Igor
60cd1e3bb7
Bug 1296180 - Replace more uses of PR_ARRAY_SIZE with mozilla::ArrayLength. r=keeler,mt
2016-09-09 13:17:52 -07:00
Cykesiopka
80c7f24081
Bug 1274135 - Replace char_ptr_cast() and uint8_t_ptr_cast() with mozilla::BitwiseCast. r=keeler,valentin
...
The functions aren't necessary now that we have BitwiseCast.
MozReview-Commit-ID: 2nzOuwAop4Y
--HG--
extra : rebase_source : 0cb2c16f484a81b2e77384564973b58ac2d10fb9
2016-09-08 20:46:26 +08:00
Ryan VanderMeulen
57d3c61d9b
Backed out changeset db5d2a3899c0 (bug 1274135) for bustage.
2016-09-07 20:52:18 -04:00
Cykesiopka
0193f94d53
Bug 1274135 - Replace char_ptr_cast() and uint8_t_ptr_cast() with mozilla::BitwiseCast. r=keeler,valentin
...
The functions aren't necessary now that we have BitwiseCast.
MozReview-Commit-ID: 2nzOuwAop4Y
--HG--
extra : rebase_source : 196449249eec75b8eb10e59662231c3f4e83c268
2016-09-01 15:58:51 +08:00
Cykesiopka
2e47d34ebc
Bug 1256302 - Remove CertVerifier::InitCertVerifierLog(). r=jcj
2016-09-02 10:45:47 +02:00
Kan-Ru Chen
b6d880aca1
Bug 1297276 - Rename mfbt/unused.h to mfbt/Unused.h for consistency. r=froydnj
...
The patch is generated from following command:
rgrep -l unused.h|xargs sed -i -e s,mozilla/unused.h,mozilla/Unused.h,
MozReview-Commit-ID: AtLcWApZfES
--HG--
rename : mfbt/unused.h => mfbt/Unused.h
2016-08-24 14:47:04 +08:00
Cykesiopka
9529f2321e
Bug 1294011 - Obviate manual calls to SECITEM_FreeItem() in PSM. r=keeler
...
MozReview-Commit-ID: 7RNV0YNraBx
--HG--
extra : rebase_source : bd4c8981b52e3f5a504fc09958872415cf757eff
2016-08-13 21:45:00 +08:00
Cykesiopka
2c9b1285df
Bug 1289455 - Obviate manual CERT_DestroyCertificate() calls in PSM. r=dkeeler
...
MozReview-Commit-ID: Aoi1VWvkNjp
--HG--
extra : transplant_source : B%8F9%E7%E8%84%7D%D1%7B%5Due%ED%9A%E8%DE%05%5B%E2D
2016-08-05 23:57:44 +08:00
Sergei Chernov
21be681857
Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka
...
MozReview-Commit-ID: IgcnyBH4Up
--HG--
extra : transplant_source : %98%A3%5E%B4%DA%89qI1%01A%F8%FF%C7%1FS%D4%23v%B3
2016-07-05 08:35:06 +03:00
David Keeler
67199d7bf6
bug 1289885 - Enable VeriSign Class 3 Public PCA - G4 for EV in PSM r=jcj
...
MozReview-Commit-ID: GDZnZcVCNl6
--HG--
extra : rebase_source : ffdfa0fac7d4114e1251d00ced4c6ca7aab1ec86
2016-07-27 14:06:09 -07:00
Andi-Bogdan Postelnicu
d19b17ffc3
Bug 1289366 - added return statement for CharToByte when assertion fails. r=keeler
...
MozReview-Commit-ID: LDAamOxHdli
--HG--
extra : rebase_source : 7a180b058c3d756074b4cb2f56356c41eaf9919d
2016-07-26 12:48:49 +03:00
Tom Tromey
5538d692d3
Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
...
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
2016-07-14 10:16:42 -06:00
David Keeler
a77caa9d20
bug 1274677 - Enable Certplus and OpenTrust root certificates for EV in PSM r=Cykesiopka
...
MozReview-Commit-ID: 4rZ0NIEyKF6
--HG--
extra : rebase_source : 089184f70e3a6949da5211f464c51fb113db997a
2016-07-15 14:51:08 -07:00
Sergei Chernov
edb1f658f6
Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler
...
MozReview-Commit-ID: HZwzSgxarTw
--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
2016-06-15 11:11:00 +03:00
David Keeler
3fed4e5ecc
bug 1272858 - use a name-agnostic method to find the built-in root PKCS#11 slot r=Cykesiopka
...
Previously this implementation would use the expected names of the built-in
module and slot to get a handle on them. This doesn't work on distributions that
use other names. The new implementation searches through the slots from the
default module list for one where PK11_HasRootCerts returns true (which
indicates that NSS considers that slot to contain the default built-in root
list).
MozReview-Commit-ID: LmX27hQfFJU
--HG--
extra : rebase_source : 50383dcc77257fe08ce2c7d908e95cda7c4bbe9d
2016-06-23 15:43:47 -07:00
David Keeler
baead5135e
bug 1277240 - don't import trust anchors in SaveIntermediateCerts r=Cykesiopka
...
MozReview-Commit-ID: KHwA2LJSeUS
--HG--
extra : rebase_source : e1f7a469d2dc8608adf4b0172f99d9adb192bbb5
2016-06-02 13:17:14 -07:00
Sergei Chernov
d46c2e938b
Bug 1241574 - Certificate Transparency - base definitions and serialization to/from TLS wire format. r=keeler, r=Cykesiopka
...
MozReview-Commit-ID: KmJOr2crof7
--HG--
extra : transplant_source : %97%2A%03p%7CP%09%CA%60J%D22%91%3C%C1%C9%B8%C6%89%D8
2016-04-11 16:17:25 +03:00
Cykesiopka
0b04616a47
Bug 1271496 - Stop using Scoped.h in non-exported PSM code. r=keeler
...
Scoped.h is deprecated in favour of the standardised UniquePtr.
This patch removes use of Scoped.h everywhere in PSM except ScopedNSSTypes.h,
which is exported. Other consumers of ScopedNSSTypes.h can move off Scoped.h
at their own pace.
This patch also changes parameters and return types of various functions to make
ownership more explicit.
MozReview-Commit-ID: BFbtCDjENzy
--HG--
extra : transplant_source : %0B%C7%9F%40%FA9%A4%F2%5E%0D%92%1C%A6%A49%94%C3%7E%1Cz
2016-05-23 19:50:26 -07:00
Cykesiopka
1d22abcec2
Bug 1271953 - Remove nss_addEscape(). r=mgoodwin
...
The function basically duplicates existing Mozilla string class functionality.
