Changes pushed with changeset 877ad32f2fb0a924d74a6d8aa1ee7bac1951b4f4
Push date [To Local]
ChangesetPatch author — Commit message
Mon Oct 01 08:30:12 2018 +0000
94bcc2706b98a04d7ca0b3e5ad12dc54b424fcafFranziskus Kiefer — Bug 1479787 - clang-format, r=mt,keeler
403437c461fdd08f7a3a9dc7eba3c66e8c0c5ab9Franziskus Kiefer — Bug 1479787 - build mozpkix as part of NSS, r=mt,keeler
1dc240df02b1789a0f5b260c3fb6c7192c768434Franziskus Kiefer — Bug 1479787 - merge mozpkix from mozilla-central to NSS
f0f6152bfb6e67bf74468b58ee0e97f3d3519bb2Xidorn Quan — Bug 1476486 - Apply clang warning suppression (rather than msvc) in pkix for clang-cl. r=froydnj
0a44f961abff04dc1f9eaeb2c3b1bdc1ea922c30Andi-Bogdan Postelnicu — Bug 1453795 - PSM-Security - Initialize member fields in classes/ structures. r=keeler
8a3a984ac29cb0d128026a8e464ffa8792cd5f59Narcis Beleuzu — Backed out changeset 6692fb61e97c (bug 1453795) for build bustages on CertVerifier.h . CLOSED TREE
6692fb61e97c35012470f89a94696284b4b3ef30Andi-Bogdan Postelnicu — Bug 1453795 - PSM-Security - Initialize member fields in classes/ structures. r=keeler
11334fe0bb37aa26ad22a5ff250d5b1a05c30174Sylvestre Ledru — Bug 1464869 - Run autopep8 on security/ r=fkiefer
0df0b9dc6b51360f1fe1f48179726766540f33f4Sebastian Hengst — Backed out 4 changesets (bug 525063) on request from Andi. a=backout
c02a8910cc2760ef9fc41736a1b7ca919e4e5d30Franziskus Kiefer — Bug 1450967 - MITM error string update, r=keeler
9d7f1e63d6f7f58892a19d0c63791d7f035373c6Tristan Bourvon — Bug 525063 - Initialize uninitialized class attributes in m-c. r=ehsan
738d02a83ae8f78e8511c4d6a8548dd510e9abf3Franziskus Kiefer — Bug 1450967 - mitm detection v0.0.1, r=keeler,johannh
cad533d690f727ce0f33a74b2cc4abdae9e70b2cDavid Keeler — bug 1056341 - introduce a budget for path searching in mozilla::pkix to avoid unbounded search r=fkiefer,jcj
376bb025113c72f8e0fd53c51e7dcf3f872c1b0cFranziskus Kiefer — Bug 1448787 - separate error for self-signed certs, r=keeler,johannh
f0ce1bf2522d8470e1bb943e2a92f985fd687065Franziskus Kiefer — Bug 1443744 - fix shadowing issues in pkix, r=keeler
e55f9100a66f1180e159d5baf8a21a498fc4989eDavid Keeler — bug 1441223 - add a new (overridable) error code to describe extra policy constraint failures r=jcj
1bcc640bf55081ca08e38ebb977cf4a4b78887c0David Keeler — bug 1437214 - if PathBuildingStep::Check fails due to a problem with the subject certificate rather than the potential issuer, set keepGoing to false r=jcj
ae75a612a1d09cab28cd21f38203e38e45e76e07David Keeler — bug 1430906 - don't hold around a test key forever in mozilla::pkix gtests r=franziskus
7a105e5634352753fa56c788d5758f57539982c3Sylvestre Ledru — Bug 1394734 - Simplify various corner cases r=glandium
4d6fe115ec40d7b0590b96b751c470c54f0888c7Sylvestre Ledru — Bug 1394734 - Replace CONFIG['CLANG*'] by CONFIG['CC_TYPE'] r=glandium
62402ac4e5bd51cf476a8b4a303f435639d5fb29Sylvestre Ledru — Bug 1394734 - Replace CONFIG['MSVC'] by CONFIG['CC_TYPE'] r=glandium
7feb9404ef3900d0902765ba701fb96cc9cfa94eSylvestre Ledru — Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandium
2482688457a824aceff6571b025d1f931862fe0fmanikishan — Bug 1198481 - Fixed typo 'id_pk_serverAuth' to 'id_kp_serverAuth'. r=keeler
2aa1f3a3992fc26a2ece0a227f7d05d4ea7b6c4aSylvestre Ledru — Bug 1411001 - Remove the +x permissions on cpp & h files r=froydnj
