fe6faf7d6b
Backed out changeset 688775a8227f (bug 1136892) for mass bustage prompting a CLOSED TREE
2015-08-18 11:58:05 -07:00
10a7d6a5b9
Bug 1195606 - Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking)
2015-08-18 09:54:09 -07:00
f2b116c0d6
Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)
2015-08-21 15:14:08 +01:00
7da4ee35ba
Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
2015-08-21 15:27:22 +09:00
b85471d7e8
Backout changesets af1b36497559 and 1d52ab626597 (bug 1189891) for pkix bustage
2015-08-21 15:05:38 +09:00
067b45951a
Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
2015-08-21 14:29:19 +09:00
c51baf3ae9
bug 1116409: switch update server to sha2 cert; update in-tree pinning. r=rstrong,snorp,mfinkle,dkeeler
2015-08-20 17:50:51 -04:00
b4174da7d8
Bug 1195615 - Log a web console warning when a HPKP header is ignored due to a non-built in root cert. r=keeler
2015-08-20 14:33:29 -07:00
dde975f7a0
Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester
...
--HG--
extra : commitid : FN6nc0Yis2o
2015-08-18 11:26:14 -07:00
2755fa9a57
Bug 1190086 - Use new String::Contains(char) method more widely r=froydnj
...
--HG--
extra : rebase_source : 81df1495200d3734ea1c4c13818ae764a445f4b3
2015-08-14 00:49:15 +02:00
23a9820f27
bug 1190603 - rename prime256v1 to secp256r1 in test_keysize.js to reduce confusion r=Cykesiopka
...
OpenSSL refers to the curve in question as 'prime256v1', but rfc 5480,
mozilla::pkix, and the test framework refer to it as secp256r1, so we
should be consistent.
--HG--
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
2015-08-05 13:39:11 -07:00
70897766ec
bug 1190603 - convert test_keysize.js to generate certificates at build time r=Cykesiopka
2015-08-03 17:02:58 -07:00
ff2ceb15ed
Bug 1193298 - Part 2: Use .get() to convert from RefPtr to raw pointer. r=froydnj
2015-08-11 06:45:00 -04:00
b7a032eb04
Bug 1004011 - Support SECCOMP_FILTER_FLAG_TSYNC if available. r=kang
...
--HG--
extra : rebase_source : 32be610d889fedb518e062a4a416331be21378d3
2015-08-11 16:30:00 -04:00
7b0ea8ee04
Bug 1182551 - Updating nsSecureBrowserUIImpl so that insecure pages with mixed content iframes don't get marked as broken. r=keeler
2015-08-13 17:13:48 -07:00
531a2c1719
Bug 1194135, Update Mozilla to NSS 3.20, r=mt
2015-08-13 11:31:23 +02:00
8f318ea950
Bug 1193021 - clean up reference-counting in security/; r=keeler
2015-07-01 13:10:53 -04:00
7ce068b7e9
bug 1190532 - change default key specification from implicit to explicit in pycert.py r=Cykesiopka
...
Previously using an empty string would result in pycert.py returning the
default shared RSA key. This resulted in empty keyspec files being added
to the tree, which was confusing. This should end the confusion by making
the key specification process explicit rather than implicit.
2015-08-06 11:35:40 -07:00
948094db6e
bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin
2015-07-30 10:20:52 -07:00
8238eb63a4
Bug 1190794, land final NSS_3_19_3_RTM tag, no code change, DONTBUILD
2015-08-07 20:19:06 +02:00
c3c571a9ee
Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler
2015-08-07 13:41:49 +09:00
d9d018971e
Bug 1164609 - Remove EV treatment for expired Buypass Class 3 CA 1 root certificate. r=keeler
...
--HG--
extra : rebase_source : 65e2c8746098d8fb2cd5347b557c23a3832d435a
2015-08-07 00:21:00 +02:00
fca5cdc8bc
Backed out changeset 9618f92995ab (bug 1166323) for linux x64 test bustage on a CLOSED TREE
2015-08-07 07:24:40 +02:00
6fb6d7a35c
Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler
2015-08-07 13:41:49 +09:00
ba03e3c181
Backed out 2 changesets (bug 1016555, bug 1189427) for making Android 4.3 API11+ debug X3 perma fail in test_ev_certs.js
...
