gecko-dev

mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-16 23:05:42 +00:00

Author	SHA1	Message	Date
Brian Smith	63c92c06cd	Bug 1070444: Remove NSS dependencies in pkixbuild_tests.cpp, r=keeler --HG-- extra : rebase_source : f07e38d40f1644cce30191f5d8ab29ac06582683	2014-12-22 01:20:59 -08:00
Brian Smith	899807654a	Bug 1114701: Replace function pointers with function references, r=keeler --HG-- extra : rebase_source : 350e7f8170f6b1176e46b829026e9ee27b3303e5	2014-12-23 12:43:25 -08:00
Daniel Holbert	3aec4f3024	Bug `1114671`: Use function pointer (instead of reference) in pkix/bind.h, for consistency & to fix -Wignored-qualifiers build warning for 'const'. r=briansmith	2014-12-22 13:04:36 -08:00
Brian Smith	99245555c6	Bug 1107666, Part 2: Further fix for SSL_OCSP_STAPLING telemetry, r=keeler --HG-- extra : rebase_source : b2dbbd4eaa8aea019b40eddfc19fb8af20ef3a4c	2014-12-20 07:03:57 -08:00
Carsten "Tomcat" Book	c3edf3a511	Backed out changeset 8fd0df8e208c (bug 423758) for bustage	2014-12-22 09:05:34 +01:00
J.C. Jones	b47d94a0c8	Bug 968451 - Document the exported functions exposed from mozilla::pkix (pkix/pkix.h). r=keeler	2014-12-19 12:25:00 +01:00
Andrew Bartlett	d741102951	Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler NTLMv2 is the default. This adds a new preference: network.ntlm.force-generic-ntlm-v1 This is to allow use of NTLMv1 in case issues are found in the NTLMv2 handler, or when contacting a server or backing DC that does not support NTLMv2 for any reason. To support this, we also: - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus" - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell" - Remove LM code from internal NTLM handler The LM response should essentially never be sent, the last practical use case was CIFS connections to Windows 9X, I have never seen a web server that could only do LM It is removed before the NTLMv2 work is done so as to avoid having 3 possible states here (LM, NTLM, NTLMv2) to control via preferences. Developed with Garming Sam <garming@catalyst.net.nz>	2014-12-18 17:25:00 +01:00
Phil Ringnalda	79b6885780	Merge m-c to m-i --HG-- extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e	2014-12-20 12:19:27 -08:00
ffxbld	6d9b691066	No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update	2014-12-20 03:20:57 -08:00
ffxbld	02fdacaf29	No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update	2014-12-20 03:20:56 -08:00
Michael Wu	301128304a	Bug 1103816 - Add support for gonk-L to android_stub.h, r=glandium	2014-12-16 21:35:09 -05:00
Blake Kaplan	83b87ab7f1	Bug 1113313 - Rename these functions to better reflect what they do. r=billm --HG-- extra : rebase_source : ae61b3dd6dd5ce50a131a640060d7be57e562e4d	2014-12-19 12:07:04 -05:00
Brian Smith	932b9471a2	Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler --HG-- extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea	2014-12-15 20:49:42 -08:00
Brian Smith	510bbfd05d	Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler --HG-- extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab	2014-12-04 20:55:15 -08:00
Brian Smith	1543a46c03	Bug 1111399, Part 2: Implement RFC822 (email) name constraints, r=keeler --HG-- extra : rebase_source : 5905e247eee4d3562d741e6e9656dc4c40d821e4	2014-12-20 08:15:35 -08:00
