searching for reviewer(fkiefer)
772dea1abb7f7391bb8df72699db4d66919379e9: Bug 1421501 - export NSS [Init,Shutdown]Context symbols r=fkiefer
Robert Helmer <rhelmer@mozilla.com> - Thu, 09 Aug 2018 08:35:48 -0700 - rev 831014
Push 118868 by bmo:zjz@zjz.name at Fri, 24 Aug 2018 07:04:39 +0000
Bug 1421501 - export NSS [Init,Shutdown]Context symbols r=fkiefer MozReview-Commit-ID: Kmhn1dBSYUD
c119767aec7b7356c79ce2ea2a8baaf5682e438d: Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio r=fkiefer
Robert Helmer <rhelmer@mozilla.com> - Wed, 20 Jun 2018 17:21:01 -0700 - rev 831013
Push 118868 by bmo:zjz@zjz.name at Fri, 24 Aug 2018 07:04:39 +0000
Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio r=fkiefer MozReview-Commit-ID: LjbKuuFAMAv
9aa4a3ceed8cb05dae27e44f5aa18ad866fd2abe: Bug 1421501 - export NSS [Init,Shutdown]Context symbols r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Thu, 09 Aug 2018 08:35:48 -0700 - rev 830987
Push 118867 by bmo:rhelmer@mozilla.com at Thu, 23 Aug 2018 21:15:33 +0000
Bug 1421501 - export NSS [Init,Shutdown]Context symbols r?fkiefer MozReview-Commit-ID: Kmhn1dBSYUD
a3f268492833ac5e18fd073912d55690a172353a: Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Wed, 20 Jun 2018 17:21:01 -0700 - rev 830986
Push 118867 by bmo:rhelmer@mozilla.com at Thu, 23 Aug 2018 21:15:33 +0000
Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio r?fkiefer MozReview-Commit-ID: LjbKuuFAMAv
68f8a51603281c778a24fafc93ce786f1f6b46fc: Bug 1421501 - export NSS [Init,Shutdown]Context symbols r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Thu, 09 Aug 2018 08:35:48 -0700 - rev 830972
Push 118861 by bmo:rhelmer@mozilla.com at Thu, 23 Aug 2018 11:42:47 +0000
Bug 1421501 - export NSS [Init,Shutdown]Context symbols r?fkiefer MozReview-Commit-ID: Kmhn1dBSYUD
8b9d95a00f517e92b2f0c4f971491a7c0f0939c7: Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Wed, 20 Jun 2018 17:21:01 -0700 - rev 830971
Push 118861 by bmo:rhelmer@mozilla.com at Thu, 23 Aug 2018 11:42:47 +0000
Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio r?fkiefer MozReview-Commit-ID: LjbKuuFAMAv
adf762bccf033c3bbd5388cf74c8455df3b17dd1: Bug 1421501 - export NSS [Init,Shutdown]Context symbols r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Thu, 09 Aug 2018 08:35:48 -0700 - rev 828481
Push 118682 by bmo:rhelmer@mozilla.com at Sat, 11 Aug 2018 17:30:57 +0000
Bug 1421501 - export NSS [Init,Shutdown]Context symbols r?fkiefer MozReview-Commit-ID: Kmhn1dBSYUD
495715ebd0484102e1b83c2281eb850fb21e110a: Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Wed, 20 Jun 2018 17:21:01 -0700 - rev 828480
Push 118682 by bmo:rhelmer@mozilla.com at Sat, 11 Aug 2018 17:30:57 +0000
Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio r?fkiefer MozReview-Commit-ID: LjbKuuFAMAv
38238ac3cb22bdfafdb0c9c236ecdc2ee78997c5: Bug 1421501 - export NSS [Init,Shutdown]Context symbols r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Thu, 09 Aug 2018 08:35:48 -0700 - rev 828475
Push 118681 by bmo:rhelmer@mozilla.com at Sat, 11 Aug 2018 00:23:33 +0000
Bug 1421501 - export NSS [Init,Shutdown]Context symbols r?fkiefer MozReview-Commit-ID: Kmhn1dBSYUD
8e08ed9ffb05c4ed8a0f339fcd6488775f3fada9: Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Wed, 20 Jun 2018 17:21:01 -0700 - rev 828474
Push 118681 by bmo:rhelmer@mozilla.com at Sat, 11 Aug 2018 00:23:33 +0000
Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio r?fkiefer MozReview-Commit-ID: LjbKuuFAMAv
e94a7ffada0f31ac6a310b00f3c18a64bc9b6cfc: Bug 1421501 - export NSS [Init,Shutdown]Context symbols r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Thu, 09 Aug 2018 08:35:48 -0700 - rev 828042
Push 118620 by bmo:rhelmer@mozilla.com at Thu, 09 Aug 2018 19:04:41 +0000
Bug 1421501 - export NSS [Init,Shutdown]Context symbols r?fkiefer MozReview-Commit-ID: Kmhn1dBSYUD
1be85a00ed064fbe719aa164773be95c735cfb37: Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio/commit/bc7cfbe55cd3f5bc3eee2d13060583d2fc2952b0 r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Wed, 20 Jun 2018 17:21:01 -0700 - rev 828041
