Commit Graph

391 Commits

Author SHA1 Message Date
Ehsan Akhgari
e5e885ae31 Bug 1521000 - Part 2: Adjust our clang-format rules to include spaces after the hash for nested preprocessor directives r=sylvestre
# ignore-this-changeset

--HG--
extra : amend_source : 7221c8d15a765df71171099468e7c7faa648f37c
extra : histedit_source : a0cce6015636202bff09e35a13f72e03257a7695
2019-01-18 10:16:18 +01:00
Dana Keeler
f1b40f3220 bug 1519492 - reorganize NSSCertDBTrustDomain::FindIssuer to facilitate future improvements r=jcj
Before this patch, NSSCertDBTrustDomain::FindIssuer would iterate over its
candidate list (a CERTCertList) twice. This would have made it difficult to add
in candidate issuers from other sources (see e.g. bug 1514118, wherein the goal
is to bypass NSS' view of what certificates exist to facilitate third
party/enterprise roots). This patch reorganizes this function to make future
improvements easier.

Differential Revision: https://phabricator.services.mozilla.com/D16341

--HG--
extra : moz-landing-system : lando
2019-01-15 23:34:44 +00:00
Dana Keeler
eba436101f bug 1496215 - Enable EV Treatment for UCA Extended Validation Root owned by SHECA r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D14344

--HG--
extra : moz-landing-system : lando
2018-12-12 22:37:17 +00:00
Sylvestre Ledru
265e672179 Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format
# ignore-this-changeset

--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022
2018-11-30 11:46:48 +01:00
Ehsan Akhgari
490e611801 Bug 1508472 - Part 5: Fifth batch of comment fix-ups in preparation for the tree reformat r=sylvestre
This is a best effort attempt at ensuring that the adverse impact of
reformatting the entire tree over the comments would be minimal. I've used a
combination of strategies including disabling of formatting, some manual
formatting and some changes to formatting to work around some clang-format
limitations.

Differential Revision: https://phabricator.services.mozilla.com/D13371

--HG--
extra : moz-landing-system : lando
2018-11-29 10:30:46 +00:00
Nathan Froyd
ae396f2b88 Bug 1505938 - disable spectre mitigation warnings for aarch64 windows MSVC; r=dmajor 2018-11-09 10:49:31 -05:00
Dana Keeler
c4dab46f9c bug 1497258 - remove unsound OCSP assertion from NSSCertDBTrustDomain::CheckRevocation r=mayhemer
In reimplementing the OCSP fetching code in bug 1456489, we improperly
translated an assertion that relied on the nullness of a pointer to rely on the
length of a data structure that was populated by reference. It turns out that
this made the assertion invalid because we could return a successful result and
have filled the data structure with zero-length data and it still would be valid
to operate on (the decoding code returns a malformed input result in this case).
To fix this, we can simply remove the assertion. This patch also adds a test to
exercise this case.

Differential Revision: https://phabricator.services.mozilla.com/D8883

--HG--
extra : moz-landing-system : lando
2018-10-17 19:35:28 +00:00
Dana Keeler
361deac7ee bug 1478480 - enable GlobalSign Root CA - R6 for EV in PSM r=franziskus
This patch also switches all GlobalSign EV roots to using the CA/Browser Forum
EV policy OID.

Differential Revision: https://phabricator.services.mozilla.com/D8258

--HG--
extra : moz-landing-system : lando
2018-10-11 07:12:48 +00:00
Franziskus Kiefer
a52a8495f9 Bug 1479787 - use NSS mozpkix in Firefox, r=mt,keeler,glandium
Differential Revision: https://phabricator.services.mozilla.com/D2725
Differential Revision: https://phabricator.services.mozilla.com/D2860

--HG--
extra : rebase_source : 189c13c2a3104c106fcabad5998af6cb2e20d4a5
2018-10-02 14:59:34 +02:00
Dana Keeler
0c4b612622 Bug 1493788 - remove other mozilla-specific dependencies from certificate transparency implementation r=jcj
This patch removes the remaining mozilla-specific dependencies from the
certificate transparency implementation.

