Push date [To Local]
ChangesetPatch author — Commit message
Tue Oct 16 04:03:40 2018 +0000
f3123a7800b5Martin Thomson — Backed out changeset 77ae602f995a for gecko build failures. default tip
Tue Oct 16 04:02:30 2018 +0000
704d253fa016Martin Thomson — Backed out changeset 77ae602f995a for gecko build failures, a=bustage NSS_3_40_BRANCH
Mon Oct 15 12:37:32 2018 +0000
1cd55999875dDaiki Ueno — Set version numbers to 3.41 Beta
Fri Oct 12 16:07:38 2018 +0000
f249e74c96a5Daiki Ueno — Set version numbers to 3.40 final NSS_3_40_BRANCH
Fri Oct 12 14:44:52 2018 +0000
5180835aac1dEKR — Bug 1498437 - Require that the server negotiate TLS 1.3 if we sent ESNI. r=mt
Fri Oct 12 07:22:32 2018 +0000
61e5c750dca4Martin Thomson — Bug 1489945 - Handle second ticket with external ticket caching, r=franziskus
45f894ebabdbMartin Thomson — Bug 1434943 - Support for MSVC in, r=jcj
Wed Oct 10 08:12:11 2018 +0000
77ae602f995aFranziskus Kiefer — Bug 1471566 - fix OSS fuzzing build, r=mt
Tue Oct 02 01:29:39 2018 +0000
dc4500650617EKR — Bug 1495451 - Fix issues flagged by coverity. r=mt
Mon Oct 01 19:13:15 2018 +0000
f7323ff43efeKai Engert — Bug 1493822, Removal of "Visa eCommerce Root" CA from Mozilla Root Program, k=kwilson
Mon Oct 01 08:30:12 2018 +0000
94bcc2706b98Franziskus Kiefer — Bug 1479787 - clang-format, r=mt,keeler
403437c461fdFranziskus Kiefer — Bug 1479787 - build mozpkix as part of NSS, r=mt,keeler
1dc240df02b1Franziskus Kiefer — Bug 1479787 - merge mozpkix from mozilla-central to NSS
f0f6152bfb6eXidorn Quan — Bug 1476486 - Apply clang warning suppression (rather than msvc) in pkix for clang-cl. r=froydnj
0a44f961abffAndi-Bogdan Postelnicu — Bug 1453795 - PSM-Security - Initialize member fields in classes/ structures. r=keeler
8a3a984ac29cNarcis Beleuzu — Backed out changeset 6692fb61e97c (bug 1453795) for build bustages on CertVerifier.h . CLOSED TREE
6692fb61e97cAndi-Bogdan Postelnicu — Bug 1453795 - PSM-Security - Initialize member fields in classes/ structures. r=keeler
11334fe0bb37Sylvestre Ledru — Bug 1464869 - Run autopep8 on security/ r=fkiefer
0df0b9dc6b51Sebastian Hengst — Backed out 4 changesets (bug 525063) on request from Andi. a=backout
c02a8910cc27Franziskus Kiefer — Bug 1450967 - MITM error string update, r=keeler
9d7f1e63d6f7Tristan Bourvon — Bug 525063 - Initialize uninitialized class attributes in m-c. r=ehsan
738d02a83ae8Franziskus Kiefer — Bug 1450967 - mitm detection v0.0.1, r=keeler,johannh
cad533d690f7David Keeler — bug 1056341 - introduce a budget for path searching in mozilla::pkix to avoid unbounded search r=fkiefer,jcj
376bb025113cFranziskus Kiefer — Bug 1448787 - separate error for self-signed certs, r=keeler,johannh
f0ce1bf2522dFranziskus Kiefer — Bug 1443744 - fix shadowing issues in pkix, r=keeler
e55f9100a66fDavid Keeler — bug 1441223 - add a new (overridable) error code to describe extra policy constraint failures r=jcj
1bcc640bf550David Keeler — bug 1437214 - if PathBuildingStep::Check fails due to a problem with the subject certificate rather than the potential issuer, set keepGoing to false r=jcj
ae75a612a1d0David Keeler — bug 1430906 - don't hold around a test key forever in mozilla::pkix gtests r=franziskus
7a105e563435Sylvestre Ledru — Bug 1394734 - Simplify various corner cases r=glandium
4d6fe115ec40Sylvestre Ledru — Bug 1394734 - Replace CONFIG['CLANG*'] by CONFIG['CC_TYPE'] r=glandium
62402ac4e5bdSylvestre Ledru — Bug 1394734 - Replace CONFIG['MSVC'] by CONFIG['CC_TYPE'] r=glandium
7feb9404ef39Sylvestre Ledru — Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandium
2482688457a8manikishan — Bug 1198481 - Fixed typo 'id_pk_serverAuth' to 'id_kp_serverAuth'. r=keeler
2aa1f3a3992fSylvestre Ledru — Bug 1411001 - Remove the +x permissions on cpp & h files r=froydnj
a2680796f33aTom Ritter — Bug 1406736 Match MinGW's macro so we declare gmtime_r under MinGW too r=froydnj
a9b4429c0141Nicolas Vigier — Bug 1305396 - Replace memmove with std::copy_backward in a file that doesn't include cstring explicitly. r=keeler
c8f84cc04821Tom Ritter — Bug 1406687 Pass return values from fwrite to Unused to silence the warn-unused-result warning r=njn
b80a66f2f573Sebastian Hengst — Backed out changeset 7a5d74db770b (bug 1406687) for build bustage at testing/gtest/gtest/src/ 'Unused' was not declared in this scope. r=backout
7a5d74db770bTom Ritter — Bug 1406687 Pass return values from fwrite to Unused to silence the warn-unused-result warning r=njn
fea5d7a0daddDaniel Holbert — Bug 1369806: Fix up pkix test to correctly pass zero to CreateEncodedBasicConstraints (which takes a pointer-to-long, rather than a long). r=keeler
665b14dbce75Daniel Holbert — Bug 1369864: Suppress clang -Wno-zero-as-null-pointer-constant build warning, in pkix/test/gtest. r=keeler
0067f28a9caeDaniel Holbert — Bug 1369871: Add "const" keyword to a long* param in a pkix test function. r=keeler
dd01c3d18f36Cykesiopka — Bug 1361750 - Disable various MSVC 2017 warnings in PSM to unbreak --enable-warnings-as-errors builds. r=keeler
3512dacc55f0David Keeler — bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj
79ef4a15606bTim Taubert — Bug 1351779 - Removed unused variable 'loopDetected' from PathBuildingStep::Check() r=keeler
c211a0c60909David Keeler — bug 1339921 - disable clang's shadowed field warning in a mozilla::pkix gtest class r=Cykesiopka,dholbert
f0642139b27bJan Beich — Bug 1346305 - Unbreak --enable-warnings-as-errors on FreeBSD after bug 1343557. r=keeler
38f5f6e96791Wes Kocher — Merge inbound to central, a=merge CLOSED TREE
95d1d5146389Joel Maher — Bug 1344829 - add BUG_COMPONENT to security/* files. r=keeler
f95c9c1098b1Dan Minor — Bug 1343557 - Disable -pedantic-errors for pkix gtests; r=keeler
aaf1de66bda4EKR — Bug 1331280 - Generic telemetry probe for TLS handshake status. r=keeler
726206a2be0aSylvestre Ledru — Bug 1337358 - Converts for(...; ...; ...) loops to use the new range-based loops in C++11 in security/ r=keeler
8138f888cdf6Julian Seward — Bug 1318030 - Possible uninitialised value uses relating to security/pkix/test/gtest/pkixcert_extension_tests.cpp.
