gecko-dev

Граф коммитов

Автор	SHA1	Сообщение	Дата
David Keeler	47263aefb3	bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj (adapted from bug 1349762 comment 0) Google Trust Services (GTS) recently purchased two roots from GlobalSign that are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC Root CA - R4". However, GTS does not have an EV audit, so we are going to turn off EV treatment for both of those root certificates. But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to be used to migrate their customers off dependence on that root. This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the chain. MozReview-Commit-ID: Ej9L9zTwoPN --HG-- extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad	2017-04-03 17:17:38 -07:00
Tim Taubert	00b8400985	Bug 1351779 - Removed unused variable 'loopDetected' from PathBuildingStep::Check() r=keeler	2017-03-29 20:17:06 +02:00
Sergei Chernov	edb1f658f6	Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler MozReview-Commit-ID: HZwzSgxarTw --HG-- extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4	2016-06-15 11:11:00 +03:00
Mark Goodwin	31adb1a5c5	Bug 901698 - Implement OCSP-must-staple; r=keeler	2015-11-13 16:49:08 +00:00
Richard Barnes	990593f9cf	Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler	2015-09-11 14:52:30 -04:00
David Keeler	4e7fc3055e	bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes	2015-04-06 16:10:28 -07:00
Brian Smith	a89b90ea7f	Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler --HG-- extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6 extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d	2015-02-07 12:14:31 -08:00
Brian Smith	b0f87b9b6c	Bug 1122841, Part 2: Centralize checking of public key, r=keeler --HG-- extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b extra : source : d470b5a68bf915cfb12f0e948e1492463092883c	2015-02-02 16:17:08 -08:00
Cykesiopka	eb24c24fb9	Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler --HG-- extra : rebase_source : de63f37cdef477d96c1aef8253feca7013ba3bfd	2015-02-06 11:18:20 -08:00
Brian Smith	e538f2d921	Bug 1115906, Part 2: Annotate classes and member functions with override and final, r=keeler --HG-- extra : rebase_source : 79bb236bef83ed3e884d73e029ac29a5aa999840 extra : source : d14d86bcebd38be80d00a263c3145eb0dbcc53cd	2015-01-13 16:54:10 -08:00
Brian Smith	89a83cfb14	Bug 1118122: Reland Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj --HG-- extra : rebase_source : 9fae7948648e355f2ac15275a343ac0806f82f3b	2015-01-12 23:12:01 -08:00
Brian Smith	566e222bca	Bug 1117003 - Backout cset ca3c73188295 (Bug 1115903, Part 2), r=ehsan	2015-01-02 12:26:14 -08:00
Brian Smith	ff754b5ae0	Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj --HG-- extra : rebase_source : 6c8575de36355521baf69bba89eba530cd4e8b09	2014-12-26 23:49:47 -08:00
Brian Smith	a5f0730d19	Bug 1035414, Part 2: Always check subject's issuer matches issuer's subject, r=jcj --HG-- extra : rebase_source : a75eca6ed909fa4f241b1a736656b7e8c99eb3ea	2014-12-26 10:13:18 -08:00
David Keeler	42cd9ec5ca	bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith	2014-10-07 09:35:42 -07:00
David Keeler	71bd008415	backout 9815045d0c5a (bug 1058812 1/3) for mochitest orange on a CLOSED TREE	2014-10-08 12:10:46 -07:00
David Keeler	5606be5b15	bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith	2014-10-07 09:35:42 -07:00
Brian Smith	864c184e30	bug 1045739 - (1/2) mozilla::pkix: stop checking revocation for expired certificates r=keeler	2014-08-14 12:02:55 -07:00
David Keeler	fd860abf57	bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco	2014-09-25 11:18:56 -07:00
Brian Smith	9c4276d25b	Bug 1048070, Part 2: Remove uses of PR_NOT_REACHED and PR_ARRAY_SIZE in mozilla::pkix, r=keeeler --HG-- extra : rebase_source : d373a7526c1048770bed8bacb7e14c8f10e832cb	2014-08-03 18:24:35 -07:00
Brian Smith	3f64294312	Bug 1048070, Part 1: Replace uses of PR_ASSERT in mozilla::pkix, r=keeler --HG-- extra : rebase_source : 3f1dbb4babb6d575bde3088c92aeb6f28d689210	2014-08-02 09:17:59 -07:00
Brian Smith	0ccaf0860c	Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler --HG-- extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2	2014-08-02 08:49:12 -07:00
Brian Smith	de725ae5ef	Bug 1047792: Rely on mozilla::pkix to filter out expired certs instead of CERT_CreateSubjectCertList, r=keeler --HG-- extra : rebase_source : 5182147037b69f0ac3c3cd060d6e2af71bfde2e7	2014-08-01 23:16:21 -07:00
Brian Smith	d77dac0580	Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler --HG-- extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478	2014-07-31 12:17:31 -07:00
Brian Smith	ffe743ee06	Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler --HG-- extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c	2014-07-18 22:30:51 -07:00
