7d1bbd8088
Merge inbound to m-c. a=merge
2016-01-17 14:37:29 -05:00
45b07b40c1
No bug, Automated HPKP preload list update from host bld-linux64-spot-439 - a=hpkp-update
2016-01-16 04:03:46 -08:00
a2da16b4a2
No bug, Automated HSTS preload list update from host bld-linux64-spot-439 - a=hsts-update
2016-01-16 04:03:44 -08:00
68d44577b4
Bug 1237232 - Properly check the result of Vector append() calls in security/. r=keeler
2016-01-13 22:05:08 +01:00
17c8d8e45c
bug 1232766 - update the preloaded pinset for Google domains r=rbarnes
...
Also includes a script for making this process faster in the future.
2015-12-28 12:30:14 -08:00
3f4e7bf8d5
Bug 1235188 - Fix -Wformat warnings in security/certverifier/. r=keeler
...
security/certverifier/NSSCertDBTrustDomain.cpp:433:26 [-Wformat] format specifies type 'long' but the argument has underlying type 'int'
security/certverifier/NSSCertDBTrustDomain.cpp:433:48 [-Wformat] format specifies type 'long long' but the argument has type 'mozilla::pkix::Time'
2015-12-28 18:41:54 -07:00
9c54b2fdae
No bug, Automated HPKP preload list update from host bld-linux64-spot-506 - a=hpkp-update
2016-01-09 04:38:50 -08:00
98b790fabc
No bug, Automated HSTS preload list update from host bld-linux64-spot-506 - a=hsts-update
2016-01-09 04:38:48 -08:00
1768759efb
Bug 1220564 - Update chrome code uses of genexprs and legacy comprehensions. (r=billm)
2016-01-06 16:02:16 -08:00
83aec61b67
bug 1230377 - part 2/2: simplify nsIKeyObject and nsIKeyObjectFactory r=jcj
...
nsIKeyObject and nsIKeyObjectFactory defined an interface that was largely
unimplemented. This cuts the interface back to what actually exists in code.
--HG--
extra : rebase_source : 6241e801c3bd7f17518af648158fcfdcd0bda9cf
2015-12-04 10:36:51 -08:00
3da7665447
bug 1230377 - part 1/2: ensure nsKeyObject releases NSS resources on shutdown r=jcj
...
--HG--
extra : rebase_source : 869dfb9450224677a05ac8566056872e8ff82c82
2015-12-03 16:22:34 -08:00
1f26ea8aca
Bug 1214305 - Part 10: Clean up global DataStorage references in the child process; r=keeler
2016-01-04 16:30:02 -05:00
67ff8ead96
No bug, Automated HPKP preload list update from host bld-linux64-spot-389 - a=hpkp-update
2016-01-02 04:05:33 -08:00
5b3f84c48b
No bug, Automated HSTS preload list update from host bld-linux64-spot-389 - a=hsts-update
2016-01-02 04:05:31 -08:00
4034ee65b8
Bug 1235308 - Fix -Wimplicit-fallthrough warnings in security/. r=keeler
...
security/certverifier/NSSCertDBTrustDomain.cpp:282:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsNSSComponent.cpp:149:3 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsSecureBrowserUIImpl.cpp:1406:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
2015-12-25 00:03:35 -07:00
eb1ef42d57
No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update
2015-12-26 04:05:29 -08:00
3af3c75cc9
No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update
2015-12-26 04:05:27 -08:00
d7478b6b1e
Bug 1234955 - Make TEST_DIRS a SPECIAL_VARIABLE. r=gps
...
Using TEST_DIRS is nothing more than a shortcut for
if CONFIG['ENABLE_TESTS']:
DIRS += [...]
As such, we might as well remove it being a separate variable, and use some
Context magic to just fill DIRS when ENABLE_TESTS is set.
The security/manager/ssl/tests/unit/moz.build change ensures that the order
of DIRS before the change is kept, not because it matters, but because it
allows to confirm that nothing else is modified by this change.
2015-12-24 13:12:49 +09:00
2c2f66f499
Bug 1232454 - use UniquePtr<T[]> instead of nsAutoArrayPtr<T> in security/apps/; r=keeler
...
