gecko-dev

mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-02 07:05:24 +00:00

Author	SHA1	Message	Date
David Keeler	113252b726	bug 1239455 - rework telemetry for SHA-1 certificates to reflect possible policy states r=Cykesiopka,mgoodwin,rbarnes Before this patch, we were measuring where SHA-1 was being used in TLS certificates: nowhere, in end-entities, in intermediates, or in both. However, the possible SHA-1 policies don't differentiate between end-entities and intermediates and instead depended on whether or not each certificate has a notBefore value after 2015 (i.e. >= 0:00:00 1 January 2016 UTC). We need to gather telemetry on the possible policy configurations. --HG-- extra : rebase_source : 301c821c8de16ffb924cd198dd0a4d3139536019	2016-01-13 12:50:42 -08:00
Jan de Mooij	68d44577b4	Bug 1237232 - Properly check the result of Vector append() calls in security/. r=keeler	2016-01-13 22:05:08 +01:00
Chris Peterson	3f4e7bf8d5	Bug 1235188 - Fix -Wformat warnings in security/certverifier/. r=keeler security/certverifier/NSSCertDBTrustDomain.cpp:433:26 [-Wformat] format specifies type 'long' but the argument has underlying type 'int' security/certverifier/NSSCertDBTrustDomain.cpp:433:48 [-Wformat] format specifies type 'long long' but the argument has type 'mozilla::pkix::Time'	2015-12-28 18:41:54 -07:00
Chris Peterson	4034ee65b8	Bug 1235308 - Fix -Wimplicit-fallthrough warnings in security/. r=keeler security/certverifier/NSSCertDBTrustDomain.cpp:282:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels security/manager/ssl/nsNSSComponent.cpp:149:3 [-Wimplicit-fallthrough] unannotated fall-through between switch labels security/manager/ssl/nsSecureBrowserUIImpl.cpp:1406:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels	2015-12-25 00:03:35 -07:00
David Keeler	cf2300da93	bug 1230994 - December 2015 batch of EV root CA changes r=mgoodwin Adds: bug 1193480: CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN bug 1147675: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A...,L=Ankara,C=TR bug 1230985: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP bug 1213044: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH	2015-12-14 14:44:44 -08:00
Xidorn Quan	8cd346c251	Bug 1229587 part 1 - Disable C4464 warning newly added in VS2015u1. r=keeler --HG-- extra : source : 1c79d789b2de950e8024d857f9315ea362141969	2015-12-03 09:29:42 +11:00
Cykesiopka	fedad480ea	Bug 1222903 - Reject EV status for EV EE certs that are valid for longer than 27 months as well. r=keeler	2015-11-13 07:42:00 +01:00
Mark Goodwin	31adb1a5c5	Bug 901698 - Implement OCSP-must-staple; r=keeler	2015-11-13 16:49:08 +00:00
David Keeler	a1cf24355b	bug 1223466 - update extended validation information to deal with root removals in NSS 3.21 r=mgoodwin These entries were removed: from bug 1204962: CN=TC TrustCenter Universal CA III,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE SHA-256: 309B4A87F6CA56C93169AAA99C6D988854D7892BD5437E2D07B29CBEDA55D35D SHA-1: 9656CD7B57969895D0E141466806FBB8C6110687 from bug 1204997: CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT SHA-256: 793CBF4559B9FDE38AB22DF16869F69881AE14C4B0139AC788A78A1AFCCA02FB SHA-1: D3C063F219ED073E34AD5D750B327629FFD59AF2 from bug 1208461: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US SHA-256: 85FB2F91DD12275A0145B636534F84024AD68B69B8EE88684FF711375805B348 SHA-1: 58119F0E128287EA50FDD987456F4F78DCFAD6D4	2015-11-10 10:13:18 -08:00
David Keeler	29b3d15dde	bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg	2015-10-30 10:37:22 -07:00
