Commit Graph

3202 Commits

Author SHA1 Message Date
Ryan VanderMeulen
06f5f25641 Merge inbound to m-c. a=merge 2015-01-20 22:12:46 -05:00
ffxbld
e8dfde2d50 No bug, Automated HPKP preload list update from host bld-linux64-spot-1001 - a=hpkp-update 2015-01-20 15:17:19 -08:00
ffxbld
9c7a5b2da8 No bug, Automated HSTS preload list update from host bld-linux64-spot-1001 - a=hsts-update 2015-01-20 15:17:17 -08:00
Nicholas Nethercote
8bd1f6f072 Bug 1123151 (part 2) - Add PLDHashTable::IsInitialized(). r=froydnj.
This encapsulates most of the uses of PLDHashTable::ops.

--HG--
extra : rebase_source : 7760ce8e46a37e87dcfe590e809a21df01fe510f
2015-01-19 16:11:34 -08:00
Nicholas Nethercote
bd573c9b9c Bug 1123151 (part 1) - Set PLDHashTable::ops consistently. r=froydnj.
Currently the setting of PLDHashTable::ops is very haphazard.

- PLDHashTable has no constructor, so it's not auto-nulled, so lots of places
  null it themselves.

- In the fallible PLDHashTable::Init() function, if the entry storage
  allocation fails we'll be left with a table that has |ops| set -- indicating
  it's been initialized -- but has null entry storage. I'm not certain this can
  cause problems but it feels unsafe, and some (but not all) callers of Init()
  null it on failure.

- PLDHashTable does not null |ops| in Finish(), so some (but not all) callers
  do this themselves.

This patch makes things simpler.

- It adds a constructor that zeroes |ops|.

- It modifies Init() so that it only sets |ops| once success is ensured.

- It zeroes |ops| in Finish().

- Finally, it removes all the now-unnecessary |ops| nulling done by the users
  of PLDHashTable.

--HG--
extra : rebase_source : bb34979c218d152562a2f9c7e5215256c111cc5b
2015-01-19 16:01:24 -08:00
David Keeler
bf280b3310 bug 1123374 - fix CertBlocklist initialization when revocations.txt does not exist r=mgoodwin
--HG--
extra : amend_source : a3ee19306e36386f1f71f27ae5ce215c026360fe
2015-01-20 10:18:29 -08:00
Masatoshi Kimura
cb76e55fd8 Bug 1120393 - unittest to ensure nsITransportSecurityInfo.errorCode is correctly serialized. r=keeler 2015-01-16 21:48:38 +09:00
Masatoshi Kimura
0b9afb21b8 Bug 1120393 - Serialize/deserialize nsITransportSecurity.errorCode. r=keeler 2015-01-16 21:48:38 +09:00
Birunthan Mohanathas
2f07a9ef3a Bug 1060696 - Remove NS_INIT_ISUPPORTS. r=froydnj 2015-01-16 07:34:46 +02:00
Nicholas Nethercote
69fe655b04 Bug 1121304 (part 2, attempt 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj.
--HG--
extra : rebase_source : bc119bd0d3b6944e8c5a000950e0c4052cb70aef
2015-01-14 14:35:56 -08:00
Phil Ringnalda
e39f0adeca Backed out 2 changesets (bug 1121304) for consistent b2g hangs in webgl-color-test.html?frame=1&__&preserve&premult&_____
Backed out changeset 20651ac19549 (bug 1121304)
Backed out changeset 758afec77c95 (bug 1121304)
2015-01-14 22:02:23 -08:00
Nicholas Nethercote
e9735966fa Bug 1121304 (part 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj. 2015-01-14 14:35:56 -08:00
Nicholas Nethercote
47221bc7f9 Bug 1120476 (part 4) - Remove PLDHashTableOps::finalize. r=froydnj.
--HG--
extra : rebase_source : b14dda8cdd5cd896d1e32950e38b2a9f7da4d99e
2015-01-13 19:02:35 -08:00
Nicholas Nethercote
c7538c9776 Bug 1120476 (part 3) - Remove PLDHashTable::data. r=froydnj.
--HG--
extra : rebase_source : 24d10af3dbce3ada5252503bc80bb1a4e31bc1c9
2015-01-13 16:42:13 -08:00
Brian Smith
e538f2d921 Bug 1115906, Part 2: Annotate classes and member functions with override and final, r=keeler
--HG--
extra : rebase_source : 79bb236bef83ed3e884d73e029ac29a5aa999840
extra : source : d14d86bcebd38be80d00a263c3145eb0dbcc53cd
2015-01-13 16:54:10 -08:00
Brian Smith
825d71887a Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler
--HG--
rename : security/pkix/include/pkix/nullptr.h => security/pkix/include/pkix/stdkeywords.h
extra : rebase_source : 9cacd9729ac4cfb1e4bf920c8afdffb831b60d36
extra : source : f673d05dfc9a6d830e5e3c01976b41588cc70ead
2015-01-07 14:53:11 -08:00
Mike Hommey
128c4e6069 Bug 1120937 - Properly initialize the session field from C_OpenSession in the PKCS#11 test module. r=dkeeler 2015-01-14 15:18:50 +09:00
Cykesiopka
0b1422c813 Bug 1120098 - Re-enable test_ocsp_timeout.js on Windows. r=dkeeler 2015-01-10 08:41:00 +01:00
Steve Singer
ed3b64fce0 Bug 1120125 - Fix compile error on big endian platforms. r=keeler 2015-01-10 14:31:00 +01:00
David Keeler
762d9b52df bug 1065909 - canonicalize hostnames in nsSiteSecurityService and PublicKeyPinningService r=mmc 2015-01-09 09:46:05 -08:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
ea0e5ac119 Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 06:08:00 +01:00
Ehsan Akhgari
4354953b4f Bug 1118486 - Part 1: Use = delete instead of MOZ_DELETE directly; r=Waldo
Most of this patch (with the exception of dom/bindings/Codegen.py) was
generated by the following bash script:

#!/bin/bash

function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
       ! -wholename "*security/nss*" \
       ! -wholename "*/.hg*" \
       ! -wholename "*/.git*" \
       ! -wholename "obj-*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_DELETE '= delete'
2015-01-08 23:19:05 -05:00
David Keeler
e7d2f9cd12 bug 1101194 - follow-up to fix bustage in TestCertDB r=bustage on a CLOSED TREE
Turns out there was a code path that resulted in attempting to acquire a lock
on the DataStorage mutex when one had already been acquired, resulting in
deadlock. This fixes it.
2015-01-08 10:56:07 -08:00
David Keeler
d11cf2ca74 bug 1101194 - add telemetry for DataStorage table size r=mgoodwin 2015-01-07 13:23:07 -08:00
Cykesiopka
d98fab56db Bug 989485 - Split test_cert_eku.js into multiple files to avoid time outs. r=keeler 2015-01-08 01:15:00 -05:00
Michael Pruett
411a94b05a Bug 1118024 - Use new PL_DHashTable{Add,Lookup,Remove} functions. r=nfroyd 2015-01-05 20:27:28 -06:00
David Keeler
b29b970426 bug 1114741 - have nsRandomGenerator guard against NSS shutdown r=jcj
nsRandomGenerator uses NSS resources but does not prevent against NSS shutting
down while doing so. To fix this, nsRandomGenerator must implement
nsNSSShutDownObject.
2015-01-05 16:11:26 -08:00
Ehsan Akhgari
665cc5846c Bug 1116559 - Remove the code to handle shutdown-cleanse from the cert override service code; r=keeler
shutdown-cleanse has not been a thing for quite a while.
2015-01-05 21:01:27 -05:00
Andrew Bartlett
1b02f46484 Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
NTLMv2 is the default.

This adds a new preference:
network.ntlm.force-generic-ntlm-v1

This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.