As a nice side effect, we also fix a (rare) memory leak in
AppTrustDomain::SetTrustedRoot.
2015-12-06 08:06:03 -05:00
b71c3763d0
Backed out changeset f103fd636405 (bug 1232582) for b2g debug xpcshell failures in test_name_constraints.js
2015-12-21 11:01:22 -08:00
537c84d51c
Merge mozilla-central to mozilla-inbound
2015-12-21 11:54:26 +01:00
0349798a7f
No bug, Automated HPKP preload list update from host bld-linux64-spot-573 - a=hpkp-update
2015-12-19 04:09:26 -08:00
beab6972e5
No bug, Automated HSTS preload list update from host bld-linux64-spot-573 - a=hsts-update
2015-12-19 04:09:24 -08:00
20d4ccd20d
Bug 1232582 - Sort PSM xpcshell.ini and fix --tag psm to actually run all tests. r=dkeeler
...
--HG--
extra : transplant_source : X%02%F1%9Cq%90%8B%0D%04K%C1%1E%A0%BB%F5%7D%2Bs%1BQ
2015-12-17 07:55:54 -08:00
05919374b8
Bug 1229284 - Remove support for SHA-1 hashes in genHPKPStaticPins.js. r=keeler
2015-12-17 07:52:00 +01:00
cf2300da93
bug 1230994 - December 2015 batch of EV root CA changes r=mgoodwin
...
Adds:
bug 1193480:
CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
bug 1147675:
CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A...,L=Ankara,C=TR
bug 1230985:
OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
bug 1213044:
CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
2015-12-14 14:44:44 -08:00
ee3a10a104
Merge mozilla-central to mozilla-inbound
2015-12-16 12:03:47 +01:00
151142df55
Bug 1227248 - Part 2: Add GeneratedTest{Certificate,Key} mozbuild templates. r=gps
...
--HG--
extra : commitid : 793A1duvlom
extra : rebase_source : 5a8fa9f0fb76dceb19525986381cb2a28676601b
extra : histedit_source : aebc6e99e83aaafba08626517850ff4ee23e4c82
2015-12-14 11:50:56 -08:00
48de284e31
Bug 1222500 - Handle unexpected thread creation better on desktop Linux. r=gdestuynder
2015-11-30 18:21:00 +01:00
4bd144165f
Bug 1224875 - Enable TLS extended master secret. r=keeler
2015-12-13 12:09:18 +09:00
d729dd725a
No bug, Automated HPKP preload list update from host bld-linux64-spot-1077 - a=hpkp-update
2015-12-12 04:08:02 -08:00
28f9941a1a
No bug, Automated HSTS preload list update from host bld-linux64-spot-1077 - a=hsts-update
2015-12-12 04:08:00 -08:00
b3dba24f5a
Bug 1200567 - ensure shipped blocklist.xml doesn't affect the test_cert_blocklist.js. r=dkeeler
...
Caused comm-central TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/unit/test_cert_blocklist.js | - revocations.txt should be as expected
2015-12-10 19:08:09 +02:00
ec5f2e23e7
Merge m-c to inbound. a=merge
...
--HG--
rename : browser/.eslintrc => storage/.eslintrc
rename : devtools/.eslintrc => toolkit/components/extensions/.eslintrc
extra : rebase_source : 5b2d39a455c81a001bd26e7bc85e7fbacdb79171
2015-12-05 15:27:33 -05:00
289a16635a
Merge fx-team to m-c. a=merge
2015-12-05 15:09:41 -05:00
4dd525a926
No bug, Automated HPKP preload list update from host bld-linux64-spot-049 - a=hpkp-update
2015-12-05 04:05:19 -08:00
d2a4d282da
No bug, Automated HSTS preload list update from host bld-linux64-spot-049 - a=hsts-update
2015-12-05 04:05:17 -08:00
92b2551106
Bug 1207146 - Add a link to expert technical information in the cert error page. r=Gijs,keeler
2015-12-04 19:46:13 +02:00
05eb71c3a0
Bug 1229804: Use the correct string length in Windows sandbox logging. r=tabraldes
2015-12-03 11:19:14 +00:00
df451fe7b0
merge mozilla-inbound to mozilla-central a=merge
2015-12-03 12:00:42 +01:00
d661411aa5
No bug, Automated HPKP preload list update from host bld-linux64-spot-369 - a=hpkp-update
2015-12-02 14:59:16 -08:00
eb8afa37f2
No bug, Automated HSTS preload list update from host bld-linux64-spot-369 - a=hsts-update
2015-12-02 14:59:14 -08:00
4005d567f9
Bug 1225682 - Don't use nsAuto{,C}String as class member variables in security/manager/. r=keeler
2015-12-02 11:04:37 +09:00
fb855297f6
Bug 1229587 part 2 - Use verbose format to disable C4061 to workaround bug of VS2015u1. r=keeler
...
