uses of ScopedCERTCertificate in PSM to UniqueCERTCertificate. r=keeler 
MozReview-Commit-ID: JnjoUd7d2M0

--HG--
extra : transplant_source : %99x%B6%F5%09%97%E6%60%B6%3C%3C%C2%D5vt%27%0C-%96%1B
 2016-04-20 01:14:22 -07:00
Mark Goodwin 23e56a0fd2 Bug 1252882 - Add a Content Signature Service r=keeler,r=franziskus,r=Cykesiopka 
MozReview-Commit-ID: 2nS6vN3iDKe
 2016-04-13 13:26:01 +01:00
Cykesiopka b883b2533f Bug 1259909 - Obviate char PORT_Free() calls in PSM. r=keeler 
Also converts the longer |UniquePtr<char, void(&)(void*)> foo(..., PORT_Free)|
to the shorter and equivalent |UniquePORTString foo(...)|.

MozReview-Commit-ID: LlrTNUYBP4V

--HG--
extra : transplant_source : afU%FB%0EC%3E%E0pm%A3-%0E%C8%83%CF%0A%B1%9E%ED
 2016-04-09 01:03:59 -07:00
Cykesiopka efe5b47ede Bug 1260644 - Use UniquePLArenaPool to manage PLArenaPools in PSM. r=keeler 
MozReview-Commit-ID: HyLXbWoHMGz

--HG--
extra : rebase_source : 6164b7df51e11c4d3814a06bd41765d40be85a9d
 2016-04-04 17:35:24 -07:00
David Keeler 6e4140d766 bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin 
MozReview-Commit-ID: 7xT6JGpOH1g

--HG--
extra : rebase_source : 0def29e8be898a2d975ee4390b3bc6a193766b1b
 2016-02-09 10:14:27 -08:00
David Keeler 581a304acb bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj 
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.

MozReview-Commit-ID: 8GxtgdbaS3P

--HG--
extra : rebase_source : d1bed911f2d5d40229ea06556fee0848668e98b6
 2016-03-28 12:52:40 -07:00
Cykesiopka e05e655f1b Bug 1258298 - Switch more Scoped.h templates in PSM to UniquePtr equivalents. r=keeler 
MozReview-Commit-ID: 8VOhiuNOlBX

--HG--
extra : amend_source : 70d01c7a061c4b751d643d1277e3185ccf348e54
 2016-03-24 18:30:37 -07:00
Cykesiopka bdfc5290f6 Bug 1004149 - Return mozilla::pkix::Result values in nsNSSHttpInterface functions. r=keeler 
MozReview-Commit-ID: Kx1E3HLP7zC

--HG--
extra : transplant_source : %F0%068%83%E21dM-%FE%7C%EC1%1E%05h%E6%1D%271
 2016-03-18 21:11:03 -07:00
David Keeler 3db46cef2e bug 1240118 - add functionality to treat a test certificate as a built-in root r=mgoodwin 
MozReview-Commit-ID: GJMd2zEAcmX

--HG--
extra : rebase_source : d2d55c593368b4e5d8562484673a1018dc5ad02d
 2016-03-15 17:19:00 -07:00
David Keeler d27e176906 bug 1236964 - enable Certum Trusted Network CA 2 root certificate for EV treatment r=jcj 
MozReview-Commit-ID: 8QlBgAdXjlm

--HG--
extra : rebase_source : 07affb67f289f9d460e3eac147dcd44945da182d
 2016-03-15 16:08:15 -07:00
Gregory Szorc 3ff1fe40e4 Bug 1256484 - Disable C4456 and C4458 to unblock compilation on VS2015; r=keeler 
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. So hopefully
someone fixes the underlying problem someday. However, there are tons
of ignored warnings in security/certverifier, so I guess the workaround
in this patch is par for the course.

MozReview-Commit-ID: 7GZ9RpkxnwT

--HG--
extra : rebase_source : 023a438b6458fb4859018cde421d51072f0f0490
 2016-03-14 23:57:33 -07:00
David Keeler 2f0004e1be bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin 
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.

MozReview-Commit-ID: HCtZpPQVEGZ

--HG--
extra : rebase_source : 759e9c5a7bb14f14a77e62eae2ba40c085f04ccd
 2016-03-04 17:06:33 -08:00
sajitk 25babf4ea8 Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
Wes Kocher e7883e4059 Backed out changeset 490eb9194ae1 (bug 1228175) for TestIsCertBuiltInRoot failures on at least Android 
MozReview-Commit-ID: 7kpuhoY0CJw
 2016-03-09 14:22:36 -08:00
David Keeler f228ba40a1 bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin 
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.

MozReview-Commit-ID: HCtZpPQVEGZ

--HG--
extra : rebase_source : 898ef37459723f1d8479cfdc58658ccb00e782a9
 2016-03-04 17:06:33 -08:00
Cykesiopka a150859d8e Bug 1248874 - Replace Scoped.h templates used only by PSM in ScopedNSSTypes.h with UniquePtr equivalents. r=dkeeler 
MozReview-Commit-ID: 5OClBV522lv

