David Keeler
04becd07e6
bug 1303383
- enable 5 Amazon root CAs for EV r=jcj
...
MozReview-Commit-ID: JRs7CWwafSK
--HG--
extra : rebase_source : 710439bbd2814b8eddd04149172495adf0408131
2017-01-31 16:05:35 -08:00
Cykesiopka
56c6899d8e
Bug 1325107 - Stop using PR_ASSERT() in PSM. r=mgoodwin
...
PR_ASSERT() is an unnecessary dependency on NSPR.
We can use MOZ_ASSERT() instead, which accomplishes the same task but doesn't
depend on NSPR.
MozReview-Commit-ID: 9gyWUkv3KxQ
--HG--
extra : rebase_source : 313ce6c8de3db3ce72635e37f09d28316ae02c51
2017-01-02 14:11:30 +08:00
David Keeler
0e8a35a56d
Backed out changeset 68d6f69e0837 (bug 1301407) for not being necessary any longer r=dragana
...
MozReview-Commit-ID: EcoJ3BEpRlQ
--HG--
extra : histedit_source : 98c0f5cf8f3f00afc581b746aca93e16c5997795
2016-12-21 16:22:04 -08:00
Cykesiopka
e8b35af2ec
Bug 1313715 - Avoid unnecessary uses of PR_SetError() under security/apps/ and security/certverifier/. r=keeler
...
The PR_SetError() + PR_GetError() pattern is error prone and unnecessary.
Also fixes Bug 1254403.
MozReview-Commit-ID: DRI69xY4vxC
--HG--
extra : rebase_source : aa07c0dfb5cc2a203e772b415b7a75b27d9bad3c
2016-12-14 20:10:25 +08:00
David Keeler
8c2f5cbb94
bug 1301407 - add annotated crashes to find out why PSM initialization is failing r=dragana
...
Crash reports indicate LoadExtendedValidationInfo is failing. This adds
annotated crashes that should point us at exactly what is failing. (Note that
because Nightly builds aren't built with DEBUG defined, the majority of
LoadExtendedValidationInfo isn't even run, so we can ignore that code.)
--HG--
extra : amend_source : 0940efc65bb706b572f0699ab5c66b82d6591d30
2016-11-14 12:44:53 -08:00
David Keeler
b3a0669843
bug 1227638 - deterministically load EV information r=Cykesiopka,mgoodwin
...
Previously PSM would load EV information on-demand (i.e. just before verifying a
certificate). This simplifies this operation, removes a dubious optimization
(loading the EV information on another thread while opening a network
connection), and relocates the loading operation to when we are likely to have
good disk locality (i.e. when we've just loaded the built-in roots module).
This also removes the now-unused MOZ_NO_EV_CERTS build flag.
MozReview-Commit-ID: 8Rnl4ozF95V
--HG--
extra : rebase_source : 5b2e76079c256f7e3c55b1d4ec0d9f654fec44f6
2016-09-30 18:08:08 -07:00
Wes Kocher
13054d32fc
Backed out changeset 003ec40aa484 (bug 1227638) for android Cpp failures a=backout
2016-10-17 15:08:41 -07:00
David Keeler
ec181af1f7
bug 1227638 - deterministically load EV information r=Cykesiopka,mgoodwin
...
Previously PSM would load EV information on-demand (i.e. just before verifying a
certificate). This simplifies this operation, removes a dubious optimization
(loading the EV information on another thread while opening a network
connection), and relocates the loading operation to when we are likely to have
good disk locality (i.e. when we've just loaded the built-in roots module).
This also removes the now-unused MOZ_NO_EV_CERTS build flag.
MozReview-Commit-ID: 8Rnl4ozF95V
--HG--
extra : rebase_source : 344b68c81af1ed3fb038e4e96c3c50e939d32c3d
2016-09-30 18:08:08 -07:00
Cykesiopka
ca5051d9c8
Bug 1296214 - Stop storing handle to CERTCertificate in ExtendedValidation.cpp. r=keeler
...
This may save us some memory and reduce the number of static constructors.
MozReview-Commit-ID: FNIkiFtRjfK
--HG--
extra : rebase_source : d2781f11db7a1f8370c0e6c6c8e6f0fb52122614
2016-10-06 16:43:45 +08:00
David Keeler
8d6b6a78fe
bug 1243923 - add support for the CA/Browser Forum EV OID r=Cykesiopka,jcj
...
