Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-25 19:25:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
444,721 Commits 615 Branches 98 Tags 5.9 GiB
3363f1775d
Commit Graph

3639 Commits

Author SHA1 Message Date
Mark Goodwin
f82bee04e1 Bug 1128607 - Add freshness check for OneCRL (r=keeler) 2015-05-07 18:54:05 +01:00
Patrick McManus
6c728ddf43 bug 1153212 - 2/2 Necko explicitly track origin vs routed host and give psm only origin r=dkeeler r=hurley IGNORE IDL 
Allow necko to simultaneously track the dual concept of routed host
and origin (authenticated host). The origin is given to the socket
provider and the routed host is inserted at DNS lookup time as if it
were a SRV or CNAME.

--HG--
extra : rebase_source : f9cc87b92084025443bc0374b1dd994f01662ebb
 2015-04-09 11:31:59 -04:00
Patrick McManus
6a940b1edd bug 1153212 - 1/2 revert 90d6a38931fa to make room for better fix r=backout 
--HG--
extra : rebase_source : a812bd796d4aa9df8e51c32a014663c025f3e0a6
 2015-05-07 13:16:26 -04:00
Andrew Bartlett
ca3e5326e2 Bug 734229 - Partially address by refusing to re-negotiate on NTLM. r=mayhemer, r=keeler 
Now only one NTLM Negotiate packet will be sent per connection, rather
than again after a failed authentication.  The problem situation is
triggered due to failed Negotiate authentication, and is probably more
complex.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>

--HG--
extra : rebase_source : dc2bac8a3b7dab5e774dcfb9ce33b73c7233d686
 2014-11-28 11:34:06 +13:00
David Major
ebde6b9f4f Bug 1157835: Remove the MSVC_ENABLE_PGO flag from the build system. r=glandium 
--HG--
extra : rebase_source : 0c47c99bb8b92f8361a51fd81b20a2cc8647a986
 2015-04-27 19:59:27 -04:00
Carsten "Tomcat" Book
596e5f9960 merge fx-team to mozilla-central a=merge 2015-04-27 12:34:03 +02:00
ffxbld
2ecabecaa7 No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update 2015-04-25 03:32:33 -07:00
ffxbld
d0e7b73b16 No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update 2015-04-25 03:32:31 -07:00
Dave Townsend
7b5d12ad46 Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz 
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
 2015-03-31 11:32:40 -07:00
Carsten "Tomcat" Book
cdf101ec43 merge mozilla-inbound to mozilla-central a=merge 2015-04-24 14:37:13 +02:00
Fabrice Desré
471d07992f Bug 1144600 - Don't crash when submitting <keygen> on b2g r=dkeeler 2015-04-23 13:35:49 -07:00
Blake Kaplan
24f35dfe49 Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler 
--HG--
extra : rebase_source : 11fb8b1c1a3044b82668136f4cfec4c758d9270c
 2015-04-22 12:55:23 -07:00
David Keeler
a4f79b207d bug 1157873 - remove certificates from CNNIC whitelist that aren't in the Pilot Certificate Transparency log r=rbarnes 
Also remove certificates where notBefore is on or after 1 April 2015.
 2015-04-21 16:07:33 -07:00
Nathan Toone
0343243a12 Bug 1124076 followup - fix the build when PR_LOGGING is not defined. r=mrbkap 2015-04-23 13:24:57 -07:00
David Keeler
6c532d910b bug 1081128 - test_pinning.js takes ~300 seconds on b2g debug emulator - request a longer timeout for it r=Cykesiopka 
--HG--
extra : amend_source : 9ba64939a0f277c9407f47731186cfea4da64774
 2015-04-22 11:06:36 -07:00
Francois Marier
17b87281f2 Bug 1147212 - Add support for goog-unwanted-shavar. r=gcp,r=matej,r=smaug 
--HG--
rename : toolkit/components/url-classifier/tests/mochitest/evilWorker.js => toolkit/components/url-classifier/tests/mochitest/unwantedWorker.js
extra : rebase_source : efe09564160fb2fcb1adb5f6599183f053268c40
 2015-04-22 21:01:37 +12:00
Carsten "Tomcat" Book
ed2915b75f Backed out changeset 7f3cf84c11a9 (bug 1124076) for bustage on a CLOSED TREE 2015-04-22 13:44:23 +02:00
Blake Kaplan
3a94be560c Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler 
--HG--
extra : rebase_source : 00240091ae66180390a76a9613a4215cf591401d
 2015-04-21 14:56:00 +02:00
Patrick McManus
04795f03be bug 1153212 - Alt-Svc Fixes r=dkeeler r=hurley 2015-04-13 17:11:59 -04:00
Phil Ringnalda
7d4e804ec6 Merge m-i to m-c, a=merge 2015-04-18 16:36:32 -07:00
ffxbld
a178fd47b7 No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update 2015-04-18 03:29:47 -07:00
ffxbld
aa4085d52f No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update 2015-04-18 03:29:45 -07:00
Neil Deakin
af1ece91c4 Bug 1153248, re-enable a bunch of tests that now work with e10s, r=billm 2015-04-16 15:38:12 -04:00
David Keeler
5ff51a7744 bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes 2015-04-07 17:29:05 -07:00
David Keeler
81764496cd bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past 2015-03-25 11:04:49 -07:00
Landry Breuil
c755113bc5 Bug 1153090 followup - consistently use sizeof(hash) r=dkeeler 2015-04-14 22:19:18 +02:00
Landry Breuil
88aa8d67cc Bug 1153090 - Unaligned access in cert block list (r=keeler) 2015-04-14 21:19:52 +02:00
Brian Smith
566d65be48 Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler 
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.

--HG--
rename : security/pkix/include/pkix/ScopedPtr.h => security/pkix/lib/ScopedPtr.h
extra : rebase_source : 206bfb32aa5a04a4719f28b4aca59fe2f0abbec3
 2015-04-13 00:28:11 -10:00
Brian Smith
b1035c0992 Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler 
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
 2015-04-12 19:57:48 -10:00
Carsten "Tomcat" Book
ede9c4f220 merge mozilla-inbound to mozilla-central a=merge 2015-04-13 12:00:00 +02:00
ffxbld
bd0890186b No bug, Automated HPKP preload list update from host bld-linux64-spot-009 - a=hpkp-update 2015-04-11 03:29:55 -07:00
ffxbld
83c81d6e76 No bug, Automated HSTS preload list update from host bld-linux64-spot-009 - a=hsts-update 2015-04-11 03:29:53 -07:00
David Keeler
01409dbd35 bug 1147085 - remove nsINSSCertCache (replace it with nsIX509CertDB.getCerts()) r=Cykesiopka 2015-04-03 14:01:05 -07:00
Patrick McManus
bdc70031c6 Bug 1152895 - remove dead code in nsSSLIOLayerSetOptions r=dkeeler 2015-04-09 13:40:04 -04:00
Cykesiopka
3487ae0262 Bug 1147725 - Disable test_ocsp_fetch_method.js and test_ocsp_url.js on slow B2G Emulator debug builds. r=keeler 
--HG--
extra : rebase_source : 87d4b8284b33498a50542d49b956db84cdae1b62
 2015-04-06 14:05:00 +02:00
Phil Ringnalda
fa3a91e936 Merge m-i to m-c, a=merge 2015-04-04 09:59:17 -07:00
ffxbld
3a6df834e2 No bug, Automated HPKP preload list update from host bld-linux64-spot-220 - a=hpkp-update 2015-04-04 03:27:46 -07:00
ffxbld
81b8c93237 No bug, Automated HSTS preload list update from host bld-linux64-spot-220 - a=hsts-update 2015-04-04 03:27:44 -07:00
Cykesiopka
c2f2ce39ec Bug 1149805 - Switch head_psm.js to Assert.jsm methods and add expected result strings. r=keeler 2015-04-02 05:50:00 -04:00
Cykesiopka
6680672cfb Bug 488480 - Correct documentation about the function hasMatchingOverride() in nsICertOverrideService.idl. Original patch by Johnathan Nightingale. r=keeler 
IGNORE IDL

--HG--
extra : rebase_source : 3e2f7be6a165caf413726d13c9ccee26abbd2925
 2015-04-02 05:45:00 -04:00
Nathan Froyd
4c7234747e Bug 1143651 - don't use CallQueryInterface when the compiler can do the cast for us; r=ehsan 2015-03-12 13:20:29 -04:00
Cykesiopka
7eb3221db7 Bug 1147726: Disable test_keysize_ev.js on slow B2G Emulator debug builds. r=dkeeler 2015-03-31 11:53:00 +02:00
Brian Smith
a0437d5b8f Bug 1146057: Remove support for GCC 4.6, r=keeler 
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.