Depends on D6845

Differential Revision: https://phabricator.services.mozilla.com/D6846

--HG--
extra : moz-landing-system : lando
2018-10-01 16:20:57 +00:00
Dana Keeler
1661adeb86 Bug 1493788 - convert mozilla::Vector to std::vector in certificate transparency implementation r=jcj
In order to make our certificate transparency implementation standalone, we
have to remove mozilla-specific dependencies such as mozilla::Vector.

Depends on D6844

Differential Revision: https://phabricator.services.mozilla.com/D6845

--HG--
extra : moz-landing-system : lando
2018-10-01 20:27:13 +00:00
Dana Keeler
24a8ad1851 Bug 1493788 - move certificate/binary transparency implementation to its own directory r=jcj
Our current certificate transparency implementation (and the start of the binary
transparency implementation) can almost be used by itself as a standalone
library (for comparison, mozilla::pkix already has this property, as evidenced
by the "Library('mozillapkix')" line in security/pkix/moz.build and the
"'mozillapkix'" line in the USE_LIBS section of
security/manager/ssl/tests/unit/tlsserver/cmd/moz.build).

These changes make this code re-usable as a library so that we'll be able to use
it in the updater to verify binary/certificate transparency information.

This first patch simply moves the code to its own directory.

Differential Revision: https://phabricator.services.mozilla.com/D6844

--HG--
rename : security/certverifier/BTInclusionProof.h => security/ct/BTInclusionProof.h
rename : security/certverifier/BTVerifier.cpp => security/ct/BTVerifier.cpp
rename : security/certverifier/BTVerifier.h => security/ct/BTVerifier.h
rename : security/certverifier/Buffer.cpp => security/ct/Buffer.cpp
rename : security/certverifier/Buffer.h => security/ct/Buffer.h
rename : security/certverifier/CTDiversityPolicy.cpp => security/ct/CTDiversityPolicy.cpp
rename : security/certverifier/CTDiversityPolicy.h => security/ct/CTDiversityPolicy.h
rename : security/certverifier/CTKnownLogs.h => security/ct/CTKnownLogs.h
rename : security/certverifier/CTLog.h => security/ct/CTLog.h
rename : security/certverifier/CTLogVerifier.cpp => security/ct/CTLogVerifier.cpp
rename : security/certverifier/CTLogVerifier.h => security/ct/CTLogVerifier.h
rename : security/certverifier/CTObjectsExtractor.cpp => security/ct/CTObjectsExtractor.cpp
rename : security/certverifier/CTObjectsExtractor.h => security/ct/CTObjectsExtractor.h
rename : security/certverifier/CTPolicyEnforcer.cpp => security/ct/CTPolicyEnforcer.cpp
rename : security/certverifier/CTPolicyEnforcer.h => security/ct/CTPolicyEnforcer.h
rename : security/certverifier/CTSerialization.cpp => security/ct/CTSerialization.cpp
rename : security/certverifier/CTSerialization.h => security/ct/CTSerialization.h
rename : security/certverifier/CTUtils.h => security/ct/CTUtils.h
rename : security/certverifier/CTVerifyResult.cpp => security/ct/CTVerifyResult.cpp
rename : security/certverifier/CTVerifyResult.h => security/ct/CTVerifyResult.h
rename : security/certverifier/MultiLogCTVerifier.cpp => security/ct/MultiLogCTVerifier.cpp
rename : security/certverifier/MultiLogCTVerifier.h => security/ct/MultiLogCTVerifier.h
rename : security/certverifier/SignedCertificateTimestamp.cpp => security/ct/SignedCertificateTimestamp.cpp
rename : security/certverifier/SignedCertificateTimestamp.h => security/ct/SignedCertificateTimestamp.h
rename : security/certverifier/SignedTreeHead.h => security/ct/SignedTreeHead.h
rename : security/certverifier/moz.build => security/ct/moz.build
rename : security/certverifier/tests/gtest/BTSerializationTest.cpp => security/ct/tests/gtest/BTSerializationTest.cpp
rename : security/certverifier/tests/gtest/CTDiversityPolicyTest.cpp => security/ct/tests/gtest/CTDiversityPolicyTest.cpp
rename : security/certverifier/tests/gtest/CTLogVerifierTest.cpp => security/ct/tests/gtest/CTLogVerifierTest.cpp
rename : security/certverifier/tests/gtest/CTObjectsExtractorTest.cpp => security/ct/tests/gtest/CTObjectsExtractorTest.cpp
rename : security/certverifier/tests/gtest/CTPolicyEnforcerTest.cpp => security/ct/tests/gtest/CTPolicyEnforcerTest.cpp
rename : security/certverifier/tests/gtest/CTSerializationTest.cpp => security/ct/tests/gtest/CTSerializationTest.cpp
rename : security/certverifier/tests/gtest/CTTestUtils.cpp => security/ct/tests/gtest/CTTestUtils.cpp
rename : security/certverifier/tests/gtest/CTTestUtils.h => security/ct/tests/gtest/CTTestUtils.h
rename : security/certverifier/tests/gtest/MultiLogCTVerifierTest.cpp => security/ct/tests/gtest/MultiLogCTVerifierTest.cpp
rename : security/certverifier/tests/gtest/moz.build => security/ct/tests/gtest/moz.build
extra : moz-landing-system : lando
2018-10-01 16:20:41 +00:00
Mark Goodwin
41b314b255 Bug 1492414 - Modify CertBlocklist interface to a form that should work with Rust XPCom bindings r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D6260