Brian Smith	c61befa56f	Bug 1111399, Part 1: Preconditions for RFC822 name constraints, r=keeler --HG-- extra : rebase_source : cd20b448a6c77ba27c86cb3d8e6c121f92a2ba93	2014-12-20 07:35:44 -08:00
Brian Smith	e0efc82826	Bug 1111398: Rename ValidDNSIDMatchType to IDRole, r=keeler --HG-- extra : rebase_source : a07e58b82a61db595711c0ab887bec70d4145888	2014-12-13 22:29:58 -08:00
Brian Smith	beff7d1c02	Bug 1111397, Part 2: Remove test_bug484111.html, r=keeler --HG-- extra : rebase_source : 56617ea82e9028295203173d1ea5e6ccfdbf9722	2014-12-14 21:51:26 -08:00
Brian Smith	87719d0a59	Bug 1111397: Refactor error handling for name matching, r=keeler --HG-- extra : rebase_source : 7b1061874d7b6e02a158085c3a6580a7fc718bbe	2014-12-13 17:05:46 -08:00
Ryan VanderMeulen	90f31ccf52	Merge inbound to m-c. a=merge CLOSED TREE	2014-12-17 20:53:20 -05:00
Brian Smith	123a9716ca	Bug 952863, Part 2: Remove dead code for non-ECDHE TLS False Start, r=keeler --HG-- extra : rebase_source : 47ee95682f769b8e10aaf55b0f4fccfef1fcdea0	2014-12-10 10:13:18 -08:00
Nathan Froyd	0c4895658a	Bug 1112608 - use GENERATED_INCLUDES in security/manager/{boot,pki}/src/; r=mshal The sole use of Makefile.in in the security/manager/{boot,pki}/src/ directories is so we can add $(DIST)/public/nss to INCLUDES. GENERATED_INCLUDES can be used to handle this case instead, at the cost of hardcoding the path to $(DIST). This seems reasonable enough, since a number of moz.build files already know about dist/ and its location within the objdir.	2014-12-17 11:02:19 -05:00
Kai-Zhen Li	b2ba6d9ceb	bug 1102277 - Update seccomp filter for newer bionic. r=jld	2014-11-21 01:07:15 +08:00
Brian Smith	72643b84e6	Bug 1111392: Add tests for malformed name constraints where there are no names of the constrained type, r=keeler --HG-- extra : rebase_source : 048619553c7725eee1cb73df64faae8c8890c995	2014-10-30 16:48:31 -07:00
Brian Smith	9725dd6a70	Bug 952863, Part 1: Require ECDHE for TLS False Start, r=keeler --HG-- extra : rebase_source : d983e440de5be7c097a3e0f4afe0de805c540919	2014-12-12 11:39:01 -08:00
Masatoshi Kimura	ab4b12e208	Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus	2014-12-13 20:09:01 +09:00
Brian Smith	7a433f6905	Bug 1084025, Part 3: Clean up some bits, r=keeler, r=emk --HG-- extra : rebase_source : 7aa1de4e9c391bf3e3cd5df79c62fff4546a8c67	2014-12-12 16:42:41 -08:00
Brian Smith	0cd5238974	Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler --HG-- extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4	2014-12-11 23:22:35 -08:00
David Keeler	c3ba2c1217	bug 1108408 - GeneralName types such as otherName where the value is a SEQUENCE should have the CONSTRUCTED bit set r=briansmith	2014-12-08 13:39:19 -08:00
Monica Chew	63de38c180	Bug 1101969: Disable pinning on media.mozilla.com (r=keeler)	2014-12-12 09:10:57 -08:00
Monica Chew	04d69a9f5b	Bug 1004781: Enable pinning for facebook in production mode (r=keeler)	2014-12-12 09:10:53 -08:00
Brian Smith	7f05080219	Bug 940787: Stop requiring ALPN/NPN for False Start, r=keeler --HG-- extra : rebase_source : f8946e1fc631f2458807a559104a1dca01f444ac	2014-12-10 10:50:48 -08:00
Brian Smith	cc0b0eeed3	Bug 1109766: Require AES-GCM for TLS False Start, r=keeler --HG-- extra : rebase_source : 8370c628863e644131ed1fbe6b8e49b5dc1215dc	2014-12-10 10:19:00 -08:00