Push 118620 by bmo:rhelmer@mozilla.com at Thu, 09 Aug 2018 19:04:41 +0000
Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio/commit/bc7cfbe55cd3f5bc3eee2d13060583d2fc2952b0 r?fkiefer MozReview-Commit-ID: LjbKuuFAMAv
5a8fd09ec818b8d9dfd55ffafa0e4bfa05aed97f: Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio/commit/5779b9cde2e21786d4cf55823e021b8c172990f0 r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Wed, 20 Jun 2018 17:21:01 -0700 - rev 827390
Push 118527 by bmo:rhelmer@mozilla.com at Wed, 08 Aug 2018 00:15:40 +0000
Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio/commit/5779b9cde2e21786d4cf55823e021b8c172990f0 r?fkiefer MozReview-Commit-ID: LjbKuuFAMAv
4c17e7e9b295f15b87c41e4bf8b8ad3b4cb4e629: Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio/commit/5779b9cde2e21786d4cf55823e021b8c172990f0 r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Wed, 20 Jun 2018 17:21:01 -0700 - rev 826151
Push 118249 by bmo:rhelmer@mozilla.com at Fri, 03 Aug 2018 01:04:13 +0000
Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio/commit/5779b9cde2e21786d4cf55823e021b8c172990f0 r?fkiefer MozReview-Commit-ID: LjbKuuFAMAv
0c34fa73712cf991d7835d99f389cb1661a6de30: Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio/commit/5779b9cde2e21786d4cf55823e021b8c172990f0 r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Wed, 20 Jun 2018 17:21:01 -0700 - rev 826146
Push 118246 by bmo:rhelmer@mozilla.com at Fri, 03 Aug 2018 00:26:30 +0000
Bug 1421501 - add vendored libprio from https://github.com/mozilla/libprio/commit/5779b9cde2e21786d4cf55823e021b8c172990f0 r?fkiefer MozReview-Commit-ID: LjbKuuFAMAv
5189840b05374fca711db67686d2472dcb600adc: Bug 1476362: Fix DEAD_STORE errors in netwerk/*. r?fkiefer draft
Robert Bartlensky <rbartlensky@mozilla.com> - Wed, 18 Jul 2018 13:11:55 +0100 - rev 820276
Push 116780 by bmo:rbartlensky@mozilla.com at Thu, 19 Jul 2018 11:27:09 +0000
Bug 1476362: Fix DEAD_STORE errors in netwerk/*. r?fkiefer MozReview-Commit-ID: 5xfKrxkUA3W
73325580ec50b11f94dc7300c1df77596e8e814b: bug 1470030 - convert manually-written nsINSSComponent definition to idl r=fkiefer
David Keeler <dkeeler@mozilla.com> - Wed, 20 Jun 2018 16:43:18 -0700 - rev 811945
Push 114436 by jdescottes@mozilla.com at Thu, 28 Jun 2018 11:53:36 +0000
bug 1470030 - convert manually-written nsINSSComponent definition to idl r=fkiefer Defining nsINSSComponent in idl rather than manually in a header file allows us to make full use of the machinery that already exists to process and generate the correct definitions. Furthermore, it enables us to define JS-accessible APIs on nsINSSComponent, which enables us to build frontend features that can work directly with the data and functionality the underlying implementation has access to. MozReview-Commit-ID: JFI9s12wmRE
ade6775765ee7331c0d4f0b4493dcd9e8327cd0b: bug 1470030 - convert manually-written nsINSSComponent definition to idl r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Wed, 20 Jun 2018 16:43:18 -0700 - rev 809669
Push 113758 by bmo:dkeeler@mozilla.com at Fri, 22 Jun 2018 17:50:09 +0000
bug 1470030 - convert manually-written nsINSSComponent definition to idl r?fkiefer Defining nsINSSComponent in idl rather than manually in a header file allows us to make full use of the machinery that already exists to process and generate the correct definitions. Furthermore, it enables us to define JS-accessible APIs on nsINSSComponent, which enables us to build frontend features that can work directly with the data and functionality the underlying implementation has access to. MozReview-Commit-ID: JFI9s12wmRE
56febaa8d224e1e0860751c6f85bb5c81b8f5608: bug 1470030 - convert manually-written nsINSSComponent definition to idl r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Wed, 20 Jun 2018 16:43:18 -0700 - rev 809289
Push 113618 by bmo:dkeeler@mozilla.com at Thu, 21 Jun 2018 17:44:53 +0000