Cykesiopka	4ec261d0e7	Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=keeler	2015-10-23 05:13:00 -04:00
Carsten "Tomcat" Book	ea5d701c66	Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures	2015-10-20 12:40:18 +02:00
Cykesiopka	fa99ba4063	Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=dkeeler --HG-- extra : rebase_source : 14756428ea3f8bc41d746a2e71a5d4914e96f33c	2015-10-17 09:04:43 -07:00
Richard Barnes	990593f9cf	Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler	2015-09-11 14:52:30 -04:00
Nicholas Nethercote	f44287005f	Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium. The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in code we control and which should be removable with a little effort. --HG-- extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973	2015-08-27 20:44:53 -07:00
Mark Goodwin	f2b116c0d6	Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)	2015-08-21 15:14:08 +01:00
Makoto Kato	c3c571a9ee	Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler	2015-08-07 13:41:49 +09:00
Cykesiopka	d9d018971e	Bug 1164609 - Remove EV treatment for expired Buypass Class 3 CA 1 root certificate. r=keeler --HG-- extra : rebase_source : 65e2c8746098d8fb2cd5347b557c23a3832d435a	2015-08-07 00:21:00 +02:00
Carsten "Tomcat" Book	fca5cdc8bc	Backed out changeset 9618f92995ab (bug 1166323) for linux x64 test bustage on a CLOSED TREE	2015-08-07 07:24:40 +02:00
Makoto Kato	6fb6d7a35c	Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler	2015-08-07 13:41:49 +09:00
David Keeler	b49becac5d	bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin	2015-06-17 16:02:08 -07:00
Xidorn Quan	cec576a922	Bug 1187173 - Disable warning C4623 on security/certverifier. r=briansmith --HG-- extra : source : 9f3acfedff8cf4a26266bb578dc69727e799c0cf extra : amend_source : cb1d0a6e8c6d9199429159cb9a20484f5aa95b8d	2015-07-24 13:38:12 +10:00
Mark Goodwin	fce204e0e0	Bug 1183822 - fix OCSP verification failures (r=keeler) Adds a new TrustDomain for OCSP Signers which will always allow all acceptible signature digest algorithms. Calls to most other TrustDomain methods are passed through to the owning NSSCertDBTrustDomain.	2015-07-17 17:07:48 +01:00
Mark Goodwin	c7285efe5a	Backed out changeset fb6cbb4ada54 (bug 1183822)	2015-07-17 10:36:58 +01:00
Mark Goodwin	0bfd3046ed	Bug 1183822 - fix OCSP verification failures (r=keeler) Adds a new TrustDomain for OCSP Signers which will always allow all acceptible signature digest algorithms. Calls to most other TrustDomain methods are passed through to the owning NSSCertDBTrustDomain.	2015-07-17 10:03:56 +01:00
Mark Goodwin	91782dab68	Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)	2015-07-09 07:22:29 +01:00
Cykesiopka	0a9aea4ab2	Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler --HG-- extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256	2015-06-29 22:19:00 +02:00
David Keeler	d67edd7f93	bug 1170303 - treat malformed name information in certificates as a domain name mismatch r=Cykesiopka	2015-06-01 13:55:23 -07:00
Richard Barnes	8a4bc22436	Bug `1010068` - Disable OCSP for DV certificates in Firefox for Android r=keeler	2015-05-28 13:29:13 -07:00
Ryan VanderMeulen	56574135d1	Backed out changeset fda85020d842 (bug `1010068`) for Android test_cert_overrides.js failures. CLOSED TREE	2015-06-08 11:37:33 -04:00
Richard Barnes	3824033dee	Bug `1010068` - Disable OCSP for DV certificates in Firefox for Android r=keeler	2015-05-28 13:29:13 -07:00
