searching for reviewer(keeler)
faf00b1dcf5d5a41c9360e58f86f94aa806d7cab: Bug 1677866 - Report memory allocated by `cert_storage` crate r=keeler,emilio
R. Martinho Fernandes <bugs@rmf.io> - Mon, 19 Apr 2021 22:12:56 +0000 - rev 576663
Push 141469 by archaeopteryx@coole-files.de at Tue, 20 Apr 2021 00:30:28 +0000
Bug 1677866 - Report memory allocated by `cert_storage` crate r=keeler,emilio Differential Revision: https://phabricator.services.mozilla.com/D107105
95778b9fb5cb8c74887e335aa56915c57fca56b5: Bug 1694649 - Rewrite GetFirstEVPolicy with pkix r=keeler
R. Martinho Fernandes <bugs@rmf.io> - Fri, 16 Apr 2021 22:32:35 +0000 - rev 576440
Push 141339 by archaeopteryx@coole-files.de at Fri, 16 Apr 2021 22:35:29 +0000
Bug 1694649 - Rewrite GetFirstEVPolicy with pkix r=keeler Differential Revision: https://phabricator.services.mozilla.com/D106489
0a30ca0e75eed0610ee983a82053401d24e9fe36: Bug 1699294 - fix pylint warning in pycert.py. r=keeler
Julien Cristau <jcristau@mozilla.com> - Fri, 16 Apr 2021 18:14:56 +0000 - rev 576412
Push 141314 by dkeeler@mozilla.com at Fri, 16 Apr 2021 18:17:17 +0000
Bug 1699294 - fix pylint warning in pycert.py. r=keeler Anomalous backslash in string: '\w'. String constant might be missing an r prefix. (W1401) Differential Revision: https://phabricator.services.mozilla.com/D112367
160bd6f896dce6ae0738d7fc7e4452c687a86465: Bug 1703636 Don't fail when one slot fails to provide certs; r=keeler
Jan Horak <jhorak@redhat.com> - Fri, 09 Apr 2021 17:54:05 +0000 - rev 575299
Push 140640 by dkeeler@mozilla.com at Fri, 09 Apr 2021 21:07:40 +0000
Bug 1703636 Don't fail when one slot fails to provide certs; r=keeler In some special cases the PK11_FindRawCertsWithSubject could return failure. We don't want to return with failure but try the other slots before. Differential Revision: https://phabricator.services.mozilla.com/D111261
071700e6d344769e79b5aa79172b8a3312c2477d: Bug 1694200 - Check for the preferred client cert on macOS. r=keeler
Kartikaya Gupta <kats@pancake.staktrace.com> - Wed, 07 Apr 2021 22:38:54 +0000 - rev 574899
Push 140398 by dkeeler@mozilla.com at Thu, 08 Apr 2021 00:33:36 +0000
Bug 1694200 - Check for the preferred client cert on macOS. r=keeler On macOS, users can add "identity preference" items in the keychain. These provide a mapping from email/URLs to client certificates. Identity preferences can have wildcards and/or prefix matching for URLs, and the macOS SecIdentityCopyPreferred API can be used to get the preferred client cert for a URL. This patch uses this mechanism such that it avoids prompting the user to choose a client certificate when a preferred one has been set. Differential Revision: https://phabricator.services.mozilla.com/D110123
4a52a383fbc3a9c1ab6b3927d8e7e95410cb6779: Bug 1700233 - Enable TLS delegated credentials, r=keeler
Martin Thomson <mt@lowentropy.net> - Tue, 06 Apr 2021 21:24:10 +0000 - rev 574649
Push 140285 by mthomson@mozilla.com at Tue, 06 Apr 2021 21:26:35 +0000
Bug 1700233 - Enable TLS delegated credentials, r=keeler Differential Revision: https://phabricator.services.mozilla.com/D109448
36708fe241886654467649ac217298db4818db5d: Bug 1678191 - Add GeckoRuntimeSettings.setEnterpriseRootsEnabled. r=keeler,owlish,droeh