--HG--
extra : transplant_source : G%A3%3B%A0%AC%0D%25%F2%C5K%DC8%0F%90%1B%7Bf%E0%93%F7
 2016-02-18 06:01:39 -08:00
David Keeler 28c09863cb bug 1241564 - remove EV treatment for TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı SHA-1 root certificate r=Cykesiopka 
MozReview-Commit-ID: 9ktEj2kgfYo
 2016-02-09 13:30:22 -08:00
Wes Kocher a40af4aa59 Backed out changeset 7ec471c99263 (bug 1219482) to hopefully fix the intermittent hazard failures CLOSED TREE 
--HG--
extra : commitid : B8zmd9Xadpz
 2016-01-29 10:15:34 -08:00
sajitk 1b0525a9d3 Bug 1219482 - Replace PRLogModuleInfo with LazyLogModule in security subdirectory. r=froydnj 
--HG--
extra : rebase_source : 7aed4d8669dccd1270a88a0cacfa254e3b9f5950
 2016-01-28 10:36:00 -05:00
David Keeler 113252b726 bug 1239455 - rework telemetry for SHA-1 certificates to reflect possible policy states r=Cykesiopka,mgoodwin,rbarnes 
Before this patch, we were measuring where SHA-1 was being used in TLS
certificates: nowhere, in end-entities, in intermediates, or in both. However,
the possible SHA-1 policies don't differentiate between end-entities and
intermediates and instead depended on whether or not each certificate has a
notBefore value after 2015 (i.e. >= 0:00:00 1 January 2016 UTC). We need to
gather telemetry on the possible policy configurations.

--HG--
extra : rebase_source : 301c821c8de16ffb924cd198dd0a4d3139536019
 2016-01-13 12:50:42 -08:00
Jan de Mooij 68d44577b4 Bug 1237232 - Properly check the result of Vector append() calls in security/. r=keeler 2016-01-13 22:05:08 +01:00
Chris Peterson 3f4e7bf8d5 Bug 1235188 - Fix -Wformat warnings in security/certverifier/. r=keeler 
security/certverifier/NSSCertDBTrustDomain.cpp:433:26 [-Wformat] format specifies type 'long' but the argument has underlying type 'int'
security/certverifier/NSSCertDBTrustDomain.cpp:433:48 [-Wformat] format specifies type 'long long' but the argument has type 'mozilla::pkix::Time'
 2015-12-28 18:41:54 -07:00
Chris Peterson 4034ee65b8 Bug 1235308 - Fix -Wimplicit-fallthrough warnings in security/. r=keeler 
security/certverifier/NSSCertDBTrustDomain.cpp:282:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsNSSComponent.cpp:149:3 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsSecureBrowserUIImpl.cpp:1406:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
 2015-12-25 00:03:35 -07:00
David Keeler cf2300da93 bug 1230994 - December 2015 batch of EV root CA changes r=mgoodwin 
Adds:
  bug 1193480:
    CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
    CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
  bug 1147675:
    CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A...,L=Ankara,C=TR
  bug 1230985:
    OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
  bug 1213044:
    CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
 2015-12-14 14:44:44 -08:00
Xidorn Quan 8cd346c251 Bug 1229587 part 1 - Disable C4464 warning newly added in VS2015u1. r=keeler 
--HG--
extra : source : 1c79d789b2de950e8024d857f9315ea362141969
 2015-12-03 09:29:42 +11:00
Cykesiopka fedad480ea Bug 1222903 - Reject EV status for EV EE certs that are valid for longer than 27 months as well. r=keeler 2015-11-13 07:42:00 +01:00
Mark Goodwin 31adb1a5c5 Bug 901698 - Implement OCSP-must-staple; r=keeler 2015-11-13 16:49:08 +00:00
David Keeler a1cf24355b bug 1223466 - update extended validation information to deal with root removals in NSS 3.21 r=mgoodwin 
These entries were removed:

from bug 1204962:

CN=TC TrustCenter Universal CA III,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE
SHA-256: 309B4A87F6CA56C93169AAA99C6D988854D7892BD5437E2D07B29CBEDA55D35D
SHA-1: 9656CD7B57969895D0E141466806FBB8C6110687

from bug 1204997:

CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
SHA-256: 793CBF4559B9FDE38AB22DF16869F69881AE14C4B0139AC788A78A1AFCCA02FB
SHA-1: D3C063F219ED073E34AD5D750B327629FFD59AF2

from bug 1208461:

CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
SHA-256: 85FB2F91DD12275A0145B636534F84024AD68B69B8EE88684FF711375805B348
SHA-1: 58119F0E128287EA50FDD987456F4F78DCFAD6D4
 2015-11-10 10:13:18 -08:00
David Keeler 29b3d15dde bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg 2015-10-30 10:37:22 -07:00
Cykesiopka 4ec261d0e7 Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=keeler 2015-10-23 05:13:00 -04:00
Carsten "Tomcat" Book ea5d701c66 Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures 2015-10-20 12:40:18 +02:00
Cykesiopka fa99ba4063 Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=dkeeler 
--HG--
extra : rebase_source : 14756428ea3f8bc41d746a2e71a5d4914e96f33c
 2015-10-17 09:04:43 -07:00
Richard Barnes 990593f9cf Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler 2015-09-11 14:52:30 -04:00
Nicholas Nethercote f44287005f Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium. 
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.

