Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-25 05:41:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ef0a88c6f2
gecko-dev/security/manager/ssl
History
Dana Keeler ef0a88c6f2 Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 
The public key pinning implementation is much less complex than the HSTS
implementation, and only needs a small subset of the parameters of the latter.
Furthermore, the information it relies on is static, and so is safe to access
from content processes. This patch separates the two implementations, thus
simplifying both of them and avoiding some unnecessary IPC calls in the
process.

Differential Revision: https://phabricator.services.mozilla.com/D117096
2021-06-12 01:12:25 +00:00
..
cert_storage Bug 1677866 - Report memory allocated by cert_storage crate r=keeler,emilio 2021-04-19 22:12:56 +00:00
crashtests
osclientcerts Bug 1712848 - avoid OS APIs that normalize distinguished names in osclientcerts r=rmf 2021-05-26 20:16:29 +00:00
tests Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 2021-06-12 01:12:25 +00:00
CertStorageMemoryReporting.cpp Bug 1677866 - Report memory allocated by cert_storage crate r=keeler,emilio 2021-04-19 22:12:56 +00:00
CommonSocketControl.cpp Bug 1715142 - convert pinning to use a static pref r=rmf 2021-06-12 01:12:25 +00:00
CommonSocketControl.h Bug 1669679 - Rebuild cert-info when a resumption token is used for HTTP3 r=keeler,necko-reviewers 2020-10-28 11:15:14 +00:00
components.conf Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 2021-06-12 01:12:25 +00:00
ContentSignatureVerifier.cpp Bug 1659786 - avoid CERTCertificate in CSTrustDomain and ContentSignatureVerifier r=rmf 2020-08-20 19:28:07 +00:00
ContentSignatureVerifier.h
CredentialManagerSecret.cpp
CredentialManagerSecret.h
CryptoTask.cpp
CryptoTask.h
CSTrustDomain.cpp Bug 1682989 - remove CertBlocklist implementation and MOZ_NEW_CERT_STORAGE build variable r=rmf 2021-01-19 22:11:25 +00:00
CSTrustDomain.h Bug 1682989 - remove CertBlocklist implementation and MOZ_NEW_CERT_STORAGE build variable r=rmf 2021-01-19 22:11:25 +00:00
DataStorage.cpp Bug 1693541 - Improve uses of nsBaseHashtable and descendants and avoid multiple subsequent lookups in security/manager/ssl/DataStorage.cpp. r=keeler 2021-02-26 11:36:42 +00:00
DataStorage.h Bug 1634281 - Use nsTHashMap instead of nsDataHashtable. r=xpcom-reviewers,necko-reviewers,jgilbert,nika,valentin 2021-03-10 10:47:47 +00:00
DataStorageIPCUtils.h Bug 1677466 - Move ParamTraits specializations with extra dependencies out of IPCMessageUtils.h. r=mccr8 2020-12-10 11:09:21 +00:00
DataStorageList.h Bug 1651672 - Clear and remove DataStorageClass::TRRBlacklist r=kershaw,necko-reviewers 2020-08-10 09:46:32 +00:00
DER.jsm Bug 1689698 - improve performance of DER.jsm r=mbirghan 2021-02-03 22:33:00 +00:00
EnterpriseRoots.cpp
EnterpriseRoots.h
KeychainSecret.cpp
KeychainSecret.h Bug 1694200 - Check for the preferred client cert on macOS. r=keeler 2021-04-07 22:38:54 +00:00
LibSecret.cpp
LibSecret.h
LocalCertService.cpp Bug 1686779 - remove isSelfSigned from nsIX509Cert r=rmf 2021-01-19 17:01:57 +00:00
LocalCertService.h
md4.c
md4.h
