Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-17 07:15:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
465,067 Commits 615 Branches 98 Tags 5.9 GiB
f228ba40a1
Commit Graph

3834 Commits

Author SHA1 Message Date
David Keeler
f228ba40a1 bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin 
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.

MozReview-Commit-ID: HCtZpPQVEGZ

--HG--
extra : rebase_source : 898ef37459723f1d8479cfdc58658ccb00e782a9
 2016-03-04 17:06:33 -08:00
Richard Barnes
0926cc2911 Bug 1254653 - Add telemetry to measure how often we encounter EV certificates r=keeler 
MozReview-Commit-ID: FvDpMGEJGLQ

--HG--
extra : rebase_source : 8dab354175e1a7b57450011bc50ffa6fd13448b7
 2016-03-08 17:30:40 -05:00
Carsten "Tomcat" Book
1ca11b97af merge mozilla-inbound to mozilla-central a=merge 2016-03-09 11:46:43 +01:00
ffxbld
3e380e6fa3 No bug, Automated HPKP preload list update from host bld-linux64-spot-223 - a=hpkp-update 2016-03-08 19:41:38 -08:00
ffxbld
a560947174 No bug, Automated HSTS preload list update from host bld-linux64-spot-223 - a=hsts-update 2016-03-08 19:41:36 -08:00
Cykesiopka
610314abc0 Bug 1253958 - Make getHSTSPreloadList.js and genHPKPStaticPins.js gracefully handle trailing whitespace in URL entries. r=dkeeler 
MozReview-Commit-ID: Kyc7JzxVEo0

--HG--
extra : rebase_source : 009554017b7ec1e2c6e57430ee554eb94deb2a3a
 2016-03-06 16:02:52 -08:00
Masatoshi Kimura
0fb560192b Bug 1253166 - Remove UI to override RC4 errors. r=keeler 2016-03-08 06:34:42 +09:00
Masatoshi Kimura
e9c1221a17 Bug 1254306 - Do not check the fallback limit version for the RC4 fallback. r=keeler 2016-03-09 07:38:43 +09:00
Nathan Froyd
777c075f0e Bug 1253010 - part 3 - create all nsIDateTimeFormat instances directly; r=smontagu 2015-12-05 11:03:27 -05:00
Nathan Froyd
ae4c78cdd2 Bug 1253010 - part 1 - refactor nsX509CertValidity time formatting; r=keeler 
nsX509CertValidity has several copy-pasted routines that differ only
slightly in the parameters they use for formatting times.  Let's have a
single place to do the formatting and pass in the appropriate
parameters.
 2015-12-05 10:26:19 -05:00
Cykesiopka
a650e7a431 Bug 1250254 - Enable ESLint "no-throw-literal" rule for PSM. r=dkeeler 
MozReview-Commit-ID: LZcitO0FTWH

--HG--
rename : security/manager/.eslintrc => security/manager/.eslintrc.json
extra : transplant_source : %95%EA%08ofJn-l%3D%A2W%90%A6i%E4%5D%A1c%3E
 2016-02-29 20:05:55 -08:00
David Keeler
8662000fad bug 1049969 - add symbols file for the test pkcs11 module so it works on Windows r=jcj 
MozReview-Commit-ID: KRaAmd7icd8

--HG--
extra : rebase_source : 2c0f1b8cf055574c01d6a6ef15af4246d00151bc
 2016-03-01 17:12:38 -08:00
Cykesiopka
cff547515b Bug 1250256 - Partially clean up nsSDR.cpp. r=keeler 
MozReview-Commit-ID: FoS4oTjnd7F

--HG--
extra : transplant_source : %03%85%27T%06%E6%FB%FD%10%2C%F6%D9%92%F7I%60%B0%C1vr
 2016-03-01 20:07:53 -08:00
Aniket Vyas
e3710a089b bug 1197314: Remove PR_snprintf calls in security/manager/ssl/ r=keeler 
MozReview-Commit-ID: Kq5kWzC1UHU
 2016-02-26 15:31:43 -08:00
David Keeler
3a39756220 bug 1250818 - remove certificate issuer organization to common name fallback r=Cykesiopka 
Before this change, if a certificate's issuer DN did not have an organization
component, nsIX509Cert.issuerOrganization would fall back to using the issuer
common name. This was never a good idea, because this gave misleading
information to consumers of this interface. Furthermore, it appears that all
consumers of this interface already do such a fallback (for display purposes)
when they've determined that it's a reasonable thing to do.

