Commit Graph

8080 Commits

Author SHA1 Message Date
Brian Smith
9d23ee7fc7 Bug 891066, Part 8: Add stapled OCSP response to CertVerifier, r=cviecco
--HG--
extra : rebase_source : ffe0762228d1217cb51e2f8fad2e0605d7d61344
extra : source : f721d60b6bf74467381590457ce3542f83a2f43a
2013-09-27 19:53:36 -07:00
Brian Smith
12a2ffda37 Bug 891066, Part 7: Give CertVerifier its own NSPR logging module, r=cviecco
--HG--
extra : rebase_source : a6b38c4026fe70c9789cbe4830df57c943382f5b
extra : source : 591daff856840016c979ed9b4fdbed4ed68f22a6
2013-07-10 23:47:09 -07:00
Brian Smith
213974a8d4 Bug 891066, Part 6: Move SSL server cert verification logic to security/certverifier, r=cviecco
--HG--
extra : rebase_source : e30b5b46e075c52651bb5320b17660f85a50abbb
extra : source : ef41444d0a7d1f6697c7a4d431fffe8db1724605
2013-07-08 16:30:59 -07:00
Brian Smith
4488103b73 Bug 891066, Part 5: Switch to security::pkix::ScopedCERTCertList, r=cviecco
--HG--
extra : rebase_source : 59015f864e612f18a2f7bb62092b692ae8d47853
extra : source : 31f68b8a192b45720fe931176cdc0565e8c6fd80
2014-01-22 17:13:19 -08:00
Brian Smith
b92b30b8cf Bug 733454: Remove hard-coded blocklisting in PSM for Comodo and DigiNotar, r=cviecco
--HG--
extra : rebase_source : 3a3ab5246bd6e2af4a0952c64181cad6feb5c424
extra : source : 2e540dd35edfa0ef3549ed4dd8f0b15b57cb2806
2013-07-01 11:39:16 -07:00
Brian Smith
5ce3726857 Bug 891066, Part 4: Fix indention, r=me, a=whitespace-only
--HG--
extra : rebase_source : 0b9dad2a331b729f614b9b3ee29793a3c89ae053
extra : source : 651a8ef41d0611f0dbc72cbd663071958fea649b
2013-09-19 13:39:36 -07:00
Brian Smith
3091f37853 Bug 891066, Part 3: Move more initialization of NSS to security/certverifier, r=keeler
--HG--
extra : rebase_source : 33aad105028f849d0bbe1c37b60eab50f2f22c88
2014-01-20 22:10:33 -08:00
Brian Smith
c1583f22ce Bug 891066, part 2: Move CertVerifier to security/certverifier, r=keeler
--HG--
extra : rebase_source : dd59a391825b776b075e855660c2488105e2d741
2014-01-26 19:36:28 -08:00
Brian Smith
efdf583668 Bug 891066, Part 1: Remove CertVerifier's dependency on nsNSSComponent, r=keeler, r=cviecco
--HG--
extra : rebase_source : 3242f78d6d4d68080997dd56dae1fd0675750d5e
extra : source : 965c9f30e9b87e418bbf6ab43657257e94992223
2014-01-19 14:05:40 -08:00
Brian Smith
188876d1dc Bug 961454: Clean up whitespace in key PSM files, r=keeler, r=cviecco
--HG--
extra : rebase_source : 53f14cc6f97814eb9913a1ddad1a19631e2af08a
2014-01-21 17:30:44 -08:00
Camilo Viecco
4a27519edf Bug 916632 (insanity::pkix::ScopedPtr), Part 3: Work around old GCC's lack of nullptr, r=briansmith
--HG--
extra : rebase_source : 4b212aad2968101717be1e2af9f17d54939bba46
extra : source : 39a083dfd00dd95fafd6444e9ea69ff1257e5eca
2013-06-28 16:16:56 -07:00
Brian Smith
d5c243899e Bug 916632 (insanity::pkix::ScopedPtr), Part 2: Add insanity::pkix's pkixtypes.h, r=cviecco
--HG--
extra : rebase_source : a621a91751a57117a02696e9159e9cedc40883ff
extra : source : 04a20c24c869c848a191d0553f636fe27fe88ee8
2013-07-08 12:30:32 -07:00
Brian Smith
