Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-08 12:37:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
398,825 Commits 615 Branches 98 Tags 5.9 GiB
d5da3d58da
Commit Graph

9156 Commits

Author SHA1 Message Date
ffxbld
5f30b892c8 No bug, Automated HPKP preload list update from host b-linux64-ix-0002 - a=hpkp-update 2014-12-27 03:21:29 -08:00
ffxbld
3739aa349f No bug, Automated HSTS preload list update from host b-linux64-ix-0002 - a=hsts-update 2014-12-27 03:21:25 -08:00
Kaspar Brand
3fdb27bb49 Bug 1112487 - The signing certificates with key usage only non-repudiation is taken as invalid for signing. r=keeler 2014-12-17 21:31:00 -05:00
Tom Schuster
057c4c5a8e Bug 1110835 - Simplify some code nsSecureBrowserUIImpl around UpdateSecurityState. r=keeler 2014-12-25 21:31:11 +01:00
Masatoshi Kimura
a325bfdb20 Bug 1114295 - Remove the dead pref for TLS_DHE_DSS_WITH_AES_128_CBC_SHA. r=keeler 2014-12-24 22:21:12 +09:00
Tom Schuster
b45a1a0c90 Bug 764496 - Make EV detection work in content processes. r=keeler,kanru 2014-12-24 14:04:24 +01:00
Brian Smith
c5b4fd868c Bug 1115181: Remove pkixnss.h dependency from pkixcert_signature_algorithm_tests, r=keeler 
--HG--
extra : rebase_source : 2a4e11338b06d33ab8ad1536dc05c082db330d68
 2014-12-23 14:51:16 -08:00
Brian Smith
63c92c06cd Bug 1070444: Remove NSS dependencies in pkixbuild_tests.cpp, r=keeler 
--HG--
extra : rebase_source : f07e38d40f1644cce30191f5d8ab29ac06582683
 2014-12-22 01:20:59 -08:00
Brian Smith
899807654a Bug 1114701: Replace function pointers with function references, r=keeler 
--HG--
extra : rebase_source : 350e7f8170f6b1176e46b829026e9ee27b3303e5
 2014-12-23 12:43:25 -08:00
Daniel Holbert
3aec4f3024 Bug 1114671: Use function pointer (instead of reference) in pkix/bind.h, for consistency & to fix -Wignored-qualifiers build warning for 'const'. r=briansmith 2014-12-22 13:04:36 -08:00
Brian Smith
99245555c6 Bug 1107666, Part 2: Further fix for SSL_OCSP_STAPLING telemetry, r=keeler 
--HG--
extra : rebase_source : b2dbbd4eaa8aea019b40eddfc19fb8af20ef3a4c
 2014-12-20 07:03:57 -08:00
Carsten "Tomcat" Book
c3edf3a511 Backed out changeset 8fd0df8e208c (bug 423758) for bustage 2014-12-22 09:05:34 +01:00
J.C. Jones
b47d94a0c8 Bug 968451 - Document the exported functions exposed from mozilla::pkix (pkix/pkix.h). r=keeler 2014-12-19 12:25:00 +01:00
Andrew Bartlett
d741102951 Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler 
NTLMv2 is the default.

This adds a new preference:
network.ntlm.force-generic-ntlm-v1

This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.

To support this, we also:
 - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"

 - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"

 - Remove LM code from internal NTLM handler

   The LM response should essentially never be sent, the last practical
   use case was CIFS connections to Windows 9X, I have never seen a web
   server that could only do LM

   It is removed before the NTLMv2 work is done so as to avoid having 3
   possible states here (LM, NTLM, NTLMv2) to control via preferences.