--HG--
extra : moz-landing-system : lando
2018-09-21 13:10:40 +00:00
Masatoshi Kimura
cddaaa8ed5 Bug 1491849 - Disable C5045 only if optimization is disabled. r=dmajor
I also changed security/certverifier/moz.build a bit while I am here:
* Using '-Xclang' to pass through '-Wall' on clang-cl.
* Now clang-cl will take clang/gcc path because most '-wd****' options have no
  effect on clang-cl. '-wd4010' will have an effect, but we already have the
  corresponding clang/gcc option ('-Wno-unused-parameter').

--HG--
extra : source : df566a1bd9087cc0bfc03fe19fd9d21bf58f5d9c
2018-09-15 21:20:32 +09:00
Ted Mielczarek
d59bc31677 Bug 1399877 - globally define MOZ_DLL_PREFIX/MOZ_DLL_SUFFIX; r=gps
Several source files use DLL_PREFIX/DLL_SUFFIX defines, and they all set
them in moz.build using `DEFINES`.  This is problematic for the WSL
build because the quoting gets lost somewhere between bash and cl.exe.
We cannot simply set them globally in moz.configure because their
stringified definitions would conflict with the `set_config` of
DLL_PREFIX/DLL_SUFFIX.  Therefore, we globally define
MOZ_DLL_PREFIX/MOZ_DLL_SUFFIX and change all define-related uses of
DLL_PREFIX/DLL_SUFFIX to use their MOZ-equivalents instead.
2018-09-11 13:31:20 -04:00
J.C. Jones
f27f0bf4d1 Bug 1486838 - Enable EV treatment for Symantec/DigiCert cross signatures r=keeler
There is a late-breaking EV compatibility concern with cross signatures for EV
certificates:

Firefox's EV handling code always validates EV using the first EV policy OID
expressed in a certificate. For compatibility certificates issued under a cross-
signed root, if the first EV policy OID matches the original Symantec EV policy
OID, then Firefox will attempt to verify that the root CA matches the original
Symantec EV CA -- which it won't, as the root will be one of DigiCert's. Without
a patch, EV treatment will break.