06536e76c8 Bug 916632 (insanity::pkix::ScopedPtr), Part 1: Add insanity::pkix::ScopedPtr, r=cviecco
--HG--
extra : rebase_source : 57180ed742a0ae16ea662ce2fdf1f79bad0f8dda
extra : source : e92633f954bcff92b47621337b3c8d8ad83ac543
2013-09-05 02:01:58 -07:00
ffxbld
95fed55276 No bug, Automated HSTS preload list update from host bld-centos6-hp-006 - a=hsts-update 2014-01-25 03:14:57 -08:00
David Keeler
a3dd98815d bug 951354 - test nsNSSCertificateDB for proper shutdown r=cviecco a=abillings 2014-01-21 16:47:47 -08:00
Jed Davis
7ee34b3db7 Bug 960365 - Whitelist uname for nsSystemInfo. r=kang 2014-01-21 15:48:00 -05:00
Ms2ger
384f5ca9e3 Merge latest PGO-green changeset from inbound to central. 2014-01-20 09:30:38 +01:00
Ms2ger
4f1e9b830b Bug 956015 - Add an infallible nsIDocShellTreeItem::ItemType; r=bz 2014-01-20 08:58:26 +01:00
Brian Smith
18f9a21219 Bug 952874: Fix telemetry for RSA/DHE key sizes of 1025-1280 bits and fix misspelling, r=keeler 2014-01-18 17:59:24 -08:00
Brian Smith
d1287a15a2 Bug 950858: Make cipher suite telemetry code less crash-prone, r=keeler 2014-01-18 16:52:16 -08:00
Phil Ringnalda
74c9eb6feb Merge m-i to m-c 2014-01-18 15:17:10 -08:00
ffxbld
6d2f3012ee No bug, Automated HSTS preload list update from host bld-linux64-ec2-438 - a=hsts-update 2014-01-18 03:20:19 -08:00
Brian Smith
3824df981f Bug 960714: Make NPN and ALPN prefs dynamic, r=keeler, r=mcmanus
--HG--
extra : rebase_source : 42ff8c05b682e755d51ec79e2cb26db7cedd382f
2014-01-16 21:38:59 -08:00
David Keeler
2ffb88c0b9 bug 960723 - fix failingOCSPResponder in test_ev_certs.js r=briansmith 2014-01-16 13:18:38 -08:00
Patrick McManus
ff9c9eca9f Bug 890994: ALPN support for Gecko, r=briansmith 2014-01-14 15:34:23 -05:00
Brian Smith
fcda5c306b Bug 958916: Update NSS to NSS 3.15.5 beta 2 (NSS_3_15_5_BETA2) plus private patch for bug 950129, CLOBBER, r=me
--HG--
extra : rebase_source : a0a28ba744ecf81510a4c5bec3a353e4fe275f5a
extra : amend_source : e8b89e0560fc75de5557b8e4543269363f417132
2014-01-16 13:18:55 -08:00
Wes Kocher
44b44b413c Backed out changeset 8526c7a38761 (bug 951354) for CPP unittest bustage 2014-01-17 17:50:17 -08:00
David Keeler
88d7f1342f bug 951354 - test nsNSSCertificateDB for proper shutdown r=cviecco a=abillings 2014-01-17 16:22:51 -08:00
Raymond Etornam Agbeame(:retornam)
5aa30a620f Bug 950169 - remove unused arguments for LogInvalidCertError r=keeler 2014-01-17 11:57:57 -08:00
David Keeler
a7bcf97cfc bug 950240 - don't do DV fallback for nsIIdentityInfo.isExtendedValidation r=briansmith 2014-01-17 11:04:09 -08:00
David Keeler
b8f6622e6b bug 947759 - unconditionally add Google sites to the HSTS preload list r=cviecco DONTBUILD NPOTB 2014-01-15 11:22:06 -08:00
David Keeler
cb931af8e3 bug 959796 - refactor error reporting in getHSTSPreloadList.js r=cviecco DONTBUILD NPOTB 2014-01-15 11:20:55 -08:00
Brian Smith
2bf2f0ce5a Bug 923304, Part 2: Adjust EV tests, r=keeler
--HG--
extra : rebase_source : f0cfd0089a99dddd8852e0613bc2a31e5c12b1de
2014-01-14 15:22:09 -08:00
Brian Smith
ae750cc925 Bug 923304, Part 1: Add test for OCSP response signed by CA that has an OCSP URI, r=keeler, r=briansmith