Backed out changeset ebd4e3880403 (bug 1189427
2015-08-06 11:51:27 +02:00
d93ee984a0
Bug 1124649 - Part 1 - Add specific error messages for various types of STS and PKP header failures. r=keeler,hurley
...
--HG--
extra : rebase_source : 8210ed5f89cec8c42d5a78b9101f1c54d91e04c6
2015-08-05 07:51:00 +02:00
ae2c1351bc
bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin
2015-07-30 10:20:52 -07:00
7315345693
Bug 1191100 - Remove XPIDL signature comments in .cpp files. r=ehsan
...
Comment-only so DONTBUILD.
2015-08-04 16:17:36 -07:00
80c4460491
Bug 1190794, Update to NSS 3.19.3 to pick up ca-certificates v 2.5, landing NSS_3_19_3_RC0, r=kwilson
2015-08-04 22:37:05 +02:00
59ef11f506
bug 1188100 - fold PSM's test_client_cert.js into necko's test_tls_server.js r=mcmanus
...
--HG--
rename : security/manager/ssl/tests/unit/test_client_cert/cert_dialog.js => netwerk/test/unit/client_cert_chooser.js
rename : security/manager/ssl/tests/unit/test_client_cert/cert_dialog.manifest => netwerk/test/unit/client_cert_chooser.manifest
extra : amend_source : 249efd8e1bc537cf14b3199865df18b8aba62d10
2015-07-29 14:27:54 -07:00
49d83b3b7d
Merge mozilla-central to mozilla-inbound
2015-08-03 15:45:57 +02:00
6b441cd90a
merge mozilla-inbound to mozilla-central a=merge
2015-08-03 13:56:39 +02:00
50e851b877
Bug 830801 - Part 2. Remove NOMINMAX define from moz.build. r=mshal
2015-08-03 10:07:09 +09:00
abb4d538ee
No bug, Automated HPKP preload list update from host bld-linux64-spot-317 - a=hpkp-update
2015-08-01 03:34:19 -07:00
ae7af3ea3c
No bug, Automated HSTS preload list update from host bld-linux64-spot-317 - a=hsts-update
2015-08-01 03:34:17 -07:00
b44231402a
No bug, Automated HPKP preload list update from host bld-linux64-spot-010 - a=hpkp-update
2015-07-30 13:51:28 -07:00
eb03434709
No bug, Automated HSTS preload list update from host bld-linux64-spot-010 - a=hsts-update
2015-07-30 13:51:26 -07:00
8a9392bf5e
Bug 1189166 - Cleanup some PSM test generation files post Bug 1181823. r=dkeeler
...
--HG--
extra : rebase_source : 4f0310323c3e7ac7e9e8c453d41aa0ef9cbd910a
2015-07-29 23:56:33 -07:00
77826e3c4a
Bug 1171796: Add sandbox rule for child process NSPR log file on Windows. r=bbondy
...
This also moves the initialization of the sandbox TargetServices to earlier in
plugin-container.cpp content_process_main, because it needs to happen before
xul.dll loads.
2015-07-30 10:04:42 +01:00
b49becac5d
bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin
2015-06-17 16:02:08 -07:00
97b9240b34
Bug 1188696 - Hoist nsRefPtr.h into MFBT. r=froydnj
2015-07-29 10:44:59 -07:00
5cea0a9df6
Bug 1046421 - Do not disclose the system hostname via NTLM handler. r=honzab
...
The hostname here is matched on the AD DC to the userWorkstations
attribute, however this is on a total trust basis in terms of what the
client specifies here.
The impact of this patch is that a user who is restricted by this
attribute to log on to only certain (Windows, in reality)
workstations, may not be able to perform a manual NTLM logon to an
intranet site, unless they set network.generic-ntlm-auth.workstation
to the name of their workstation (actually, any host in that list).
The default value is set to WORKSTATION.
