From Chromium commit comment:
Sandbox: Add support for file system policies that use implied device paths.
A policy rule of the form \HarddiskVolume0\Foo\bar allows sandboxed code
to use \\.\HarddiskVolume0\Foo\bar directly.
This takes the TLS Error Reporting functionality used in the aboutNetError.xhtml
and aboutCertError.xhtml error pages and moves it to its own component. This
allows us to make use of this same error reporting functionality from elsewhere.
Notably, this allows us to send error reports for issues that occur when loading
subresources.
The xpcshell test included is in security/manager/ssl/tests because we need to
make use of tlsserver functionality from the PSM tests.
This takes the TLS Error Reporting functionality used in the aboutNetError.xhtml
and aboutCertError.xhtml error pages and moves it to its own component. This
allows us to make use of this same error reporting functionality from elsewhere.
Notably, this allows us to send error reports for issues that occur when loading
subresources.
The xpcshell test included is in security/manager/ssl/tests because we need to
make use of tlsserver functionality from the PSM tests.
Logging output that happens with every TLS socket poll, read, or write
should really be Verbose, not Debug.
--HG--
extra : amend_source : 455a72faa041e51b5356410d7c216aa1fdadc6c6
These rules are copied from toolkit/.eslintrc (with non-passing rules excluded and previously commented out and passing rules included).
--HG--
extra : rebase_source : 0afa42350cc961cbb3cf6d985b3978f4dc5d3dcb
test_ocsp_stapling.js can take ~290s to run on e.g. b2g-emu-x86-kk, which is very close to the default 300s limit.
Splitting out some tests should reduce the intermittent time outs.
--HG--
rename : security/manager/ssl/tests/unit/test_ocsp_stapling.js => security/manager/ssl/tests/unit/test_ocsp_must_staple.js
Before this patch, we were measuring where SHA-1 was being used in TLS
certificates: nowhere, in end-entities, in intermediates, or in both. However,
the possible SHA-1 policies don't differentiate between end-entities and
intermediates and instead depended on whether or not each certificate has a
notBefore value after 2015 (i.e. >= 0:00:00 1 January 2016 UTC). We need to
gather telemetry on the possible policy configurations.
--HG--
extra : rebase_source : 301c821c8de16ffb924cd198dd0a4d3139536019
security/certverifier/NSSCertDBTrustDomain.cpp:433:26 [-Wformat] format specifies type 'long' but the argument has underlying type 'int'
security/certverifier/NSSCertDBTrustDomain.cpp:433:48 [-Wformat] format specifies type 'long long' but the argument has type 'mozilla::pkix::Time'
nsIKeyObject and nsIKeyObjectFactory defined an interface that was largely
unimplemented. This cuts the interface back to what actually exists in code.
--HG--
extra : rebase_source : 6241e801c3bd7f17518af648158fcfdcd0bda9cf