a2680796f33aa63249a9932ffe22f90b30e7e4afTom Ritter — Bug 1406736 Match MinGW's macro so we declare gmtime_r under MinGW too r=froydnj
a9b4429c01411cdcf61dc6ad93bbfa9a9d9efa85Nicolas Vigier — Bug 1305396 - Replace memmove with std::copy_backward in a file that doesn't include cstring explicitly. r=keeler
c8f84cc04821a942aac550fc9f3fe54f35f14c89Tom Ritter — Bug 1406687 Pass return values from fwrite to Unused to silence the warn-unused-result warning r=njn
b80a66f2f5733d21b287f3a60606b6d47bf9a8fbSebastian Hengst — Backed out changeset 7a5d74db770b (bug 1406687) for build bustage at testing/gtest/gtest/src/ 'Unused' was not declared in this scope. r=backout
7a5d74db770b643078dc24efb181a8f0f9b957c0Tom Ritter — Bug 1406687 Pass return values from fwrite to Unused to silence the warn-unused-result warning r=njn
fea5d7a0dadd34f38d96ef020416c563da4fdb8dDaniel Holbert — Bug 1369806: Fix up pkix test to correctly pass zero to CreateEncodedBasicConstraints (which takes a pointer-to-long, rather than a long). r=keeler
665b14dbce75805ee50cfa5f97f3317a70968a3eDaniel Holbert — Bug 1369864: Suppress clang -Wno-zero-as-null-pointer-constant build warning, in pkix/test/gtest. r=keeler
0067f28a9cae7305e202a524d6a29143fd8bae55Daniel Holbert — Bug 1369871: Add "const" keyword to a long* param in a pkix test function. r=keeler
dd01c3d18f3622c49fc6d8758072c6fe0b11300bCykesiopka — Bug 1361750 - Disable various MSVC 2017 warnings in PSM to unbreak --enable-warnings-as-errors builds. r=keeler
3512dacc55f08fe30941f7e8c1b2cb8bba552cf7David Keeler — bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj
79ef4a15606b34afc75b80080610398df04061e2Tim Taubert — Bug 1351779 - Removed unused variable 'loopDetected' from PathBuildingStep::Check() r=keeler
c211a0c609093d1ca2805991bdd952afc19e8d75David Keeler — bug 1339921 - disable clang's shadowed field warning in a mozilla::pkix gtest class r=Cykesiopka,dholbert
f0642139b27b6e8709eb67ae5b25a42365dfd59fJan Beich — Bug 1346305 - Unbreak --enable-warnings-as-errors on FreeBSD after bug 1343557. r=keeler
38f5f6e96791465d5be6d1cd7c4449468340efefWes Kocher — Merge inbound to central, a=merge CLOSED TREE
95d1d5146389ed650ba75db9ce9462c165a04a1dJoel Maher — Bug 1344829 - add BUG_COMPONENT to security/* files. r=keeler
f95c9c1098b12afb44d1a41173040762cb407ac2Dan Minor — Bug 1343557 - Disable -pedantic-errors for pkix gtests; r=keeler
aaf1de66bda4bdbd457b6b7b0c52c60fde8413daEKR — Bug 1331280 - Generic telemetry probe for TLS handshake status. r=keeler
726206a2be0a43fd0ca82f6f8780b005420e58e0Sylvestre Ledru — Bug 1337358 - Converts for(...; ...; ...) loops to use the new range-based loops in C++11 in security/ r=keeler
8138f888cdf6fd59f0be93637ccf30546b2ab78cJulian Seward — Bug 1318030 - Possible uninitialised value uses relating to security/pkix/test/gtest/pkixcert_extension_tests.cpp.
e51667cbe70d440ed115c405f08ba8d789f8f7e0David Cook — Bug 1115718 - Check for empty issuer name in mozilla::pkix; r=keeler
390e0c5897fffe0622cf5c0e06220f1645875c59Sergei Chernov — Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka
703e23f829455db83a8f06c2b338fce6d70f39d5Tom Tromey — Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
f1b1524ad0019939b1efe146841832cb7df974ceSergei Chernov — Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler
9b3cbd3b2ad3895731981179020e7b9ad40ed387Julian Seward — Bug 1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 SHA1_End. r=dkeeler.