bug 1470030 - convert manually-written nsINSSComponent definition to idl r?fkiefer Defining nsINSSComponent in idl rather than manually in a header file allows us to make full use of the machinery that already exists to process and generate the correct definitions. Furthermore, it enables us to define JS-accessible APIs on nsINSSComponent, which enables us to build frontend features that can work directly with the data and functionality the underlying implementation has access to. MozReview-Commit-ID: JFI9s12wmRE
e39e68b00278986028c5101f1cb612568e677096: Bug 1465562 - Ensure succeededCertChain is set in TLS handshakes with session resumption. r=fkiefer, a=RyanVM
David Keeler <dkeeler@mozilla.com> - Thu, 07 Jun 2018 10:41:25 -0700 - rev 808956
Push 113536 by nthomas@mozilla.com at Thu, 21 Jun 2018 04:40:01 +0000
Bug 1465562 - Ensure succeededCertChain is set in TLS handshakes with session resumption. r=fkiefer, a=RyanVM When doing TLS session resumption, Firefox currently does not have enough information to trivially reconstitute the original connection's security information. Consequently, we have to rebuild the certificate chain in the handshake callback. Before this patch, we determined the EV and CT status of the connection but did not set the succeeded cert chain unless the certificate was EV. This was insufficient. In this patch, we set the succeeded cert chain regardless of if the certificate is EV or not (provided we found a valid chain). MozReview-Commit-ID: AuKrlBwX1Qh
36612604c8999fea08783b8ea61bfa4c033328b7: Bug 1421501 - add vendored libprio from https://github.com/henrycg/libprio/commit/94e27d61967025848f7b24e3102cb310770689f0 r?fkiefer draft
Robert Helmer <rhelmer@mozilla.com> - Wed, 20 Jun 2018 17:21:01 -0700 - rev 808859
Push 113528 by bmo:rhelmer@mozilla.com at Thu, 21 Jun 2018 00:37:03 +0000
Bug 1421501 - add vendored libprio from https://github.com/henrycg/libprio/commit/94e27d61967025848f7b24e3102cb310770689f0 r?fkiefer MozReview-Commit-ID: LjbKuuFAMAv
5d47226b6b8c1d57afbb92ebc50bae2632611e0e: bug 1465562 - ensure succeededCertChain is set in TLS handshakes with session resumption r=fkiefer
David Keeler <dkeeler@mozilla.com> - Thu, 07 Jun 2018 10:41:25 -0700 - rev 807662
Push 113180 by plingurar@mozilla.com at Fri, 15 Jun 2018 10:38:54 +0000
bug 1465562 - ensure succeededCertChain is set in TLS handshakes with session resumption r=fkiefer When doing TLS session resumption, Firefox currently does not have enough information to trivially reconstitute the original connection's security information. Consequently, we have to rebuild the certificate chain in the handshake callback. Before this patch, we determined the EV and CT status of the connection but did not set the succeeded cert chain unless the certificate was EV. This was insufficient. In this patch, we set the succeeded cert chain regardless of if the certificate is EV or not (provided we found a valid chain). MozReview-Commit-ID: AuKrlBwX1Qh
2c07c2c21ca48a04492c82010c649c47d5616db9: bug 1465562 - ensure succeededCertChain is set in TLS handshakes with session resumption r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Thu, 07 Jun 2018 10:41:25 -0700 - rev 807560
Push 113156 by bmo:dkeeler@mozilla.com at Thu, 14 Jun 2018 23:07:26 +0000
bug 1465562 - ensure succeededCertChain is set in TLS handshakes with session resumption r?fkiefer When doing TLS session resumption, Firefox currently does not have enough information to trivially reconstitute the original connection's security information. Consequently, we have to rebuild the certificate chain in the handshake callback. Before this patch, we determined the EV and CT status of the connection but did not set the succeeded cert chain unless the certificate was EV. This was insufficient. In this patch, we set the succeeded cert chain regardless of if the certificate is EV or not (provided we found a valid chain). MozReview-Commit-ID: AuKrlBwX1Qh
2b65a8f996222369279cc2152ecaa7eaee93898a: bug 1465562 - ensure succeededCertChain is set in TLS handshakes with session resumption r=fkiefer