Agi Sferro <agi@sferro.dev> - Mon, 05 Apr 2021 20:20:14 +0000 - rev 574398
Push 140173 by asferro@mozilla.com at Mon, 05 Apr 2021 20:22:38 +0000
Bug 1678191 - Add GeckoRuntimeSettings.setEnterpriseRootsEnabled. r=keeler,owlish,droeh Differential Revision: https://phabricator.services.mozilla.com/D109666
280114880c46b943f7d253558c8b96cf07be8558: Bug 1701460 - Remove expired Telemetry probe security.client_cert r=keeler
Hamza Mahfooz <someguy@effective-light.com> - Thu, 01 Apr 2021 20:53:39 +0000 - rev 574083
Push 140047 by dkeeler@mozilla.com at Thu, 01 Apr 2021 20:56:07 +0000
Bug 1701460 - Remove expired Telemetry probe security.client_cert r=keeler Differential Revision: https://phabricator.services.mozilla.com/D110496
cd225b6a1af58c5c312c8abf09ccef7326be7cda: Bug 1689726 - avoid using NSS types in TrustOverrideUtils.h r=keeler
Moritz Birghan <mbirghan@mozilla.com> - Fri, 19 Mar 2021 17:29:12 +0000 - rev 572166
Push 139026 by dkeeler@mozilla.com at Fri, 19 Mar 2021 17:31:36 +0000
Bug 1689726 - avoid using NSS types in TrustOverrideUtils.h r=keeler Differential Revision: https://phabricator.services.mozilla.com/D106888
4c19157577ef7b85fcbb1bc4dd6502b75b7b3bae: Bug 1665786 - browser_certificateManager.js should wait for the next refresh driver tick instead of relying on the implicit initial waitForCondition timer to wait for strings to be localized, r=keeler.
Florian Quèze <florian@queze.net> - Wed, 17 Mar 2021 17:39:35 +0000 - rev 571662
Push 138812 by fqueze@mozilla.com at Wed, 17 Mar 2021 17:42:38 +0000
Bug 1665786 - browser_certificateManager.js should wait for the next refresh driver tick instead of relying on the implicit initial waitForCondition timer to wait for strings to be localized, r=keeler. Differential Revision: https://phabricator.services.mozilla.com/D108515
4f957141bf5f43f46372ef00e1b987599429834a: Bug 1689726 - avoid using NSS types in TrustOverrideUtils.h r=keeler
Moritz Birghan <mbirghan@mozilla.com> - Thu, 11 Mar 2021 00:07:30 +0000 - rev 570624
Push 138242 by archaeopteryx@coole-files.de at Thu, 11 Mar 2021 00:33:14 +0000
Bug 1689726 - avoid using NSS types in TrustOverrideUtils.h r=keeler Differential Revision: https://phabricator.services.mozilla.com/D106888
48c94f00f18b3dcd1ce3ec8e104e846e55df4bb9: Bug 1683761 - Enable EV Treatment for AC RAIZ FNMT-RCM SERVIDORES SEGUROS root certificate. r=keeler
Moritz Birghan <mbirghan@mozilla.com> - Mon, 08 Mar 2021 15:01:09 +0000 - rev 570022
Push 137902 by archaeopteryx@coole-files.de at Mon, 08 Mar 2021 15:03:33 +0000
Bug 1683761 - Enable EV Treatment for AC RAIZ FNMT-RCM SERVIDORES SEGUROS root certificate. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D104701
31551f880fc3e9f61e29ff59f2099354c39281e6: Bug 1693175 - Enable EV Treatment for GlobalSign E46 and R46 root certificates. r=mbirghan,keeler
Benjamin Beurdouche <benjamin.beurdouche@inria.fr> - Mon, 08 Mar 2021 07:43:56 +0000 - rev 569970
Push 137880 by bbeurdouche@mozilla.com at Mon, 08 Mar 2021 07:46:31 +0000
Bug 1693175 - Enable EV Treatment for GlobalSign E46 and R46 root certificates. r=mbirghan,keeler Differential Revision: https://phabricator.services.mozilla.com/D106087