Eric Rahm	75c4bebb79	Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_. rs=froydnj This is straightforward mapping of PR_LOG levels to their LogLevel counterparts: PR_LOG_ERROR -> LogLevel::Error PR_LOG_WARNING -> LogLevel::Warning PR_LOG_WARN -> LogLevel::Warning PR_LOG_INFO -> LogLevel::Info PR_LOG_DEBUG -> LogLevel::Debug PR_LOG_NOTICE -> LogLevel::Debug PR_LOG_VERBOSE -> LogLevel::Verbose Instances of PRLogModuleLevel were mapped to a fully qualified mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a fully qualified mozilla::LogLevel:: level, and all other instances were mapped to us a shorter format of LogLevel::*. Bustage for usage of the non-fully qualified LogLevel were fixed by adding \|using mozilla::LogLevel;\| where appropriate.	2015-06-03 15:25:57 -07:00
Carsten "Tomcat" Book	5471309381	Backed out 14 changesets (bug 1165515) for linux x64 e10s m2 test failures Backed out changeset d68dcf2ef372 (bug 1165515) Backed out changeset 7c3b45a47811 (bug 1165515) Backed out changeset b668b617bef2 (bug 1165515) Backed out changeset d0916e1283a2 (bug 1165515) Backed out changeset ac4dc7489942 (bug 1165515) Backed out changeset e9632ce8bc65 (bug 1165515) Backed out changeset c16d215cc7e4 (bug 1165515) Backed out changeset e4d474f3c51a (bug 1165515) Backed out changeset d87680bf9f7c (bug 1165515) Backed out changeset b3c0a45ba99e (bug 1165515) Backed out changeset 9370fa197674 (bug 1165515) Backed out changeset 50970d668ca1 (bug 1165515) Backed out changeset ffa4eb6d24b9 (bug 1165515) Backed out changeset 5fcf1203cc1d (bug 1165515) --HG-- extra : rebase_source : 6fb850d063cbabe738f97f0380302153e3eae97a	2015-06-02 13:05:56 +02:00
Eric Rahm	a9afd68cef	Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_. rs=froydnj This is straightforward mapping of PR_LOG levels to their LogLevel counterparts: PR_LOG_ERROR -> LogLevel::Error PR_LOG_WARNING -> LogLevel::Warning PR_LOG_WARN -> LogLevel::Warning PR_LOG_INFO -> LogLevel::Info PR_LOG_DEBUG -> LogLevel::Debug PR_LOG_NOTICE -> LogLevel::Debug PR_LOG_VERBOSE -> LogLevel::Verbose Instances of PRLogModuleLevel were mapped to a fully qualified mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a fully qualified mozilla::LogLevel:: level, and all other instances were mapped to us a shorter format of LogLevel::*. Bustage for usage of the non-fully qualified LogLevel were fixed by adding \|using mozilla::LogLevel;\| where appropriate.	2015-06-01 22:17:33 -07:00
Wes Kocher	4e9f80ed2e	Backed out 14 changesets (bug 1165515) for b2g mochitest-6 permafail CLOSED TREE Backed out changeset 9b97e2aa2ed9 (bug 1165515) Backed out changeset 150606c022a2 (bug 1165515) Backed out changeset 4e875a488349 (bug 1165515) Backed out changeset 467e7feeb546 (bug 1165515) Backed out changeset d6b6cc373197 (bug 1165515) Backed out changeset 0615265b593c (bug 1165515) Backed out changeset fafd1dce9f08 (bug 1165515) Backed out changeset d1df869245f9 (bug 1165515) Backed out changeset 6876a7c63611 (bug 1165515) Backed out changeset b7841c94a9a3 (bug 1165515) Backed out changeset e5e3617f7c73 (bug 1165515) Backed out changeset 39be3db95978 (bug 1165515) Backed out changeset 0ec74176f8de (bug 1165515) Backed out changeset 5b928dd10d71 (bug 1165515)	2015-06-01 17:57:58 -07:00
Eric Rahm	f82c0e7caf	Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_. rs=froydnj This is straightforward mapping of PR_LOG levels to their LogLevel counterparts: PR_LOG_ERROR -> LogLevel::Error PR_LOG_WARNING -> LogLevel::Warning PR_LOG_WARN -> LogLevel::Warning PR_LOG_INFO -> LogLevel::Info PR_LOG_DEBUG -> LogLevel::Debug PR_LOG_NOTICE -> LogLevel::Debug PR_LOG_VERBOSE -> LogLevel::Verbose Instances of PRLogModuleLevel were mapped to a fully qualified mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a fully qualified mozilla::LogLevel:: level, and all other instances were mapped to us a shorter format of LogLevel::*. Bustage for usage of the non-fully qualified LogLevel were fixed by adding \|using mozilla::LogLevel;\| where appropriate.	2015-06-01 14:31:01 -07:00