This patch was originally written by Andrew Bartlett, and modified by
Douglas Bagnall following review feedback from Honza Bambas and Tim
Brown.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2015-07-24 13:36:11 +12:00
1b1d908d0f
bug 1187029 - convert test_bug480509.html to an xpcshell test r=jcj
2015-07-23 13:31:45 -07:00
265ad075b1
Bug 1175881 - about:sync-log can't read files on OS X with e10s on and content process sandbox enabled. r=areinald
2015-07-28 12:09:34 -05:00
3a4c2d822a
bug 1179660 - define 'now' as the first second of the current year for pycert r=Cykesiopka
...
This is to avoid a dependency on the buildid so we don't have to
regenerate all of the test certificate with every ./mach build.
This can cause problems very near midnight on New Year's Eve.
If this happens, kick off a new build and get back to the party.
2015-07-15 16:20:54 -07:00
cec576a922
Bug 1187173 - Disable warning C4623 on security/certverifier. r=briansmith
...
--HG--
extra : source : 9f3acfedff8cf4a26266bb578dc69727e799c0cf
extra : amend_source : cb1d0a6e8c6d9199429159cb9a20484f5aa95b8d
2015-07-24 13:38:12 +10:00
315c4ad9c2
Bug 1186709 - Remove MOZ_IMPLICIT from security/sandbox/chromium. r=bobowen
2015-07-23 08:28:00 -04:00
39f6ab2a28
Bug 1157864 - Record chromium patch applied in previous commit. r=me
2015-07-22 15:48:49 -07:00
acfe5cf4cf
Bug 1157864 - chromium sandbox: Fix compilation for systems without <sys/cdefs.h>. r=jld
2015-02-05 22:41:38 +01:00
0e28f550d3
Bug 1181562 - Update fallback whitelist. r=keeler
2015-07-22 20:35:26 +09:00
1ac7d5d5b1
Bug 1182959 (part 5) - Use nsTHashtable::Iterator in nsCertOverrideService. r=honzab.
...
--HG--
extra : rebase_source : c36d0f9e4a2242a934e2848b6f977f33d6ac76cc
2015-07-20 17:12:03 -07:00
746d9d6e0a
Bug 1182959 (part 4) - Remove BlocklistSaveInfo. r=honzab.
...
--HG--
extra : rebase_source : c46e23885d97ef05504db32e0fd8cae05b55232a
2015-07-20 17:12:03 -07:00
6ceff73a0f
Bug 1182959 (part 3) - Use nsTHashtable::Iterator in CertBlockList. r=honzab.
...
--HG--
extra : rebase_source : 4df2d9845e7a04c11bc6076ea7844fba7b5ca3a9
2015-07-20 17:12:03 -07:00
e0bd2455c1
Bug 1182959 (part 2) - Use nsTHashtable::Iterator in CertBlockList. r=honzab.
...
--HG--
extra : rebase_source : f2b69832a8f789919db84706591e96bcf4bd0a1d
2015-07-20 17:12:03 -07:00
489123be0f
Bug 1182959 (part 1) - Use nsTHashtable::Iterator in CertBlockList. r=honzab.
...
--HG--
extra : rebase_source : cdef0d25cd3dcc63313ab391c0c7fe37d048eb1a
2015-07-20 17:12:03 -07:00
fc9b22c883
Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=gdestuynder r=glandium
...
This gives us a logging macro that's safe to use in async signal context
(cf. bug 1046210, where we needed this and didn't have it).
This patch also changes one of the format strings to work with
SafeSPrintf's format string dialect; upstream would probably take a
patch to handle those letters, but this is easier.
2015-07-09 12:09:00 +02:00
06bdcaaa33
Bug 1181704 - Import chromium SafeSPrintf. r=bobowen
...
This also imports the unit tests but doesn't arrange to run them.
Including the tests in our xul-gtest is possible but not trivial: there
are logging dependencies, and they use a different #include path for
gtest.h (which we'd need to patch).
Upstream revision: df7cc6c04725630dd4460f29d858a77507343b24.
