Граф коммитов

382 Коммитов

Автор SHA1 Сообщение Дата
manikishan 8752d4637d Bug 1198481 - Fixed typo 'id_pk_serverAuth' to 'id_kp_serverAuth'. r=keeler 2017-12-02 18:03:18 +05:30
Sylvestre Ledru d60d69e2cb Bug 1411001 - Remove the +x permissions on cpp & h files r=froydnj
MozReview-Commit-ID: DjDkL20wRg0

--HG--
extra : rebase_source : a343d83d1f4e97e4ba56d0f57fec93079df0b5ea
2017-10-23 20:59:55 +02:00
Tom Ritter 387fbfc8b6 Bug 1406736 Match MinGW's macro so we declare gmtime_r under MinGW too r=froydnj
MozReview-Commit-ID: 2U2ToeyVUUt

--HG--
extra : rebase_source : a4ebd43f4529cc6b815f5bb849021a994dda959f
2017-10-09 00:18:19 -05:00
Nicolas Vigier 21244bc461 Bug 1305396 - Replace memmove with std::copy_backward in a file that doesn't include cstring explicitly. r=keeler 2017-10-16 20:03:54 +02:00
Tom Ritter 701ee70a22 Bug 1406687 Pass return values from fwrite to Unused to silence the warn-unused-result warning r=njn
MozReview-Commit-ID: 4v6tPF5aMz7

--HG--
extra : rebase_source : fe434db73a8da686391462c12b91648348abcdc9
2017-10-09 15:01:48 -05:00
Sebastian Hengst ee63f2e30a Backed out changeset 0317bcff40bc (bug 1406687) for build bustage at testing/gtest/gtest/src/gtest.cc:3871: 'Unused' was not declared in this scope. r=backout 2017-10-09 18:52:39 +02:00
Tom Ritter 22d2cdf063 Bug 1406687 Pass return values from fwrite to Unused to silence the warn-unused-result warning r=njn
MozReview-Commit-ID: 4v6tPF5aMz7

--HG--
extra : rebase_source : c54b129c6815096035e262322f40aa0884b1ae56
2017-10-09 00:26:16 -05:00
Daniel Holbert ec576781c3 Bug 1369806: Fix up pkix test to correctly pass zero to CreateEncodedBasicConstraints (which takes a pointer-to-long, rather than a long). r=keeler
MozReview-Commit-ID: Ki8AHuW5zyP

--HG--
extra : rebase_source : b2c8ba7ad4414c8059f23e9d775fdee7000a4c18
2017-06-02 13:21:53 -07:00
Daniel Holbert ca4b542080 Bug 1369864: Suppress clang -Wno-zero-as-null-pointer-constant build warning, in pkix/test/gtest. r=keeler
The gtest headers trigger many instances of this warning, due to their usage of
NULL instead of nullptr.

MozReview-Commit-ID: Dhv7mPHpZ7I

--HG--
extra : rebase_source : a272472e5cf9a946df3fb1b0ffe919bb0d52f093
2017-06-02 13:05:30 -07:00
Daniel Holbert f2024755c3 Bug 1369871: Add "const" keyword to a long* param in a pkix test function. r=keeler
The only reason this param is a pointer is so that it can be optional. It's not
an outparam -- the function does not (and does not intend to) modify it -- so
it should be declared as 'const' to make that clearer & to allow clients to
pass in pointers to const values.

MozReview-Commit-ID: HbF96YNfnSt

--HG--
extra : rebase_source : 674abeb4c68f6c3fcdbc38edaf19e739ef09a3f6
2017-06-02 13:45:41 -07:00
Cykesiopka a05d6a925c Bug 1361750 - Disable various MSVC 2017 warnings in PSM to unbreak --enable-warnings-as-errors builds. r=keeler
MSVC 2017 headers aren't warning free at the -Wall level.
Since PSM enables -Wall in some moz.build files, this breaks
--enable-warnings-as-errors builds.
As a temporary measure, disable enough warnings to get working builds.

MozReview-Commit-ID: G0oUsAYYct2

--HG--
extra : rebase_source : dc37783c89e66a54510c9940f9eaa5a4340ef43e
2017-05-05 00:41:33 +08:00
David Keeler 47263aefb3 bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj
(adapted from bug 1349762 comment 0)
Google Trust Services (GTS) recently purchased two roots from GlobalSign that
are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC
Root CA - R4".

However, GTS does not have an EV audit, so we are going to turn off EV treatment
for both of those root certificates.

But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended
Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to
be used to migrate their customers off dependence on that root.

This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also
removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless
the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the
chain.