--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
 2015-08-27 20:44:53 -07:00
Mark Goodwin f2b116c0d6 Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler) 2015-08-21 15:14:08 +01:00
Makoto Kato c3c571a9ee Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler 2015-08-07 13:41:49 +09:00
Cykesiopka d9d018971e Bug 1164609 - Remove EV treatment for expired Buypass Class 3 CA 1 root certificate. r=keeler 
--HG--
extra : rebase_source : 65e2c8746098d8fb2cd5347b557c23a3832d435a
 2015-08-07 00:21:00 +02:00
Carsten "Tomcat" Book fca5cdc8bc Backed out changeset 9618f92995ab (bug 1166323) for linux x64 test bustage on a CLOSED TREE 2015-08-07 07:24:40 +02:00
Makoto Kato 6fb6d7a35c Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler 2015-08-07 13:41:49 +09:00
David Keeler b49becac5d bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin 2015-06-17 16:02:08 -07:00
Xidorn Quan cec576a922 Bug 1187173 - Disable warning C4623 on security/certverifier. r=briansmith 
--HG--
extra : source : 9f3acfedff8cf4a26266bb578dc69727e799c0cf
extra : amend_source : cb1d0a6e8c6d9199429159cb9a20484f5aa95b8d
 2015-07-24 13:38:12 +10:00
Mark Goodwin fce204e0e0 Bug 1183822 - fix OCSP verification failures (r=keeler) 
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
 2015-07-17 17:07:48 +01:00
Mark Goodwin c7285efe5a Backed out changeset fb6cbb4ada54 (bug 1183822) 2015-07-17 10:36:58 +01:00
Mark Goodwin 0bfd3046ed Bug 1183822 - fix OCSP verification failures (r=keeler) 
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
 2015-07-17 10:03:56 +01:00
Mark Goodwin 91782dab68 Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler) 2015-07-09 07:22:29 +01:00
Cykesiopka 0a9aea4ab2 Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler 
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
 2015-06-29 22:19:00 +02:00
David Keeler d67edd7f93 bug 1170303 - treat malformed name information in certificates as a domain name mismatch r=Cykesiopka 2015-06-01 13:55:23 -07:00
Richard Barnes 8a4bc22436 Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler 2015-05-28 13:29:13 -07:00
Ryan VanderMeulen 56574135d1 Backed out changeset fda85020d842 (bug 1010068) for Android test_cert_overrides.js failures. 
CLOSED TREE
 2015-06-08 11:37:33 -04:00
Richard Barnes 3824033dee Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler 2015-05-28 13:29:13 -07:00
Eric Rahm 75c4bebb79 Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj 
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
  PR_LOG_ERROR   -> LogLevel::Error
  PR_LOG_WARNING -> LogLevel::Warning
  PR_LOG_WARN    -> LogLevel::Warning
  PR_LOG_INFO    -> LogLevel::Info
  PR_LOG_DEBUG   -> LogLevel::Debug
  PR_LOG_NOTICE  -> LogLevel::Debug
  PR_LOG_VERBOSE -> LogLevel::Verbose

Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.

Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
 2015-06-03 15:25:57 -07:00
Carsten "Tomcat" Book 5471309381 Backed out 14 changesets (bug 1165515) for linux x64 e10s m2 test failures 
Backed out changeset d68dcf2ef372 (bug 1165515)
Backed out changeset 7c3b45a47811 (bug 1165515)
Backed out changeset b668b617bef2 (bug 1165515)
Backed out changeset d0916e1283a2 (bug 1165515)
Backed out changeset ac4dc7489942 (bug 1165515)
Backed out changeset e9632ce8bc65 (bug 1165515)
Backed out changeset c16d215cc7e4 (bug 1165515)
Backed out changeset e4d474f3c51a (bug 1165515)
Backed out changeset d87680bf9f7c (bug 1165515)
Backed out changeset b3c0a45ba99e (bug 1165515)
Backed out changeset 9370fa197674 (bug 1165515)
Backed out changeset 50970d668ca1 (bug 1165515)
Backed out changeset ffa4eb6d24b9 (bug 1165515)
Backed out changeset 5fcf1203cc1d (bug 1165515)

--HG--
extra : rebase_source : 6fb850d063cbabe738f97f0380302153e3eae97a
 2015-06-02 13:05:56 +02:00
Eric Rahm a9afd68cef Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj 
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
  PR_LOG_ERROR   -> LogLevel::Error
  PR_LOG_WARNING -> LogLevel::Warning
  PR_LOG_WARN    -> LogLevel::Warning
  PR_LOG_INFO    -> LogLevel::Info
  PR_LOG_DEBUG   -> LogLevel::Debug
  PR_LOG_NOTICE  -> LogLevel::Debug
  PR_LOG_VERBOSE -> LogLevel::Verbose

Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.

Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
 2015-06-01 22:17:33 -07:00
Wes Kocher 4e9f80ed2e Backed out 14 changesets (bug 1165515) for b2g mochitest-6 permafail CLOSED TREE 
Backed out changeset 9b97e2aa2ed9 (bug 1165515)
Backed out changeset 150606c022a2 (bug 1165515)
Backed out changeset 4e875a488349 (bug 1165515)
Backed out changeset 467e7feeb546 (bug 1165515)
Backed out changeset d6b6cc373197 (bug 1165515)
Backed out changeset 0615265b593c (bug 1165515)
Backed out changeset fafd1dce9f08 (bug 1165515)
Backed out changeset d1df869245f9 (bug 1165515)
Backed out changeset 6876a7c63611 (bug 1165515)
Backed out changeset b7841c94a9a3 (bug 1165515)
Backed out changeset e5e3617f7c73 (bug 1165515)
Backed out changeset 39be3db95978 (bug 1165515)
Backed out changeset 0ec74176f8de (bug 1165515)
Backed out changeset 5b928dd10d71 (bug 1165515)
 2015-06-01 17:57:58 -07:00
Eric Rahm f82c0e7caf Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj 
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
  PR_LOG_ERROR   -> LogLevel::Error
  PR_LOG_WARNING -> LogLevel::Warning
  PR_LOG_WARN    -> LogLevel::Warning
  PR_LOG_INFO    -> LogLevel::Info
  PR_LOG_DEBUG   -> LogLevel::Debug
  PR_LOG_NOTICE  -> LogLevel::Debug
  PR_LOG_VERBOSE -> LogLevel::Verbose

Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.

Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
 2015-06-01 14:31:01 -07:00
Makoto Kato 6ddb65f184 Bug 1166323 - Remove IME sequence number. r=masayuki,nchen 2015-05-28 13:51:40 +09:00
Birunthan Mohanathas a028ea5c2d Bug 1164714 - Move and flatten security/manager/boot/{public,src}/ into security/manager/ssl/. r=keeler 
--HG--
rename : security/manager/boot/src/CertBlocklist.cpp => security/manager/ssl/CertBlocklist.cpp
rename : security/manager/boot/src/CertBlocklist.h => security/manager/ssl/CertBlocklist.h
rename : security/manager/boot/src/DataStorage.cpp => security/manager/ssl/DataStorage.cpp
rename : security/manager/boot/src/DataStorage.h => security/manager/ssl/DataStorage.h
rename : security/manager/boot/src/PublicKeyPinningService.cpp => security/manager/ssl/PublicKeyPinningService.cpp
rename : security/manager/boot/src/PublicKeyPinningService.h => security/manager/ssl/PublicKeyPinningService.h
rename : security/manager/boot/src/RootCertificateTelemetryUtils.cpp => security/manager/ssl/RootCertificateTelemetryUtils.cpp
rename : security/manager/boot/src/RootCertificateTelemetryUtils.h => security/manager/ssl/RootCertificateTelemetryUtils.h
rename : security/manager/boot/src/RootHashes.inc => security/manager/ssl/RootHashes.inc
rename : security/manager/boot/src/StaticHPKPins.errors => security/manager/ssl/StaticHPKPins.errors
rename : security/manager/boot/src/StaticHPKPins.h => security/manager/ssl/StaticHPKPins.h
rename : security/manager/boot/src/nsEntropyCollector.cpp => security/manager/ssl/nsEntropyCollector.cpp
rename : security/manager/boot/src/nsEntropyCollector.h => security/manager/ssl/nsEntropyCollector.h
rename : security/manager/boot/public/nsIBufEntropyCollector.idl => security/manager/ssl/nsIBufEntropyCollector.idl
rename : security/manager/boot/public/nsICertBlocklist.idl => security/manager/ssl/nsICertBlocklist.idl
rename : security/manager/boot/public/nsISSLStatusProvider.idl => security/manager/ssl/nsISSLStatusProvider.idl
rename : security/manager/boot/public/nsISecurityUITelemetry.idl => security/manager/ssl/nsISecurityUITelemetry.idl
rename : security/manager/boot/src/nsSTSPreloadList.errors => security/manager/ssl/nsSTSPreloadList.errors
rename : security/manager/boot/src/nsSTSPreloadList.inc => security/manager/ssl/nsSTSPreloadList.inc
rename : security/manager/boot/src/nsSecureBrowserUIImpl.cpp => security/manager/ssl/nsSecureBrowserUIImpl.cpp
rename : security/manager/boot/src/nsSecureBrowserUIImpl.h => security/manager/ssl/nsSecureBrowserUIImpl.h
rename : security/manager/boot/src/nsSecurityHeaderParser.cpp => security/manager/ssl/nsSecurityHeaderParser.cpp
rename : security/manager/boot/src/nsSecurityHeaderParser.h => security/manager/ssl/nsSecurityHeaderParser.h
rename : security/manager/boot/src/nsSiteSecurityService.cpp => security/manager/ssl/nsSiteSecurityService.cpp
rename : security/manager/boot/src/nsSiteSecurityService.h => security/manager/ssl/nsSiteSecurityService.h
 2015-05-26 10:31:25 -07:00
Birunthan Mohanathas ae04912e48 Bug 1164714 - Flatten security/manager/ssl/src/ directory. r=keeler 
--HG--
rename : security/manager/ssl/src/CryptoTask.cpp => security/manager/ssl/CryptoTask.cpp
rename : security/manager/ssl/src/CryptoTask.h => security/manager/ssl/CryptoTask.h
rename : security/manager/ssl/src/CryptoUtil.h => security/manager/ssl/CryptoUtil.h
rename : security/manager/ssl/src/IntolerantFallbackList.inc => security/manager/ssl/IntolerantFallbackList.inc
rename : security/manager/ssl/src/NSSErrorsService.cpp => security/manager/ssl/NSSErrorsService.cpp
rename : security/manager/ssl/src/NSSErrorsService.h => security/manager/ssl/NSSErrorsService.h
rename : security/manager/ssl/src/PPSMContentDownloader.ipdl => security/manager/ssl/PPSMContentDownloader.ipdl
rename : security/manager/ssl/src/PSMContentListener.cpp => security/manager/ssl/PSMContentListener.cpp
rename : security/manager/ssl/src/PSMContentListener.h => security/manager/ssl/PSMContentListener.h
rename : security/manager/ssl/src/PSMRunnable.cpp => security/manager/ssl/PSMRunnable.cpp
rename : security/manager/ssl/src/PSMRunnable.h => security/manager/ssl/PSMRunnable.h
rename : security/manager/ssl/src/PublicSSL.h => security/manager/ssl/PublicSSL.h
rename : security/manager/ssl/src/SSLServerCertVerification.cpp => security/manager/ssl/SSLServerCertVerification.cpp
rename : security/manager/ssl/src/SSLServerCertVerification.h => security/manager/ssl/SSLServerCertVerification.h
rename : security/manager/ssl/src/ScopedNSSTypes.h => security/manager/ssl/ScopedNSSTypes.h
rename : security/manager/ssl/src/SharedCertVerifier.h => security/manager/ssl/SharedCertVerifier.h
rename : security/manager/ssl/src/SharedSSLState.cpp => security/manager/ssl/SharedSSLState.cpp
rename : security/manager/ssl/src/SharedSSLState.h => security/manager/ssl/SharedSSLState.h
rename : security/manager/ssl/src/TransportSecurityInfo.cpp => security/manager/ssl/TransportSecurityInfo.cpp