fd1b0cfd2b4d93fe0cfb16a63fdd41b9a80152cc: Bug 1686856 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from TrustOverride-SymantecData.inc. r=keeler
Benjamin Beurdouche <benjamin.beurdouche@inria.fr> - Mon, 08 Mar 2021 07:43:55 +0000 - rev 569968
Push 137880 by bbeurdouche@mozilla.com at Mon, 08 Mar 2021 07:46:31 +0000
Bug 1686856 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from TrustOverride-SymantecData.inc. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D105480
ab64849397c5323c4c0fbf40eb11c81de96aaa4e: Bug 1695332 - Update test_cert_isBuiltInRoot/isBuiltInRoot_reload.js r=keeler
Benjamin Beurdouche <benjamin.beurdouche@inria.fr> - Mon, 08 Mar 2021 07:43:54 +0000 - rev 569967
Push 137880 by bbeurdouche@mozilla.com at Mon, 08 Mar 2021 07:46:31 +0000
Bug 1695332 - Update test_cert_isBuiltInRoot/isBuiltInRoot_reload.js r=keeler Differential Revision: https://phabricator.services.mozilla.com/D106719
ba96e3947d75e89168e31c88effbb9450c8439fd: Bug 1685883 - building with --disable-marionette fails with compile error r=keeler,whimboo,smaug
Horst <horst.git@protonmail.com> - Thu, 04 Mar 2021 11:56:54 +0000 - rev 569659
Push 137737 by gijskruitbosch@gmail.com at Thu, 04 Mar 2021 11:59:23 +0000
Bug 1685883 - building with --disable-marionette fails with compile error r=keeler,whimboo,smaug building firefox 84.0.2 from source (https://archive.mozilla.org/pub/firefox/releases/84.0.2/source/) fails when using `ac_add_options --disable-marionette` because of missing header Differential Revision: https://phabricator.services.mozilla.com/D101390
85d54b4a15d241e3b6190483932dc1d20954deb8: Bug 1694464 - The osclientcert thread should have a name r=keeler
R. Martinho Fernandes <bugs@rmf.io> - Tue, 02 Mar 2021 11:42:38 +0000 - rev 569283
Push 137514 by archaeopteryx@coole-files.de at Tue, 02 Mar 2021 11:47:33 +0000
Bug 1694464 - The osclientcert thread should have a name r=keeler Differential Revision: https://phabricator.services.mozilla.com/D106289
aa78994028cf5d738fed2bc632ec8cb5495a4ccf: Bug 1693541 - Improve uses of nsBaseHashtable and descendants and avoid multiple subsequent lookups in security/manager/ssl/DataStorage.cpp. r=keeler
Simon Giesecke <sgiesecke@mozilla.com> - Fri, 26 Feb 2021 11:36:42 +0000 - rev 568919
Push 137287 by sgiesecke@mozilla.com at Fri, 26 Feb 2021 11:39:21 +0000
Bug 1693541 - Improve uses of nsBaseHashtable and descendants and avoid multiple subsequent lookups in security/manager/ssl/DataStorage.cpp. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D106102
c39ec85dc4ee88cb10205e5590637de5499b32ee: Bug 1615687 - Certificate validation should respect CKA_NSS_EMAIL_DISTRUST_AFTER. r=keeler
Benjamin Beurdouche <benjamin.beurdouche@inria.fr> - Thu, 25 Feb 2021 19:17:01 +0000 - rev 568829
Push 137238 by bbeurdouche@mozilla.com at Thu, 25 Feb 2021 19:51:22 +0000
Bug 1615687 - Certificate validation should respect CKA_NSS_EMAIL_DISTRUST_AFTER. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D84195
1d69ffd05b99e629ab94d0d3c54fd722277266bb: Bug 1683761 - Enable EV Treatment for AC RAIZ FNMT-RCM SERVIDORES SEGUROS root certificate. r=keeler
Moritz Birghan <mbirghan@mozilla.com> - Tue, 23 Feb 2021 09:09:56 +0000 - rev 568382
Push 137014 by archaeopteryx@coole-files.de at Tue, 23 Feb 2021 09:20:40 +0000
