This also changes the read only related status checks in filesystem_interception.cc to include STATUS_NETWORK_OPEN_RESTRICTION (0xC0000201), which gets returned in some cases and fails because we never ask the broker.
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/1755a454e2de
MozReview-Commit-ID: 4tfygPiKG9Z
This also changes the read only related status checks in filesystem_interception.cc to include STATUS_NETWORK_OPEN_RESTRICTION (0xC0000201), which gets returned in some cases and fails because we never ask the broker.
There are a few places where we can use the safer functionality provided by the
Mozilla string classes instead.
Also fixes Bug 1268657 (remove vestigial
TransportSecurityInfo::SetShortSecurityDescription declaration).
MozReview-Commit-ID: Cxv5B4bsDua
--HG--
extra : rebase_source : 074a154c9000807d6dd466f23e92289e0d4c76d8
Some of our tests currently assume that certain real domains are HSTS preloaded.
While most of the time these domains are in fact preloaded, this may change
during periods of maintenance or other events.
To avoid this, the changes here perform the following renames:
bugzilla.mozilla.org -> includesubdomains.preloaded.test
login.persona.org -> includesubdomains2.preloaded.test
www.torproject.org -> noincludesubdomains.preloaded.test
In addition, some tests that refer to mozilla.com (but don't depend on it being
preloaded) are made to refer to example.com instead to avoid referring to real
domains in tests.
MozReview-Commit-ID: 3987moJnKGk
--HG--
extra : rebase_source : 0ec49c9a410ba891f11668e7e11c48b7547e1825
Periodic updates on m-c are currently broken due to Bug 1350619, so this change
inserts the test domains into the preload list semi-manually.
MozReview-Commit-ID: EBOiQcKDSHr
--HG--
extra : rebase_source : bc5880af95dc9934132d0e9251d9060ad9c6871a
This lets us migrate off depending on real preloaded domains and onto
domains that are guaranteed to have the correct characteristics.
MozReview-Commit-ID: 4TyOfdIA9I7
--HG--
extra : rebase_source : f49109de9292dec31b72d87819dd52b5a6b659ed
nsIX509Cert.getAllTokenNames() is only used (improperly) to determine if a
certificate is a built-in. nsIX509Cert.isBuiltInRoot should be used instead.
MozReview-Commit-ID: LBwI8nTc05C
--HG--
extra : rebase_source : 9494cd1243395b0d293022e981f64be560a54dec
When determining if a certificate error override is allowed for a host, we
consult nsISiteSecurityService::IsSecureURI to see if the host is HSTS/HPKP.
This API takes an nsIURI, but the calling code only has a hostname as an
nsCString. Calling NS_NewURI works in all situations we will encounter except
when the hostname is an IPv6 address. Since IP addresses are never HSTS/HPKP
anyway, we can skip the NS_NewURI / IsSecureURI calls in those cases as a
workaround.
MozReview-Commit-ID: JXa8cGvqqTA
--HG--
extra : rebase_source : b8dcd2cb4211af230f867ce3954d5333b7a49684