--HG--
extra : rebase_source : 7cafe0781563382c2221e865201beb023fea3628
2014-01-13 02:33:08 -08:00
Brian Smith
8282e4ae96 Bug 950129: Make OCSP fetching policy for OCSP response signing certificates consistent, r=wtc, r=rrelyea
--HG--
extra : rebase_source : 2369fcd80eb6ed5ec7e96657cdf8b43514c8357b
2014-01-12 23:13:10 -08:00
David Keeler
648d25a19a bug 957368 - standardize and simplify nsNSSShutDownObject implementations r=cviecco r=briansmith 2014-01-14 09:28:43 -08:00
Garrett Robinson
eabe1d0a0f Bug 883975 - CSP 1.1 hash-source. r=sstamm, r=dholbert, r=mrbkap 2014-01-02 11:14:06 -08:00
Brian Smith
b6cabfc2be Bug 957667: Decouple OCSP stapling pref from the OCSP fetching pref, and couple the OCSP required pref to the OCSP fetching pref, r=keeler
--HG--
extra : rebase_source : 86cb86f76f4def579fcf07e479025852849c34f8
extra : source : 08115711a4e6e77971c9e872fb6c68e88ac9693e
2014-01-08 08:51:06 -08:00
Brian Smith
4f7ae6c58b Bug 959026: Add telemetry about cases where we don't do OCSP fetching when we expect to, r=keeler
--HG--
extra : rebase_source : f7e9826569325f497273a92eec5127c414baa8bc
extra : source : bb5bb5a1b571e54695a4c8d5be0cc447f29f0358
2014-01-12 19:31:40 -08:00
Ryan VanderMeulen
de8f18e28c Backed out changesets 1b892043a386 and 0e14b3468b94 (bug 923304) and changeset 2e2c276950b9 (bug 950129) for xpcshell failures. 2014-01-13 18:00:34 -05:00
Ryan VanderMeulen
e7b8f32115 Merge inbound to m-c. 2014-01-13 17:44:24 -05:00
Brian Smith
3a3061758d Bug 923304, Part 2: Adjust EV tests, r=keeler
--HG--
extra : source : 97bf218ac3bb44e81074ca95877ca8b6414265b3
2013-12-28 11:28:49 -08:00
Brian Smith
effee37c95 Bug 923304, Part 1: Add test for OCSP response signed by CA that has an OCSP URI, r=keeler, r=briansmith
--HG--
extra : source : e7afcba6743e40755d28a296b00c395392864657
2014-01-13 02:33:08 -08:00
Brian Smith
ad7961afde Bug 950129: Make OCSP fetching policy for OCSP response signing certificates consistent, r=wtc, r=rrelyea
--HG--
extra : source : 44afac41de6a81c1e4430afa10e6f2836599ecd8
2014-01-12 23:13:10 -08:00
Brian Smith
bb80c6ec24 Bug 958916: Update to NSS 3.15.5 beta 1 (NSS_3_15_5_BETA1), r=me
--HG--
extra : rebase_source : 19606540e96bd00b737bc9c5782f8c445e006189
2014-01-12 22:09:19 -08:00
Patrick McManus
0ef97ed6fd bug 951199 - Interface for Socket Level Access to TLS Version Used r=dkeeler r=bsmith 2013-10-09 17:21:48 -07:00
Nemina Amarasinghe
76f959e6f5 Bug 946075 - Remove extra space from ssl_error_bad_cert_domain error message contains in TransportSecurityInfo.cpp. r=dkeeler 2014-01-13 09:28:14 -05:00
Brian Smith
367c980791 Bug 957665: Add telemetry to measure how many people have OCSP enabled, r=keeler
--HG--
extra : rebase_source : e6dd0d7d06ce0eb5b2f34a77a851dd7c0655ac3e
2014-01-08 08:59:53 -08:00
Jed Davis
1acb8c0912 Bug 945330 - Reword and slightly improve sandbox violation log message. r=kang
The main goal is to have a message that unambiguously indicates a crash,
so mozharness can grep for it even if some of the details change later.