2015-07-09 12:04:00 +02:00
b0d4abd2b1
bug 1178988 - GenerateOCSPResponse: load certs/keys in two phases r=Cykesiopka
...
This was initially done to work around a readdir-related bug in the B2G ICS
emulator, but then it turned out that test_ocsp_url.js still fails in ways that
are unreproducible outside of mozilla-inbound on that platform, so it was
disabled (r=sworkman). It's still a good idea, though, to avoid any potential
future issues with readdir not being reentrant.
2015-07-15 14:12:02 -07:00
fd5e8893a4
bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka
...
Also enable loading of certificates and private keys into GenerateOCSPResponse
2015-06-04 17:03:48 -07:00
3999edd791
bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin
2015-06-30 14:35:42 -07:00
1c6931cc67
Merge m-c to inbound. a=merge
2015-07-19 22:38:28 -04:00
2751f97bb3
no bug - fix typo and grammar in comment r=me DONTBUILD
2015-07-19 18:07:43 -07:00
3267aeb6a8
No bug, Automated HPKP preload list update from host bld-linux64-spot-135 - a=hpkp-update
2015-07-18 03:35:51 -07:00
f12b366895
No bug, Automated HSTS preload list update from host bld-linux64-spot-135 - a=hsts-update
2015-07-18 03:35:49 -07:00
4ba2d72200
Bug 1183822 - Add an OCSP test for signers with SHA-1 certificates (r=keeler)
2015-07-17 17:07:50 +01:00
fce204e0e0
Bug 1183822 - fix OCSP verification failures (r=keeler)
...
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
2015-07-17 17:07:48 +01:00
30d8779d49
Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka)
2015-07-17 17:07:47 +01:00
b9baa34b08
Backed out 3 changesets (bug 1178988) for ocsp orange CLOSED TREE
...
Backed out changeset 7fb6a9114916 (bug 1178988)
Backed out changeset 2700ec4adc3e (bug 1178988)
Backed out changeset 07b9c2331ac1 (bug 1178988)
2015-07-17 17:49:46 -07:00
806731fbb7
Backed out changeset ec1b5a7d05e9 (bug 1183065)
2015-07-17 10:37:00 +01:00
c7285efe5a
Backed out changeset fb6cbb4ada54 (bug 1183822)
2015-07-17 10:36:58 +01:00
e2ee16093c
Backed out changeset f324dcfaab40 (bug 1183822)
2015-07-17 10:36:56 +01:00
e57ac71ec4
Bug 1183822 - Add an OCSP test for signers with SHA-1 certificates (r=keeler)
2015-07-17 10:04:17 +01:00
0bfd3046ed
Bug 1183822 - fix OCSP verification failures (r=keeler)
...
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
2015-07-17 10:03:56 +01:00
810c972b95
Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka)
2015-07-17 10:03:21 +01:00
da7508611c
bug 1178988 - work around PR_ReadDir bug on B2G ICS emulator by loading certs/keys in two phases r=Cykesiopka
2015-07-15 14:12:02 -07:00
9e28b0964f
bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka
...
Also enable loading of certificates and private keys into GenerateOCSPResponse
2015-06-04 17:03:48 -07:00
9b96df5045
bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin
2015-06-30 14:35:42 -07:00
7bb4919849
Bug 1179678 - Add result strings to misc PSM xpcshell tests. r=keeler
2015-07-14 23:19:00 +02:00
c00da5ced5
Backed out 2 changesets (bug 1181704) for static build bustage CLOSED TREE
...
Backed out changeset fbf7aca43c3a (bug 1181704)
Backed out changeset 8864c0587ced (bug 1181704)
2015-07-13 16:51:17 -07:00
60984b0ab1
Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=kang r=glandium
...
This gives us a logging macro that's safe to use in async signal context
(cf. bug 1046210, where we needed this and didn't have it).
This patch also changes one of the format strings to work with
SafeSPrintf's format string dialect; upstream would probably take a
patch to handle those letters, but this is easier.
2015-07-13 16:17:58 -07:00
c5ffe92d42
Bug 1181704 - Import chromium SafeSPrintf. r=bobowen
...