moz.build Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 2021-06-12 01:12:25 +00:00
nsCertOverrideService.cpp Bug 1715142 - clear the TLS session cache in SetDisableAllSecurityChecksAndLetAttackersInterceptMyData r=rmf 2021-06-12 01:12:24 +00:00
nsCertOverrideService.h Bug 1597600 - make certificate overrides depend on origin attributes r=keeler,geckoview-reviewers,smaug,agi 2021-06-01 06:55:07 +00:00
nsCertTree.cpp Bug 1682412 - (part 2/2) remove unnecessary nsCertAddonInfo class r=rmf,mbirghan 2021-01-07 17:44:35 +00:00
nsCertTree.h Bug 1682412 - (part 2/2) remove unnecessary nsCertAddonInfo class r=rmf,mbirghan 2021-01-07 17:44:35 +00:00
nsClientAuthRemember.cpp Bug 1694200 - Check for the preferred client cert on macOS. r=keeler 2021-04-07 22:38:54 +00:00
nsClientAuthRemember.h Bug 634697 - Add permanent storage to user's client certificate selection r=keeler,baku,fluent-reviewers,Gijs 2020-08-03 13:24:34 +00:00
nsCryptoHash.cpp
nsCryptoHash.h
nsICertificateDialogs.idl
nsICertOverrideService.idl Bug 1711971 - Make connection coalescing works for http3, r=necko-reviewers,dragana 2021-06-07 09:52:31 +00:00
nsICertStorage.idl Bug 1648142 - Block on cert storage ops prior to shutdown r=keeler 2020-06-25 20:33:51 +00:00
nsICertTree.idl Bug 1682412 - (part 1/2) remove dead code from nsCertTree.cpp and related files r=rmf,mbirghan 2021-01-07 17:44:33 +00:00
nsIClientAuthDialogs.idl
nsIClientAuthRememberService.idl Bug 634697 - Add permanent storage to user's client certificate selection r=keeler,baku,fluent-reviewers,Gijs 2020-08-03 13:24:34 +00:00
nsIContentSignatureVerifier.idl
nsICryptoHash.idl
nsICryptoHMAC.idl
nsIKeyModule.idl
nsILocalCertService.idl
nsINSSComponent.idl Bug 1661543 - Backed out 1 changesets (bug 1651449) for performance regression. a=backout CLOSED TREE 2020-08-27 22:31:36 +02:00
nsINSSErrorsService.idl
nsINSSVersion.idl
nsIOSKeyStore.idl
nsIOSReauthenticator.idl
nsIPK11Token.idl
nsIPK11TokenDB.idl
nsIPKCS11Module.idl
nsIPKCS11ModuleDB.idl
nsIPKCS11Slot.idl
nsIProtectedAuthThread.idl
nsIPublicKeyPinningService.idl Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 2021-06-12 01:12:25 +00:00
nsISecretDecoderRing.idl
nsISecurityUITelemetry.idl Bug 1636962 - Add telemetry for all page load errors r=johannh,xeonchen,nika 2020-05-27 22:33:02 +00:00
nsISiteSecurityService.idl Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 2021-06-12 01:12:25 +00:00
nsITokenDialogs.idl
nsITokenPasswordDialogs.idl
nsIX509Cert.idl Bug 1687570 - remove nsIX509Cert.keyUsages r=johannh,dveditz 2021-06-09 21:54:57 +00:00
nsIX509CertDB.idl Bug 1677501 - Add nsIX509CertDB.asyncHasThirdPartyRoots and use it in DoHHeuristics.jsm r=keeler,Gijs,nhnt11 2020-12-01 14:42:36 +00:00
nsIX509CertValidity.idl
nsKeyModule.cpp
nsKeyModule.h
nsNSSCallbacks.cpp Bug 1714263 - remove expired CRLITE_RESULT telemetry histogram r=rmf 2021-06-09 22:33:12 +00:00
nsNSSCallbacks.h Bug 1687701 - Remove IsCertificateDistrustImminent. r=keeler,necko-reviewers,dragana 2021-01-27 18:05:24 +00:00
nsNSSCertHelper.cpp Bug 1680320 - Use nsIX509Cert::GetSha256Fingerprint instead of GetCertFingerprintByOidTag r=keeler 2020-12-10 12:35:38 +00:00