This patch removes all EV policy OIDs for roots mentioned in TrustOverride-
SymantecData.inc, letting the moz::pkix algorithm pick other EV policy OIDs to
validate. I verified that I removed all affected OIDs using the BASH shell
commands:

$ cd security/certverifier
$ grep "CN=" TrustOverride-SymantecData.inc | sed -e 's/.*\(CN=.*\).*/\1/' |
  sort | uniq | while read r; do
    echo $r; grep "$r" ExtendedValidation.cpp;
  done

Reviewers should help me ensure that I did not remove any unexpected EV policy
OIDs.

Differential Revision: https://phabricator.services.mozilla.com/D4709

--HG--
extra : moz-landing-system : lando
2018-08-30 18:29:39 +00:00
Masatoshi Kimura
3b21b7868b Bug 1090497 - Re-enable warnings as errors on clang-cl. r=froydnj
--HG--
extra : rebase_source : c09366fb93e5b0f72abe1e99d3094e3d96a934fb
extra : intermediate-source : 5950c9d63c3b4fd63a25464a7b50944aaec7079f
extra : source : ca1b9a2bcc4381795f556fea2fb59066567c30f3
2018-07-31 22:10:07 +09:00
David Keeler
23a3da73fa bug 1476473 - disable EV treatment for DocuSign roots r=franziskus
Differential Revision: https://phabricator.services.mozilla.com/D2255

--HG--
extra : moz-landing-system : lando
2018-08-02 07:39:14 +00:00
Jeff Gilbert
0e128a3868 Bug 1470985 - s/PodEqual/ArrayEqual/ from ArrayUtils.h. - r=waldo
We can't use memcmp to compare PODs, largely because of undefined
padding. The rest of the Pod* functions are fine though, since we're
replicating or zeroing PODs.

MozReview-Commit-ID: LSspAi8qCWw
2018-07-27 14:11:18 -07:00
Xidorn Quan
afa56fd579 Bug 1476475 - Use -W4 for certverifier with clang-cl. r=froydnj
MozReview-Commit-ID: 9OVJ2CFO0Qb

--HG--
extra : rebase_source : 3f0b89c6e8f54e34afa19c74a0574a258912c940
2018-07-20 16:34:56 +10:00
David Keeler
9b69a30991 bug 1470030 - convert manually-written nsINSSComponent definition to idl r=fkiefer
Defining nsINSSComponent in idl rather than manually in a header file allows us
to make full use of the machinery that already exists to process and generate
the correct definitions. Furthermore, it enables us to define JS-accessible APIs
on nsINSSComponent, which enables us to build frontend features that can work
directly with the data and functionality the underlying implementation has
access to.

MozReview-Commit-ID: JFI9s12wmRE

--HG--
extra : rebase_source : 16b660e37db681c8823cbb6b7ff59dd0d35f7e73
2018-06-20 16:43:18 -07:00
Andi-Bogdan Postelnicu
80f61e9bf9 Bug 1453795 - PSM-Security - Initialize member fields in classes/ structures. r=keeler
--HG--
extra : rebase_source : 80312f8c119e8b999216fcd99df3764e66d3c43a
2018-06-18 12:31:47 +03:00
Narcis Beleuzu
59ffb03449 Backed out changeset 01b407d8a5af (bug 1453795) for build bustages on CertVerifier.h . CLOSED TREE 2018-06-19 07:38:57 +03:00
Andi-Bogdan Postelnicu
be47373507 Bug 1453795 - PSM-Security - Initialize member fields in classes/ structures. r=keeler
--HG--
extra : rebase_source : 4e22100b95356d8f36f26459c985dbfb064453d1
2018-06-18 12:31:47 +03:00
Miko Mynttinen
4c85ef17cc Bug 1465060 - Part 1: Fix warnings for std::move() use r=froydnj
MozReview-Commit-ID: HpdFXqQdIOO

