summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1479787 - merge mozpkix from mozilla-central to NSSFranziskus Kiefer2018-08-0349-0/+21289
|\
| * Bug 1476486 - Apply clang warning suppression (rather than msvc) in pkix for ↵Xidorn Quan2018-07-192-5/+5
| | | | | | | | | | | | clang-cl. r=froydnj MozReview-Commit-ID: 6BCF6VYMI88
| * Bug 1453795 - PSM-Security - Initialize member fields in classes/ ↵Andi-Bogdan Postelnicu2018-06-185-3/+14
| | | | | | | | structures. r=keeler
| * Backed out changeset 6692fb61e97c (bug 1453795) for build bustages on ↵Narcis Beleuzu2018-06-195-13/+2
| | | | | | | | CertVerifier.h . CLOSED TREE
| * Bug 1453795 - PSM-Security - Initialize member fields in classes/ ↵Andi-Bogdan Postelnicu2018-06-185-2/+13
| | | | | | | | structures. r=keeler
| * Bug 1464869 - Run autopep8 on security/ r=fkieferSylvestre Ledru2018-05-261-3/+9
| | | | | | | | MozReview-Commit-ID: K3aWVqsO0O8
| * Backed out 4 changesets (bug 525063) on request from Andi. a=backoutSebastian Hengst2018-04-133-14/+5
| | | | | | | | | | | | | | Backed out changeset 9d7f1e63d6f7 (bug 525063) Backed out changeset 9d7f1e63d6f7 (bug 525063) Backed out changeset 9d7f1e63d6f7 (bug 525063) Backed out changeset 9d7f1e63d6f7 (bug 525063)
| * Bug 1450967 - MITM error string update, r=keelerFranziskus Kiefer2018-04-121-1/+1
| | | | | | | | Differential Revision: https://phabricator.services.mozilla.com/D894
| * Bug 525063 - Initialize uninitialized class attributes in m-c. r=ehsanTristan Bourvon2018-04-103-5/+14
| |
| * Bug 1450967 - mitm detection v0.0.1, r=keeler,johannhFranziskus Kiefer2018-03-163-0/+6
| | | | | | | | Differential Revision: https://phabricator.services.mozilla.com/D839
| * bug 1056341 - introduce a budget for path searching in mozilla::pkix to ↵David Keeler2018-03-272-8/+181
| | | | | | | | | | | | avoid unbounded search r=fkiefer,jcj MozReview-Commit-ID: Ght1wx5lb34
| * Bug 1448787 - separate error for self-signed certs, r=keeler,johannhFranziskus Kiefer2018-03-293-0/+5
| | | | | | | | | | | | | | | | Reviewed By: keeler, johannh Bug #: 1448787 Differential Revision: https://phabricator.services.mozilla.com/D805
| * Bug 1443744 - fix shadowing issues in pkix, r=keelerFranziskus Kiefer2018-03-0719-136/+131
| | | | | | | | Differential Revision: https://phabricator.services.mozilla.com/D689
| * bug 1441223 - add a new (overridable) error code to describe extra policy ↵David Keeler2018-02-273-0/+6
| | | | | | | | | | | | | | | | | | | | | | constraint failures r=jcj Certificate verification failures that result from additional policy constraint failures now use the error code "MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED" (also known as "Result::ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED", depending on the context). MozReview-Commit-ID: 9rE7gRBapRF
| * bug 1437214 - if PathBuildingStep::Check fails due to a problem with the ↵David Keeler2018-02-092-2/+174
| | | | | | | | | | | | subject certificate rather than the potential issuer, set keepGoing to false r=jcj MozReview-Commit-ID: DEr4YgXfkOL
| * bug 1430906 - don't hold around a test key forever in mozilla::pkix gtests ↵David Keeler2018-01-123-29/+147
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r=franziskus Before this patch, mozilla::pkix gtests would generate a public/private key pair and stash it in a global variable. Since this wasn't part of XPCOM nor tracked by the PSM/NSS shutdown machinery, it wouldn't get released at the appropriate time. The solution to this is to generate the key and then essentially export it as data, so no NSS objects are held alive. Since NSS considers private keys stored in the persistent database sensitive and won't export them in the clear, we "encrypt" the key material with an empty password so we can import it when necessary. (While the gtests don't use persistent keys, the test utilties in the gtests are also used by some xpcshell tests that do use persistent keys, hence the need to encrypt the key material.)