Bug 1683761 - Enable EV Treatment for AC RAIZ FNMT-RCM SERVIDORES SEGUROS root certificate. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D104701
503a3d1a480fe46562901ec8e449e38f4eb2fe71: Bug 1410861 - Support for `unwrapKey` of ECDH/ECDSA keys r=keeler
Christoph Walcher <christoph-wa@gmx.de> - Mon, 22 Feb 2021 22:15:57 +0000 - rev 568320
Push 136969 by dkeeler@mozilla.com at Mon, 22 Feb 2021 22:18:15 +0000
Bug 1410861 - Support for `unwrapKey` of ECDH/ECDSA keys r=keeler Differential Revision: https://phabricator.services.mozilla.com/D97711
40dfa8a70d586121fd9a9d065d59a9808f00d6c7: Bug 1511151 - Add a flag to allow client certs on CORS preflight connections r=necko-reviewers,keeler,valentin,kershaw
Dragana Damjanovic <dd.mozilla@gmail.com> - Thu, 18 Feb 2021 18:58:17 +0000 - rev 568035
Push 136779 by ddamjanovic@mozilla.com at Thu, 18 Feb 2021 19:18:06 +0000
Bug 1511151 - Add a flag to allow client certs on CORS preflight connections r=necko-reviewers,keeler,valentin,kershaw This is only used for CORS preflight requests. It is controlled by a pref. Connections that server such request will be isolated from other anonymous connections. Differential Revision: https://phabricator.services.mozilla.com/D96775
e2521231284c460742987e46d3cca422b081b1ed: Bug 1410861 - Support for `unwrapKey` of ECDH/ECDSA keys r=keeler
Christoph Walcher <christoph-wa@gmx.de> - Wed, 17 Feb 2021 21:07:32 +0000 - rev 567896
Push 136677 by dkeeler@mozilla.com at Wed, 17 Feb 2021 21:09:53 +0000
Bug 1410861 - Support for `unwrapKey` of ECDH/ECDSA keys r=keeler Differential Revision: https://phabricator.services.mozilla.com/D97711
541d65cf034694455559e51d37a421afa386e133: Bug 1678470 - convert the serialization version of TransportSecurityInfo to an integer. r=keeler
Moritz Birghan <mbirghan@mozilla.com> - Thu, 11 Feb 2021 09:16:58 +0000 - rev 566951
Push 136234 by archaeopteryx@coole-files.de at Thu, 11 Feb 2021 09:21:03 +0000
Bug 1678470 - convert the serialization version of TransportSecurityInfo to an integer. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D103887
3c7ae91a54863de6dbb0ead2dc83f3130ce02266: Bug 1683761 - Enable EV Treatment for AC RAIZ FNMT-RCM SERVIDORES SEGUROS root certificate. r=keeler
Moritz Birghan <mbirghan@mozilla.com> - Wed, 10 Feb 2021 23:56:27 +0000 - rev 566917
Push 136209 by archaeopteryx@coole-files.de at Thu, 11 Feb 2021 00:48:26 +0000
Bug 1683761 - Enable EV Treatment for AC RAIZ FNMT-RCM SERVIDORES SEGUROS root certificate. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D104701
5dc57770d113e8b7de9664261c591d81145144fa: Bug 1685883 - building with --disable-marionette fails with compile error r=keeler
Horst <horst.git@protonmail.com> - Sat, 06 Feb 2021 21:45:08 +0000 - rev 566277
Push 135888 by evilpies@gmail.com at Sun, 07 Feb 2021 00:06:06 +0000
Bug 1685883 - building with --disable-marionette fails with compile error r=keeler building firefox 84.0.2 from source (https://archive.mozilla.org/pub/firefox/releases/84.0.2/source/) fails when using `ac_add_options --disable-marionette` because of missing header Differential Revision: https://phabricator.services.mozilla.com/D101390
ccd434f93155beae123ae2878bea8a625f74528c: Bug 1687701 - Remove IsCertificateDistrustImminent. r=keeler,necko-reviewers,dragana
