Commit Graph

10240 Commits

Author SHA1 Message Date
David Keeler
4c6c57ed83 bug 1269812 - e10s-ify test_bug383369.html and test_unsecureRedirect.html r=Cykesiopka,mrbkap
MozReview-Commit-ID: E6z91sfEjan

--HG--
extra : rebase_source : 0561b67cb63262c46289134a250fb2c59d6af17d
2016-05-03 11:00:50 -07:00
Cykesiopka
128f004a1f Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes CERTCertList parameters of various functions to make ownership more
explicit.

MozReview-Commit-ID: EXqxTK6inqy

--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
2016-05-05 14:56:36 -07:00
Kyle Huey
941ab1f522 Bug 1268313: Part 7 - Move NS_NewRunnableMethod and friends to mozilla::NewRunnableMethod. r=froydnj 2016-05-05 01:45:00 -07:00
Cykesiopka
5598e0ec78 Bug 1268365 - Check argument validity more in nsASN1Tree.cpp. r=jcj
MozReview-Commit-ID: 6DqyT1veMR7

--HG--
extra : rebase_source : ca4d914285e651fe4fec1cd032e3106c8fc3a5b3
2016-05-03 21:31:13 -07:00
Haik Aftandilian
01b38f360c Bug 1267453 - Amazon Widevine rejects HDCP on MacBook Pro with or without an external display. r=gcp
--HG--
extra : amend_source : 6a8094ddea6ac6c50e8ec8c11e0656eaddafc20e
2016-05-02 19:33:08 +02:00
Carsten "Tomcat" Book
87bdb8ed2d merge fx-team to mozilla-central a=merge 2016-05-02 11:19:50 +02:00
ffxbld
e526d34125 No bug, Automated HPKP preload list update from host bld-linux64-spot-576 - a=hpkp-update 2016-04-30 04:56:03 -07:00
ffxbld
484795c7ec No bug, Automated HSTS preload list update from host bld-linux64-spot-576 - a=hsts-update 2016-04-30 04:56:01 -07:00
Kai Engert
4673d27617 Bug 1258375, NSS_3_24_RC0, r=nss-confcall 2016-04-29 18:02:50 +02:00
Carsten "Tomcat" Book
ba3fe0975c Backed out changeset 85ce8cb0639a (bug 1268313)
--HG--
extra : rebase_source : 56d1cf41a2dc4959b67f834e07192a5c772176a8
2016-04-29 14:21:16 +02:00
Gian-Carlo Pascutto
6491a25e6f Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld
MozReview-Commit-ID: DvaHjOa5GOv

--HG--
extra : rebase_source : 1105ebd32973f8608c4c8b21dc72ba9313661735
2016-04-28 20:04:06 +02:00
Nicholas Nethercote
2511b2c327 Bug 1267550 (part 2) - Rename MOZ_WARN_UNUSED_RESULT as MOZ_MUST_USE. r=froydnj.
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.

MozReview-Commit-ID: 1VS4Dney4WX

--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf
2016-04-27 14:16:50 +10:00
Wes Kocher
56fe7c4bcb Merge m-c to fx-team a=merge
MozReview-Commit-ID: 3H9BxQQQnNI
2016-04-29 16:05:30 -07:00
Jared Wein
e889366796 Bug 1268159 - Use GreD in addition to XCurProcD for browser_misused_characters_in_strings.js to cover more string files. r=gijs
MozReview-Commit-ID: IlC170W0nlG
* * *
[mq]: temp

MozReview-Commit-ID: GF0k4zvONPD
2016-04-29 09:28:48 -04:00
Cykesiopka
fc68a083a3 Bug 1265164 - Always use nsCOMPtrs with getNSSDialogs(). r=keeler
MozReview-Commit-ID: 430uuWHIZjC

--HG--
extra : rebase_source : 3192e40558ac36a3a8bf6ff3c1399be1196f8dcb
2016-04-27 18:16:48 -07:00
Julian Hector
3871240519 Bug 1176099 - Add hooks for sigprocmask/pthread_sigmask. r=jld r=glandium 2016-04-21 13:17:50 +00:00
Kai Engert
b565a3d437 Bug 1258375, land NSS_3_24_BETA7, second attempt, r=franziskus 2016-04-27 14:51:59 +02:00
Carsten "Tomcat" Book
05d6ba16fa merge mozilla-inbound to mozilla-central a=merge 2016-04-27 11:57:21 +02:00
Daniel Veditz
19be5bed6c Bug 1267318 ignore cert expiration for mozilla-signed packages, r=dkeeler
MozReview-Commit-ID: Lw6jGmK8gkS
2016-04-26 11:54:08 -07:00
Julian Hector
1942e09c83 Bug 1266298 - Add sys_fchmod to seccomp whitelist r=jld
MozReview-Commit-ID: 4kFgfxhCMFl

