Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-24 10:45:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
452,235 Commits 615 Branches 98 Tags 5.9 GiB
516b650d7d
Commit Graph

9945 Commits

Author SHA1 Message Date
Cykesiopka
2be3b53afa Bug 1205962 - Address some pylint complaints about pycert.py and pykey.py, r=keeler 
Also adds more uses of enumerate() to simplify code.

--HG--
extra : amend_source : 758eee481fa2d93f984f090aaa443b3b5756fb1f
 2015-10-05 23:24:14 -07:00
Jed Davis
1ae9d0519b Bug 930258 - Part 3: a file broker policy for the B2G emulator. r=kang 2015-10-07 22:13:08 -07:00
Jed Davis
562c4e7b57 Bug 930258 - Part 2: seccomp-bpf integration. r=kang 2015-10-07 22:13:08 -07:00
Jed Davis
bd859174ac Bug 930258 - Part 1: The file broker, and unit tests for it. r=kang f=froydnj 2015-10-07 22:13:08 -07:00
David Keeler
9b75f2c0d5 bug 975763 - move test_certificate_overrides.html to test_cert_override_bits_mismatches.js r=mgoodwin 
test_certificate_overrides.html didn't need to be a mochitest.
 2015-09-29 12:39:54 -07:00
Carsten "Tomcat" Book
08997000eb Backed out 2 changesets (bug 1202902) to recking bug 1202902 to be able to reopen inbound on a CLOSED TREE 
Backed out changeset 647025383676 (bug 1202902)
Backed out changeset d70c7fe532c6 (bug 1202902)
 2015-10-07 14:03:21 +02:00
Carsten "Tomcat" Book
e7ef778c9d Backed out 1 changesets (bug 1202902) for causing merge conflicts to mozilla-central 
Backed out changeset cfc1820361f5 (bug 1202902)

--HG--
extra : rebase_source : 5d3db72337754bc7ab0ed0c30b2896100411ff92
 2015-10-07 12:13:45 +02:00
Shu-yu Guo
d06b6030f6 Bug 1202902 - Scripted fix the world. 2015-10-06 14:00:31 -07:00
Ben Kelly
65ad5a613b Bug 1210941 P10 Use LOAD_BYPASS_SERVICE_WORKER in nsNSSCallbacks. r=ehsan 2015-10-06 06:37:07 -07:00
Kate McKinley
5955ecaffd Bug 1191414 - gather telemetry on usage of <keygen>. r=keeler,r=vladan 
--HG--
extra : rebase_source : 69aed7cd26800c9a6c6975ab24bf3e5bb3c77730
 2015-09-22 09:52:58 -07:00
Wes Kocher
9bd6e9ee5a Backed out changeset c288fb0952fb (bug 1211568) for build bustage CLOSED TREE 2015-10-05 15:56:08 -07:00
Kai Engert
118b9ae5d0 Bug 1211568 - Upgrade Firefox 44 to NSS 3.21, landing NSS_3_21_Beta2, r=mt 
--HG--
extra : rebase_source : 498e86da715351a7d1712d07e790f8691fd8d213
 2015-10-05 22:42:28 +02:00
Jed Davis
0db519c66f Bug 1207401 - Send B2G sandbox logging to both stderr and logcat. r=kang 2015-10-05 09:21:39 -07:00
Bob Owen
96010550f8 Bug 1207972: Move to using USER_INTERACTIVE and JOB_INTERACTIVE by default for the Windows content sandbox. r=tabraldes 2015-10-05 11:10:46 +01:00
Nicholas Nethercote
7d1c7e0014 Bug 1209351 (part 5) - Optimize nsTHashTable::RemoveEntry() usage in security/. r=keeler. 