MozReview-Commit-ID: 9IFEXuT9cW1
--HG--
extra : rebase_source : 0d0c4492a63f7a168b6092fdb2e1bf8ec09d5308
2016-05-16 09:04:09 -07:00
Cykesiopka
6b12fc8650
Bug 1271501 - Use mozilla::BitwiseCast instead of reinterpret_cast in PSM. r=keeler
...
mozilla::BitwiseCast does the same thing, but provides static asserts that
mitigate some of the risk of using reinterpret_cast.
MozReview-Commit-ID: ENQ8QC6Nl9o
--HG--
extra : rebase_source : c1725c8363c0f7f9877601de5ab5f152ef4d0439
2016-05-18 21:20:56 -07:00
Cykesiopka
5e0c49ff77
Bug 1271501 - Remove unnecessary uses of reinterpret_cast in PSM. r=keeler
...
These uses of reinterpret_cast are either pointless, or can be removed via
refactoring.
MozReview-Commit-ID: Aw2rlJfrT6J
--HG--
extra : rebase_source : 243d6c38eedc086c59d47c93d4a57cb6a922910a
2016-05-18 18:58:40 -07:00
Cykesiopka
18c21f386e
Bug 1271495 - Replace uses of ScopedPK11Context with UniquePK11Context. r=keeler,mcmanus
...
ScopedPK11Context is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
MozReview-Commit-ID: HE8UY1hOuph
--HG--
extra : transplant_source : 4%BF%81M%09Q-%2A%E6%04%86i%18%1B%3CL%90%88%04%C7
2016-05-13 05:53:57 -07:00
Chris Peterson
353ee65255
Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium
2016-05-11 00:00:01 -07:00
David Keeler
c17f3a2733
bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj
...
MozReview-Commit-ID: 88JhIU1pUji
--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
2016-05-05 16:11:11 -07:00
Cykesiopka
8f7bebaa5c
Bug 160122 - Stop using PR_smprintf in PSM. r=keeler
...
The (more) modern Mozilla string classes can be used instead, which at the very
least provide built in automatic memory management and performance improvements.
MozReview-Commit-ID: 4l2Er5rkeI0
--HG--
extra : transplant_source : %A1%16%AB%02m%CA%25HfW%40%96Mq%0D%F0%91%9C%99%29
2016-05-10 23:38:55 -07:00
Cykesiopka
391584fd9d
Bug 1270005 - Replace uses of ScopedPK11SlotInfo with UniquePK11SlotInfo in PSM. r=keeler
...
ScopedPK11SlotInfo is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
Also changes PK11SlotInfo parameters of various functions to make ownership more
explicit, and replaces some manual management of PK11SlotInfo pointers.
MozReview-Commit-ID: JtNH2lJsjwx
--HG--
extra : rebase_source : 9d764e0dd3a1f2df14c16f8f14a3c5392770c9a1
2016-05-09 18:02:40 -07:00
Cykesiopka
128f004a1f
Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler
...
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
Also changes CERTCertList parameters of various functions to make ownership more
explicit.
MozReview-Commit-ID: EXqxTK6inqy
--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
2016-05-05 14:56:36 -07:00
David Keeler
1fdc1bdd0a
bug 1267463 - add a more nuanced subject common name fallback option for prerelease channels r=Cykesiopka,jcj
...
MozReview-Commit-ID: 1vHXrPAHTRm
--HG--
extra : rebase_source : dddd8ae973d1d793890bbfc44d9fe84ef4a47ee2
2016-04-25 15:55:18 -07:00
Cykesiopka
372fe1a598
Bug 1260643 - Convert most uses of ScopedCERTCertificate in PSM to UniqueCERTCertificate. r=keeler
...
MozReview-Commit-ID: JnjoUd7d2M0
--HG--
extra : transplant_source : %99x%B6%F5%09%97%E6%60%B6%3C%3C%C2%D5vt%27%0C-%96%1B
2016-04-20 01:14:22 -07:00
Mark Goodwin
23e56a0fd2
Bug 1252882 - Add a Content Signature Service r=keeler,r=franziskus,r=Cykesiopka
...
MozReview-Commit-ID: 2nS6vN3iDKe
2016-04-13 13:26:01 +01:00
Cykesiopka
b883b2533f
Bug 1259909 - Obviate char PORT_Free() calls in PSM. r=keeler
...
Also converts the longer |UniquePtr<char, void(&)(void*)> foo(..., PORT_Free)|
to the shorter and equivalent |UniquePORTString foo(...)|.
MozReview-Commit-ID: LlrTNUYBP4V
--HG--
extra : transplant_source : afU%FB%0EC%3E%E0pm%A3-%0E%C8%83%CF%0A%B1%9E%ED
2016-04-09 01:03:59 -07:00
Cykesiopka
efe5b47ede
Bug 1260644 - Use UniquePLArenaPool to manage PLArenaPools in PSM. r=keeler
...
MozReview-Commit-ID: HyLXbWoHMGz
--HG--
extra : rebase_source : 6164b7df51e11c4d3814a06bd41765d40be85a9d
2016-04-04 17:35:24 -07:00
David Keeler
6e4140d766
bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin
...
MozReview-Commit-ID: 7xT6JGpOH1g
--HG--
extra : rebase_source : 0def29e8be898a2d975ee4390b3bc6a193766b1b
2016-02-09 10:14:27 -08:00
David Keeler
581a304acb
bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj
...
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.
MozReview-Commit-ID: 8GxtgdbaS3P
--HG--
extra : rebase_source : d1bed911f2d5d40229ea06556fee0848668e98b6
2016-03-28 12:52:40 -07:00
Cykesiopka
e05e655f1b
Bug 1258298 - Switch more Scoped.h templates in PSM to UniquePtr equivalents. r=keeler
...
MozReview-Commit-ID: 8VOhiuNOlBX
--HG--
extra : amend_source : 70d01c7a061c4b751d643d1277e3185ccf348e54
2016-03-24 18:30:37 -07:00
Cykesiopka
bdfc5290f6
Bug 1004149 - Return mozilla::pkix::Result values in nsNSSHttpInterface functions. r=keeler
...
MozReview-Commit-ID: Kx1E3HLP7zC
--HG--
extra : transplant_source : %F0%068%83%E21dM-%FE%7C%EC1%1E%05h%E6%1D%271
2016-03-18 21:11:03 -07:00
David Keeler
3db46cef2e
bug 1240118
- add functionality to treat a test certificate as a built-in root r=mgoodwin
...
MozReview-Commit-ID: GJMd2zEAcmX
--HG--
extra : rebase_source : d2d55c593368b4e5d8562484673a1018dc5ad02d
2016-03-15 17:19:00 -07:00
David Keeler
d27e176906
bug 1236964
- enable Certum Trusted Network CA 2 root certificate for EV treatment r=jcj
...