--HG--
extra : rebase_source : 0f104f16be9e7c1ff87bbdd0d4ba6700b1081fb8
 2015-03-30 20:18:46 -10:00
Mike Hommey
b077d9624d Bug 1134920 - Use moz_xmalloc/moz_xrealloc/free instead of nsMemory::Alloc/Realloc/Free. r=nfroyd 2015-04-01 13:51:45 +09:00
Mark Goodwin
d7b3e00bed Bug 1138848 - Tests for modified OneCRL (r=keeler, unfocused) 
* * *
* * *
give blocklist debug info to NSPR_LOG
 2015-03-31 15:10:19 -07:00
Mark Goodwin
1b0d6fb879 Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused) 2015-03-31 15:10:09 -07:00
David Keeler
5a690c59fa bug 844351 - remove nsISSLErrorListener r=cykesiopka 
--HG--
extra : amend_source : e2adec756356509f0a4601bbeabf7ba7c8d15a8e
 2015-03-24 16:00:10 -07:00
Cykesiopka
ee04a8b86a Bug 1147247 - Use PRErrorCodeSuccess constant instead of literal 0 to represent success in PSM xpcshell tests. r=dkeeler 
--HG--
extra : rebase_source : 75a144cbf0e166f92884275fb6c511c98d7e61bd
 2015-03-27 23:16:00 +01:00
David Cooper
bb6cbdf02b Bug 667471 - Pretty print names of ECDSA with SHA-2 algorithms in Certificate Viewer. r=dkeeler 
--HG--
extra : rebase_source : eb961cbdf8fe1ccf74642d86c03ee6c41c30f2d4
 2015-03-27 23:13:00 +01:00
Mike Hommey
c39e359c7d Bug 1138293 - Use malloc/free/realloc/calloc instead of moz_malloc/moz_free/moz_realloc/moz_calloc. r=njn 
The distinction between moz_malloc/moz_free and malloc/free is not
interesting. We are inconsistent in our use of one or the other, and
I wouldn't be surprised if we are mixing them anyways.
 2015-03-31 12:32:49 +09:00
Brian Smith
36b7acc82a Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler 
--HG--
extra : rebase_source : 7bb0327749fd013ba5de17483d21a9e9f21eb07a
extra : source : 9f3617a5b85a8a2ae9a82c0f0584b413a9b635b4
 2015-02-26 13:10:13 -08:00
Andrew McCreight
2f48802ae0 Bug 1147572 - Remove implementation language field from DOM class info. r=jst 2015-03-30 10:45:39 -07:00
Jan-Ivar Bruaroey
c6676519f2 Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, florian, billm, jesup 2015-03-03 09:51:05 -05:00
Andrew McCreight
46dfeaba0b Bug 1148070 - Change nsIClassInfo::getHelperForLanguage() to getScriptableHelper(). r=bholley 2015-03-29 07:52:54 -07:00
Randell Jesup
2b3486247c Backed out 6 changesets (bug 1046245) on a CLOSED TREE 2015-03-29 01:42:32 -04:00
Jan-Ivar Bruaroey
cdd0b089a5 Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Phil Ringnalda
24b4f38005 Back out 6 changesets (bug 1046245) for thinking that MSVC would have anything to do with a __PRETTY_FUNCTION__ 
CLOSED TREE

Backed out changeset 9e3ecca831d8 (bug 1046245)
Backed out changeset 87dc145f4da8 (bug 1046245)
Backed out changeset 01606cf19a77 (bug 1046245)
Backed out changeset 2ed2b15fe940 (bug 1046245)
Backed out changeset 2b99b193828a (bug 1046245)
Backed out changeset d1ac67faccbb (bug 1046245)
 2015-03-28 19:57:17 -07:00
Jan-Ivar Bruaroey
222e93c87c Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Ryan VanderMeulen
003e8f5278 Backed out 6 changesets (bug 1046245) for bustage on a CLOSED TREE. 
Backed out changeset 222c2f9e3bc9 (bug 1046245)
Backed out changeset 4251eef464a2 (bug 1046245)
Backed out changeset 592f4cc23197 (bug 1046245)
Backed out changeset 5bfb9a1c0550 (bug 1046245)
Backed out changeset e966a5df87b6 (bug 1046245)
Backed out changeset 609f3ca64004 (bug 1046245)
 2015-03-28 16:24:25 -04:00
Jan-Ivar Bruaroey
59e13faed0 Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Phil Ringnalda
e44926f4c1 Merge m-i to m-c, a=merge 2015-03-28 11:44:16 -07:00
ffxbld
ad47b2b11c No bug, Automated HPKP preload list update from host bld-linux64-spot-1005 - a=hpkp-update 2015-03-28 03:27:37 -07:00
ffxbld
7ffd3e55ce No bug, Automated HSTS preload list update from host bld-linux64-spot-1005 - a=hsts-update 2015-03-28 03:27:36 -07:00
Andrea Marchesini
e6f385fb3d Bug 1148527 - Indentation fix after bug 1145631, r=ehsan 2015-03-27 18:52:19 +00:00
Tanvi Vyas
0ca524deb8 Bug 947079 - Hack to prevent getting a mixed content icon on a fully secure page. r=keeler 2015-03-26 11:54:53 -07:00
Cykesiopka
b44239d022 Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler relanding on a CLOSED TREE 2015-03-25 17:29:05 -07:00
Wes Kocher
9b0a211a65 Backed out changeset 3a38c3d97f44 (bug 996872) on the theory that it somehow broke lots of tests, forcing a prolonged CLOSED TREE 2015-03-25 14:40:44 -07:00
Cykesiopka
958425a841 Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler 2015-03-25 11:40:46 -07:00
David Keeler
0bf38c806e bug 1138716 - update PSM data structures that depend on root CA changes r=mmc 2015-03-23 10:36:55 -07:00
Phil Ringnalda
fc8b8ab2ac Merge m-c to m-i 2015-03-21 12:50:09 -07:00
Phil Ringnalda
09f1e96e74 Merge m-i to m-c, a=merge 2015-03-21 12:31:07 -07:00
ffxbld
21922001d8 No bug, Automated HPKP preload list update from host bld-linux64-spot-1002 - a=hpkp-update 2015-03-21 03:30:42 -07:00
ffxbld
9d9da119ca No bug, Automated HSTS preload list update from host bld-linux64-spot-1002 - a=hsts-update 2015-03-21 03:30:40 -07:00
Ehsan Akhgari
883849ee32 Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj 
This patch was automatically generated using the following script:

function convert() {
echo "Converting $1 to $2..."
find . \
       ! -wholename "*/.git*" \
       ! -wholename "obj-ff-dbg*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.c" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_OVERRIDE override
convert MOZ_FINAL final
 2015-03-21 12:28:04 -04:00
Masatoshi Kimura
3a321cb760 Bug 1133187 - Update fallback whitelist. r=keeler 2015-03-18 15:36:00 +01:00
Cykesiopka
ae28024d8c Bug 1131227 - Make the about:certerror Unknown Issuer string mention missing intermediates and unimported roots. r=keeler 2015-03-17 14:33:00 +01:00
Masatoshi Kimura
35c856f796 Bug 1143082 - Fix a message in the mixed content UI. r=dolske 2015-03-17 20:34:58 +09:00
ffxbld
d9bfa275b9 No bug, Automated HPKP preload list update from host bld-linux64-spot-532 - a=hpkp-update 2015-03-14 03:26:00 -07:00
ffxbld
3d091a2a8c No bug, Automated HSTS preload list update from host bld-linux64-spot-532 - a=hsts-update 2015-03-14 03:25:58 -07:00
Nathan Froyd
b252a27930 Bug 1142503 - don't use QueryInterface when the compiler can do the cast for us; r=ehsan 
Calling QueryInterface with a statically known IID should typically not
be necessary.  In those cases where it's not, the compiler can do the
cast for us, though we have to supply the reference-counting that
QueryInterface would do.