--HG--
extra : source : 96b812b70961a22ae01a377eb9aaaf405ed13349
2015-12-03 09:29:42 +11:00
8cd346c251
Bug 1229587 part 1 - Disable C4464 warning newly added in VS2015u1. r=keeler
...
--HG--
extra : source : 1c79d789b2de950e8024d857f9315ea362141969
2015-12-03 09:29:42 +11:00
cb705a63a6
Bug 1224968 - Support public key input to unbreak periodic HPKP updates. r=keeler
...
be448badb1ba1f296240
2015-12-01 00:30:00 +01:00
ee7d82a508
Bug 1228794 - Convert test_getchain.js to generate certificates at build time. r=keeler
...
With this change, CertUtils.py is no longer needed.
--HG--
extra : rebase_source : 2e7c7f82c17fd44d97fc68f657f3c313f4b4d125
2015-12-01 00:28:00 +01:00
d61cdc0082
Bug 1228346 - initialize mOCSPMustStapleEnabled in constructor. r=dkeeler
...
--HG--
extra : rebase_source : be8c14f84b53f6e546ff242b40208ec3a1f1be03
2015-11-26 07:40:00 +01:00
a328c0c4e8
bug 986956 - only ever initialize NSS once per process r=Cykesiopka r=mgoodwin
...
As a consequence, if NSS is initialized when there is no profile directory, NSS
will not persist changes. Other failures may occur (e.g. see bug 1216882).
2015-11-19 13:31:52 -08:00
7c0ac05619
Bug 1227970 - Perform preference checks to allow OCSP Bypass for OneCRL via Kinto r=keeler
...
--HG--
extra : commitid : 5UjOTtwGffb
extra : rebase_source : 3ab4f4702056bde2fc6a1c4b22f5ed6abc59b918
2015-11-26 16:57:21 +00:00
4e4b15962c
Merge mozilla-central to mozilla-inbound
2015-11-25 13:57:30 +01:00
7882aa6f0e
Bug 1225422 - Update the PrivilegedPackageRoot certificate. r=keeler
2015-11-19 15:08:05 +08:00
4b2655c8d9
Bug 1215303 - Part 2 - automatically enable broker when in permissive mode r=jld
2015-11-13 12:29:47 +00:00
46f56a1f0e
Bug 1215303 - Part 1 - add permissive mode r=jld
2015-11-13 12:27:45 +00:00
2572e8c3db
Bug 1200802 - Accept RFC1929 SOCKS credentials in proxyInfo. r=michal
2015-11-24 22:56:00 +01:00
5f1ac1afb3
merge mozilla-inbound to mozilla-central a=merge
2015-11-23 14:08:50 +01:00
8ad105e9a0
No bug, Automated HPKP preload list update from host bld-linux64-spot-1073 - a=hpkp-update
2015-11-21 03:49:57 -08:00
71a59e9585
No bug, Automated HSTS preload list update from host bld-linux64-spot-1073 - a=hsts-update
2015-11-21 03:49:55 -08:00
05b2bbbd51
bug 1230234 - fix a leak in client auth certificate handling r=Cykesiopka
...
Looks like this was essentially a copy/paste error. See changeset 04b4ea333800,
which appears to have landed as part of bug 675221 (the bug number annotation in
that commit message is incorrect).