--HG--
extra : rebase_source : 1e7eea4f2d4ec16ec0c559a8afb26976ddbf4d07
2018-06-01 17:59:07 +02:00
arthur.iakab
7e765f798b Backed out 2 changesets (bug 1465060) for build bustages on security/sandbox/linux/reporter/SandboxReporter.cpp
Backed out changeset 7c8905b6b226 (bug 1465060)
Backed out changeset 10446073eca8 (bug 1465060)
2018-06-03 19:25:41 +03:00
Miko Mynttinen
8d9dc85cd4 Bug 1465060 - Part 1: Fix warnings for std::move() use r=froydnj
MozReview-Commit-ID: HpdFXqQdIOO

--HG--
extra : rebase_source : 619d0e0ff63a2453c80f0c4d9beb906d43fa9b01
2018-06-01 17:59:07 +02:00
Emilio Cobos Álvarez
fffb25b74f Bug 1465585: Switch from mozilla::Move to std::move. r=froydnj
This was done automatically replacing:

  s/mozilla::Move/std::move/
  s/ Move(/ std::move(/
  s/(Move(/(std::move(/

Removing the 'using mozilla::Move;' lines.

And then with a few manual fixups, see the bug for the split series..

MozReview-Commit-ID: Jxze3adipUh
2018-06-01 10:45:27 +02:00
David Keeler
571854a7c1 bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r=fkiefer,jcj
nsNSSComponent startup and shutdown would be simpler if there were no direct
dependencies on localized strings. This patch removes a dependency on the
localized name of the builtin roots module by hard-coding the name internally
and then mapping it to/from the localized version as appropriate.

MozReview-Commit-ID: 30kbpWFYbzm

--HG--
extra : rebase_source : 3d384af5a9fa45d5ac1f78e1fcb0dd9e4b94267d
2018-05-25 11:22:48 -07:00
J.C. Jones
08d83d7258 Bug 1441914 - Fix Windows build on a CLOSED TREE r=me
Don't use MOZ_MAKE_ENUM_CLASS_BITWISE_OPERATORS; it's unneeded here right now,
and occludes "PSM::Result" on Windows.

--HG--
extra : transplant_source : %B9%24%7FR%A8%1B%B0%3B%D44%ED%C5%3F%CD%1E%96%1F%22m%A3
2018-05-10 17:15:22 -07:00
J.C. Jones
4139925b80 Bug 1441914 - Make security.pki.distrust_ca_policy a bitmask r=fkiefer r=keeler
Per Bug 1437754 comment 10, the pref security.pki.distrust_ca_policy makes more
sense as a bitmask than a state. To permit future nuance, let's go ahead and do
that before people start implementing atop Bug 1456112.

This does permit both 0b10 and 0b11 to enable the functionality for Firefox 63.

--HG--
extra : transplant_source : %84%AF%89%E0%89dT%01%10%84%A0%3B%A5%28%2A%D3%E1%B0%0D%E7
2018-05-07 15:46:22 -07:00
David Keeler
6ea4fb08d4 bug 1456489 - prevent making OCSP requests on the main thread r=fkiefer,jcj
OCSP requests cannot be performed on the main thread. If we were to wait for a
response from the network, we would be blocking the main thread for an
unnaceptably long time. If we were to spin the event loop while waiting (which
is what we do currently), other parts of the code that assume this will never
happen (which is essentially all of them) can break.

As of bug 867473, no certificate verification happens on the main thread, so no
OCSP requests happen on the main thread. Given this, we can go ahead and
prohibit such requests.

Incidentally, this gives us an opportunity to improve the current OCSP
implementation, which has a few drawbacks (the largest of which is that it's
unclear that its ownership model is implemented correctly).