Benjamin Beurdouche <benjamin.beurdouche@inria.fr> - Wed, 27 Jan 2021 18:05:24 +0000 - rev 564907
Push 135119 by apavel@mozilla.com at Wed, 27 Jan 2021 18:31:35 +0000
Bug 1687701 - Remove IsCertificateDistrustImminent. r=keeler,necko-reviewers,dragana Differential Revision: https://phabricator.services.mozilla.com/D102416
831388d8f1182bc70ce766fe2c2ea201e7f89f46: Bug 1687701 - Remove IsCertificateDistrustImminent. r=keeler,necko-reviewers,dragana
Benjamin Beurdouche <benjamin.beurdouche@inria.fr> - Wed, 27 Jan 2021 16:38:37 +0000 - rev 564880
Push 135108 by nbeleuzu@mozilla.com at Wed, 27 Jan 2021 16:55:58 +0000
Bug 1687701 - Remove IsCertificateDistrustImminent. r=keeler,necko-reviewers,dragana Differential Revision: https://phabricator.services.mozilla.com/D102416
0aa3712fa83703c48f4f967192703f87dc2b1c0f: Bug 1672120 - Access of TransportSecurityInfo fields should hold mutex r=keeler,necko-reviewers,valentin
Moritz Birghan <mbirghan@mozilla.com> - Tue, 19 Jan 2021 20:57:16 +0000 - rev 563886
Push 134542 by archaeopteryx@coole-files.de at Wed, 20 Jan 2021 09:35:36 +0000
Bug 1672120 - Access of TransportSecurityInfo fields should hold mutex r=keeler,necko-reviewers,valentin Differential Revision: https://phabricator.services.mozilla.com/D97632
ca8e6f635a75e72e3b08fb8a16338c728db7506b: Bug 1687458 - document actions needed when canary certificate expiration check test_cert_expiration_canary.js fails. r=keeler DONTBUILD
Sebastian Hengst <archaeopteryx@coole-files.de> - Tue, 19 Jan 2021 22:13:59 +0000 - rev 563885
Push 134541 by archaeopteryx@coole-files.de at Wed, 20 Jan 2021 09:31:00 +0000
Bug 1687458 - document actions needed when canary certificate expiration check test_cert_expiration_canary.js fails. r=keeler DONTBUILD Differential Revision: https://phabricator.services.mozilla.com/D102294
bd99fb3e81778f34e431fccde8017d67217103aa: Bug 1672120 - Access of TransportSecurityInfo fields should hold mutex r=keeler,necko-reviewers,valentin
Moritz Birghan <mbirghan@mozilla.com> - Wed, 06 Jan 2021 23:40:23 +0000 - rev 562242
Push 133685 by archaeopteryx@coole-files.de at Thu, 07 Jan 2021 10:53:20 +0000
Bug 1672120 - Access of TransportSecurityInfo fields should hold mutex r=keeler,necko-reviewers,valentin Differential Revision: https://phabricator.services.mozilla.com/D97632
b20ebe6c1d7d2c85dd900ec03750fdf8f07753a0: Bug 1676303 - Remove 10 GeoTrust, thawte, and VeriSign root certs from TrustOverride-SymantecData.inc r=keeler
Moritz Birghan <mbirghan@mozilla.com> - Wed, 06 Jan 2021 23:39:39 +0000 - rev 562207
Push 133663 by btara@mozilla.com at Wed, 06 Jan 2021 23:45:27 +0000
Bug 1676303 - Remove 10 GeoTrust, thawte, and VeriSign root certs from TrustOverride-SymantecData.inc r=keeler Differential Revision: https://phabricator.services.mozilla.com/D97349
b1c01a78a999d2957793ed0a78ac32218704e8db: Bug 1676303 - Remove 10 GeoTrust, thawte, and VeriSign root certs from TrustOverride-SymantecData.inc r=keeler
Moritz Birghan <mbirghan@mozilla.com> - Wed, 16 Dec 2020 15:07:06 +0000 - rev 560954
Push 132945 by ccoroiu@mozilla.com at Wed, 16 Dec 2020 15:15:02 +0000
Bug 1676303 - Remove 10 GeoTrust, thawte, and VeriSign root certs from TrustOverride-SymantecData.inc r=keeler Differential Revision: https://phabricator.services.mozilla.com/D97349