| * Bug 1394734 - Simplify various corner cases r=glandiumSylvestre Ledru2017-12-071-1/+1
| | | | | | | | MozReview-Commit-ID: 4s4JdXZPvmv
| * Bug 1394734 - Replace CONFIG['CLANG*'] by CONFIG['CC_TYPE'] r=glandiumSylvestre Ledru2017-12-072-3/+3
| | | | | | | | MozReview-Commit-ID: HbF5oT5HW6f
| * Bug 1394734 - Replace CONFIG['MSVC'] by CONFIG['CC_TYPE'] r=glandiumSylvestre Ledru2017-12-083-3/+3
| | | | | | | | MozReview-Commit-ID: 5orfnoude7h
| * Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandiumSylvestre Ledru2017-12-073-4/+4
| | | | | | | | MozReview-Commit-ID: 7duJk2gSd4m
| * Bug 1198481 - Fixed typo 'id_pk_serverAuth' to 'id_kp_serverAuth'. r=keelermanikishan2017-12-021-1/+1
| |
| * Bug 1411001 - Remove the +x permissions on cpp & h files r=froydnjSylvestre Ledru2017-10-231-0/+0
| | | | | | | | MozReview-Commit-ID: DjDkL20wRg0
| * Bug 1406736 Match MinGW's macro so we declare gmtime_r under MinGW too r=froydnjTom Ritter2017-10-091-1/+1
| | | | | | | | MozReview-Commit-ID: 2U2ToeyVUUt
| * Bug 1305396 - Replace memmove with std::copy_backward in a file that doesn't ↵Nicolas Vigier2017-10-161-5/+5
| | | | | | | | include cstring explicitly. r=keeler
| * Bug 1406687 Pass return values from fwrite to Unused to silence the ↵Tom Ritter2017-10-091-1/+3
| | | | | | | | | | | | warn-unused-result warning r=njn MozReview-Commit-ID: 4v6tPF5aMz7
| * Backed out changeset 7a5d74db770b (bug 1406687) for build bustage at ↵Sebastian Hengst2017-10-091-3/+1
| | | | | | | | testing/gtest/gtest/src/gtest.cc:3871: 'Unused' was not declared in this scope. r=backout
| * Bug 1406687 Pass return values from fwrite to Unused to silence the ↵Tom Ritter2017-10-091-1/+3
| | | | | | | | | | | | warn-unused-result warning r=njn MozReview-Commit-ID: 4v6tPF5aMz7
| * Bug 1369806: Fix up pkix test to correctly pass zero to ↵Daniel Holbert2017-06-021-2/+4
| | | | | | | | | | | | CreateEncodedBasicConstraints (which takes a pointer-to-long, rather than a long). r=keeler MozReview-Commit-ID: Ki8AHuW5zyP
| * Bug 1369864: Suppress clang -Wno-zero-as-null-pointer-constant build ↵Daniel Holbert2017-06-021-0/+1
| | | | | | | | | | | | | | | | | | warning, in pkix/test/gtest. r=keeler The gtest headers trigger many instances of this warning, due to their usage of NULL instead of nullptr. MozReview-Commit-ID: Dhv7mPHpZ7I
| * Bug 1369871: Add "const" keyword to a long* param in a pkix test function. ↵Daniel Holbert2017-06-022-2/+2
| | | | | | | | | | | | | | | | | | | | | | r=keeler The only reason this param is a pointer is so that it can be optional. It's not an outparam -- the function does not (and does not intend to) modify it -- so it should be declared as 'const' to make that clearer & to allow clients to pass in pointers to const values. MozReview-Commit-ID: HbF96YNfnSt
| * Bug 1361750 - Disable various MSVC 2017 warnings in PSM to unbreak ↵Cykesiopka2017-05-051-0/+12
| | | | | | | | | | | | | | | | | | | | | | --enable-warnings-as-errors builds. r=keeler MSVC 2017 headers aren't warning free at the -Wall level. Since PSM enables -Wall in some moz.build files, this breaks --enable-warnings-as-errors builds. As a temporary measure, disable enough warnings to get working builds. MozReview-Commit-ID: G0oUsAYYct2
| * bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcjDavid Keeler2017-04-039-10/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (adapted from bug 1349762 comment 0) Google Trust Services (GTS) recently purchased two roots from GlobalSign that are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC Root CA - R4". However, GTS does not have an EV audit, so we are going to turn off EV treatment for both of those root certificates. But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to be used to migrate their customers off dependence on that root. This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the chain. MozReview-Commit-ID: Ej9L9zTwoPN