Also now includes the entire argument list; most syscalls don't use all
six, so the last few will be meaningless, but it can't hurt to log them.
2014-01-10 08:22:58 -05:00
David Keeler
02ba1423d9 bug 950268 - fix leak in nsCertTree::GetDispInfoAtIndex r=cviecco 2014-01-09 10:02:08 -08:00
Phil Ringnalda
1dddb1a066 Back out 2e7e2de7b13e (bug 948574) for b2g mochitest crashes
CLOSED TREE
2014-01-07 21:10:23 -08:00
David Keeler
12478c7858 bug 948574 - remote nsISiteSecurityService::IsSecureURI r=bz 2014-01-07 11:31:30 -08:00
Brian Smith
7a3a090854 Bug 952876: Add test for bug 952808 (OCSP stapling not honored when there is a error entry in the OCSP cache), r=keeler 2014-01-06 14:45:35 -08:00
Brian Smith
e78c9d7289 Bug 933109: Add tests to verify that we retry OCSP when we have a cached Unknown response, r=keeler 2014-01-06 14:41:04 -08:00
Wes Kocher
13a42d347d Backed out changeset 75e5396d0847 (bug 933109) for xpcshell bustage 2014-01-06 17:50:53 -08:00
Wes Kocher
20073cae22 Backed out changeset b8f1b1cfc9e2 (bug 952876) 2014-01-06 17:50:23 -08:00
Brian Smith
86906b978c Bug 952876: Add test for bug 952808 (OCSP stapling not honored when there is a error entry in the OCSP cache), r=keeler
--HG--
extra : rebase_source : d83e4b3681b36616441e6fd412969998a19eae4c
extra : amend_source : 475bff5dd333fb54729fdace0f295c6e026c5a18
2014-01-06 14:45:35 -08:00
Brian Smith
ded0276b7d Bug 933109: Add tests to verify that we retry OCSP when we have a cached Unknown response, r=keeler
--HG--
extra : rebase_source : 4e73c5812e75adf053f2158a88a6a8e58307c9d7
2014-01-06 14:41:04 -08:00
David Keeler
2082ba1a5d bug 951354 - nsNSSCertificateDB: call shutdown(calledFromObject) in destructor r=cviecco a=abillings 2013-12-19 11:45:50 -08:00
Brian Smith
b866cfd1ca Bug 898431: Update NSS to NSS 3.15.4 RTM (NSS_3_15_4_RTM), r=me 2014-01-06 14:31:01 -08:00
Ehsan Akhgari
1b83407ce9 Bug 927728 - Part 1: Replace PRUnichar with char16_t; r=roc
This patch was automatically generated by the following script:

#!/bin/bash
# Command to convert PRUnichar to char16_t

function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
       ! -wholename "*security/nss*" \
       ! -wholename "*modules/libmar*" \
       ! -wholename "*/.hg*" \
       ! -wholename "obj-ff-dbg*" \
       ! -name prtypes.h \
       ! -name Char16.h \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.c" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert PRUnichar char16_t
2014-01-04 10:02:17 -05:00
ffxbld
a5f9e559f4 No bug, Automated HSTS preload list update from host bld-linux64-ec2-441 - a=hsts-update 2014-01-04 03:20:04 -08:00
ffxbld
f89538aa82 No bug, Automated HSTS preload list update from host bld-linux64-ec2-018 - a=hsts-update 2013-12-28 03:23:00 -08:00
Brian Smith
987c5c3e05 Bug 898431: Update NSS to NSS 3.15.4 beta 10 (NSS_3_15_4_BETA10), r=me 2013-12-21 23:15:41 -08:00
ffxbld
85d518fff6 No bug, Automated HSTS preload list update from host bld-centos6-hp-016 - a=hsts-update 2013-12-21 03:14:20 -08:00
Wan-Teh Chang
7cd5c434ed Bug 898431: Update NSS to NSS_3_15_4_BETA9. Includes the fixes for
bug 946147, bug 930874, bug 930857, bug 934545, bug 915408.
