security/certverifier/NSSCertDBTrustDomain.cpp
0516d4db29a9d76361dd51331036e0b059b4dd60
created 2015-09-11 14:52 -0400
pushed 2015-09-13 18:58 +0000
Richard Barnes Richard Barnes - Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
fc86e9f2d6ea34b486058211fe468f4ada67f144
created 2015-08-21 15:14 +0100
pushed 2015-08-23 21:18 +0000
Mark Goodwin Mark Goodwin - Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)
4caca8feef1fe207d00a1f43bb6859db685000d5
created 2015-07-17 17:07 +0100
pushed 2015-07-18 00:57 +0000
Mark Goodwin Mark Goodwin - Bug 1183822 - fix OCSP verification failures (r=keeler)
99b36484d3bce5f278764fc617981560ca6b46a6
created 2015-07-17 10:36 +0100
pushed 2015-07-17 14:26 +0000
Mark Goodwin Mark Goodwin - Backed out changeset fb6cbb4ada54 (bug 1183822)
fb6cbb4ada544b1d4e690b8dad1e067c2e3e609b
created 2015-07-17 10:03 +0100
pushed 2015-07-17 14:26 +0000
Mark Goodwin Mark Goodwin - Bug 1183822 - fix OCSP verification failures (r=keeler)
31d0ae4d8c62e08a17784a6be2ad185d6b2f4e23
created 2015-07-09 07:22 +0100
pushed 2015-07-09 15:56 +0000
Mark Goodwin Mark Goodwin - Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
a2b818a26d8528a8da37b16622e06df4d0c1676f
created 2015-06-29 22:19 +0200
pushed 2015-06-30 23:40 +0000
Cykesiopka Cykesiopka - Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
f52c18aac7ce0949190da943ec5d4ee86627d0f8
created 2015-06-03 15:25 -0700
pushed 2015-06-04 12:39 +0000
Eric Rahm Eric Rahm - Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
3c8ed81098ddbe4a4c09e7aa652b5288dc4ce0d3
created 2015-06-02 13:05 +0200
pushed 2015-06-03 01:20 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out 14 changesets (bug 1165515) for linux x64 e10s m2 test failures
7c3b45a47811b55f4e973d996dd149c5d575721b
created 2015-06-01 22:17 -0700
pushed 2015-06-03 01:20 +0000
Eric Rahm Eric Rahm - Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
3f1f9238e02fe107701bf3ab4237c0cb3b125710
created 2015-06-01 17:57 -0700
pushed 2015-06-02 11:11 +0000
Wes Kocher Wes Kocher - Backed out 14 changesets (bug 1165515) for b2g mochitest-6 permafail CLOSED TREE
150606c022a29517f43ee6907075170db825c947
created 2015-06-01 14:31 -0700
pushed 2015-06-02 11:11 +0000
Eric Rahm Eric Rahm - Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
8a03e892db51e07a20a85f97abe073cee7be0fa0
created 2015-05-21 13:22 -0700
pushed 2015-05-22 18:02 +0000
Eric Rahm Eric Rahm - Bug 1165515 - Part 1: Convert PR_LOG to MOZ_LOG. r=froydnj
8e525037fc7aaebc9d4dc64b058dcdcfedb6dc80
created 2015-05-16 16:38 -0400
pushed 2015-05-17 16:04 +0000
Richard Barnes Richard Barnes - Backed out changeset fe10feec1ede because of OCSP test failures
fe10feec1edef68862f1733a65b0b0fd34c5a0ff
created 2015-05-15 16:17 -0400
pushed 2015-05-17 16:04 +0000
Richard Barnes Richard Barnes - Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler
1853f12d7d8c336d0689a8d3e0e21e174609f50a
created 2015-04-06 16:10 -0700
pushed 2015-05-15 15:40 +0000
David Keeler David Keeler - bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
b46612a5525552a32c511d9b223e1e8291262a13
created 2015-05-07 11:06 -0700
pushed 2015-05-12 23:24 +0000
David Keeler David Keeler - bug 1102436 - remove PublicKeyPinningService::CheckChainAgainstAllNames r=Cykesiopka
3cdce28ffcc6de50fac4fce22a8bca0a467db44b
created 2015-05-08 14:36 -0700
pushed 2015-05-09 21:17 +0000
Eric Rahm Eric Rahm - Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj
a4e5010cb3d1ef01aecd5e7aee74b42670be5bc7
created 2015-05-07 18:54 +0100
pushed 2015-05-08 17:06 +0000
Mark Goodwin Mark Goodwin - Bug 1128607 - Add freshness check for OneCRL (r=keeler)
91f989aedf12563b1bb431adb87124b91af13a34
created 2015-04-23 20:26 -0400
pushed 2015-04-24 12:37 +0000
Richard Barnes Richard Barnes - Bug 1121982 - Update PSM to use NSS name constraints