MozReview-Commit-ID: p2gmSP0nZW

--HG--
extra : rebase_source : 2248ff01e8c0e9a79b27f4406fdc2f0a4ed98360
 2016-02-26 13:18:02 -08:00
Cykesiopka
4d0d854bab Bug 1173679 - Add tests for the "security.OCSP.enabled" pref. r=dkeeler 
MozReview-Commit-ID: BQurIgVY8os

--HG--
extra : transplant_source : Z%25%16_%EB%0ABe%98%1B%F5%E5%FE%8C%AA%F0%18%90%16%AB
 2016-02-28 17:49:06 -08:00
Carsten "Tomcat" Book
7f956c0bfb merge mozilla-inbound to mozilla-central a=merge 2016-02-29 11:35:30 +01:00
Cykesiopka
b9a9010687 Bug 1249595 - Enable 11 more ESLint rules for PSM. r=keeler 
MozReview-Commit-ID: FxS9SPRMMxf

--HG--
extra : transplant_source : %18%08%F0%EB%E3%AD%3E%F7%94%80%05%C0%D0P%5Co.%940%7E
 2016-02-26 12:35:34 -08:00
Tim Taubert
896a7362d7 Bug 1247860 - Enable ChaCha20/Poly1305 cipher suites r=emk,keeler 2016-02-26 12:37:19 +01:00
David Keeler
a1c1defa04 bug 1199850 - remove unnecessary PSM xpcshell extended key usage tests r=Cykesiopka,jcj 
MozReview-Commit-ID: 8Uz4bN87872

--HG--
extra : rebase_source : a3021481a40c7e974a3b756021e274beeb7f30d6
 2016-02-24 14:20:01 -08:00
Carsten "Tomcat" Book
e232fcd2d4 Merge mozilla-central to mozilla-inbound 2016-02-25 11:59:05 +01:00
Carsten "Tomcat" Book
3695dd59e0 merge mozilla-inbound to mozilla-central a=merge 2016-02-25 11:57:51 +01:00
Nihanth Subramanya
45a1207cdf Bug 1201437 - Make cert override tests check for STATE_CERT_USER_OVERRIDDEN. r=keeler 
MozReview-Commit-ID: G6KQPXHbEPL

--HG--
extra : rebase_source : 9ed61d521996d96d2d18f5d602439bedc46393c0
 2016-02-24 22:45:12 -08:00
Nihanth Subramanya
0147157053 Bug 1201437 - Add new WebProgress state flag for user-overridden cert. r=keeler 
MozReview-Commit-ID: cvBYSZykK0

--HG--
extra : rebase_source : 68038f9d21a33efac139eedd26636f815217d2d6
 2016-02-24 22:46:52 -08:00
Cykesiopka
a150859d8e Bug 1248874 - Replace Scoped.h templates used only by PSM in ScopedNSSTypes.h with UniquePtr equivalents. r=dkeeler 
MozReview-Commit-ID: 5OClBV522lv

--HG--
extra : transplant_source : G%A3%3B%A0%AC%0D%25%F2%C5K%DC8%0F%90%1B%7Bf%E0%93%F7
 2016-02-18 06:01:39 -08:00
Cykesiopka
f64795a71b Bug 1246365 - Enable eslint "comma-spacing" and "semi" rules for PSM. r=keeler 
MozReview-Commit-ID: 7FVcD7O9mpG

--HG--
extra : transplant_source : R%C3B%B73%0A%9E%FA%83_%CF%FE%86O%B4%FF%C4f%EB%9C
 2016-02-18 21:16:50 -08:00
Cykesiopka
da44ab790c Bug 1220237 - Remove uses of nsIEnumerator from PSM. r=keeler 
MozReview-Commit-ID: 3FhBCqnJz4n

--HG--
extra : transplant_source : %1B%9B%40%EAzK%A2%F6%B0%FF%FF%A3O%A6%D7%25c%DD%F1U
 2016-02-24 17:42:45 -08:00
David Keeler
51a37ae665 bug 1241650 - remove nsIX509CertDB.findCertNicknames r=mgoodwin 
MozReview-Commit-ID: JtU7H5qGvge

--HG--
extra : rebase_source : fae856a160e5cc987702794f805030b2d1cc3533
 2016-01-21 15:14:31 -08:00
Ben Kelly
156ed9a0ed Bug 1247580 P2 Add gtest to ensure we can continue to deserialize old security info strings. r=bz 2016-02-17 07:18:00 -08:00
Ben Kelly
7382b7bc31 Bug 1247580 P1 Allow old nsIX509Cert serialized objects to be read off disk. r=bz 2016-02-17 07:18:00 -08:00
Cykesiopka
e5ab49e43e Bug 1247847 - Use smart pointers in nsNSSCertHelper.cpp to manage NSS resources. r=keeler 
This lets us remove things like gotos in the code, and makes resource ownership slightly clearer.

MozReview-Commit-ID: Kucn7exhLd7

--HG--
extra : transplant_source : %27%FF%D2tjLI%9B5ep%21%B7%FA%92%08%14%07%12%C6
 2016-02-16 16:25:09 -08:00
Cykesiopka
eb91d4f287 Bug 1244245 - Enable eslint "curly" rule for PSM. r=keeler 
Also includes minor cleanup.