rename : security/manager/ssl/src/TransportSecurityInfo.h => security/manager/ssl/TransportSecurityInfo.h
rename : security/manager/ssl/src/md4.c => security/manager/ssl/md4.c
rename : security/manager/ssl/src/md4.h => security/manager/ssl/md4.h
rename : security/manager/ssl/src/nsCertOverrideService.cpp => security/manager/ssl/nsCertOverrideService.cpp
rename : security/manager/ssl/src/nsCertOverrideService.h => security/manager/ssl/nsCertOverrideService.h
rename : security/manager/ssl/src/nsCertPicker.cpp => security/manager/ssl/nsCertPicker.cpp
rename : security/manager/ssl/src/nsCertPicker.h => security/manager/ssl/nsCertPicker.h
rename : security/manager/ssl/src/nsCertTree.cpp => security/manager/ssl/nsCertTree.cpp
rename : security/manager/ssl/src/nsCertTree.h => security/manager/ssl/nsCertTree.h
rename : security/manager/ssl/src/nsCertVerificationThread.cpp => security/manager/ssl/nsCertVerificationThread.cpp
rename : security/manager/ssl/src/nsCertVerificationThread.h => security/manager/ssl/nsCertVerificationThread.h
rename : security/manager/ssl/src/nsClientAuthRemember.cpp => security/manager/ssl/nsClientAuthRemember.cpp
rename : security/manager/ssl/src/nsClientAuthRemember.h => security/manager/ssl/nsClientAuthRemember.h
rename : security/manager/ssl/src/nsCrypto.cpp => security/manager/ssl/nsCrypto.cpp
rename : security/manager/ssl/src/nsCrypto.h => security/manager/ssl/nsCrypto.h
rename : security/manager/ssl/src/nsCryptoHash.cpp => security/manager/ssl/nsCryptoHash.cpp
rename : security/manager/ssl/src/nsCryptoHash.h => security/manager/ssl/nsCryptoHash.h
rename : security/manager/ssl/src/nsDataSignatureVerifier.cpp => security/manager/ssl/nsDataSignatureVerifier.cpp
rename : security/manager/ssl/src/nsDataSignatureVerifier.h => security/manager/ssl/nsDataSignatureVerifier.h
rename : security/manager/ssl/src/nsKeyModule.cpp => security/manager/ssl/nsKeyModule.cpp
rename : security/manager/ssl/src/nsKeyModule.h => security/manager/ssl/nsKeyModule.h
rename : security/manager/ssl/src/nsKeygenHandler.cpp => security/manager/ssl/nsKeygenHandler.cpp
rename : security/manager/ssl/src/nsKeygenHandler.h => security/manager/ssl/nsKeygenHandler.h
rename : security/manager/ssl/src/nsKeygenHandlerContent.cpp => security/manager/ssl/nsKeygenHandlerContent.cpp
rename : security/manager/ssl/src/nsKeygenHandlerContent.h => security/manager/ssl/nsKeygenHandlerContent.h
rename : security/manager/ssl/src/nsKeygenThread.cpp => security/manager/ssl/nsKeygenThread.cpp
rename : security/manager/ssl/src/nsKeygenThread.h => security/manager/ssl/nsKeygenThread.h
rename : security/manager/ssl/src/nsNSSASN1Object.cpp => security/manager/ssl/nsNSSASN1Object.cpp
rename : security/manager/ssl/src/nsNSSASN1Object.h => security/manager/ssl/nsNSSASN1Object.h
rename : security/manager/ssl/src/nsNSSCallbacks.cpp => security/manager/ssl/nsNSSCallbacks.cpp
rename : security/manager/ssl/src/nsNSSCallbacks.h => security/manager/ssl/nsNSSCallbacks.h
rename : security/manager/ssl/src/nsNSSCertHelper.cpp => security/manager/ssl/nsNSSCertHelper.cpp
rename : security/manager/ssl/src/nsNSSCertHelper.h => security/manager/ssl/nsNSSCertHelper.h
rename : security/manager/ssl/src/nsNSSCertTrust.cpp => security/manager/ssl/nsNSSCertTrust.cpp
rename : security/manager/ssl/src/nsNSSCertTrust.h => security/manager/ssl/nsNSSCertTrust.h
rename : security/manager/ssl/src/nsNSSCertValidity.cpp => security/manager/ssl/nsNSSCertValidity.cpp
rename : security/manager/ssl/src/nsNSSCertValidity.h => security/manager/ssl/nsNSSCertValidity.h
rename : security/manager/ssl/src/nsNSSCertificate.cpp => security/manager/ssl/nsNSSCertificate.cpp
rename : security/manager/ssl/src/nsNSSCertificate.h => security/manager/ssl/nsNSSCertificate.h
rename : security/manager/ssl/src/nsNSSCertificateDB.cpp => security/manager/ssl/nsNSSCertificateDB.cpp
rename : security/manager/ssl/src/nsNSSCertificateDB.h => security/manager/ssl/nsNSSCertificateDB.h
rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp => security/manager/ssl/nsNSSCertificateFakeTransport.cpp
rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.h => security/manager/ssl/nsNSSCertificateFakeTransport.h
rename : security/manager/ssl/src/nsNSSComponent.cpp => security/manager/ssl/nsNSSComponent.cpp
rename : security/manager/ssl/src/nsNSSComponent.h => security/manager/ssl/nsNSSComponent.h
rename : security/manager/ssl/src/nsNSSErrors.cpp => security/manager/ssl/nsNSSErrors.cpp
rename : security/manager/ssl/src/nsNSSHelper.h => security/manager/ssl/nsNSSHelper.h
rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/nsNSSIOLayer.cpp
rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/nsNSSIOLayer.h
rename : security/manager/ssl/src/nsNSSModule.cpp => security/manager/ssl/nsNSSModule.cpp
rename : security/manager/ssl/src/nsNSSShutDown.cpp => security/manager/ssl/nsNSSShutDown.cpp