c94a39913b477f2848a4a7ca68548008f5710d5e
created 2015-04-07 17:29 -0700
pushed 2015-04-18 23:37 +0000
David Keeler David Keeler - bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes
eac5e76f92805dd617f9afac4380f01efc15401e
created 2015-04-14 14:30 +0200
pushed 2015-04-14 20:02 +0000
Jan Beich Jan Beich - Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith
0511335a89fdad7bab8806a06512e5b05b38932a
created 2015-04-12 19:57 -1000
pushed 2015-04-14 14:06 +0000
Brian Smith Brian Smith - Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler
aec63c4c2acd5ce1c200c5daea588ea67e3d2a94
created 2015-03-31 15:10 -0700
pushed 2015-04-01 16:35 +0000
Mark Goodwin Mark Goodwin - Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused)
eee856befda3b54b11383be5192ce333de40ea08
created 2015-03-05 16:41 +0100
pushed 2015-03-06 21:23 +0000
Cykesiopka Cykesiopka - Bug 1139177 - RSA public key size checking cleanups. r=keeler
83c8e3ad6835efe962144396410bea2d5a612f28
created 2015-02-26 04:38 +0100
pushed 2015-03-04 00:49 +0000
Mark Goodwin Mark Goodwin - Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler
c6f3b60f6f8ab6a9c1d1918373968433d4e5e50b
created 2015-02-24 15:48 -0800
pushed 2015-02-27 18:20 +0000
David Keeler David Keeler - bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith
99f4f20645206379f887d0914e48745310cad12e
created 2015-02-14 16:59 -0800
pushed 2015-02-24 11:56 +0000
Brian Smith Brian Smith - Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
5e39cbc525ad091f8ee8cd2a9fbfcf49f3e89c36
created 2015-02-07 12:14 -0800
pushed 2015-02-11 13:58 +0000
Brian Smith Brian Smith - Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler
3fe8d7d7f9f7373d0d3a3341d1a46347c06c85c7
created 2015-02-02 16:17 -0800
pushed 2015-02-11 13:58 +0000
Brian Smith Brian Smith - Bug 1122841, Part 2: Centralize checking of public key, r=keeler
fa67b437a89ab8590a5bcd3a91a4d779f716c6dd
created 2015-01-23 06:17 +0100
pushed 2015-02-05 13:47 +0000
TheKK TheKK - Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz
5f8dbb4956752d9759c92ac84b37c79d046805d2
created 2015-01-07 06:08 +0100
pushed 2015-01-09 13:00 +0000
Mark Goodwin Mark Goodwin - Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused
f7de7f93a099483093279b13681a14e96f22622a
created 2014-12-23 14:51 -0800
pushed 2015-01-01 22:19 +0000
Brian Smith Brian Smith - Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj
33d139e87c8901cf69ad42ef8cd704a9079b627e
created 2014-12-20 07:03 -0800
pushed 2014-12-23 18:17 +0000
Brian Smith Brian Smith - Bug 1107666, Part 2: Further fix for SSL_OCSP_STAPLING telemetry, r=keeler
5a082a183de4bc87e28ec3e29557162ed20fb632
created 2014-12-19 11:31 -0800
pushed 2014-12-20 03:00 +0000
David Keeler David Keeler - backout changeset 339049fcea42 (bug 1024809) for android and b2g bustage on a CLOSED TREE
339049fcea42e2454843b0f2752e41eadd3e8fe7
created 2014-12-19 10:22 -0800
pushed 2014-12-20 03:00 +0000
Mark Goodwin Mark Goodwin - Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs (r=keeler,Unfocused)
610eb25d2d63d18d7233d21aaf464471545ccab0
created 2014-12-11 23:22 -0800
pushed 2014-12-15 18:52 +0000
Brian Smith Brian Smith - Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler
9cdb1871bd6540b8d2e238c73bc2458ffc13febd
created 2014-12-05 10:12 -0800
pushed 2014-12-06 00:03 +0000
David Keeler David Keeler - bug 1020237 - follow-up to fix build bustage r=bustage on a CLOSED TREE
73051c757857dda21a97ca731a1806aec25604aa
created 2014-12-04 13:37 -0800
pushed 2014-12-06 00:03 +0000
David Keeler David Keeler - bug 1020237 - prefer root certificates to non-root certificates in NSSCertDBTrustDomain::FindIssuer r=briansmith
7e582ef49f2f946f43eb2d1f59fce19f0294140a
created 2014-11-28 12:23 +0100
pushed 2014-11-28 22:33 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset b38a8e2203a1 (bug 1024809) for Android 4 perma failures