nsNSSCertHelper.h Bug 1680320 - Use nsIX509Cert::GetSha256Fingerprint instead of GetCertFingerprintByOidTag r=keeler 2020-12-10 12:35:38 +00:00
nsNSSCertificate.cpp Bug 1687570 - remove nsIX509Cert.keyUsages r=johannh,dveditz 2021-06-09 21:54:57 +00:00
nsNSSCertificate.h Bug 1689726 - avoid using NSS types in TrustOverrideUtils.h r=keeler 2021-03-19 17:29:12 +00:00
nsNSSCertificateDB.cpp Bug 1694649 - Rewrite GetFirstEVPolicy with pkix r=keeler 2021-04-16 22:32:35 +00:00
nsNSSCertificateDB.h
nsNSSCertTrust.cpp
nsNSSCertTrust.h
nsNSSComponent.cpp Bug 1715142 - convert pinning to use a static pref r=rmf 2021-06-12 01:12:25 +00:00
nsNSSComponent.h Bug 1679522 - Use <> style for including windows system headers. r=andi 2021-03-25 10:19:44 +00:00
nsNSSHelper.h
nsNSSIOLayer.cpp Bug 1612116 - turn NSS not setting an error code into SEC_ERROR_LIBRARY_FAILURE r=bbeurdouche 2021-05-13 17:29:07 +00:00
nsNSSIOLayer.h Bug 1634281 - Use nsTHashMap instead of nsDataHashtable. r=xpcom-reviewers,necko-reviewers,jgilbert,nika,valentin 2021-03-10 10:47:47 +00:00
nsNSSModule.cpp Bug 1682989 - remove CertBlocklist implementation and MOZ_NEW_CERT_STORAGE build variable r=rmf 2021-01-19 22:11:25 +00:00
nsNSSModule.h
nsNSSVersion.cpp
nsNSSVersion.h
nsNTLMAuthModule.cpp Backed out 14 changesets (bug 1705659, bug 472823, bug 669675) as requested by valentin for causing regressions. CLOSED TREE 2021-05-31 13:16:34 +03:00
nsNTLMAuthModule.h
nsPK11TokenDB.cpp
nsPK11TokenDB.h
nsPKCS11Slot.cpp
nsPKCS11Slot.h
nsPKCS12Blob.cpp
nsPKCS12Blob.h
nsProtectedAuthThread.cpp
nsProtectedAuthThread.h
nsRandomGenerator.cpp
nsRandomGenerator.h
nsSecureBrowserUI.cpp Bug 1653026 - Added HTTPS-Only Mode upgrade info to browser UI state. r=mattwoodrow,necko-reviewers,dragana 2020-10-06 00:34:55 +00:00
nsSecureBrowserUI.h Bug 1653026 - Added HTTPS-Only Mode upgrade info to browser UI state. r=mattwoodrow,necko-reviewers,dragana 2020-10-06 00:34:55 +00:00
nsSecurityHeaderParser.cpp
nsSecurityHeaderParser.h
NSSErrorsService.cpp
NSSErrorsService.h Bug 1682989 - remove CertBlocklist implementation and MOZ_NEW_CERT_STORAGE build variable r=rmf 2021-01-19 22:11:25 +00:00
nsSiteSecurityService.cpp Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 2021-06-12 01:12:25 +00:00
nsSiteSecurityService.h Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 2021-06-12 01:12:25 +00:00
NSSKeyStore.cpp Bug 1639795: Update keystore name to be user-friendly r=MattN,keeler 2020-06-10 21:53:19 +00:00
NSSKeyStore.h
nsSSLSocketProvider.cpp
nsSSLSocketProvider.h
nsSTSPreloadList.inc No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau 2021-06-10 14:50:41 +00:00
nsTLSSocketProvider.cpp
nsTLSSocketProvider.h
nsVerificationJob.h
OSKeyStore.cpp Bug 1659923 - Avoid unnecessary copies around Base64Encode. r=xpcom-reviewers,necko-reviewers,froydnj,valentin 2020-08-19 17:45:16 +00:00
OSKeyStore.h Bug 1639795: Update keystore name to be user-friendly r=MattN,keeler 2020-06-10 21:53:19 +00:00
OSReauthenticator.cpp Bug 1660470 - Avoid including IPCMessageUtils.h from header files. r=nika 2020-11-23 16:03:47 +00:00
OSReauthenticator.h
OSReauthenticatorDarwin.mm