MozReview-Commit-ID: 8QlBgAdXjlm
--HG--
extra : rebase_source : 07affb67f289f9d460e3eac147dcd44945da182d
2016-03-15 16:08:15 -07:00
Gregory Szorc
3ff1fe40e4
Bug 1256484 - Disable C4456 and C4458 to unblock compilation on VS2015; r=keeler
...
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. So hopefully
someone fixes the underlying problem someday. However, there are tons
of ignored warnings in security/certverifier, so I guess the workaround
in this patch is par for the course.
MozReview-Commit-ID: 7GZ9RpkxnwT
--HG--
extra : rebase_source : 023a438b6458fb4859018cde421d51072f0f0490
2016-03-14 23:57:33 -07:00
David Keeler
2f0004e1be
bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin
...
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.
MozReview-Commit-ID: HCtZpPQVEGZ
--HG--
extra : rebase_source : 759e9c5a7bb14f14a77e62eae2ba40c085f04ccd
2016-03-04 17:06:33 -08:00
sajitk
25babf4ea8
Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd
2016-01-28 10:36:00 -08:00
Wes Kocher
e7883e4059
Backed out changeset 490eb9194ae1 (bug 1228175) for TestIsCertBuiltInRoot failures on at least Android
...
MozReview-Commit-ID: 7kpuhoY0CJw
2016-03-09 14:22:36 -08:00
David Keeler
f228ba40a1
bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin
...
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.
MozReview-Commit-ID: HCtZpPQVEGZ
--HG--
extra : rebase_source : 898ef37459723f1d8479cfdc58658ccb00e782a9
2016-03-04 17:06:33 -08:00
Cykesiopka
a150859d8e
Bug 1248874 - Replace Scoped.h templates used only by PSM in ScopedNSSTypes.h with UniquePtr equivalents. r=dkeeler
...
MozReview-Commit-ID: 5OClBV522lv
--HG--
extra : transplant_source : G%A3%3B%A0%AC%0D%25%F2%C5K%DC8%0F%90%1B%7Bf%E0%93%F7
2016-02-18 06:01:39 -08:00
David Keeler
28c09863cb
bug 1241564 - remove EV treatment for TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı SHA-1 root certificate r=Cykesiopka
...
MozReview-Commit-ID: 9ktEj2kgfYo
2016-02-09 13:30:22 -08:00
Wes Kocher
a40af4aa59
Backed out changeset 7ec471c99263 (bug 1219482) to hopefully fix the intermittent hazard failures CLOSED TREE
...
--HG--
extra : commitid : B8zmd9Xadpz
2016-01-29 10:15:34 -08:00
sajitk
1b0525a9d3
Bug 1219482 - Replace PRLogModuleInfo with LazyLogModule in security subdirectory. r=froydnj
...
--HG--
extra : rebase_source : 7aed4d8669dccd1270a88a0cacfa254e3b9f5950
2016-01-28 10:36:00 -05:00
David Keeler
113252b726
bug 1239455 - rework telemetry for SHA-1 certificates to reflect possible policy states r=Cykesiopka,mgoodwin,rbarnes
...
Before this patch, we were measuring where SHA-1 was being used in TLS
certificates: nowhere, in end-entities, in intermediates, or in both. However,
the possible SHA-1 policies don't differentiate between end-entities and
intermediates and instead depended on whether or not each certificate has a
notBefore value after 2015 (i.e. >= 0:00:00 1 January 2016 UTC). We need to
gather telemetry on the possible policy configurations.
--HG--
extra : rebase_source : 301c821c8de16ffb924cd198dd0a4d3139536019
2016-01-13 12:50:42 -08:00
Jan de Mooij
68d44577b4
Bug 1237232 - Properly check the result of Vector append() calls in security/. r=keeler
2016-01-13 22:05:08 +01:00
Chris Peterson
3f4e7bf8d5
Bug 1235188 - Fix -Wformat warnings in security/certverifier/. r=keeler
...
security/certverifier/NSSCertDBTrustDomain.cpp:433:26 [-Wformat] format specifies type 'long' but the argument has underlying type 'int'
security/certverifier/NSSCertDBTrustDomain.cpp:433:48 [-Wformat] format specifies type 'long long' but the argument has type 'mozilla::pkix::Time'
2015-12-28 18:41:54 -07:00
Chris Peterson
4034ee65b8
Bug 1235308 - Fix -Wimplicit-fallthrough warnings in security/. r=keeler
...
security/certverifier/NSSCertDBTrustDomain.cpp:282:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsNSSComponent.cpp:149:3 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsSecureBrowserUIImpl.cpp:1406:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
2015-12-25 00:03:35 -07:00
David Keeler
cf2300da93
bug 1230994 - December 2015 batch of EV root CA changes r=mgoodwin
...
Adds:
bug 1193480:
CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
bug 1147675:
CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A...,L=Ankara,C=TR
bug 1230985:
OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
bug 1213044:
CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
2015-12-14 14:44:44 -08:00
Xidorn Quan
8cd346c251
Bug 1229587 part 1 - Disable C4464 warning newly added in VS2015u1. r=keeler
...
--HG--
extra : source : 1c79d789b2de950e8024d857f9315ea362141969
2015-12-03 09:29:42 +11:00
Cykesiopka
fedad480ea
Bug 1222903 - Reject EV status for EV EE certs that are valid for longer than 27 months as well. r=keeler
2015-11-13 07:42:00 +01:00
Mark Goodwin
31adb1a5c5
Bug 901698 - Implement OCSP-must-staple; r=keeler
2015-11-13 16:49:08 +00:00
David Keeler
a1cf24355b
bug 1223466 - update extended validation information to deal with root removals in NSS 3.21 r=mgoodwin
...
These entries were removed:
from bug 1204962:
CN=TC TrustCenter Universal CA III,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE
SHA-256: 309B4A87F6CA56C93169AAA99C6D988854D7892BD5437E2D07B29CBEDA55D35D
SHA-1: 9656CD7B57969895D0E141466806FBB8C6110687
from bug 1204997:
CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
SHA-256: 793CBF4559B9FDE38AB22DF16869F69881AE14C4B0139AC788A78A1AFCCA02FB
SHA-1: D3C063F219ED073E34AD5D750B327629FFD59AF2
from bug 1208461:
CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
SHA-256: 85FB2F91DD12275A0145B636534F84024AD68B69B8EE88684FF711375805B348
SHA-1: 58119F0E128287EA50FDD987456F4F78DCFAD6D4
2015-11-10 10:13:18 -08:00
David Keeler
29b3d15dde
bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg
2015-10-30 10:37:22 -07:00
Cykesiopka
4ec261d0e7
Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=keeler
2015-10-23 05:13:00 -04:00
Carsten "Tomcat" Book
ea5d701c66
Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures
2015-10-20 12:40:18 +02:00
Cykesiopka
fa99ba4063
Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=dkeeler
...
