Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-06 00:55:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
484,183 Commits 615 Branches 98 Tags 5.9 GiB
bb4033a27b
Commit Graph

62 Commits

Author SHA1 Message Date
Sergei Chernov
edb1f658f6 Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler 
MozReview-Commit-ID: HZwzSgxarTw

--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
 2016-06-15 11:11:00 +03:00
Cykesiopka
6b12fc8650 Bug 1271501 - Use mozilla::BitwiseCast instead of reinterpret_cast in PSM. r=keeler 
mozilla::BitwiseCast does the same thing, but provides static asserts that
mitigate some of the risk of using reinterpret_cast.

MozReview-Commit-ID: ENQ8QC6Nl9o

--HG--
extra : rebase_source : c1725c8363c0f7f9877601de5ab5f152ef4d0439
 2016-05-18 21:20:56 -07:00
David Keeler
c17f3a2733 bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj 
MozReview-Commit-ID: 88JhIU1pUji

--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
 2016-05-05 16:11:11 -07:00
Cykesiopka
128f004a1f Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler 
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes CERTCertList parameters of various functions to make ownership more
explicit.

MozReview-Commit-ID: EXqxTK6inqy

--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
 2016-05-05 14:56:36 -07:00
Cykesiopka
372fe1a598 Bug 1260643 - Convert most uses of ScopedCERTCertificate in PSM to UniqueCERTCertificate. r=keeler 
MozReview-Commit-ID: JnjoUd7d2M0

