Commit Graph

9781 Commits

Author SHA1 Message Date
Cykesiopka
0d6549c972 Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. r=keeler
--HG--
extra : transplant_source : %90%28%11%DB%E53%93%7C%F2%D6%5Ek%CC%DC%BE%FAe%F2%896
2015-08-24 22:53:42 -07:00
Makoto Kato
7073895edf Bug 1196403 - Apply crbug/522201 to support Windows 10 build 10525. r=bobowen 2015-08-25 19:21:08 +09:00
Xidorn Quan
dbaa85ce62 Bug 1188468 - Allow script to force updating a generated file even if the file is actually not changed. r=gps
--HG--
extra : source : 47b56f2495030d77c446215d8822c31fc32f23b7
2015-08-25 10:07:43 +10:00
David Keeler
2ee5d006b7 bug 1194013 - convert test_name_constraints.js to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-11 16:40:38 -07:00
Ryan VanderMeulen
5b75ad5195 Merge inbound to m-c. a=merge 2015-08-23 17:18:36 -04:00
Fabrice Desré
3a47f061c9 Bug 1196988 - Remove THA support. r=gwagner 2015-08-21 10:00:54 -07:00
Jonathan Griffin
369ec3ac0f Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester
--HG--
extra : commitid : 6kGKslC9h14
2015-08-18 11:26:14 -07:00
Kai Engert
641cf3a3ad Bug 1194135, set NSS version to final 3.20 tag, no code change, DONTBUILD 2015-08-19 18:41:53 +02:00
Wes Kocher
fe6faf7d6b Backed out changeset 688775a8227f (bug 1136892) for mass bustage prompting a CLOSED TREE 2015-08-18 11:58:05 -07:00
Christoph Kerschbaumer
10a7d6a5b9 Bug 1195606 - Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking) 2015-08-18 09:54:09 -07:00
Mark Goodwin
f2b116c0d6 Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler) 2015-08-21 15:14:08 +01:00
Mike Hommey
7da4ee35ba Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith 2015-08-21 15:27:22 +09:00
Mike Hommey
b85471d7e8 Backout changesets af1b36497559 and 1d52ab626597 (bug 1189891) for pkix bustage 2015-08-21 15:05:38 +09:00
Mike Hommey
067b45951a Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith 2015-08-21 14:29:19 +09:00
Ben Hearsum
c51baf3ae9 bug 1116409: switch update server to sha2 cert; update in-tree pinning. r=rstrong,snorp,mfinkle,dkeeler 2015-08-20 17:50:51 -04:00
Cykesiopka
b4174da7d8 Bug 1195615 - Log a web console warning when a HPKP header is ignored due to a non-built in root cert. r=keeler 2015-08-20 14:33:29 -07:00
Jonathan Griffin
dde975f7a0 Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester
--HG--
extra : commitid : FN6nc0Yis2o
2015-08-18 11:26:14 -07:00
Arnaud Bienner
2755fa9a57 Bug 1190086 - Use new String::Contains(char) method more widely r=froydnj
--HG--
extra : rebase_source : 81df1495200d3734ea1c4c13818ae764a445f4b3
2015-08-14 00:49:15 +02:00
David Keeler
23a9820f27 bug 1190603 - rename prime256v1 to secp256r1 in test_keysize.js to reduce confusion r=Cykesiopka
OpenSSL refers to the curve in question as 'prime256v1', but rfc 5480,
mozilla::pkix, and the test framework refer to it as secp256r1, so we
should be consistent.