c2485ea5124ac97241ae4f2c4637c693c133a9b4Chris Peterson — Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium
d36577946ecd812468acf3f68a4f734cbfedb2d4David Keeler — bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj
b126ac4439eaa0ed8a9a1f73cc75534f22213849Cykesiopka — Bug 1257031 - Return more informative error code when encountering invalid integers rather than SEC_ERROR_BAD_DER. r=keeler
29652e10e988bb1f65b9e5cbf3ebad65ea41e73cDavid Keeler — bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin
447151feab3692fb405f0d422632e1fc487481d4David Keeler — bug 1258579 - remove some unnecessary time-related globals from mozilla::pkix tests r=Cykesiopka
915df647d6ed6308d281e7fb6beabff423e995f2Brian Smith — Bug 1189020 - Replace |// unnamed namespace| with |// namespace| in mozilla::pkix. r=Cykesiopka
4b1cef01dd05a208c0761c1df088dcb6c5875c0aGregory Szorc — Bug 1256484 - Disable C4456 and C4458 to unblock compilation on VS2015; r=keeler
af032d9f305f06c1ad37c2757c701a34213dac0aDavid Keeler — bug 1255153 - (re)move redundant xpcshell name constraint tests to gtests r=Cykesiopka,jcj
4f2d01040fea88f90f6d6349a96e57e9f90a49baDavid Keeler — bug 1248099 - add extended key usage tests for mozilla::pkix r=Cykesiopka,jcj
5f431128d5ff0cec8c1ff26db1c958cb897dbe6fXidorn Quan — Bug 1229587 part 1 - Disable C4464 warning newly added in VS2015u1. r=keeler
af766f49e6fcdfddd65446ee705fb77c991d3d2cMark Goodwin — Bug 901698 - Some tests for OCSP-must-staple; r=keeler
80ec97f368ce49ef7063ea7795b304a506d762ebMark Goodwin — Bug 901698 - Implement OCSP-must-staple; r=keeler
9ab2b7c1cdf4a4af7501b89dc77b6624f3d000f6Richard Barnes — Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
14f839d85e4f601ee255d840ac0dc9e960828728Jacek Caban — Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
aada4c5fed19a270afda3a2871ce4dd3e9f3bc9aNicholas Nethercote — Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
d0159ce9ae4a84119e8b1d5f80a88e6b18c5e1fdRyan VanderMeulen — Backed out changeset 7afe39a4cc46 (bug 1199624) for Windows bustage.
7afe39a4cc46ce4a5fd5f42c0949e5dce6c031a7Jacek Caban — Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
874f6647e3d633137a945fe6a839c3c5c000906eMike Hommey — Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
447a74fd924712d4aca375c4542d918881609717Mike Hommey — Backout changesets 88cd640b130a and b9706b494db6 (bug 1189891) for pkix bustage
b9706b494db61c871cd35c52db5aa9cac3133911Mike Hommey — Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith
88cd640b130a190795d3472b12c94192a3f9d5d8Birunthan Mohanathas — Bug 1182996 - Fix and add missing namespace comments. rs=ehsan
7c58347cff6263c83d2076c6a1d0b45c9e381284Mark Goodwin — Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
bd7b1c3eae5132f421c6217fa1f0eb4cdd39b1d4Cykesiopka — Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
c7278c6b729eafb2ba96d928dad091d9d0427922Tim Taubert — Bug 1060112 - Don't treat OCSP responses omitting the requested certificate status as "unknown certificate" responses blocking the connection r=keeler
bb6f23adf8057b9d260defd23024e3bd01705fa5David Keeler — bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
79097379a944ffb6bf629d79c73176236a1efa72David Keeler — bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith
c4a164f934eaa03d9b02ce7a2370175f2a6f554eBrian Smith — Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler
5238be4b85279533f535c25636cccc402884de87Brian Smith — Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler
4000fd84b8e2c5299fe3f3a3bb95ce4c307a6e3cBrian Smith — Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler
667e5d2ca899b95bdf706001b2b1f982ae60e747Brian Smith — Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler
29409b5c9457aacd298b3e6326f4203fab96f55fMike Hommey — Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith
b23e82fc0f1be057024db6654344972a7d2ca959Brian Smith — Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler
07bf7b6e53bc4ab6178f9ac9bd76e49d03880578Brian Smith — Bug 1146057: Remove support for GCC 4.6, r=keeler
d57ad58a7bfcad93e75970195d813ef0179de2caBrian Smith — Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler
ca4305a1f6d06daf6249fdba0c83c82c17a5c3aeBrian Smith — Bug 1136278, Part 1: Refactor algorithm identifiers in tests, r=keeler
30be44a677ea183967d2c4c24ba1f64bc13f3737David Keeler — bug 1143085 - allow subject alternative name extensions to be empty for compatibility r=briansmith a=kwierso
842f6a0c3141a70b8e77aa1d136d00c22bb6a895David Keeler — Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching. r=briansmith
8dfef950e70c7545d0f25fb9b2ca0dd888900656Brian Smith — Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
c84a7ff1acdd6edde338a6eff0399f952105b74fBrian Smith — Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler
ca470b2ed517307e091dd994483e12fd8120b3a1Brian Smith — Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler
3757e7171a575c05d5bcf7b25b66995eec2c2f9bBrian Smith — Bug 1135407: Factor out duplicate logic in tests, r=keeler
4192056774b083a2136044a03a865e3cfe8bbaaaEhsan Akhgari — Bug 1135745 - Disable the reserved-id-macro macro in security/pkix; r=briansmith
adeca598ed3710e1032a09a9656bdee27f851a20Brian Smith — Bug 1133618 - Move test SHA1 function to pkixtestutil.cpp. r=mmc
de01871e62a35687a6a15f1b95bacb556eea57daBrian Smith — Bug 1130754 - Make PublicKeyAlgorithm an enum class. r=keeler
e4a08ca544ba8c94d4c2f17cfeca57df3662de39Cykesiopka — Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler
320be6ecb1ff68a05ef6a0e9e673200b2346d92fBrian Smith — Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler
c730ca8993d0a5a41b73a1b1367c45afc34b6202Brian Smith — Bug 1122841, Part 2: Centralize checking of public key, r=keeler
b81ef75ef4e838b507eb895a17b01195e0dfc713Brian Smith — Bug 1122841, Part 1: Add PositiveInteger parser, r=keeler
b20b38da81765669b428c5df4b689ea1ea57f224Brian Smith — Bug 1128413, Part 4: Fix warnings in mozilla-config.h and gcc-stl-wrapper.template.h, r=glandium
1297562cd89f20913b81ada8e44df157191b16c8Brian Smith — Bug 1128413, Part 3: Enable more compiler warnings, r=mmc
4876c8d5d326fcad2644674ec96148ed7c2a9cefBrian Smith — Bug 1128413, Part 2: Don't use double underscores any more
426ca128d8e2b7aefa80dcd7efd114c81bfbf8e3Brian Smith — Bug 1128413, Part 1: Fix switch-related warnings, r=mmc
3676bcb27c8e3df0071cc3402dc256edc47c8549Cykesiopka — Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler
4652f276a3a80399c31b64ca1bfa6cfe587b22deEhsan Akhgari — Bug 1126128 - Mark TestTrustDomain::VerifySignedData as override; r=bsmith
59d67753c4c32518808b183dd3afe2f75e40e01dEhsan Akhgari — Backed out changeset 73545684c272 (bug 1117034) because of build bustage on a CLOSED TREE
73545684c2720b312a75116e3ac44202024abd57Ehsan Akhgari — Bug 1117034 - Mark some overridden functions in the tree as override
b867e381d7ea3bd4f1318b6cef0b8b1ed33ada3aDavid Keeler — bug 1125261 - mozilla::pkix: handle comparing single, relative labels with wildcards r=briansmith
5a4201c985c2dfb078135fa736bf544dc43fa7c2Daniel Holbert — Bug 1125673: Mark method 'FindIssuer' as 'override' in pkixocsp_VerifyEncodedOCSPResponse.cpp, to fix clang warning. r=briansmith
618751351776fc8aa3608bee1da9b21aaeb6b563Cykesiopka — Bug 1077790 - Make mozilla::pkix::CheckPublicKeySize() accept specific elliptic curves only. r=briansmith