David Keeler <dkeeler@mozilla.com> - Thu, 07 Jun 2018 10:41:25 -0700 - rev 806385
Push 112878 by rwood@mozilla.com at Sat, 09 Jun 2018 14:26:04 +0000
bug 1465562 - ensure succeededCertChain is set in TLS handshakes with session resumption r=fkiefer When doing TLS session resumption, Firefox currently does not have enough information to trivially reconstitute the original connection's security information. Consequently, we have to rebuild the certificate chain in the handshake callback. Before this patch, we determined the EV and CT status of the connection but did not set the succeeded cert chain unless the certificate was EV. This was insufficient. In this patch, we set the succeeded cert chain regardless of if the certificate is EV or not (provided we found a valid chain). MozReview-Commit-ID: AuKrlBwX1Qh
8f9f5fce981c5ce68093e2dc8a395d5c3034e825: bug 1465562 - ensure succeededCertChain is set in TLS handshakes with session resumption r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Thu, 07 Jun 2018 10:41:25 -0700 - rev 805929
Push 112805 by bmo:dkeeler@mozilla.com at Fri, 08 Jun 2018 17:41:30 +0000
bug 1465562 - ensure succeededCertChain is set in TLS handshakes with session resumption r?fkiefer When doing TLS session resumption, Firefox currently does not have enough information to trivially reconstitute the original connection's security information. Consequently, we have to rebuild the certificate chain in the handshake callback. Before this patch, we determined the EV and CT status of the connection but did not set the succeeded cert chain unless the certificate was EV. This was insufficient. In this patch, we set the succeeded cert chain regardless of if the certificate is EV or not (provided we found a valid chain). MozReview-Commit-ID: AuKrlBwX1Qh
065118992edc21def9b940bb43aa037afe80229d: bug 1465562 - ensure succeededCertChain is set in TLS handshakes with session resumption r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Thu, 07 Jun 2018 10:41:25 -0700 - rev 805389
Push 112643 by bmo:dkeeler@mozilla.com at Thu, 07 Jun 2018 19:24:47 +0000
bug 1465562 - ensure succeededCertChain is set in TLS handshakes with session resumption r?fkiefer When doing TLS session resumption, Firefox currently does not have enough information to trivially reconstitute the original connection's security information. Consequently, we have to rebuild the certificate chain in the handshake callback. Before this patch, we determined the EV and CT status of the connection but did not set the succeeded cert chain unless the certificate was EV. This was insufficient. In this patch, we set the succeeded cert chain regardless of if the certificate is EV or not (provided we found a valid chain). MozReview-Commit-ID: AuKrlBwX1Qh
1ab062fd31db7d4367a479fedb350dc6fcee7a3f: bug 1466942 - avoid l10n string bundles in nsNSSComponent initialization r=fkiefer
David Keeler <dkeeler@mozilla.com> - Mon, 04 Jun 2018 17:07:06 -0700 - rev 804982
Push 112508 by bmo:edilee@mozilla.com at Wed, 06 Jun 2018 21:00:52 +0000
bug 1466942 - avoid l10n string bundles in nsNSSComponent initialization r=fkiefer Before this patch, nsNSSComponent initialization would call PK11_ConfigurePKCS11 with some localized strings, which contributed to startup time. Also, PK11_UnconfigurePKCS11 was never called, so the memory allocated to these strings would stick around forever. This patch addresses both of these problems by not calling PK11_ConfigurePKCS11. This means that some properties of NSS' internal "PKCS#11 slots/tokens" have to be localized when displaying them to the user. MozReview-Commit-ID: BbAgbgpFfFG
9968319230a74eb8c1953444a0e6973c7500a9f8: Bug 1464869 - Fix flake8/pep8 issue by hand in security/ r=fkiefer
Sylvestre Ledru <sledru@mozilla.com> - Sun, 27 May 2018 10:36:45 +0200 - rev 804855
Push 112482 by bmo:ato@sny.no at Wed, 06 Jun 2018 17:38:07 +0000
Bug 1464869 - Fix flake8/pep8 issue by hand in security/ r=fkiefer MozReview-Commit-ID: ExDsMJ9KzJQ
