Jonathan Hao
d9e14ecf6a
Bug 1264562 - Part 4: Instantiates an NSSCertDBTrustDomain containing the first party domain (adapted from Tor Browser patch #13670 ) r=keeler
...
--HG--
extra : rebase_source : c43aa11ae06a3281219d1c70c0ec274c258e43c8
2016-10-04 16:49:55 +08:00
Sergei Chernov
976d5c3f1d
Bug 1293231 - Certificate Transparency - basic telemetry reports; r=Cykesiopka,keeler
...
MozReview-Commit-ID: EGvuZADObJo
--HG--
extra : rebase_source : 9a059c9f8e2fdf9bfc693b0b5649808b1beeb67b
2016-08-11 13:41:50 +03:00
Sergei Chernov
edb1f658f6
Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler
...
MozReview-Commit-ID: HZwzSgxarTw
--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
2016-06-15 11:11:00 +03:00
David Keeler
c17f3a2733
bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj
...
MozReview-Commit-ID: 88JhIU1pUji
--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
2016-05-05 16:11:11 -07:00
Cykesiopka
8f7bebaa5c
Bug 160122 - Stop using PR_smprintf in PSM. r=keeler
...
The (more) modern Mozilla string classes can be used instead, which at the very
least provide built in automatic memory management and performance improvements.
MozReview-Commit-ID: 4l2Er5rkeI0
--HG--
extra : transplant_source : %A1%16%AB%02m%CA%25HfW%40%96Mq%0D%F0%91%9C%99%29
2016-05-10 23:38:55 -07:00
Cykesiopka
391584fd9d
Bug 1270005 - Replace uses of ScopedPK11SlotInfo with UniquePK11SlotInfo in PSM. r=keeler
...
ScopedPK11SlotInfo is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
Also changes PK11SlotInfo parameters of various functions to make ownership more
explicit, and replaces some manual management of PK11SlotInfo pointers.
MozReview-Commit-ID: JtNH2lJsjwx
--HG--
extra : rebase_source : 9d764e0dd3a1f2df14c16f8f14a3c5392770c9a1
2016-05-09 18:02:40 -07:00
Cykesiopka
128f004a1f
Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler
...
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
Also changes CERTCertList parameters of various functions to make ownership more
explicit.
MozReview-Commit-ID: EXqxTK6inqy
--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
2016-05-05 14:56:36 -07:00
David Keeler
113252b726
bug 1239455 - rework telemetry for SHA-1 certificates to reflect possible policy states r=Cykesiopka,mgoodwin,rbarnes
...
Before this patch, we were measuring where SHA-1 was being used in TLS
certificates: nowhere, in end-entities, in intermediates, or in both. However,
the possible SHA-1 policies don't differentiate between end-entities and
intermediates and instead depended on whether or not each certificate has a
notBefore value after 2015 (i.e. >= 0:00:00 1 January 2016 UTC). We need to
gather telemetry on the possible policy configurations.
--HG--
extra : rebase_source : 301c821c8de16ffb924cd198dd0a4d3139536019
2016-01-13 12:50:42 -08:00
David Keeler
29b3d15dde
bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg
2015-10-30 10:37:22 -07:00
Richard Barnes
990593f9cf
Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
2015-09-11 14:52:30 -04:00
Mark Goodwin
f2b116c0d6
Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)
2015-08-21 15:14:08 +01:00
Mark Goodwin
91782dab68
Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
2015-07-09 07:22:29 +01:00
Cykesiopka
0a9aea4ab2
Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
...
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
2015-06-29 22:19:00 +02:00
David Keeler
4e7fc3055e
bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
2015-04-06 16:10:28 -07:00
Brian Smith
b1035c0992
Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler
...
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
2015-04-12 19:57:48 -10:00
Ehsan Akhgari
883849ee32
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj
...
This patch was automatically generated using the following script:
function convert() {
echo "Converting $1 to $2..."
find . \
! -wholename "*/.git*" \
! -wholename "obj-ff-dbg*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.c" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_OVERRIDE override
convert MOZ_FINAL final
2015-03-21 12:28:04 -04:00
Cykesiopka
171babfad4
Bug 1139177 - RSA public key size checking cleanups. r=keeler
2015-03-05 16:41:00 +01:00
David Keeler
d01ea02613
bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith
2015-02-24 15:48:05 -08:00
Brian Smith
06b7804e70
Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
...