e51667cbe70dDavid Cook — Bug 1115718 - Check for empty issuer name in mozilla::pkix; r=keeler
390e0c5897ffSergei Chernov — Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka
703e23f82945Tom Tromey — Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
f1b1524ad001Sergei Chernov — Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler
9b3cbd3b2ad3Julian Seward — Bug 1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 SHA1_End. r=dkeeler.
c2485ea5124aChris Peterson — Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium
d36577946ecdDavid Keeler — bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj
b126ac4439eaCykesiopka — Bug 1257031 - Return more informative error code when encountering invalid integers rather than SEC_ERROR_BAD_DER. r=keeler
29652e10e988David Keeler — bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin
447151feab36David Keeler — bug 1258579 - remove some unnecessary time-related globals from mozilla::pkix tests r=Cykesiopka
915df647d6edBrian Smith — Bug 1189020 - Replace |// unnamed namespace| with |// namespace| in mozilla::pkix. r=Cykesiopka
4b1cef01dd05Gregory Szorc — Bug 1256484 - Disable C4456 and C4458 to unblock compilation on VS2015; r=keeler
af032d9f305fDavid Keeler — bug 1255153 - (re)move redundant xpcshell name constraint tests to gtests r=Cykesiopka,jcj
4f2d01040feaDavid Keeler — bug 1248099 - add extended key usage tests for mozilla::pkix r=Cykesiopka,jcj
5f431128d5ffXidorn Quan — Bug 1229587 part 1 - Disable C4464 warning newly added in VS2015u1. r=keeler
af766f49e6fcMark Goodwin — Bug 901698 - Some tests for OCSP-must-staple; r=keeler
80ec97f368ceMark Goodwin — Bug 901698 - Implement OCSP-must-staple; r=keeler
9ab2b7c1cdf4Richard Barnes — Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
14f839d85e4fJacek Caban — Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
aada4c5fed19Nicholas Nethercote — Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
d0159ce9ae4aRyan VanderMeulen — Backed out changeset 7afe39a4cc46 (bug 1199624) for Windows bustage.
7afe39a4cc46Jacek Caban — Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
874f6647e3d6Mike Hommey — Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
447a74fd9247Mike Hommey — Backout changesets 88cd640b130a and b9706b494db6 (bug 1189891) for pkix bustage
b9706b494db6Mike Hommey — Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
88cd640b130aBirunthan Mohanathas — Bug 1182996 - Fix and add missing namespace comments. rs=ehsan
7c58347cff62Mark Goodwin — Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
bd7b1c3eae51Cykesiopka — Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
c7278c6b729eTim Taubert — Bug 1060112 - Don't treat OCSP responses omitting the requested certificate status as "unknown certificate" responses blocking the connection r=keeler
bb6f23adf805David Keeler — bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
79097379a944David Keeler — bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith
c4a164f934eaBrian Smith — Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler
5238be4b8527Brian Smith — Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler
4000fd84b8e2Brian Smith — Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler
667e5d2ca899Brian Smith — Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler
29409b5c9457Mike Hommey — Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith
b23e82fc0f1bBrian Smith — Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler
07bf7b6e53bcBrian Smith — Bug 1146057: Remove support for GCC 4.6, r=keeler
d57ad58a7bfcBrian Smith — Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler
ca4305a1f6d0Brian Smith — Bug 1136278, Part 1: Refactor algorithm identifiers in tests, r=keeler
30be44a677eaDavid Keeler — bug 1143085 - allow subject alternative name extensions to be empty for compatibility r=briansmith a=kwierso
842f6a0c3141David Keeler — Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching. r=briansmith
8dfef950e70cBrian Smith — Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
c84a7ff1acddBrian Smith — Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler
ca470b2ed517Brian Smith — Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler
3757e7171a57Brian Smith — Bug 1135407: Factor out duplicate logic in tests, r=keeler
4192056774b0Ehsan Akhgari — Bug 1135745 - Disable the reserved-id-macro macro in security/pkix; r=briansmith
adeca598ed37Brian Smith — Bug 1133618 - Move test SHA1 function to pkixtestutil.cpp. r=mmc
de01871e62a3Brian Smith — Bug 1130754 - Make PublicKeyAlgorithm an enum class. r=keeler
e4a08ca544baCykesiopka — Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler
320be6ecb1ffBrian Smith — Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler
c730ca8993d0Brian Smith — Bug 1122841, Part 2: Centralize checking of public key, r=keeler
b81ef75ef4e8Brian Smith — Bug 1122841, Part 1: Add PositiveInteger parser, r=keeler
b20b38da8176Brian Smith — Bug 1128413, Part 4: Fix warnings in mozilla-config.h and gcc-stl-wrapper.template.h, r=glandium
1297562cd89fBrian Smith — Bug 1128413, Part 3: Enable more compiler warnings, r=mmc
4876c8d5d326Brian Smith — Bug 1128413, Part 2: Don't use double underscores any more
426ca128d8e2Brian Smith — Bug 1128413, Part 1: Fix switch-related warnings, r=mmc
