nsIX509CertDB::PrivilegedPackageRoot was added in bug 1178518 to support privileged packaged apps for Firefox OS. However, we no longer need to support this use-case.
Differential Revision: https://phabricator.services.mozilla.com/D38655
--HG--
extra : moz-landing-system : lando
This patch removes nsIClientAuthUserDecision and add another output parameter to nsIClientAuthDialogs.chooseCertificate.
Differential Revision: https://phabricator.services.mozilla.com/D38074
--HG--
extra : moz-landing-system : lando
This patch adds a new pref, "security.tls.enable_delegated_credentials",
default false, which controls the NSS option SSL_ENABLE_DELEGATED_CREDENTIALS.
Tests are in D37918.
Differential Revision: https://phabricator.services.mozilla.com/D37907
--HG--
extra : moz-landing-system : lando
When a test crashes, the harness skips all of the remaining tests in the
directory. That means that with crashes skipped, we now try to run a whole lot
more tests than we did before, and a lot of them fail under Fission.
This patch adds annotations to the new failures that show up after part 1.
Differential Revision: https://phabricator.services.mozilla.com/D38726
--HG--
extra : rebase_source : 292157039c88fc615f5de41679e96e72766ac4db
Bug 1543795 configured lmdb to use less memory when opening a database in
read/write mode, so we can remove the workaround code in cert_storage that was
added in bug 1538093 as a way to mitigate the memory usage.
Differential Revision: https://phabricator.services.mozilla.com/D38525
--HG--
extra : moz-landing-system : lando
My preference was to annotate most of the failing tests with `fail-if` so that
if they start passing, the `fail-if` needs to be removed and they need to keep
passing. That doesn't work for tests that timeout, or which trigger failures
from their cleanup functions, however, so those tests need skip-if. And tests
with fail in their cleanup functions likely leave the browser in an
inconsistent state for subsequent tests, anyway, so really should be skipped
regardless.
There are some remaining tests which still fail because of crashes. I chose
not to skip them here, but to fix the crashes in separate bugs instead.
Differential Revision: https://phabricator.services.mozilla.com/D38247
--HG--
extra : rebase_source : 39ba8fec2e882cfe577c5f2b58ab7e4b461f1178
Before the nsNSSCertificateDB::AddCert() function encoded the given DER input into Base64 and then called nsNSSCertificateDB::AddCertFromBase64() to do the remaining work. In nsNSSCertificateDB::AddCertFromBase64() the input was then eventually decoded back into DER.
Now nsNSSCertificateDB::AddCertFromBase64() encodes its input into DER and then calls nsNSSCertificateDB::AddCert() which now does the remaining work without converting between formats.
Differential Revision: https://phabricator.services.mozilla.com/D37738
--HG--
extra : moz-landing-system : lando
As originally implemented, nsISiteSecurityService.removeState allowed direct
access to remove HSTS state. It also provided the implementation for when the
browser encountered an HSTS header with "max-age=0". In bug 775370, it was
updated to store an entry that would override preloaded information when
processing such headers. However, this meant that the semantics of the direct
access API had changed. Preloaded information could be overridden if a user
invoked the "forget about this site" feature. This change fixes the public API
(and renames it to "resetState") so it actually behaves as its consumers expect.
Reviewers: jcj!, KevinJacobs!
Tags: #secure-revision
Bug #: 1564481
Differential Revision: https://phabricator.services.mozilla.com/D38108
--HG--
extra : rebase_source : 8dd5460d3fd3c0ce92746cc83fae220d6e2a83cf
extra : amend_source : 171ebb015e9f9ae775f0caa22e161d41970f3d51
When we migrate SpecialPowers to a JSWindowActor, it will no longer be able to
use synchronous IPC messaging, which means that its current synchronous APIs
will have to become asynchronous.
This patch doesn't change the behavior of those functions, but it does change
their callers to `await` their return values rather than using them directly.
This pattern will work the same whether the functions return a promise or a
plain value, which simplifies the migration.
Differential Revision: https://phabricator.services.mozilla.com/D35053
--HG--
extra : rebase_source : baffba2107b175250573baae3f54d48becbd2a16
extra : source : b4ed40bea2698802ef562a0931c0b560737fb89d
Previously, OneCRL was part of the add-on blocklist system. Now that we use
kinto/remote settings, using AddonTestUtils in test_blocklist_onecrl.js is
unnecessary (and it was exposing a preexisting issue with how CacheObserver uses
prefs).
Differential Revision: https://phabricator.services.mozilla.com/D36377
--HG--
extra : moz-landing-system : lando
Avoid race between off-main-thread loading of roots and flipping the
pref by making sure initialization is done.
Differential Revision: https://phabricator.services.mozilla.com/D36348
--HG--
extra : rebase_source : 56c035d5a8c429f99c8b1dfcfe3e014d8f02a6c0