4b3fb25024f9cc543abb718dedf47e82550ac2cbBrian Smith — Bug 1114703: Remove mozilla::pkix's polyfill for std::bind, r=mmc
414fc7eca89090e943f2cdc05b9a0be13e73b77eBrian Smith — Bug 1122835, Part 2: Simplify BitStringWithNoUnusedBits, r=keeler
d78c2b581148c060a1b3965e83a73455ba1549eeBrian Smith — Bug 1122835: Add missing return value checks for Input::SkipToEnd, r=keeler
3574013ea697f41825aeade4c06a40a8e936d5e9Benjamin Peterson — No bug - fix typo r=me DONTBUILD
a64cb6368415a5e7211ba765cff3c102922cb209Brian Smith — Bug 1115910: Remove now-unneeded nullptr polyfill for old versions of GCC, r=keeler
8f41ea37cd5de77dd2d6ffaff9282a2c86d0830dBrian Smith — Bug 1115906, Part 3: Make formatting of struct/class/enum class more consistent, r=keeler
e5d13fba59e8fa871d753a7d8873e2943e05e798Brian Smith — Bug 1115906, Part 2: Annotate classes and member functions with override and final, r=keeler
551c3a4d2e76fd16e9375137bde5b4113562b8b6Brian Smith — Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler
d5fc116ca801c1e3466d8108aaa23643a5a9eb37Masatoshi Kimura — Bug 1120664 - Rename mozilla::pkix::Result::ERROR_INVALID_TIME to avoid collision with a macro defined in windows.h. r=bsmith
e8ceca777690d875f89463fbebe953ecce5f6509Brian Smith — Bug 1118122: Reland Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj
3b0553b57555c652d851a37cc293c839cb2c49caBrad Lassey — bug 1118554 - fix gcc4.9 warnings on Android, <cstdlib> instead of <stdlib.h> r=gcp
fb3a491bba04128d1ad23868aed92b746daf8915Jacek Caban — Bug 1119179 - Avoid gmtime_r duplication if it's provided by mingw. r=bsmith
83f0473404f7ab5b6705e5f7d244ce41a2d54224Brian Smith — Bug 1118599 - Remove now-unneeded MOZILLA_PKIX_ENUM_CLASS workaround for GCC enum class bugs. r=mmc
0b1e97fb8f198eb1635f8bd0abe116b39cdcd7abBrad Lassey — bug 1118554 - make android's stdcxx work r=glandium
59ea941eb72a9aa20aeea8e17874785b23092103Brian Smith — Bug 1073867, Part 5: Make DSS test faster, r=mmc
119f49389cad946cb838a53133941a52a52b6f3fBrian Smith — Bug 1117003 - Backout cset 0c9007d26fc7 (Bug 1115903, Part 2), r=ehsan
0c9007d26fc73535bf770697be057026db7851b4Brian Smith — Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj
56862d7bbdd5f45de02a2c3d00ccba65e3b08f34Brian Smith — Bug 1115903, Remove VS2010 workarounds, r=mmc
4c48b273ac22bdca4fcb3e48399f81c5ed8327f5Brian Smith — Bug 1115761, Part 4: Add "fall through" comment, r=jcj
ecbc9800fb59cd82652bd2da544c6287e03d4f4cBrian Smith — Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj
af401207a39606df06c99d506e4fd688415174d0Brian Smith — Bug 1115761, Part 2: Use NotReached more consistently in pkixnss.cpp, r=jcj
8a1026ee374bae762e5ee464d37228d201d0a8cdBrian Smith — Bug 1115761, Part 1: Remove obsolete references to NSS stuff in comments, r=jcj
706e9e981fd928911e91f88003f0716fe45a3dceBrian Smith — Bug 1035414, Part 2: Always check subject's issuer matches issuer's subject, r=jcj
3773ed67d563a10214694fe7d5fbb9fd68b91a4fBrian Smith — Bug 1035414, Part 1: Test issuer/subject name matching, r=jcj
81130150a290bb8aac2da7696e54d172ed861327Brian Smith — Bug 1073867, Part 4: Test that DSS end-entity certificates are rejected, r=mmc
3fd5fbe70bb6e1bf42edec8540404a6033956bf7Brian Smith — Bug 1073867, Part 3: Reject DSS end-entity certificates, r=mmc
a63e97885f9ac3b80a0ac73ac27afeb9a81e4aa8Brian Smith — Bug 1115181: Remove pkixnss.h dependency from pkixcert_signature_algorithm_tests, r=keeler
dfb8152d4cc7132e4646137d5318ce818e6b2485Brian Smith — Bug 1070444: Remove NSS dependencies in pkixbuild_tests.cpp, r=keeler
63db7c4d488742c706408e5a0384fe292ae342feBrian Smith — Bug 1114701: Replace function pointers with function references, r=keeler