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
2015-02-14 16:59:02 -08:00
Brian Smith
a89b90ea7f
Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler
...
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
2015-02-07 12:14:31 -08:00
Brian Smith
b0f87b9b6c
Bug 1122841, Part 2: Centralize checking of public key, r=keeler
...
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
2015-02-02 16:17:08 -08:00
TheKK
3cda0706de
Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz
2015-01-23 06:17:00 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
ea0e5ac119
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused
2015-01-07 06:08:00 +01:00
Brian Smith
0cd5238974
Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler
...
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
2014-12-11 23:22:35 -08:00
Carsten "Tomcat" Book
64b43466f7
Backed out changeset b38a8e2203a1 (bug 1024809) for Android 4 perma failures
2014-11-28 12:23:19 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
4fc60a106f
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. (r=keeler,Unfocused)
2014-11-27 23:36:00 +01:00
Carsten "Tomcat" Book
4155be994b
Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage
2014-11-27 16:30:41 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
ce5a887c60
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused
2014-11-27 04:12:00 +01:00
Cykesiopka
1c4af4e6a1
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
2014-10-18 15:18:00 +02:00
Carsten "Tomcat" Book
e5ad1e7db2
Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests
2014-10-17 13:14:29 +02:00
Cykesiopka
01941f880c
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
2014-10-16 05:13:00 +02:00
David Keeler
fd860abf57
bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco
2014-09-25 11:18:56 -07:00
Brian Smith
0ccaf0860c
Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler
...
--HG--
extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2
2014-08-02 08:49:12 -07:00
Brian Smith
d77dac0580
Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler
...
--HG--
extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478
2014-07-31 12:17:31 -07:00
Brian Smith
ffe743ee06
Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c
2014-07-18 22:30:51 -07:00
Brian Smith
5f56fc60d6
Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco
...
--HG--
extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4
2014-07-20 11:06:26 -07:00
Brian Smith
c45dc156d1
Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler
...
--HG--
extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532
2014-07-18 11:48:49 -07:00
Cykesiopka
0289b45f0c
Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith
2014-07-15 19:49:00 -04:00
Brian Smith
17375cc8b3
Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8
extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d
2014-07-06 19:36:05 -07:00
Brian Smith
c162caba82
Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad
extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb
2014-07-10 19:00:32 -07:00
Brian Smith
3f110246be
Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc
extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605
2014-07-06 15:55:38 -07:00
Brian Smith
f5ec8594e7
Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler
...
--HG--
extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e
2014-07-02 16:15:16 -07:00
Brian Smith
89e560be23
Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler
...
--HG--
extra : rebase_source : e093922497d005734c590a59f175993a7715bce8
2014-07-03 16:59:42 -07:00
Brian Smith
2d9e74e8ee
Bug 975229: Remove NSS-based certificate verification, r=keeler
...
--HG--
extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9
2014-06-16 23:13:29 -07:00
Brian Smith
ca4f473450
Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
...
--HG--
extra : rebase_source : 6798f494bd351961ea02abba07b5860839bbc418
2014-06-20 10:10:51 -07:00
David Keeler
c13f6d39c7
bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith
2014-06-20 09:01:57 -07:00
Brian Smith
67bd0799fb
Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
...
--HG--
extra : rebase_source : 416938498080c4d44874025f1da4562ab1c7c3c8
2014-06-05 15:18:32 -07:00
Brian Smith
279c66a9b8
Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
...
--HG--
extra : rebase_source : 9abf0522f02d00ac2f63f2327ddbe8d119ffc64f
2014-06-03 10:47:25 -07:00
Camilo Viecco
5bce267045
Bug 991815 - Part 1/2 - Allow intermediate OCSP responses up to 1 year old. r=keeler
...
--HG--
extra : rebase_source : 28d5336da1dc44932b92ce2c59fca5fcb2b8a3d8
2014-05-30 16:12:36 -07:00
Camilo Viecco
f051695b8d
Bug 1005142 - Part 1/2 - Add OCSP get capabilities to OCSPRequestor. r=keeler
...
--HG--
extra : rebase_source : ee4a86bf02a466a31de8b0b6cd7ce375a7f28c6d
2014-05-21 15:42:21 -07:00