MozReview-Commit-ID: 4zqzistEhvo
--HG--
extra : rebase_source : 62d28c3715fcb225ec83ba422621dd3f8c40f708
2016-09-02 16:39:15 -07:00
Igor
60cd1e3bb7
Bug 1296180 - Replace more uses of PR_ARRAY_SIZE with mozilla::ArrayLength. r=keeler,mt
2016-09-09 13:17:52 -07:00
Phil Ringnalda
4b1303cc59
Back out 1eb6e4e4060f (bug 1296180) for Windows warning-as-error bustage
...
CLOSED TREE
2016-09-08 23:30:12 -07:00
Igor
d42cc2cb4e
Bug 1296180 - Replace more uses of PR_ARRAY_SIZE with mozilla::ArrayLengh. r=mt
2016-09-08 22:35:12 -07:00
Cykesiopka
9529f2321e
Bug 1294011 - Obviate manual calls to SECITEM_FreeItem() in PSM. r=keeler
...
MozReview-Commit-ID: 7RNV0YNraBx
--HG--
extra : rebase_source : bd4c8981b52e3f5a504fc09958872415cf757eff
2016-08-13 21:45:00 +08:00
Cykesiopka
2c9b1285df
Bug 1289455 - Obviate manual CERT_DestroyCertificate() calls in PSM. r=dkeeler
...
MozReview-Commit-ID: Aoi1VWvkNjp
--HG--
extra : transplant_source : B%8F9%E7%E8%84%7D%D1%7B%5Due%ED%9A%E8%DE%05%5B%E2D
2016-08-05 23:57:44 +08:00
David Keeler
67199d7bf6
bug 1289885 - Enable VeriSign Class 3 Public PCA - G4 for EV in PSM r=jcj
...
MozReview-Commit-ID: GDZnZcVCNl6
--HG--
extra : rebase_source : ffdfa0fac7d4114e1251d00ced4c6ca7aab1ec86
2016-07-27 14:06:09 -07:00
David Keeler
a77caa9d20
bug 1274677 - Enable Certplus and OpenTrust root certificates for EV in PSM r=Cykesiopka
...
MozReview-Commit-ID: 4rZ0NIEyKF6
--HG--
extra : rebase_source : 089184f70e3a6949da5211f464c51fb113db997a
2016-07-15 14:51:08 -07:00
David Keeler
d27e176906
bug 1236964
- enable Certum Trusted Network CA 2 root certificate for EV treatment r=jcj
...
MozReview-Commit-ID: 8QlBgAdXjlm
--HG--
extra : rebase_source : 07affb67f289f9d460e3eac147dcd44945da182d
2016-03-15 16:08:15 -07:00
sajitk
25babf4ea8
Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd
2016-01-28 10:36:00 -08:00
David Keeler
28c09863cb
bug 1241564 - remove EV treatment for TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı SHA-1 root certificate r=Cykesiopka
...
MozReview-Commit-ID: 9ktEj2kgfYo
2016-02-09 13:30:22 -08:00
Wes Kocher
a40af4aa59
Backed out changeset 7ec471c99263 (bug 1219482) to hopefully fix the intermittent hazard failures CLOSED TREE
...
--HG--
extra : commitid : B8zmd9Xadpz
2016-01-29 10:15:34 -08:00
sajitk
1b0525a9d3
Bug 1219482 - Replace PRLogModuleInfo with LazyLogModule in security subdirectory. r=froydnj
...
--HG--
extra : rebase_source : 7aed4d8669dccd1270a88a0cacfa254e3b9f5950
2016-01-28 10:36:00 -05:00
David Keeler
cf2300da93
bug 1230994 - December 2015 batch of EV root CA changes r=mgoodwin
...
Adds:
bug 1193480:
CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
bug 1147675:
CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A...,L=Ankara,C=TR
bug 1230985:
OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
bug 1213044:
CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
2015-12-14 14:44:44 -08:00
David Keeler
a1cf24355b
bug 1223466 - update extended validation information to deal with root removals in NSS 3.21 r=mgoodwin
...