rename : security/manager/ssl/src/nsNSSShutDown.h => security/manager/ssl/nsNSSShutDown.h
rename : security/manager/ssl/src/nsNSSVersion.cpp => security/manager/ssl/nsNSSVersion.cpp
rename : security/manager/ssl/src/nsNSSVersion.h => security/manager/ssl/nsNSSVersion.h
rename : security/manager/ssl/src/nsNTLMAuthModule.cpp => security/manager/ssl/nsNTLMAuthModule.cpp
rename : security/manager/ssl/src/nsNTLMAuthModule.h => security/manager/ssl/nsNTLMAuthModule.h
rename : security/manager/ssl/src/nsPK11TokenDB.cpp => security/manager/ssl/nsPK11TokenDB.cpp
rename : security/manager/ssl/src/nsPK11TokenDB.h => security/manager/ssl/nsPK11TokenDB.h
rename : security/manager/ssl/src/nsPKCS11Slot.cpp => security/manager/ssl/nsPKCS11Slot.cpp
rename : security/manager/ssl/src/nsPKCS11Slot.h => security/manager/ssl/nsPKCS11Slot.h
rename : security/manager/ssl/src/nsPKCS12Blob.cpp => security/manager/ssl/nsPKCS12Blob.cpp
rename : security/manager/ssl/src/nsPKCS12Blob.h => security/manager/ssl/nsPKCS12Blob.h
rename : security/manager/ssl/src/nsPSMBackgroundThread.cpp => security/manager/ssl/nsPSMBackgroundThread.cpp
rename : security/manager/ssl/src/nsPSMBackgroundThread.h => security/manager/ssl/nsPSMBackgroundThread.h
rename : security/manager/ssl/src/nsProtectedAuthThread.cpp => security/manager/ssl/nsProtectedAuthThread.cpp
rename : security/manager/ssl/src/nsProtectedAuthThread.h => security/manager/ssl/nsProtectedAuthThread.h
rename : security/manager/ssl/src/nsRandomGenerator.cpp => security/manager/ssl/nsRandomGenerator.cpp
rename : security/manager/ssl/src/nsRandomGenerator.h => security/manager/ssl/nsRandomGenerator.h
rename : security/manager/ssl/src/nsSDR.cpp => security/manager/ssl/nsSDR.cpp
rename : security/manager/ssl/src/nsSDR.h => security/manager/ssl/nsSDR.h
rename : security/manager/ssl/src/nsSSLSocketProvider.cpp => security/manager/ssl/nsSSLSocketProvider.cpp
rename : security/manager/ssl/src/nsSSLSocketProvider.h => security/manager/ssl/nsSSLSocketProvider.h
rename : security/manager/ssl/src/nsSSLStatus.cpp => security/manager/ssl/nsSSLStatus.cpp
rename : security/manager/ssl/src/nsSSLStatus.h => security/manager/ssl/nsSSLStatus.h
rename : security/manager/ssl/src/nsSmartCardMonitor.cpp => security/manager/ssl/nsSmartCardMonitor.cpp
rename : security/manager/ssl/src/nsSmartCardMonitor.h => security/manager/ssl/nsSmartCardMonitor.h
rename : security/manager/ssl/src/nsTLSSocketProvider.cpp => security/manager/ssl/nsTLSSocketProvider.cpp
rename : security/manager/ssl/src/nsTLSSocketProvider.h => security/manager/ssl/nsTLSSocketProvider.h
rename : security/manager/ssl/src/nsUsageArrayHelper.cpp => security/manager/ssl/nsUsageArrayHelper.cpp
rename : security/manager/ssl/src/nsUsageArrayHelper.h => security/manager/ssl/nsUsageArrayHelper.h
rename : security/manager/ssl/src/nsVerificationJob.h => security/manager/ssl/nsVerificationJob.h
 2015-05-26 10:31:23 -07:00
Eric Rahm 3925a960aa Bug 1165515 - Part 1: Convert PR_LOG to MOZ_LOG. r=froydnj 2015-05-21 13:22:04 -07:00
Richard Barnes cfe5014bab Backed out changeset fe10feec1ede because of OCSP test failures 2015-05-16 16:38:34 -04:00
Richard Barnes a9f5d9c05c Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler 2015-05-15 16:17:47 -04:00
David Keeler 4e7fc3055e bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes 2015-04-06 16:10:28 -07:00
David Keeler 3c315d18c3 bug 1102436 - remove PublicKeyPinningService::CheckChainAgainstAllNames r=Cykesiopka 2015-05-07 11:06:07 -07:00
Eric Rahm 4eceb82c1f Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj 
PR_LOGGING is now always defined, we can remove #ifdefs checking for it.
 2015-05-08 14:36:33 -07:00
Mark Goodwin f82bee04e1 Bug 1128607 - Add freshness check for OneCRL (r=keeler) 2015-05-07 18:54:05 +01:00
Richard Barnes ee333796b2 Bug 1121982 - Update PSM to use NSS name constraints 2015-04-23 20:26:29 -04:00
David Keeler a4f79b207d bug 1157873 - remove certificates from CNNIC whitelist that aren't in the Pilot Certificate Transparency log r=rbarnes 
Also remove certificates where notBefore is on or after 1 April 2015.
 2015-04-21 16:07:33 -07:00
David Keeler 5ff51a7744 bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes 2015-04-07 17:29:05 -07:00
David Keeler 81764496cd bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past 2015-03-25 11:04:49 -07:00
Jan Beich 5ab8ccdeac Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith 2015-04-14 14:30:09 +02:00
Brian Smith b1035c0992 Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler 
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
 2015-04-12 19:57:48 -10:00
Mark Goodwin 2c5369d16e Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler 
--HG--
extra : rebase_source : 43a28d1b97c569280979c8a2d95494e4d2f9a67c
extra : amend_source : 056721a65cc7d0738d9ab2a92071f8f7eaf48262
 2015-03-30 08:57:00 +02:00
Brian Smith a0437d5b8f Bug 1146057: Remove support for GCC 4.6, r=keeler 
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.