This also removes OCSP GET support. Due to recent OCSP server implementations
(namely, the ability to cache OCSP POST request responses), OCSP GET is not a
compelling technology to pursue. Furthermore, continued support presents a
maintenance burden.

MozReview-Commit-ID: 4ACDY09nCBA

--HG--
extra : rebase_source : 072564adf1836720e147b8250afca7cebe4dbf62
2018-04-23 18:09:35 +02:00
J.C. Jones
8d99d56270 Bug 1456112 - Add a pref to implement the last Symantec Distrust step r=keeler
This adds another preference (DistrustSymantecRootsRegardlessOfDate == 2) that
stops permitting certificates issued after 1 June 2016, and updates the test to
check it.

--HG--
extra : transplant_source : %F1%DE%16m%F2%DD%A8Ei%EF%B4%CAo%BF%8D%A6%A6%5E%D4%89
2018-05-04 09:34:45 -07:00
Sebastian Hengst
0819f35e51 Backed out 4 changesets (bug 525063) on request from Andi. a=backout
Backed out changeset 516c4fb1e4b8 (bug 525063)
Backed out changeset 6ff8aaef2866 (bug 525063)
Backed out changeset bf13e4103150 (bug 525063)
Backed out changeset d7d2f08e051c (bug 525063)
2018-04-13 16:01:28 +03:00
Tristan Bourvon
a3a77c0312 Bug 525063 - Initialize uninitialized class attributes in m-c. r=ehsan 2018-04-10 21:11:02 +02:00
Franziskus Kiefer
29fd899298 Bug 1450967 - mitm detection v0.0.1, r=keeler,johannh
Differential Revision: https://phabricator.services.mozilla.com/D839

--HG--
extra : amend_source : 7f1df88370d425230cfbe656742c30255dc6e08e
2018-03-16 11:36:50 +01:00
Franziskus Kiefer
5c6b90f0b8 Bug 1448787 - separate error for self-signed certs, r=keeler,johannh
Reviewed By: keeler, johannh

Bug #: 1448787

Differential Revision: https://phabricator.services.mozilla.com/D805

--HG--
extra : rebase_source : 3a9317445c7df5f09675da67888930304b75fc4b
2018-03-29 11:51:33 +02:00
J.C. Jones
175c45e2dc Bug 1444440 - Ensure the correct error is emitted for policy distrusts r=keeler
Bug 1441223 added MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED to be
emitted when we hit certificates affected by the Symantec distrust.

Since some sites have multiple certificate trust paths possible, sometimes
SEC_ERROR_UNKNOWN_ISSUER is emitted instead of the more specific error.

This patch uses a flag to ensure that the specific error is emitted out of the
Cert Verifier.

--HG--
extra : rebase_source : a961d2e713ae342222d85dff6f83ed3bcaa8006b
2018-03-14 14:01:35 -07:00
David Keeler
8e5cc074fb bug 1410956 - enable SSL.com EV root certificates for EV in PSM r=fkiefer
MozReview-Commit-ID: 9UeTSwgSzUt

--HG--
extra : rebase_source : c7861e3e230ac9080ef09f4b4866bc0650be4c36
2018-03-02 15:44:43 -08:00
David Keeler
a18e312ebd bug 1385065 - enable GDCA TrustAUTH R5 ROOT certificate for EV in PSM r=fkiefer
MozReview-Commit-ID: 7pIs7sxUWS4

--HG--
extra : rebase_source : 5e2f351532609652ce236688d5e35048bd7bc1b7
2018-03-02 15:33:57 -08:00
David Keeler
83942e01e1 bug 1441223 - add a new (overridable) error code to describe extra policy constraint failures r=jcj
Certificate verification failures that result from additional policy constraint
failures now use the error code
"MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED" (also known as
"Result::ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED", depending on the context).