--HG--
extra : rebase_source : 74877baad7a7e019c7151efaad96d7b8ccc4b6f5
 2015-09-24 20:44:31 -07:00
Phil Ringnalda
1d51d1b32a Merge m-i to m-c, a=merge 2015-10-03 15:37:39 -07:00
ffxbld
30f46ea33e No bug, Automated HPKP preload list update from host bld-linux64-spot-410 - a=hpkp-update 2015-10-03 03:44:51 -07:00
ffxbld
bde4cad906 No bug, Automated HSTS preload list update from host bld-linux64-spot-410 - a=hsts-update 2015-10-03 03:44:49 -07:00
David Keeler
a81ffd22d7 bug 1205767 - prevent memory leak when generating an EC key with <keygen> r=ttaubert 2015-09-17 14:57:24 -07:00
Tooru Fujisawa
ab6dcb335c Bug 1207499 - Part 8: Remove use of expression closure from security/. r=keeler 
--HG--
extra : commitid : CRZpUoDhoRa
extra : rebase_source : b04cc9260a59cc53f406181c67e6db4560677022
 2015-09-23 18:42:19 +09:00
Kaspar Brand
f0941953dd Bug 278689 - Multiple Certificates with the same subject are not shown in the digital signature select cert combo (only one is shown) r=dkeeler 
--HG--
extra : rebase_source : 442661d99de1c5786c04d49cfcd96a672d3077be
 2015-09-05 07:52:00 +02:00
David Keeler
30706f9f69 bug 1187994 - remove unused file CryptoUtil.h r=jcj 
This probably should have been removed as part of bug 891066.
 2015-07-27 09:56:14 -07:00
David Keeler
ae6538ad30 bug 1203312 - split tlsserver certificates into ocsp_certs and bad_certs r=mgoodwin 
The B2G emulators apparently take ~5 minutes to read 50 certificates into
memory, which causes intermittent test timeouts. This is an attempt to
reduce the number of certificates needed to be read at any given time.

--HG--
rename : security/manager/ssl/tests/unit/tlsserver/badSubjectAltNames.pem.certspec => security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/beforeEpoch.pem.certspec => security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/beforeEpochINT.pem.certspec => security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/beforeEpochIssuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ca-used-as-end-entity.pem.certspec => security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.key.keyspec => security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/eeIssuedByNonCA.pem.certspec => security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/eeIssuedByV1Cert.pem.certspec => security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/expired-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/expiredINT.pem.certspec => security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/expiredissuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.key.keyspec => security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/inadequateKeySizeEE.pem.certspec => security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/inadequatekeyusage-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ipAddressAsDNSNameInSAN.pem.certspec => security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/md5signature-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/md5signature.pem.certspec => security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-notYetValid.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-untrusted-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-untrusted.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatchCN.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/moz.build => security/manager/ssl/tests/unit/bad_certs/moz.build
rename : security/manager/ssl/tests/unit/tlsserver/noValidNames.pem.certspec => security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/notYetValid.pem.certspec => security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/notYetValidINT.pem.certspec => security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/notYetValidIssuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/nsCertTypeCritical.pem.certspec => security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/nsCertTypeCriticalWithExtKeyUsage.pem.certspec => security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/nsCertTypeNotCritical.pem.certspec => security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/other-issuer-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.key.keyspec => security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.pem.certspec => security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/self-signed-EE-with-cA-true.pem.certspec => security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/selfsigned-inadequateEKU.pem.certspec => security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/selfsigned.pem.certspec => security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-ca.pem.certspec => security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-int.pem.certspec => security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/unknownissuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/untrusted-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/untrustedissuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/v1Cert.pem.certspec => security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ca-used-as-end-entity.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.key.keyspec => security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/delegatedSHA1Signer.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/delegatedSigner.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerFromIntermediate.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerNoExtKeyUsage.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ocspEEWithIntermediate.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ocspOtherEndEntity.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.key.keyspec => security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.key.keyspec => security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-ca.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-int.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/same-issuer-ee.pem.certspec => security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-int-ee.pem.certspec => security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec
 2015-09-22 17:03:15 -07:00
David Keeler
74e470d1ac bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-24 15:53:07 -07:00
ffxbld
03aa14625c No bug, Automated HPKP preload list update from host bld-linux64-spot-363 - a=hpkp-update 2015-09-26 03:40:59 -07:00
ffxbld
1b40f22c12 No bug, Automated HSTS preload list update from host bld-linux64-spot-363 - a=hsts-update 2015-09-26 03:40:57 -07:00
Jonathan Hao
e2da61623b Bug 1178518 - Add an AppTrustedRoot for signed packaged app. r=keeler 2015-09-07 15:28:21 +08:00
ffxbld
51c75f9eac No bug, Automated HPKP preload list update from host bld-linux64-spot-560 - a=hpkp-update 2015-09-19 03:46:51 -07:00
ffxbld
c354c7fbb7 No bug, Automated HSTS preload list update from host bld-linux64-spot-560 - a=hsts-update 2015-09-19 03:46:49 -07:00
Wes Kocher
21a9e609d5 Backed out changeset a08287c70962 (bug 1203312) for b2g xpcshell failures 2015-09-18 12:53:24 -07:00
David Keeler
4cfc799e53 bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-24 15:53:07 -07:00
Kate McKinley
163979ae9f Bug 1196039 - Telemetry for certificate lifetime. r=rbarnes,vladan 2015-09-17 10:04:52 -07:00
Nicholas Nethercote
647b520991 Bug 1201135 - Rename pldhash.{h,cpp} to PLDHashTable.{h,cpp}. r=mccr8. 