This does not include the upstream unit tests. Including the tests
in our xul-gtest is possible but not trivial: there are logging
dependencies, and they use a different #include path for gtest.h (which
we'd need to patch).
Upstream revision: df7cc6c04725630dd4460f29d858a77507343b24.
2015-07-13 16:17:58 -07:00
a8939590de
Bug 1182996 - Fix and add missing namespace comments. rs=ehsan
...
The bulk of this commit was generated by running:
run-clang-tidy.py \
-checks='-*,llvm-namespace-comment' \
-header-filter=^/.../mozilla-central/.* \
-fix
2015-07-13 08:25:42 -07:00
4a67c881e4
merge mozilla-inbound to mozilla-central a=merge
2015-07-13 11:51:14 +02:00
e2ec40e62a
No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update
2015-07-11 03:33:38 -07:00
f596fa8330
No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update
2015-07-11 03:33:36 -07:00
72c6934fcc
bug 1181376 - convert test_bug480619.html to an xpcshell test r=mgoodwin
...
--HG--
rename : security/manager/ssl/tests/mochitest/bugs/test_bug480619.html => security/manager/ssl/tests/unit/test_logoutAndTeardown.js
2015-07-07 16:09:56 -07:00
52d4e225a0
Bug 1026290 - Update mochitest-chrome manifests for android; r=jgriffin
2015-07-10 14:41:59 -06:00
98a776cea1
Bug 1159155 - Add telemetry probe for SHA-1 usage - some tests (r=keeler)
2015-07-09 07:22:32 +01:00
91782dab68
Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
2015-07-09 07:22:29 +01:00
6565c918a7
Back out 2 changesets (bug 1178988) for b2g emulator opt xpcshell failure in test_ocsp_url.js
...
CLOSED TREE
Backed out changeset 2c5d5eb434b9 (bug 1178988)
Backed out changeset 936d991c4cbc (bug 1178988)
2015-07-08 22:49:12 -07:00
0d33e93440
bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka
...
Also enable loading of certificates and private keys into GenerateOCSPResponse
2015-06-04 17:03:48 -07:00
c4edcb819d
bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin
2015-06-30 14:35:42 -07:00
da83a15284
Merge mozilla-central to fx-team
2015-07-08 12:04:53 +02:00
73079800c9
Bug 1153010 - Disambiguate error messages for mixed content and weak/broken cipher. r=keeler,tanvi,dolske
2015-07-08 09:04:11 +02:00
f976bf5495
Bug 1179071 - Merge RemovingIterator into Iterator. r=froydnj.
...
The original motivation for the Iterator/RemovingIterator split was that
PLDHashTable Checker class would treat them differently. But that didn't end up
happening (see bug 1131308). So this patch merges them. This is a small code
size win now but it will become bigger when I add iterators to nsTHashTable and
nsBaseHashtable.
The only complication is that PLDHashTable::Iter() is now non-const, which is
a problem if you use it in a const method. So I added PLDHashTable::ConstIter()
which is used in just two places. It's a bit of a hack -- effectively a
const_cast -- but I don't think it's too bad.
2015-07-06 22:02:26 -07:00
7987d2203e
Bug 905127 - Part 2 - remove unnecessary nsNetUtil.h includes r=jduell
2015-07-06 07:55:00 +02:00
7d1e52f2ff
Bug 905127 - Part 1 - Make some functions from nsNetUtil not inline. r=jduell
2015-07-07 04:17:00 +02:00
1743e82980
Backed out changeset 0e38e844e0af (bug 1178988) for breaking windows builds on a CLOSED TREE
...
--HG--
extra : amend_source : 0caf2e6472fbc72af4af4c1f7f20ffc83cef3c94
2015-07-06 16:24:25 -07:00
a6254fbeef
Backed out changeset aeae195846c8 (bug 1178988) for breaking windows builds
2015-07-06 16:22:48 -07:00
30d8da9d4d
bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka
...
