As of bug 1257362, the platform does not verify code signing certificates in
general, so anything involving the code signing trust of certificates can go.
MozReview-Commit-ID: 9g9kM62xfYZ
--HG--
extra : rebase_source : 5bec64e5f451c8433aff0de82a91f7bd54c24608
NSS command-line utilities may add a built-in root certificate module with the
name "Root Certs" if run on a profile that has a copy of the module file (which
is an unexpected configuration in general for Firefox). This can cause breakage.
To work around this, PSM now simply deletes any module named "Root Certs" at
startup. In an effort to prevent PSM from deleting unrelated modules
coincidentally named "Root Certs", we also prevent the user from using the
Firefox UI to name modules "Root Certs".
MozReview-Commit-ID: ABja3wpShO9
--HG--
extra : rebase_source : cfc62fb3fabf491a72f009601f3ec6973244642e
Incidentally, this means we can remove certificateUsageVerifyCA and
certificateUsageStatusResponder from CertVerifier, since we no longer use them.
MozReview-Commit-ID: Bbqn8fShfTm
--HG--
extra : rebase_source : 012cb08dcbe33fe889c9f6824959b1a02cd0bdc7
This changes does several things:
1. Changes some titles to include the word "driver" for better clarity.
2. Moves and cleans up the JS implementation of load_device.xul. Having a
cleaner implementation in a separate file makes the code easier to discover
and maintain.
3. Removes code that tries to show a special case message if a module was
already loaded.
3A. The backend code doesn't provide distinction from this case and failure to
add in general.
3B. The backend code would only return the error code being checked for if a
blank module name was provided.
4. Adds tests.
MozReview-Commit-ID: 8BxKWKw5rvp
--HG--
extra : rebase_source : 15a29bf7d46f523a11eac37c9f0c6efb2b5d0114
In general, any code that was using nsIX509Cert.nickname should be able to use
the attribute displayName (if using nickname for display purposes) or the
attribute dbKey (if using nickname as a unique identifier for a certificate).
MozReview-Commit-ID: G9CfMJDfLqe
--HG--
extra : rebase_source : 1c464dab8f028568cedd5a42cf87428b8bb63fc0
When doing TLS session resumption, the AuthCertificate hook is bypassed, which
means that the front-end doesn't know whether or not to show the EV indicator.
To deal with this, the platform attempts an EV verification. Before this patch,
this verification lacked much of the original context (e.g. stapled OCSP
responses, SCTs, the hostname, and in particular the first-party origin key).
Furthermore, it was unclear from a code architecture standpoint that a full
verification was even occurring. This patch brings the necessary context to the
verification and makes it much more clear that it is happening. It also takes
the opportunity to remove some unnecessary EV-related fields and information in
code and data structures that don't require it.
MozReview-Commit-ID: LTmZU4Z1YXL
--HG--
extra : rebase_source : 7db702f2037fae83c87fbb6aca75b4420544dff9
nsIDialogParamBlock isn't a great API, and is best avoided.
This patch also updates downloadcert.js to match modern PSM style, and adds a
test.
MozReview-Commit-ID: J2g2H0iBAn4
--HG--
extra : rebase_source : 9365f7b1c7a88caef84f0353e18510dcab9a5d32
The cert viewer currently supports two ways to pass a handle to the cert:
1. Passing the nickname of the cert via window.name.
2. Via an nsIDialogParamBlock, which is itself accessed through window.arguments.
Method 1 is unused and unnecessary.
Method 2 is overly complex: the relevant nsIX509Cert can just be passed directly.
This patch does the following:
1. Makes it so that there is only a single, straightforward way to pass a handle
to the cert.
2. Makes the cert viewer title localisable while we're nearby.
3. Renames viewCertDetails.js to better reflect the current use of the file.
MozReview-Commit-ID: pqtfNgvImT
--HG--
rename : security/manager/pki/resources/content/viewCertDetails.js => security/manager/pki/resources/content/certViewer.js
extra : rebase_source : 776a27111ab26cdcdc91b002890c43a3fe4f48e8
Deleting certs via the cert manager results in a confirmation dialog popping up.
This dialog contains a list of certs that were selected for deletion.
Currently, only the Common Name of each cert is used to represent it in the list.
This is a problem for certs that don't have a CN. More jarringly, the cert
manager itself falls back to various other attributes, so for example selecting
a cert that is represented by its OU ends up popping up a dialog where an empty
list is shown.
MozReview-Commit-ID: 3z4BebW8Ucd
--HG--
extra : rebase_source : 468eb3de470e3ec42471c80183a9c48ebfb130c9
extra : histedit_source : 90e1d2fc73aaba4ded68d933b6ea3a6092d60636
The code is used in comm-central, but is unused in mozilla-central. It will be
imported into comm-central in Bug 1297368.