--HG--
rename : xpcom/glue/pldhash.cpp => xpcom/glue/PLDHashTable.cpp
rename : xpcom/glue/pldhash.h => xpcom/glue/PLDHashTable.h
extra : rebase_source : 06b9d30db96ed78500fd44d9c0b51609103508a3
 2015-09-15 20:49:53 -07:00
Ehsan Akhgari
e23a8d38a3 Bug 1205302 - Disallow intercepting OCSP requests; r=jdm 2015-09-16 19:15:32 -04:00
Nicholas Nethercote
2ee4fd783b Bug 1121760 (part 6) - Move all remaining PL_DHash*() functions into PLDHashTable. r=poiru. 
--HG--
extra : rebase_source : 3cdc975507170d783b02d70f7c7d95c6bf2e1bcd
 2015-09-14 14:23:47 -07:00
Nicholas Nethercote
59683492e5 Bug 1121760 (part 3) - Remove PL_DHashTableRemove(). r=poiru. 
--HG--
extra : rebase_source : c34d693de4aca45f2ea05c2767c8b1007c89df29
 2015-09-14 14:23:24 -07:00
Nicholas Nethercote
479244f7c9 Bug 1121760 (part 2) - Remove PL_DHashTableAdd(). r=poiru. 
--HG--
extra : rebase_source : 41eb939bfb5c925cba58b1af57abce9a4e5fdb30
 2015-09-14 14:23:12 -07:00
Nicholas Nethercote
fcfdd8f54b Bug 1121760 (part 1) - Remove PL_DHashTableSearch(). r=poiru. 
--HG--
extra : rebase_source : 770e1f49a451ecbadd778e071b204611e27cf701
 2015-05-21 00:34:25 -07:00
Shu-yu Guo
64db2267cf Bug 1202902 - Mass replace toplevel 'let' with 'var' in preparation for global lexical scope. (rs=jorendorff) 2015-09-15 11:19:45 -07:00
Cykesiopka
2cdc0c814f Bug 443811 - Use long date format for cert date output. r=keeler 
--HG--
extra : rebase_source : cdd9b41b40125489e55171c1ece54bbd2a0cf947
 2015-09-13 23:33:00 +02:00
Richard Barnes
990593f9cf Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler 2015-09-11 14:52:30 -04:00
ffxbld
c09a97364f No bug, Automated HPKP preload list update from host bld-linux64-spot-542 - a=hpkp-update 2015-09-12 03:39:46 -07:00
ffxbld
28a278226f No bug, Automated HSTS preload list update from host bld-linux64-spot-542 - a=hsts-update 2015-09-12 03:39:44 -07:00
Steven Michaud
218db8d580 Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir, tighten earlier patch. r=areinald 2015-09-10 15:32:42 -05:00
Mark Goodwin
b212375b7e Bug 1016555 - Disable OCSP checking for certificates covered by OneCRL r=keeler 
1) Added some comments to firefox.js to explain the relationship between
extensions.blocklist.interval and security.onecrl.maximum_staleness_in_seconds
2) Modified default values in firefox.js and mobile.js to set maximum staleness
to 1.25x blocklist interval
3) modified the tests_ev_certs.js xpcshell test to cope with larger maximum
staleness values to address test failures
 2015-09-10 11:10:07 +01:00
Bob Owen
4b37ff400c Bug 1200336: Apply fix for Chromium issue 482784 for sandbox bug when built with VS2015. r=tabraldes 2015-09-10 08:25:20 +01:00
Jed Davis
52cee33b7e Bug 1199481 - Complain more when entering sandboxing code as root. r=kang 2015-08-28 13:37:00 +02:00
Jed Davis
7c8e037b3f Bug 1199413 - Fix MOZ_DISABLE_GMP_SANDBOX so it disables all the sandboxing. r=kang 
Bonus fix: don't start the chroot helper unless we're going to use
it.  For this to matter, you'd need a system with unprivileged user
namespaces but no seccomp-bpf (or fake it with env vars) *and* to set
media.gmp.insecure.allow, so this is more to set a good example for
future changes to this code than for functional reasons.