MozReview-Commit-ID: CHgbTIa3s2O

--HG--
extra : transplant_source : %FD%ACi%DE%3E%28%0D%D2_%5Dc%1Dk%E6%E8%EDw%D5%FA%93
 2016-02-16 17:27:49 -08:00
ISHIKAWA, Chiaki
be2b50a7f8 Bug 1248252 - Improper outdated octal constant syntax in M-C tree. Use '0o' prefix. r=dao 
Be warned. Do not attemp to change the .js "test" source code in ./js
They are meant to check

 - the outdated 0666 octal constant is still parsed correctly,
 - the outdated 0666 octal constant raises syntax error flag
   in strict mode, etc.

So leave them alone.
 2016-02-15 08:57:00 +01:00
Sebastian Hengst
be7b0e4539 Backed out 2 changesets (bug 1247250) for bustage. r=bustage on a CLOSED TREE 
Backed out changeset 8aded3a039f5 (bug 1247250)
Backed out changeset 374e6d0abf0e (bug 1247250)
 2016-02-12 00:42:48 +01:00
Masatoshi Kimura
8e3a5c71be Bug 1247250 - followup: fix comments to reflect the review comment. r=keeler DONTBUILD 2016-02-12 07:43:21 +09:00
Masatoshi Kimura
e40094eb48 Bug 1247250 - Enable TLS 1.3 draft 11 anti-downgrade on non-secure fallback. r=keeler 2016-02-12 07:36:37 +09:00
Cykesiopka
103a609a33 Bug 1243193 - Use Assert.throws() more in PSM tests. r=keeler 2016-02-10 21:40:00 +01:00
Aidin Gharibnavaz
686438c658 Bug 1164581 - Adding an overload for NS_ProxyRelease that accepts already_AddRefed, and removing all the others. r=bobbyholley 2016-02-10 08:23:00 +01:00
David Keeler
5ceb0c8a89 bug 1246765 - remove unnecessary resource://app/ registration from getHSTSPreloadList.js r=Cykesiopka DONTBUILD NPOTB 2016-02-08 12:56:34 -08:00
Cykesiopka
19922e4976 Bug 503515 - Try and ensure exported certificates include an extension by default. r=keeler 
--HG--
extra : rebase_source : b3d595ae962d70afc208b34afe616b6ef88133a8
 2016-02-09 00:17:00 +01:00
Carsten "Tomcat" Book
5b358688b7 Backed out changeset c18e29c1b369 (bug 1164581) for cpp unit tests test failures 
--HG--
extra : rebase_source : fb6fd434c8e3f4b5fa53ea645a54c07cab207894
 2016-02-08 11:17:38 +01:00
Masatoshi Kimura
7c3a491022 Bug 1247250 - Enable TLS 1.3 anti-downgrade on non-secure fallback. r=keeler 2016-02-24 19:35:00 +09:00
Aidin Gharibnavaz
69cf7e035f Bug 1164581 - Adding an overload for NS_ProxyRelease that accepts already_AddRefed, and removing all the others. r=bobbyholley 
--HG--
extra : rebase_source : 3c6bba6613a14e48239d302bdd0f7fe2e322265d
 2016-02-07 10:56:00 +01:00
Cykesiopka
7e014d6be0 Bug 1243182 - Enable eslint "space-infix-ops" rule for PSM. r=keeler 
Also includes minor cleanups.
 2016-02-06 21:05:02 -08:00
Cykesiopka
6a5e8155c8 Bug 1064402 - Part 2: Remove nsIX509CertDB.importServerCertificate() and nsIX509Cert::SERVER_CERT support in importCertsFromFile(). r=keeler 2016-02-06 20:41:11 -08:00
Cykesiopka
370bac0f07 Bug 1064402 - Part 1: Remove Import button in Servers tab of the Certificate Manager. r=keeler 
It no longer serves any useful purpose:
1. It is no longer possible to add explicit trust for server certs post Bug 825583.
1A. The Add Exception feature is better suited for this anyways.
2. It isn't possible to set explicit distrust in the Cert Manager, only remove explicit trust.
3. Importing may also inadvertently cause verification failures (see Bug 1202636).
 2016-02-06 20:40:57 -08:00
Cykesiopka
1e1cca77d4 Bug 1243180 - Enable eslint "no-trailing-spaces" rule for PSM. r=keeler 
Also does some minor cleanup.
 2016-02-03 01:51:00 +01:00
simplyblue
addf646a4c Bug 1241646 - remove unused token arguments from nsIX509CertDB r=keeler 2016-01-30 13:50:58 +05:30
Mark Goodwin
282a183d55 Bug 1241821 - Create a SecurityReporter component for TLS Error Reports r=mossop, keeler 
This takes the TLS Error Reporting functionality used in the aboutNetError.xhtml
and aboutCertError.xhtml error pages and moves it to its own component. This
allows us to make use of this same error reporting functionality from elsewhere.
Notably, this allows us to send error reports for issues that occur when loading
subresources.
The xpcshell test included is in security/manager/ssl/tests because we need to
make use of tlsserver functionality from the PSM tests.
 2016-01-30 08:07:38 +00:00
Kyle Huey
91efc5a86c Bug 1241764: Replace nsPIDOMWindow with nsPIDOMWindowInner/Outer. r=mrbkap,smaug 2016-01-30 09:05:36 -08:00