3676bcb27c8eCykesiopka — Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler
4652f276a3a8Ehsan Akhgari — Bug 1126128 - Mark TestTrustDomain::VerifySignedData as override; r=bsmith
59d67753c4c3Ehsan Akhgari — Backed out changeset 73545684c272 (bug 1117034) because of build bustage on a CLOSED TREE
73545684c272Ehsan Akhgari — Bug 1117034 - Mark some overridden functions in the tree as override
b867e381d7eaDavid Keeler — bug 1125261 - mozilla::pkix: handle comparing single, relative labels with wildcards r=briansmith
5a4201c985c2Daniel Holbert — Bug 1125673: Mark method 'FindIssuer' as 'override' in pkixocsp_VerifyEncodedOCSPResponse.cpp, to fix clang warning. r=briansmith
618751351776Cykesiopka — Bug 1077790 - Make mozilla::pkix::CheckPublicKeySize() accept specific elliptic curves only. r=briansmith
4b3fb25024f9Brian Smith — Bug 1114703: Remove mozilla::pkix's polyfill for std::bind, r=mmc
414fc7eca890Brian Smith — Bug 1122835, Part 2: Simplify BitStringWithNoUnusedBits, r=keeler
d78c2b581148Brian Smith — Bug 1122835: Add missing return value checks for Input::SkipToEnd, r=keeler
3574013ea697Benjamin Peterson — No bug - fix typo r=me DONTBUILD
a64cb6368415Brian Smith — Bug 1115910: Remove now-unneeded nullptr polyfill for old versions of GCC, r=keeler
8f41ea37cd5dBrian Smith — Bug 1115906, Part 3: Make formatting of struct/class/enum class more consistent, r=keeler
e5d13fba59e8Brian Smith — Bug 1115906, Part 2: Annotate classes and member functions with override and final, r=keeler
551c3a4d2e76Brian Smith — Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler
d5fc116ca801Masatoshi Kimura — Bug 1120664 - Rename mozilla::pkix::Result::ERROR_INVALID_TIME to avoid collision with a macro defined in windows.h. r=bsmith
e8ceca777690Brian Smith — Bug 1118122: Reland Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj
3b0553b57555Brad Lassey — bug 1118554 - fix gcc4.9 warnings on Android, <cstdlib> instead of <stdlib.h> r=gcp
fb3a491bba04Jacek Caban — Bug 1119179 - Avoid gmtime_r duplication if it's provided by mingw. r=bsmith
83f0473404f7Brian Smith — Bug 1118599 - Remove now-unneeded MOZILLA_PKIX_ENUM_CLASS workaround for GCC enum class bugs. r=mmc
0b1e97fb8f19Brad Lassey — bug 1118554 - make android's stdcxx work r=glandium
59ea941eb72aBrian Smith — Bug 1073867, Part 5: Make DSS test faster, r=mmc
119f49389cadBrian Smith — Bug 1117003 - Backout cset 0c9007d26fc7 (Bug 1115903, Part 2), r=ehsan
0c9007d26fc7Brian Smith — Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj
56862d7bbdd5Brian Smith — Bug 1115903, Remove VS2010 workarounds, r=mmc
4c48b273ac22Brian Smith — Bug 1115761, Part 4: Add "fall through" comment, r=jcj
ecbc9800fb59Brian Smith — Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj
af401207a396Brian Smith — Bug 1115761, Part 2: Use NotReached more consistently in pkixnss.cpp, r=jcj
8a1026ee374bBrian Smith — Bug 1115761, Part 1: Remove obsolete references to NSS stuff in comments, r=jcj
706e9e981fd9Brian Smith — Bug 1035414, Part 2: Always check subject's issuer matches issuer's subject, r=jcj
3773ed67d563Brian Smith — Bug 1035414, Part 1: Test issuer/subject name matching, r=jcj
81130150a290Brian Smith — Bug 1073867, Part 4: Test that DSS end-entity certificates are rejected, r=mmc
3fd5fbe70bb6Brian Smith — Bug 1073867, Part 3: Reject DSS end-entity certificates, r=mmc
a63e97885f9aBrian Smith — Bug 1115181: Remove pkixnss.h dependency from pkixcert_signature_algorithm_tests, r=keeler
dfb8152d4cc7Brian Smith — Bug 1070444: Remove NSS dependencies in pkixbuild_tests.cpp, r=keeler
63db7c4d4887Brian Smith — Bug 1114701: Replace function pointers with function references, r=keeler
6fa5c4bd5e49Daniel Holbert — Bug 1114671: Use function pointer (instead of reference) in pkix/bind.h, for consistency & to fix -Wignored-qualifiers build warning for 'const'. r=briansmith
feced5aff165J.C. Jones — Bug 968451 - Document the exported functions exposed from mozilla::pkix (pkix/pkix.h). r=keeler
1882d6982107Brian Smith — Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler
2f7ebb7d87e8Brian Smith — Bug 1111399, Part 2: Implement RFC822 (email) name constraints, r=keeler
765da63d624aBrian Smith — Bug 1111399, Part 1: Preconditions for RFC822 name constraints, r=keeler
ec31f88473feBrian Smith — Bug 1111398: Rename ValidDNSIDMatchType to IDRole, r=keeler
19cd5881dcb4Brian Smith — Bug 1111397: Refactor error handling for name matching, r=keeler
42ac4e36b33fBrian Smith — Bug 1111392: Add tests for malformed name constraints where there are no names of the constrained type, r=keeler
3052b38ed269David Keeler — bug 1108408 - GeneralName types such as otherName where the value is a SEQUENCE should have the CONSTRUCTED bit set r=briansmith
8524e6137905Brian Smith — Bug 1107791 Remove support for unusual wildcard names in certificates, r=keeler
bc1e9070967fBrian Smith — Bug 1107790: Remove support for absolute hostnames in presented DNS IDs and name constraints, r=keeler
d22d8ffa4881Brian Smith — Bug 1107946: Fixed unused variable warnings in pkixnames_tests.cpp, r=keeler
6ad87612e8d8Brian Smith — Bug 970542, Part 9: Better document name constraints as reference IDs, r=keeler
e879f7b44d24Brian Smith — Bug 970542, Part 8: IPAddress name constraint tests, r=keeler