Also enable loading of certificates and private keys into GenerateOCSPResponse
2015-06-04 17:03:48 -07:00
9c80304730
bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin
2015-06-30 14:35:42 -07:00
2af297c249
Merge m-i to m-c, a=merge
2015-07-04 11:07:23 -07:00
0c3c374174
No bug, Automated HPKP preload list update from host bld-linux64-spot-384 - a=hpkp-update
2015-07-04 03:30:40 -07:00
857d30b804
No bug, Automated HSTS preload list update from host bld-linux64-spot-384 - a=hsts-update
2015-07-04 03:30:37 -07:00
258ad59e3f
Bug 1171931 - Refactor duplicated code using XRE_IsParent/ContentProcess. r=froydnj
2015-07-03 18:29:00 -07:00
c61aa1392c
Bug 1174389 - Add result strings to PSM OCSP xpcshell tests. r=keeler
2015-07-02 00:45:00 +02:00
8cdf1bf8c6
bug 496234 - add test vectors from RFC 1320 for md4 implementation r=mayhemer
2015-06-25 12:10:40 -07:00
8f50e96227
bug 496234 - fix md4 implementation by appending the input length as a 64-bit number r=mayhemer
2015-06-25 12:32:44 -07:00
ef236972ed
bug 496234 - use stdint types in md4 implementation r=mayhemer
...
Also removes some trailing whitespace.
2015-06-25 12:00:49 -07:00
22291d109e
Bug 1175807 - Remove PL_DHashTableEnumerate() uses from nsNSSShutdown. r=honzab.
...
The doPK11Logout() change is straightforward.
In contrast, the loop in evaporateAllNSSResources() is *weird*. Nevertheless,
this change preserves its behaviour.
--HG--
extra : rebase_source : 702fdd9fcc03b888eed7eebdd78f4184b28a2886
2015-06-17 21:09:27 -07:00
974d8120f2
Bug 1161627 - part 2 - machine-convert TemporaryRef<T> to already_AddRefed<T>; r=ehsan
...
This conversion was done with the script:
find . -name '*.cpp' -o -name '*.h' -o -name '*.mm' -o -name '*.idl' | \
egrep -v 'cairo-win32-refptr.h|RefPtr.h|TestRefPtr.cpp' | \
xargs sed -i -e 's/mozilla::TemporaryRef</already_AddRefed</g' \
-e 's/TemporaryRef</already_AddRefed</g'
Manual fixups were performed in the following instances:
- We handled mfbt/RefPtr.h manually so as to not convert TemporaryRef itself
into already_AddRefed.
- The following files had explicit Move() calls added to make up for the lack
of a copy constructor on already_AddRefed:
dom/base/ImageEncoder.cpp
dom/media/MediaTaskQueue.{h,cpp}
dom/media/webaudio/PannerNode.cpp
- A redundant overload for MediaTaskQueue::Dispatch was deleted.
- A few manual fixups were required in mfbt/tests/TestRefPtr.cpp.
- Comments, using declarations, and forward declarations relating to
TemporaryRef in dom/canvas/ and gfx/layers/ were changed to refer to
already_AddRefed.
2015-06-17 10:00:52 -04:00
777fd8a866
Bug 1145679 - Part 2 - Tests. r=keeler
...
--HG--
extra : rebase_source : ffbe58b27f8f7890b9d398127ab80f562d2dc8b0
2015-06-29 22:19:00 +02:00
0a9aea4ab2
Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
...
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
2015-06-29 22:19:00 +02:00
e09f6209c4
bug 1174292 - convert test_cert_version.js to generate certificates at build time r=Cykesiopka
...
Also remove redundant test-cases.
2015-06-12 14:56:07 -07:00
90ccc67e4e
merge mozilla-inbound to mozilla-central a=merge
2015-06-29 14:17:02 +02:00
117313c482
No bug, Automated HPKP preload list update from host bld-linux64-spot-098 - a=hpkp-update
2015-06-27 03:33:49 -07:00
7ee431527f
No bug, Automated HSTS preload list update from host bld-linux64-spot-098 - a=hsts-update
2015-06-27 03:33:47 -07:00
87e3154dff
merge mozilla-inbound to mozilla-central a=merge
2015-06-22 14:03:17 +02:00
2ff7670bf1
Bug 1029775 - Skip test_ocsp_stapling_expired.js on B2G debug for frequent intermittent failures.