In passing, several redundant null-checks for the result of |new T| have
been deleted.
 2015-03-12 09:43:50 -04:00
David Keeler
12b79456cc bug 1102443 - fix leak in key pinning logging by removing an unnecessary function call r=cykesiopka 
Also took the opportunity to fix the logging message, since it didn't accurately
describe the information that was being printed.

--HG--
extra : amend_source : 40a0c2ba9c07757e5895a822ce3bb8b197674554
 2015-03-12 14:31:26 -07:00
Jonathan Griffin
d1c61bc9b6 Bug 1116187 - Disable failing mochitest-chrome tests for B2G, r=gbrown 2015-02-06 16:30:37 -08:00
David Keeler
6978e35bf5 bug 1138332 - re-allow overrides for certificates signed by non-CA certificates r=mmc 
--HG--
extra : amend_source : 92a2dcf71daa6b31be0dcae628a13b13b0fc443a
 2015-03-11 11:11:22 -07:00
Cykesiopka
5814296e8c Bug 1141815 - Remove nsIDOMCryptoDialogs interface and associated implementation; r=keeler 2015-03-12 10:24:05 +01:00
Cykesiopka
2aa9e4036e Bug 1121117 - Add fuzz time to workaround non-monotonicity of Date(). r=keeler 
--HG--
extra : rebase_source : 464d1e1bf8cb4624f4fda39d3ea6a55430073c6f
 2015-03-19 19:57:00 +01:00
Ehsan Akhgari
0e3211475f Bug 1140767 - Build more files in security/manager in unified mode; r=dkeeler 2015-03-10 22:52:22 -04:00
Mike Hommey
364038011c Bug 868814 - Fold mozalloc library into mozglue. r=njn 
--HG--
rename : memory/mozalloc/moz.build => memory/mozalloc/staticruntime/moz.build
 2015-03-10 10:01:52 +09:00
Masatoshi Kimura
83b1b594b5 Bug 1106470 - Drop SSLv3 support entirely from PSM. r=keeler 2015-03-10 01:22:59 +09:00
Phil Ringnalda
ecf64b97b2 Merge m-i to m-c, a=merge 2015-03-07 19:11:54 -08:00
ffxbld
b74611a261 No bug, Automated HPKP preload list update from host bld-linux64-spot-157 - a=hpkp-update 2015-03-07 03:27:15 -08:00
ffxbld
1ec58518aa No bug, Automated HSTS preload list update from host bld-linux64-spot-157 - a=hsts-update 2015-03-07 03:27:13 -08:00
David Keeler
44fb9d4eff bug 1129771 - disable IPv6 in PSM xpcshell TLS connection tests due to failures on OS X 10.10 r=cykesiopka a=ryanvm on a CLOSED TREE 
In the process of investigating the intermittent failures listed in
bug 1129771, I discovered that the code would frequently get stuck connecting
to [::1] (where no server was listening) and wouldn't fall back to trying
127.0.0.1 (where the test server was listening). This change prevents the code
attempting to connect to [::1]. There probably is an underlying bug here, but
it appears to be in OS X itself and I have neither the time nor expertise to
investigate further.

--HG--
extra : amend_source : 57b6a28858685d7ca3b6b0c7cbc7ed193280ca7c
 2015-03-04 13:41:11 -08:00
Cykesiopka
171babfad4 Bug 1139177 - RSA public key size checking cleanups. r=keeler 2015-03-05 16:41:00 +01:00
David Keeler
cdb738f18d bug 1137538 - remove nsIIdentityInfo and nsNSSSocketInfo::GetPreviousCert r=mayhemer 2015-02-27 11:33:36 -08:00
Masatoshi Kimura
3e7620bf97 Bug 1138882 - Add a pref to enable unrestricted RC4 fallback. r=keeler 2015-03-05 22:51:31 +09:00
Cykesiopka
fa79ef2aea Bug 1121117 - Add some logging to test_ocsp_timeout.js to ease debugging. r=dkeeler 2015-03-03 14:25:00 +01:00
Wes Kocher
0de76a4c17 Merge b2g-inbound to m-c a=merge CLOSED TREE 2015-03-03 17:02:21 -08:00
Chuck Lee
6cb15b84a0 Bug 1012549 - 0004. Support read private key in keystore. r=dkeeler r=qdot 2015-02-28 21:54:24 +08:00
David Keeler
3b4360319c bug 1085506 - gather telemetry for TLS handshake certificate verification errors r=rbarnes 2015-02-27 11:14:29 -08:00
Mark Goodwin
f4a1822554 Bug 1130757 - tests for bug 1130757. r=dkeeler 
--HG--
extra : rebase_source : 7b047f5bddf3544ca82d3b8875925acdbdb02ea5
 2015-03-02 08:19:00 +01:00
Cykesiopka
de906ce3ce Bug 1130418 - Remove broken e-mail cert trust editing UI. r=emk 
--HG--
extra : rebase_source : fb4c89e251e2ce3e4d9cf002a0cda4166a589a2c
 2015-03-02 19:54:00 +01:00
Cykesiopka
4419d0186e Bug 1130413 - Remove unused nsITokenPasswordDialogs::GetPassword() function. r=jjones 
--HG--
extra : rebase_source : 85b9e442d6b5be401fdd389cc251add8a633bb23
 2015-02-26 13:05:00 +01:00
Wes Kocher
b17feb3f40 Merge inbound to m-c a=merge 2015-03-02 12:12:47 -08:00
ffxbld
8084ed7b82 No bug, Automated HPKP preload list update from host bld-linux64-spot-044 - a=hpkp-update 2015-02-28 03:27:43 -08:00
ffxbld
94776e3384 No bug, Automated HSTS preload list update from host bld-linux64-spot-044 - a=hsts-update 2015-02-28 03:27:41 -08:00
David Keeler
d01ea02613 bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith 2015-02-24 15:48:05 -08:00
Boris Zbarsky
a7d78c82c0 Bug 1136388. Change nsIDocumentLoaderFactory and nsIURIContentListener to take MIME types as an XPCOM string, not a char*. r=smaug 2015-02-25 10:26:51 -05:00
Brian Smith
2672d3b5d3 Bug 1077864, Part 3: update nsserrors.properties so error message gets localized. 2015-02-23 16:04:23 -08:00
Ryan VanderMeulen
fd0387315e Merge inbound to m-c. a=merge 2015-02-21 16:40:27 -05:00
ffxbld
c2dabe6507 No bug, Automated HPKP preload list update from host bld-linux64-spot-148 - a=hpkp-update 2015-02-21 03:32:26 -08:00
ffxbld
00bf62f9f5 No bug, Automated HSTS preload list update from host bld-linux64-spot-148 - a=hsts-update 2015-02-21 03:32:24 -08:00
Masatoshi Kimura
2bdace7384 Bug 1127339 - Detect SSLv3-only server in PSM. r=keeler 2015-02-21 17:20:22 +09:00
Cykesiopka
31ea56f770 Bug 1097622 - Add test cases for certs that have notBefore times earlier than the UNIX epoch. r=dkeeler 2015-02-17 06:15:00 -05:00
Cykesiopka
47f24e15e4 Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler 2015-02-18 15:56:00 -05:00
Cykesiopka
37b3759ab9 Bug 1097622 - Rename (mE|e)rrorCodeExpired variables to (mE|e)rrorCodeTime. r=dkeeler 2015-02-17 06:12:00 -05:00
Masatoshi Kimura
17cbaa2849 Bug 1133187 - Update fallback whitelist. r=keeler 2015-02-19 04:12:59 +09:00
Masatoshi Kimura
0101cbcbce Bug 1124039 - Allow RC4 only for whitelisted hosts. r=keeler 2015-02-19 04:12:58 +09:00
Masatoshi Kimura
6b89f2db74 Bug 1137179 - Add wildcard support to the static fallback list. r=keeler 2015-02-28 08:53:44 +09:00
Cykesiopka
a64db6ab58 Bug 1136471 - Remove unused nsIIdentityInfo.getValidEVPolicyOid(). r=dkeeler 2015-02-26 13:05:00 -05:00
Chris Peterson
5ef9f4d21f Bug 1133283 - Remove nonstandard expression closures from security/manager/ssl/tests. r=keeler 2015-01-24 23:48:22 -08:00
David Keeler
372a8a591d bug 1123671 - if a non-overridable error is encountered when processing an overridable certificate error, report the non-overridable error r=mmc r=jcj 
Also, SEC_ERROR_UNTRUSTED_ISSUER and SEC_ERROR_UNTRUSTED_CERT are not actually overridable, so don't pretend they are.
 2015-01-23 14:04:44 -08:00
Chuck Lee
ce50eac5c5 Bug 1012549 - 0001. Support import PKCS12 certificate. r=dkeeler r=vchang 2015-02-28 21:54:16 +08:00
Christoph Kerschbaumer
b88b7049eb Bug 1099296 - Attach LoadInfo to remaining callers of ioService and ProtocolHandlers - in security/ (r=keeler) 2015-02-17 10:09:40 -08:00
Carsten "Tomcat" Book
e2399947f4 Merge mozilla-central to mozilla-inbound 2015-02-16 16:14:51 +01:00
Carsten "Tomcat" Book
08fafcb3e2 merge mozilla-inbound to mozilla-central a=merge 2015-02-16 15:59:56 +01:00
ffxbld
99b5f33384 No bug, Automated HPKP preload list update from host bld-linux64-spot-1093 - a=hpkp-update 2015-02-14 03:21:57 -08:00
ffxbld
c9826729b7 No bug, Automated HSTS preload list update from host bld-linux64-spot-1093 - a=hsts-update 2015-02-14 03:21:55 -08:00
Masatoshi Kimura
eb132d66f6 Bug 1131880 - Modify the condition to disallow PR_CONNECT_RESET_ERROR on fallback. r=keeler 2015-02-16 20:03:06 +09:00
Masatoshi Kimura
7e78ba3eec Backout 9507662057de (bug 1130670) and c731517a47e8 (bug 1124039) due to compatibility issues 2015-02-16 19:55:15 +09:00
Mike Hommey
6786219e1f Bug 1120937 - Properly initialize string fields from the PKCS#11 test module. r=keeler 
The string fields need to be padded with spaces, according to what
PK11_MakeString does to find the end of the string.