42960b151acaBrian Smith — Bug 970542, Part 7: More CN-ID name constraint tests, r=keeler
50d77e6e978cBrian Smith — Bug 970542, Part 6: DNSName name constraint tests, r=keeler
ed7fbb021b6bBrian Smith — Bug 970542, Part 5: New name constraint implementation, r=keeler, r=mmc
5ce0f0880bd0Brian Smith — Bug 970542, Part 4: DirectoryName name constraint matching, r=keeler
bdcb5885888dBrian Smith — Bug 970542, Part 3: IPAddress name constraint matching, r=keeler
fa8c238f35fcBrian Smith — Bug 970542, Part 2: DNSName name constraint matching, r=keeler
7af474cc9196Brian Smith — Bug 970542, Part 1: Refactor name matching within CN AVAs to reduce duplicate logic, r=keeler
0b702a0bfcbaDavid Keeler — bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith
08179a82d53dMasatoshi Kimura — Bug 1094495 - Disable C4480 in security/pkix. r=keeler
50d35bb66af3David Keeler — bug 1079658 - follow-up bustage fix (unnecessary multi-line C++-style comment) r=bustage on a CLOSED TREE
9df2a842fbaeDavid Keeler — bug 1079658 - check for the id-pkix-ocsp-nocheck extension when decoding certificates r=briansmith
6d6053ed2f0dChris Peterson — Bug 1092028 - Fix -Wunused-const-variable warning-as-error in security/pkix/test/gtest. r=bsmith
b7141232c741Brian Smith — Bug 1089104: Add support for TeletexString-encoded CN-IDs to CheckCertHostname, r=keeler
30ccddc3e97bBrian Smith — Bug 1089393: Fix hex excape sequences ('\0x' -> '\x') in pkixnames_tests.cpp, r=mmc
eb0293e2ed83Monica Chew — Bug 1083539: Fix dropped return value check (r=keeler)
b048a41ea711Brian Smith — Bug 1085497: Add Input::size_type, r=mmc
acd14b1c35beBrian Smith — Bug 1063281, Part 8: Rewrite PresentedDNSIDMatchesReferenceDNSID, r=keeler
3b1e093a87fdBrian Smith — Bug 1063281, Part 7: Implement IsValidPresentedDNSID, r=keeler
4b6ec67df7d3Brian Smith — Bug 1083539: Factor out common SEQUENCE unwrapping logic into reusable functions, r=mmc
49abe491f6afBrian Smith — Bug 1063281, Part 6: Implement CheckCertHostname, r=keeler
5fd905aaa97fBrian Smith — Bug 1063281, Part 5: Implement DNS ID matching, r=keeler
eb75e67c1de4Brian Smith — Bug 1063281, Part 4: Implement ParseIPv6Address, r=keeler
9de642400c56Brian Smith — Bug 1063281, Part 3: Implement ParseIPv4Address, r=keeler
ad92738ff3f8Brian Smith — Bug 1063281, Part 2: Implement IsValidDNSName, r=keeler
06615c16a7d1Brian Smith — Bug 1063281, Part 1: Expose moilla::pkix::BackCert::GetSubjectAltName, r=keeler
21145aa9bcc0Cykesiopka — Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
4882c5f7e91dCarsten "Tomcat" Book — Backed out changeset 87cfebb3b6fe (bug 622859) for breaking m1 tests
87cfebb3b6feCykesiopka — Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
176b17aea7ecDavid Keeler — bug 1042889 - use a separate error for untrusted x509v1 certificates used as CAs r=briansmith
b8ab1e9798f6Brian Smith — Bug 1078108: Use a longer OCSP response validity period in tests, r=keeler
61401f00b795Carsten "Tomcat" Book — Backed out changeset 77e0240c2526 (bug 1078108) for breaking B2g ICS Builds
77e0240c2526Brian Smith — Bug 1078108: Use a longer OCSP response validity period in tests, r=keeler
ca2e9c83d730Brian Smith — Bug 1077926: Make test certificate generation faster by reusing key, r=keeler
a50a9acd717fDavid Keeler — bug 1058812 - (3/3) mozilla::pkix: test handling unsupported signature algorithms r=briansmith
944cf5488d37David Keeler — bug 1058812 - (2/3) mozilla::pkix: use ByteStrings to identify signature algorithm parameters in tests r=briansmith
32d860f9025bDavid Keeler — bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith
4a4e9197f881David Keeler — backout b779e9db337c (bug 1058812 1/3) for mochitest orange on a CLOSED TREE
ecbbc75c8f36David Keeler — backout 87ce5a58dff3 (bug 1058812 2/3) for mochitest orange on a CLOSED TREE
5a3068f77774David Keeler — backout e2005d63d09c (bug 1058812 3/3) for mochitest orange on a CLOSED TREE
e2005d63d09cDavid Keeler — bug 1058812 - (3/3) mozilla::pkix: test handling unsupported signature algorithms r=briansmith
87ce5a58dff3David Keeler — bug 1058812 - (2/3) mozilla::pkix: use ByteStrings to identify signature algorithm parameters in tests r=briansmith
b779e9db337cDavid Keeler — bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith
fef09fc4f8a2Brian Smith — Bug 1077887: Work around old GCC "enum class" bug, r=mmc
8223fc0ec405Brian Smith — Bug 1077859: Make ENCODING_FAILED safe to use in static initializers, r=mmc
865a73b0410fEhsan Akhgari — Fix one bad implicit constructor in pkix, no bug, blanket-rs=bsmith
f84e52e4706bCarsten "Tomcat" Book — Backed out changeset 4ea25fb195e3 (bug 1077859) for causing frequent Mac OSX XPCshell test failures
4bfd7853a2fdCarsten "Tomcat" Book — Backed out changeset 5c9fa9ccba44 (bug 1077887)
f56ef87537e8Carsten "Tomcat" Book — Backed out changeset c66393b6747c (bug 1077926)
c66393b6747cBrian Smith — Bug 1077926: Make test certificate generation faster by reusing key, r=keeler
5c9fa9ccba44Brian Smith — Bug 1077887: Work around old GCC "enum class" bug, r=mmc
4ea25fb195e3Brian Smith — Bug 1077859: Make ENCODING_FAILED safe to use in static initializers, r=mmc
935d3912d2b4David Keeler — bug 1045739 - (part 2/2) mozilla::pkix: test that revocation checking doesn't occur for expired certificates r=mmc
