Commit Graph

3999 Commits

Author SHA1 Message Date
David Keeler
540b8f3d01 bug 1278041 - skip TLS Feature checks so HPKP can be set r=mgoodwin
This is safe because TLS Feature checks have already been done when connecting
to the site in the first place.

MozReview-Commit-ID: HfbcrAv4bCJ

--HG--
extra : rebase_source : d1f22c1a4e2c8535e10bd071c937a1aac7b8e2fd
2016-06-20 16:36:36 -07:00
Onno Ekker
f1de083a08 Bug 1279953 - Ambiguous string usage for "not encrypted page". r=dolske
--HG--
extra : rebase_source : e6ea020d8b98e9bef2e895e5312edc47d839cc2c
2016-06-13 22:14:04 +02:00
David Keeler
febcbb464f bug 1278605 - ensure that nsICertOverrideService can be implemented in JS r=Cykesiopka
MozReview-Commit-ID: KSVeraWuRPZ

--HG--
extra : rebase_source : 15f7abb08b57c8525e44f39c5e10c9cc5299dc47
2016-06-07 11:27:33 -07:00
Masatoshi Kimura
dfb8d11072 Bug 1268728 - Remove ability to enable RC4. r=keeler 2016-06-07 22:17:43 +09:00
David Keeler
5e35bedf79 bug 1266563 - regenerate CA telemetry hash table r=jcj
MozReview-Commit-ID: 1NXDU2ejfzl

--HG--
extra : rebase_source : 86abe8c3009542557da524f3697414b7cee9fcb3
2016-06-03 16:12:38 -07:00
Carsten "Tomcat" Book
4aea0165dc merge mozilla-inbound to mozilla-central a=merge 2016-06-06 11:55:56 +02:00
ffxbld
989a828304 No bug, Automated HPKP preload list update from host bld-linux64-spot-384 - a=hpkp-update 2016-06-04 05:09:33 -07:00
ffxbld
237f18948d No bug, Automated HSTS preload list update from host bld-linux64-spot-384 - a=hsts-update 2016-06-04 05:09:30 -07:00
Masatoshi Kimura
ee23c0a77c Bug 975832 - Enable AES-256 variants of the AES-128 GCM cipher suites we have already enabled. r=keeler 2016-06-04 08:19:29 +09:00
Cykesiopka
4e54963733 Bug 1275197 - Ensure nsNSSU2FToken.cpp GetSymKeyByNickname() does not cause leaks. r=keeler
Prior to these changes, GetSymKeyByNickname() could theoretically leak. This
should not happen in practice, so the changes here just ensure that the code
doesn't cause leaks.

MozReview-Commit-ID: LWtqLmsBPV2

--HG--
extra : transplant_source : rWE%CD%D8%A7%87%3C%95%03%B5%03E%3E%06E%C7O%0D%F6
2016-06-01 22:43:37 -07:00
Jonas Sicking
c706b7f059 Bug 1275714 - Changes in preparation for FlyWeb landing. Add ability to pin using a cert fingerprint, in addition to using a cert. r=dkeeler
--HG--
extra : amend_source : 41336f6eeaf5e26b91e177dd60a91ad9ed3a064c
2016-06-01 17:02:34 -04:00
J.C. Jones
8524776280 Bug 1275479 - Create nsIU2FToken base interface (Part 2). r=keeler
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.

MozReview-Commit-ID: GQuu6NolF4D

--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
2016-05-27 13:44:20 -07:00
Chris Peterson
6b776e8000 Bug 1277014 - Fix -Wstring-conversion warnings in security/manager/ssl/. r=keeler
security/manager/ssl/nsNSSComponent.cpp:1694:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [31]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1333:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1341:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1349:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1357:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
2016-05-31 21:51:50 -07:00
Carsten "Tomcat" Book
76fd727737 Merge mozilla-central to mozilla-inbound 2016-05-30 15:30:55 +02:00
Carsten "Tomcat" Book
463212f69f merge mozilla-inbound to mozilla-central a=merge 2016-05-30 15:29:19 +02:00
ffxbld
dca36f5e32 No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update 2016-05-28 05:20:15 -07:00
ffxbld
3eac728432 No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update 2016-05-28 05:20:13 -07:00
Chris Peterson
11ef78ae89 Bug 1275016 - Rename Endian.h to EndianUtils.h to avoid #include confusion with Android's endian.h stdlib header. r=froydnj
--HG--
rename : mfbt/Endian.h => mfbt/EndianUtils.h
2016-05-22 13:31:11 -07:00
David Keeler
8ba29d1473 bug 1265113 - implement platform support for enterprise roots r=Cykesiopka,mhowell,rbarnes
MozReview-Commit-ID: JKxwCjoH0Oa