--HG--
extra : rebase_source : 14756428ea3f8bc41d746a2e71a5d4914e96f33c
2015-10-17 09:04:43 -07:00
Richard Barnes
990593f9cf
Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
2015-09-11 14:52:30 -04:00
Nicholas Nethercote
f44287005f
Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
...
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
2015-08-27 20:44:53 -07:00
Mark Goodwin
f2b116c0d6
Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)
2015-08-21 15:14:08 +01:00
Makoto Kato
c3c571a9ee
Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler
2015-08-07 13:41:49 +09:00
Cykesiopka
d9d018971e
Bug 1164609 - Remove EV treatment for expired Buypass Class 3 CA 1 root certificate. r=keeler
...
--HG--
extra : rebase_source : 65e2c8746098d8fb2cd5347b557c23a3832d435a
2015-08-07 00:21:00 +02:00
Carsten "Tomcat" Book
fca5cdc8bc
Backed out changeset 9618f92995ab (bug 1166323) for linux x64 test bustage on a CLOSED TREE
2015-08-07 07:24:40 +02:00
Makoto Kato
6fb6d7a35c
Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler
2015-08-07 13:41:49 +09:00
David Keeler
b49becac5d
bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin
2015-06-17 16:02:08 -07:00
Xidorn Quan
cec576a922
Bug 1187173 - Disable warning C4623 on security/certverifier. r=briansmith
...
--HG--
extra : source : 9f3acfedff8cf4a26266bb578dc69727e799c0cf
extra : amend_source : cb1d0a6e8c6d9199429159cb9a20484f5aa95b8d
2015-07-24 13:38:12 +10:00
Mark Goodwin
fce204e0e0
Bug 1183822 - fix OCSP verification failures (r=keeler)
...
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
2015-07-17 17:07:48 +01:00
Mark Goodwin
c7285efe5a
Backed out changeset fb6cbb4ada54 (bug 1183822)
2015-07-17 10:36:58 +01:00
Mark Goodwin
0bfd3046ed
Bug 1183822 - fix OCSP verification failures (r=keeler)
...
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
2015-07-17 10:03:56 +01:00
Mark Goodwin
91782dab68
Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
2015-07-09 07:22:29 +01:00
Cykesiopka
0a9aea4ab2
Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
...
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
2015-06-29 22:19:00 +02:00
David Keeler
d67edd7f93
bug 1170303 - treat malformed name information in certificates as a domain name mismatch r=Cykesiopka
2015-06-01 13:55:23 -07:00
Richard Barnes
8a4bc22436
Bug 1010068
- Disable OCSP for DV certificates in Firefox for Android r=keeler
2015-05-28 13:29:13 -07:00
Ryan VanderMeulen
56574135d1
Backed out changeset fda85020d842 (bug 1010068
) for Android test_cert_overrides.js failures.
...
CLOSED TREE
2015-06-08 11:37:33 -04:00
Richard Barnes
3824033dee
Bug 1010068
- Disable OCSP for DV certificates in Firefox for Android r=keeler
2015-05-28 13:29:13 -07:00
Eric Rahm
75c4bebb79
Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
...
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
PR_LOG_ERROR -> LogLevel::Error
PR_LOG_WARNING -> LogLevel::Warning
PR_LOG_WARN -> LogLevel::Warning
PR_LOG_INFO -> LogLevel::Info
PR_LOG_DEBUG -> LogLevel::Debug
PR_LOG_NOTICE -> LogLevel::Debug
PR_LOG_VERBOSE -> LogLevel::Verbose
Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.
Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
2015-06-03 15:25:57 -07:00
Carsten "Tomcat" Book
5471309381
Backed out 14 changesets (bug 1165515) for linux x64 e10s m2 test failures
...
Backed out changeset d68dcf2ef372 (bug 1165515)
Backed out changeset 7c3b45a47811 (bug 1165515)
Backed out changeset b668b617bef2 (bug 1165515)
Backed out changeset d0916e1283a2 (bug 1165515)
Backed out changeset ac4dc7489942 (bug 1165515)
Backed out changeset e9632ce8bc65 (bug 1165515)
Backed out changeset c16d215cc7e4 (bug 1165515)
Backed out changeset e4d474f3c51a (bug 1165515)
Backed out changeset d87680bf9f7c (bug 1165515)
Backed out changeset b3c0a45ba99e (bug 1165515)
Backed out changeset 9370fa197674 (bug 1165515)
Backed out changeset 50970d668ca1 (bug 1165515)
Backed out changeset ffa4eb6d24b9 (bug 1165515)
Backed out changeset 5fcf1203cc1d (bug 1165515)
--HG--
extra : rebase_source : 6fb850d063cbabe738f97f0380302153e3eae97a
2015-06-02 13:05:56 +02:00
Eric Rahm
a9afd68cef
Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
...
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
PR_LOG_ERROR -> LogLevel::Error
PR_LOG_WARNING -> LogLevel::Warning
PR_LOG_WARN -> LogLevel::Warning
PR_LOG_INFO -> LogLevel::Info
PR_LOG_DEBUG -> LogLevel::Debug
PR_LOG_NOTICE -> LogLevel::Debug
PR_LOG_VERBOSE -> LogLevel::Verbose
Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.
Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
2015-06-01 22:17:33 -07:00
Wes Kocher
4e9f80ed2e
Backed out 14 changesets (bug 1165515) for b2g mochitest-6 permafail CLOSED TREE
...
Backed out changeset 9b97e2aa2ed9 (bug 1165515)
Backed out changeset 150606c022a2 (bug 1165515)
Backed out changeset 4e875a488349 (bug 1165515)
Backed out changeset 467e7feeb546 (bug 1165515)
Backed out changeset d6b6cc373197 (bug 1165515)
Backed out changeset 0615265b593c (bug 1165515)
Backed out changeset fafd1dce9f08 (bug 1165515)
Backed out changeset d1df869245f9 (bug 1165515)
Backed out changeset 6876a7c63611 (bug 1165515)
Backed out changeset b7841c94a9a3 (bug 1165515)
Backed out changeset e5e3617f7c73 (bug 1165515)
Backed out changeset 39be3db95978 (bug 1165515)
Backed out changeset 0ec74176f8de (bug 1165515)
Backed out changeset 5b928dd10d71 (bug 1165515)
2015-06-01 17:57:58 -07:00
Eric Rahm
f82c0e7caf
Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
...
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
PR_LOG_ERROR -> LogLevel::Error
PR_LOG_WARNING -> LogLevel::Warning
PR_LOG_WARN -> LogLevel::Warning
PR_LOG_INFO -> LogLevel::Info
PR_LOG_DEBUG -> LogLevel::Debug
PR_LOG_NOTICE -> LogLevel::Debug
PR_LOG_VERBOSE -> LogLevel::Verbose
Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.
Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
2015-06-01 14:31:01 -07:00
Makoto Kato
6ddb65f184
Bug 1166323 - Remove IME sequence number. r=masayuki,nchen
2015-05-28 13:51:40 +09:00
Birunthan Mohanathas
a028ea5c2d
Bug 1164714 - Move and flatten security/manager/boot/{public,src}/ into security/manager/ssl/. r=keeler
...
--HG--
rename : security/manager/boot/src/CertBlocklist.cpp => security/manager/ssl/CertBlocklist.cpp
rename : security/manager/boot/src/CertBlocklist.h => security/manager/ssl/CertBlocklist.h
rename : security/manager/boot/src/DataStorage.cpp => security/manager/ssl/DataStorage.cpp
rename : security/manager/boot/src/DataStorage.h => security/manager/ssl/DataStorage.h
rename : security/manager/boot/src/PublicKeyPinningService.cpp => security/manager/ssl/PublicKeyPinningService.cpp
rename : security/manager/boot/src/PublicKeyPinningService.h => security/manager/ssl/PublicKeyPinningService.h
rename : security/manager/boot/src/RootCertificateTelemetryUtils.cpp => security/manager/ssl/RootCertificateTelemetryUtils.cpp
rename : security/manager/boot/src/RootCertificateTelemetryUtils.h => security/manager/ssl/RootCertificateTelemetryUtils.h
rename : security/manager/boot/src/RootHashes.inc => security/manager/ssl/RootHashes.inc
rename : security/manager/boot/src/StaticHPKPins.errors => security/manager/ssl/StaticHPKPins.errors
rename : security/manager/boot/src/StaticHPKPins.h => security/manager/ssl/StaticHPKPins.h
rename : security/manager/boot/src/nsEntropyCollector.cpp => security/manager/ssl/nsEntropyCollector.cpp
rename : security/manager/boot/src/nsEntropyCollector.h => security/manager/ssl/nsEntropyCollector.h
rename : security/manager/boot/public/nsIBufEntropyCollector.idl => security/manager/ssl/nsIBufEntropyCollector.idl
rename : security/manager/boot/public/nsICertBlocklist.idl => security/manager/ssl/nsICertBlocklist.idl
rename : security/manager/boot/public/nsISSLStatusProvider.idl => security/manager/ssl/nsISSLStatusProvider.idl
rename : security/manager/boot/public/nsISecurityUITelemetry.idl => security/manager/ssl/nsISecurityUITelemetry.idl
rename : security/manager/boot/src/nsSTSPreloadList.errors => security/manager/ssl/nsSTSPreloadList.errors
rename : security/manager/boot/src/nsSTSPreloadList.inc => security/manager/ssl/nsSTSPreloadList.inc
rename : security/manager/boot/src/nsSecureBrowserUIImpl.cpp => security/manager/ssl/nsSecureBrowserUIImpl.cpp
rename : security/manager/boot/src/nsSecureBrowserUIImpl.h => security/manager/ssl/nsSecureBrowserUIImpl.h
rename : security/manager/boot/src/nsSecurityHeaderParser.cpp => security/manager/ssl/nsSecurityHeaderParser.cpp
rename : security/manager/boot/src/nsSecurityHeaderParser.h => security/manager/ssl/nsSecurityHeaderParser.h
rename : security/manager/boot/src/nsSiteSecurityService.cpp => security/manager/ssl/nsSiteSecurityService.cpp
rename : security/manager/boot/src/nsSiteSecurityService.h => security/manager/ssl/nsSiteSecurityService.h
2015-05-26 10:31:25 -07:00
Birunthan Mohanathas
ae04912e48
Bug 1164714 - Flatten security/manager/ssl/src/ directory. r=keeler
...
--HG--
rename : security/manager/ssl/src/CryptoTask.cpp => security/manager/ssl/CryptoTask.cpp
rename : security/manager/ssl/src/CryptoTask.h => security/manager/ssl/CryptoTask.h
rename : security/manager/ssl/src/CryptoUtil.h => security/manager/ssl/CryptoUtil.h
rename : security/manager/ssl/src/IntolerantFallbackList.inc => security/manager/ssl/IntolerantFallbackList.inc
rename : security/manager/ssl/src/NSSErrorsService.cpp => security/manager/ssl/NSSErrorsService.cpp
rename : security/manager/ssl/src/NSSErrorsService.h => security/manager/ssl/NSSErrorsService.h
rename : security/manager/ssl/src/PPSMContentDownloader.ipdl => security/manager/ssl/PPSMContentDownloader.ipdl
rename : security/manager/ssl/src/PSMContentListener.cpp => security/manager/ssl/PSMContentListener.cpp
rename : security/manager/ssl/src/PSMContentListener.h => security/manager/ssl/PSMContentListener.h
rename : security/manager/ssl/src/PSMRunnable.cpp => security/manager/ssl/PSMRunnable.cpp
rename : security/manager/ssl/src/PSMRunnable.h => security/manager/ssl/PSMRunnable.h
rename : security/manager/ssl/src/PublicSSL.h => security/manager/ssl/PublicSSL.h
rename : security/manager/ssl/src/SSLServerCertVerification.cpp => security/manager/ssl/SSLServerCertVerification.cpp
rename : security/manager/ssl/src/SSLServerCertVerification.h => security/manager/ssl/SSLServerCertVerification.h
rename : security/manager/ssl/src/ScopedNSSTypes.h => security/manager/ssl/ScopedNSSTypes.h
rename : security/manager/ssl/src/SharedCertVerifier.h => security/manager/ssl/SharedCertVerifier.h
rename : security/manager/ssl/src/SharedSSLState.cpp => security/manager/ssl/SharedSSLState.cpp
rename : security/manager/ssl/src/SharedSSLState.h => security/manager/ssl/SharedSSLState.h
rename : security/manager/ssl/src/TransportSecurityInfo.cpp => security/manager/ssl/TransportSecurityInfo.cpp
rename : security/manager/ssl/src/TransportSecurityInfo.h => security/manager/ssl/TransportSecurityInfo.h
rename : security/manager/ssl/src/md4.c => security/manager/ssl/md4.c
rename : security/manager/ssl/src/md4.h => security/manager/ssl/md4.h
rename : security/manager/ssl/src/nsCertOverrideService.cpp => security/manager/ssl/nsCertOverrideService.cpp
rename : security/manager/ssl/src/nsCertOverrideService.h => security/manager/ssl/nsCertOverrideService.h
rename : security/manager/ssl/src/nsCertPicker.cpp => security/manager/ssl/nsCertPicker.cpp
rename : security/manager/ssl/src/nsCertPicker.h => security/manager/ssl/nsCertPicker.h
rename : security/manager/ssl/src/nsCertTree.cpp => security/manager/ssl/nsCertTree.cpp