Brian Smith	5f56fc60d6	Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco --HG-- extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4	2014-07-20 11:06:26 -07:00
Brian Smith	c45dc156d1	Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler --HG-- extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532	2014-07-18 11:48:49 -07:00
Cykesiopka	0289b45f0c	Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith	2014-07-15 19:49:00 -04:00
Brian Smith	b14f27897b	Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco --HG-- extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc	2014-07-10 22:38:59 -07:00
Brian Smith	94e53dc0be	Bug 1035942: Decide whether to consider end-entity CN as a dnsName in CheckNameConstraints instead of in BuildCertChain, r=cviecco --HG-- extra : rebase_source : 19c5949253e4e631b0bd841f17f000885001b327 extra : histedit_source : dce57eb862a2a13d07d11fdf6917afcf6cb4136c	2014-07-08 13:04:17 -07:00
Brian Smith	3f110246be	Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler --HG-- extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605	2014-07-06 15:55:38 -07:00
Brian Smith	783ead1861	Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc --HG-- extra : rebase_source : 68e6da2f1e1c7fa678ef4cc81d23cc6298709108 extra : histedit_source : feba4c589dbf004ee50e2dea1fca0809f8f97674	2014-07-03 21:49:56 -07:00
Brian Smith	f5ec8594e7	Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler --HG-- extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e	2014-07-02 16:15:16 -07:00
Brian Smith	4c63d2fa78	Bug 1033563, Part 2: Convert mozilla::pkix::BuildForwardInner into an iterator-type thing, r=keeler --HG-- extra : rebase_source : 175e308191441035db4f3eed4a855205bab1a3f3	2014-07-02 15:03:58 -07:00
Brian Smith	172778c87b	Bug 1033563, Part 1: Move revocation checking code from mozilla::pkix::BuildForward to BuildForwardInner, r=keeler --HG-- extra : rebase_source : 0f11eb64ffb00d953c39d81f4877067bd173eadd	2014-07-02 12:21:41 -07:00
Brian Smith	89e560be23	Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler --HG-- extra : rebase_source : e093922497d005734c590a59f175993a7715bce8	2014-07-03 16:59:42 -07:00
Brian Smith	4fdd6599dc	Bug 1032947: Change CheckNameConstraints to construct CERTCertificate instances when needed, r=keeler --HG-- extra : rebase_source : d0bf802f4ff3fe9900ed7444c046617aa27faea9	2014-06-26 14:22:20 -07:00
Wes Kocher	ea7141a1d8	Backed out changeset f97578949399 (bug 1032947)	2014-07-01 17:43:33 -07:00
Brian Smith	cd8fb3a537	Bug 1032947: Change CheckNameConstraints to construct CERTCertificate instances when needed, r=keeler --HG-- extra : rebase_source : 64bd4c390f708213242e0d4987b7117b0049d02a	2014-06-26 14:22:20 -07:00
Brian Smith	fcdcfb823b	Bug 1031022: Go back to accepting explicit encoding of v1 for certificates and OCSP responses, r=cviecco --HG-- extra : rebase_source : f0adf63879a48db6c036cce1a3e9a7b65e44fc4e	2014-06-26 17:03:48 -07:00
Brian Smith	73c952f2fb	Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco --HG-- extra : rebase_source : 7e91710ed7cd6e68875c2d26f0b503835968e1f2 extra : histedit_source : e07446cad5edbf6cbb048304bc2b2af4395410db	2014-06-25 01:32:06 -07:00
Carsten "Tomcat" Book	ec63c69c72	Backed out changeset 4f21e9bc729a (bug 1029364) for B2G Device and Emulator Bustage on a CLOSED TREE	2014-06-25 10:01:17 +02:00
Brian Smith	f9aac2f45e	Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco --HG-- extra : rebase_source : 79d5f29c2af1ec77d6bb8a7936bb0a17f28e8d52	2014-06-19 16:17:28 -07:00
Brian Smith	ca4f473450	Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler --HG-- extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418	2014-06-20 10:10:51 -07:00
Brian Smith	b76e937c55	Bug 1006812: Use mozilla::pkix::der to decode the key usage extension, r=keeler --HG-- extra : rebase_source : e445c913994dc027e1179543d7b6cab2505e734d	2014-06-19 00:13:20 -07:00
David Keeler	8bf1ded425	bug 1020993 - properly handle unknown critical extensions in BackCert::Init r=briansmith	2014-06-09 13:57:44 -07:00
Brian Smith	e0cd7eb210	Bug 1020682: Simplify mozilla::pkix results cert chain construction and make it more efficient, r=cviecco --HG-- extra : rebase_source : 69cb8ea66e075c89bbcbab3ca115cc2ccc95fa4f	2014-06-04 01:28:44 -07:00
Brian Smith	f9aa591c9a	Bug 1020683, Part 2: Remove more references to CERTCertificate from mozilla::pkix, r=keeler --HG-- extra : rebase_source : 9dce7585975fb23fe04f5714ece18645b22b2261	2014-06-04 00:03:28 -07:00
Brian Smith	67bd0799fb	Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler --HG-- extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8	2014-06-05 15:18:32 -07:00
Brian Smith	d7a28e81d0	Bug 1018633: Simplify the max cert chain length check code in mozilla::pkix and make it more efficient, r=cviecco --HG-- extra : rebase_source : 7fa4cc6c1b46357abed0c57c6e24c622049c5acb	2014-05-31 16:32:58 -07:00

1 2

62 Коммитов