--HG--
extra : rebase_source : 0f104f16be9e7c1ff87bbdd0d4ba6700b1081fb8
 2015-03-30 20:18:46 -10:00
Mark Goodwin 1b0d6fb879 Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused) 2015-03-31 15:10:09 -07:00
Ehsan Akhgari 883849ee32 Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj 
This patch was automatically generated using the following script:

function convert() {
echo "Converting $1 to $2..."
find . \
       ! -wholename "*/.git*" \
       ! -wholename "obj-ff-dbg*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.c" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_OVERRIDE override
convert MOZ_FINAL final
 2015-03-21 12:28:04 -04:00
Cykesiopka 171babfad4 Bug 1139177 - RSA public key size checking cleanups. r=keeler 2015-03-05 16:41:00 +01:00
Mark Goodwin 3133a37202 Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler 
--HG--
extra : rebase_source : ce8cff0735865c00f33102b82c31af35145bda2c
 2015-02-26 04:38:00 +01:00
David Keeler d01ea02613 bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith 2015-02-24 15:48:05 -08:00
Brian Smith 06b7804e70 Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler 
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
 2015-02-14 16:59:02 -08:00
Brian Smith a89b90ea7f Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler 
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
 2015-02-07 12:14:31 -08:00
Brian Smith b0f87b9b6c Bug 1122841, Part 2: Centralize checking of public key, r=keeler 
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
 2015-02-02 16:17:08 -08:00
TheKK 3cda0706de Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz 2015-01-23 06:17:00 +01:00
Brian Smith 825d71887a Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler 
--HG--
rename : security/pkix/include/pkix/nullptr.h => security/pkix/include/pkix/stdkeywords.h
extra : rebase_source : 9cacd9729ac4cfb1e4bf920c8afdffb831b60d36
extra : source : f673d05dfc9a6d830e5e3c01976b41588cc70ead
 2015-01-07 14:53:11 -08:00
Chris Peterson 9e23388ca8 Bug 1118076 - Remove MOZ_THIS_IN_INITIALIZER_LIST. r=Waldo 2015-01-06 21:39:46 -08:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E) ea0e5ac119 Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 06:08:00 +01:00
Brian Smith f118650ad8 Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj 
--HG--
extra : rebase_source : b11b172fac76c7845d2a97cabf1bad9e04a50367
 2014-12-23 14:51:52 -08:00
Kaspar Brand 3fdb27bb49 Bug 1112487 - The signing certificates with key usage only non-repudiation is taken as invalid for signing. r=keeler 2014-12-17 21:31:00 -05:00
Brian Smith 99245555c6 Bug 1107666, Part 2: Further fix for SSL_OCSP_STAPLING telemetry, r=keeler 
--HG--
extra : rebase_source : b2dbbd4eaa8aea019b40eddfc19fb8af20ef3a4c
 2014-12-20 07:03:57 -08:00
Brian Smith 0cd5238974 Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler 
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
 2014-12-11 23:22:35 -08:00
Cykesiopka ee0a49c7ee Bug 1085074 - Part 2 - Use explicit bit sizes for key size cert file names. r=briansmith 2014-12-07 20:41:00 +01:00
David Keeler d9a62a4cc2 bug 1020237 - follow-up to fix build bustage r=bustage on a CLOSED TREE 2014-12-05 10:12:58 -08:00
David Keeler d97c7ea664 bug 1020237 - prefer root certificates to non-root certificates in NSSCertDBTrustDomain::FindIssuer r=briansmith 2014-12-04 13:37:01 -08:00
Carsten "Tomcat" Book 64b43466f7 Backed out changeset b38a8e2203a1 (bug 1024809) for Android 4 perma failures 2014-11-28 12:23:19 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E) 4fc60a106f Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. (r=keeler,Unfocused) 2014-11-27 23:36:00 +01:00
Carsten "Tomcat" Book 4155be994b Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage 2014-11-27 16:30:41 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E) ce5a887c60 Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused 2014-11-27 04:12:00 +01:00
Rob Stradling 8313a4cfa7 bug 1104109 - follow-up to fix new EV OID description strings (they need to match if the OIDs are the same) r=keeler 2014-11-26 11:28:17 -08:00