MozReview-Commit-ID: BEY9BR0YRiD
--HG--
extra : rebase_source : 6d34c1e82cd749a009f26be50fde0537373f2f9e
chooseCertificate() currently uses a concatenation of the Common Name of the
server cert and the port of the server to allow the user to identify the server
requesting client authentication. Unfortunately, this approach is flawed, since
it doesn't take into account things like SAN entries, which might be very
different from the CN.
Using the hostname instead avoids this problem.
MozReview-Commit-ID: 6XjGCknWNi9
--HG--
extra : transplant_source : k%10N%7B%E8%A4%9B%C9%9A%23Q%D1%99%D2%A3%C0.%2B%7F%A5
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
nsIX509Cert provided the APIs getUsagesArray, requestUsagesArrayAsync, and
getUsagesString. These APIs were problematic in that the synchronous ones would
cause certificate verification to block the main thread and the asynchronous one
was needlessly indirect in its definition (it made use of two additional
special-case xpidl types) and needlessly complex in its implementation (it
required nsNSSComponent to manually manage a background thread without the aid
of recent improvements in that area (e.g. CryptoTask)). Furthermore, these APIs
would return string descriptions of the usages the certificate in question had
been verified for rather than using more concrete identifiers or values. This
paradigm is usable but imprecise. The new nsIX509CertDB API
asyncVerifyCertAtTime is much more expressive, enforces off-main-thread
computation, and makes use of CryptoTask for a simple implementation. Using this
API, previous uses of the old nsIX509Cert APIs can be replaced. As an additional
benefit, this removes a ton of obsolete C++ code.
MozReview-Commit-ID: KXVTcjAKehu
--HG--
extra : rebase_source : 50c51f73b2b61ed0ad4dc9702cc5df470ce998bc
This provides implementations of ChooseCertificate() with more flexibility, and
allows callers of ChooseCertificate() to be less complex.
A portion of this work involves reimplementing
nsNSSCertificate::FormatUIStrings() in JS and improving UI strings for l10n.
MozReview-Commit-ID: CE7Uc2ntwmZ
--HG--
extra : transplant_source : R%A8eC%CEO2%DC%20%F7%B4V%F3g%E6h%EB%D5%8D3
This fixes the following in the IDL:
1. Misleading or unclear parameter names in the IDL. |cn| in practice is the
concatenation of the CN of the server cert and the port of the server, and
|issuer| is the Organization of the issuer cert of the server cert.
2. Use of the |wstring| type. |AString| is generally preferred, and has the
benefit of letting implementations skip null checks due to the use of
references.
3. Using an explicit |canceled| outparam instead of just setting a return type.
There is no need for the outparam if the return type can be used.
4. Using |long| (int32_t) for |selectedIndex|. |unsigned long| (uint32_t) is
more logical, and paves the way for future changes.
This fixes the following in the Android implementation:
1. Lack of checks to ensure the QueryInterface() call succeeded. In practice,
the call will always succeed, but it's good practice to check anyways.
2. Setting a variable to an nsIPrefService instance initially, then later
setting it to a pref branch instance later on. This is confusing and
unnecessary.
This fixes the following in the desktop implementation:
1. Lack of null pointer checking.
2. Trying to get a parent window ref off a context that doesn't actually support
doing so.
3. Setting a variable to an nsIPrefService instance initially, then later
setting it to a pref branch instance later on. This is confusing and
unnecessary.
4. Abusal of the CAPS bundle.
5. Unnecessary variables.
6. Variables declared far away from where they are used.
7. Variable shadowing.
8. Style issues.
9. Lack of documentation.
This also fixes the following:
1. Lack of localisation notes.
MozReview-Commit-ID: FTc6XecJd6h
--HG--
extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.-
Also adds some missing l10n entries to nsserrors.properties (but not for errors
that are specific to TLS 1.3, since TLS 1.3 is not yet finalised).
MozReview-Commit-ID: A42fmTDTe8W
--HG--
extra : transplant_source : x%F7s%DB%05%B4%81%9Dm%FDC%A1f%B3%0D%7DR%C1%BA%B1
It no longer serves any useful purpose:
1. It is no longer possible to add explicit trust for server certs post Bug 825583.
1A. The Add Exception feature is better suited for this anyways.
2. It isn't possible to set explicit distrust in the Cert Manager, only remove explicit trust.
3. Importing may also inadvertently cause verification failures (see Bug 1202636).
Also removes the strings for the SSL_ERROR_UNUSED_5 and SSL_ERROR_UNUSED_10 errors.
--HG--
extra : rebase_source : 252d8f50085ccc57294a71c31f3b8b37c9cf2a90