MozReview-Commit-ID: 9rE7gRBapRF

--HG--
extra : rebase_source : 9a60900a86f9eebab58b973f3e8f776b2481a1ff
2018-02-27 11:21:51 -08:00
J.C. Jones
c1babbf4e1 Bug 1437754 - Add a pref and disable the Symantec distrust algorithm r=keeler
This adds the pref "security.pki.distrust_ca_policy" which, if set to 1,
enforces the graduated distrust from Bug 1409257, and if set to 0 (as it is in
this patch) disables that distrust.

This pref is intended to outlast the Symantec distrust, and instead be able to
extend to enable/disable future root policy actions. It would need its own
tests for that, in the future.

MozReview-Commit-ID: BAZfkapysfX

--HG--
extra : rebase_source : 02b00aa486e9f8efb81b32d38d80db5cae86bc6e
2018-02-27 16:04:51 -07:00
J.C. Jones
4bc9fe0d27 Bug 1439378 - Re-enable the imminent distrust browser-console test r=fkiefer,keeler
This patch does a few things:
1) It removes the symantecRoot and symantec_affected certs from build/pgo/certs'
   DB.
2) It upgrades that DB from the old format to SQLite (and this 8/3 to 9/4).
3) It adds a new cert "imminently_distrusted" to that DB for the bc test.
4) It changes the Subject of the immient distrust test to only have the CN
   field: this is because certutil reorders C to come after CN, and just like
   with the real Symantec certs, I had put C first. So rather than deal with
   importing the end entity for the pgo tests, I decided to just make things
   simple and change the tested subject.
5) Finally, it re-enables the test that was disabled in Bug 1434300.

MozReview-Commit-ID: Bt2RKyInJje

--HG--
rename : build/pgo/certs/cert8.db => build/pgo/certs/cert9.db
rename : build/pgo/certs/key3.db => build/pgo/certs/key4.db
extra : rebase_source : efceb67ae16f0af617bbd8bec201d52eee0f467d
2018-02-26 15:55:35 -07:00
J.C. Jones
6d19459740 Bug 1440029 - Add a test for TrustOverrideUtils.h r=keeler
This is the test originally from Bug 1434300 that was pulled due to
Bug 1433015.

MozReview-Commit-ID: IEPCRVdS2v4

--HG--
extra : rebase_source : 843222f36b9fffe73cdf02aebb3f263897a943de
2018-02-21 16:54:52 -05:00
J.C. Jones
e5937633d9 Bug 1434300 - Add the DigiCert whitelisted SPKIs r=keeler
This adds the 4 digicert CAs to our whitelist as specified in Google's details
on the Chromium version of this plan [1].

[1] c022914eb2/net/data/ssl/symantec/README.md

MozReview-Commit-ID: BR7t1UheKeS

--HG--
rename : security/certverifier/TrustOverride-AppleGoogleData.inc => security/certverifier/TrustOverride-AppleGoogleDigiCertData.inc
extra : rebase_source : 406e42e805b3778ccce7ee85b18d5dea93e32b95
2018-02-21 14:08:59 -05:00
J.C. Jones
7d0730b216 Bug 1434300 - Change Symantec Distrust Algorithm's whitelist to SPKI-matching r=fkiefer,keeler
Because of the DigiCert-controlled sub-CAs and managed-CAs identified as also
needing to be whitelisted [1], and that those CAs are using an increasing number
of certificates all with different Subjects (but identical public keys) [2][3],
we will have to whitelist on SPKI rather than subject DN.

This makes the security/manager/ssl/tests/unit/test_symantec_apple_google.js
integration test different, as it now uses a real Google certificate that is
in the whitelist with only a cert verification rather than a full connection
test.

This patch does not add the DigiCert SPKIs to the list; I will do that in its
own patch.


