- Access nsISSLStatus directly as a member of nsITransportSecurityInfo
and nsISecureBrowserUI. This is part of a larger effort to consolidate
nsISSLStatus and nsITransportSecurityInfo.
- The TabParent implementation of GetSecInfo will always return null.
- Removed unnecessary QueryInterface calls
- Style adherence updates
MozReview-Commit-ID: Dzy6t2zYljL
--HG--
extra : rebase_source : 9c400bed3c9d29a186fc987c9bd0ffceb37bfd94
If the preference security.enterprise_roots.enabled is set to true, the platform will import trusted TLS certificates from the OS X keystore.
Differential Revision: https://phabricator.services.mozilla.com/D2169
--HG--
extra : moz-landing-system : lando
- Access nsISSLStatus directly as a member of nsITransportSecurityInfo
and nsISecureBrowserUI. This is part of a larger effort to consolidate
nsISSLStatus and nsITransportSecurityInfo.
- The TabParent implementation of GetSecInfo will always return null.
- Removed unnecessary QueryInterface calls
- Style adherence updates
MozReview-Commit-ID: Dzy6t2zYljL
--HG--
extra : rebase_source : b15f75e39d04c8485b4eb63416fd1f1e4175fafe
On 10.9 and 10.10, grant global read access to the Flash sandbox.
Change Flash sandbox levels by adding a new level 1 that includes
global read access which will be the default on 10.9/10.10.
Level 2 is the new default for 10.11 and above with file read
access enabled by file dialog activity.
MozReview-Commit-ID: LvXhd6Vf7mo
--HG--
extra : rebase_source : 946f89937e5bb4506fd6bc8b2c050c86a8b29cc8
Apparently a prehistoric server implementation would send a
certificate_authorities field that didn't include the outer DER SEQUENCE tag, so
PSM attempted to detect this and work around it. Telemetry indicates this is
unnecessary now: https://mzl.la/2Lbi1Lz
--HG--
extra : rebase_source : 6669586d657efb243070a4ceb231583b40823543
extra : amend_source : e87f7c84c6c1a51637914bde5950268409b70571
Pass the user cache dir as a parameter to the Flash sandbox profile.
Add services and paths to the Flash sandbox profile needed for TLS
and encrypted video playback.
MozReview-Commit-ID: 1szVXVVATFy
--HG--
extra : rebase_source : 04885bb5d8b9995559462d373199078b109bfdc5
I initially tried to avoid this, but decided it was necessary given the number
of times I had to repeat the same pattern of casting a variable to void*, and
then casting it back in a part of code far distant from the original type.
This changes our preference callback registration functions to match the type
of the callback's closure argument to the actual type of the closure pointer
passed, and then casting it to the type of our generic callback function. This
ensures that the callback function always gets an argument of the type it's
actually expecting without adding any additional runtime memory or
QueryInterface overhead for tracking it.
MozReview-Commit-ID: 9tLKBe10ddP
--HG--
extra : rebase_source : 7524fa8dcd5585f5a31fdeb37d95714f1bb94922
Add the com.apple.xpcd service to the Flash plugin sandbox for OS X 10.9 systems to avoid crashes when opening file dialogs.
MozReview-Commit-ID: A40Mov98Ddy
--HG--
extra : rebase_source : 3aa7471f239bd64d9e153e2e7076e99006358f1f
By separating the platform-specific code that finds enterprise roots to load
into its own file, we can make it easier to both add support for other
platforms and maintain the implementations going forward.
Differential Revision: https://phabricator.services.mozilla.com/D2103
--HG--
extra : moz-landing-system : lando
This introduces a helper class that provides one thread all DataStorage
instances can use to do background work. This thread should have a light
workload which mainly consists of reading some files at startup, periodically
writing to these files, and writing them again at shutdown. One thread should be
able to handle this and in any case having multiple threads trying to perform
i/o at the same time would probably be less efficient than merely performing the
work sequentially.
Differential Revision: https://phabricator.services.mozilla.com/D1890
--HG--
extra : moz-landing-system : lando
ChangeCertTrustWithPossibleAuthentication should never be called while holding
nsNSSComponent::mMutex, because doing so can result in showing the master
password dialog, which spins the event loop, which can cause other code to run
that may attempt to acquire the same lock (e.g. speculative connect checking
nsNSSComponent to see if the user has smart cards or client certificates).
Differential Revision: https://phabricator.services.mozilla.com/D2011
--HG--
extra : moz-landing-system : lando
Summary: Coverity found this issue. We shouldn't continue if n is null because CERT_LIST_NEXT dereferences n.
Differential Revision: https://phabricator.services.mozilla.com/D1876
--HG--
extra : rebase_source : 8023a38425194099f334c6624ce2bd5f2e50cb95
extra : amend_source : 27947d33f9dbb0afa9ae5927dde874957eb4017c