security/certverifier/NSSCertDBTrustDomain.cpp
82d469f8c168
created 2018-02-27 11:21 -0800
pushed 2018-03-01 17:11 +0000
David Keeler David Keeler - bug 1441223 - add a new (overridable) error code to describe extra policy constraint failures r=jcj
53f2c8abb352
created 2018-02-27 16:04 -0700
pushed 2018-02-28 10:11 +0000
J.C. Jones J.C. Jones - Bug 1437754 - Add a pref and disable the Symantec distrust algorithm r=keeler
df46a62ed521
created 2018-02-21 14:08 -0500
pushed 2018-02-22 09:59 +0000
J.C. Jones J.C. Jones - Bug 1434300 - Add the DigiCert whitelisted SPKIs r=keeler
1252e0f10727
created 2018-02-21 14:08 -0500
pushed 2018-02-22 09:59 +0000
J.C. Jones J.C. Jones - Bug 1434300 - Change Symantec Distrust Algorithm's whitelist to SPKI-matching r=fkiefer,keeler
23ad5230b111
created 2018-02-21 14:08 -0500
pushed 2018-02-22 09:59 +0000
J.C. Jones J.C. Jones - Bug 1434300 - Implement the Symantec distrust plan from Bug 1409257 r=fkiefer,keeler
dece9cd799b5
created 2018-02-21 02:35 +0200
pushed 2018-02-21 10:00 +0000
Sebastian Hengst Sebastian Hengst - Backed out 6 changesets (bug 1434300) for frequent GTest in AllocReplacement.malloc_check
23485791d3e1
created 2018-02-20 16:27 -0500
pushed 2018-02-21 10:00 +0000
J.C. Jones J.C. Jones - Bug 1434300 - Add the DigiCert whitelisted SPKIs r=keeler
73a952303cae
created 2018-02-20 16:27 -0500
pushed 2018-02-21 10:00 +0000
J.C. Jones J.C. Jones - Bug 1434300 - Change Symantec Distrust Algorithm's whitelist to SPKI-matching r=fkiefer,keeler
d8517bfe9eb2
created 2018-02-20 16:27 -0500
pushed 2018-02-21 10:00 +0000
J.C. Jones J.C. Jones - Bug 1434300 - Implement the Symantec distrust plan from Bug 1409257 r=fkiefer,keeler
ede9e6ccc610
created 2018-01-31 18:50 -0700
pushed 2018-02-10 09:58 +0000
J.C. Jones J.C. Jones - Bug 1434936 - Rework ChainHasValidPins to use nsNSSCertList r=keeler r=fkiefer
cab650790a71
created 2018-01-31 16:02 -0700
pushed 2018-02-10 09:58 +0000
J.C. Jones J.C. Jones - Bug 1434936 - Use nsNSSCertList in NSSCertDBTrustDomain::IsChainValid r=keeler r=fkiefer
aea6154d26f3
created 2017-11-15 15:24 -0800
pushed 2017-11-18 09:58 +0000
David Keeler David Keeler - bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
2de93d419be1
created 2017-11-17 12:49 +0200
pushed 2017-11-17 22:01 +0000
Andreea Pavel Andreea Pavel - Backed out 1 changesets (bug 1417677) for failing security/manager/ssl/tests/unit/test_broken_fips.js r=backout on a CLOSED TREE
614a09e35ff0
created 2017-11-15 15:24 -0800
pushed 2017-11-17 22:01 +0000
David Keeler David Keeler - bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
5d62ecf6c116
created 2017-11-14 16:38 -0800
pushed 2017-11-16 10:02 +0000
David Keeler David Keeler - bug 1417277 - remove support for MOZPSM_NSSDBDIR_OVERRIDE r=jcj
3c298625e967
created 2017-11-08 15:50 -0800
pushed 2017-11-14 10:22 +0000
David Keeler David Keeler - bug 1368868 - give up on ocsp stapling strictness because we can't have nice things r=jcj
79d1ac7232f3
created 2017-10-16 23:17 -0700
pushed 2017-11-04 09:56 +0000
J.C. Jones J.C. Jones - Bug 1409259 - Refactor "TrustOverrides" header for existing trust overrides r=keeler
e3a4bc559c9c
created 2017-10-13 11:27 -0700
pushed 2017-10-18 22:05 +0000
David Keeler David Keeler - bug 1406396 - work around NSS utils potentially loading spurious root cert modules r=mgoodwin
11b46d2109c4
created 2017-09-18 10:28 -0700
pushed 2017-09-19 09:08 +0000
David Keeler David Keeler - bug 1400913 - back out the functionality changes from bug 1364159 (but keep the test) r=jcj
7ad200a781d1
created 2017-09-06 14:31 -0700
pushed 2017-09-14 06:17 +0000
David Keeler David Keeler - bug 1398932 - add a preference for enabling the sqlite-backed NSS databases r=Cykesiopka,jcj
192a101ff358
created 2017-07-18 15:05 -0700
pushed 2017-08-25 00:20 +0000
David Keeler David Keeler - bug 1389664 - centralize on-demand empty pin initialization of the user's NSS database r=Cykesiopka,jcj
ad20fd5faada
created 2017-06-08 16:10 -0700
pushed 2017-08-09 09:34 +0000
David Keeler David Keeler - bug 1372656 - load loadable roots on a background thread r=Cykesiopka,jcj
ec588b600d32
created 2017-08-03 16:17 -0700
pushed 2017-08-05 09:53 +0000
David Keeler David Keeler - bug 1356623 - remove now-unnecessary CNNIC certificate whitelist r=jcj
b73577b45267
created 2017-06-30 19:05 -0700
pushed 2017-07-03 08:14 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1376638 - Minimize uses of prmem.h. r=glandium.