f9a66e05d90ea6e12616e97b1cc52f9727c4ddc7: Bug 1464869 - Run autopep8 on security/ r=fkiefer
Sylvestre Ledru <sledru@mozilla.com> - Sat, 26 May 2018 06:47:27 -0700 - rev 804854
Push 112482 by bmo:ato@sny.no at Wed, 06 Jun 2018 17:38:07 +0000
Bug 1464869 - Run autopep8 on security/ r=fkiefer MozReview-Commit-ID: K3aWVqsO0O8
051ef1eb3d23f2030aa74b8df856942896741a46: bug 1465976 - remove all find*ByName APIs from PSM PKCS#11 module/slot/token interfaces r=fkiefer,jcj
David Keeler <dkeeler@mozilla.com> - Thu, 31 May 2018 14:46:06 -0700 - rev 804108
Push 112312 by bmo:standard8@mozilla.com at Tue, 05 Jun 2018 16:07:56 +0000
bug 1465976 - remove all find*ByName APIs from PSM PKCS#11 module/slot/token interfaces r=fkiefer,jcj Before this patch, we exposed a few interfaces that revolved around mapping a name to a specific PKCS#11 module, slot, or token. These APIs were all either problematic and/or unnecessary. In theory there could be two tokens in different modules with the same name, so nsIPK11TokenDB.findTokenByName wasn't guaranteed to return what the consumer expected it to. In general, these APIs were used by front-end code to go from a handle on the specific object in question to a string identifier and then back to a handle on the object. This was unnecessary - we can just retain the original handle. MozReview-Commit-ID: IbqLbV4wceA
b4c7d1e7d2654221cf1d39a159bc4dc8ee7b3d10: bug 1465976 - remove all find*ByName APIs from PSM PKCS#11 module/slot/token interfaces r?jcj,fkiefer draft
David Keeler <dkeeler@mozilla.com> - Thu, 31 May 2018 14:46:06 -0700 - rev 803760
Push 112171 by bmo:dkeeler@mozilla.com at Mon, 04 Jun 2018 19:39:55 +0000
bug 1465976 - remove all find*ByName APIs from PSM PKCS#11 module/slot/token interfaces r?jcj,fkiefer Before this patch, we exposed a few interfaces that revolved around mapping a name to a specific PKCS#11 module, slot, or token. These APIs were all either problematic and/or unnecessary. In theory there could be two tokens in different modules with the same name, so nsIPK11TokenDB.findTokenByName wasn't guaranteed to return what the consumer expected it to. In general, these APIs were used by front-end code to go from a handle on the specific object in question to a string identifier and then back to a handle on the object. This was unnecessary - we can just retain the original handle. MozReview-Commit-ID: IbqLbV4wceA
f16a2472bcb54d35e3bb63fe7ea80053e0d9fcc9: bug 1465933 - remove GetPIPNSSBundleString from nsINSSComponent r=fkiefer
David Keeler <dkeeler@mozilla.com> - Thu, 31 May 2018 12:26:04 -0700 - rev 803160
Push 112030 by bmo:mh+mozilla@glandium.org at Fri, 01 Jun 2018 22:09:45 +0000
bug 1465933 - remove GetPIPNSSBundleString from nsINSSComponent r=fkiefer At this point, all uses of GetPIPNSSBundleString *should* be on the main thread, so we can just remove the nsINSSComponent version and rely on the nsNSSCertHelper instance. MozReview-Commit-ID: Lt7AgokGKRH
0c8c4ba579c721a4b9cbd5a6eff0b219a2d16ff9: bug 1465976 - remove all find*ByName APIs from PSM PKCS#11 module/slot/token interfaces r?jcj,fkiefer draft
David Keeler <dkeeler@mozilla.com> - Thu, 31 May 2018 14:46:06 -0700 - rev 802497
Push 111894 by bmo:dkeeler@mozilla.com at Thu, 31 May 2018 21:53:53 +0000
bug 1465976 - remove all find*ByName APIs from PSM PKCS#11 module/slot/token interfaces r?jcj,fkiefer Before this patch, we exposed a few interfaces that revolved around mapping a name to a specific PKCS#11 module, slot, or token. These APIs were all either problematic and/or unnecessary. In theory there could be two tokens in different modules with the same name, so nsIPK11TokenDB.findTokenByName wasn't guaranteed to return what the consumer expected it to. In general, these APIs were used by front-end code to go from a handle on the specific object in question to a string identifier and then back to a handle on the object. This was unnecessary - we can just retain the original handle. MozReview-Commit-ID: IbqLbV4wceA