2013-12-20 12:01:06 -08:00
Gregory Szorc
e396fc159d Bug 774572 - Part 2: Define JAR_MANIFESTS in moz.build files; r=glandium
Every directory with a jar.mn now has JAR_MANIFESTS defined in its
moz.build file.

We also removed the may_skip special consideration of jar.mn files
because this information is now available during tier traversal by the
reader courtesy of the variables being present in moz.build files.

--HG--
extra : rebase_source : 21049b15e6bd9cf65b0805ccaccc4ba5aae93c98
extra : amend_source : 0b1ea866d725beef92d37c6f6d475369ac002e19
2013-12-10 16:18:11 +09:00
David Keeler
b4908bf345 bug 887321 - initial OCSP stapling telemetry r=briansmith 2013-12-16 09:32:16 -08:00
Trevor Saunders
d43c55ca0e bug 949821 - use MOZ_UTF16 more and NS_LITERAL_STRING less r=froydnj 2013-12-12 20:50:01 -05:00
Raymond Etornam Agbeame
263d3452ce Bug 945857: Remove the security.fresh_revocation_info.require preference, r=briansmith 2013-12-16 00:09:21 -08:00
Phil Ringnalda
fde33d1583 Merge m-i to m-c 2013-12-14 18:20:38 -08:00
ffxbld
b47490ccbf No bug, Automated HSTS preload list update from host bld-linux64-ix-037 - a=hsts-update 2013-12-14 03:18:03 -08:00
David Keeler
e7c01f9f5b bug 950253 - fix typo in getHSTSPreloadList.js r=briansmith DONTBUILD because NPOTB 2013-12-13 16:06:54 -08:00
Bobby Holley
07df154678 Bug 937317 - Replace all instance of null cx pushing with AutoSystemCaller. r=bz
This is an easy bonus chunk of the work to phase out cx pushing in the browser.
2013-12-11 17:51:58 -08:00
Camilo Viecco
b76fac8502 Bug 938046 - Part 4. Tests for consistency of getchain and getissuer. r=dkeeler 2013-11-21 13:50:51 -08:00
Camilo Viecco
c653f8bfb9 Bug 938046 - Part 3. Iterate only through valid users on getchain r=dkeeler 2013-12-11 13:04:07 -08:00
Camilo Viecco
e37fbe8375 Bug 938046 - Part 2. Get issuer uses getchain to comput issuer. r=dkeeler 2013-11-21 13:50:49 -08:00
Camilo Viecco
d93962c4a5 Bug 938046 - Part 1. Iterate through variable not over const. r=dkeeler 2013-11-21 13:45:20 -08:00
Cykesiopka
bccb5eda75 Bug 910986 - Fix cert trust editing in People tab of Cert Manager. r=dkeeler 2013-12-10 10:36:47 -05:00
Cykesiopka
0d841afed1 Bug 539710 - Use char16_t ',' instead of NS_LITERAL_STRING in nsNSSCertificate.cpp. r=dkeeler 2013-12-10 10:36:31 -05:00
Ryan VanderMeulen
52ab5ad2dc Merge b2g-inbound to m-c. 2013-12-09 17:26:11 -05:00
Camilo Viecco
92f4ee9e45 Bug 936808 - Serialize calls to PK11 routines in SSLServerCertVerification. r=briansmith 2013-12-09 09:12:47 -08:00
Birunthan Mohanathas
3440613a39 Bug 713082 - Part 2: Rename Util.h to ArrayUtils.h. r=Waldo
--HG--
rename : mfbt/Util.h => mfbt/ArrayUtils.h
2013-12-08 21:52:54 -05:00
Brian Smith
25cf163695 Bug 942152, r=dkeeler, r=honzab
--HG--
extra : rebase_source : 7f0bab4efa26e9c185b29fdb14d846035147fd2f
2013-12-05 20:33:49 -08:00
Phil Ringnalda
cacf62c269 Back out 35371620801a:bf2019278b77 (bug 937317) for gaia-ui-test bustage and frequent timeouts in its own test 2013-12-07 11:08:56 -08:00
ffxbld
b69187e615 No bug, Automated HSTS preload list update from host bld-linux64-ec2-351 - a=hsts-update 2013-12-07 03:22:31 -08:00
Camilo Viecco
e0f5696cba Bug 945349 - CertVerifier should check early for bad usages. r=briansmith 2013-12-06 13:42:44 -08:00
Vicamo Yang
00ea22f388 Bug 944625 - B2G Emulator-x86: fix undeclared __NR_socketpair, __NR_sendmsg. r=kang,jld 2013-12-09 21:02:54 +08:00
Bobby Holley
cdf05d42a4 Bug 937317 - Replace all instance of null cx pushing with AutoSystemCaller. r=bz
This is an easy bonus chunk of the work to phase out cx pushing in the browser.