6fa5c4bd5e49ab866ba9bb0014f1b24f67bece67Daniel Holbert — Bug 1114671: Use function pointer (instead of reference) in pkix/bind.h, for consistency & to fix -Wignored-qualifiers build warning for 'const'. r=briansmith
feced5aff1655ff1d3f0d4a0a2f6f5b518a0c5b7J.C. Jones — Bug 968451 - Document the exported functions exposed from mozilla::pkix (pkix/pkix.h). r=keeler
1882d6982107d60a7a0b29569a53450beeffd4dcBrian Smith — Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler
2f7ebb7d87e89ea423233f933c3da24ffed52bd8Brian Smith — Bug 1111399, Part 2: Implement RFC822 (email) name constraints, r=keeler
765da63d624a3d33c62d1ca375eeb803e0e395feBrian Smith — Bug 1111399, Part 1: Preconditions for RFC822 name constraints, r=keeler
ec31f88473fe54151321265aa04a85384591545bBrian Smith — Bug 1111398: Rename ValidDNSIDMatchType to IDRole, r=keeler
19cd5881dcb449387c12b13f0074a4ac1230e8c4Brian Smith — Bug 1111397: Refactor error handling for name matching, r=keeler
42ac4e36b33f1228e82509a88b9ec87634a7cff6Brian Smith — Bug 1111392: Add tests for malformed name constraints where there are no names of the constrained type, r=keeler
3052b38ed26922532526f5164a08d508da30751dDavid Keeler — bug 1108408 - GeneralName types such as otherName where the value is a SEQUENCE should have the CONSTRUCTED bit set r=briansmith
8524e61379050a0a4ad80631909ceba537f3ba0dBrian Smith — Bug 1107791 Remove support for unusual wildcard names in certificates, r=keeler
bc1e9070967fdfdc94c192a7e6fc6520ccb1c6abBrian Smith — Bug 1107790: Remove support for absolute hostnames in presented DNS IDs and name constraints, r=keeler
d22d8ffa488121054a559d6205a20941f2e009d2Brian Smith — Bug 1107946: Fixed unused variable warnings in pkixnames_tests.cpp, r=keeler
6ad87612e8d8015322e40af14502a3a94b925c9dBrian Smith — Bug 970542, Part 9: Better document name constraints as reference IDs, r=keeler
e879f7b44d24b093ddb96df664283aab52d52f3bBrian Smith — Bug 970542, Part 8: IPAddress name constraint tests, r=keeler
42960b151aca51f7715f0688e63ccbd59bb88862Brian Smith — Bug 970542, Part 7: More CN-ID name constraint tests, r=keeler
50d77e6e978c5e0dbe6ff32756a14bda2269f87dBrian Smith — Bug 970542, Part 6: DNSName name constraint tests, r=keeler
ed7fbb021b6bc9817c916582b4c11fece3200ad3Brian Smith — Bug 970542, Part 5: New name constraint implementation, r=keeler, r=mmc
5ce0f0880bd0062f03612ba27c4813683c95b32eBrian Smith — Bug 970542, Part 4: DirectoryName name constraint matching, r=keeler
bdcb5885888d6e7887bed8bf2ba499ca01eb0a25Brian Smith — Bug 970542, Part 3: IPAddress name constraint matching, r=keeler
fa8c238f35fc08f28ccc72cb5824ac6cde47de56Brian Smith — Bug 970542, Part 2: DNSName name constraint matching, r=keeler
7af474cc919606a27bf80b227bea03752e589005Brian Smith — Bug 970542, Part 1: Refactor name matching within CN AVAs to reduce duplicate logic, r=keeler
0b702a0bfcba58dddede0d6d6df0fb2922ab45f4David Keeler — bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith
08179a82d53ddb6a818373350442133b152563d1Masatoshi Kimura — Bug 1094495 - Disable C4480 in security/pkix. r=keeler
50d35bb66af3dd528b9a5f5674b6295cf721a21bDavid Keeler — bug 1079658 - follow-up bustage fix (unnecessary multi-line C++-style comment) r=bustage on a CLOSED TREE
9df2a842fbae70847eac9c4ba2fd808bb77101bcDavid Keeler — bug 1079658 - check for the id-pkix-ocsp-nocheck extension when decoding certificates r=briansmith
6d6053ed2f0dc05eeb4da36e7a5dbd8cd158167eChris Peterson — Bug 1092028 - Fix -Wunused-const-variable warning-as-error in security/pkix/test/gtest. r=bsmith