 2015-08-28 12:18:00 +02:00
Nicholas Nethercote
b1cf90c1e5 Bug 1202526 (part 5) - Use PLDHashTable::RemoveEntry() in nsSecureBrowserUIImpl. r=dkeeler. 
This avoids repeating the hash table search in order to remove the entry.
 2015-09-07 19:20:16 -07:00
Jacek Caban
b15946229a Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith 2015-09-09 14:16:59 +02:00
Bob Owen
866768c43e Bug 1197943: Turn off MITIGATION_STRICT_HANDLE_CHECKS for NPAPI process sandbox for causing hangs. r=aklotz 2015-09-09 08:45:25 +01:00
Bob Owen
cd5643f4d3 Bug 1201438: Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy 2015-09-08 11:18:12 +01:00
ffxbld
41bdcbc2ac No bug, Automated HPKP preload list update from host bld-linux64-spot-1098 - a=hpkp-update 2015-09-05 03:41:54 -07:00
ffxbld
3ee4abd6a6 No bug, Automated HSTS preload list update from host bld-linux64-spot-1098 - a=hsts-update 2015-09-05 03:41:52 -07:00
Steven Michaud
6dbfc47ad8 Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir. r=areinald 2015-09-03 19:28:30 -05:00
David Keeler
db0b8dcf48 bug 1196853 - convert test_cert_signatures.js to generate certificates at build time r=jcj 
Also add additional testcases that weren't in the original test (tampered
signatures had been tested, but tampered certificates hadn't been covered).
 2015-08-19 15:59:49 -07:00
ffxbld
d5250da6de No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2015-09-03 13:59:53 -07:00
ffxbld
1d00751ccd No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2015-09-03 13:59:50 -07:00
Masatoshi Kimura
dbfc3317da Bug 1201024 - Disable unrestricted RC4 fallback and add RC4-only servers to the fallback whitelist. r=cykesiopka 2015-09-03 21:50:52 +09:00
Nick Thomas
5744a154e2 Bug 1197607, Automated hsts & hpkp updates are failing on mozilla-central, mozilla-aurora, mozilla-esr38, r=cykesiopka 2015-09-03 22:07:42 +12:00
Masatoshi Kimura
dbd45351dc Bug 1195789 - Update fallback whitelist. r=cykesiopka 2015-09-02 00:44:04 +09:00
Nicholas Nethercote
f44287005f Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium. 
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.

--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
 2015-08-27 20:44:53 -07:00
Ryan VanderMeulen
c7fdbe4d0f Backed out changeset 982be1bbebdf (bug 1199624) for Windows bustage. 2015-08-30 17:09:09 -04:00
Jacek Caban
c8309c6328 Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith 2015-08-29 07:59:00 -04:00
Cykesiopka
0d6549c972 Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. r=keeler 
--HG--
extra : transplant_source : %90%28%11%DB%E53%93%7C%F2%D6%5Ek%CC%DC%BE%FAe%F2%896
 2015-08-24 22:53:42 -07:00
Makoto Kato
7073895edf Bug 1196403 - Apply crbug/522201 to support Windows 10 build 10525. r=bobowen 2015-08-25 19:21:08 +09:00
Xidorn Quan
dbaa85ce62 Bug 1188468 - Allow script to force updating a generated file even if the file is actually not changed. r=gps 
--HG--
extra : source : 47b56f2495030d77c446215d8822c31fc32f23b7
 2015-08-25 10:07:43 +10:00
David Keeler
2ee5d006b7 bug 1194013 - convert test_name_constraints.js to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-11 16:40:38 -07:00
Ryan VanderMeulen
5b75ad5195 Merge inbound to m-c. a=merge 2015-08-23 17:18:36 -04:00
Fabrice Desré
3a47f061c9 Bug 1196988 - Remove THA support. r=gwagner 2015-08-21 10:00:54 -07:00