MozReview-Commit-ID: Ej9L9zTwoPN

--HG--
extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad
2017-04-03 17:17:38 -07:00
Tim Taubert 00b8400985 Bug 1351779 - Removed unused variable 'loopDetected' from PathBuildingStep::Check() r=keeler 2017-03-29 20:17:06 +02:00
David Keeler 8c5524fc2e bug 1339921 - disable clang's shadowed field warning in a mozilla::pkix gtest class r=Cykesiopka,dholbert
pkixocsp_VerifyEncodedResponse_GetCertTrust has a field trustDomain that
deliberately shadows the field it inherits from so that code doesn't use it by
accident.

MozReview-Commit-ID: 1Y4W6sA7lHD

--HG--
extra : rebase_source : d2d3180e6c65ea49255545216230525b96af010d
2017-03-14 15:58:04 -07:00
Jan Beich ce968eef85 Bug 1346305 - Unbreak --enable-warnings-as-errors on FreeBSD after bug 1343557. r=keeler
MozReview-Commit-ID: 3gZCXTK1GJI

--HG--
extra : rebase_source : 0de5fc52517c71db1c74814b5dcf096a8ceac593
2017-03-10 18:02:44 +00:00
Wes Kocher 65140a44e3 Merge inbound to central, a=merge CLOSED TREE
MozReview-Commit-ID: Gj4s6DtqKmw
2017-03-09 16:33:31 -08:00
Dan Minor cb9616fb60 Bug 1343557 - Disable -pedantic-errors for pkix gtests; r=keeler
MozReview-Commit-ID: FEeAF9Vm3PJ

--HG--
extra : rebase_source : f62dfac39f8021f7cda8240bf680612847e5fd8b
2017-03-02 17:12:14 -05:00
Joel Maher 41e6060a92 Bug 1344829 - add BUG_COMPONENT to security/* files. r=keeler
MozReview-Commit-ID: AS6e14FOqsb
2017-03-09 05:33:30 -05:00
EKR 785f12a554 Bug 1331280 - Generic telemetry probe for TLS handshake status. r=keeler
--HG--
extra : rebase_source : 69a2e93a5cd8d500702a670dfaa5e6cebb822ff0
2017-02-14 13:12:00 -05:00
Sylvestre Ledru aba86ae938 Bug 1337358 - Converts for(...; ...; ...) loops to use the new range-based loops in C++11 in security/ r=keeler
MozReview-Commit-ID: yfkQVEp2do

--HG--
extra : rebase_source : 048f30343b9eb353bbc15fbde157ffbb3b2da8ec
2017-02-07 13:22:44 +01:00
Julian Seward 621b1dcd5f Bug 1318030 - Possible uninitialised value uses relating to security/pkix/test/gtest/pkixcert_extension_tests.cpp. r=dkeeler@mozilla.com. 2016-11-21 08:49:36 +01:00
David Cook 7d4c71cc9c Bug 1115718 - Check for empty issuer name in mozilla::pkix; r=keeler
MozReview-Commit-ID: 6Ymgo7dQE7b

--HG--
extra : rebase_source : 54ee27fd46c2139125a40deabb11a6aca04c84bc
2016-07-28 20:36:18 -05:00
Sergei Chernov 21be681857 Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka
MozReview-Commit-ID: IgcnyBH4Up

--HG--
extra : transplant_source : %98%A3%5E%B4%DA%89qI1%01A%F8%FF%C7%1FS%D4%23v%B3
2016-07-05 08:35:06 +03:00
Tom Tromey 5538d692d3 Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
This removes the unnecessary setting of c-basic-offset from all
python-mode files.

This was automatically generated using

    perl -pi -e 's/; *c-basic-offset: *[0-9]+//'

... on the affected files.

The bulk of these files are moz.build files but there a few others as
well.

MozReview-Commit-ID: 2pPf3DEiZqx

--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
2016-07-14 10:16:42 -06:00
Sergei Chernov edb1f658f6 Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler
MozReview-Commit-ID: HZwzSgxarTw

--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
2016-06-15 11:11:00 +03:00
Julian Seward 8562142079 Bug 1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 SHA1_End. r=dkeeler.
--HG--
extra : rebase_source : d8e517c891212c0b7794e7db433f6ed626c4cac5
2016-05-30 15:25:52 +02:00
Chris Peterson 353ee65255 Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium 2016-05-11 00:00:01 -07:00
David Keeler c17f3a2733 bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj
MozReview-Commit-ID: 88JhIU1pUji

--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
2016-05-05 16:11:11 -07:00
Cykesiopka 33825b4eb1 Bug 1257031 - Return more informative error code when encountering invalid integers rather than SEC_ERROR_BAD_DER. r=keeler
Also adds some missing l10n entries to nsserrors.properties (but not for errors
that are specific to TLS 1.3, since TLS 1.3 is not yet finalised).