b7141232c741c40a080bc423be311d82618e6309Brian Smith — Bug 1089104: Add support for TeletexString-encoded CN-IDs to CheckCertHostname, r=keeler
30ccddc3e97b74e94f4379ee86c3f49bda385112Brian Smith — Bug 1089393: Fix hex excape sequences ('\0x' -> '\x') in pkixnames_tests.cpp, r=mmc
eb0293e2ed83663f318245c1dc7bd724eed3ad8fMonica Chew — Bug 1083539: Fix dropped return value check (r=keeler)
b048a41ea711a22a8cec5ac2d7bcfe4b893a8f3bBrian Smith — Bug 1085497: Add Input::size_type, r=mmc
acd14b1c35be10e41fbd4ff698b1bbe27c44e16fBrian Smith — Bug 1063281, Part 8: Rewrite PresentedDNSIDMatchesReferenceDNSID, r=keeler
3b1e093a87fd1cdcef8bd72b3c6470f09481f4f9Brian Smith — Bug 1063281, Part 7: Implement IsValidPresentedDNSID, r=keeler
4b6ec67df7d31b30942e0729ac9490198c53d6aeBrian Smith — Bug 1083539: Factor out common SEQUENCE unwrapping logic into reusable functions, r=mmc
49abe491f6af53ed38de985de981da8f4f574cbfBrian Smith — Bug 1063281, Part 6: Implement CheckCertHostname, r=keeler
5fd905aaa97ff28cfa7753ffcd31eb67ab781b2cBrian Smith — Bug 1063281, Part 5: Implement DNS ID matching, r=keeler
eb75e67c1de4f3eb160a5152615f5a9a27915a21Brian Smith — Bug 1063281, Part 4: Implement ParseIPv6Address, r=keeler
9de642400c560de6605edcc8ebb0fea8b3351863Brian Smith — Bug 1063281, Part 3: Implement ParseIPv4Address, r=keeler
ad92738ff3f8e0a8638eb7dd9db05f32a77fcc42Brian Smith — Bug 1063281, Part 2: Implement IsValidDNSName, r=keeler
06615c16a7d1c8f0cc8273aad78c76533f7df325Brian Smith — Bug 1063281, Part 1: Expose moilla::pkix::BackCert::GetSubjectAltName, r=keeler
21145aa9bcc0ff24af6a7d4cc4266f98721106b5Cykesiopka — Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
4882c5f7e91ddf7d198e19b87292c7a9423a9873Carsten "Tomcat" Book — Backed out changeset 87cfebb3b6fe (bug 622859) for breaking m1 tests
87cfebb3b6fee58beae85bf2f07b03766f690ff5Cykesiopka — Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
176b17aea7ec39edb6a779d436dceb8f638dfacbDavid Keeler — bug 1042889 - use a separate error for untrusted x509v1 certificates used as CAs r=briansmith
b8ab1e9798f662a2e1e738ebbb6c43ecd853be30Brian Smith — Bug 1078108: Use a longer OCSP response validity period in tests, r=keeler
61401f00b795f7a650edda7e830eed787be4eda7Carsten "Tomcat" Book — Backed out changeset 77e0240c2526 (bug 1078108) for breaking B2g ICS Builds
77e0240c252626d75d2aa512bc3ec55478b67a32Brian Smith — Bug 1078108: Use a longer OCSP response validity period in tests, r=keeler
ca2e9c83d73088e72037ca66146822f4c090c09fBrian Smith — Bug 1077926: Make test certificate generation faster by reusing key, r=keeler
a50a9acd717f2b416840aa2e40f88dd06350a956David Keeler — bug 1058812 - (3/3) mozilla::pkix: test handling unsupported signature algorithms r=briansmith
944cf5488d37fe67e55e2bc8e2f093111b66b2d7David Keeler — bug 1058812 - (2/3) mozilla::pkix: use ByteStrings to identify signature algorithm parameters in tests r=briansmith
32d860f9025bd17fbcffce524113128fad50a38dDavid Keeler — bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith
4a4e9197f88198a3b87870eb9473533cc8b61351David Keeler — backout b779e9db337c (bug 1058812 1/3) for mochitest orange on a CLOSED TREE
ecbbc75c8f363b8d760737c0fd91d2372780381fDavid Keeler — backout 87ce5a58dff3 (bug 1058812 2/3) for mochitest orange on a CLOSED TREE
5a3068f7777455ac872c06e0d4b0f03b84787a01David Keeler — backout e2005d63d09c (bug 1058812 3/3) for mochitest orange on a CLOSED TREE
e2005d63d09cbf630b6b4d5e1bda2bb64b8c9385David Keeler — bug 1058812 - (3/3) mozilla::pkix: test handling unsupported signature algorithms r=briansmith
87ce5a58dff3c85debe3694ce9202322d9626504David Keeler — bug 1058812 - (2/3) mozilla::pkix: use ByteStrings to identify signature algorithm parameters in tests r=briansmith