Makoto Kato	6ddb65f184	Bug 1166323 - Remove IME sequence number. r=masayuki,nchen	2015-05-28 13:51:40 +09:00
Birunthan Mohanathas	a028ea5c2d	Bug 1164714 - Move and flatten security/manager/boot/{public,src}/ into security/manager/ssl/. r=keeler --HG-- rename : security/manager/boot/src/CertBlocklist.cpp => security/manager/ssl/CertBlocklist.cpp rename : security/manager/boot/src/CertBlocklist.h => security/manager/ssl/CertBlocklist.h rename : security/manager/boot/src/DataStorage.cpp => security/manager/ssl/DataStorage.cpp rename : security/manager/boot/src/DataStorage.h => security/manager/ssl/DataStorage.h rename : security/manager/boot/src/PublicKeyPinningService.cpp => security/manager/ssl/PublicKeyPinningService.cpp rename : security/manager/boot/src/PublicKeyPinningService.h => security/manager/ssl/PublicKeyPinningService.h rename : security/manager/boot/src/RootCertificateTelemetryUtils.cpp => security/manager/ssl/RootCertificateTelemetryUtils.cpp rename : security/manager/boot/src/RootCertificateTelemetryUtils.h => security/manager/ssl/RootCertificateTelemetryUtils.h rename : security/manager/boot/src/RootHashes.inc => security/manager/ssl/RootHashes.inc rename : security/manager/boot/src/StaticHPKPins.errors => security/manager/ssl/StaticHPKPins.errors rename : security/manager/boot/src/StaticHPKPins.h => security/manager/ssl/StaticHPKPins.h rename : security/manager/boot/src/nsEntropyCollector.cpp => security/manager/ssl/nsEntropyCollector.cpp rename : security/manager/boot/src/nsEntropyCollector.h => security/manager/ssl/nsEntropyCollector.h rename : security/manager/boot/public/nsIBufEntropyCollector.idl => security/manager/ssl/nsIBufEntropyCollector.idl rename : security/manager/boot/public/nsICertBlocklist.idl => security/manager/ssl/nsICertBlocklist.idl rename : security/manager/boot/public/nsISSLStatusProvider.idl => security/manager/ssl/nsISSLStatusProvider.idl rename : security/manager/boot/public/nsISecurityUITelemetry.idl => security/manager/ssl/nsISecurityUITelemetry.idl rename : security/manager/boot/src/nsSTSPreloadList.errors => security/manager/ssl/nsSTSPreloadList.errors rename : security/manager/boot/src/nsSTSPreloadList.inc => security/manager/ssl/nsSTSPreloadList.inc rename : security/manager/boot/src/nsSecureBrowserUIImpl.cpp => security/manager/ssl/nsSecureBrowserUIImpl.cpp rename : security/manager/boot/src/nsSecureBrowserUIImpl.h => security/manager/ssl/nsSecureBrowserUIImpl.h rename : security/manager/boot/src/nsSecurityHeaderParser.cpp => security/manager/ssl/nsSecurityHeaderParser.cpp rename : security/manager/boot/src/nsSecurityHeaderParser.h => security/manager/ssl/nsSecurityHeaderParser.h rename : security/manager/boot/src/nsSiteSecurityService.cpp => security/manager/ssl/nsSiteSecurityService.cpp rename : security/manager/boot/src/nsSiteSecurityService.h => security/manager/ssl/nsSiteSecurityService.h	2015-05-26 10:31:25 -07:00