Developed with Garming Sam <garming@catalyst.net.nz>
 2014-12-18 17:25:00 +01:00
Phil Ringnalda
79b6885780 Merge m-c to m-i 
--HG--
extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e
 2014-12-20 12:19:27 -08:00
ffxbld
6d9b691066 No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update 2014-12-20 03:20:57 -08:00
ffxbld
02fdacaf29 No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update 2014-12-20 03:20:56 -08:00
Michael Wu
301128304a Bug 1103816 - Add support for gonk-L to android_stub.h, r=glandium 2014-12-16 21:35:09 -05:00
Blake Kaplan
83b87ab7f1 Bug 1113313 - Rename these functions to better reflect what they do. r=billm 
--HG--
extra : rebase_source : ae61b3dd6dd5ce50a131a640060d7be57e562e4d
 2014-12-19 12:07:04 -05:00
Brian Smith
932b9471a2 Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler 
--HG--
extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea
 2014-12-15 20:49:42 -08:00
Brian Smith
510bbfd05d Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab
 2014-12-04 20:55:15 -08:00
Brian Smith
1543a46c03 Bug 1111399, Part 2: Implement RFC822 (email) name constraints, r=keeler 
--HG--
extra : rebase_source : 5905e247eee4d3562d741e6e9656dc4c40d821e4
 2014-12-20 08:15:35 -08:00
Brian Smith
c61befa56f Bug 1111399, Part 1: Preconditions for RFC822 name constraints, r=keeler 
--HG--
extra : rebase_source : cd20b448a6c77ba27c86cb3d8e6c121f92a2ba93
 2014-12-20 07:35:44 -08:00
Brian Smith
e0efc82826 Bug 1111398: Rename ValidDNSIDMatchType to IDRole, r=keeler 
--HG--
extra : rebase_source : a07e58b82a61db595711c0ab887bec70d4145888
 2014-12-13 22:29:58 -08:00
Brian Smith
beff7d1c02 Bug 1111397, Part 2: Remove test_bug484111.html, r=keeler 
--HG--
extra : rebase_source : 56617ea82e9028295203173d1ea5e6ccfdbf9722
 2014-12-14 21:51:26 -08:00
Brian Smith
87719d0a59 Bug 1111397: Refactor error handling for name matching, r=keeler 
--HG--
extra : rebase_source : 7b1061874d7b6e02a158085c3a6580a7fc718bbe
 2014-12-13 17:05:46 -08:00
Ryan VanderMeulen
90f31ccf52 Merge inbound to m-c. a=merge 
CLOSED TREE
 2014-12-17 20:53:20 -05:00
Brian Smith
123a9716ca Bug 952863, Part 2: Remove dead code for non-ECDHE TLS False Start, r=keeler 
--HG--
extra : rebase_source : 47ee95682f769b8e10aaf55b0f4fccfef1fcdea0
 2014-12-10 10:13:18 -08:00
Nathan Froyd
0c4895658a Bug 1112608 - use GENERATED_INCLUDES in security/manager/{boot,pki}/src/; r=mshal 
The sole use of Makefile.in in the security/manager/{boot,pki}/src/
directories is so we can add $(DIST)/public/nss to INCLUDES.
GENERATED_INCLUDES can be used to handle this case instead, at the cost
of hardcoding the path to $(DIST).  This seems reasonable enough, since
a number of moz.build files already know about dist/ and its location
within the objdir.
 2014-12-17 11:02:19 -05:00
Kai-Zhen Li
b2ba6d9ceb bug 1102277 - Update seccomp filter for newer bionic. r=jld 2014-11-21 01:07:15 +08:00
Brian Smith
72643b84e6 Bug 1111392: Add tests for malformed name constraints where there are no names of the constrained type, r=keeler 
--HG--
extra : rebase_source : 048619553c7725eee1cb73df64faae8c8890c995
 2014-10-30 16:48:31 -07:00
Brian Smith
9725dd6a70 Bug 952863, Part 1: Require ECDHE for TLS False Start, r=keeler 
--HG--
extra : rebase_source : d983e440de5be7c097a3e0f4afe0de805c540919