...
--HG--
extra : rebase_source : 3eb53f648d6663ca0f3f1380eb8a81b66a491d1a
2015-06-21 21:22:08 -04:00
94d833221d
No bug, Automated HPKP preload list update from host bld-linux64-spot-224 - a=hpkp-update
2015-06-20 03:33:00 -07:00
1a89ffacb7
No bug, Automated HSTS preload list update from host bld-linux64-spot-224 - a=hsts-update
2015-06-20 03:32:58 -07:00
42deb0e71d
Bug 1176097 - Update NSS to NSS_3_19_2_RTM.
...
--HG--
extra : rebase_source : c668a4f77efd06e5914b69d06f5a2eab4233f9f3
2015-06-19 14:01:18 -04:00
2e341f2ff1
Bug 1177594: Use a USER_RESTRICTED token level on GMP process when integrity levels are available. r=cpearce
2015-06-26 14:19:12 +01:00
5f5c327690
Backed out changeset 8b4e4083639e (bug 1171931) for B2G debug emulator bustage.
2015-06-25 19:48:42 -04:00
cc27f74877
Bug 1172388: Use a USER_RESTRICTED access level token on Windows 10. r=cpearce
2015-06-19 23:35:43 +01:00
1fb9a20a64
Bug 1176085 - Fix second/nanosecond confusion in Linux sandbox start error case. r=kang
...
--HG--
extra : amend_source : e546416d9c058305f4cb00d1c015daaec8ab1362
2015-06-19 14:26:44 -07:00
702a59d135
Bug 1171931 - Refactor duplicated code using XRE_IsParent/ContentProcess. r=froydnj
...
--HG--
extra : rebase_source : 2ecbe6c1dd8a7ad8dc529b53349ad431cf1116c9
2015-06-24 14:11:00 -04:00
8d6a67f6d3
Bug 1172216 - Move nsStackwalk to mozglue. r=glandium
...
--HG--
rename : xpcom/base/nsStackWalk.cpp => mozglue/misc/StackWalk.cpp
rename : xpcom/base/nsStackWalk.h => mozglue/misc/StackWalk.h
extra : commitid : EMbWGfjKvdq
extra : rebase_source : b7308eb569cc1a019d3b7a92aaff0de7a49b5682
2015-06-10 16:32:45 -04:00
bef4807107
Bug 1165895: Add NPAPI sandbox rule for the crash server pipe and x64 Temp dir write access. r=bbondy
2015-06-18 12:01:38 +01:00
e287cf641e
Bug 1165549 - Update fallback whitelist. r=keeler
2015-06-17 20:52:33 +09:00
fdaeee62c1
bug 1173565 - convert test_pinning_dynamic.js to generate certificates at build time r=Cykesiopka
...
Also fixes up references to test_pinning_dynamic certificates in test_pinning_header_parsing.js
2015-06-09 10:35:47 -07:00
cfd306a839
Bug 1171820 - Convert test_bug483440.html mochitest to an xpcshell test. r=keeler
...
--HG--
rename : security/manager/ssl/tests/mochitest/bugs/test_bug483440.html => security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js
rename : build/pgo/certs/bug483440-attack2b.ca => security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem
rename : build/pgo/certs/bug483440-attack7.ca => security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem
rename : build/pgo/certs/bug483440-pk10oflo.ca => security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem
2015-06-13 00:51:00 +02:00
0544e6bf2c
Bug 1164714 - Move netwerk/test/TestSTSParser.cpp into security/manager/ssl/tests/. r=keeler
...
--HG--
rename : netwerk/test/TestSTSParser.cpp => security/manager/ssl/tests/compiled/TestSTSParser.cpp
2015-06-14 21:37:12 -07:00
fe26522550
bug 1172615 - check for and return early in the case of authentication bypass in AuthCertificateHook r=mcmanus
...
