Commit Graph

10109 Commits

Author SHA1 Message Date
Gregory Szorc
4ab279264e Bug 1257036 - Disable C4302 to unblock compilation on VS2015; r=bobowen
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. But the warning
occurs in third party code, so my hands are tied.

MozReview-Commit-ID: A0UF2RHJzVo

--HG--
extra : rebase_source : 3fc5300f6f67274162f4d65fd83eb9c18b4bf716
2016-03-16 13:27:59 -07:00
David Keeler
d27e176906 bug 1236964 - enable Certum Trusted Network CA 2 root certificate for EV treatment r=jcj
MozReview-Commit-ID: 8QlBgAdXjlm

--HG--
extra : rebase_source : 07affb67f289f9d460e3eac147dcd44945da182d
2016-03-15 16:08:15 -07:00
David Keeler
fceae4c33d bug 1256495 - temporarily check build-time-generated PSM xpcshell test certificates in to the tree r=Cykesiopka
MozReview-Commit-ID: GIJgI4mFpGL

--HG--
extra : rebase_source : 143f72f3c8d6c0ac41151b9db38bec2fbaacd76b
2016-03-14 17:30:36 -07:00
Cykesiopka
301ab6716b Bug 1250258 - Partially clean up nsNSSCertificateDB.cpp import methods. r=keeler
MozReview-Commit-ID: Dbk5N1FwdWB

--HG--
extra : rebase_source : d97d4802af2f41218be2d210a8ecdb9bf1885122
2016-03-16 03:54:26 -07:00
Brian Smith
30373af60a Bug 1189020 - Replace |// unnamed namespace| with |// namespace| in mozilla::pkix. r=Cykesiopka
This is what Google suggests in its style guide, and somebody
already changed one of these comments to the new style.

--HG--
extra : rebase_source : fe3f7fc17a2fc09ad0ba01fa1511dc8dba7653e1
2016-03-16 07:10:00 +01:00
Nathan Toone
4557e5f651 Bug 1092004 - Use getdtablesize for non-gonk builds as well. r=glandium
When building non-gonk builds, ANDROID_VERSION is not set.  Beginning with NDK 11, getdtablesize is no longer included.  This means that we should use the stub version of the function that is defined in android_stub.h for all android platforms.  This patch moves the function out of the "#if ANDROID_VERSION >=21" block so that all android code can use it.

Adding glandium as the reviewer, because he reviewed the original patch at bug 1103816.

MozReview-Commit-ID: 2NmUl5XuvDS

--HG--
extra : transplant_source : %03%8C/%E0%20t%D0%3Al4%D4Oh%CB_%07%8A%24r%CC
2016-03-14 16:19:12 -06:00
Nicholas Nethercote
a2f068b2ad Bug 1253085 - Remove the |PLDHashTable*| argument from PLDHash{HashKey,MatchEntry}. r=froydnj.
This is easy because it's never needed.

--HG--
extra : rebase_source : 78830dab41c40a1544fa55fc69ca9c1c6709d767
2016-03-16 15:33:44 +11:00
Tooru Fujisawa
50608d5d55 Bug 1256088 - Merge mock app-info implementation into AppInfo.jsm. r=gps 2016-03-16 16:58:29 +09:00
Nicholas Nethercote
e098d1b141 Bug 1255655 - Const-ify kPinset_* arrays. r=cykesiopka.
--HG--
extra : rebase_source : b8c360a7c79bd3e79d30210cd8e624e3e4eae7c3
2016-03-11 13:54:41 +11:00
Mike Shal
0ea1e0d44b Bug 1256011 - Remove security/manager/ssl/tests/unit/pkcs11testmodule/Makefile.in; r=ted
MozReview-Commit-ID: qM1XuSSCoX
2016-03-14 19:21:45 -04:00
Gregory Szorc
3ff1fe40e4 Bug 1256484 - Disable C4456 and C4458 to unblock compilation on VS2015; r=keeler
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. So hopefully
someone fixes the underlying problem someday. However, there are tons
of ignored warnings in security/certverifier, so I guess the workaround
in this patch is par for the course.

MozReview-Commit-ID: 7GZ9RpkxnwT

--HG--
extra : rebase_source : 023a438b6458fb4859018cde421d51072f0f0490
2016-03-14 23:57:33 -07:00
Gregory Szorc
b58a16b4d9 Bug 1256499 - Disable C4311 and C4312 to unblock compilation on VS2015; r=bobowen
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. But the warning
occurs in third party code, so my hands are tied.

MozReview-Commit-ID: BCXQcEejre9

--HG--
extra : rebase_source : a36a432edc834ec806dd4341f247143b178902a4
2016-03-15 11:28:52 -07:00
Gregory Szorc
7aa5c525a3 Bug 1256490 - Disable C4302 to unblock compilation on VS2015; r=bobowen
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. But the warning
occurs in third party code, so my hands are tied.