23e8076766f49098f02ae239d391568c71ed3363: bug 1465976 - remove all find*ByName APIs from PSM PKCS#11 module/slot/token interfaces r?jcj,fkiefer draft
David Keeler <dkeeler@mozilla.com> - Thu, 31 May 2018 14:46:06 -0700 - rev 802496
Push 111893 by bmo:dkeeler@mozilla.com at Thu, 31 May 2018 21:46:23 +0000
bug 1465976 - remove all find*ByName APIs from PSM PKCS#11 module/slot/token interfaces r?jcj,fkiefer Before this patch, we exposed a few interfaces that revolved around mapping a name to a specific PKCS#11 module, slot, or token. These APIs were all either problematic and/or unnecessary. In theory there could be two tokens in different modules with the same name, so nsIPK11TokenDB.findTokenByName wasn't guaranteed to return what the consumer expected it to. In general, these APIs were used by front-end code to go from a handle on the specific object in question to a string identifier and then back to a handle on the object. This was unnecessary - we can just retain the original handle. MozReview-Commit-ID: IbqLbV4wceA
37be20a4be4b512765ae1ff9438b6ba293dc2ef4: bug 1465933 - remove GetPIPNSSBundleString from nsINSSComponent r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Thu, 31 May 2018 12:26:04 -0700 - rev 802405
Push 111876 by bmo:dkeeler@mozilla.com at Thu, 31 May 2018 19:29:28 +0000
bug 1465933 - remove GetPIPNSSBundleString from nsINSSComponent r?fkiefer At this point, all uses of GetPIPNSSBundleString *should* be on the main thread, so we can just remove the nsINSSComponent version and rely on the nsNSSCertHelper instance. MozReview-Commit-ID: Lt7AgokGKRH
f7ba2965406d08645df693bfe3ce8b798a512915: Bug 1427248 - Avoid changing certificate trust in nsNSSComponent initialization. r=fkiefer, r=jcj, a=jcristau
David Keeler <dkeeler@mozilla.com> - Tue, 15 May 2018 13:37:42 -0700 - rev 802195
Push 111850 by bmo:tom@mozilla.com at Thu, 31 May 2018 16:41:37 +0000
Bug 1427248 - Avoid changing certificate trust in nsNSSComponent initialization. r=fkiefer, r=jcj, a=jcristau If a user has set a master password on their NSS DB(s), when we try to change the trust of a certificate, we may have to authenticate to the DB. This involves bringing up a dialog box, executing javascript, spinning the event loop, etc. In some cases (particularly when antivirus software has injected code into Firefox), this can cause the nsNSSComponent to be initialized if it hasn't already been. So, it's a really, really bad idea to attempt to change the trust of a certificate while we're initializing nsNSSComponent, because this results in a recursive component dependency and everything breaks. To get around this, if we need to load 3rd party roots (e.g. enterprise roots or the family safety root), we defer any trust changes to a later event loop tick. In theory this could cause verification failures early in startup. We'll have to see if this is an issue in practice. MozReview-Commit-ID: FvjHP5dTmpP
f9132bdb0177c55fe6ebad201f3f3d6368cf15e8: bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r=fkiefer,jcj
David Keeler <dkeeler@mozilla.com> - Fri, 25 May 2018 11:22:48 -0700 - rev 802047
Push 111814 by jodvarko@mozilla.com at Thu, 31 May 2018 10:42:52 +0000
bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r=fkiefer,jcj nsNSSComponent startup and shutdown would be simpler if there were no direct dependencies on localized strings. This patch removes a dependency on the localized name of the builtin roots module by hard-coding the name internally and then mapping it to/from the localized version as appropriate. MozReview-Commit-ID: 30kbpWFYbzm
eac86d628a46bcb6a97d9220ac4abc2c9f193947: bug 1464505 - remove some unused localization helpers from nsNSSComponent r=fkiefer
David Keeler <dkeeler@mozilla.com> - Fri, 25 May 2018 13:02:02 -0700 - rev 801913
Push 111768 by mak77@bonardo.net at Wed, 30 May 2018 23:05:31 +0000