Brian Smith	9c1c9d03e6	Bug 861310: Require TLS 1.2 for TLS False Start, r=keeler --HG-- extra : rebase_source : d4bb253a84270c84acdf7ed4f84bc0186231e521	2014-12-10 10:04:45 -08:00
Cykesiopka	9cae71d8a9	Bug 1109252 - Make remaining PSM test cert generation scripts print out cert information as necessary. r=keeler	2014-12-10 21:32:00 +01:00
Jed Davis	344f6abf7b	Bug 1093334 - Delete unnecessary copies of Chromium headers in security/sandbox/linux. r=kang	2014-12-10 17:26:12 -08:00
Jed Davis	c2384cf7c7	Bug 1093334 - Adjust includes of Linux sandboxing headers from Chromium. r=kang Also re-sorts some of the includes into something closer to the style guide.	2014-12-10 17:26:12 -08:00
Jed Davis	30e88baa98	Bug 1093334 - Import more headers from Chromium rev 9522fad406dd161400daa518075828e47bd47f60. r=kang	2014-12-10 17:26:12 -08:00
Jed Davis	30ba635db0	Bug 1102209 - Remove use of CodeGen::JoinInstructions in the Linux sandboxing code. r=kang This reorganizes SandboxAssembler to stack up the policy rules and traverse them in reverse order to build the filter DAG from tail to head (i.e., starting with "deny all" and prepending allow and return-errno rules). Thus, this code will continue to work (perhaps with minor changes, such as to the NodePtr typedef) with future versions of the Chromium sandbox code that don't allow mutating the filter program with the JoinInstructions method.	2014-12-10 17:26:12 -08:00
Jed Davis	114cf4fb41	Bug 1108759 - Fix B2G no-optimization builds. r=glandium	2014-12-10 16:17:47 -08:00
Cykesiopka	7e1828ba3d	Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler	2014-12-09 12:07:00 -05:00
Cykesiopka	6df9a55b46	Bug 978426 - Re-enable test_sts_preloadlist_perwindowpb.js on B2G. r=dkeeler	2014-12-09 11:37:00 +01:00
Brian Smith	346599ec9c	Bug 1107791 Remove support for unusual wildcard names in certificates, r=keeler --HG-- extra : rebase_source : bd142d2e85059a0d0fd36325242553e94a7d4377	2014-12-04 17:12:09 -08:00
Brian Smith	bd9d21676a	Bug 1107790: Remove support for absolute hostnames in presented DNS IDs and name constraints, r=keeler --HG-- extra : rebase_source : cf402f902196e729026d713cd6d62f5c3b889a12	2014-12-08 16:42:54 -08:00
Brian Smith	81f8d7a489	Bug 1107787: Disable TLS_DHE_DSS_WITH_AES_128_CBC_SHA, r=keeler --HG-- extra : rebase_source : 063d859c69adc8deba9d1842f4bd42a9b862bbe5	2014-12-04 19:50:58 -08:00
Brian Smith	5bd7eba3e4	Bug `1037098`: Remove preferences for cipher suites disabled in bug 1036765, r=keeler --HG-- extra : rebase_source : b033bea062c8cafecd93830fa54f4cf184fa28df	2014-12-04 19:47:17 -08:00
Brian Smith	01259ceda5	Bug 1107946: Fixed unused variable warnings in pkixnames_tests.cpp, r=keeler --HG-- extra : rebase_source : 23d20e91c8b408363acab7c6d4d67a86d2293dff	2014-12-05 12:14:49 -08:00
Ryan VanderMeulen	1bdab6fe7b	Backed out changesets fb903f13f215, 9c5c712698e4, and 36d257ead3da (bug 1092835) for causing test_csp_allow_https_schemes.html permafail on Android 2.3. CLOSED TREE	2014-12-09 14:00:47 -05:00
Masatoshi Kimura	487b1516b0	Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus	2014-12-10 00:54:06 +09:00
Masatoshi Kimura	5167dadd93	Bug 1093724 - Add a range check to the TLS version prefs loading code. r=keeler	2014-12-09 21:48:29 +09:00

1 2 3 4 5 ...

9149 Commits