2013-12-06 12:01:42 -08:00
Raymond Etornam Agbeame
676b9a2b0e Bug 945855: Remove the security.first_network_revocation_method pref, r=briansmith
--HG--
extra : rebase_source : e416ba1e78f95234d403c078ad81b5fddcce947a
extra : amend_source : 7adbe291df748b5a6d1f1122573e862bdc5f5f11
2013-12-06 00:55:17 -08:00
Cykesiopka
229baa51e6 Bug 945851: Remove pref for showing dialog box when NSS initialization fails, r=briansmith
--HG--
extra : rebase_source : 1142d1775b8846e8bd46109affc62df262e598d4
2013-12-06 00:12:08 -08:00
Carsten "Tomcat" Book
076ec87e09 Backed out changeset 374e44c835a8 (bug 937317) WinXP Build Bustage on a CLOSED TREE 2013-12-06 08:41:42 +01:00
Chris Peterson
6f76ca5751 Bug 946116 - Remove unused isResumedSession variable from nsNSSCallbacks.cpp. r=bsmith 2013-12-03 21:07:29 -08:00
Bobby Holley
901b658c25 Bug 937317 - Replace all instance of null cx pushing with AutoSystemCaller. r=bz
This is an easy bonus chunk of the work to phase out cx pushing in the browser.
2013-12-05 21:34:17 -08:00
Camilo Viecco
7223d195ae Bug 585122 - In PSM provide EV only with OCSP revocation (Part 2: tests). r=briansmith. 2013-12-02 11:12:21 -08:00
Camilo Viecco
d5220b22a6 Bug 585122 - Part 1. EV do not request CRL. r=briansmith. 2013-12-02 11:08:06 -08:00
Brian Smith
c7f8cc63c2 Bug 898431: Update to NSS 3.15.4 beta 8 (NSS_3_15_4_BETA8), r=me 2013-12-05 07:27:11 -08:00
Brian Smith
1e0f7a1545 Bug 898431: Update to NSS 3.15.4 beta 7 (NSS_3_15_4_BETA7), r=me
--HG--
extra : rebase_source : 51f5e01db5d8dec46f341e217fa2ba97382c723c
extra : amend_source : 04d8a9e4a861228c217b9d766cd8781d49ed496f
2013-12-04 20:51:58 -08:00
Brian Smith
98daee98b9 Bug 898431: Update NSS to NSS 3.15.4 beta 6 (NSS_3_15_4_BETA6), r=me
--HG--
extra : rebase_source : 9f497ceb1c74fbf15938171229f5a7339e277333
2013-12-03 20:04:07 -08:00
Steffen Wilberg
f62f500883 Bug 945871: Remove the security.ssl3.ecdh_* preferences, r=briansmith
--HG--
extra : rebase_source : 39f680c48ae198263af61b8c2cc07bdb7dc829a7
2013-12-03 18:56:33 -08:00