600b709c2634
created 2017-05-11 16:41 -0700
pushed 2017-05-23 22:02 +0000
David Keeler David Keeler - bug 1364159 - potentially avoid calling CERT_CreateSubjectCertList in NSSCertDBTrustDomain::FindIssuer r=Cykesiopka,jcj
9daa585e4e9a
created 2017-04-20 10:31 -0700
pushed 2017-04-28 08:11 +0000
David Keeler David Keeler - bug 1337950 - work around failing to load a FIPS PKCS#11 module DB in NSS initialization r=Cykesiopka,jcj
d0e27739f475
created 2017-03-31 15:21 -0700
pushed 2017-04-18 08:20 +0000
David Keeler David Keeler - bug 1352262 - make OCSP timeout values configurable r=Cykesiopka,jcj
7c1d15e5f6b0
created 2017-04-03 17:17 -0700
pushed 2017-04-12 22:13 +0000
David Keeler David Keeler - bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj
df65d15b648d
created 2017-02-24 12:32 -0800
pushed 2017-02-28 10:23 +0000
David Keeler David Keeler - bug 1294580 - prevent end-entity certificates from being their own trust anchors r=Cykesiopka
9f8bb076c706
created 2017-02-14 10:29 +0800
pushed 2017-02-21 04:27 +0000
Jonathan Hao Jonathan Hao - Bug 1323644 - Isolate the HSTS and HPKP storage by first party domain (PSM) r=Cykesiopka,keeler
495b8a307555
created 2016-12-15 20:16 -0700
pushed 2017-02-17 20:45 +0000
Tom Tromey Tom Tromey - Bug 1060419 - make log_print use Printf.h, r=froydnj
36ead380cb48
created 2016-12-09 10:00 -1000
pushed 2017-02-17 20:45 +0000
Tom Tromey Tom Tromey - Bug 1060419 - remove unneeded includes of prprf.h, r=froydnj
c4abb503bfcd
created 2017-01-14 13:12 +0800
pushed 2017-01-19 15:01 +0000
Cykesiopka Cykesiopka - Bug 1330365 - Use mozilla::TimeStamp instead of NSPR's PRIntervalTime for OCSP timeout code. r=keeler
8fe52da5cb90
created 2017-01-12 17:38 +0100
pushed 2017-01-13 00:03 +0000
Andrea Marchesini Andrea Marchesini - Bug 1328653 - Merging all the various *OriginAttributes to just one, r=huseby
9957c63c664d
created 2017-01-02 14:11 +0800
pushed 2017-01-06 01:24 +0000
Cykesiopka Cykesiopka - Bug 1325107 - Stop using PR_ASSERT() in PSM. r=mgoodwin
f4001bdf070d
created 2016-12-22 16:57 -0800
pushed 2016-12-25 00:50 +0000
David Keeler David Keeler - bug 1312827 - make the certificate blocklist only apply to TLS server certificates r=jcj,mgoodwin
23b0e29c4805
created 2016-12-23 13:03 -0800
pushed 2016-12-25 00:50 +0000
Wes Kocher Wes Kocher - Backed out changeset 25d339813371 (bug 1312827) for browser_certViewer.js failures a=backout
25d339813371
created 2016-12-22 16:57 -0800
pushed 2016-12-25 00:50 +0000
David Keeler David Keeler - bug 1312827 - make the certificate blocklist only apply to TLS server certificates r=jcj,mgoodwin
676ca54f13db
created 2016-12-14 20:10 +0800
pushed 2016-12-15 13:16 +0000
Cykesiopka Cykesiopka - Bug 1313715 - Avoid unnecessary uses of PR_SetError() under security/apps/ and security/certverifier/. r=keeler
80a39e170b41
created 2016-11-14 18:26 +0800
pushed 2016-11-24 00:11 +0000
Jonathan Hao Jonathan Hao - Bug 1315143 - Make OCSP use Origin Attribute framework (PSM). r=Cykesiopka,keeler
eaefbcd7fd7f
created 2016-11-14 12:52 +0100
pushed 2016-11-15 11:25 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset 81a11a25d25d (bug 1315143)
81a11a25d25d
created 2016-11-14 18:26 +0800
pushed 2016-11-15 11:25 +0000
Jonathan Hao Jonathan Hao - Bug 1315143 - Make OCSP use Origin Attribute framework (PSM). r=mayhemer
8b988d56154b
created 2016-11-03 17:53 +0800
pushed 2016-11-09 15:37 +0000