These entries were removed:
from bug 1204962:
CN=TC TrustCenter Universal CA III,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE
SHA-256: 309B4A87F6CA56C93169AAA99C6D988854D7892BD5437E2D07B29CBEDA55D35D
SHA-1: 9656CD7B57969895D0E141466806FBB8C6110687
from bug 1204997:
CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
SHA-256: 793CBF4559B9FDE38AB22DF16869F69881AE14C4B0139AC788A78A1AFCCA02FB
SHA-1: D3C063F219ED073E34AD5D750B327629FFD59AF2
from bug 1208461:
CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
SHA-256: 85FB2F91DD12275A0145B636534F84024AD68B69B8EE88684FF711375805B348
SHA-1: 58119F0E128287EA50FDD987456F4F78DCFAD6D4
2015-11-10 10:13:18 -08:00
Cykesiopka
4ec261d0e7
Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=keeler
2015-10-23 05:13:00 -04:00
Carsten "Tomcat" Book
ea5d701c66
Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures
2015-10-20 12:40:18 +02:00
Cykesiopka
fa99ba4063
Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=dkeeler
...
--HG--
extra : rebase_source : 14756428ea3f8bc41d746a2e71a5d4914e96f33c
2015-10-17 09:04:43 -07:00
Makoto Kato
c3c571a9ee
Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler
2015-08-07 13:41:49 +09:00
Cykesiopka
d9d018971e
Bug 1164609 - Remove EV treatment for expired Buypass Class 3 CA 1 root certificate. r=keeler
...
--HG--
extra : rebase_source : 65e2c8746098d8fb2cd5347b557c23a3832d435a
2015-08-07 00:21:00 +02:00
Carsten "Tomcat" Book
fca5cdc8bc
Backed out changeset 9618f92995ab (bug 1166323) for linux x64 test bustage on a CLOSED TREE
2015-08-07 07:24:40 +02:00
Makoto Kato
6fb6d7a35c
Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler
2015-08-07 13:41:49 +09:00
David Keeler
b49becac5d
bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin
2015-06-17 16:02:08 -07:00
Cykesiopka
0a9aea4ab2
Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
...
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
2015-06-29 22:19:00 +02:00
Makoto Kato
6ddb65f184
Bug 1166323 - Remove IME sequence number. r=masayuki,nchen
2015-05-28 13:51:40 +09:00
Eric Rahm
4eceb82c1f
Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj
...
PR_LOGGING is now always defined, we can remove #ifdefs checking for it.
2015-05-08 14:36:33 -07:00
Mark Goodwin
2c5369d16e
Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler
...
--HG--
extra : rebase_source : 43a28d1b97c569280979c8a2d95494e4d2f9a67c
extra : amend_source : 056721a65cc7d0738d9ab2a92071f8f7eaf48262
2015-03-30 08:57:00 +02:00
Brian Smith
a0437d5b8f
Bug 1146057: Remove support for GCC 4.6, r=keeler
...
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.
--HG--
extra : rebase_source : 0f104f16be9e7c1ff87bbdd0d4ba6700b1081fb8
2015-03-30 20:18:46 -10:00
Brian Smith
825d71887a
Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler
...
--HG--
rename : security/pkix/include/pkix/nullptr.h => security/pkix/include/pkix/stdkeywords.h
extra : rebase_source : 9cacd9729ac4cfb1e4bf920c8afdffb831b60d36
extra : source : f673d05dfc9a6d830e5e3c01976b41588cc70ead
2015-01-07 14:53:11 -08:00
Cykesiopka
ee0a49c7ee
Bug 1085074 - Part 2 - Use explicit bit sizes for key size cert file names. r=briansmith
2014-12-07 20:41:00 +01:00
Rob Stradling
8313a4cfa7
bug 1104109 - follow-up to fix new EV OID description strings (they need to match if the OIDs are the same) r=keeler
2014-11-26 11:28:17 -08:00
J.C. Jones
fa8441a0a9
Bug 1104109 - December 2014 batch of EV root CA Changes. r=keeler
2014-11-24 16:36:00 +01:00
Chris Peterson
312462d737
Bug 1092710 - Fix -Wunused-const-variable warning-as-error in non-unified security/certverifier. r=keeler
...
--HG--
extra : rebase_source : c13f7e565c8459263191f9bb16d4221b6f163443
2014-11-01 12:14:41 -07:00
Cykesiopka
c30bd575d3
Bug 622859 - Tests for bug 622859. r=briansmith,keeler
2014-10-16 05:22:00 +02:00
Carsten "Tomcat" Book
d893b9cc90
Backed out changeset f5fa8ea86d3b (bug 622859)
2014-10-17 13:13:01 +02:00
Cykesiopka
ef48a9fa7c
Bug 622859 - Tests for bug 622859. r=briansmith,keeler
2014-10-16 05:22:00 +02:00
Camilo Viecco
a47a7b45b5
Bug 1052099 - August 2014 batch of EV root CA changes. r=keeler
...