Jonathan Griffin
369ec3ac0f Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester 
--HG--
extra : commitid : 6kGKslC9h14
 2015-08-18 11:26:14 -07:00
Kai Engert
641cf3a3ad Bug 1194135, set NSS version to final 3.20 tag, no code change, DONTBUILD 2015-08-19 18:41:53 +02:00
Wes Kocher
fe6faf7d6b Backed out changeset 688775a8227f (bug 1136892) for mass bustage prompting a CLOSED TREE 2015-08-18 11:58:05 -07:00
Christoph Kerschbaumer
10a7d6a5b9 Bug 1195606 - Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking) 2015-08-18 09:54:09 -07:00
Mark Goodwin
f2b116c0d6 Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler) 2015-08-21 15:14:08 +01:00
Mike Hommey
7da4ee35ba Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith 2015-08-21 15:27:22 +09:00
Mike Hommey
b85471d7e8 Backout changesets af1b36497559 and 1d52ab626597 (bug 1189891) for pkix bustage 2015-08-21 15:05:38 +09:00
Mike Hommey
067b45951a Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith 2015-08-21 14:29:19 +09:00
Ben Hearsum
c51baf3ae9 bug 1116409: switch update server to sha2 cert; update in-tree pinning. r=rstrong,snorp,mfinkle,dkeeler 2015-08-20 17:50:51 -04:00
Cykesiopka
b4174da7d8 Bug 1195615 - Log a web console warning when a HPKP header is ignored due to a non-built in root cert. r=keeler 2015-08-20 14:33:29 -07:00
Jonathan Griffin
dde975f7a0 Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester 
--HG--
extra : commitid : FN6nc0Yis2o
 2015-08-18 11:26:14 -07:00
Arnaud Bienner
2755fa9a57 Bug 1190086 - Use new String::Contains(char) method more widely r=froydnj 
--HG--
extra : rebase_source : 81df1495200d3734ea1c4c13818ae764a445f4b3
 2015-08-14 00:49:15 +02:00
David Keeler
23a9820f27 bug 1190603 - rename prime256v1 to secp256r1 in test_keysize.js to reduce confusion r=Cykesiopka 
OpenSSL refers to the curve in question as 'prime256v1', but rfc 5480,
mozilla::pkix, and the test framework refer to it as secp256r1, so we
should be consistent.

--HG--
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
 2015-08-05 13:39:11 -07:00
David Keeler
70897766ec bug 1190603 - convert test_keysize.js to generate certificates at build time r=Cykesiopka 2015-08-03 17:02:58 -07:00
Aryeh Gregor
ff2ceb15ed Bug 1193298 - Part 2: Use .get() to convert from RefPtr to raw pointer. r=froydnj 2015-08-11 06:45:00 -04:00
Jed Davis
b7a032eb04 Bug 1004011 - Support SECCOMP_FILTER_FLAG_TSYNC if available. r=kang 
--HG--
extra : rebase_source : 32be610d889fedb518e062a4a416331be21378d3
 2015-08-11 16:30:00 -04:00
Tanvi Vyas
7b0ea8ee04 Bug 1182551 - Updating nsSecureBrowserUIImpl so that insecure pages with mixed content iframes don't get marked as broken. r=keeler 2015-08-13 17:13:48 -07:00
Kai Engert
531a2c1719 Bug 1194135, Update Mozilla to NSS 3.20, r=mt 2015-08-13 11:31:23 +02:00
Nathan Froyd
8f318ea950 Bug 1193021 - clean up reference-counting in security/; r=keeler 2015-07-01 13:10:53 -04:00
David Keeler
7ce068b7e9 bug 1190532 - change default key specification from implicit to explicit in pycert.py r=Cykesiopka 
Previously using an empty string would result in pycert.py returning the
default shared RSA key. This resulted in empty keyspec files being added
to the tree, which was confusing. This should end the confusion by making
the key specification process explicit rather than implicit.