To support this, we also:
 - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"

 - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"

 - Remove LM code from internal NTLM handler

   The LM response should essentially never be sent, the last practical
   use case was CIFS connections to Windows 9X, I have never seen a web
   server that could only do LM

   It is removed before the NTLMv2 work is done so as to avoid having 3
   possible states here (LM, NTLM, NTLMv2) to control via preferences.

Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-22 15:55:00 -05:00
Phil Ringnalda
9f997b2894 Merge m-i to m-c, a=merge 2015-01-03 20:02:33 -08:00
ffxbld
cb0e685792 No bug, Automated HPKP preload list update from host bld-linux64-spot-100 - a=hpkp-update 2015-01-03 03:20:27 -08:00
ffxbld
c84a6316bf No bug, Automated HSTS preload list update from host bld-linux64-spot-100 - a=hsts-update 2015-01-03 03:20:25 -08:00
David Erceg
848f74a40d Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler 2014-12-22 20:26:49 +11:00
Ehsan Akhgari
580310c5b8 Bug 1115076 - Wait for about:privatebrowsing to load in test_sts_privatebrowsing_perwindowpb.html; r=jdm 2014-12-31 09:32:03 -05:00
Ehsan Akhgari
5f97b938f2 Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith 2015-01-02 09:02:04 -05:00
ffxbld
5f30b892c8 No bug, Automated HPKP preload list update from host b-linux64-ix-0002 - a=hpkp-update 2014-12-27 03:21:29 -08:00
ffxbld
3739aa349f No bug, Automated HSTS preload list update from host b-linux64-ix-0002 - a=hsts-update 2014-12-27 03:21:25 -08:00
Tom Schuster
057c4c5a8e Bug 1110835 - Simplify some code nsSecureBrowserUIImpl around UpdateSecurityState. r=keeler 2014-12-25 21:31:11 +01:00
Masatoshi Kimura
a325bfdb20 Bug 1114295 - Remove the dead pref for TLS_DHE_DSS_WITH_AES_128_CBC_SHA. r=keeler 2014-12-24 22:21:12 +09:00
Tom Schuster
b45a1a0c90 Bug 764496 - Make EV detection work in content processes. r=keeler,kanru 2014-12-24 14:04:24 +01:00
Carsten "Tomcat" Book
c3edf3a511 Backed out changeset 8fd0df8e208c (bug 423758) for bustage 2014-12-22 09:05:34 +01:00
Andrew Bartlett
d741102951 Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
NTLMv2 is the default.

This adds a new preference:
network.ntlm.force-generic-ntlm-v1

This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.

To support this, we also:
 - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"

 - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"

 - Remove LM code from internal NTLM handler

   The LM response should essentially never be sent, the last practical
   use case was CIFS connections to Windows 9X, I have never seen a web
   server that could only do LM

   It is removed before the NTLMv2 work is done so as to avoid having 3
   possible states here (LM, NTLM, NTLMv2) to control via preferences.

Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-18 17:25:00 +01:00
Phil Ringnalda
79b6885780 Merge m-c to m-i
--HG--
extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e
2014-12-20 12:19:27 -08:00
ffxbld
6d9b691066 No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update 2014-12-20 03:20:57 -08:00
ffxbld
02fdacaf29 No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update 2014-12-20 03:20:56 -08:00
Michael Wu
301128304a Bug 1103816 - Add support for gonk-L to android_stub.h, r=glandium 2014-12-16 21:35:09 -05:00
Blake Kaplan
83b87ab7f1 Bug 1113313 - Rename these functions to better reflect what they do. r=billm
--HG--
extra : rebase_source : ae61b3dd6dd5ce50a131a640060d7be57e562e4d
2014-12-19 12:07:04 -05:00
Brian Smith
932b9471a2 Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler
--HG--
extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea
2014-12-15 20:49:42 -08:00
Brian Smith
510bbfd05d Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab
2014-12-04 20:55:15 -08:00
Brian Smith
beff7d1c02 Bug 1111397, Part 2: Remove test_bug484111.html, r=keeler
--HG--
extra : rebase_source : 56617ea82e9028295203173d1ea5e6ccfdbf9722
2014-12-14 21:51:26 -08:00