While here, factor all the string manipulations in the test module and
use some C++ template magic to do the right thing.

This changes the static asserts from (with clang):

pkcs11testmodule.cpp:45:3: error: static_assert failed
      "TestManufacturerID too long - make it shorter"
  static_assert(sizeof(TestManufacturerID) <= sizeof(pInfo->manufacturerID),
  ^             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

to:

pkcs11testmodule.cpp:46:3: error: static_assert failed
      "DestSize >= SrcSize - 1"
  static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1");
  ^             ~~~~~~~~~~~~~~~~~~~~~~~
pkcs11testmodule.cpp:58:3: note: in instantiation of function
      template specialization 'CopyString<32, 63>' requested here
  CopyString(pInfo->manufacturerID, TestManufacturerID);
  ^

which actually gives more information than before: it gives the length of
both buffers.
 2015-02-13 10:29:18 +09:00
Masatoshi Kimura
1b6561194e Bug 1130670 - Remove dead code that tracks strongCipherStatus. r=keeler 2015-02-14 15:16:04 +09:00
L. David Baron
d8275d9234 Back out changeset a02ea85607a2 (bug 1038072) for widespread test failures (at least Linux, Android, and Mulet), on a CLOSED TREE. 2015-05-06 09:58:55 +02:00
Daniel Veditz
a956162b00 Bug 1038072 - signature verification for JAR files unpacked into a directory. r=keeler 
--HG--
extra : rebase_source : 3afa62b566718cfbfaaf53765d385187388e83e5
 2015-05-05 20:21:00 +02:00
Nicholas Nethercote
3a7b0a9f57 Bug 1131901 (part 1) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj. 
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.

--HG--
extra : rebase_source : 526d96ab65e4d7d71197b90d086d19fbdd79b7b5
 2015-02-02 14:48:58 -08:00
Cykesiopka
d92c1180e0 Bug 1130405 - Remove unused pippki strings. r=jcj 2015-02-11 05:08:00 -05:00
Cykesiopka
edf6d8ff32 Bug 1130402 - Make use of currently unused certManager.dtd access key strings. r=jcj 2015-02-07 01:16:00 -05:00
Cykesiopka
2c768c2db6 Bug 1131475 - Make sure reference to "unable_to_toggle_fips" bundle key is in the correct case. r=jcj 2015-02-11 05:05:00 -05:00
Andrew McCreight
31ba9aaed9 Bug 1131199, part 2 - Make PLDHashtInitEntry infallible. r=froydnj 
Also, drop the unused table argument.
 2015-02-11 09:46:40 -08:00
Andrew McCreight
6ec7fe58dd Bug 1131199, part 1 - Allocation of CompareCacheHashEntryPtr::entry is infallible. r=froydnj 2015-02-11 09:46:40 -08:00
Nicholas Nethercote
63e3218e4c Back out changesets 2fcef6b54be7, 2be07829fefc, 66dfe37b8532, df3fcd2be8fd, 0a436bce77a6 (bug 1050035) for causing intermittent crashes and assertion failures. 
--HG--
extra : rebase_source : eb30be83c3143c6c203585a80a18f180025efaba
 2015-02-10 14:39:49 -08:00
Brian Smith
b0f87b9b6c Bug 1122841, Part 2: Centralize checking of public key, r=keeler 
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
 2015-02-02 16:17:08 -08:00
Masatoshi Kimura
83c11c2359 Bug 1124039 - Enable RC4 only if ClientHelloVersion <= TLS 1.0. r=keeler 2015-02-10 22:29:51 +09:00
Cykesiopka
500d8c1041 Bug 897690 - Remove misleading error message from AppendErrorTextUntrusted. r=dkeeler 
--HG--
extra : rebase_source : b232fa770189e40916ca60a18c6b12c24d2a77dd
 2015-02-09 03:50:00 +01:00
Nicholas Nethercote
242708cf72 Bug 1127201 (attempt 2, part 1) - Replace most NS_ABORT_IF_FALSE calls with MOZ_ASSERT. r=Waldo. 
--HG--
extra : rebase_source : 488e401ff87e31a2074c4108c4df0572d9536667
 2015-02-09 14:34:50 -08:00
Masatoshi Kimura
c199c43026 Bug 1126413 - Part 2: UI changes to display security info on broken secure pages. r=dolske 2015-02-10 04:16:23 +09:00
Masatoshi Kimura
8573fc1f7e Bug 1126413 - Part 1: Expose nsISSLStatus for broken secure pages. r=keeler 2015-02-10 04:16:22 +09:00
Phil Ringnalda
c456d08848 Merge m-i to m-c, a=merge 2015-02-07 08:45:54 -08:00
ffxbld
a14db61a3f No bug, Automated HPKP preload list update from host bld-linux64-spot-075 - a=hpkp-update 2015-02-07 03:24:40 -08:00
ffxbld
ae1fda75a2 No bug, Automated HSTS preload list update from host bld-linux64-spot-075 - a=hsts-update 2015-02-07 03:24:38 -08:00
Nicholas Nethercote
d34f0301b8 Bug 1127201 (part 2) - Convert all NS_ABORT_IF_FALSE calls to MOZ_ASSERT. r=Waldo. 
--HG--
extra : rebase_source : 99182e70335d2b5ff95f8c528ae992d37294be3a
 2015-02-04 20:05:36 -08:00
Masatoshi Kimura
21dab1da42 Bug 1128763 - Do insecure fallback after PR_CONNECT_RESET_ERROR for whitelisted sites only. r=keeler 2015-02-05 22:02:32 +09:00
Masatoshi Kimura
6fbc2ae89f Bug 1116891 - Do fallback with RC4 cipher suites after PR_CONNECT_RESET_ERROR. r=bsmith 2015-02-05 22:02:31 +09:00
Masatoshi Kimura
b99b9fe12a Bug 1127285 - Remove unused fallback reasons. r=keeler 2015-02-05 22:02:31 +09:00
Cykesiopka
03f599fcf0 Bug 1128917 - Replace getp12password.xul with a call to nsIPromptService::PromptPassword(). r=keeler 
--HG--
extra : rebase_source : a92f80292395cbc9105cf9564f6f5005da2ff582
 2015-02-05 03:28:00 +01:00
Masatoshi Kimura
562649fe82 Bug 1128227 - Add a static TLS insecure fallback whitelist. r=keeler 2015-02-07 13:03:23 +09:00
TheKK
3cda0706de Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz 2015-01-23 06:17:00 +01:00
Nicholas Nethercote
b5913e0b3d Bug 1050035 (part 4) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj. 
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.