--HG--
extra : transplant_source : h%D1%90%ACfP%DC%5C%CB%CC%84%CE%B7%40%17%14%B1%10%FC%AA
2016-04-21 15:59:53 +02:00
Kyle Huey
48a594a09e Bug 1268313: Part 7 - Move NS_NewRunnableMethod and friends to mozilla::NewRunnableMethod. r=froydnj 2016-04-28 14:08:25 -07:00
Julian Hector
4c291ae709 Bug 1176099 - Fix missing NULL check r=luke
MozReview-Commit-ID: ICNQNqJZzA8
2016-04-28 20:41:14 +02:00
David Keeler
1fdc1bdd0a bug 1267463 - add a more nuanced subject common name fallback option for prerelease channels r=Cykesiopka,jcj
MozReview-Commit-ID: 1vHXrPAHTRm

--HG--
extra : rebase_source : dddd8ae973d1d793890bbfc44d9fe84ef4a47ee2
2016-04-25 15:55:18 -07:00
Kyle Huey
c73656947b Bug 1265927: Move nsRunnable to mozilla::Runnable, CancelableRunnable to mozilla::CancelableRunnable. r=froydnj 2016-04-25 17:23:21 -07:00
Cykesiopka
33825b4eb1 Bug 1257031 - Return more informative error code when encountering invalid integers rather than SEC_ERROR_BAD_DER. r=keeler
Also adds some missing l10n entries to nsserrors.properties (but not for errors
that are specific to TLS 1.3, since TLS 1.3 is not yet finalised).

MozReview-Commit-ID: A42fmTDTe8W

--HG--
extra : transplant_source : x%F7s%DB%05%B4%81%9Dm%FDC%A1f%B3%0D%7DR%C1%BA%B1
2016-04-21 16:41:22 -07:00
Phil Ringnalda
d4f9b788bc Merge m-c to m-i 2016-04-23 20:05:49 -07:00
Phil Ringnalda
af470d6828 Bug 1267012 - Disable test_signed_dir.js for having a timebomb that makes it fail after one year, a=orange 2016-04-23 18:10:46 -07:00
ffxbld
41b0888167 No bug, Automated HPKP preload list update from host bld-linux64-spot-508 - a=hpkp-update 2016-04-23 05:00:27 -07:00
ffxbld
0b254f9255 No bug, Automated HSTS preload list update from host bld-linux64-spot-508 - a=hsts-update 2016-04-23 05:00:25 -07:00
David Keeler
1e53398a23 bug 1182742 - allow users to override small key size errors r=rbarnes
Key size enforcement for TLS certificates happens at two levels: PSM and NSS.
PSM enforces a minimum of 1024 bits. NSS enforces a minimum of 1023 bits by
default. The NSS error is not overridable, but the PSM error is. This change
allows users to connect to devices with small RSA keys (as little as 512 bits)
using the certificate error override functionality.

MozReview-Commit-ID: 2TZ8c4I3hXC

--HG--
extra : rebase_source : a9c550f15261c711e789a670c90c129c65802ff0
2016-04-11 13:45:47 -07:00
David Keeler
13d02ebbb6 bug 1264761 - improve handling of x509 versions in certificate manager r=Cykesiopka
MozReview-Commit-ID: B7EPx63ttlt

--HG--
extra : rebase_source : a39e04a7b2393130888ecfe02b09b495c9e068af
2016-04-18 11:07:24 -07:00
Cykesiopka
372fe1a598 Bug 1260643 - Convert most uses of ScopedCERTCertificate in PSM to UniqueCERTCertificate. r=keeler
MozReview-Commit-ID: JnjoUd7d2M0

--HG--
extra : transplant_source : %99x%B6%F5%09%97%E6%60%B6%3C%3C%C2%D5vt%27%0C-%96%1B
2016-04-20 01:14:22 -07:00
Mark Goodwin
fccc28a54a Bug 1265085 - Replace verification source with a SAN in the content signature verifier interface. r=Cykesiopka,r=fkiefer
This change replaces the hardcoded 'sourceis' in nsIContentSignatureVerifier and
ContentSignatureVerifier.cpp with a string parameter which allows the caller
to specify which hostname the signing certificate must be valid for. This allows
us to create and use new signing certificates without having to wait for new
sources to ride the trains.

