зеркало из https://github.com/mozilla/gecko-dev.git
ab56e5f10e
2019-10-16 J.C. Jones <jjones@mozilla.com> * lib/softoken/pkcs11c.c: Bug 1459141 - Backed out changeset 474d62c9d0db for PK11_Wrap/Unwrap issues r=me [f10c3e0757b7] [NSS_3_47_BETA3] 2019-10-15 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_47_BETA2 for changeset f657d65428c6 [3ca8b20b24ee] * cmd/addbuiltin/addbuiltin.c: Bug 1465613 - Fixup clang format a=bustage [f657d65428c6] [NSS_3_47_BETA2] 2019-10-11 Marcus Burghardt <mburghardt@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/abi- check/expected-report-libsmime3.so.txt, automation/abi-check /expected-report-libssl3.so.txt, cmd/addbuiltin/addbuiltin.c, cmd/lib/secutil.c, gtests/softoken_gtest/manifest.mn, gtests/softoken_gtest/softoken_gtest.gyp, gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc, lib/certdb/certdb.c, lib/certdb/certt.h, lib/ckfw/builtins/README, lib/ckfw/builtins/certdata.txt, lib/ckfw/builtins/manifest.mn, lib/ckfw/builtins/nssckbi.h, lib/ckfw/builtins/testlib/Makefile, lib/ckfw/builtins/testlib/builtins-testlib.gyp, lib/ckfw/builtins/testlib/certdata-testlib.txt, lib/ckfw/builtins/testlib/config.mk, lib/ckfw/builtins/testlib/manifest.mn, lib/ckfw/builtins/testlib /nssckbi-testlib.rc, lib/ckfw/builtins/testlib/testcert_err_distrust.txt, lib/ckfw/builtins/testlib/testcert_no_distrust.txt, lib/ckfw/builtins/testlib/testcert_ok_distrust.txt, lib/ckfw/manifest.mn, lib/nss/nss.def, lib/pki/pki3hack.c, lib/softoken/sdb.c, lib/util/pkcs11n.h, nss.gyp, tests/cert/cert.sh: Bug 1465613 - Created two new fields for scheduled distrust from builtins and updated support commands. r=jcj,kjacobs,mt Added two new fields do scheduled distrust of CAs in nssckbi/builtins. Also, created a testlib to validate these fields with gtests. [52024949df95] 2019-10-14 Martin Thomson <martin.thomson@gmail.com> * lib/ssl/tls13con.c: Bug 1588557 - Fix debug statement, r=jcj [0f563a2571c3] 2019-10-15 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp, lib/mozpkix/include/pkix/pkixder.h, lib/mozpkix/lib/pkixcert.cpp: bug 1579060 - fix handling of issuerUniqueID and subjectUniqueID in mozilla::pkix::BackCert r=jcj According to RFC 5280, the definitions of issuerUniqueID and subjectUniqueID in TBSCertificate are as follows: issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, where UniqueIdentifier is a BIT STRING. IMPLICIT tags replace the tag of the underlying type. For these fields, there is no specified class (just a tag number within the class), and the underlying type of BIT STRING is "primitive" (i.e. not constructed). Thus, the tags should be of the form CONTEXT SPECIFIC | [number in class], which comes out to 0x81 and 0x82, respectively. When originally implemented, mozilla::pkix incorrectly required that the CONSTRUCTED bit also be set for these fields. Consequently, the library would reject any certificate that actually contained these fields. Evidently such certificates are rare. [c50f933d37a5] 2019-10-14 Deian Stefan <deian@cs.ucsd.edu> * lib/softoken/pkcs11c.c: Bug 1459141 - Rewrite softoken CBC pad check to be constant time. r=kjacobs,jcj [474d62c9d0db] 2019-10-11 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_47_BETA1 for changeset 93245f5733b3 [f60dbafbc182] Differential Revision: https://phabricator.services.mozilla.com/D49470 --HG-- extra : moz-landing-system : lando |
||
|---|---|---|
| .. | ||
| TestCA-bogus-rsa-pss1.crt | ||
| TestCA-bogus-rsa-pss2.crt | ||
| TestUser-rsa-pss-interop.p12 | ||
| cert.sh | ||
| certext.txt | ||