--HG--
extra : rebase_source : eeba14d732077ef2e412f4caca852de6b6b85f55
 2015-02-02 14:48:58 -08:00
Nicholas Nethercote
9a36fdbde4 Bug 1050035 (part 2) - Remove the fallible version of PL_DHashTableInit(). r=froydnj,mrbkap. 
Because it's no longer needed now that entry storage isn't allocated there.
(The other possible causes of failures are much less interesting and simply
crashing is a reasonable thing to do for them.)

This also makes PL_DNewHashTable() infallible.

--HG--
extra : rebase_source : 848cc9bbdfe434525857183b8370d309f3acbf49
 2015-02-01 20:19:08 -08:00
David Keeler
dcc3953291 bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa 
As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
 2015-01-15 11:01:10 -08:00
Cykesiopka
caa1e7521a Bug 78808 - Enable Cert Manager buttons only when they would have an effect. Original patch by Scott Johnson. r=keeler 2015-01-31 14:20:00 +01:00
Mike Hommey
a35dbaeebf Bug 1126593 - Add a global fallible instance, so that using fallible works directly, everywhere. r=njn 
--HG--
rename : memory/mozalloc/fallible.h => memory/fallible/fallible.h
 2015-02-02 09:56:13 +09:00
Andrew McCreight
d3826daa16 Back out Bug 1127201 (part 2) for various problems. 2015-02-06 15:04:32 -08:00
Cykesiopka
eb24c24fb9 Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler 
--HG--
extra : rebase_source : de63f37cdef477d96c1aef8253feca7013ba3bfd
 2015-02-06 11:18:20 -08:00
Cykesiopka
06973aee53 Bug 968560 - Add missing Not-Yet-Valid cert override tests. r=dkeeler 
--HG--
extra : rebase_source : 15d2774ad604561639306bb91134f6f63967e105
 2015-02-06 11:18:04 -08:00
Phil Ringnalda
c408ae1430 Merge m-c to m-i 2015-01-31 09:13:30 -08:00
Masatoshi Kimura
f34f010bc1 backout 3d4d4a91f29a (bug 1102632) as some web pages can no longer connect without enabling SSLv3 2015-01-31 22:16:48 +09:00
ffxbld
5a3089ce04 No bug, Automated HPKP preload list update from host bld-linux64-spot-015 - a=hpkp-update 2015-01-31 03:38:09 -08:00
ffxbld
f0761aa2b1 No bug, Automated HSTS preload list update from host bld-linux64-spot-015 - a=hsts-update 2015-01-31 03:38:07 -08:00
Wes Kocher
f62801541d Merge fx-team to m-c a=merge CLOSED TREE 2015-01-29 15:27:17 -08:00
Masatoshi Kimura
bf88ffa183 Bug 1123020 - Remove options to allow unrestricted renegotiation. r=keeler 2015-01-29 21:04:26 +09:00
Gijs Kruitbosch
36e608ec65 Bug 1126675 - indicate missing issuerName or subjectName as empty string, r=keeler 2015-01-28 15:42:41 +00:00
David Keeler
718bcfa712 backout cd0ec3afca5a (bug 832837) for mochitest bustage 2015-01-30 11:25:24 -08:00
David Keeler
11b9c65608 bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa 
As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
 2015-01-15 11:01:10 -08:00
Masatoshi Kimura
4e8a902fda Bug 1114816 - Implement TLS intolerance fallback whitelist. r=keeler 2015-01-29 03:52:42 +09:00
Cykesiopka
ad8382e07c Bug 1125478 - Refactor and clean up key size test files. r=keeler 2015-01-27 22:11:00 +01:00
Nicholas Nethercote
3163cfc2c1 Bug 1124973 (part 2) - Introduce PL_DHashTableSearch(), and replace most PL_DHashTableLookup() calls with it. r=froydnj. 
It feels safer to use a function with a new name, rather than just changing the
behaviour of the existing function.

For most of these cases the PL_DHashTableLookup() result was checked with
PL_DHASH_ENTRY_IS_{FREE,BUSY} so the conversion was easy. A few of them
preceded that check with a useless null check, but the intent of these was
still easy to determine.

I'll do the trickier ones in subsequent patches.

--HG--
extra : rebase_source : ab37a7a30be563861ded8631771181aacf054fd4
 2015-01-22 21:06:55 -08:00
David Keeler
3752aec566 bug 1125503 - when canonicalizing hostnames, check string length before calling Last() r=mmc 
--HG--
extra : amend_source : 9d07347f76b4d6b2fd1ab77f7025043575c3b4f9
 2015-01-26 12:47:50 -08:00
Cykesiopka
3584ed3e5f Bug 691148 - Remove unused strings from pipnss.properties. r=keeler 2015-01-26 21:30:00 +01:00
Chris Peterson
41af2cb673 Bug 1125592 - Fix -Wmaybe-uninitialized warning in security/manager/ssl/src/nsNSSASN1Object.cpp. r=dkeeler 2015-01-23 22:58:43 -08:00
Phil Ringnalda
a2c9403154 Merge m-i to m-c, a=merge 2015-01-24 08:27:17 -08:00
ffxbld
c0a485d057 No bug, Automated HPKP preload list update from host bld-linux64-spot-127 - a=hpkp-update 2015-01-24 03:27:50 -08:00
ffxbld
ecf187e0ce No bug, Automated HSTS preload list update from host bld-linux64-spot-127 - a=hsts-update 2015-01-24 03:27:48 -08:00
Cykesiopka
0dff21f2ae Bug 1077790 - Tests. r=keeler 
--HG--
extra : rebase_source : c1f058a4d235651667b0cb7e84325bbc3d902966
 2015-01-22 13:50:06 -08:00
David Keeler
11cb332d1e bug 1114882 - allow nsICryptoHash to be used in a content process r=mayhemer 2015-01-16 11:59:25 -08:00
Wes Kocher
2731390e4d Backed out changeset 7811ebf7e321 (bug 1114882) for Android S4 orange on a CLOSED TREE 2015-01-21 17:24:36 -08:00
Raymond Etornam Agbeame(:retornam)
900af2113f Bug 1109235 - remove nsIStreamCipher and implementation r=keeler 2015-01-22 16:02:30 -08:00
David Keeler
fae1a9756b bug 1114882 - allow nsICryptoHash to be used in a content process r=mayhemer 2015-01-16 11:59:25 -08:00
Ryan VanderMeulen
06f5f25641 Merge inbound to m-c. a=merge 2015-01-20 22:12:46 -05:00
ffxbld
e8dfde2d50 No bug, Automated HPKP preload list update from host bld-linux64-spot-1001 - a=hpkp-update 2015-01-20 15:17:19 -08:00
ffxbld
9c7a5b2da8 No bug, Automated HSTS preload list update from host bld-linux64-spot-1001 - a=hsts-update 2015-01-20 15:17:17 -08:00
Nicholas Nethercote
8bd1f6f072 Bug 1123151 (part 2) - Add PLDHashTable::IsInitialized(). r=froydnj. 
This encapsulates most of the uses of PLDHashTable::ops.