 2015-08-06 11:35:40 -07:00
David Keeler
948094db6e bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin 2015-07-30 10:20:52 -07:00
Kai Engert
8238eb63a4 Bug 1190794, land final NSS_3_19_3_RTM tag, no code change, DONTBUILD 2015-08-07 20:19:06 +02:00
Makoto Kato
c3c571a9ee Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler 2015-08-07 13:41:49 +09:00
Cykesiopka
d9d018971e Bug 1164609 - Remove EV treatment for expired Buypass Class 3 CA 1 root certificate. r=keeler 
--HG--
extra : rebase_source : 65e2c8746098d8fb2cd5347b557c23a3832d435a
 2015-08-07 00:21:00 +02:00
Carsten "Tomcat" Book
fca5cdc8bc Backed out changeset 9618f92995ab (bug 1166323) for linux x64 test bustage on a CLOSED TREE 2015-08-07 07:24:40 +02:00
Makoto Kato
6fb6d7a35c Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler 2015-08-07 13:41:49 +09:00
Carsten "Tomcat" Book
ba03e3c181 Backed out 2 changesets (bug 1016555, bug 1189427) for making Android 4.3 API11+ debug X3 perma fail in test_ev_certs.js 
Backed out changeset ebd4e3880403 (bug 1189427)
Backed out changeset 331e489c7534 (bug 1016555)
 2015-08-06 11:51:27 +02:00
Cykesiopka
d93ee984a0 Bug 1124649 - Part 1 - Add specific error messages for various types of STS and PKP header failures. r=keeler,hurley 
--HG--
extra : rebase_source : 8210ed5f89cec8c42d5a78b9101f1c54d91e04c6
 2015-08-05 07:51:00 +02:00
David Keeler
ae2c1351bc bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin 2015-07-30 10:20:52 -07:00
Birunthan Mohanathas
7315345693 Bug 1191100 - Remove XPIDL signature comments in .cpp files. r=ehsan 
Comment-only so DONTBUILD.
 2015-08-04 16:17:36 -07:00
Kai Engert
80c4460491 Bug 1190794, Update to NSS 3.19.3 to pick up ca-certificates v 2.5, landing NSS_3_19_3_RC0, r=kwilson 2015-08-04 22:37:05 +02:00
David Keeler
59ef11f506 bug 1188100 - fold PSM's test_client_cert.js into necko's test_tls_server.js r=mcmanus 
--HG--
rename : security/manager/ssl/tests/unit/test_client_cert/cert_dialog.js => netwerk/test/unit/client_cert_chooser.js
rename : security/manager/ssl/tests/unit/test_client_cert/cert_dialog.manifest => netwerk/test/unit/client_cert_chooser.manifest
extra : amend_source : 249efd8e1bc537cf14b3199865df18b8aba62d10
 2015-07-29 14:27:54 -07:00
Carsten "Tomcat" Book
49d83b3b7d Merge mozilla-central to mozilla-inbound 2015-08-03 15:45:57 +02:00
Carsten "Tomcat" Book
6b441cd90a merge mozilla-inbound to mozilla-central a=merge 2015-08-03 13:56:39 +02:00
Makoto Kato
50e851b877 Bug 830801 - Part 2. Remove NOMINMAX define from moz.build. r=mshal 2015-08-03 10:07:09 +09:00
ffxbld
abb4d538ee No bug, Automated HPKP preload list update from host bld-linux64-spot-317 - a=hpkp-update 2015-08-01 03:34:19 -07:00
ffxbld
ae7af3ea3c No bug, Automated HSTS preload list update from host bld-linux64-spot-317 - a=hsts-update 2015-08-01 03:34:17 -07:00
ffxbld
b44231402a No bug, Automated HPKP preload list update from host bld-linux64-spot-010 - a=hpkp-update 2015-07-30 13:51:28 -07:00
ffxbld
eb03434709 No bug, Automated HSTS preload list update from host bld-linux64-spot-010 - a=hsts-update 2015-07-30 13:51:26 -07:00
Cykesiopka
8a9392bf5e Bug 1189166 - Cleanup some PSM test generation files post Bug 1181823. r=dkeeler 
--HG--
extra : rebase_source : 4f0310323c3e7ac7e9e8c453d41aa0ef9cbd910a
 2015-07-29 23:56:33 -07:00
Bob Owen
77826e3c4a Bug 1171796: Add sandbox rule for child process NSPR log file on Windows. r=bbondy 
This also moves the initialization of the sandbox TargetServices to earlier in
plugin-container.cpp content_process_main, because it needs to happen before
xul.dll loads.