 2014-12-12 11:39:01 -08:00
Masatoshi Kimura
ab4b12e208 Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus 2014-12-13 20:09:01 +09:00
Brian Smith
7a433f6905 Bug 1084025, Part 3: Clean up some bits, r=keeler, r=emk 
--HG--
extra : rebase_source : 7aa1de4e9c391bf3e3cd5df79c62fff4546a8c67
 2014-12-12 16:42:41 -08:00
Brian Smith
0cd5238974 Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler 
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
 2014-12-11 23:22:35 -08:00
David Keeler
c3ba2c1217 bug 1108408 - GeneralName types such as otherName where the value is a SEQUENCE should have the CONSTRUCTED bit set r=briansmith 2014-12-08 13:39:19 -08:00
Monica Chew
63de38c180 Bug 1101969: Disable pinning on media.mozilla.com (r=keeler) 2014-12-12 09:10:57 -08:00
Monica Chew
04d69a9f5b Bug 1004781: Enable pinning for facebook in production mode (r=keeler) 2014-12-12 09:10:53 -08:00
Brian Smith
7f05080219 Bug 940787: Stop requiring ALPN/NPN for False Start, r=keeler 
--HG--
extra : rebase_source : f8946e1fc631f2458807a559104a1dca01f444ac
 2014-12-10 10:50:48 -08:00
Brian Smith
cc0b0eeed3 Bug 1109766: Require AES-GCM for TLS False Start, r=keeler 
--HG--
extra : rebase_source : 8370c628863e644131ed1fbe6b8e49b5dc1215dc
 2014-12-10 10:19:00 -08:00
Brian Smith
9c1c9d03e6 Bug 861310: Require TLS 1.2 for TLS False Start, r=keeler 
--HG--
extra : rebase_source : d4bb253a84270c84acdf7ed4f84bc0186231e521
 2014-12-10 10:04:45 -08:00
Cykesiopka
9cae71d8a9 Bug 1109252 - Make remaining PSM test cert generation scripts print out cert information as necessary. r=keeler 2014-12-10 21:32:00 +01:00
Jed Davis
344f6abf7b Bug 1093334 - Delete unnecessary copies of Chromium headers in security/sandbox/linux. r=kang 2014-12-10 17:26:12 -08:00
Jed Davis
c2384cf7c7 Bug 1093334 - Adjust includes of Linux sandboxing headers from Chromium. r=kang 
Also re-sorts some of the includes into something closer to the style guide.
 2014-12-10 17:26:12 -08:00
Jed Davis
30e88baa98 Bug 1093334 - Import more headers from Chromium rev 9522fad406dd161400daa518075828e47bd47f60. r=kang 2014-12-10 17:26:12 -08:00
Jed Davis
30ba635db0 Bug 1102209 - Remove use of CodeGen::JoinInstructions in the Linux sandboxing code. r=kang 
This reorganizes SandboxAssembler to stack up the policy rules and
traverse them in reverse order to build the filter DAG from tail to head
(i.e., starting with "deny all" and prepending allow and return-errno
rules).  Thus, this code will continue to work (perhaps with minor
changes, such as to the NodePtr typedef) with future versions of the
Chromium sandbox code that don't allow mutating the filter program with
the JoinInstructions method.
 2014-12-10 17:26:12 -08:00
Jed Davis
114cf4fb41 Bug 1108759 - Fix B2G no-optimization builds. r=glandium 2014-12-10 16:17:47 -08:00
Cykesiopka
7e1828ba3d Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler 2014-12-09 12:07:00 -05:00
Cykesiopka
6df9a55b46 Bug 978426 - Re-enable test_sts_preloadlist_perwindowpb.js on B2G. r=dkeeler 2014-12-09 11:37:00 +01:00
Brian Smith
346599ec9c Bug 1107791 Remove support for unusual wildcard names in certificates, r=keeler 
--HG--
extra : rebase_source : bd142d2e85059a0d0fd36325242553e94a7d4377
 2014-12-04 17:12:09 -08:00