bug 1464505 - remove some unused localization helpers from nsNSSComponent r=fkiefer nsNSSComponent::PIPBundleFormatStringFromName and ::GetNSSBundleString are now unused. They can be removed (which means that nsNSSComponent::mNSSErrorsBundle can be removed as well). MozReview-Commit-ID: GAaGawSDL2n
042c15e1f58ec8314ef7808752386c1028ab2420: bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r?jcj,fkiefer draft
David Keeler <dkeeler@mozilla.com> - Fri, 25 May 2018 11:22:48 -0700 - rev 801279
Push 111624 by bmo:dkeeler@mozilla.com at Wed, 30 May 2018 00:11:29 +0000
bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r?jcj,fkiefer nsNSSComponent startup and shutdown would be simpler if there were no direct dependencies on localized strings. This patch removes a dependency on the localized name of the builtin roots module by hard-coding the name internally and then mapping it to/from the localized version as appropriate. MozReview-Commit-ID: 30kbpWFYbzm
2a6f87c1d80e7a7fb26c1880381c504439ae224d: bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r?jcj,fkiefer draft
David Keeler <dkeeler@mozilla.com> - Fri, 25 May 2018 11:22:48 -0700 - rev 801122
Push 111579 by bmo:dkeeler@mozilla.com at Tue, 29 May 2018 19:20:51 +0000
bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r?jcj,fkiefer nsNSSComponent startup and shutdown would be simpler if there were no direct dependencies on localized strings. This patch removes a dependency on the localized name of the builtin roots module by hard-coding the name internally and then mapping it to/from the localized version as appropriate. MozReview-Commit-ID: 30kbpWFYbzm
45e4ca4916fa14b070a48a7e7145ec4f0390bc74: bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r?jcj,fkiefer draft
David Keeler <dkeeler@mozilla.com> - Fri, 25 May 2018 11:22:48 -0700 - rev 801121
Push 111578 by bmo:dkeeler@mozilla.com at Tue, 29 May 2018 19:16:40 +0000
bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r?jcj,fkiefer nsNSSComponent startup and shutdown would be simpler if there were no direct dependencies on localized strings. This patch removes a dependency on the localized name of the builtin roots module by hard-coding the name internally and then mapping it to/from the localized version as appropriate. MozReview-Commit-ID: 30kbpWFYbzm
857472522f42fa9ff55ac070d47383cdcb4b904d: bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r?jcj,fkiefer draft
David Keeler <dkeeler@mozilla.com> - Fri, 25 May 2018 11:22:48 -0700 - rev 800090
Push 111269 by bmo:dkeeler@mozilla.com at Fri, 25 May 2018 21:12:22 +0000
bug 1464520 - hard-code the builtin roots module name to avoid a dependency on l10n in nsNSSComponent r?jcj,fkiefer nsNSSComponent startup and shutdown would be simpler if there were no direct dependencies on localized strings. This patch removes a dependency on the localized name of the builtin roots module by hard-coding the name internally and then mapping it to/from the localized version as appropriate. MozReview-Commit-ID: 30kbpWFYbzm
12ab555ac7ca3ac1e3f3249d48f1df7ce6a35627: bug 1464505 - remove some unused localization helpers from nsNSSComponent r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Fri, 25 May 2018 13:02:02 -0700 - rev 800087
Push 111266 by bmo:dkeeler@mozilla.com at Fri, 25 May 2018 21:01:26 +0000
bug 1464505 - remove some unused localization helpers from nsNSSComponent r?fkiefer nsNSSComponent::PIPBundleFormatStringFromName and ::GetNSSBundleString are now unused. They can be removed (which means that nsNSSComponent::mNSSErrorsBundle can be removed as well). MozReview-Commit-ID: GAaGawSDL2n
0e5353ffa725a66ee04c638fa83ad2b99b5da3e9: bug 1461037 - lossily convert invalid UTF8 in certificates for display purposes r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Tue, 15 May 2018 16:41:46 -0700 - rev 798509
Push 110769 by bmo:dkeeler@mozilla.com at Tue, 22 May 2018 23:11:57 +0000
bug 1461037 - lossily convert invalid UTF8 in certificates for display purposes r?fkiefer In debug builds, we assert if any UTF8-to-UTF16 conversion fails. If we have invalid UTF8 in a certificate, we don't want to assert. So, we now lossily convert invalid UTF8 in certificates for any display purposes. This also handles fields that are supposed to be ASCII in a similar way. MozReview-Commit-ID: 6TdVPDTmNlh
