Crashes resulting from the diagnostic assertions added in 2ca136370e18 suggest
that certificate decoding is faiiling in the content process (which seems
impossible given that presumably we successfully decoded the very same
certificate in the parent). This should tell us what error code NSS is
returning when this happens, which may illustrate the issue.
Differential Revision: https://phabricator.services.mozilla.com/D27998
--HG--
extra : moz-landing-system : lando
The attributes for an interface should be on the line right before the
interface.
Interface attributes should be separated by spaces.
Clean up some trailing whitespace in widget/.
Differential Revision: https://phabricator.services.mozilla.com/D28234
--HG--
extra : moz-landing-system : lando
Before this patch, test_toolkit_securityreporter.js would unconditionally try to
get the value of the "Cookie" header. If a header isn't available, httpd.js
apparently throws an exception. Interestingly, exceptions thrown in httpd.js
path handlers aren't reported to the test framework, so we weren't aware of
this. Additionally, the test didn't have any way of waiting until the security
report it was expecting had arrived, so it just continued on and "succeeded".
This patch addresses these issues by using "throws" to make sure no cookies are
available and by inserting extra add_test/run_next_test pairs when the test is
waiting for a report.
Differential Revision: https://phabricator.services.mozilla.com/D27613
--HG--
extra : moz-landing-system : lando
This adds a config option to enable client authentication through the TLS 1.3 post-handshake auth mechanism.
Differential Revision: https://phabricator.services.mozilla.com/D26540
--HG--
extra : moz-landing-system : lando
This excludes dom/, otherwise the file size is too large for phabricator to handle.
This is an autogenerated commit to handle scripts loading mochitest harness files, in
the simple case where the script src is on the same line as the tag.
This was generated with https://bug1544322.bmoattachments.org/attachment.cgi?id=9058170
using the `--part 2` argument.
Differential Revision: https://phabricator.services.mozilla.com/D27456
--HG--
extra : moz-landing-system : lando
This patch adds resumed attribute to nsISSLSocketControl, which is needed in tests that check SSL resumption (e.g. bug 1500533).
Differential Revision: https://phabricator.services.mozilla.com/D26597
--HG--
extra : moz-landing-system : lando
Previously cert_storage could use negative values as unsigned values when
determining if its data was sufficiently fresh, which could cause assertion
failures when doing time math.
This patch changes the behavior to just use 0 if values are either unavailable
or negative, which means we fail closed and say everything is out of date if we
otherwise don't have the information to make the correct decision.
Differential Revision: https://phabricator.services.mozilla.com/D27196
--HG--
extra : moz-landing-system : lando
Bug 1478124 and bug 1524687 converted many things to static xpcom
component registration, but somehow left the corresponding C++
initialization.
Differential Revision: https://phabricator.services.mozilla.com/D26697
--HG--
extra : moz-landing-system : lando
This also removes the lalrpop files from the .git/hgignore as that
breaks the build since lalrpop now includes lrgrammar in the published
crate and that file needs to be vendored
--HG--
extra : histedit_source : e31c07645a87a11b19a0b7e44f2a48d791b5f396
We already have a null-terminated `nsString` in this code; we don't need
to turn it into another null-terminated `nsString`.
Depends on D26355
Differential Revision: https://phabricator.services.mozilla.com/D26356
--HG--
extra : moz-landing-system : lando
We flatten an nsAString before calling GetPublicKey, but GetPublicKey
doesn't actually care about whether the string is null-terminated or
not. Let's save a tiny amount of work by not doing the flattening.
Differential Revision: https://phabricator.services.mozilla.com/D26355
--HG--
extra : moz-landing-system : lando
Before bug 938437, we had a rather large and error-prone
nsStaticXULComponents.cpp used to register all modules. That was
replaced with clever use of the linker, which allowed to avoid the mess
that maintaining that file was.
Fast forward to now, where after bug 1524687 and other work that
preceded it, we have a much smaller number of remaining static xpcom
components, registered via this linker hack, and don't expect to add
any new ones. The list should eventually go down to zero.
Within that context, it seems to be the right time to get rid of the
magic, and with it the problems it causes on its own.
Some of those components could probably be trivially be converted to
static registration via .conf files, but I didn't want to deal with the
possible need to increase the number of dummy modules in XPCOMInit.cpp.
They can still be converted as a followup.
Differential Revision: https://phabricator.services.mozilla.com/D26076
--HG--
extra : moz-landing-system : lando
The Set* functions of nsICertStorage (SetRevocationByIssuerAndSerial,
SetRevocationBySubjectAndPubKey, SetEnrollment, and SetWhitelist) are called on
the main thread by the implementations that manage consuming remote security
information. We don't want to block the main thread, so this patch modifies
these functions to take a callback that will be called (on the original thread)
when the operation in question has been completed on a background thread.
The Get* functions of nsICertStorage (GetRevocationState, GetEnrollmentState,
and GetWhitelistState) should only be called off the main thread. For the most
part they are, but there are at least two main-thread certificate verifications
that can cause these functions to be called on the main thread. These instances
are in nsSiteSecurityService::ProcessPKPHeader and
ContentSignatureVerifier::CreateContextInternal and will be dealt with in
bug 1406854 bug 1534600, respectively.
Differential Revision: https://phabricator.services.mozilla.com/D25174
--HG--
extra : moz-landing-system : lando
1. Adding a new attribute chromeContext in ConsoleEvent
2. Adding a new boolean attribute isFromChromeContext in nsIConsoleMessage
3. Sending IsFromChromeContext to the parent process
Differential Revision: https://phabricator.services.mozilla.com/D23330
--HG--
extra : moz-landing-system : lando
The new rkv-based cert_storage database caused a Heap Unclassified regression because of memory that LMDB reserves when opening a database in read-write mode. Since cert_storage usage is read-heavy, this change claws back that regression by opening it in read-only mode except when changes are being made.
Differential Revision: https://phabricator.services.mozilla.com/D25098
--HG--
extra : moz-landing-system : lando
Per the thread "Intent-to-Ship: Backward-Compatibility FIDO U2F support for
Google Accounts" on dev-platform [0], this bug is to:
1. Enable the security.webauth.u2f by default, to ride the trains
2. Remove the aOp == U2FOperation::Sign check from EvaluateAppID in
WebAuthnUtil.cpp, permitting the Google override to work for Register as
well as Sign.
This would enable Firefox users to use FIDO U2F API on most all sites, subject
to the algorithm limitations discussed in the section "Thorny issues in
enabling our FIDO U2F API implementation" of that post.
[0] https://groups.google.com/d/msg/mozilla.dev.platform/q5cj38hGTEA/lC834665BQAJ
Differential Revision: https://phabricator.services.mozilla.com/D25241
--HG--
extra : moz-landing-system : lando