2015-12-03 12:43:23 -08:00
854efb9851
Bug 1224467 - Add a preference for controlling whether oneCRL blocklists are updated via AMO. Also add a test. r=keeler,mossop
2015-11-18 11:53:54 +00:00
a22ff2640a
Merge mozilla-central to mozilla-inbound
2015-11-17 12:33:46 +01:00
6f7666a6c8
merge fx-team to mozilla-central a=merge
2015-11-17 12:10:03 +01:00
869bf240ee
No bug, Automated HPKP preload list update from host bld-linux64-spot-383 - a=hpkp-update
2015-11-17 00:44:58 -08:00
a3e192d586
No bug, Automated HSTS preload list update from host bld-linux64-spot-383 - a=hsts-update
2015-11-17 00:44:56 -08:00
af62dfe8e5
Bug 1224478 - Replace do_check_* calls with their Assert.jsm equivalents in PSM xpcshell tests. r=keeler
...
Also replaces if-do_throw() blocks with equivalent Assert.jsm method calls.
2015-11-16 22:53:00 +01:00
c0ece6bf0d
Merge m-c to fx-team, a=merge
...
--HG--
extra : commitid : 2bzybQqlwy0
2015-11-16 17:28:26 -08:00
d9c75611cd
Make 'Go Back' button work even when there is nothing to go back to (bug 1221084); r=paolo
2015-11-16 15:37:27 +02:00
c10edfff85
Bug 1224481 - Comment out CA certs removed in NSS 3.21 in PreloadedHPKPins.json to keep periodic Static HPKP updates working. r=dkeeler
...
--HG--
extra : transplant_source : %EAM%5D1%93%28H%BA%82%C0%0F%BB%3D%9E%40%8B%BCx%EB%03
2015-11-13 07:28:28 -08:00
fedad480ea
Bug 1222903 - Reject EV status for EV EE certs that are valid for longer than 27 months as well. r=keeler
2015-11-13 07:42:00 +01:00
eae048cea6
bug 1222179 - remove unnecessary observation topics in nsNSSComponent r=Cykesiopka
...
nsNSSComponent would (unnecessarily) observe "profile-change-net-teardown" and
"profile-change-net-restore". Now it no longer does.
2015-11-12 16:21:33 -08:00
9f468cf8f0
Bug 921907 - Enable OCSP must-staple. r=keeler
...
--HG--
extra : commitid : LvP86DDj772
extra : rebase_source : e06438c614c00fd9d77ca88886368948f13d6454
extra : histedit_source : f72078bac3dd14d4166ddd3bf24b582b13de1519
2015-11-20 11:44:25 +00:00
826cd3d4e3
Bug 1211568, land NSS_3_21_RTM r=martin.thomson, and adjust Makefiles r=mh
2015-11-13 18:03:01 +01:00
a954826958
Bug 901698 - Some tests for OCSP-must-staple; r=keeler
2015-11-13 16:49:09 +00:00
31adb1a5c5
Bug 901698 - Implement OCSP-must-staple; r=keeler
2015-11-13 16:49:08 +00:00
a1cf24355b
bug 1223466 - update extended validation information to deal with root removals in NSS 3.21 r=mgoodwin
...
These entries were removed:
from bug 1204962:
CN=TC TrustCenter Universal CA III,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE
SHA-256: 309B4A87F6CA56C93169AAA99C6D988854D7892BD5437E2D07B29CBEDA55D35D
SHA-1: 9656CD7B57969895D0E141466806FBB8C6110687
from bug 1204997:
CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
SHA-256: 793CBF4559B9FDE38AB22DF16869F69881AE14C4B0139AC788A78A1AFCCA02FB
SHA-1: D3C063F219ED073E34AD5D750B327629FFD59AF2
from bug 1208461:
CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
SHA-256: 85FB2F91DD12275A0145B636534F84024AD68B69B8EE88684FF711375805B348
SHA-1: 58119F0E128287EA50FDD987456F4F78DCFAD6D4
2015-11-10 10:13:18 -08:00
ea2623adb5
Merge m-c to inbound, a=merge
...