2cfa06a07f81Brian Smith — bug 1045739 - (1/2) mozilla::pkix: stop checking revocation for expired certificates r=keeler
103648f9973dDavid Keeler — bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco
5a0bc43e8679Richard Barnes — Bug 1045973 - sec_error_extension_value_invalid: mozilla::pkix does not accept certificates with x509v3 extensions in x509v1 or x509v2 certificates r=keeler
276a7d6b9e19David Keeler — bug 1060929 - mozilla::pkix: allow explicit encodings of default-valued BOOLEANs for compatibility r=briansmith
d811b42cbf3bRichard Barnes — Backed out changeset bf39c7535955 (bug 1045973)
bf39c7535955Richard Barnes — Bug 1045973 - sec_error_extension_value_invalid: mozilla::pkix does not accept certificates with x509v3 extensions in x509v1 or x509v2 certificates
d84a51edc068Brian Smith — Bug 1065264: Use MOZILLA_PKIX_MAP_LIST to define mozilla::pkix::Result, r=keeler
86e0ead21be9Brian Smith — Bug 1065173: Move more NSS dependencies to pkixtestnss.cpp, r=keeler
ae5e2cb45ed3Brian Smith — Bug 1063031: Remove mozilla::pkix::test::NSSTest, r=keeler
f27ed5350051Camilo Viecco — Bug 1067565 - Built-in pins expires decades later. r=keeler
c5deca8cba3cBrian Smith — Bug 1063013, Part 4: Move MapResultToName and MAP_LIST out of pkixnss.h/pkixnss.cpp, r=keeler
c4b9297979c7Brian Smith — Bug 1063013, Part 3: Move dependencies on pkixnss to pkixtestnss, r=keeler
8ec1eff5d140Brian Smith — Bug 1063013, Part 2: Remove unnecessary pkixnss dependency from pkixocsp_CreateEncodedOCSPRequest, r=keeler
d9da0272f907Brian Smith — Bug 1063013, Part 1: Remove pkixnss dependency from pkixtestutil.cpp, r=keeler
9e3f6f7474f4Brian Smith — Bug 1063006: Centralize direct use of NSS for crypto in the mozilla::pkix test suite, r=keeler
3d67f57a0502Brian Smith — Bug 1059924, Part 2: Test that the high tag number form is rejected, r=keeler
1d95d9b80e69Brian Smith — Bug 1061483 follow-up: remove now-unused deleteCharArray function, r=me, a=bustage
3a4251234a26Brian Smith — Bug 1061483: Remove dependency on NSPR's PR_smprintf, r=cviecco
46250b0120beBrian Smith — Bug 1061021, Part 17: Use now-unused PLArenaPool infrastructure, r=keeler
101b4b6d8849Brian Smith — Bug 1061021, Part 16: Stop using PLArenaPool in pkixocsp_CreateEncodedOCSPRequest, r=keeler
88a132d5b1abBrian Smith — Bug 1061021, Part 15: Stop using PLArenaPool in CreateEncodedOCSPResponse, r=keeler
8743adefe38aBrian Smith — Bug 1061021, Part 14: Stop using PLArenaPool in CreateEncodedCertificate, r=keeler
1fd4a7e00bd1Brian Smith — Bug 1061021, Part 13: Remove Output class, r=keeler
07b910800d29Brian Smith — Bug 1061021, Part 12: Stop using PLArenaPool for ResponseData encoding, r=keeler
86d4257c47bcBrian Smith — Bug 1061021, Part 11: Stop using PLArenaPool for TBSCertificate and SignedData encoding, r=keeler
ae1e6fc28aecBrian Smith — Bug 1061021, Part 10: Stop using PLArenaPool for extension encoding, r=keeler
40b2079e912cBrian Smith — Bug 1061021, Part 9: Stop using PLArenaPool for SingleResponse encoding, r=keeler
cbd4132642d4Brian Smith — Bug 1061021, Part 8: Stop using PLArenaPool for CertID encoding, r=keeler
bc91f4793d5aBrian Smith — Bug 1061021, Part 7: Stop using PLArenaPool for SignedData encoding, r=keeler
90d09ed5c83bBrian Smith — Bug 1061021, Part 6: Stop using PLArenaPool for boolean encoding, r=keeler
acf8ecaeeb33Brian Smith — Bug 1061021, Part 5: Remove InitInputFromSECItem, r=keeler
5754cdc8fa0aBrian Smith — Bug 1061021, Part 4: Stop using PLArenaPool for time encoding, r=keeler
edf6255af552Brian Smith — Bug 1061021, Part 3: Stop using PLArenaPool for BitString encoding, r=keeler
59ca4088b5aeBrian Smith — Bug 1061021, Part 2: Stop using NSS to encode integers and serial number, r=keeler
cf0ddad16d73Brian Smith — Bug 1061021, Part 1: Stop using NSS to encode names in tests, r=keeler
956856eaf246Brian Smith — Bug 1059924, Part 1: Centralize tag and length decoding in mozilla::pkix's DER decoder, r=keeler
1c6057955f8aBrian Smith — Bug 1059928: Remove SECOidTag from mozilla::pkix testsuite interface, r=keeler
7aed8e73b3c2David Keeler — bug 1057123 - mozilla::pkix: allow end-entity certificates to assert keyCertSign in some cases r=briansmith
87bd7d4c541aMike Hommey — Bug 1041941 - Use templates for programs, simple programs, libraries and C++ unit tests. r=gps
b55a82d00b04Ehsan Akhgari — Bug 1060975 - Fix bad implicit constructors in security; r=bsmith
0d9e1adba9c0Camilo Viecco — Bug 1039166 - Fix intermittent gtest ASAN errors. r=dkeeler
e8409018d8ecBrian Smith — Bug 1059926: Give the ability to generate more encodings, r=keeler
5dd940a541d3Brian Smith — Bug 1057793: Fix build warning on MSVC 2013, r=keeler
5ca5616168eaBrian Smith — Bug 1057791: Switch PR_ASSERT to assert in pkixcheck.cpp, r=keeler
ef064019410dBrian Smith — Bug 1057790: Limit scope of CERTCertificate-related stuff to the scope it is used, r=keeler
45de3b567820Brian Smith — Bug 1053924: Remove dependencies on PRTime in mozilla::pkix's test code, r=keeler
59fbab61bf96Cykesiopka — Bug 1052529 - Add missing l10n strings for mozilla::pkix errors. r=keeler
74f7df1f03e8David Keeler — bug 1009161 - mozilla::pkix: allow the Netscape certificate type extension if more standardized information is present r=briansmith
5953bf2571f0Camilo Viecco — Bug 1047177 - Treat v4 certs as v3 certs (1/2). r=keeler.