 2015-07-30 10:04:42 +01:00
David Keeler
b49becac5d bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin 2015-06-17 16:02:08 -07:00
Bobby Holley
97b9240b34 Bug 1188696 - Hoist nsRefPtr.h into MFBT. r=froydnj 2015-07-29 10:44:59 -07:00
Douglas Bagnall
5cea0a9df6 Bug 1046421 - Do not disclose the system hostname via NTLM handler. r=honzab 
The hostname here is matched on the AD DC to the userWorkstations
attribute, however this is on a total trust basis in terms of what the
client specifies here.

The impact of this patch is that a user who is restricted by this
attribute to log on to only certain (Windows, in reality)
workstations, may not be able to perform a manual NTLM logon to an
intranet site, unless they set network.generic-ntlm-auth.workstation
to the name of their workstation (actually, any host in that list).

The default value is set to WORKSTATION.

This patch was originally written by Andrew Bartlett, and modified by
Douglas Bagnall following review feedback from Honza Bambas and Tim
Brown.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2015-07-24 13:36:11 +12:00
David Keeler
1b1d908d0f bug 1187029 - convert test_bug480509.html to an xpcshell test r=jcj 2015-07-23 13:31:45 -07:00
Steven Michaud
265ad075b1 Bug 1175881 - about:sync-log can't read files on OS X with e10s on and content process sandbox enabled. r=areinald 2015-07-28 12:09:34 -05:00
David Keeler
3a4c2d822a bug 1179660 - define 'now' as the first second of the current year for pycert r=Cykesiopka 
This is to avoid a dependency on the buildid so we don't have to
regenerate all of the test certificate with every ./mach build.
This can cause problems very near midnight on New Year's Eve.
If this happens, kick off a new build and get back to the party.
 2015-07-15 16:20:54 -07:00
Xidorn Quan
cec576a922 Bug 1187173 - Disable warning C4623 on security/certverifier. r=briansmith 
--HG--
extra : source : 9f3acfedff8cf4a26266bb578dc69727e799c0cf
extra : amend_source : cb1d0a6e8c6d9199429159cb9a20484f5aa95b8d
 2015-07-24 13:38:12 +10:00
Jed Davis
315c4ad9c2 Bug 1186709 - Remove MOZ_IMPLICIT from security/sandbox/chromium. r=bobowen 2015-07-23 08:28:00 -04:00
Jed Davis
39f6ab2a28 Bug 1157864 - Record chromium patch applied in previous commit. r=me 2015-07-22 15:48:49 -07:00
Felix Janda
acfe5cf4cf Bug 1157864 - chromium sandbox: Fix compilation for systems without <sys/cdefs.h>. r=jld 2015-02-05 22:41:38 +01:00
Masatoshi Kimura
0e28f550d3 Bug 1181562 - Update fallback whitelist. r=keeler 2015-07-22 20:35:26 +09:00
Nicholas Nethercote
1ac7d5d5b1 Bug 1182959 (part 5) - Use nsTHashtable::Iterator in nsCertOverrideService. r=honzab. 
--HG--
extra : rebase_source : c36d0f9e4a2242a934e2848b6f977f33d6ac76cc
 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
746d9d6e0a Bug 1182959 (part 4) - Remove BlocklistSaveInfo. r=honzab. 
--HG--
extra : rebase_source : c46e23885d97ef05504db32e0fd8cae05b55232a
 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
6ceff73a0f Bug 1182959 (part 3) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 
--HG--
extra : rebase_source : 4df2d9845e7a04c11bc6076ea7844fba7b5ca3a9
 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
e0bd2455c1 Bug 1182959 (part 2) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 
--HG--
extra : rebase_source : f2b69832a8f789919db84706591e96bcf4bd0a1d
 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
489123be0f Bug 1182959 (part 1) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 
--HG--
extra : rebase_source : cdef0d25cd3dcc63313ab391c0c7fe37d048eb1a
 2015-07-20 17:12:03 -07:00
Jed Davis
fc9b22c883 Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=gdestuynder r=glandium 
This gives us a logging macro that's safe to use in async signal context
(cf. bug 1046210, where we needed this and didn't have it).

This patch also changes one of the format strings to work with
SafeSPrintf's format string dialect; upstream would probably take a
patch to handle those letters, but this is easier.