cb6078461050426ebb596070417b459e265865dd: Bug 1678208 - Remove expiring Delegated Credentials telemetry. r=keeler
Kevin Jacobs <kjacobs@mozilla.com> - Tue, 15 Dec 2020 21:16:22 +0000 - rev 560872
Push 132899 by nbeleuzu@mozilla.com at Tue, 15 Dec 2020 23:14:05 +0000
Bug 1678208 - Remove expiring Delegated Credentials telemetry. r=keeler This patch removes telemetry probes for TLS 1.3 Delegated Credentials. The probes are expiring soon and we do not plan to run any more experiments that would justify their renewal. There is no plan to enable this feature in beta or release until the draft hits RFC stage. Differential Revision: https://phabricator.services.mozilla.com/D99557
db813ced25bb272865d857ab8836387f3bd893de: Bug 1681104 - python3 - security/manager/tools/getCTKnownLogs.py - base64.decodestring -> base64.decodebytes. r=keeler
Bob Clary <bclary@bclary.com> - Thu, 10 Dec 2020 21:14:31 +0000 - rev 560661
Push 132743 by bclary@mozilla.com at Mon, 14 Dec 2020 18:29:18 +0000
Bug 1681104 - python3 - security/manager/tools/getCTKnownLogs.py - base64.decodestring -> base64.decodebytes. r=keeler Depends on D98961 Differential Revision: https://phabricator.services.mozilla.com/D98962
92b5afcc218516734a9480c38e7c2c06dc8e8def: Bug 1680321 - Rewrite CertIsSelfSigned using pkix r=keeler
R. Martinho Fernandes <bugs@rmf.io> - Fri, 11 Dec 2020 13:00:46 +0000 - rev 560336
Push 132593 by csabou@mozilla.com at Fri, 11 Dec 2020 13:13:59 +0000
Bug 1680321 - Rewrite CertIsSelfSigned using pkix r=keeler Differential Revision: https://phabricator.services.mozilla.com/D99266
4f7e5ff3c92e9d08b21dc070c18c88de9bf76296: Bug 1680320 - Use nsIX509Cert::GetSha256Fingerprint instead of GetCertFingerprintByOidTag r=keeler
R. Martinho Fernandes <bugs@rmf.io> - Thu, 10 Dec 2020 12:35:38 +0000 - rev 560193
Push 132497 by ccoroiu@mozilla.com at Thu, 10 Dec 2020 13:11:24 +0000
Bug 1680320 - Use nsIX509Cert::GetSha256Fingerprint instead of GetCertFingerprintByOidTag r=keeler Differential Revision: https://phabricator.services.mozilla.com/D99107
d30361659e2aea5f7ac5dc42f36d2437c2e6bfdc: Bug 1677548 - land NSS NSS_3_60_BETA1 UPGRADE_NSS_RELEASE, r=keeler
Kevin Jacobs <kjacobs@mozilla.com> - Wed, 09 Dec 2020 18:36:43 +0000 - rev 560060
Push 132423 by cbrindusan@mozilla.com at Wed, 09 Dec 2020 18:55:04 +0000
Bug 1677548 - land NSS NSS_3_60_BETA1 UPGRADE_NSS_RELEASE, r=keeler Differential Revision: https://phabricator.services.mozilla.com/D99258
ce28e4eafd849336c9e7ec5a0c618fe7bf48121d: Bug 1681215 - skip u2f/fido tests that are not relevant on 1903. r=keeler
Joel Maher <jmaher@mozilla.com> - Wed, 09 Dec 2020 18:03:46 +0000 - rev 560053
Push 132419 by jmaher@mozilla.com at Wed, 09 Dec 2020 18:22:12 +0000
Bug 1681215 - skip u2f/fido tests that are not relevant on 1903. r=keeler skip u2f/fido tests that are not relevant on 1903 Differential Revision: https://phabricator.services.mozilla.com/D98992
e877ac6e3caa2486d500ca26d87708ce45672600: Bug 1513645 - Remove Pref to Disable Symantec Distrust. r=keeler
Benjamin Beurdouche <benjamin.beurdouche@inria.fr> - Wed, 09 Dec 2020 17:45:11 +0000 - rev 560051
Push 132417 by cbrindusan@mozilla.com at Wed, 09 Dec 2020 17:58:38 +0000