[1] https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md
[2] https://chromium-review.googlesource.com/c/chromium/src/+/916730
[3] https://crt.sh/?spkisha256=ac50b5fb738aed6cb781cc35fbfff7786f77109ada7c08867c04a573fd5cf9ee

MozReview-Commit-ID: 4qVeogDbSb

--HG--
extra : rebase_source : abbdd432b190d059a3b2ceeccf89b85a12c214dd
2018-02-21 14:08:47 -05:00
J.C. Jones
aaaf57c831 Bug 1434300 - Add a utility to match certificates based on SPKI r=fkiefer,keeler
This modifies crtshToDNStruct.py to be able to produce SPKI or DN-based lists,
and adds a SPKI-search method to TrustOverrideUtils.h.

This also regenerates the TrustOverride files to use the new script.

MozReview-Commit-ID: BhMoJbYXs7Y

--HG--
rename : security/manager/tools/crtshToDNStruct/crtshToDNStruct.py => security/manager/tools/crtshToIdentifyingStruct/crtshToIdentifyingStruct.py
rename : security/manager/tools/crtshToDNStruct/requirements.txt => security/manager/tools/crtshToIdentifyingStruct/requirements.txt
extra : rebase_source : 9ae4999ceea2d4092119fe81b787c4d66a5e17b1
2018-02-21 14:08:44 -05:00
J.C. Jones
894d57b6bf Bug 1434300 - Implement the Symantec distrust plan from Bug 1409257 r=fkiefer,keeler
The algorithm from https://hg.mozilla.org/mozilla-central/rev/595e27212723
(Bug 1409259) is adapted in this patch from nsNSSCallbacks into the TrustDomain
decisions.

This patch does not change the algorithm to use SPKI matching, nor add the
additional whitelisted intermediates from DigiCert; that will be done in a
separate commit.

This patch also does not update the pre-existing browser chrome test.

MozReview-Commit-ID: 1PdCAqo71bI

--HG--
extra : rebase_source : f1c6d00e16682f9303b8b2bfdf1fe5773c515ac5
2018-02-21 14:08:18 -05:00
J.C. Jones
e72f46e3ff Bug 1434300 - Update Imminent Distrust status for future Symantec sanctions r=fkiefer,keeler
This patch does a few things:

1) It adds a permament test mechanism for the "imminent distrust" trust status
in nsNSSCallbacks: a simple xpcshell test to exercise a clause in the imminent
distrust logic in nsNSSCallbacks' IsCertificateDistrustImminent method.

2) This test removes test_symantec_apple_google_unaffected.js as its
functionality is rolled into the new test_imminent_distrust.js.

3) It updates the Symantec imminent distrust warning algorithm to remove the
validity date exception; this warns of the upcoming distrust for those affected
certs in Firefox 63.

This patch does not attempt to edit the browser chrome test that checks the
console; that is a subsequent patch.

MozReview-Commit-ID: 1HyVLfmEOP7

--HG--
extra : rebase_source : 3955e3dcd9a21421105d97bd65d3965041de9b8c
2018-02-21 07:39:36 -05:00
Sebastian Hengst
43020d2ca4 Backed out 6 changesets (bug 1434300) for frequent GTest in AllocReplacement.malloc_check
Backed out changeset 23485791d3e1 (bug 1434300)
Backed out changeset 73a952303cae (bug 1434300)
Backed out changeset 61b168663a54 (bug 1434300)
Backed out changeset ea372af453ef (bug 1434300)
Backed out changeset d8517bfe9eb2 (bug 1434300)
Backed out changeset 603b92a0ebd5 (bug 1434300)

--HG--
rename : security/certverifier/TrustOverride-AppleGoogleDigiCertData.inc => security/certverifier/TrustOverride-AppleGoogleData.inc
rename : security/manager/tools/crtshToIdentifyingStruct/crtshToIdentifyingStruct.py => security/manager/tools/crtshToDNStruct/crtshToDNStruct.py
rename : security/manager/tools/crtshToIdentifyingStruct/requirements.txt => security/manager/tools/crtshToDNStruct/requirements.txt
2018-02-21 02:35:23 +02:00