--HG--
extra : rebase_source : 7760ce8e46a37e87dcfe590e809a21df01fe510f
 2015-01-19 16:11:34 -08:00
Nicholas Nethercote
bd573c9b9c Bug 1123151 (part 1) - Set PLDHashTable::ops consistently. r=froydnj. 
Currently the setting of PLDHashTable::ops is very haphazard.

- PLDHashTable has no constructor, so it's not auto-nulled, so lots of places
  null it themselves.

- In the fallible PLDHashTable::Init() function, if the entry storage
  allocation fails we'll be left with a table that has |ops| set -- indicating
  it's been initialized -- but has null entry storage. I'm not certain this can
  cause problems but it feels unsafe, and some (but not all) callers of Init()
  null it on failure.

- PLDHashTable does not null |ops| in Finish(), so some (but not all) callers
  do this themselves.

This patch makes things simpler.

- It adds a constructor that zeroes |ops|.

- It modifies Init() so that it only sets |ops| once success is ensured.

- It zeroes |ops| in Finish().

- Finally, it removes all the now-unnecessary |ops| nulling done by the users
  of PLDHashTable.

--HG--
extra : rebase_source : bb34979c218d152562a2f9c7e5215256c111cc5b
 2015-01-19 16:01:24 -08:00
David Keeler
bf280b3310 bug 1123374 - fix CertBlocklist initialization when revocations.txt does not exist r=mgoodwin 
--HG--
extra : amend_source : a3ee19306e36386f1f71f27ae5ce215c026360fe
 2015-01-20 10:18:29 -08:00
Masatoshi Kimura
cb76e55fd8 Bug 1120393 - unittest to ensure nsITransportSecurityInfo.errorCode is correctly serialized. r=keeler 2015-01-16 21:48:38 +09:00
Masatoshi Kimura
0b9afb21b8 Bug 1120393 - Serialize/deserialize nsITransportSecurity.errorCode. r=keeler 2015-01-16 21:48:38 +09:00
Birunthan Mohanathas
2f07a9ef3a Bug 1060696 - Remove NS_INIT_ISUPPORTS. r=froydnj 2015-01-16 07:34:46 +02:00
Nicholas Nethercote
69fe655b04 Bug 1121304 (part 2, attempt 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj. 
--HG--
extra : rebase_source : bc119bd0d3b6944e8c5a000950e0c4052cb70aef
 2015-01-14 14:35:56 -08:00
Phil Ringnalda
e39f0adeca Backed out 2 changesets (bug 1121304) for consistent b2g hangs in webgl-color-test.html?frame=1&__&preserve&premult&_____ 
Backed out changeset 20651ac19549 (bug 1121304)
Backed out changeset 758afec77c95 (bug 1121304)
 2015-01-14 22:02:23 -08:00
Nicholas Nethercote
e9735966fa Bug 1121304 (part 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj. 2015-01-14 14:35:56 -08:00
Nicholas Nethercote
47221bc7f9 Bug 1120476 (part 4) - Remove PLDHashTableOps::finalize. r=froydnj. 
--HG--
extra : rebase_source : b14dda8cdd5cd896d1e32950e38b2a9f7da4d99e
 2015-01-13 19:02:35 -08:00
Nicholas Nethercote
c7538c9776 Bug 1120476 (part 3) - Remove PLDHashTable::data. r=froydnj. 
--HG--
extra : rebase_source : 24d10af3dbce3ada5252503bc80bb1a4e31bc1c9
 2015-01-13 16:42:13 -08:00
Brian Smith
e538f2d921 Bug 1115906, Part 2: Annotate classes and member functions with override and final, r=keeler 
--HG--
extra : rebase_source : 79bb236bef83ed3e884d73e029ac29a5aa999840
extra : source : d14d86bcebd38be80d00a263c3145eb0dbcc53cd
 2015-01-13 16:54:10 -08:00
Brian Smith
825d71887a Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler 
--HG--
rename : security/pkix/include/pkix/nullptr.h => security/pkix/include/pkix/stdkeywords.h
extra : rebase_source : 9cacd9729ac4cfb1e4bf920c8afdffb831b60d36
extra : source : f673d05dfc9a6d830e5e3c01976b41588cc70ead
 2015-01-07 14:53:11 -08:00
Mike Hommey
128c4e6069 Bug 1120937 - Properly initialize the session field from C_OpenSession in the PKCS#11 test module. r=dkeeler 2015-01-14 15:18:50 +09:00
Cykesiopka
0b1422c813 Bug 1120098 - Re-enable test_ocsp_timeout.js on Windows. r=dkeeler 2015-01-10 08:41:00 +01:00
Steve Singer
ed3b64fce0 Bug 1120125 - Fix compile error on big endian platforms. r=keeler 2015-01-10 14:31:00 +01:00
David Keeler
762d9b52df bug 1065909 - canonicalize hostnames in nsSiteSecurityService and PublicKeyPinningService r=mmc 2015-01-09 09:46:05 -08:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
ea0e5ac119 Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 06:08:00 +01:00
Ehsan Akhgari
4354953b4f Bug 1118486 - Part 1: Use = delete instead of MOZ_DELETE directly; r=Waldo 
Most of this patch (with the exception of dom/bindings/Codegen.py) was
generated by the following bash script:

#!/bin/bash

function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
       ! -wholename "*security/nss*" \
       ! -wholename "*/.hg*" \
       ! -wholename "*/.git*" \
       ! -wholename "obj-*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_DELETE '= delete'
 2015-01-08 23:19:05 -05:00
David Keeler
e7d2f9cd12 bug 1101194 - follow-up to fix bustage in TestCertDB r=bustage on a CLOSED TREE 
Turns out there was a code path that resulted in attempting to acquire a lock
on the DataStorage mutex when one had already been acquired, resulting in
deadlock. This fixes it.
 2015-01-08 10:56:07 -08:00
David Keeler
d11cf2ca74 bug 1101194 - add telemetry for DataStorage table size r=mgoodwin 2015-01-07 13:23:07 -08:00
Cykesiopka
d98fab56db Bug 989485 - Split test_cert_eku.js into multiple files to avoid time outs. r=keeler 2015-01-08 01:15:00 -05:00
Michael Pruett
411a94b05a Bug 1118024 - Use new PL_DHashTable{Add,Lookup,Remove} functions. r=nfroyd 2015-01-05 20:27:28 -06:00
David Keeler
b29b970426 bug 1114741 - have nsRandomGenerator guard against NSS shutdown r=jcj 
nsRandomGenerator uses NSS resources but does not prevent against NSS shutting
down while doing so. To fix this, nsRandomGenerator must implement
nsNSSShutDownObject.
 2015-01-05 16:11:26 -08:00
Ehsan Akhgari
665cc5846c Bug 1116559 - Remove the code to handle shutdown-cleanse from the cert override service code; r=keeler 
shutdown-cleanse has not been a thing for quite a while.
 2015-01-05 21:01:27 -05:00
Andrew Bartlett
1b02f46484 Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler 
NTLMv2 is the default.

This adds a new preference:
network.ntlm.force-generic-ntlm-v1

This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.