1d5756884f35Brian Smith — Bug 1053627, Part 2: Use MOZILLA_PKIX_ARRAY_LENGTH instead of PR_ARRAY_SIZE, r=keeler
aab0248be343Brian Smith — Bug 1053627, Part 1: use sizeof instead of PR_ARRAY_SIZE for byte arrays, r=keeler
0b09d111368cBrian Smith — Bug 1053621: Stop using PR_NOT_REACHED in mozilla::pkix, r=keeler
85a868671ad7Brian Smith — Bug 1053620: Replaces uses of PR_Abort with std::abort in mozilla::pkix, r=keeler
103617bdc565Brian Smith — Bug 1053617: Reduce scope of DER encoding debugging logic to the file it is used in, r=keeler
b23f97018cceBrian Smith — Bug 1053616: Remove uses of PR_SetError from mozilla::pkix tests, r=keeler
636639b0f0b1Cykesiopka — Bug 1052257 - Add and use error code specific to inadequate key sizes. r=keeler
ffe4741a32efBrian Smith — Bug 1048642, Part 3: Remove SECStatus GTest utilities, r=cviecco
91860e48f97bBrian Smith — Bug 1048642, Part 2: Change GenerateKeyPair return type from SECStatus to Result, r=cviecco
75b0a9c807faBrian Smith — Bug 1048642, Part 1: Change TamperOnce return type from SECStatus to Result, r=cviecco
5d522165ffbbDavid Keeler — bug 1040446 - mozilla::pkix: add error code for CA cert used as end-entity cert r=briansmith
bf2a551e8306Brian Smith — Bug 1048070, Part 2: Remove uses of PR_NOT_REACHED and PR_ARRAY_SIZE in mozilla::pkix, r=keeeler
7e8a72fe2994Brian Smith — Bug 1048070, Part 1: Replace uses of PR_ASSERT in mozilla::pkix, r=keeler
75a4cfe83b66Brian Smith — Bug 1042479: Accept the OIW sha1WithRSASignature OID, r=keeler
37e60712078aDavid Keeler — bug 1047494 - refactor tautological size check in mozilla::pkix::VerifySignedData r=briansmith
d641b9be5414Brian Smith — Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler
34706feaf2beBrian Smith — Bug 1047792: Rely on mozilla::pkix to filter out expired certs instead of CERT_CreateSubjectCertList, r=keeler
7981db8aab34Brian Smith — Bug 1041344: Refactor mozilla::pkix::CheckCertificatePolicies, r=cviecco
6d708eb0bd06Brian Smith — Bug 1041186, Part 3: More renaming, r=keeler
be95f831b815Brian Smith — Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler
8c4c865dffb1Brian Smith — Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler
028a548273eeBrian Smith — Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco
e40b8c7a1f7cBrian Smith — Bug 1039601: Use bounds-checked DERArray instead of plain arrays in pkixocsp.cpp, r=cviecco
877ad32f2fb0Brian Smith — Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler
c39110909254Mike Hommey — Bug 1041864 - Remove LIBRARY_NAMEs that aren't used. r=mshal
c3c1bc04d20bJeff Muizelaar — Bug 1037220. Reorder rendering to avoid render target switches. r=mwoodrow,bgirard
d3bea72b4bacCykesiopka — Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith
5c46ec883fa5Brian Smith — Bug 1038837: Factor out mozilla::pkix::Input into a separate header, r=mmc
1b85010e1e08Brian Smith — Bug 1038828: Replace mozilla::pkix::der::Result with uses of mozilla::pkix::Result, r=mmc
ad2dde29f460Brian Smith — Bug 916629, Part 4: Unit tests for trust of delegated OCSP responder certificates for mozilla::pkix, r=keeler
fbb75ea73258Brian Smith — Bug 916629, Part 3: Unit tests for OCSP responses signed by a delegated OCSP responder for mozilla::pkix, r=keeler
6dffe58f144aBrian Smith — Bug 916629, Part 2: Unit tests for "successful" OCSP responses for mozilla::pkix, r=keeler
c1332f88b791Brian Smith — Bug 916629, Part 1: Unit tests for OCSP responses without responseBytes, r=keeler
354983173ff0Brian Smith — Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
154fdd34da30Brian Smith — Bug 1036107, Part 2: Test algorithm identifier parsing, r=keeler
b64db3d28963Brian Smith — Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
c68c6bc73bb6Brian Smith — Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco
04fc71b7aef1Brian Smith — Bug 1035942: Decide whether to consider end-entity CN as a dnsName in CheckNameConstraints instead of in BuildCertChain, r=cviecco
4b5d5f76095bBrian Smith — Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
de669872700fCamilo Viecco — Bug 1030204 - 1/2 Name constraint ANSSI(DCISS) Root cert in mozilla::pkix. r=keeler
8829186d7542Chris Peterson — Bug 1035607 - Remove unused empty_null to fix -Wunused warning-as-error in security/pkix. r=briansmith
82de1047683bBrian Smith — Bug 1035470: Use signature algorithm OID instead of digest algorithm OID in the signature field of certificates in mozilla::pkix tests, r=cviecco
14288e5a9043Brian Smith — Bug 1035008, Part 2: Modify existing mozilla::pkix GTests to follow naming conventions, r=mmc
5243b80e8505Brian Smith — Bug 1035008, Part 1: Document naming convention for mozilla::pkix GTests, r=mmc
f08717fca795Brian Smith — Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc
2f73760f7204Brian Smith — Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler
8f717d66d4c9Brian Smith — Bug 1033563, Part 2: Convert mozilla::pkix::BuildForwardInner into an iterator-type thing, r=keeler
0c9f46cd3030Brian Smith — Bug 1033563, Part 1: Move revocation checking code from mozilla::pkix::BuildForward to BuildForwardInner, r=keeler
01c0bf3a7a2aBrian Smith — Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler
6f192992c582Brian Smith — Bug 1029247, Part 1: Add new overload to mozilla::pkix::bind, r=keeler
ef8e2a00b1bfBrian Smith — Bug 1034632: Fix suppression of warnings for MOZILLA_PKIX_ENUM_CLASS, r=mmc
ede58a6cc725Brian Smith — Bug 1034412: Clarify definition of mozilla::pkix::der::SEQUENCE, r=mmc
f7ed4f51783dBrian Smith — Bug 1019770: Add tests for checking of notAfter and notBefore, r=cviecco
230bf24c3ec9Brian Smith — Bug 1033103: Add and use mozilla::pkix::der::ExpectTagAndGetTLV, r=keeler
df136d24eef6Brian Smith — Bug 1033092: Add unit tests for mozilla::pkix::der::ExpectTagAndGetValue, r=keeler
f742e1b03ab0David Keeler — bug 1019770 - follow-up to remove unused const GENERALIZED_TIME_LENGTH r=briansmith
09f2f7e776e8Brian Smith — Bug 1032947: Change CheckNameConstraints to construct CERTCertificate instances when needed, r=keeler
05df502a4bb8Brian Smith — Bug 1019770: Add more tests for parsing GeneralizedTime and TimeChoice, r=cviecco