--HG--
extra : rebase_source : 4303f1fb6988ff462edd908295708788a24a64f1
2014-08-27 11:31:20 -07:00
Brian Smith
2d9e74e8ee
Bug 975229: Remove NSS-based certificate verification, r=keeler
...
--HG--
extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9
2014-06-16 23:13:29 -07:00
Cykesiopka
fe5e0f327b
Bug 917510 - Replace SHA-1 fingerprints of EV certs in ExtendedValidation.cpp with SHA-2 fingerprints. r=briansmith, r=kwilson
2014-05-30 00:01:00 -04:00
Brian Smith
fe9fcc5bec
Bug 1010634, Part 1: Fix compiler warnings in certverifier, r=cviecco
...
--HG--
extra : rebase_source : f8d925f042040368b038b62bc1d0c9d4d6d04618
2014-05-14 17:46:32 -07:00
Brian Smith
2912321bc5
Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
...
--HG--
extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a
2014-05-15 18:59:52 -07:00
David Keeler
b1405bc489
bug 985201 - rename insanity::pkix to mozilla::pkix r=cviecco r=briansmith
...
--HG--
rename : security/insanity/include/insanity/ScopedPtr.h => security/pkix/include/pkix/ScopedPtr.h
rename : security/insanity/include/insanity/bind.h => security/pkix/include/pkix/bind.h
rename : security/insanity/include/insanity/nullptr.h => security/pkix/include/pkix/nullptr.h
rename : security/insanity/include/insanity/pkix.h => security/pkix/include/pkix/pkix.h
rename : security/insanity/include/insanity/pkixtypes.h => security/pkix/include/pkix/pkixtypes.h
rename : security/insanity/lib/pkixbind.cpp => security/pkix/lib/pkixbind.cpp
rename : security/insanity/lib/pkixbuild.cpp => security/pkix/lib/pkixbuild.cpp
rename : security/insanity/lib/pkixcheck.cpp => security/pkix/lib/pkixcheck.cpp
rename : security/insanity/lib/pkixcheck.h => security/pkix/lib/pkixcheck.h
rename : security/insanity/lib/pkixder.cpp => security/pkix/lib/pkixder.cpp
rename : security/insanity/lib/pkixder.h => security/pkix/lib/pkixder.h
rename : security/insanity/lib/pkixkey.cpp => security/pkix/lib/pkixkey.cpp
rename : security/insanity/lib/pkixocsp.cpp => security/pkix/lib/pkixocsp.cpp
rename : security/insanity/lib/pkixutil.h => security/pkix/lib/pkixutil.h
rename : security/insanity/moz.build => security/pkix/moz.build
rename : security/insanity/test/lib/moz.build => security/pkix/test/lib/moz.build
rename : security/insanity/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestutil.cpp
rename : security/insanity/test/lib/pkixtestutil.h => security/pkix/test/lib/pkixtestutil.h
2014-03-20 14:29:21 -07:00
Camilo Viecco
0e5ef28180
Bug 962740 - Batch of 3 CA Certs to be granted EV capabilites. r=keeler
2014-02-26 14:41:02 -08:00
Brian Smith
485e9d1aab
Bug 921885: Use insanity::pkix for EV cert verification when insanity::pkix is the selected implementation, r=cviecco, r=keeler
...
--HG--
extra : rebase_source : b1fd1f8eace675484b3c2d568e5e74f767f1d2ad
2014-02-23 22:15:53 -08:00
Brian Smith
2944942221
Bug 967175: Remove EV entries for ValiCert (Go Daddy) roots removed in bug 936304, r=kwilson
...
--HG--
extra : rebase_source : b87998d88f38057d37b7518cf1f4fb485c505b31
2014-02-03 14:29:05 -08:00
Brian Smith
4488103b73
Bug 891066, Part 5: Switch to security::pkix::ScopedCERTCertList, r=cviecco
...
--HG--
extra : rebase_source : 59015f864e612f18a2f7bb62092b692ae8d47853
extra : source : 31f68b8a192b45720fe931176cdc0565e8c6fd80
2014-01-22 17:13:19 -08:00
Brian Smith
c1583f22ce
Bug 891066, part 2: Move CertVerifier to security/certverifier, r=keeler
...
--HG--
extra : rebase_source : dd59a391825b776b075e855660c2488105e2d741
2014-01-26 19:36:28 -08:00