MozReview-Commit-ID: KGpOVOuJrk3
2016-04-18 14:55:56 +01:00
Jacek Caban
a9c53bd3c0 Bug 1263622 - Fixed nsNSSComponent.cpp compilation on mingw. r=dkeeler,ted 2016-04-23 10:55:50 +02:00
Sebastian Hengst
926ff145c8 Backed out changeset 178243415be6 (bug 1258375) for crash [@ HandshakeCallback] on Android e.g. in dom/base/test/test_bug704320_http_http.html. r=backout on a CLOSED TREE 2016-04-26 18:00:11 +02:00
Kai Engert
2751db2b05 Bug 1258375, lang NSS_3_24_BETA7, r=franziskus 2016-04-26 16:42:37 +02:00
Wes Kocher
01ea27062a Backed out changeset bb60c7a0b0c5 (bug 1264761) for build failures in nsNSSCertHelper CLOSED TREE
MozReview-Commit-ID: KwFHe6X2WCE
2016-04-19 16:09:49 -07:00
David Keeler
9ae62ef7c9 bug 1264761 - improve handling of x509 versions in certificate manager r=Cykesiopka
MozReview-Commit-ID: B7EPx63ttlt

--HG--
extra : rebase_source : 0234079b42b1a3e46b4a6a790049b8f0769fc79a
2016-04-18 11:07:24 -07:00
Carsten "Tomcat" Book
fbeb4ca1bd Merge mozilla-central to mozilla-inbound 2016-04-18 08:51:38 +02:00
ffxbld
9fa9277647 No bug, Automated HPKP preload list update from host bld-linux64-spot-312 - a=hpkp-update 2016-04-16 04:49:09 -07:00
ffxbld
1d4acf2cee No bug, Automated HSTS preload list update from host bld-linux64-spot-312 - a=hsts-update 2016-04-16 04:49:07 -07:00
Cykesiopka
59774a5b4e Bug 1262645 - Address misc issues with nsGetUserCertChoice(). r=keeler
The follow issues are fixed:
  - Returning a failure result when failing to get a pref value instead of more
    gracefully falling back to a default.
  - Using an enum instead of a more strongly typed enum class.
  - Using a pref branch instead of the preferred Preferences.h API.
  - Manual memory management.
  - Unnecessary use of pointers.

MozReview-Commit-ID: FKw5kBhnwxL

--HG--
extra : transplant_source : %21K%E2%83/%A5%AB%DB3%F4%FB%2CUD%9E%B6l%1C%3A%22
2016-04-15 16:51:41 -07:00
Carsten "Tomcat" Book
eae4a312af Bug 1261751 - Problems with OS X Sandboxed TempDir and Rules. r=bobowen r=gcp
--HG--
extra : amend_source : 2011128c7e5406d7865da2b24f81facf7889cb0e
2016-04-16 09:00:29 +02:00
Jonas Sicking
d310d4dcee Fix unified-build bustage from bug 1264706. r=bustage 2016-04-15 15:21:38 -07:00
Jonas Sicking
32e5673b7a Fix linting bustage for bug 1264706. r=bustage 2016-04-15 15:12:39 -07:00
Jonas Sicking
9c521f30da Bug 1264706: Move nsILocalCertService, and implementation, to security/manager/ssl in order to alloow use w use elsewhere in gecko. r=dkeeler
--HG--
rename : devtools/shared/security/LocalCertService.cpp => security/manager/ssl/LocalCertService.cpp
rename : devtools/shared/security/LocalCertService.h => security/manager/ssl/LocalCertService.h
rename : devtools/shared/security/nsILocalCertService.idl => security/manager/ssl/nsILocalCertService.idl
rename : devtools/shared/security/tests/unit/test_cert.js => security/manager/ssl/tests/unit/test_local_cert.js
2016-04-15 14:52:13 -07:00
Julian Hector
d9a01beca2 Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld 2016-04-13 12:41:19 +00:00
J.C. Jones
63f7ce5155 Bug 1244960 - Complete FIDO u2f NSSToken (Part 1). r=keeler, r=baku
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
  onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
  with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.

Updates per keeler review comments:

- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review

April 11-12:

- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest

April 15:
- Rebase to latest

MozReview-Commit-ID: 6T8jNmwFvHJ

--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
2016-04-15 09:29:12 -07:00
Tim Taubert
501a3b98fe Bug 1235634 - Construct nsNSSShutdownList::singleton lazily on first use r=keeler 2016-04-13 11:06:44 +02:00
Mark Goodwin
23e56a0fd2 Bug 1252882 - Add a Content Signature Service r=keeler,r=franziskus,r=Cykesiopka
MozReview-Commit-ID: 2nS6vN3iDKe
2016-04-13 13:26:01 +01:00