| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| | |
clang-cl. r=froydnj
MozReview-Commit-ID: 6BCF6VYMI88
|
| |
| |
| |
| | |
structures. r=keeler
|
| |
| |
| |
| | |
CertVerifier.h . CLOSED TREE
|
| |
| |
| |
| | |
structures. r=keeler
|
| |
| |
| |
| | |
MozReview-Commit-ID: K3aWVqsO0O8
|
| |
| |
| |
| |
| |
| |
| | |
Backed out changeset 9d7f1e63d6f7 (bug 525063)
Backed out changeset 9d7f1e63d6f7 (bug 525063)
Backed out changeset 9d7f1e63d6f7 (bug 525063)
Backed out changeset 9d7f1e63d6f7 (bug 525063)
|
| |
| |
| |
| | |
Differential Revision: https://phabricator.services.mozilla.com/D894
|
| | |
|
| |
| |
| |
| | |
Differential Revision: https://phabricator.services.mozilla.com/D839
|
| |
| |
| |
| |
| |
| | |
avoid unbounded search r=fkiefer,jcj
MozReview-Commit-ID: Ght1wx5lb34
|
| |
| |
| |
| |
| |
| |
| |
| | |
Reviewed By: keeler, johannh
Bug #: 1448787
Differential Revision: https://phabricator.services.mozilla.com/D805
|
| |
| |
| |
| | |
Differential Revision: https://phabricator.services.mozilla.com/D689
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
constraint failures r=jcj
Certificate verification failures that result from additional policy constraint
failures now use the error code
"MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED" (also known as
"Result::ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED", depending on the context).
MozReview-Commit-ID: 9rE7gRBapRF
|
| |
| |
| |
| |
| |
| | |
subject certificate rather than the potential issuer, set keepGoing to false r=jcj
MozReview-Commit-ID: DEr4YgXfkOL
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
r=franziskus
Before this patch, mozilla::pkix gtests would generate a public/private key pair
and stash it in a global variable. Since this wasn't part of XPCOM nor tracked
by the PSM/NSS shutdown machinery, it wouldn't get released at the appropriate
time. The solution to this is to generate the key and then essentially export it
as data, so no NSS objects are held alive. Since NSS considers private keys
stored in the persistent database sensitive and won't export them in the clear,
we "encrypt" the key material with an empty password so we can import it when
necessary. (While the gtests don't use persistent keys, the test utilties in the
gtests are also used by some xpcshell tests that do use persistent keys, hence
the need to encrypt the key material.)
|
| |
| |
| |
| | |
MozReview-Commit-ID: 4s4JdXZPvmv
|
| |
| |
| |
| | |
MozReview-Commit-ID: HbF5oT5HW6f
|
| |
| |
| |
| | |
MozReview-Commit-ID: 5orfnoude7h
|
| |
| |
| |
| | |
MozReview-Commit-ID: 7duJk2gSd4m
|
| | |
|
| |
| |
| |
| | |
MozReview-Commit-ID: DjDkL20wRg0
|
| |
| |
| |
| | |
MozReview-Commit-ID: 2U2ToeyVUUt
|
| |
| |
| |
| | |
include cstring explicitly. r=keeler
|
| |
| |
| |
| |
| |
| | |
warn-unused-result warning r=njn
MozReview-Commit-ID: 4v6tPF5aMz7
|
| |
| |
| |
| | |
testing/gtest/gtest/src/gtest.cc:3871: 'Unused' was not declared in this scope. r=backout
|
| |
| |
| |
| |
| |
| | |
warn-unused-result warning r=njn
MozReview-Commit-ID: 4v6tPF5aMz7
|
| |
| |
| |
| |
| |
| | |
CreateEncodedBasicConstraints (which takes a pointer-to-long, rather than a long). r=keeler
MozReview-Commit-ID: Ki8AHuW5zyP
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
warning, in pkix/test/gtest. r=keeler
The gtest headers trigger many instances of this warning, due to their usage of
NULL instead of nullptr.
MozReview-Commit-ID: Dhv7mPHpZ7I
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
r=keeler
The only reason this param is a pointer is so that it can be optional. It's not
an outparam -- the function does not (and does not intend to) modify it -- so
it should be declared as 'const' to make that clearer & to allow clients to
pass in pointers to const values.
MozReview-Commit-ID: HbF96YNfnSt
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--enable-warnings-as-errors builds. r=keeler
MSVC 2017 headers aren't warning free at the -Wall level.
Since PSM enables -Wall in some moz.build files, this breaks
--enable-warnings-as-errors builds.
As a temporary measure, disable enough warnings to get working builds.
MozReview-Commit-ID: G0oUsAYYct2
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(adapted from bug 1349762 comment 0)
Google Trust Services (GTS) recently purchased two roots from GlobalSign that
are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC
Root CA - R4".
However, GTS does not have an EV audit, so we are going to turn off EV treatment
for both of those root certificates.
But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended
Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to
be used to migrate their customers off dependence on that root.
This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also
removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless
the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the
chain.
MozReview-Commit-ID: Ej9L9zTwoPN
|
| |
| |
| |
| | |
PathBuildingStep::Check() r=keeler
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
gtest class r=Cykesiopka,dholbert
pkixocsp_VerifyEncodedResponse_GetCertTrust has a field trustDomain that
deliberately shadows the field it inherits from so that code doesn't use it by
accident.
MozReview-Commit-ID: 1Y4W6sA7lHD
|
| |
| |
| |
| |
| |
| | |
1343557. r=keeler
MozReview-Commit-ID: 3gZCXTK1GJI
|
| |\
| | |
| | |
| | | |
MozReview-Commit-ID: Gj4s6DtqKmw
|
| | |
| | |
| | |
| | | |
MozReview-Commit-ID: AS6e14FOqsb
|
| |/
| |
| |
| | |
MozReview-Commit-ID: FEeAF9Vm3PJ
|
| | |
|
| |
| |
| |
| |
| |
| | |
loops in C++11 in security/ r=keeler
MozReview-Commit-ID: yfkQVEp2do
|
| |
| |
| |
| | |
security/pkix/test/gtest/pkixcert_extension_tests.cpp. r=dkeeler@mozilla.com.
|
| |
| |
| |
| | |
MozReview-Commit-ID: 6Ymgo7dQE7b
|
| |
| |
| |
| |
| |
| | |
Timestamps (RFC 6962); r=keeler, r=Cykesiopka
MozReview-Commit-ID: IgcnyBH4Up
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
|
| |
| |
| |
| | |
MozReview-Commit-ID: HZwzSgxarTw
|
| |
| |
| |
| | |
SHA1_End. r=dkeeler.
|
| |
| |
| |
| | |
directories. r=glandium
|
| |
| |
| |
| |
| |
| | |
certificates r=Cykesiopka,jcj
MozReview-Commit-ID: 88JhIU1pUji
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
integers rather than SEC_ERROR_BAD_DER. r=keeler
Also adds some missing l10n entries to nsserrors.properties (but not for errors
that are specific to TLS 1.3, since TLS 1.3 is not yet finalised).
MozReview-Commit-ID: A42fmTDTe8W
|
| |
| |
| |
| |
| |
| | |
back to subject CN r=Cykesiopka,mgoodwin
MozReview-Commit-ID: 7xT6JGpOH1g
|