--HG--
extra : rebase_source : 9eaf3f1c5371e7b4b4df304bc6ce132ade5775da
2016-04-13 15:36:22 -07:00
Carsten "Tomcat" Book
b6b164ec6d Merge mozilla-central to mozilla-inbound 2016-05-25 15:20:00 +02:00
Carsten "Tomcat" Book
c715836c7f merge mozilla-inbound to mozilla-central a=merge 2016-05-25 15:04:00 +02:00
Carsten "Tomcat" Book
3cab03a461 Merge mozilla-central to fx-team 2016-05-24 15:15:55 +02:00
Carsten "Tomcat" Book
cb4337c62c merge mozilla-inbound to mozilla-central a=merge
--HG--
rename : dom/presentation/tests/mochitest/file_presentation_non_receiver_oop.html => dom/presentation/tests/mochitest/file_presentation_non_receiver.html
rename : dom/presentation/tests/mochitest/file_presentation_non_receiver_inner_iframe_oop.html => dom/presentation/tests/mochitest/file_presentation_non_receiver_inner_iframe.html
rename : dom/presentation/tests/mochitest/file_presentation_receiver_inner_iframe_oop.html => dom/presentation/tests/mochitest/file_presentation_receiver_inner_iframe.html
2016-05-24 14:52:23 +02:00
ffxbld
d8a85e51ac No bug, Automated HPKP preload list update from host bld-linux64-spot-425 - a=hpkp-update 2016-05-21 05:05:21 -07:00
ffxbld
0ffea88a0a No bug, Automated HSTS preload list update from host bld-linux64-spot-425 - a=hsts-update 2016-05-21 05:05:19 -07:00
Masatoshi Kimura
3e0685deec Bug 1274953 - Bump the lowest valid TLS insecure fallback limit to 3 (TLS 1.2). r=keeler 2016-05-24 19:08:13 +09:00
Masatoshi Kimura
877c4b8482 Bug 1275252 - Deal with some TLS 1.3 intolerance. r=keeler 2016-05-25 19:36:57 +09:00
Mathieu Leplatre
695a9942a4 Bug 1266235 - Use blocklist prefix in preference names. r=MattN
MozReview-Commit-ID: 5aeoiSEMwYw

--HG--
extra : rebase_source : ff4e77c88de58923afe75be2046dcdb98e40ad2f
2016-05-19 12:51:13 +02:00
Johnathan Nightingale
c40db9a65c bug 466011 - clarify comments in cert override service IDL r=kaie DONTBUILD NPOTB
--HG--
extra : rebase_source : 6c67c12f768c4f5e9df84a7ab982d08095ba29ae
2016-05-27 13:11:32 -07:00
David Keeler
e87f6f88e2 bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r=mcmanus
MozReview-Commit-ID: 6i7HxTdLcID

--HG--
extra : rebase_source : 3c1b4c0ed798c166cbc2bcad71de90543af176c1
2016-05-23 13:58:56 -07:00
Carsten "Tomcat" Book
805f86c2b5 Merge mozilla-central to mozilla-inbound 2016-05-24 15:13:51 +02:00
Cykesiopka
0b04616a47 Bug 1271496 - Stop using Scoped.h in non-exported PSM code. r=keeler
Scoped.h is deprecated in favour of the standardised UniquePtr.

This patch removes use of Scoped.h everywhere in PSM except ScopedNSSTypes.h,
which is exported. Other consumers of ScopedNSSTypes.h can move off Scoped.h
at their own pace.

This patch also changes parameters and return types of various functions to make
ownership more explicit.

MozReview-Commit-ID: BFbtCDjENzy

--HG--
extra : transplant_source : %0B%C7%9F%40%FA9%A4%F2%5E%0D%92%1C%A6%A49%94%C3%7E%1Cz
2016-05-23 19:50:26 -07:00
Cykesiopka
378731742d Bug 883718 - Followup: Remove nsIBufEntropyCollector.idl. r=trivial
This file is no longer used post
https://hg.mozilla.org/mozilla-central/rev/8dd88e2a1976, but was not removed.
2016-05-24 00:51:00 +02:00
Nicholas Nethercote
99a82c0ac7 Bug 1273711 - Avoid OOM aborts in nsSecretDecoderRing::encode(). r=cykesiopka.
This patch removes an infallible duplication of the base64-encoded string,
which can be large.

--HG--
extra : rebase_source : c8e709d7afcb53e23fdea919fade857a7fd3fea4
2016-05-19 08:55:48 +10:00
Cykesiopka
5a7878cf2c Bug 1222754 - Replace nsSecureBrowserUIImpl::mOnStateLocationChangeReentranceDetection and nsAutoAtomic. r=keeler
mOnStateLocationChangeReentranceDetection and nsAutoAtomic form an unnecessarily
threadsafe reentrance prevention mechanism that can be replaced by
mozilla::ReentrancyGuard.

MozReview-Commit-ID: KWDdFD5TpCk

--HG--
extra : rebase_source : c3e0a9ad32ff169c6afb00dd10099835b6196682
2016-05-19 22:00:44 -07:00
Cykesiopka
2677d5c111 Bug 1273749 - Address misc issues with nsNSSCertValidity. r=keeler
Prior to the changes here, nsNSSCertValidity had the following issues:
 - Did not check for NSS shut down.
 - Provided an irrelevant zero argument constructor.
 - Did not explicitly delete the unwanted copy constructor and assignment
   operators.
 - Misc style issues.
 - Did not have a dedicated test.