05443973ca34Brian Smith — Bug 1019770, Part 2: modify existing GeneralizedTime tests to test TimeChoice too, r=cviecco
a6700e7f23cdBrian Smith — Bug 1019770: Use mozilla::pkix::der to decode times and certificate validity period, r=cviecco
2652f9b8ed16Wes Kocher — Backed out changeset 70e4c9018648 (bug 1019770)
aba37393cb27Wes Kocher — Backed out changeset 3b8334fda57d (bug 1019770)
d8ed4d7d5727Wes Kocher — Backed out changeset e139492ea05b (bug 1019770)
0ba39a20da4cWes Kocher — Backed out changeset 7a3c8389f643 (bug 1032947)
7a3c8389f643Brian Smith — Bug 1032947: Change CheckNameConstraints to construct CERTCertificate instances when needed, r=keeler
e139492ea05bBrian Smith — Bug 1019770: Add more tests for parsing GeneralizedTime and TimeChoice, r=cviecco
3b8334fda57dBrian Smith — Bug 1019770, Part 2: modify existing GeneralizedTime tests to test TimeChoice too, r=cviecco
70e4c9018648Brian Smith — Bug 1019770: Use mozilla::pkix::der to decode times and certificate validity period, r=cviecco
e8e9401fca18Brian Smith — Bug 1031542: Add test case for key usage without any value bits, r=keeler
a7ce6be46094Brian Smith — Bug 1030475: Use a valid id-ce-inhibitAnyPolicy extension value for test pkix_cert_extensions.KnownCriticalCEExtension, r=keeler
3886549144ceBrian Smith — Bug 1030478: Make the AIA extension used in pkix_cert_extensions.CriticalAIAExtension less invalid, r=keeler
0a71e9aa55f3Brian Smith — Bug 1031022: Go back to accepting explicit encoding of v1 for certificates and OCSP responses, r=cviecco
6f1da711a5e1Brian Smith — Bug 1029341: Factor out decoding of certificate/OCSP extensions, r=keeler
b3320eadf9b9Brian Smith — Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco
93aa37410859Brian Smith — Bug 1029992, Improve AlgorithmIdentifier decoding in mozilla::pkix, r=cviecco
bd644e2b3295Carsten "Tomcat" Book — Backed out changeset 7b68babb36ed (bug 1029364) for B2G Device and Emulator Bustage on a CLOSED TREE
6740dc2a0f2bCarsten "Tomcat" Book — Backed out changeset 293cc90eb1d8 (bug 1029341)
293cc90eb1d8Brian Smith — Bug 1029341: Factor out decoding of certificate/OCSP extensions, r=keeler
7b68babb36edBrian Smith — Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco
e1546afaa4cbBrian Smith — Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
2a2881b88dacDavid Keeler — bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith
b9f36cfede5dBrian Smith — Bug 1006812: Use mozilla::pkix::der to decode the key usage extension, r=keeler
6fb1b8bbfe36Brian Smith — Bug 1027255: Add ASSERT_/EXPECT_ GTest helpers for mozilla::pkix::Result, r=mmc
8bf9d1db9756Brian Smith — Bug 1022970: Switch from UNIFIED_SOURCES back to SOURCES in security/pkix, security/certverifier, and security/manager/ssl/src, r=keeler
7501d2d75778Camilo Viecco — Bug 998513 - Test GeneralizedTime encodings in mozilla::pkix. r=keeler.
2056f72684e8David Keeler — bug 1020993 - properly handle unknown critical extensions in BackCert::Init r=briansmith
c87a64ddc34eCamilo Viecco — Bug 1021797 - Rename ArenaFalseCleaner to PORT_FreeArena_false. r=keeler
285280a366a2Brian Smith — Bug 1020683, Part 3: Fix build bustage, a=BUSTAGE on a CLOSED TREE
802f0aeb80f1Brian Smith — Bug 1020682: Simplify mozilla::pkix results cert chain construction and make it more efficient, r=cviecco
00685ee5dc8bBrian Smith — Bug 1020683, Part 2: Remove more references to CERTCertificate from mozilla::pkix, r=keeler
409b85bc5666Brian Smith — Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
aaf2f5dbf410Brian Smith — Bug 1018411: Factor out signed data parsing in mozilla::pkix into a reusable and separately-testable function, r=keeler
fa6a44d6406bCamilo Viecco — Bug 1000548 - Leaking arenas allocated in mozilla::pkix r=keeler
256ba8fcdc48Brian Smith — Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
596d6e2edb9dBrian Smith — Bug 1019109: Add tool, r=keeler
e02114bec135Brian Smith — Bug 1018633: Simplify the max cert chain length check code in mozilla::pkix and make it more efficient, r=cviecco
7892ae7fa4c5Brian Smith — Bug 1001188: Set the error code when the max cert chain length limit is exceeded, r=cviecco
b02b3fe865a2Brian Smith — Bug 1018642: Factor out reusable NSS GTest infrastructure into a new NSSTest class, r=cviecco
b7273e1ff04bBrian Smith — Bug 1018064: Replace mozilla::pkix::der::Input::Match with mozilla::pkix::der::Input::MatchRest, r=mmc
c2db252ba069Brian Smith — Bug 1018061: Have mozilla::pkix::der::Input::Read use EnsureLength instead of its own checks, r=mmc
43f0db236c05Camilo Viecco — Bug 991815 - Part 1/2 - Allow intermediate OCSP responses up to 1 year old. r=keeler
654f509c6524Brian Smith — Bug 1018033: Prevent buffer read overflow due to integer overflow in mozilla::pkix::der::Input::EnsureLength, r=keeler
0f8f93ecc638Brian Smith — Bug 1018041: Fix linking error in pkix_ocsp_request_tests when GTest is enabled on Windows, r=keeler
2c2c06d50c9eChris Peterson — Bug 1007708 - Part 1: Fix warnings in security/pkix/test/ and mark as FAIL_ON_WARNINGS. r=briansmith
c91ca2050c0fDavid Keeler — bug 986150 - fix some comments in mozilla::pkix DER tests r=mmc
9760266b33d1David Keeler — bug 986150 - test mozilla::pkix::der::OptionalBoolean r=mmc
4ccf8ac0ae2dDavid Keeler — bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith
48f62dea0cc4David Keeler — bug 1002814 - retry PK11_GenerateKeyPair when it fails non-fatally r=briansmith
b9b08e5e4685Brian Smith — Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
6fa351c65403Brian Smith — Bug 1010581: Document Expect/Match/Skip terminology in mozilla::pkix::der and make that code more consistent, r=keeler
34c3d9eaf995Brian Smith — Bug 1006041: Use mozilla::pkix::der for decoding the extended key usage extension, r=keeler
12e0942396f7Brian Smith — Bug 989564, Part 2: Remove CERTCertificate dependency from CheckBasicConstraints, r=keeler
137b800c2371Brian Smith — Bug 989564, Part 1: Decode basic constraints extension using mozilla::pkix::der, r=keeler
b4de91b65bc7David Keeler — backout fefd98914b02 (bug 1002814) for gtest breakage
fefd98914b02David Keeler — bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith
54ae61542a72Gervase Markham — Bug 1007195 - Change licensing on mozilla::pkix to dual Apache 2/MPL 2. r=briansmith.