rename : security/manager/ssl/src/nsCertTree.h => security/manager/ssl/nsCertTree.h
rename : security/manager/ssl/src/nsCertVerificationThread.cpp => security/manager/ssl/nsCertVerificationThread.cpp
rename : security/manager/ssl/src/nsCertVerificationThread.h => security/manager/ssl/nsCertVerificationThread.h
rename : security/manager/ssl/src/nsClientAuthRemember.cpp => security/manager/ssl/nsClientAuthRemember.cpp
rename : security/manager/ssl/src/nsClientAuthRemember.h => security/manager/ssl/nsClientAuthRemember.h
rename : security/manager/ssl/src/nsCrypto.cpp => security/manager/ssl/nsCrypto.cpp
rename : security/manager/ssl/src/nsCrypto.h => security/manager/ssl/nsCrypto.h
rename : security/manager/ssl/src/nsCryptoHash.cpp => security/manager/ssl/nsCryptoHash.cpp
rename : security/manager/ssl/src/nsCryptoHash.h => security/manager/ssl/nsCryptoHash.h
rename : security/manager/ssl/src/nsDataSignatureVerifier.cpp => security/manager/ssl/nsDataSignatureVerifier.cpp
rename : security/manager/ssl/src/nsDataSignatureVerifier.h => security/manager/ssl/nsDataSignatureVerifier.h
rename : security/manager/ssl/src/nsKeyModule.cpp => security/manager/ssl/nsKeyModule.cpp
rename : security/manager/ssl/src/nsKeyModule.h => security/manager/ssl/nsKeyModule.h
rename : security/manager/ssl/src/nsKeygenHandler.cpp => security/manager/ssl/nsKeygenHandler.cpp
rename : security/manager/ssl/src/nsKeygenHandler.h => security/manager/ssl/nsKeygenHandler.h
rename : security/manager/ssl/src/nsKeygenHandlerContent.cpp => security/manager/ssl/nsKeygenHandlerContent.cpp
rename : security/manager/ssl/src/nsKeygenHandlerContent.h => security/manager/ssl/nsKeygenHandlerContent.h
rename : security/manager/ssl/src/nsKeygenThread.cpp => security/manager/ssl/nsKeygenThread.cpp
rename : security/manager/ssl/src/nsKeygenThread.h => security/manager/ssl/nsKeygenThread.h
rename : security/manager/ssl/src/nsNSSASN1Object.cpp => security/manager/ssl/nsNSSASN1Object.cpp
rename : security/manager/ssl/src/nsNSSASN1Object.h => security/manager/ssl/nsNSSASN1Object.h
rename : security/manager/ssl/src/nsNSSCallbacks.cpp => security/manager/ssl/nsNSSCallbacks.cpp
rename : security/manager/ssl/src/nsNSSCallbacks.h => security/manager/ssl/nsNSSCallbacks.h
rename : security/manager/ssl/src/nsNSSCertHelper.cpp => security/manager/ssl/nsNSSCertHelper.cpp
rename : security/manager/ssl/src/nsNSSCertHelper.h => security/manager/ssl/nsNSSCertHelper.h
rename : security/manager/ssl/src/nsNSSCertTrust.cpp => security/manager/ssl/nsNSSCertTrust.cpp
rename : security/manager/ssl/src/nsNSSCertTrust.h => security/manager/ssl/nsNSSCertTrust.h
rename : security/manager/ssl/src/nsNSSCertValidity.cpp => security/manager/ssl/nsNSSCertValidity.cpp
rename : security/manager/ssl/src/nsNSSCertValidity.h => security/manager/ssl/nsNSSCertValidity.h
rename : security/manager/ssl/src/nsNSSCertificate.cpp => security/manager/ssl/nsNSSCertificate.cpp
rename : security/manager/ssl/src/nsNSSCertificate.h => security/manager/ssl/nsNSSCertificate.h
rename : security/manager/ssl/src/nsNSSCertificateDB.cpp => security/manager/ssl/nsNSSCertificateDB.cpp
rename : security/manager/ssl/src/nsNSSCertificateDB.h => security/manager/ssl/nsNSSCertificateDB.h
rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp => security/manager/ssl/nsNSSCertificateFakeTransport.cpp
rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.h => security/manager/ssl/nsNSSCertificateFakeTransport.h
rename : security/manager/ssl/src/nsNSSComponent.cpp => security/manager/ssl/nsNSSComponent.cpp
rename : security/manager/ssl/src/nsNSSComponent.h => security/manager/ssl/nsNSSComponent.h
rename : security/manager/ssl/src/nsNSSErrors.cpp => security/manager/ssl/nsNSSErrors.cpp
rename : security/manager/ssl/src/nsNSSHelper.h => security/manager/ssl/nsNSSHelper.h
rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/nsNSSIOLayer.cpp
rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/nsNSSIOLayer.h
rename : security/manager/ssl/src/nsNSSModule.cpp => security/manager/ssl/nsNSSModule.cpp
rename : security/manager/ssl/src/nsNSSShutDown.cpp => security/manager/ssl/nsNSSShutDown.cpp
rename : security/manager/ssl/src/nsNSSShutDown.h => security/manager/ssl/nsNSSShutDown.h
rename : security/manager/ssl/src/nsNSSVersion.cpp => security/manager/ssl/nsNSSVersion.cpp
rename : security/manager/ssl/src/nsNSSVersion.h => security/manager/ssl/nsNSSVersion.h
rename : security/manager/ssl/src/nsNTLMAuthModule.cpp => security/manager/ssl/nsNTLMAuthModule.cpp
rename : security/manager/ssl/src/nsNTLMAuthModule.h => security/manager/ssl/nsNTLMAuthModule.h
rename : security/manager/ssl/src/nsPK11TokenDB.cpp => security/manager/ssl/nsPK11TokenDB.cpp
rename : security/manager/ssl/src/nsPK11TokenDB.h => security/manager/ssl/nsPK11TokenDB.h
rename : security/manager/ssl/src/nsPKCS11Slot.cpp => security/manager/ssl/nsPKCS11Slot.cpp
rename : security/manager/ssl/src/nsPKCS11Slot.h => security/manager/ssl/nsPKCS11Slot.h
rename : security/manager/ssl/src/nsPKCS12Blob.cpp => security/manager/ssl/nsPKCS12Blob.cpp
rename : security/manager/ssl/src/nsPKCS12Blob.h => security/manager/ssl/nsPKCS12Blob.h
rename : security/manager/ssl/src/nsPSMBackgroundThread.cpp => security/manager/ssl/nsPSMBackgroundThread.cpp
rename : security/manager/ssl/src/nsPSMBackgroundThread.h => security/manager/ssl/nsPSMBackgroundThread.h
rename : security/manager/ssl/src/nsProtectedAuthThread.cpp => security/manager/ssl/nsProtectedAuthThread.cpp
rename : security/manager/ssl/src/nsProtectedAuthThread.h => security/manager/ssl/nsProtectedAuthThread.h
rename : security/manager/ssl/src/nsRandomGenerator.cpp => security/manager/ssl/nsRandomGenerator.cpp
rename : security/manager/ssl/src/nsRandomGenerator.h => security/manager/ssl/nsRandomGenerator.h