Birunthan Mohanathas	ae04912e48	Bug 1164714 - Flatten security/manager/ssl/src/ directory. r=keeler --HG-- rename : security/manager/ssl/src/CryptoTask.cpp => security/manager/ssl/CryptoTask.cpp rename : security/manager/ssl/src/CryptoTask.h => security/manager/ssl/CryptoTask.h rename : security/manager/ssl/src/CryptoUtil.h => security/manager/ssl/CryptoUtil.h rename : security/manager/ssl/src/IntolerantFallbackList.inc => security/manager/ssl/IntolerantFallbackList.inc rename : security/manager/ssl/src/NSSErrorsService.cpp => security/manager/ssl/NSSErrorsService.cpp rename : security/manager/ssl/src/NSSErrorsService.h => security/manager/ssl/NSSErrorsService.h rename : security/manager/ssl/src/PPSMContentDownloader.ipdl => security/manager/ssl/PPSMContentDownloader.ipdl rename : security/manager/ssl/src/PSMContentListener.cpp => security/manager/ssl/PSMContentListener.cpp rename : security/manager/ssl/src/PSMContentListener.h => security/manager/ssl/PSMContentListener.h rename : security/manager/ssl/src/PSMRunnable.cpp => security/manager/ssl/PSMRunnable.cpp rename : security/manager/ssl/src/PSMRunnable.h => security/manager/ssl/PSMRunnable.h rename : security/manager/ssl/src/PublicSSL.h => security/manager/ssl/PublicSSL.h rename : security/manager/ssl/src/SSLServerCertVerification.cpp => security/manager/ssl/SSLServerCertVerification.cpp rename : security/manager/ssl/src/SSLServerCertVerification.h => security/manager/ssl/SSLServerCertVerification.h rename : security/manager/ssl/src/ScopedNSSTypes.h => security/manager/ssl/ScopedNSSTypes.h rename : security/manager/ssl/src/SharedCertVerifier.h => security/manager/ssl/SharedCertVerifier.h rename : security/manager/ssl/src/SharedSSLState.cpp => security/manager/ssl/SharedSSLState.cpp rename : security/manager/ssl/src/SharedSSLState.h => security/manager/ssl/SharedSSLState.h rename : security/manager/ssl/src/TransportSecurityInfo.cpp => security/manager/ssl/TransportSecurityInfo.cpp rename : security/manager/ssl/src/TransportSecurityInfo.h => security/manager/ssl/TransportSecurityInfo.h rename : security/manager/ssl/src/md4.c => security/manager/ssl/md4.c rename : security/manager/ssl/src/md4.h => security/manager/ssl/md4.h rename : security/manager/ssl/src/nsCertOverrideService.cpp => security/manager/ssl/nsCertOverrideService.cpp rename : security/manager/ssl/src/nsCertOverrideService.h => security/manager/ssl/nsCertOverrideService.h rename : security/manager/ssl/src/nsCertPicker.cpp => security/manager/ssl/nsCertPicker.cpp rename : security/manager/ssl/src/nsCertPicker.h => security/manager/ssl/nsCertPicker.h rename : security/manager/ssl/src/nsCertTree.cpp => security/manager/ssl/nsCertTree.cpp rename : security/manager/ssl/src/nsCertTree.h => security/manager/ssl/nsCertTree.h rename : security/manager/ssl/src/nsCertVerificationThread.cpp => security/manager/ssl/nsCertVerificationThread.cpp rename : security/manager/ssl/src/nsCertVerificationThread.h => security/manager/ssl/nsCertVerificationThread.h rename : security/manager/ssl/src/nsClientAuthRemember.cpp => security/manager/ssl/nsClientAuthRemember.cpp rename : security/manager/ssl/src/nsClientAuthRemember.h => security/manager/ssl/nsClientAuthRemember.h rename : security/manager/ssl/src/nsCrypto.cpp => security/manager/ssl/nsCrypto.cpp rename : security/manager/ssl/src/nsCrypto.h => security/manager/ssl/nsCrypto.h rename : security/manager/ssl/src/nsCryptoHash.cpp => security/manager/ssl/nsCryptoHash.cpp rename : security/manager/ssl/src/nsCryptoHash.h => security/manager/ssl/nsCryptoHash.h rename : security/manager/ssl/src/nsDataSignatureVerifier.cpp => security/manager/ssl/nsDataSignatureVerifier.cpp rename : security/manager/ssl/src/nsDataSignatureVerifier.h => security/manager/ssl/nsDataSignatureVerifier.h rename : security/manager/ssl/src/nsKeyModule.cpp => security/manager/ssl/nsKeyModule.cpp rename : security/manager/ssl/src/nsKeyModule.h => security/manager/ssl/nsKeyModule.h rename : security/manager/ssl/src/nsKeygenHandler.cpp => security/manager/ssl/nsKeygenHandler.cpp rename : security/manager/ssl/src/nsKeygenHandler.h => security/manager/ssl/nsKeygenHandler.h rename : security/manager/ssl/src/nsKeygenHandlerContent.cpp => security/manager/ssl/nsKeygenHandlerContent.cpp rename : security/manager/ssl/src/nsKeygenHandlerContent.h => security/manager/ssl/nsKeygenHandlerContent.h rename : security/manager/ssl/src/nsKeygenThread.cpp => security/manager/ssl/nsKeygenThread.cpp rename : security/manager/ssl/src/nsKeygenThread.h => security/manager/ssl/nsKeygenThread.h rename : security/manager/ssl/src/nsNSSASN1Object.cpp => security/manager/ssl/nsNSSASN1Object.cpp rename : security/manager/ssl/src/nsNSSASN1Object.h => security/manager/ssl/nsNSSASN1Object.h rename : security/manager/ssl/src/nsNSSCallbacks.cpp => security/manager/ssl/nsNSSCallbacks.cpp rename : security/manager/ssl/src/nsNSSCallbacks.h => security/manager/ssl/nsNSSCallbacks.h rename : security/manager/ssl/src/nsNSSCertHelper.cpp => security/manager/ssl/nsNSSCertHelper.cpp rename : security/manager/ssl/src/nsNSSCertHelper.h => security/manager/ssl/nsNSSCertHelper.h rename : security/manager/ssl/src/nsNSSCertTrust.cpp => security/manager/ssl/nsNSSCertTrust.cpp rename : security/manager/ssl/src/nsNSSCertTrust.h => security/manager/ssl/nsNSSCertTrust.h rename : security/manager/ssl/src/nsNSSCertValidity.cpp => security/manager/ssl/nsNSSCertValidity.cpp rename : security/manager/ssl/src/nsNSSCertValidity.h => security/manager/ssl/nsNSSCertValidity.h rename : security/manager/ssl/src/nsNSSCertificate.cpp => security/manager/ssl/nsNSSCertificate.cpp rename : security/manager/ssl/src/nsNSSCertificate.h => security/manager/ssl/nsNSSCertificate.h rename : security/manager/ssl/src/nsNSSCertificateDB.cpp => security/manager/ssl/nsNSSCertificateDB.cpp rename : security/manager/ssl/src/nsNSSCertificateDB.h => security/manager/ssl/nsNSSCertificateDB.h rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp => security/manager/ssl/nsNSSCertificateFakeTransport.cpp rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.h => security/manager/ssl/nsNSSCertificateFakeTransport.h rename : security/manager/ssl/src/nsNSSComponent.cpp => security/manager/ssl/nsNSSComponent.cpp rename : security/manager/ssl/src/nsNSSComponent.h => security/manager/ssl/nsNSSComponent.h rename : security/manager/ssl/src/nsNSSErrors.cpp => security/manager/ssl/nsNSSErrors.cpp rename : security/manager/ssl/src/nsNSSHelper.h => security/manager/ssl/nsNSSHelper.h rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/nsNSSIOLayer.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/nsNSSIOLayer.h rename : security/manager/ssl/src/nsNSSModule.cpp => security/manager/ssl/nsNSSModule.cpp rename : security/manager/ssl/src/nsNSSShutDown.cpp => security/manager/ssl/nsNSSShutDown.cpp rename : security/manager/ssl/src/nsNSSShutDown.h => security/manager/ssl/nsNSSShutDown.h rename : security/manager/ssl/src/nsNSSVersion.cpp => security/manager/ssl/nsNSSVersion.cpp rename : security/manager/ssl/src/nsNSSVersion.h => security/manager/ssl/nsNSSVersion.h rename : security/manager/ssl/src/nsNTLMAuthModule.cpp => security/manager/ssl/nsNTLMAuthModule.cpp rename : security/manager/ssl/src/nsNTLMAuthModule.h => security/manager/ssl/nsNTLMAuthModule.h rename : security/manager/ssl/src/nsPK11TokenDB.cpp => security/manager/ssl/nsPK11TokenDB.cpp rename : security/manager/ssl/src/nsPK11TokenDB.h => security/manager/ssl/nsPK11TokenDB.h rename : security/manager/ssl/src/nsPKCS11Slot.cpp => security/manager/ssl/nsPKCS11Slot.cpp rename : security/manager/ssl/src/nsPKCS11Slot.h => security/manager/ssl/nsPKCS11Slot.h rename : security/manager/ssl/src/nsPKCS12Blob.cpp => security/manager/ssl/nsPKCS12Blob.cpp rename : security/manager/ssl/src/nsPKCS12Blob.h => security/manager/ssl/nsPKCS12Blob.h rename : security/manager/ssl/src/nsPSMBackgroundThread.cpp => security/manager/ssl/nsPSMBackgroundThread.cpp rename : security/manager/ssl/src/nsPSMBackgroundThread.h => security/manager/ssl/nsPSMBackgroundThread.h rename : security/manager/ssl/src/nsProtectedAuthThread.cpp => security/manager/ssl/nsProtectedAuthThread.cpp rename : security/manager/ssl/src/nsProtectedAuthThread.h => security/manager/ssl/nsProtectedAuthThread.h rename : security/manager/ssl/src/nsRandomGenerator.cpp => security/manager/ssl/nsRandomGenerator.cpp rename : security/manager/ssl/src/nsRandomGenerator.h => security/manager/ssl/nsRandomGenerator.h rename : security/manager/ssl/src/nsSDR.cpp => security/manager/ssl/nsSDR.cpp rename : security/manager/ssl/src/nsSDR.h => security/manager/ssl/nsSDR.h rename : security/manager/ssl/src/nsSSLSocketProvider.cpp => security/manager/ssl/nsSSLSocketProvider.cpp rename : security/manager/ssl/src/nsSSLSocketProvider.h => security/manager/ssl/nsSSLSocketProvider.h rename : security/manager/ssl/src/nsSSLStatus.cpp => security/manager/ssl/nsSSLStatus.cpp rename : security/manager/ssl/src/nsSSLStatus.h => security/manager/ssl/nsSSLStatus.h rename : security/manager/ssl/src/nsSmartCardMonitor.cpp => security/manager/ssl/nsSmartCardMonitor.cpp rename : security/manager/ssl/src/nsSmartCardMonitor.h => security/manager/ssl/nsSmartCardMonitor.h rename : security/manager/ssl/src/nsTLSSocketProvider.cpp => security/manager/ssl/nsTLSSocketProvider.cpp rename : security/manager/ssl/src/nsTLSSocketProvider.h => security/manager/ssl/nsTLSSocketProvider.h rename : security/manager/ssl/src/nsUsageArrayHelper.cpp => security/manager/ssl/nsUsageArrayHelper.cpp rename : security/manager/ssl/src/nsUsageArrayHelper.h => security/manager/ssl/nsUsageArrayHelper.h rename : security/manager/ssl/src/nsVerificationJob.h => security/manager/ssl/nsVerificationJob.h	2015-05-26 10:31:23 -07:00
Eric Rahm	3925a960aa	Bug 1165515 - Part 1: Convert PR_LOG to MOZ_LOG. r=froydnj	2015-05-21 13:22:04 -07:00
Richard Barnes	cfe5014bab	Backed out changeset fe10feec1ede because of OCSP test failures	2015-05-16 16:38:34 -04:00
Richard Barnes	a9f5d9c05c	Bug `1010068` - Disable OCSP for DV certificates in Firefox for Android r=keeler	2015-05-15 16:17:47 -04:00
David Keeler	4e7fc3055e	bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes	2015-04-06 16:10:28 -07:00
David Keeler	3c315d18c3	bug 1102436 - remove PublicKeyPinningService::CheckChainAgainstAllNames r=Cykesiopka	2015-05-07 11:06:07 -07:00
Eric Rahm	4eceb82c1f	Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj PR_LOGGING is now always defined, we can remove #ifdefs checking for it.	2015-05-08 14:36:33 -07:00
Mark Goodwin	f82bee04e1	Bug 1128607 - Add freshness check for OneCRL (r=keeler)	2015-05-07 18:54:05 +01:00
Richard Barnes	ee333796b2	Bug 1121982 - Update PSM to use NSS name constraints	2015-04-23 20:26:29 -04:00
David Keeler	a4f79b207d	bug 1157873 - remove certificates from CNNIC whitelist that aren't in the Pilot Certificate Transparency log r=rbarnes Also remove certificates where notBefore is on or after 1 April 2015.	2015-04-21 16:07:33 -07:00
David Keeler	5ff51a7744	bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes	2015-04-07 17:29:05 -07:00
David Keeler	81764496cd	bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past	2015-03-25 11:04:49 -07:00

1 2 3 4

184 Commits