--HG--
extra : transplant_source : %99x%B6%F5%09%97%E6%60%B6%3C%3C%C2%D5vt%27%0C-%96%1B
 2016-04-20 01:14:22 -07:00
sajitk
25babf4ea8 Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
Wes Kocher
a40af4aa59 Backed out changeset 7ec471c99263 (bug 1219482) to hopefully fix the intermittent hazard failures CLOSED TREE 
--HG--
extra : commitid : B8zmd9Xadpz
 2016-01-29 10:15:34 -08:00
sajitk
1b0525a9d3 Bug 1219482 - Replace PRLogModuleInfo with LazyLogModule in security subdirectory. r=froydnj 
--HG--
extra : rebase_source : 7aed4d8669dccd1270a88a0cacfa254e3b9f5950
 2016-01-28 10:36:00 -05:00
Nathan Froyd
2c2f66f499 Bug 1232454 - use UniquePtr<T[]> instead of nsAutoArrayPtr<T> in security/apps/; r=keeler 
As a nice side effect, we also fix a (rare) memory leak in
AppTrustDomain::SetTrustedRoot.
 2015-12-06 08:06:03 -05:00
Jonathan Hao
3d02a2da65 Bug 1216469 - Bypass verification for signed packages from trust origins. r=valentin 2015-10-22 17:09:44 +08:00
Jonathan Hao
e4b1f62b85 Bug 1178448 - Use imported CA in developer mode. r=keeler,valentin 2015-10-08 17:08:45 +08:00
Jonathan Hao
e2da61623b Bug 1178518 - Add an AppTrustedRoot for signed packaged app. r=keeler 2015-09-07 15:28:21 +08:00
Richard Barnes
990593f9cf Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler 2015-09-11 14:52:30 -04:00
Fabrice Desré
3a47f061c9 Bug 1196988 - Remove THA support. r=gwagner 2015-08-21 10:00:54 -07:00
Mark Goodwin
91782dab68 Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler) 2015-07-09 07:22:29 +01:00
Cykesiopka
0a9aea4ab2 Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler 
--HG--
extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256
 2015-06-29 22:19:00 +02:00
David Keeler
4e7fc3055e bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes 2015-04-06 16:10:28 -07:00
Eric Rahm
4eceb82c1f Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj 
PR_LOGGING is now always defined, we can remove #ifdefs checking for it.
 2015-05-08 14:36:33 -07:00
Dave Townsend
7b5d12ad46 Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz 
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
 2015-03-31 11:32:40 -07:00
Carsten "Tomcat" Book
30b01a14e8 Backed out changeset f99621542727 (bug 1038068) for test failures in test_corrupt.js etc on a CLOSED TREE 2015-04-23 09:09:30 +02:00
Dave Townsend
2fb50ac667 Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz 
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
extra : amend_source : 4aa3ae86e2afc75529e880ab962c67163405248b
 2015-03-31 11:32:40 -07:00
Wes Kocher
9adc1fecb8 Backed out changeset 3b48e1a81a17 (bug 1038068) for xpcshell orange even after a clobbering IGNORE IDL 
--HG--
extra : amend_source : 086173e953ae46aa2292993601380ab04884b1ac
 2015-04-21 18:21:52 -07:00
Dave Townsend
f4b5328e0d Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). IGNORE IDL. r=dveditz 
--HG--
extra : rebase_source : a48282c6b3f10391e9492d4f0a89cef8697ea622
extra : amend_source : 17c0645d0577dad789b2d9b4879459327fcef1f7
 2015-03-31 11:32:40 -07:00
Cykesiopka
171babfad4 Bug 1139177 - RSA public key size checking cleanups. r=keeler 2015-03-05 16:41:00 +01:00
Brian Smith
06b7804e70 Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler 
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
 2015-02-14 16:59:02 -08:00
Brian Smith
a89b90ea7f Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler 
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
 2015-02-07 12:14:31 -08:00
Brian Smith
b0f87b9b6c Bug 1122841, Part 2: Centralize checking of public key, r=keeler 
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
 2015-02-02 16:17:08 -08:00
Brian Smith
f118650ad8 Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj 
--HG--
extra : rebase_source : b11b172fac76c7845d2a97cabf1bad9e04a50367
 2014-12-23 14:51:52 -08:00
Cykesiopka
1c4af4e6a1 Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith 2014-10-18 15:18:00 +02:00
Carsten "Tomcat" Book
e5ad1e7db2 Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests 2014-10-17 13:14:29 +02:00
Cykesiopka
01941f880c Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith 2014-10-16 05:13:00 +02:00
Eric Rahm
8d715a7fe4 Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan 2014-10-08 13:17:32 -07:00
Wes Kocher
445e1466e9 Backed out 5 changesets (bug 806819) for WinXP test failures on a CLOSED TREE 
Backed out changeset 009ae35b0c67 (bug 806819)
Backed out changeset 5a57f87f5061 (bug 806819)
Backed out changeset f06cd735b5b3 (bug 806819)
Backed out changeset e25a2a8d4af4 (bug 806819)
Backed out changeset 70a167982c3f (bug 806819)
 2014-10-06 16:32:50 -07:00
Eric Rahm
80d2b8bba6 Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan 
--HG--
extra : rebase_source : c96eea1c12ea8c19314393f0e8b4b57a4316a61d
 2014-10-06 13:08:20 -07:00
David Keeler
fd860abf57 bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco 2014-09-25 11:18:56 -07:00
Vlatko Markovic
8818f4947f Bug 1059216 - Verification of Trusted Hosted Apps manifest signature, part 1. r=dkeeler,rlb 2014-09-22 07:58:59 -07:00
Ehsan Akhgari
7257b2f870 Bug 579517 follow-up: Remove NSPR types that crept in 2014-08-08 08:39:07 -04:00
Brian Smith
0ccaf0860c Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler 
--HG--
extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2
 2014-08-02 08:49:12 -07:00
Brian Smith
de725ae5ef Bug 1047792: Rely on mozilla::pkix to filter out expired certs instead of CERT_CreateSubjectCertList, r=keeler 
--HG--
extra : rebase_source : 5182147037b69f0ac3c3cd060d6e2af71bfde2e7
 2014-08-01 23:16:21 -07:00
Brian Smith
d77dac0580 Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler 
--HG--
extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478
 2014-07-31 12:17:31 -07:00
Brian Smith
ffe743ee06 Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c
 2014-07-18 22:30:51 -07:00
Brian Smith
5f56fc60d6 Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco 
--HG--
extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4
 2014-07-20 11:06:26 -07:00
Brian Smith
c45dc156d1 Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler 
--HG--
extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532
 2014-07-18 11:48:49 -07:00
Marco Castelluccio
3236b9594b Bug 1021345 - Allow apps to be installed from the Marketplace staging server. r=fabrice 2014-07-23 13:20:25 +02:00
Cykesiopka
0289b45f0c Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith 2014-07-15 19:49:00 -04:00
Brian Smith
17375cc8b3 Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : dd8dc1243ea2e37955a15f2481e1c452311e90d8
extra : histedit_source : adc1a2035d41c608d3f0ebe14bba159b2857502d
 2014-07-06 19:36:05 -07:00
Brian Smith
c162caba82 Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad
extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb
 2014-07-10 19:00:32 -07:00
Brian Smith
b14f27897b Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco 
--HG--
extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc
 2014-07-10 22:38:59 -07:00
Brian Smith
3f110246be Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc
extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605
 2014-07-06 15:55:38 -07:00
Brian Smith
f5ec8594e7 Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler 
--HG--
extra : rebase_source : e8c734ecb2de2c52dd8909c8b48f4bdb09d0128e
 2014-07-02 16:15:16 -07:00