7c3cfe766b3771262df0256b2bbcd240fa09fe3a: Bug 1427248 - Avoid changing certificate trust in nsNSSComponent initialization. r=fkiefer, r=jcj, a=RyanVM
David Keeler <dkeeler@mozilla.com> - Mon, 07 May 2018 17:05:30 -0700 - rev 797171
Push 110422 by bmo:khudson@mozilla.com at Fri, 18 May 2018 18:23:40 +0000
Bug 1427248 - Avoid changing certificate trust in nsNSSComponent initialization. r=fkiefer, r=jcj, a=RyanVM If a user has set a master password on their NSS DB(s), when we try to change the trust of a certificate, we may have to authenticate to the DB. This involves bringing up a dialog box, executing javascript, spinning the event loop, etc. In some cases (particularly when antivirus software has injected code into Firefox), this can cause the nsNSSComponent to be initialized if it hasn't already been. So, it's a really, really bad idea to attempt to change the trust of a certificate while we're initializing nsNSSComponent, because this results in a recursive component dependency and everything breaks. To get around this, if we need to load 3rd party roots (e.g. enterprise roots or the family safety root), we defer any trust changes to a later event loop tick. In theory this could cause verification failures early in startup. We'll have to see if this is an issue in practice. MozReview-Commit-ID: FvjHP5dTmpP
9f3f36a92082dc00e9b2c1412b760bba74c6954f: bug 1461037 - lossily convert invalid UTF8 in certificates for display purposes r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Tue, 15 May 2018 16:41:46 -0700 - rev 796600
Push 110303 by bmo:dkeeler@mozilla.com at Thu, 17 May 2018 21:40:56 +0000
bug 1461037 - lossily convert invalid UTF8 in certificates for display purposes r?fkiefer In debug builds, we assert if any UTF8-to-UTF16 conversion fails. If we have invalid UTF8 in a certificate, we don't want to assert. So, we now lossily convert invalid UTF8 in certificates for any display purposes. This also handles fields that are supposed to be ASCII in a similar way. MozReview-Commit-ID: 6TdVPDTmNlh
88f153a35267792154789b6653b5abb51014d613: bug 1461037 - lossily convert invalid UTF8 in certificates for display purposes r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Tue, 15 May 2018 16:41:46 -0700 - rev 796587
Push 110292 by bmo:dkeeler@mozilla.com at Thu, 17 May 2018 21:06:45 +0000
bug 1461037 - lossily convert invalid UTF8 in certificates for display purposes r?fkiefer In debug builds, we assert if any UTF8-to-UTF16 conversion fails. If we have invalid UTF8 in a certificate, we don't want to assert. So, we now lossily convert invalid UTF8 in certificates for any display purposes. MozReview-Commit-ID: 6TdVPDTmNlh
da8d4cad05b30129dac3c17340971db5ae3ad02c: bug 401240 - part 2/2 - reimplement PKCS#12 import/export without goto r=fkiefer
David Keeler <dkeeler@mozilla.com> - Fri, 11 May 2018 11:37:50 -0700 - rev 796248
Push 110198 by bmo:rcaliman@mozilla.com at Thu, 17 May 2018 12:04:52 +0000
bug 401240 - part 2/2 - reimplement PKCS#12 import/export without goto r=fkiefer MozReview-Commit-ID: JUMmTPrEYND
7a2224a146ec8b9f6a6b982be3b241e4b127bf5d: bug 401240 - part 1/2 - run ./mach clang-format on nsPKCS12Blob r=fkiefer
David Keeler <dkeeler@mozilla.com> - Fri, 11 May 2018 11:09:00 -0700 - rev 796247
Push 110198 by bmo:rcaliman@mozilla.com at Thu, 17 May 2018 12:04:52 +0000
bug 401240 - part 1/2 - run ./mach clang-format on nsPKCS12Blob r=fkiefer MozReview-Commit-ID: 81m6dxhg8Pv
92ee9bb7c64c7d7f42726c65ddcdb691de190526: bug 401240 - part 2/2 - reimplement PKCS#12 import/export without goto r?fkiefer draft
David Keeler <dkeeler@mozilla.com> - Fri, 11 May 2018 11:37:50 -0700 - rev 795835
Push 110093 by bmo:dkeeler@mozilla.com at Wed, 16 May 2018 17:15:04 +0000
bug 401240 - part 2/2 - reimplement PKCS#12 import/export without goto r?fkiefer MozReview-Commit-ID: JUMmTPrEYND