Bug 1513645 - Remove Pref to Disable Symantec Distrust. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D91894
c7314bcf7d7be64abffe37a6481d290fb575b79a: Bug 1672120 - Access of TransportSecurityInfo fields should hold mutex r=keeler,necko-reviewers,valentin
Moritz Birghan <mbirghan@mozilla.com> - Tue, 08 Dec 2020 15:22:08 +0000 - rev 559864
Push 132305 by dluca@mozilla.com at Tue, 08 Dec 2020 17:36:09 +0000
Bug 1672120 - Access of TransportSecurityInfo fields should hold mutex r=keeler,necko-reviewers,valentin Differential Revision: https://phabricator.services.mozilla.com/D97632
2ac5258d1da1cda18bd24ffb0f5d7a3819545c94: Bug 1676303 - Remove 10 GeoTrust, thawte, and VeriSign root certs from TrustOverride-SymantecData.inc r=keeler
Moritz Birghan <mbirghan@mozilla.com> - Tue, 08 Dec 2020 15:21:30 +0000 - rev 559858
Push 132301 by abutkovits@mozilla.com at Tue, 08 Dec 2020 16:50:57 +0000
Bug 1676303 - Remove 10 GeoTrust, thawte, and VeriSign root certs from TrustOverride-SymantecData.inc r=keeler Differential Revision: https://phabricator.services.mozilla.com/D97349
c300b7d24a283dbb00c9e6903fad9a01990ca3e5: Bug 1681071 - Update PreloadedHPKPins.json after root certificate removal. r=keeler
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 07 Dec 2020 17:12:44 +0000 - rev 559734
Push 132218 by malexandru@mozilla.com at Mon, 07 Dec 2020 17:35:40 +0000
Bug 1681071 - Update PreloadedHPKPins.json after root certificate removal. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D98934
98c3e6255c58f9c2fbe7be95e6ea7325762adba1: Bug 1597600 - make certificate overrides depend on origin attributes r=keeler,geckoview-reviewers,smaug,agi
R. Martinho Fernandes <bugs@rmf.io> - Mon, 07 Dec 2020 17:10:52 +0000 - rev 559733
Push 132217 by malexandru@mozilla.com at Mon, 07 Dec 2020 17:34:42 +0000
Bug 1597600 - make certificate overrides depend on origin attributes r=keeler,geckoview-reviewers,smaug,agi Differential Revision: https://phabricator.services.mozilla.com/D91962
0a1628c1f9e470dcc322e89dccf050bcc6722052: Bug 1678079 - Add PSM support and xpcshell tests for ECH. r=keeler,kershaw
Kevin Jacobs <kjacobs@mozilla.com> - Fri, 04 Dec 2020 15:26:17 +0000 - rev 559539
Push 132122 by abutkovits@mozilla.com at Fri, 04 Dec 2020 16:35:30 +0000
Bug 1678079 - Add PSM support and xpcshell tests for ECH. r=keeler,kershaw This patch enables PSM and Firefox to use TLS 1.3 Encrypted Client Hello (draft -08). Specifically: - Compile NSS with NSS_ENABLE_DRAFT_HPKE=1 - Add ECH "public_name" handling in SSLServerCertVerification.cpp (see: https://tools.ietf.org/html/draft-ietf-tls-esni-08#section-6.3.2) - Adds `mIsAcceptedEch` to TransportSecurityInfo, and xpcshell tests for ECH use cases - Adds EncryptedClientHelloServer to facilitate the xpcshell tests - Un-ifdef Set/GetEchConfigs code in nsNSSIOLayer.cpp. Also reverted the Base64 encoding and decoding, as the data returned from DNS is already decoded (wire-format). Differential Revision: https://phabricator.services.mozilla.com/D92651
713eeb6933d8a3598fcad4b94ad6660bd2952118: Bug 1585916 - disable test_session_resumption.js on win10 ccov qr r=keeler DONTBUILD
Andreea Pavel <apavel@mozilla.com> - Fri, 04 Dec 2020 01:55:40 +0000 - rev 559376