PKCS11ModuleDB.cpp Bug 1660470 - Add missing include directives/forward declarations. r=nika 2020-11-23 16:21:38 +00:00
PKCS11ModuleDB.h
PSMIPCCommon.cpp
PSMIPCCommon.h
PSMIPCTypes.ipdlh Bug 1660470 - Avoid including DataStorageIPCUtils.h from header files. r=nika 2020-11-23 16:04:34 +00:00
PSMRunnable.cpp
PSMRunnable.h
PublicKeyPinningService.cpp Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 2021-06-12 01:12:25 +00:00
PublicKeyPinningService.h Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 2021-06-12 01:12:25 +00:00
PublicSSL.h
PVerifySSLServerCert.ipdl
RemoteSecuritySettings.jsm Bug 1714263 - remove expired intermediate preloading telemetry r=rmf 2021-06-09 22:33:13 +00:00
RootCertificateTelemetryUtils.cpp Bug 1660470 - Add missing include directives/forward declarations. r=nika 2020-11-23 16:21:38 +00:00
RootCertificateTelemetryUtils.h Bug 1654835 - Remove CERTCertificate from PublicKeyPinningService.cpp r=keeler 2020-07-30 08:44:59 +00:00
RootHashes.inc Bug 1713766 - land NSS NSS_3_67_RTM UPGRADE_NSS_RELEASE, r=bbeurdouche,aryx 2021-06-10 13:25:03 +00:00
ScopedNSSTypes.h Bug 1272794 - Clean up Digest class API r=keeler,necko-reviewers,valentin 2020-11-11 22:16:38 +00:00
SecretDecoderRing.cpp Bug 1634065 - re-work how PSM services get initialized on the main thread r=kjacobs,necko-reviewers,bbeurdouche 2020-11-17 16:29:44 +00:00
SecretDecoderRing.h
SharedCertVerifier.h Bug 1715142 - convert pinning to use a static pref r=rmf 2021-06-12 01:12:25 +00:00
SharedSSLState.cpp Bug 1597600 - make certificate overrides depend on origin attributes r=keeler,geckoview-reviewers,smaug,agi 2021-06-01 06:55:07 +00:00
SharedSSLState.h Bug 1715142 - convert pinning to use a static pref r=rmf 2021-06-12 01:12:25 +00:00
SSLServerCertVerification.cpp Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers 2021-06-12 01:12:25 +00:00
SSLServerCertVerification.h Bug 1694542 - cache intermediate certificates on the socket thread when it is idle r=mbirghan,rmf 2021-03-10 17:09:03 +00:00
StaticHPKPins.errors
StaticHPKPins.h No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau 2021-06-10 14:50:41 +00:00
TransportSecurityInfo.cpp Bug 1691913 - Rename nsBaseHashtable::Put to InsertOrUpdate. r=xpcom-reviewers,necko-reviewers,jgilbert,dragana,nika 2021-02-26 09:11:46 +00:00
TransportSecurityInfo.h Bug 1694649 - Rewrite GetFirstEVPolicy with pkix r=keeler 2021-04-16 22:32:35 +00:00
VerifySSLServerCertChild.cpp Bug 1694542 - cache intermediate certificates on the socket thread when it is idle r=mbirghan,rmf 2021-03-10 17:09:03 +00:00
VerifySSLServerCertChild.h Bug 1694542 - cache intermediate certificates on the socket thread when it is idle r=mbirghan,rmf 2021-03-10 17:09:03 +00:00
VerifySSLServerCertParent.cpp Bug 1694542 - cache intermediate certificates on the socket thread when it is idle r=mbirghan,rmf 2021-03-10 17:09:03 +00:00
VerifySSLServerCertParent.h
X509.jsm
X509CertValidity.cpp Bug 1694200 - Check for the preferred client cert on macOS. r=keeler 2021-04-07 22:38:54 +00:00
X509CertValidity.h Bug 1664011 - avoid CERTCertificate in nsIX509CertValidity implementation r=rmf 2020-09-11 17:20:25 +00:00