MozReview-Commit-ID: 6n8nl517Ly

--HG--
extra : rebase_source : 19c1c012e1ddf15accbdf1a1050e4d607f9c7b31
2016-03-14 17:00:09 -07:00
Mark Goodwin
985802557a Bug 1224531 - Provide a mechanism for the updater to drive kinto collection sync r=rnewman,mossop
There are two parts to this change. The first is a module to drive kinto
collection sync. This gives server-provided last-update times to each module
managing collection information so that data is only fetched when updates are
necessary. This also keeps track of when pings last took place (for future use)
and any apparent difference between client and server clock (we need this later
for the content signing work).

Currently only one module (the kinto version of the OneCRL client) consumes this
information, though more will follow.

The second is a minor change to nsBlocklistService.js to ensure that this ping
takes place whenever the existing blocklist ping happens.

MozReview-Commit-ID: 7SN03AOJ4Wc
2016-03-15 08:55:23 +00:00
David Keeler
61a9a234f8 bug 1255153 - (re)move redundant xpcshell name constraint tests to gtests r=Cykesiopka,jcj
MozReview-Commit-ID: 8eFSIhB1RId

--HG--
extra : rebase_source : 63b147b8bdc9f2961b2f56723ac5baa0e2564684
2016-03-09 14:33:31 -08:00
David Keeler
2f0004e1be bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.

MozReview-Commit-ID: HCtZpPQVEGZ

--HG--
extra : rebase_source : 759e9c5a7bb14f14a77e62eae2ba40c085f04ccd
2016-03-04 17:06:33 -08:00
Franziskus Kiefer
bd54ab19d3 Bug 1226928 - signature verification for content-signing, r=keeler,mayhemer 2016-03-14 11:56:35 +01:00
Franziskus Kiefer
de6c5e883a Bug 1226928 - remove Wshadow warning in ScopedNSSTypes, r=keeler 2016-03-14 11:56:25 +01:00
Ryan VanderMeulen
da1885e860 Merge inbound to m-c. a=merge 2016-03-12 15:23:38 -05:00
ffxbld
7e46a33af1 No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update 2016-03-12 04:40:14 -08:00
ffxbld
0391ff34f5 No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update 2016-03-12 04:40:12 -08:00
Wes Kocher
e7883e4059 Backed out changeset 490eb9194ae1 (bug 1228175) for TestIsCertBuiltInRoot failures on at least Android
MozReview-Commit-ID: 7kpuhoY0CJw
2016-03-09 14:22:36 -08:00
David Keeler
f228ba40a1 bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.

MozReview-Commit-ID: HCtZpPQVEGZ

--HG--
extra : rebase_source : 898ef37459723f1d8479cfdc58658ccb00e782a9
2016-03-04 17:06:33 -08:00
Richard Barnes
0926cc2911 Bug 1254653 - Add telemetry to measure how often we encounter EV certificates r=keeler
MozReview-Commit-ID: FvDpMGEJGLQ

--HG--
extra : rebase_source : 8dab354175e1a7b57450011bc50ffa6fd13448b7
2016-03-08 17:30:40 -05:00
Carsten "Tomcat" Book
1ca11b97af merge mozilla-inbound to mozilla-central a=merge 2016-03-09 11:46:43 +01:00
ffxbld
3e380e6fa3 No bug, Automated HPKP preload list update from host bld-linux64-spot-223 - a=hpkp-update 2016-03-08 19:41:38 -08:00
ffxbld
a560947174 No bug, Automated HSTS preload list update from host bld-linux64-spot-223 - a=hsts-update 2016-03-08 19:41:36 -08:00
Cykesiopka
610314abc0 Bug 1253958 - Make getHSTSPreloadList.js and genHPKPStaticPins.js gracefully handle trailing whitespace in URL entries. r=dkeeler
MozReview-Commit-ID: Kyc7JzxVEo0

--HG--
extra : rebase_source : 009554017b7ec1e2c6e57430ee554eb94deb2a3a
2016-03-06 16:02:52 -08:00
Masatoshi Kimura
0fb560192b Bug 1253166 - Remove UI to override RC4 errors. r=keeler 2016-03-08 06:34:42 +09:00
Masatoshi Kimura
e9c1221a17 Bug 1254306 - Do not check the fallback limit version for the RC4 fallback. r=keeler 2016-03-09 07:38:43 +09:00
Nathan Froyd
777c075f0e Bug 1253010 - part 3 - create all nsIDateTimeFormat instances directly; r=smontagu 2015-12-05 11:03:27 -05:00
Nathan Froyd
ae4c78cdd2 Bug 1253010 - part 1 - refactor nsX509CertValidity time formatting; r=keeler
nsX509CertValidity has several copy-pasted routines that differ only
slightly in the parameters they use for formatting times.  Let's have a
single place to do the formatting and pass in the appropriate
parameters.
2015-12-05 10:26:19 -05:00
Daniel Holbert
bda0bd02db Bug 1253194: Suppress -Wimplicit-fallthrough clang warning for intentional fallthrough in icu_utf.cc (which is imported code). r=bobowen 2016-03-04 09:00:40 -08:00
sajitk
25babf4ea8 Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
Kai Engert
9b8bef561d Bug 1245053, NSS_3_23_RTM, only version numbers finalized, no code changes, DONTBUILD 2016-03-03 10:53:54 +01:00
Cykesiopka
a650e7a431 Bug 1250254 - Enable ESLint "no-throw-literal" rule for PSM. r=dkeeler
MozReview-Commit-ID: LZcitO0FTWH