| * Bug 1351779 - Removed unused variable 'loopDetected' from ↵Tim Taubert2017-03-291-3/+2
| | | | | | | | PathBuildingStep::Check() r=keeler
| * bug 1339921 - disable clang's shadowed field warning in a mozilla::pkix ↵David Keeler2017-03-141-0/+16
| | | | | | | | | | | | | | | | | | | | gtest class r=Cykesiopka,dholbert pkixocsp_VerifyEncodedResponse_GetCertTrust has a field trustDomain that deliberately shadows the field it inherits from so that code doesn't use it by accident. MozReview-Commit-ID: 1Y4W6sA7lHD
| * Bug 1346305 - Unbreak --enable-warnings-as-errors on FreeBSD after bug ↵Jan Beich2017-03-101-0/+1
| | | | | | | | | | | | 1343557. r=keeler MozReview-Commit-ID: 3gZCXTK1GJI
| * Merge inbound to central, a=merge CLOSED TREEWes Kocher2017-03-091-0/+3
| |\ | | | | | | | | | MozReview-Commit-ID: Gj4s6DtqKmw
| | * Bug 1344829 - add BUG_COMPONENT to security/* files. r=keelerJoel Maher2017-03-091-0/+3
| | | | | | | | | | | | MozReview-Commit-ID: AS6e14FOqsb
| * | Bug 1343557 - Disable -pedantic-errors for pkix gtests; r=keelerDan Minor2017-03-021-0/+5
| |/ | | | | | | MozReview-Commit-ID: FEeAF9Vm3PJ
| * Bug 1331280 - Generic telemetry probe for TLS handshake status. r=keelerEKR2017-02-141-0/+1
| |
| * Bug 1337358 - Converts for(...; ...; ...) loops to use the new range-based ↵Sylvestre Ledru2017-02-072-4/+4
| | | | | | | | | | | | loops in C++11 in security/ r=keeler MozReview-Commit-ID: yfkQVEp2do
| * Bug 1318030 - Possible uninitialised value uses relating to ↵Julian Seward2016-11-217-0/+68
| | | | | | | | security/pkix/test/gtest/pkixcert_extension_tests.cpp. r=dkeeler@mozilla.com.
| * Bug 1115718 - Check for empty issuer name in mozilla::pkix; r=keelerDavid Cook2016-07-288-8/+110
| | | | | | | | MozReview-Commit-ID: 6Ymgo7dQE7b
| * Bug 1284256 - Certificate Transparency - verification of Signed Certificate ↵Sergei Chernov2016-07-052-10/+24
| | | | | | | | | | | | Timestamps (RFC 6962); r=keeler, r=Cykesiopka MozReview-Commit-ID: IgcnyBH4Up
| * Bug 1286877 - do not set c-basic-offset for python-mode; r=gpsTom Tromey2016-07-143-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes the unnecessary setting of c-basic-offset from all python-mode files. This was automatically generated using perl -pi -e 's/; *c-basic-offset: *[0-9]+//' ... on the affected files. The bulk of these files are moz.build files but there a few others as well. MozReview-Commit-ID: 2pPf3DEiZqx
| * Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keelerSergei Chernov2016-06-1510-18/+324
| | | | | | | | MozReview-Commit-ID: HZwzSgxarTw
| * Bug 1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 ↵Julian Seward2016-05-301-1/+1
| | | | | | | | SHA1_End. r=dkeeler.
| * Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some ↵Chris Peterson2016-05-113-5/+15
| | | | | | | | directories. r=glandium
| * bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA ↵David Keeler2016-05-054-32/+91
| | | | | | | | | | | | certificates r=Cykesiopka,jcj MozReview-Commit-ID: 88JhIU1pUji
| * Bug 1257031 - Return more informative error code when encountering invalid ↵Cykesiopka2016-04-216-54/+125
| | | | | | | | | | | | | | | | | | integers rather than SEC_ERROR_BAD_DER. r=keeler Also adds some missing l10n entries to nsserrors.properties (but not for errors that are specific to TLS 1.3, since TLS 1.3 is not yet finalised). MozReview-Commit-ID: A42fmTDTe8W
| * bug 1245280 - add policy mechanism to optionally enforce BRs for falling ↵David Keeler2016-02-095-17/+89
| | | | | | | | | | | | back to subject CN r=Cykesiopka,mgoodwin MozReview-Commit-ID: 7xT6JGpOH1g
View Lorry Controller Status