To support this, we also:
 - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"

 - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"

 - Remove LM code from internal NTLM handler

   The LM response should essentially never be sent, the last practical
   use case was CIFS connections to Windows 9X, I have never seen a web
   server that could only do LM

   It is removed before the NTLMv2 work is done so as to avoid having 3
   possible states here (LM, NTLM, NTLMv2) to control via preferences.

Developed with Garming Sam <garming@catalyst.net.nz>
 2014-12-22 15:55:00 -05:00
Phil Ringnalda
9f997b2894 Merge m-i to m-c, a=merge 2015-01-03 20:02:33 -08:00
ffxbld
cb0e685792 No bug, Automated HPKP preload list update from host bld-linux64-spot-100 - a=hpkp-update 2015-01-03 03:20:27 -08:00
ffxbld
c84a6316bf No bug, Automated HSTS preload list update from host bld-linux64-spot-100 - a=hsts-update 2015-01-03 03:20:25 -08:00
David Erceg
848f74a40d Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler 2014-12-22 20:26:49 +11:00
Ehsan Akhgari
580310c5b8 Bug 1115076 - Wait for about:privatebrowsing to load in test_sts_privatebrowsing_perwindowpb.html; r=jdm 2014-12-31 09:32:03 -05:00
Ehsan Akhgari
5f97b938f2 Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith 2015-01-02 09:02:04 -05:00
ffxbld
5f30b892c8 No bug, Automated HPKP preload list update from host b-linux64-ix-0002 - a=hpkp-update 2014-12-27 03:21:29 -08:00
ffxbld
3739aa349f No bug, Automated HSTS preload list update from host b-linux64-ix-0002 - a=hsts-update 2014-12-27 03:21:25 -08:00
Tom Schuster
057c4c5a8e Bug 1110835 - Simplify some code nsSecureBrowserUIImpl around UpdateSecurityState. r=keeler 2014-12-25 21:31:11 +01:00
Masatoshi Kimura
a325bfdb20 Bug 1114295 - Remove the dead pref for TLS_DHE_DSS_WITH_AES_128_CBC_SHA. r=keeler 2014-12-24 22:21:12 +09:00
Tom Schuster
b45a1a0c90 Bug 764496 - Make EV detection work in content processes. r=keeler,kanru 2014-12-24 14:04:24 +01:00
Carsten "Tomcat" Book
c3edf3a511 Backed out changeset 8fd0df8e208c (bug 423758) for bustage 2014-12-22 09:05:34 +01:00
Andrew Bartlett
d741102951 Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler 
NTLMv2 is the default.

This adds a new preference:
network.ntlm.force-generic-ntlm-v1

This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.

To support this, we also:
 - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"

 - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"

 - Remove LM code from internal NTLM handler

   The LM response should essentially never be sent, the last practical
   use case was CIFS connections to Windows 9X, I have never seen a web
   server that could only do LM

   It is removed before the NTLMv2 work is done so as to avoid having 3
   possible states here (LM, NTLM, NTLMv2) to control via preferences.