rename : security/manager/ssl/src/nsSDR.cpp => security/manager/ssl/nsSDR.cpp
rename : security/manager/ssl/src/nsSDR.h => security/manager/ssl/nsSDR.h
rename : security/manager/ssl/src/nsSSLSocketProvider.cpp => security/manager/ssl/nsSSLSocketProvider.cpp
rename : security/manager/ssl/src/nsSSLSocketProvider.h => security/manager/ssl/nsSSLSocketProvider.h
rename : security/manager/ssl/src/nsSSLStatus.cpp => security/manager/ssl/nsSSLStatus.cpp
rename : security/manager/ssl/src/nsSSLStatus.h => security/manager/ssl/nsSSLStatus.h
rename : security/manager/ssl/src/nsSmartCardMonitor.cpp => security/manager/ssl/nsSmartCardMonitor.cpp
rename : security/manager/ssl/src/nsSmartCardMonitor.h => security/manager/ssl/nsSmartCardMonitor.h
rename : security/manager/ssl/src/nsTLSSocketProvider.cpp => security/manager/ssl/nsTLSSocketProvider.cpp
rename : security/manager/ssl/src/nsTLSSocketProvider.h => security/manager/ssl/nsTLSSocketProvider.h
rename : security/manager/ssl/src/nsUsageArrayHelper.cpp => security/manager/ssl/nsUsageArrayHelper.cpp
rename : security/manager/ssl/src/nsUsageArrayHelper.h => security/manager/ssl/nsUsageArrayHelper.h
rename : security/manager/ssl/src/nsVerificationJob.h => security/manager/ssl/nsVerificationJob.h
2015-05-26 10:31:23 -07:00
Eric Rahm
3925a960aa
Bug 1165515 - Part 1: Convert PR_LOG to MOZ_LOG. r=froydnj
2015-05-21 13:22:04 -07:00
Richard Barnes
cfe5014bab
Backed out changeset fe10feec1ede because of OCSP test failures
2015-05-16 16:38:34 -04:00
Richard Barnes
a9f5d9c05c
Bug 1010068
- Disable OCSP for DV certificates in Firefox for Android r=keeler
2015-05-15 16:17:47 -04:00
David Keeler
4e7fc3055e
bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
2015-04-06 16:10:28 -07:00
David Keeler
3c315d18c3
bug 1102436 - remove PublicKeyPinningService::CheckChainAgainstAllNames r=Cykesiopka
2015-05-07 11:06:07 -07:00
Eric Rahm
4eceb82c1f
Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj
...
PR_LOGGING is now always defined, we can remove #ifdefs checking for it.
2015-05-08 14:36:33 -07:00
Mark Goodwin
f82bee04e1
Bug 1128607 - Add freshness check for OneCRL (r=keeler)
2015-05-07 18:54:05 +01:00
Richard Barnes
ee333796b2
Bug 1121982 - Update PSM to use NSS name constraints
2015-04-23 20:26:29 -04:00
David Keeler
a4f79b207d
bug 1157873 - remove certificates from CNNIC whitelist that aren't in the Pilot Certificate Transparency log r=rbarnes
...
Also remove certificates where notBefore is on or after 1 April 2015.
2015-04-21 16:07:33 -07:00
David Keeler
5ff51a7744
bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes
2015-04-07 17:29:05 -07:00
David Keeler
81764496cd
bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past
2015-03-25 11:04:49 -07:00
Jan Beich
5ab8ccdeac
Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith
2015-04-14 14:30:09 +02:00
Brian Smith
b1035c0992
Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler
...
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
2015-04-12 19:57:48 -10:00
Mark Goodwin
2c5369d16e
Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler
...
--HG--
extra : rebase_source : 43a28d1b97c569280979c8a2d95494e4d2f9a67c
extra : amend_source : 056721a65cc7d0738d9ab2a92071f8f7eaf48262
2015-03-30 08:57:00 +02:00
Brian Smith
a0437d5b8f
Bug 1146057: Remove support for GCC 4.6, r=keeler
...
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.
--HG--
extra : rebase_source : 0f104f16be9e7c1ff87bbdd0d4ba6700b1081fb8
2015-03-30 20:18:46 -10:00
Mark Goodwin
1b0d6fb879
Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused)
2015-03-31 15:10:09 -07:00
Ehsan Akhgari
883849ee32
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj
...
This patch was automatically generated using the following script:
function convert() {
echo "Converting $1 to $2..."
find . \
! -wholename "*/.git*" \
! -wholename "obj-ff-dbg*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.c" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_OVERRIDE override
convert MOZ_FINAL final
2015-03-21 12:28:04 -04:00
Cykesiopka
171babfad4
Bug 1139177 - RSA public key size checking cleanups. r=keeler
2015-03-05 16:41:00 +01:00
Mark Goodwin
3133a37202
Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler
...
--HG--
extra : rebase_source : ce8cff0735865c00f33102b82c31af35145bda2c
2015-02-26 04:38:00 +01:00
David Keeler
d01ea02613
bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith
2015-02-24 15:48:05 -08:00
Brian Smith
06b7804e70
Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
...
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
2015-02-14 16:59:02 -08:00
Brian Smith
a89b90ea7f
Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler
...
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
2015-02-07 12:14:31 -08:00
Brian Smith
b0f87b9b6c
Bug 1122841, Part 2: Centralize checking of public key, r=keeler
...
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
2015-02-02 16:17:08 -08:00
TheKK
3cda0706de
Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz
2015-01-23 06:17:00 +01:00
Brian Smith
825d71887a
Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler
...
--HG--
rename : security/pkix/include/pkix/nullptr.h => security/pkix/include/pkix/stdkeywords.h
extra : rebase_source : 9cacd9729ac4cfb1e4bf920c8afdffb831b60d36
extra : source : f673d05dfc9a6d830e5e3c01976b41588cc70ead
2015-01-07 14:53:11 -08:00
Chris Peterson
9e23388ca8
Bug 1118076 - Remove MOZ_THIS_IN_INITIALIZER_LIST. r=Waldo
2015-01-06 21:39:46 -08:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
ea0e5ac119
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused
2015-01-07 06:08:00 +01:00
Brian Smith
f118650ad8
Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj
...