 2015-07-09 12:09:00 +02:00
Jed Davis
06bdcaaa33 Bug 1181704 - Import chromium SafeSPrintf. r=bobowen 
This also imports the unit tests but doesn't arrange to run them.
Including the tests in our xul-gtest is possible but not trivial: there
are logging dependencies, and they use a different #include path for
gtest.h (which we'd need to patch).

Upstream revision: df7cc6c04725630dd4460f29d858a77507343b24.
 2015-07-09 12:04:00 +02:00
David Keeler
b0d4abd2b1 bug 1178988 - GenerateOCSPResponse: load certs/keys in two phases r=Cykesiopka 
This was initially done to work around a readdir-related bug in the B2G ICS
emulator, but then it turned out that test_ocsp_url.js still fails in ways that
are unreproducible outside of mozilla-inbound on that platform, so it was
disabled (r=sworkman). It's still a good idea, though, to avoid any potential
future issues with readdir not being reentrant.
 2015-07-15 14:12:02 -07:00
David Keeler
fd5e8893a4 bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka 
Also enable loading of certificates and private keys into GenerateOCSPResponse
 2015-06-04 17:03:48 -07:00
David Keeler
3999edd791 bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin 2015-06-30 14:35:42 -07:00
Ryan VanderMeulen
1c6931cc67 Merge m-c to inbound. a=merge 2015-07-19 22:38:28 -04:00
Benjamin Peterson
2751f97bb3 no bug - fix typo and grammar in comment r=me DONTBUILD 2015-07-19 18:07:43 -07:00
ffxbld
3267aeb6a8 No bug, Automated HPKP preload list update from host bld-linux64-spot-135 - a=hpkp-update 2015-07-18 03:35:51 -07:00
ffxbld
f12b366895 No bug, Automated HSTS preload list update from host bld-linux64-spot-135 - a=hsts-update 2015-07-18 03:35:49 -07:00
Mark Goodwin
4ba2d72200 Bug 1183822 - Add an OCSP test for signers with SHA-1 certificates (r=keeler) 2015-07-17 17:07:50 +01:00
Mark Goodwin
fce204e0e0 Bug 1183822 - fix OCSP verification failures (r=keeler) 
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
 2015-07-17 17:07:48 +01:00
Mark Goodwin
30d8779d49 Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka) 2015-07-17 17:07:47 +01:00
Wes Kocher
b9baa34b08 Backed out 3 changesets (bug 1178988) for ocsp orange CLOSED TREE 
Backed out changeset 7fb6a9114916 (bug 1178988)
Backed out changeset 2700ec4adc3e (bug 1178988)
Backed out changeset 07b9c2331ac1 (bug 1178988)
 2015-07-17 17:49:46 -07:00
Mark Goodwin
806731fbb7 Backed out changeset ec1b5a7d05e9 (bug 1183065) 2015-07-17 10:37:00 +01:00
Mark Goodwin
c7285efe5a Backed out changeset fb6cbb4ada54 (bug 1183822) 2015-07-17 10:36:58 +01:00
Mark Goodwin
e2ee16093c Backed out changeset f324dcfaab40 (bug 1183822) 2015-07-17 10:36:56 +01:00
Mark Goodwin
e57ac71ec4 Bug 1183822 - Add an OCSP test for signers with SHA-1 certificates (r=keeler) 2015-07-17 10:04:17 +01:00
Mark Goodwin
0bfd3046ed Bug 1183822 - fix OCSP verification failures (r=keeler) 
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
 2015-07-17 10:03:56 +01:00
Mark Goodwin
810c972b95 Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka) 2015-07-17 10:03:21 +01:00
David Keeler
da7508611c bug 1178988 - work around PR_ReadDir bug on B2G ICS emulator by loading certs/keys in two phases r=Cykesiopka 2015-07-15 14:12:02 -07:00
David Keeler
9e28b0964f bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka 
Also enable loading of certificates and private keys into GenerateOCSPResponse
 2015-06-04 17:03:48 -07:00
David Keeler
9b96df5045 bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin 2015-06-30 14:35:42 -07:00
Cykesiopka
7bb4919849 Bug 1179678 - Add result strings to misc PSM xpcshell tests. r=keeler 2015-07-14 23:19:00 +02:00