Push 132073 by rmaries@mozilla.com at Fri, 04 Dec 2020 01:58:56 +0000
Bug 1585916 - disable test_session_resumption.js on win10 ccov qr r=keeler DONTBUILD Differential Revision: https://phabricator.services.mozilla.com/D98704
e7c03faf28809aee2cd8e80d5f6e8700c8e4fa25: Bug 1678079 - Add PSM support and xpcshell tests for ECH. r=keeler,kershaw
Kevin Jacobs <kjacobs@mozilla.com> - Thu, 03 Dec 2020 21:58:24 +0000 - rev 559343
Push 132053 by rmaries@mozilla.com at Thu, 03 Dec 2020 22:02:10 +0000
Bug 1678079 - Add PSM support and xpcshell tests for ECH. r=keeler,kershaw This patch enables PSM and Firefox to use TLS 1.3 Encrypted Client Hello (draft -08). Specifically: - Compile NSS with NSS_ENABLE_DRAFT_HPKE=1 - Add ECH "public_name" handling in SSLServerCertVerification.cpp (see: https://tools.ietf.org/html/draft-ietf-tls-esni-08#section-6.3.2) - Adds `mIsAcceptedEch` to TransportSecurityInfo, and xpcshell tests for ECH use cases - Adds EncryptedClientHelloServer to facilitate the xpcshell tests - Un-ifdef Set/GetEchConfigs code in nsNSSIOLayer.cpp. Also reverted the Base64 encoding and decoding, as the data returned from DNS is already decoded (wire-format). Differential Revision: https://phabricator.services.mozilla.com/D92651
282d7addc7468d646c574deb7f038b4e2f5f2a0d: Bug 1680154 - Update sanctioned intermediate cert test after root certificate removal. r=keeler
Kevin Jacobs <kjacobs@mozilla.com> - Wed, 02 Dec 2020 20:46:13 +0000 - rev 559268
Push 132017 by nbeleuzu@mozilla.com at Thu, 03 Dec 2020 15:27:59 +0000
Bug 1680154 - Update sanctioned intermediate cert test after root certificate removal. r=keeler This patch updates test_sanctions_symantec_apple_google.js to test a chain through an allow-listed Apple intermediate certificate chaining to a Symantec root certificate that is present in NSS. Differential Revision: https://phabricator.services.mozilla.com/D98511
155754b20ecc9a79fec71805d33b2ad323e62cd3: Bug 1680154 - Update test_cert_isBuiltInRoot_reload with root certificate that exists. r=keeler
Kevin Jacobs <kjacobs@mozilla.com> - Wed, 02 Dec 2020 18:10:46 +0000 - rev 559267
Push 132017 by nbeleuzu@mozilla.com at Thu, 03 Dec 2020 15:27:59 +0000
Bug 1680154 - Update test_cert_isBuiltInRoot_reload with root certificate that exists. r=keeler This patch changes a test referencing //VeriSign Class 3 Public Primary Certification Authority - G4//, which was removed in bug 1670769, with a similar VeriSign root CA that still exists and meets the same requirements for the test. Differential Revision: https://phabricator.services.mozilla.com/D98510
7351aa88de95fa48f8b459eb31b879b5cbe66e0a: Bug 1677501 - Add nsIX509CertDB.asyncHasThirdPartyRoots and use it in DoHHeuristics.jsm r=keeler,Gijs,nhnt11
Valentin Gosu <valentin.gosu@gmail.com> - Tue, 01 Dec 2020 14:42:36 +0000 - rev 558949
Push 131849 by valentin.gosu@gmail.com at Tue, 01 Dec 2020 17:05:14 +0000
Bug 1677501 - Add nsIX509CertDB.asyncHasThirdPartyRoots and use it in DoHHeuristics.jsm r=keeler,Gijs,nhnt11 This allows us to avoid calling any NSSCertificateDB methods on the main thread or allocating memory for xpconnect wrappers of cert objects. Differential Revision: https://phabricator.services.mozilla.com/D97970