--HG--
extra : rebase_source : b11b172fac76c7845d2a97cabf1bad9e04a50367
2014-12-23 14:51:52 -08:00
Kaspar Brand
3fdb27bb49
Bug 1112487 - The signing certificates with key usage only non-repudiation is taken as invalid for signing. r=keeler
2014-12-17 21:31:00 -05:00
Brian Smith
99245555c6
Bug 1107666, Part 2: Further fix for SSL_OCSP_STAPLING telemetry, r=keeler
...
--HG--
extra : rebase_source : b2dbbd4eaa8aea019b40eddfc19fb8af20ef3a4c
2014-12-20 07:03:57 -08:00
Brian Smith
0cd5238974
Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler
...
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
2014-12-11 23:22:35 -08:00
Cykesiopka
ee0a49c7ee
Bug 1085074 - Part 2 - Use explicit bit sizes for key size cert file names. r=briansmith
2014-12-07 20:41:00 +01:00
David Keeler
d9a62a4cc2
bug 1020237 - follow-up to fix build bustage r=bustage on a CLOSED TREE
2014-12-05 10:12:58 -08:00
David Keeler
d97c7ea664
bug 1020237 - prefer root certificates to non-root certificates in NSSCertDBTrustDomain::FindIssuer r=briansmith
2014-12-04 13:37:01 -08:00
Carsten "Tomcat" Book
64b43466f7
Backed out changeset b38a8e2203a1 (bug 1024809) for Android 4 perma failures
2014-11-28 12:23:19 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
4fc60a106f
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. (r=keeler,Unfocused)
2014-11-27 23:36:00 +01:00
Carsten "Tomcat" Book
4155be994b
Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage
2014-11-27 16:30:41 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
ce5a887c60
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused
2014-11-27 04:12:00 +01:00
Rob Stradling
8313a4cfa7
bug 1104109 - follow-up to fix new EV OID description strings (they need to match if the OIDs are the same) r=keeler
2014-11-26 11:28:17 -08:00
J.C. Jones
fa8441a0a9
Bug 1104109 - December 2014 batch of EV root CA Changes. r=keeler
2014-11-24 16:36:00 +01:00
David Keeler
3cd3e496aa
bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith
...
validThrough should now be the time through which, if passed in as the given
time to validate an OCSP response at, VerifyEncodedOCSPResponse will still
consider it trustworthy. After that time, it will be expired. This makes it
so the OCSP cache compares validity period responses consistently with
mozilla::pkix.
2014-11-21 10:43:43 -08:00
Chris Peterson
312462d737
Bug 1092710 - Fix -Wunused-const-variable warning-as-error in non-unified security/certverifier. r=keeler
...
--HG--
extra : rebase_source : c13f7e565c8459263191f9bb16d4221b6f163443
2014-11-01 12:14:41 -07:00
Brian Smith
2d31127cff
Reland Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : 3a5e3bc2e113035e9c88b571bac68f3dbe2c8f04
2014-10-28 15:28:38 -07:00
Brian Smith
c7e81fdad6
Back out cset 9b72d139e817 (Bug 1063281, Part 9) due to compatibility regressions on a CLOSED TREE, a=ryanvm
...
--HG--
extra : rebase_source : cd9b43c3f66df3c5de337f2013fe61fae798b3ba
2014-10-28 12:30:53 -07:00
Brian Smith
e93675a04e
Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : 340eb682ba1f9dbd51652438433e7d0196494e1f
2014-09-21 17:43:29 -07:00
Cykesiopka
1c4af4e6a1
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
2014-10-18 15:18:00 +02:00
Cykesiopka
c30bd575d3
Bug 622859 - Tests for bug 622859. r=briansmith,keeler
2014-10-16 05:22:00 +02:00
Carsten "Tomcat" Book
e5ad1e7db2
Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests
2014-10-17 13:14:29 +02:00
Carsten "Tomcat" Book
d893b9cc90
Backed out changeset f5fa8ea86d3b (bug 622859)
2014-10-17 13:13:01 +02:00
Cykesiopka
ef48a9fa7c
Bug 622859 - Tests for bug 622859. r=briansmith,keeler
2014-10-16 05:22:00 +02:00
Cykesiopka
01941f880c
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
2014-10-16 05:13:00 +02:00
Camilo Viecco
c2c7007b5f
Bug 787133 - (hpkp) Part 1/2. Header Parsing and interface within PSM. r=keeler, r=mcmanus
2014-09-03 10:24:12 -07:00
David Keeler
fd860abf57
bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco
2014-09-25 11:18:56 -07:00
David Keeler
863d5f9477
bug 1071308 - (1/2) rename pinning_enforcement_level to PinningMode for brevity r=cviecco
2014-09-25 11:08:36 -07:00
David Keeler
db0e8cfdbd
bug 1066190 - ensure that pinning checks are done for otherwise overridable errors r=mmc
2014-09-12 13:20:43 -07:00
David Keeler
c1853c5db4
bug 1050546 - telemetry for baseline requirements sections 9.2.1 and 9.2.2 (subject alt names/common name) r=rbarnes
2014-09-03 11:44:08 -07:00
Ehsan Akhgari
6deacdf4e9
Bug 1061942 - Switch back security/certverifier and security/manager to use unified builds; r=bsmith
2014-09-02 18:28:11 -04:00
Wes Kocher
c0770e9a92
Backed out 1 changesets (bug 1050546) for build bustage
...
Backed out changeset c7a9e8177202 (bug 1050546)
2014-09-02 16:49:51 -07:00
David Keeler
18cd42500e
bug 1050546 - telemetry for baseline requirements sections 9.2.1 and 9.2.2 (subject alt names/common name) r=rbarnes
2014-09-02 12:10:47 -07:00
Camilo Viecco
a47a7b45b5
Bug 1052099 - August 2014 batch of EV root CA changes. r=keeler
...
--HG--
extra : rebase_source : 4303f1fb6988ff462edd908295708788a24a64f1
2014-08-27 11:31:20 -07:00
David Keeler
1f84bc411b
bug 1049095 - re-verify joinee certificate with joining hostname when joining connections r=briansmith r=mcmanus r=cviecco r=mmc r=rbarnes
2014-08-21 10:37:23 -07:00
David Keeler
c3d3df58ac
bug 1030963 - remove non-standard window.crypto functions/properties r=jst r=briansmith r=glandium
2014-08-14 09:38:42 -07:00
Ehsan Akhgari
7257b2f870
Bug 579517 follow-up: Remove NSPR types that crept in
2014-08-08 08:39:07 -04:00
Eric Rahm
6fc80c7e16
Bug 1047176 - Part 1: Disable warning C4640 in certverifier. r=keeler
...
--HG--
extra : rebase_source : a608f8704f57312902b05258ff53a4d1f2010cbc
2014-08-04 11:29:25 -07:00