Jonathan Hao Jonathan Hao - Bug 1312794 - Annotate OCSP requests by first party domain. (adapted from Tor Browser patch #13670) r=keeler
77880cde0de1
created 2016-10-12 17:02 -0700
pushed 2016-10-26 04:57 +0000
David Keeler David Keeler - bug 1309707 - revoke StartCom and WoSign certificates issued after 21 October 2016 r=Cykesiopka,jcj
681034636358
created 2016-09-30 18:08 -0700
pushed 2016-10-25 08:26 +0000
David Keeler David Keeler - bug 1227638 - deterministically load EV information r=Cykesiopka,mgoodwin
4adb7daf5033
created 2016-10-18 17:08 +0800
pushed 2016-10-21 14:55 +0000
Jonathan Hao Jonathan Hao - Bug 1264562 - Part 5: Double key OCSP cache with firstPartyDomain (adapted from Tor Browser patch #13670) r=keeler
ae2a34792482
created 2016-10-04 16:49 +0800
pushed 2016-10-21 14:55 +0000
Jonathan Hao Jonathan Hao - Bug 1264562 - Part 4: Instantiates an NSSCertDBTrustDomain containing the first party domain (adapted from Tor Browser patch #13670) r=keeler
9fa614d8310d
created 2016-10-17 15:08 -0700
pushed 2016-10-18 08:34 +0000
Wes Kocher Wes Kocher - Backed out changeset 003ec40aa484 (bug 1227638) for android Cpp failures a=backout
003ec40aa484
created 2016-09-30 18:08 -0700
pushed 2016-10-18 08:34 +0000
David Keeler David Keeler - bug 1227638 - deterministically load EV information r=Cykesiopka,mgoodwin
5efc720972a9
created 2016-10-11 19:39 +0200
pushed 2016-10-12 21:26 +0000
Cykesiopka Cykesiopka - Bug 495357 - Update some documentation concerning SaveIntermediateCerts(). r=kaie,me
50143dbdcb47
created 2016-08-11 13:41 +0300
pushed 2016-09-28 13:53 +0000
Sergei Chernov Sergei Chernov - Bug 1293231 - Certificate Transparency - basic telemetry reports; r=Cykesiopka,keeler
5436f8c05f6d
created 2016-09-14 15:11 -0700
pushed 2016-09-22 09:50 +0000
David Keeler David Keeler - bug 1302140 - add policy to disable SHA-1 except for certificates issued by non-built-in CAs r=jcj,rbarnes
d8b95e0d8843
created 2016-09-21 20:47 +0200
pushed 2016-09-22 09:50 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset 2df66e8b7411 (bug 1302140) for Windows build bustage in CertVerifier.cpp. r=backout on a CLOSED TREE
2df66e8b7411
created 2016-09-14 15:11 -0700
pushed 2016-09-22 09:50 +0000
David Keeler David Keeler - bug 1302140 - add policy to disable SHA-1 except for certificates issued by non-built-in CAs r=jcj,rbarnes
564549c354b0
created 2016-08-23 12:09 +0800
pushed 2016-08-25 12:11 +0000
Kan-Ru Chen Kan-Ru Chen - Bug 1297276 - Rename mfbt/unused.h to mfbt/Unused.h for consistency. r=froydnj
7afd32fc3da6
created 2016-08-05 23:57 +0800
pushed 2016-08-10 23:15 +0000
Cykesiopka Cykesiopka - Bug 1289455 - Obviate manual CERT_DestroyCertificate() calls in PSM. r=dkeeler
990aca9e4d11
created 2016-06-15 11:11 +0300
pushed 2016-07-04 22:02 +0000
Sergei Chernov Sergei Chernov - Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler
eb3f64c79e83
created 2016-06-02 13:17 -0700
pushed 2016-06-06 09:56 +0000
David Keeler David Keeler - bug 1277240 - don't import trust anchors in SaveIntermediateCerts r=Cykesiopka
34f82d838f03
created 2016-05-23 19:50 -0700
pushed 2016-05-25 13:06 +0000
Cykesiopka Cykesiopka - Bug 1271496 - Stop using Scoped.h in non-exported PSM code. r=keeler
8c3828aa255c
created 2016-05-16 09:04 -0700
pushed 2016-05-24 12:54 +0000
Cykesiopka Cykesiopka - Bug 1271953 - Remove nss_addEscape(). r=mgoodwin
less more (0) -100 -60 tip