MozReview-Commit-ID: A42fmTDTe8W

--HG--
extra : transplant_source : x%F7s%DB%05%B4%81%9Dm%FDC%A1f%B3%0D%7DR%C1%BA%B1
2016-04-21 16:41:22 -07:00
David Keeler 6e4140d766 bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin
MozReview-Commit-ID: 7xT6JGpOH1g

--HG--
extra : rebase_source : 0def29e8be898a2d975ee4390b3bc6a193766b1b
2016-02-09 10:14:27 -08:00
David Keeler eabc80d212 bug 1258579 - remove some unnecessary time-related globals from mozilla::pkix tests r=Cykesiopka
MozReview-Commit-ID: C0XPTdO4Ab7

--HG--
extra : rebase_source : cb97b17cc5f3bd2fe1fe2bd13cae5447e029c14d
2016-03-22 10:26:30 -07:00
Brian Smith 30373af60a Bug 1189020 - Replace |// unnamed namespace| with |// namespace| in mozilla::pkix. r=Cykesiopka
This is what Google suggests in its style guide, and somebody
already changed one of these comments to the new style.

--HG--
extra : rebase_source : fe3f7fc17a2fc09ad0ba01fa1511dc8dba7653e1
2016-03-16 07:10:00 +01:00
Gregory Szorc 3ff1fe40e4 Bug 1256484 - Disable C4456 and C4458 to unblock compilation on VS2015; r=keeler
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. So hopefully
someone fixes the underlying problem someday. However, there are tons
of ignored warnings in security/certverifier, so I guess the workaround
in this patch is par for the course.

MozReview-Commit-ID: 7GZ9RpkxnwT

--HG--
extra : rebase_source : 023a438b6458fb4859018cde421d51072f0f0490
2016-03-14 23:57:33 -07:00
David Keeler 61a9a234f8 bug 1255153 - (re)move redundant xpcshell name constraint tests to gtests r=Cykesiopka,jcj
MozReview-Commit-ID: 8eFSIhB1RId

--HG--
extra : rebase_source : 63b147b8bdc9f2961b2f56723ac5baa0e2564684
2016-03-09 14:33:31 -08:00
David Keeler 62bd6f7a62 bug 1248099 - add extended key usage tests for mozilla::pkix r=Cykesiopka,jcj
MozReview-Commit-ID: 9rXn5Q1wsnx

--HG--
extra : rebase_source : f598007d568c7394898294d66b1845a173f97dc2
2016-02-12 17:24:54 -08:00
Xidorn Quan 8cd346c251 Bug 1229587 part 1 - Disable C4464 warning newly added in VS2015u1. r=keeler
--HG--
extra : source : 1c79d789b2de950e8024d857f9315ea362141969
2015-12-03 09:29:42 +11:00
Mark Goodwin a954826958 Bug 901698 - Some tests for OCSP-must-staple; r=keeler 2015-11-13 16:49:09 +00:00
Mark Goodwin 31adb1a5c5 Bug 901698 - Implement OCSP-must-staple; r=keeler 2015-11-13 16:49:08 +00:00
Richard Barnes 990593f9cf Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler 2015-09-11 14:52:30 -04:00
Jacek Caban b15946229a Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith 2015-09-09 14:16:59 +02:00
Nicholas Nethercote f44287005f Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.

--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
2015-08-27 20:44:53 -07:00
Ryan VanderMeulen c7fdbe4d0f Backed out changeset 982be1bbebdf (bug 1199624) for Windows bustage. 2015-08-30 17:09:09 -04:00
Jacek Caban c8309c6328 Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith 2015-08-29 07:59:00 -04:00
Mike Hommey 7da4ee35ba Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith 2015-08-21 15:27:22 +09:00
Mike Hommey b85471d7e8 Backout changesets af1b36497559 and 1d52ab626597 (bug 1189891) for pkix bustage 2015-08-21 15:05:38 +09:00
Mike Hommey 067b45951a Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith 2015-08-21 14:29:19 +09:00
Birunthan Mohanathas a8939590de Bug 1182996 - Fix and add missing namespace comments. rs=ehsan
The bulk of this commit was generated by running:

  run-clang-tidy.py \
    -checks='-*,llvm-namespace-comment' \
    -header-filter=^/.../mozilla-central/.* \
    -fix
2015-07-13 08:25:42 -07:00
Mark Goodwin 91782dab68 Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler) 2015-07-09 07:22:29 +01:00
Cykesiopka 0a9aea4ab2 Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
2015-06-29 22:19:00 +02:00
Tim Taubert ab7196486a Bug 1060112 - Don't treat OCSP responses omitting the requested certificate status as "unknown certificate" responses blocking the connection r=keeler 2015-05-21 13:39:34 -04:00