b38a8e2203a1633e984b30dd35d4bb201bd49e0c
created 2014-11-27 23:36 +0100
pushed 2014-11-28 22:33 +0000
Mark Goodwin Mark Goodwin - Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. (r=keeler,Unfocused)
1e0e447828ec9f53faea43140a4de26865c9f221
created 2014-11-27 16:30 +0100
pushed 2014-11-28 00:42 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage
761071f57ab615bfc6c93148ac9e07bab141257b
created 2014-11-27 04:12 +0100
pushed 2014-11-28 00:42 +0000
Mark Goodwin Mark Goodwin - Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused
b379f1bc58e10c59fdacc7ea5ca3396c77819a84
created 2014-11-21 10:43 -0800
pushed 2014-11-24 12:32 +0000
David Keeler David Keeler - bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith
f564fff0642cfbd82f7192d7e2d8b00610e16091
created 2014-10-18 15:18 +0200
pushed 2014-10-20 12:40 +0000
Cykesiopka Cykesiopka - Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
209ec35a59c13bfccd4b5a787268cb4e1eaf1bb3
created 2014-10-17 13:14 +0200
pushed 2014-10-20 12:40 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests
3afdc3253979b356a146c55e49eb68eb48580927
created 2014-10-16 05:13 +0200
pushed 2014-10-20 12:40 +0000
Cykesiopka Cykesiopka - Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
4f90b7fb1918462222c557100342cdd627e2f3f3
created 2014-09-25 11:18 -0700
pushed 2014-09-26 20:54 +0000
David Keeler David Keeler - bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco
e0c00c1861af255cc20060c69e30bb8595dd00b3
created 2014-08-08 08:39 -0400
pushed 2014-08-08 21:34 +0000
Ehsan Akhgari Ehsan Akhgari - Bug 579517 follow-up: Remove NSPR types that crept in
a4a8b3b58191206f53748d823cf255fba4042253
created 2014-08-02 08:49 -0700
pushed 2014-08-04 20:14 +0000
Brian Smith Brian Smith - Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler
64719bb171797b81c6d155251da939904777fa31
created 2014-08-01 23:16 -0700
pushed 2014-08-04 20:14 +0000
Brian Smith Brian Smith - Bug 1047792: Rely on mozilla::pkix to filter out expired certs instead of CERT_CreateSubjectCertList, r=keeler
c989be71f8443b628a15cd0aab16f47de73d3582
created 2014-07-31 12:17 -0700
pushed 2014-08-01 15:52 +0000
Brian Smith Brian Smith - Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler
c04d170a0bd9ad169065d5546a1149554a543422
created 2014-07-18 22:30 -0700
pushed 2014-08-01 15:52 +0000
Brian Smith Brian Smith - Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler
a6147f19dc56aecfcce19a019d8f966db8a32492
created 2014-07-20 11:06 -0700
pushed 2014-08-01 15:52 +0000
Brian Smith Brian Smith - Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco
5f7dc391e8611d1f12f77d55f2c5a56ef8f6f29e
created 2014-07-18 11:48 -0700
pushed 2014-08-01 15:52 +0000
Brian Smith Brian Smith - Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler
1ed822e820d355e4fae79631f6f888e0b7389fd1
created 2014-07-25 16:59 -0700
pushed 2014-07-28 13:33 +0000
David Keeler David Keeler - bug 1040889 - don't re-cache OCSP server failures if no fetch was attempted r=briansmith r=cviecco
83b81059b2a2c5af28632891978c3ee589958f0f
created 2014-07-15 19:49 -0400
pushed 2014-07-17 00:08 +0000
Cykesiopka Cykesiopka - Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith
2ea91aa53633847fb32c280a079d9a958534f215
created 2014-07-06 19:36 -0700
pushed 2014-07-15 12:59 +0000
Brian Smith Brian Smith - Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
578899c0b81952253e829c2e6fa8de1b83afe624
created 2014-07-10 19:00 -0700
pushed 2014-07-15 12:59 +0000
Brian Smith Brian Smith - Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
440f68cba022b72dd87c1c84de1579cb8295d4eb
created 2014-07-10 22:38 -0700
pushed 2014-07-14 12:35 +0000
Brian Smith Brian Smith - Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco
less more (0) -60 tip