--HG--
rename : security/manager/.eslintrc => security/manager/.eslintrc.json
extra : transplant_source : %95%EA%08ofJn-l%3D%A2W%90%A6i%E4%5D%A1c%3E
2016-02-29 20:05:55 -08:00
David Keeler
8662000fad bug 1049969 - add symbols file for the test pkcs11 module so it works on Windows r=jcj
MozReview-Commit-ID: KRaAmd7icd8

--HG--
extra : rebase_source : 2c0f1b8cf055574c01d6a6ef15af4246d00151bc
2016-03-01 17:12:38 -08:00
Cykesiopka
cff547515b Bug 1250256 - Partially clean up nsSDR.cpp. r=keeler
MozReview-Commit-ID: FoS4oTjnd7F

--HG--
extra : transplant_source : %03%85%27T%06%E6%FB%FD%10%2C%F6%D9%92%F7I%60%B0%C1vr
2016-03-01 20:07:53 -08:00
Aniket Vyas
e3710a089b bug 1197314: Remove PR_snprintf calls in security/manager/ssl/ r=keeler
MozReview-Commit-ID: Kq5kWzC1UHU
2016-02-26 15:31:43 -08:00
David Keeler
3a39756220 bug 1250818 - remove certificate issuer organization to common name fallback r=Cykesiopka
Before this change, if a certificate's issuer DN did not have an organization
component, nsIX509Cert.issuerOrganization would fall back to using the issuer
common name. This was never a good idea, because this gave misleading
information to consumers of this interface. Furthermore, it appears that all
consumers of this interface already do such a fallback (for display purposes)
when they've determined that it's a reasonable thing to do.

MozReview-Commit-ID: p2gmSP0nZW

--HG--
extra : rebase_source : 2248ff01e8c0e9a79b27f4406fdc2f0a4ed98360
2016-02-26 13:18:02 -08:00
Cykesiopka
4d0d854bab Bug 1173679 - Add tests for the "security.OCSP.enabled" pref. r=dkeeler
MozReview-Commit-ID: BQurIgVY8os

--HG--
extra : transplant_source : Z%25%16_%EB%0ABe%98%1B%F5%E5%FE%8C%AA%F0%18%90%16%AB
2016-02-28 17:49:06 -08:00
Carsten "Tomcat" Book
7f956c0bfb merge mozilla-inbound to mozilla-central a=merge 2016-02-29 11:35:30 +01:00
Cykesiopka
b9a9010687 Bug 1249595 - Enable 11 more ESLint rules for PSM. r=keeler
MozReview-Commit-ID: FxS9SPRMMxf

--HG--
extra : transplant_source : %18%08%F0%EB%E3%AD%3E%F7%94%80%05%C0%D0P%5Co.%940%7E
2016-02-26 12:35:34 -08:00
Kai Engert
6ca62e9a7f Bug 1245053, Upgrade Mozilla 47 to use NSS 3.23, land RC0, r=me 2016-02-26 11:23:11 +01:00
Tim Taubert
896a7362d7 Bug 1247860 - Enable ChaCha20/Poly1305 cipher suites r=emk,keeler 2016-02-26 12:37:19 +01:00
David Keeler
a1c1defa04 bug 1199850 - remove unnecessary PSM xpcshell extended key usage tests r=Cykesiopka,jcj
MozReview-Commit-ID: 8Uz4bN87872

--HG--
extra : rebase_source : a3021481a40c7e974a3b756021e274beeb7f30d6
2016-02-24 14:20:01 -08:00
Haik Aftandilian
3cdbeb2bd6 Bug 1237847 - [e10s] Null deref crash when running test_pluginstream_newstream.html; r=bobowen
Modify the Mac sandbox to allow temporary files to be created in a
parent-specified subdirectory of NS_OS_TEMP_DIR. This is similar to the
Windows approach. The parent provides a UUID in a preference which is
used by the content process to form the subdirectory name.

MozReview-Commit-ID: 6BONpfZz8ZI

--HG--
extra : rebase_source : ad18e091918356a1a40c13f1453972b4512ad476
2016-02-25 15:26:13 -08:00
Kai Engert
6a5ff52e36 backing out c815269c99c8, bug 1245053, CLOSED TREE 2016-02-25 18:51:37 +01:00
Kai Engert
48201519cb Bug 1245053, test NSS_3_23_BETA7, r=me 2016-02-25 15:35:08 +01:00
Carsten "Tomcat" Book
e232fcd2d4 Merge mozilla-central to mozilla-inbound 2016-02-25 11:59:05 +01:00