--HG--
extra : commitid : 93SodIi80b2
2015-11-11 17:12:26 -08:00
fa64c65e7c
Bug 1219088 - Clear the session cache when a weak crypto override is revoked. r=keeler
2015-11-11 23:13:34 +09:00
4b8e5ced0f
Bug 1223131 - Don't remove a host from the whitelist if the version fallback was needed. r=keeler
2015-11-12 07:18:37 +09:00
eac2db7101
Bug 1215723 - Part 5: Add an automated test; r=keeler
2015-10-30 15:30:00 -04:00
eb4d13fb3b
Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler
2015-10-30 15:30:00 -04:00
78ee50aca4
Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler
2015-10-30 15:30:00 -04:00
9aa975d49d
Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler
2015-10-30 15:30:00 -04:00
3810eb599b
Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler
...
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
2015-11-02 12:33:00 -05:00
29b3d15dde
bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg
2015-10-30 10:37:22 -07:00
4c7afc9339
Backed out 5 changesets (bug 1215723) for android S4 bustage
...
Backed out changeset 2a945ce1cd40 (bug 1215723)
Backed out changeset dd7f58b60ddc (bug 1215723)
Backed out changeset 62dbb95bd79a (bug 1215723)
Backed out changeset b31ac98bb3c8 (bug 1215723)
Backed out changeset 228cdfaa82c1 (bug 1215723)
--HG--
extra : commitid : 70ygtTBi2V5
2015-11-06 15:19:35 -08:00
334376c936
Bug 1215723 - Part 5: Add an automated test; r=keeler
2015-10-30 15:30:00 -04:00
498c385ee1
Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler
2015-10-30 15:30:00 -04:00
06479e6793
Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler
2015-10-30 15:30:00 -04:00
999f1ba408
Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler
2015-10-30 15:30:00 -04:00
6e561438d9
Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler
...
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
2015-11-02 12:33:00 -05:00
7380482a28
bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj
2015-10-26 16:02:19 -07:00
37b7f2920b
Backed out changeset ae1885cf1fd6 (bug 1218596) for windows build bustage CLOSED TREE
...
--HG--
extra : commitid : 6GZJDFkoL81
2015-11-05 17:48:53 -08:00
762aba02cd
Bug 1221453 - Use ObjDirPaths for GENERATED_INCLUDES and merge with LOCAL_INCLUDES. r=gps
2015-11-06 09:59:21 +09:00
9d11e85ed9
bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj
2015-10-26 16:02:19 -07:00
8ffd9ff2ed
Bug 1218999 - Back out changeset 5f32b2bcfa43 (bug 1188468) in favor of a more efficient solution. r=glandium
...
Bug 118468 landed an option for FileAvoidWrite to always write to an output
file, whether or not the contents would be changed. This was to address a
problem caused by not updating mtimes when building GENERATED_FILES, but
undoes the purpose of FileAvoidWrite and isn't really necessary.
This is addressed in a subsequent commit by unconditionally updating
mtimes when processing GENERATED_FILES.
--HG--
extra : commitid : AfOhgUstokq
2015-11-03 10:23:04 -08:00
34ca9c027f
Bug 1110935 - Part 3 - Remove now unnecessary temp variables. r=keeler
2015-11-02 22:11:00 +01:00
f625d9c9b9
Bug 1110935 - Part 2 - Remove ReentrantMonitor and ReentrantMonitorAutoEnter uses. r=keeler
2015-11-02 22:10:00 +01:00
9e34144349
Bug 1110935 - Part 1 - Assert we're on the main thread on public methods. r=keeler
2015-11-02 22:09:00 +01:00
7c5e9caf26
Back out changeset bda43f333e1a (bug 1211568) for "Could not find EV root in NSS storage" assertion failures
...
CLOSED TREE
2015-11-10 08:18:47 -08:00
a24d95bb6d
Bug 1211568, land NSS_3_21_RTM r=martin.thomson, and adjust Makefiles r=mh
2015-11-10 16:24:15 +01:00
Ryan VanderMeulen
ffxbld
Jan de Mooij
David Keeler
Chris Peterson
Shu-yu Guo
Ehsan Akhgari
Mike Hommey
Nathan Froyd
Wes Kocher
Carsten "Tomcat" Book
Cykesiopka
Nick Alexander
Jed Davis
Masatoshi Kimura
Magnus Melin
Panos Astithas
Bob Owen
Xidorn Quan
Bogdan Postelnicu
Mark Goodwin
Jonathan Hao
Julian Hector
Ben Bucksch
Kai Engert
Chris Manchester
Phil Ringnalda