a581aefd17aaJacek Caban — Bug 1005309 - Fixed MSVC detection.
0804e1157e56David Keeler — bug 1007962 - CreateEncodedCertificate should take a SECItem as its serialNumber argument r=mmc
ec31af989ab6David Keeler — bug 1007813 - match CreateEncodedCertificate declaration to its definition r=mmc
3e8a44292f8fMonica Chew — Bug 1000354: Fix comment and make test clearer (r=keeler)
1afd82fa3936Brian Smith — Bug 1005667: Fix build warning due to buggy test code in pkixtestutil.cpp, r=dholbert
ef752e779de9Brian Smith — Bug 1005309, Part 2: Enable extended compiler warnings (-W4 -Wall) in mozilla::pkix, r=mmc
050dd0c10115Brian Smith — Bug 1005309, Part 1: Improve type conversion and error checking for hashing done in mozilla::pkix's pkixocsp.cpp. r=mmc
54d6b9b49948Brian Smith — Bug 1005256: Improve parameter validation in mozilla::pkix::der::Input::GetSECItem, r=mmc
b7c76c4e8539Brian Smith — Bug 1005208: Rename issuerKeyHash to keyHash in mozilla::pkix's pkixocsp.cpp, r=mmc
986d711b9236Brian Smith — Bug 1005198: Make it easy to create test certificates in GTest tests, r=keeler
6d0697138495Brian Smith — Bug 1003290: Fix OID parser template type, r=keeler
18ec05e5157cBrian Smith — Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
0a09d9702f54Brian Smith — Bug 1002929: Avoid implicit conversion of Result to boolean in mozilla::der::GeneralizedTime, r=keeler
1647211b28ceCamilo Viecco — Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
c47a0c94e8c1Brian Smith — Bug 998067: Add utility code for making it easier to create GTests based on NSS, r=keeler
e98635397861Brian Smith — Bug 1000544: Use "Fail(x, y)" instead of "PR_SetError(y, 0); return x;" more consistently, r=mmc
9b228e18e706Brian Smith — Bug 1000482: Remove unused stapledOCSPResponse parmaeter from BuildForwardInner, r=mmc, r=keeler
2948061a6a96Brian Smith — Bug 1000483: Remove unused isTrustAnchor parameter from CheckKeyUsage, r=cviecco
086db8b0bd47Stefan Arentz — Bug 968490: Add mozilla::pkix::der unit tests (r=cviecco)
1e75b5f05d2aDavid Keeler — bug 991898 - mozilla::pkix: temporarily allow empty Extensions in OCSP responses r=briansmith
8060d6d38707David Keeler — bug 997843 - mozilla::pkix::der::Input::Expect should take a uint16_t as its length argument r=briansmith
b9001dcffbf1David Keeler — bug 982774 - der::ExpectTagAndGetLength: check that input has enough capacity for the length described r=briansmith
c681e793c40cDavid Keeler — bug 972753 - OCSP testing: delegated responses and including multiple certificates r=cviecco
5bd6c8f9aebfDavid Keeler — bug 991209 - mozilla::pkix: allow non-end-entity certs to have OCSP signing EKU r=briansmith
4e06281520eaDavid Keeler — bug 990603 - mozilla::pkix: defer reporting end-entity cert errors until after path building r=briansmith
285ef601001bDavid Keeler — bug 989516 - mozilla::pkix: temporarily allow improper basicConstraint:cA encodings r=cviecco
2c9813fb0e7dDavid Keeler — bug 987295 - mozilla::pkix: test ocsp extension decoding r=cviecco
979ea432c7d9David Keeler — bug 987295 - mozilla::pkix: fix decoding OCSP response extensions r=cviecco
4b6d95a862f6Camilo Viecco — Bug 986156 - Allow anypolicyoid and reject on inhibitAnypolicy (mozilla::pkix). r=bsmith
02f80b8cb3c8Camilo Viecco — Bug 982292 - Allow nsSGC to 'nest' TLS Web Server Authentication EKU in moz::pkix. r=bsmith
7279667ea89eBrian Smith — Bug 982778: Initialize parameters of output value of der::AlgorithmIdentifier, r=keeler
fbb00ee44519Camilo Viecco — Bug 969188 - Part 2/3 - mozilla::pkix only decode v3 extensions in v3 certificates. r=briansmith
bd70b7a38f18Camilo Viecco — Bug 969188 - Part 1/3 - Fix mozilla::pkix handling of trusted v1 certificates. r=briansmith
5311da21eb82David Keeler — bug 987262 - mozilla::pkix: refactor Nested AtEnd() checks in pkixder.h r=briansmith
d9086abee586David Keeler — bug 985021 - mozilla::pkix: temporarily accept pathLenConstraint in EE basic constraints extensions r=briansmith
d92b7e25c7c7David Keeler — backout bug 985021 (5ef925251f56) for another build breakage on a CLOSED TREE r=backout
5ef925251f56David Keeler — bug 985021 - mozilla::pkix: temporarily accept pathLenConstraint in EE basic constraints extensions r=briansmith
65f5d187786aDavid Keeler — backout bug 985021 (76f63c6ad15b) for build breakage r=backout
76f63c6ad15bDavid Keeler — bug 985021 - mozilla::pkix: temporarily accept pathLenConstraint in EE basic constraints extensions r=briansmith
b67a4d8cf24cDavid Keeler — bug 985201 - rename insanity::pkix to mozilla::pkix r=cviecco r=briansmith