MozReview-Commit-ID: JUPtk1OjsNg

--HG--
extra : rebase_source : 2f6475c842b8c1c2570a7a5e4e9f87f0bb12deae
2016-05-19 17:35:09 -07:00
Cykesiopka
ff87cc2acc Bug 1251133 - Remove DSA telemetry. r=jcj
Firefox no longer supports DSA cipher suites, so this telemetry is dead code.

MozReview-Commit-ID: G3ipd0TADM

--HG--
extra : rebase_source : 6cd2b10727107c048010d39b24e328f5539a7220
2016-05-19 18:42:16 -07:00
Wes Kocher
4f7146f46c Backed out changeset 1b8f35a4774e (bug 1273677) for valgring leaks CLOSED TREE 2016-05-20 18:13:12 -07:00
David Keeler
a53c0feecf bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r=mcmanus
MozReview-Commit-ID: 6i7HxTdLcID

--HG--
extra : rebase_source : 5a64db198fe582e6057bb58f8f51be3e9a63192b
2016-05-17 15:17:33 -07:00
Cykesiopka
6b12fc8650 Bug 1271501 - Use mozilla::BitwiseCast instead of reinterpret_cast in PSM. r=keeler
mozilla::BitwiseCast does the same thing, but provides static asserts that
mitigate some of the risk of using reinterpret_cast.

MozReview-Commit-ID: ENQ8QC6Nl9o

--HG--
extra : rebase_source : c1725c8363c0f7f9877601de5ab5f152ef4d0439
2016-05-18 21:20:56 -07:00
Cykesiopka
179b27667b Bug 1271501 - Downgrade unnecessarily strong reinterpret_casts in PSM. r=keeler
These reinterpret_casts can be static_casts or const_casts instead.

MozReview-Commit-ID: 1KQDWHO9CGS

--HG--
extra : rebase_source : a629d91577bdcb6d7fd94416e61ad46ca43f945d
2016-05-18 18:58:41 -07:00
Cykesiopka
5e0c49ff77 Bug 1271501 - Remove unnecessary uses of reinterpret_cast in PSM. r=keeler
These uses of reinterpret_cast are either pointless, or can be removed via
refactoring.

MozReview-Commit-ID: Aw2rlJfrT6J

--HG--
extra : rebase_source : 243d6c38eedc086c59d47c93d4a57cb6a922910a
2016-05-18 18:58:40 -07:00
Martin Thomson
103d3aba59 Bug 1250568 - Adding TLS 1.3 to nsISSLStatus, r=keeler
MozReview-Commit-ID: 4mLdtsdFoKN

--HG--
extra : rebase_source : 8526499c8765a14efeec22950372c738d8dc8b95
2016-04-04 16:21:19 -03:00
Martin Thomson
ec792f4dff Bug 1250568 - Adding ECDHE_PSK suites, r=keeler
MozReview-Commit-ID: 1MGB7ewpDuZ

--HG--
extra : rebase_source : 5afd535d6f853db31dd98f70dbc189d01a0246fa
2016-04-04 16:21:19 -03:00
Martin Thomson
9b8f068092 Bug 1250568 - Add support for TLS1.3 in prefs and telemetry, r=keeler
MozReview-Commit-ID: AH8SO3fRUp4

--HG--
extra : rebase_source : f7b367bc4577c2fea2741c60793f7cde6cba0aef
2016-04-19 14:29:36 +10:00
Cykesiopka
18c21f386e Bug 1271495 - Replace uses of ScopedPK11Context with UniquePK11Context. r=keeler,mcmanus
ScopedPK11Context is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

MozReview-Commit-ID: HE8UY1hOuph

--HG--
extra : transplant_source : 4%BF%81M%09Q-%2A%E6%04%86i%18%1B%3CL%90%88%04%C7
2016-05-13 05:53:57 -07:00
Chris Peterson
353ee65255 Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium 2016-05-11 00:00:01 -07:00
Hasse
692b996c80 bug 428421 - fix ordering of FIPS description strings r=keeler
In bug 317630, in the call to PK11_ConfigurePKCS11, the order of the strings
provided was switched such that the FIPS token description appeared before the
FIPS slot description, when in fact the reverse should happen.
2016-05-12 15:45:30 -07:00
David Keeler
c17f3a2733 bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj
MozReview-Commit-ID: 88JhIU1pUji

--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
2016-05-05 16:11:11 -07:00
Cykesiopka
ebd2e17c94 Bug 1265207 - Enable ESLint "var-only-at-top-level" rule for PSM tests. r=jjones
|let| is generally preferred over |var| in PSM JS.

MozReview-Commit-ID: 7SJWQSKFxI4

--HG--
extra : rebase_source : 387c6259ffa2cb0585ff366edc568ccc39bfd902
2016-05-09 18:04:14 -07:00