--HG--
extra : amend_source : 305df6e1ea028333d3077653f3e3fc098f40dd3f
2015-06-08 13:18:23 -07:00
8ac1db457e
Bug 1168555 - Work around Nuwa not always being single-threaded when a normal content process is. r=kang
2015-06-10 13:38:00 -04:00
4de03b092c
Bug 1174102 - Update to NSS 3.19.2, landing NSS_3_19_2_BETA1, r=nss-confcall
2015-06-12 11:10:17 +02:00
c7d8bf951d
Bug 1171819 - Convert test_cert_eku-*.js to generate certificates at build time. r=keeler
...
--HG--
extra : rebase_source : a683669da992833336c6aa03961b143d428ee0b7
2015-06-10 22:50:00 +02:00
1c707fb2d0
Bug 629558 - Pref to make Intermediate Cert Store memory-only. r=keeler
...
--HG--
extra : rebase_source : 2678d1f74624fe1aa7db44053647a39fb8c8f8dc
2015-06-10 14:14:00 +02:00
246d750391
Bug 1136301 - Null check for mCert->slot added in destructorSafeDestroyNSSReference & MarkForPermDeletion. Formatting update in MarkForPermDeletion. r=keeler
2015-06-10 09:46:16 -07:00
d67edd7f93
bug 1170303 - treat malformed name information in certificates as a domain name mismatch r=Cykesiopka
2015-06-01 13:55:23 -07:00
9091a35bfb
bug 1171557 - make test_cert_trust.js certs a bit more realistic r=mgoodwin
...
According to the Baseline Requirements, root certificates MUST NOT
have the extendedKeyUsage extension. The extension is optional for
intermediates and required for end-entity certificates. This change
modifies the test certificates so they're more in line with the BRs.
2015-06-03 15:37:38 -07:00
c3704cadb3
bug 1171557 - convert test_cert_trust.js to generate certificates at build time r=mgoodwin
2015-06-03 15:12:00 -07:00
6ac04795af
Bug 1145893 - Shutdown nsNSSComponent background threads during xpcom-shutdown. r=keeler, a=me
2015-03-23 10:58:25 -07:00
8a4bc22436
Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler
2015-05-28 13:29:13 -07:00
56574135d1
Backed out changeset fda85020d842 (bug 1010068) for Android test_cert_overrides.js failures.
...
CLOSED TREE
2015-06-08 11:37:33 -04:00
3824033dee
Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler
2015-05-28 13:29:13 -07:00
ac2974150a
merge mozilla-inbound to mozilla-central a=merge
2015-06-08 11:55:30 +02:00
9df7fce9a4
No bug, Automated HPKP preload list update from host bld-linux64-spot-1061 - a=hpkp-update
2015-06-06 03:26:59 -07:00
671e873521
No bug, Automated HSTS preload list update from host bld-linux64-spot-1061 - a=hsts-update
2015-06-06 03:26:57 -07:00
9db695d73b
Bug 1055310 - Step 3: Move syscall interceptions into SandboxFilter.cpp. r=kang
...
We can now keep the part of the policy implemented by upcalls to
userspace in the same place as the part of the policy that's handled
entirely in the kernel. This will become more useful in the future
(e.g., bug 930258).
2015-06-05 15:17:40 -07:00
Wes Kocher
Christoph Kerschbaumer
Mark Goodwin
Mike Hommey
Ben Hearsum
Cykesiopka
Jonathan Griffin
Arnaud Bienner
David Keeler
Aryeh Gregor
Jed Davis
Tanvi Vyas
Kai Engert
Nathan Froyd
Makoto Kato
Carsten "Tomcat" Book
Birunthan Mohanathas
ffxbld
Bob Owen
Bobby Holley
Douglas Bagnall
Steven Michaud
Xidorn Quan
Felix Janda
Masatoshi Kimura
Nicholas Nethercote
Ryan VanderMeulen
Benjamin Peterson
Geoff Brown
Phil Ringnalda
Steven Englehardt
Dragana Damjanovic
Emanuel Hoogeveen
Juan Gomez
Andrew Bartlett
Benoit Girard
Mike Perry
Atul Kumar
Eric Rahm
Richard Barnes