Developed with Garming Sam <garming@catalyst.net.nz>
 2014-12-18 17:25:00 +01:00
Phil Ringnalda
79b6885780 Merge m-c to m-i 
--HG--
extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e
 2014-12-20 12:19:27 -08:00
ffxbld
6d9b691066 No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update 2014-12-20 03:20:57 -08:00
ffxbld
02fdacaf29 No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update 2014-12-20 03:20:56 -08:00
Michael Wu
301128304a Bug 1103816 - Add support for gonk-L to android_stub.h, r=glandium 2014-12-16 21:35:09 -05:00
Blake Kaplan
83b87ab7f1 Bug 1113313 - Rename these functions to better reflect what they do. r=billm 
--HG--
extra : rebase_source : ae61b3dd6dd5ce50a131a640060d7be57e562e4d
 2014-12-19 12:07:04 -05:00
Brian Smith
932b9471a2 Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler 
--HG--
extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea
 2014-12-15 20:49:42 -08:00
Brian Smith
510bbfd05d Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab
 2014-12-04 20:55:15 -08:00
Brian Smith
beff7d1c02 Bug 1111397, Part 2: Remove test_bug484111.html, r=keeler 
--HG--
extra : rebase_source : 56617ea82e9028295203173d1ea5e6ccfdbf9722
 2014-12-14 21:51:26 -08:00
Brian Smith
123a9716ca Bug 952863, Part 2: Remove dead code for non-ECDHE TLS False Start, r=keeler 
--HG--
extra : rebase_source : 47ee95682f769b8e10aaf55b0f4fccfef1fcdea0
 2014-12-10 10:13:18 -08:00
Nathan Froyd
0c4895658a Bug 1112608 - use GENERATED_INCLUDES in security/manager/{boot,pki}/src/; r=mshal 
The sole use of Makefile.in in the security/manager/{boot,pki}/src/
directories is so we can add $(DIST)/public/nss to INCLUDES.
GENERATED_INCLUDES can be used to handle this case instead, at the cost
of hardcoding the path to $(DIST).  This seems reasonable enough, since
a number of moz.build files already know about dist/ and its location
within the objdir.
 2014-12-17 11:02:19 -05:00
Brian Smith
9725dd6a70 Bug 952863, Part 1: Require ECDHE for TLS False Start, r=keeler 
--HG--
extra : rebase_source : d983e440de5be7c097a3e0f4afe0de805c540919
 2014-12-12 11:39:01 -08:00
Masatoshi Kimura
ab4b12e208 Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus 2014-12-13 20:09:01 +09:00
Brian Smith
7a433f6905 Bug 1084025, Part 3: Clean up some bits, r=keeler, r=emk 
--HG--
extra : rebase_source : 7aa1de4e9c391bf3e3cd5df79c62fff4546a8c67
 2014-12-12 16:42:41 -08:00
Brian Smith
0cd5238974 Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler 
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
 2014-12-11 23:22:35 -08:00
Monica Chew
63de38c180 Bug 1101969: Disable pinning on media.mozilla.com (r=keeler) 2014-12-12 09:10:57 -08:00
Monica Chew
04d69a9f5b Bug 1004781: Enable pinning for facebook in production mode (r=keeler) 2014-12-12 09:10:53 -08:00
Brian Smith
7f05080219 Bug 940787: Stop requiring ALPN/NPN for False Start, r=keeler 
--HG--
extra : rebase_source : f8946e1fc631f2458807a559104a1dca01f444ac
 2014-12-10 10:50:48 -08:00
Brian Smith
cc0b0eeed3 Bug 1109766: Require AES-GCM for TLS False Start, r=keeler 
--HG--
extra : rebase_source : 8370c628863e644131ed1fbe6b8e49b5dc1215dc
 2014-12-10 10:19:00 -08:00
Brian Smith
9c1c9d03e6 Bug 861310: Require TLS 1.2 for TLS False Start, r=keeler 
--HG--
extra : rebase_source : d4bb253a84270c84acdf7ed4f84bc0186231e521
 2014-12-10 10:04:45 -08:00
Cykesiopka
9cae71d8a9 Bug 1109252 - Make remaining PSM test cert generation scripts print out cert information as necessary. r=keeler 2014-12-10 21:32:00 +01:00
Cykesiopka
7e1828ba3d Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler 2014-12-09 12:07:00 -05:00
Cykesiopka
6df9a55b46 Bug 978426 - Re-enable test_sts_preloadlist_perwindowpb.js on B2G. r=dkeeler 2014-12-09 11:37:00 +01:00
Brian Smith
81f8d7a489 Bug 1107787: Disable TLS_DHE_DSS_WITH_AES_128_CBC_SHA, r=keeler 
--HG--
extra : rebase_source : 063d859c69adc8deba9d1842f4bd42a9b862bbe5
 2014-12-04 19:50:58 -08:00
Brian Smith
5bd7eba3e4 Bug 1037098: Remove preferences for cipher suites disabled in bug 1036765, r=keeler 
--HG--
extra : rebase_source : b033bea062c8cafecd93830fa54f4cf184fa28df
 2014-12-04 19:47:17 -08:00
Ryan VanderMeulen
1bdab6fe7b Backed out changesets fb903f13f215, 9c5c712698e4, and 36d257ead3da (bug 1092835) for causing test_csp_allow_https_schemes.html permafail on Android 2.3. 
CLOSED TREE
 2014-12-09 14:00:47 -05:00
Masatoshi Kimura
487b1516b0 Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus 2014-12-10 00:54:06 +09:00
Masatoshi Kimura
5167dadd93 Bug 1093724 - Add a range check to the TLS version prefs loading code. r=keeler 2014-12-09 21:48:29 +09:00
Masatoshi Kimura
b95c85162f Bug 1084025 - Add telemetry to measure failures due to not falling back. r=keeler 2014-12-09 07:19:05 +09:00
Carsten "Tomcat" Book
cf57e57455 merge mozilla-inbound to mozilla-central a=merge 2014-12-08 12:48:58 +01:00
ffxbld
15713eb9bb No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update 2014-12-06 03:20:43 -08:00
ffxbld
6e96f60fd3 No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update 2014-12-06 03:20:41 -08:00
Cykesiopka
83c04b6586 Bug 1085074 - Part 3 - Update inadequately sized Delegated Signer cert. r=briansmith 2014-12-07 20:42:00 +01:00
Cykesiopka
ee0a49c7ee Bug 1085074 - Part 2 - Use explicit bit sizes for key size cert file names. r=briansmith 2014-12-07 20:41:00 +01:00
Cykesiopka
b42aa85de9 Bug 1085074 - Part 1 - Use adequate/OK and inadequate/notOK to refer to sizes for key size tests. r=briansmith 2014-12-07 20:23:00 +01:00
Cykesiopka
8f08848fe0 Bug 1009158 - Fix and re-enable PSM xpcshell tests that would previously time out on Android due to LD_LIBRARY_PATH issues. r=keeler 2014-12-03 09:15:00 +01:00
Masatoshi Kimura
629560ff5f Bug 1102632 - Stop triggering non-secure fallback for SSL_ERROR_UNSUPPORTED_VERSION. r=keeler 2014-12-02 20:33:24 +09:00
Jan Beich
296c205c71 Bug 1105851 - Unbreak non-unified non-SPS build after 1054498. r=jcj 2014-11-30 21:27:45 +01:00
ffxbld
40b044ec36 No bug, Automated HPKP preload list update from host b-linux64-ix-0005 - a=hpkp-update 2014-11-29 03:19:59 -08:00
ffxbld
08ee5c96d7 No bug, Automated HSTS preload list update from host b-linux64-ix-0005 - a=hsts-update 2014-11-29 03:19:56 -08:00
Carsten "Tomcat" Book
4155be994b Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage 2014-11-27 16:30:41 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
ce5a887c60 Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused 2014-11-27 04:12:00 +01:00
Masatoshi Kimura
d7c9eae1c7 Bug 1092998 - Followup to address review comments. r=keeler 2014-11-27 21:39:33 +09:00
Blake Kaplan
e4c077f303 Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-26 14:28:28 -08:00
Masatoshi Kimura
8277eea9e9 Bug 1092998 - Deal with "cipher mismatch intolerant" servers. r=keeler 2014-11-27 07:19:11 +09:00
Cykesiopka
d7fafcac42 Bug 1103336 - Fix and re-enable PSM xpcshell tests that don't use add_tls_server_setup() on Android. r=dkeeler 2014-11-22 00:08:00 +01:00
Richard Barnes
3134cd4342 Bug 968817 - Only accept certs for server TLS which use EKU (and which assert the TLS Server Authentication EKU) r=keeler 2014-11-24 20:33:50 -05:00
Richard Barnes
a5cf3d5e45 Bug 1088255 - Collect telemetry on CAs that appear in valid cert chains r=keeler 2014-11-07 16:26:46 -05:00
ffxbld
5e4279519a No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update 2014-11-22 03:19:44 -08:00
ffxbld
8733524dee No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update 2014-11-22 03:19:41 -08:00
David Keeler
ab80d0c717 bug 1091232 - update PSM data structures that are affected by root CA changes r=mmc 2014-11-18 16:41:18 -08:00
Cykesiopka
7531911bed Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler 2014-11-17 21:12:00 +01:00
Monica Chew
419fa97eb6 Bug 1092606: Filter out duplicate pinsets as well as domains (r=keeler) 2014-11-17 12:54:42 -08:00
Cykesiopka
ff26474af6 Bug 1084606 - Allow overrides for MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE. r=dkeeler 2014-11-11 00:59:00 +01:00
Gregory Szorc
17920b30c8 Merge inbound to m-c; a=merge 
--HG--
extra : amend_source : 2e89bf359e356566aee6b04bb864979539e1c90d
 2014-11-15 13:57:08 -08:00
ffxbld
4bccbd33d3 No bug, Automated HPKP preload list update from host b-linux64-ix-0011 - a=hpkp-update 2014-11-15 03:21:19 -08:00
ffxbld
1ffd463d9d No bug, Automated HSTS preload list update from host b-linux64-ix-0011 - a=hsts-update 2014-11-15 03:21:16 -08:00
David Keeler
ceaa910cc6 bug 940994 - follow-up to fix some issues that were missed in review r=mmc 2014-11-14 16:46:23 -08:00
Monica Chew
f991b325aa Bug 1098288: Enable pinning on spideroak (r=keeler) 2014-11-14 11:17:40 -08:00
Cykesiopka
36057e75f9 Bug 1057035 - Fix terminology used in the certificate exception dialog. r=keeler 2014-10-27 21:06:00 -04:00
Masatoshi Kimura
6a185fd3d7 Bug 1093595 - Change strings to add a description about weak encryption. r=dolske 2014-11-11 07:29:44 +09:00
Masatoshi Kimura
9a7fd683bc Bug 1093595 - Treat SSL3 and RC4 as broken. r=keeler 2014-11-11 07:29:44 +09:00
Carsten "Tomcat" Book
2f5bf545b6 merge mozilla-inbound to mozilla-central a=merge 2014-11-10 14:24:51 +01:00
ffxbld
c53adb3b3f No bug, Automated HPKP preload list update from host bld-linux64-spot-144 - a=hpkp-update 2014-11-08 03:20:20 -08:00
ffxbld
52c804c4de No bug, Automated HSTS preload list update from host bld-linux64-spot-144 - a=hsts-update 2014-11-08 03:20:17 -08:00
Monica Chew
a89f219bef Bug 1030135: Promote pin for services.mozilla.com to production mode (r=keeler) 2014-11-07 12:00:50 -08:00
Shashank Sabniveesu
cfb6b6200c Bug 940994 - Adding '.p7b' to 'known file types' list of 'Certificate Manager'. r=keeler 2014-10-07 14:30:00 +02:00
Chris Peterson
ba22404db5 Bug 1095926 - Fix -Wcomment warning in OCSP test and mark some OCSP tests as FAIL_ON_WARNINGS. r=briansmith 2014-10-11 20:13:45 -07:00
Michael Ratcliffe
926bf1ca5d Bug 1090913 - Make mochitests fail when it has 0 passes and 0 fails r=jmaher 2014-11-05 16:00:52 +00:00
David Keeler
fc748d0372 bug 1039642 - follow-up to fix non-unified build bustage (missing include and namespace) r=bustage a=metered 2014-11-06 14:23:21 -08:00
David Keeler
1218b5626e bug 1039642 - clean up the implementation of nsPkcs11 for style and safety r=jcj r=mmc a=metered 2014-11-05 14:05:46 -08:00
David Keeler
25ee944cea bug 1039642 - test that smart card events are no longer emitted after removing a PKCS#11 module r=jcj r=mmc a=metered 
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js => security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
 2014-11-05 13:54:21 -08:00