J.C. Jones fa8441a0a9 Bug 1104109 - December 2014 batch of EV root CA Changes. r=keeler 2014-11-24 16:36:00 +01:00
David Keeler 3cd3e496aa bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith 
validThrough should now be the time through which, if passed in as the given
time to validate an OCSP response at, VerifyEncodedOCSPResponse will still
consider it trustworthy. After that time, it will be expired. This makes it
so the OCSP cache compares validity period responses consistently with
mozilla::pkix.
 2014-11-21 10:43:43 -08:00
Chris Peterson 312462d737 Bug 1092710 - Fix -Wunused-const-variable warning-as-error in non-unified security/certverifier. r=keeler 
--HG--
extra : rebase_source : c13f7e565c8459263191f9bb16d4221b6f163443
 2014-11-01 12:14:41 -07:00
Brian Smith 2d31127cff Reland Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler 
--HG--
extra : rebase_source : 3a5e3bc2e113035e9c88b571bac68f3dbe2c8f04
 2014-10-28 15:28:38 -07:00
Brian Smith c7e81fdad6 Back out cset 9b72d139e817 (Bug 1063281, Part 9) due to compatibility regressions on a CLOSED TREE, a=ryanvm 
--HG--
extra : rebase_source : cd9b43c3f66df3c5de337f2013fe61fae798b3ba
 2014-10-28 12:30:53 -07:00
Brian Smith e93675a04e Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler 
--HG--
extra : rebase_source : 340eb682ba1f9dbd51652438433e7d0196494e1f
 2014-09-21 17:43:29 -07:00
Cykesiopka 1c4af4e6a1 Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith 2014-10-18 15:18:00 +02:00
Cykesiopka c30bd575d3 Bug 622859 - Tests for bug 622859. r=briansmith,keeler 2014-10-16 05:22:00 +02:00
Carsten "Tomcat" Book e5ad1e7db2 Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests 2014-10-17 13:14:29 +02:00
Carsten "Tomcat" Book d893b9cc90 Backed out changeset f5fa8ea86d3b (bug 622859) 2014-10-17 13:13:01 +02:00
Cykesiopka ef48a9fa7c Bug 622859 - Tests for bug 622859. r=briansmith,keeler 2014-10-16 05:22:00 +02:00
Cykesiopka 01941f880c Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith 2014-10-16 05:13:00 +02:00
Camilo Viecco c2c7007b5f Bug 787133 - (hpkp) Part 1/2. Header Parsing and interface within PSM. r=keeler, r=mcmanus 2014-09-03 10:24:12 -07:00
David Keeler fd860abf57 bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco 2014-09-25 11:18:56 -07:00
David Keeler 863d5f9477 bug 1071308 - (1/2) rename pinning_enforcement_level to PinningMode for brevity r=cviecco 2014-09-25 11:08:36 -07:00
David Keeler db0e8cfdbd bug 1066190 - ensure that pinning checks are done for otherwise overridable errors r=mmc 2014-09-12 13:20:43 -07:00
David Keeler c1853c5db4 bug 1050546 - telemetry for baseline requirements sections 9.2.1 and 9.2.2 (subject alt names/common name) r=rbarnes 2014-09-03 11:44:08 -07:00
Ehsan Akhgari 6deacdf4e9 Bug 1061942 - Switch back security/certverifier and security/manager to use unified builds; r=bsmith 2014-09-02 18:28:11 -04:00
Wes Kocher c0770e9a92 Backed out 1 changesets (bug 1050546) for build bustage 
Backed out changeset c7a9e8177202 (bug 1050546)
 2014-09-02 16:49:51 -07:00
David Keeler 18cd42500e bug 1050546 - telemetry for baseline requirements sections 9.2.1 and 9.2.2 (subject alt names/common name) r=rbarnes 2014-09-02 12:10:47 -07:00
Camilo Viecco a47a7b45b5 Bug 1052099 - August 2014 batch of EV root CA changes. r=keeler 
--HG--
extra : rebase_source : 4303f1fb6988ff462edd908295708788a24a64f1
 2014-08-27 11:31:20 -07:00
David Keeler 1f84bc411b bug 1049095 - re-verify joinee certificate with joining hostname when joining connections r=briansmith r=mcmanus r=cviecco r=mmc r=rbarnes 2014-08-21 10:37:23 -07:00
David Keeler c3d3df58ac bug 1030963 - remove non-standard window.crypto functions/properties r=jst r=briansmith r=glandium 2014-08-14 09:38:42 -07:00
Ehsan Akhgari 7257b2f870 Bug 579517 follow-up: Remove NSPR types that crept in 2014-08-08 08:39:07 -04:00
Eric Rahm 6fc80c7e16 Bug 1047176 - Part 1: Disable warning C4640 in certverifier. r=keeler 
--HG--
extra : rebase_source : a608f8704f57312902b05258ff53a4d1f2010cbc
 2014-08-04 11:29:25 -07:00