--HG--
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
2015-08-05 13:39:11 -07:00
David Keeler
70897766ec bug 1190603 - convert test_keysize.js to generate certificates at build time r=Cykesiopka 2015-08-03 17:02:58 -07:00
Aryeh Gregor
ff2ceb15ed Bug 1193298 - Part 2: Use .get() to convert from RefPtr to raw pointer. r=froydnj 2015-08-11 06:45:00 -04:00
Jed Davis
b7a032eb04 Bug 1004011 - Support SECCOMP_FILTER_FLAG_TSYNC if available. r=kang
--HG--
extra : rebase_source : 32be610d889fedb518e062a4a416331be21378d3
2015-08-11 16:30:00 -04:00
Tanvi Vyas
7b0ea8ee04 Bug 1182551 - Updating nsSecureBrowserUIImpl so that insecure pages with mixed content iframes don't get marked as broken. r=keeler 2015-08-13 17:13:48 -07:00
Kai Engert
531a2c1719 Bug 1194135, Update Mozilla to NSS 3.20, r=mt 2015-08-13 11:31:23 +02:00
Nathan Froyd
8f318ea950 Bug 1193021 - clean up reference-counting in security/; r=keeler 2015-07-01 13:10:53 -04:00
David Keeler
7ce068b7e9 bug 1190532 - change default key specification from implicit to explicit in pycert.py r=Cykesiopka
Previously using an empty string would result in pycert.py returning the
default shared RSA key. This resulted in empty keyspec files being added
to the tree, which was confusing. This should end the confusion by making
the key specification process explicit rather than implicit.
2015-08-06 11:35:40 -07:00
David Keeler
948094db6e bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin 2015-07-30 10:20:52 -07:00
Kai Engert
8238eb63a4 Bug 1190794, land final NSS_3_19_3_RTM tag, no code change, DONTBUILD 2015-08-07 20:19:06 +02:00
Makoto Kato
c3c571a9ee Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler 2015-08-07 13:41:49 +09:00
Cykesiopka
d9d018971e Bug 1164609 - Remove EV treatment for expired Buypass Class 3 CA 1 root certificate. r=keeler
--HG--
extra : rebase_source : 65e2c8746098d8fb2cd5347b557c23a3832d435a
2015-08-07 00:21:00 +02:00
Carsten "Tomcat" Book
fca5cdc8bc Backed out changeset 9618f92995ab (bug 1166323) for linux x64 test bustage on a CLOSED TREE 2015-08-07 07:24:40 +02:00
Makoto Kato
6fb6d7a35c Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler 2015-08-07 13:41:49 +09:00
Carsten "Tomcat" Book
ba03e3c181 Backed out 2 changesets (bug 1016555, bug 1189427) for making Android 4.3 API11+ debug X3 perma fail in test_ev_certs.js
Backed out changeset ebd4e3880403 (bug 1189427)
Backed out changeset 331e489c7534 (bug 1016555)
2015-08-06 11:51:27 +02:00
Cykesiopka
d93ee984a0 Bug 1124649 - Part 1 - Add specific error messages for various types of STS and PKP header failures. r=keeler,hurley
--HG--
extra : rebase_source : 8210ed5f89cec8c42d5a78b9101f1c54d91e04c6
2015-08-05 07:51:00 +02:00
David Keeler
ae2c1351bc bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin 2015-07-30 10:20:52 -07:00
Birunthan Mohanathas
7315345693 Bug 1191100 - Remove XPIDL signature comments in .cpp files. r=ehsan
Comment-only so DONTBUILD.
2015-08-04 16:17:36 -07:00
Kai Engert
80c4460491 Bug 1190794, Update to NSS 3.19.3 to pick up ca-certificates v 2.5, landing NSS_3_19_3_RC0, r=kwilson 2015-08-04 22:37:05 +02:00
David Keeler
59ef11f506 bug 1188100 - fold PSM's test_client_cert.js into necko's test_tls_server.js r=mcmanus
--HG--
rename : security/manager/ssl/tests/unit/test_client_cert/cert_dialog.js => netwerk/test/unit/client_cert_chooser.js
rename : security/manager/ssl/tests/unit/test_client_cert/cert_dialog.manifest => netwerk/test/unit/client_cert_chooser.manifest
extra : amend_source : 249efd8e1bc537cf14b3199865df18b8aba62d10
2015-07-29 14:27:54 -07:00
Carsten "Tomcat" Book
49d83b3b7d Merge mozilla-central to mozilla-inbound 2015-08-03 15:45:57 +02:00
Carsten "Tomcat" Book
6b441cd90a merge mozilla-inbound to mozilla-central a=merge 2015-08-03 13:56:39 +02:00
Makoto Kato
50e851b877 Bug 830801 - Part 2. Remove NOMINMAX define from moz.build. r=mshal 2015-08-03 10:07:09 +09:00
ffxbld
abb4d538ee No bug, Automated HPKP preload list update from host bld-linux64-spot-317 - a=hpkp-update 2015-08-01 03:34:19 -07:00
ffxbld
ae7af3ea3c No bug, Automated HSTS preload list update from host bld-linux64-spot-317 - a=hsts-update 2015-08-01 03:34:17 -07:00
ffxbld
b44231402a No bug, Automated HPKP preload list update from host bld-linux64-spot-010 - a=hpkp-update 2015-07-30 13:51:28 -07:00
ffxbld
eb03434709 No bug, Automated HSTS preload list update from host bld-linux64-spot-010 - a=hsts-update 2015-07-30 13:51:26 -07:00
Cykesiopka
8a9392bf5e Bug 1189166 - Cleanup some PSM test generation files post Bug 1181823. r=dkeeler
--HG--
extra : rebase_source : 4f0310323c3e7ac7e9e8c453d41aa0ef9cbd910a
2015-07-29 23:56:33 -07:00
Bob Owen
77826e3c4a Bug 1171796: Add sandbox rule for child process NSPR log file on Windows. r=bbondy
This also moves the initialization of the sandbox TargetServices to earlier in
plugin-container.cpp content_process_main, because it needs to happen before
xul.dll loads.
2015-07-30 10:04:42 +01:00
David Keeler
b49becac5d bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin 2015-06-17 16:02:08 -07:00
Bobby Holley
97b9240b34 Bug 1188696 - Hoist nsRefPtr.h into MFBT. r=froydnj 2015-07-29 10:44:59 -07:00
Douglas Bagnall
5cea0a9df6 Bug 1046421 - Do not disclose the system hostname via NTLM handler. r=honzab
The hostname here is matched on the AD DC to the userWorkstations
attribute, however this is on a total trust basis in terms of what the
client specifies here.

The impact of this patch is that a user who is restricted by this
attribute to log on to only certain (Windows, in reality)
workstations, may not be able to perform a manual NTLM logon to an
intranet site, unless they set network.generic-ntlm-auth.workstation
to the name of their workstation (actually, any host in that list).

The default value is set to WORKSTATION.

This patch was originally written by Andrew Bartlett, and modified by
Douglas Bagnall following review feedback from Honza Bambas and Tim
Brown.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2015-07-24 13:36:11 +12:00