b779e9db337c40a278882a42168d51c321eefd31David Keeler — bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith
fef09fc4f8a28855940dfcf9621be1d34429fd39Brian Smith — Bug 1077887: Work around old GCC "enum class" bug, r=mmc
8223fc0ec405163bee814fb1d546acacf0108dbfBrian Smith — Bug 1077859: Make ENCODING_FAILED safe to use in static initializers, r=mmc
865a73b0410f47c0603760fe7afd2d77499d2a6cEhsan Akhgari — Fix one bad implicit constructor in pkix, no bug, blanket-rs=bsmith
f84e52e4706bb7bcbdb01238c3cd609a5d5f6781Carsten "Tomcat" Book — Backed out changeset 4ea25fb195e3 (bug 1077859) for causing frequent Mac OSX XPCshell test failures
4bfd7853a2fdb7345b139df8ef64926cfcd2c29eCarsten "Tomcat" Book — Backed out changeset 5c9fa9ccba44 (bug 1077887)
f56ef87537e820c50e50e849b3b4d0d51b689b9cCarsten "Tomcat" Book — Backed out changeset c66393b6747c (bug 1077926)
c66393b6747cbb8b769339b2fdd4eebf3e9b9de2Brian Smith — Bug 1077926: Make test certificate generation faster by reusing key, r=keeler
5c9fa9ccba4446e7cd10608ec8b47ce9954bc8dbBrian Smith — Bug 1077887: Work around old GCC "enum class" bug, r=mmc
4ea25fb195e376292ba651906f8e372d54415dceBrian Smith — Bug 1077859: Make ENCODING_FAILED safe to use in static initializers, r=mmc
935d3912d2b4dcb307b975505a9a55eb8884b593David Keeler — bug 1045739 - (part 2/2) mozilla::pkix: test that revocation checking doesn't occur for expired certificates r=mmc
2cfa06a07f810bcdb55820e71be80160a363874eBrian Smith — bug 1045739 - (1/2) mozilla::pkix: stop checking revocation for expired certificates r=keeler
103648f9973daf5f5be5a16bb600a79a440dea29David Keeler — bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco
5a0bc43e8679bdef24c316d92a7d7b68e9068b14Richard Barnes — Bug 1045973 - sec_error_extension_value_invalid: mozilla::pkix does not accept certificates with x509v3 extensions in x509v1 or x509v2 certificates r=keeler
276a7d6b9e196659c24640fa8ff99bca1091d25aDavid Keeler — bug 1060929 - mozilla::pkix: allow explicit encodings of default-valued BOOLEANs for compatibility r=briansmith
d811b42cbf3b407b05caf25ee9752c92020d450aRichard Barnes — Backed out changeset bf39c7535955 (bug 1045973)
bf39c753595563276d86d01da40e3cc2e279d3aaRichard Barnes — Bug 1045973 - sec_error_extension_value_invalid: mozilla::pkix does not accept certificates with x509v3 extensions in x509v1 or x509v2 certificates
d84a51edc06808ac04ce6d412131018bebdebbeeBrian Smith — Bug 1065264: Use MOZILLA_PKIX_MAP_LIST to define mozilla::pkix::Result, r=keeler
86e0ead21be9e1b2b074a980e2153bc8fb2ba16eBrian Smith — Bug 1065173: Move more NSS dependencies to pkixtestnss.cpp, r=keeler
ae5e2cb45ed3bb4d4b28c72a24073144cdbfc649Brian Smith — Bug 1063031: Remove mozilla::pkix::test::NSSTest, r=keeler
f27ed53500514093355d1b8765bcc7ba5dcf64dfCamilo Viecco — Bug 1067565 - Built-in pins expires decades later. r=keeler
c5deca8cba3cbaeab1f62b5fda8a5f8ef665cd70Brian Smith — Bug 1063013, Part 4: Move MapResultToName and MAP_LIST out of pkixnss.h/pkixnss.cpp, r=keeler
c4b9297979c7dcb548dd3b9c1e9de456a7669d9fBrian Smith — Bug 1063013, Part 3: Move dependencies on pkixnss to pkixtestnss, r=keeler
8ec1eff5d14073137e657ae0b4bbbc9ddf8ca149Brian Smith — Bug 1063013, Part 2: Remove unnecessary pkixnss dependency from pkixocsp_CreateEncodedOCSPRequest, r=keeler
d9da0272f90789d94cd7842a926e1be1fa57f0c8Brian Smith — Bug 1063013, Part 1: Remove pkixnss dependency from pkixtestutil.cpp, r=keeler
9e3f6f7474f4f910b849f8220007de87a220b640Brian Smith — Bug 1063006: Centralize direct use of NSS for crypto in the mozilla::pkix test suite, r=keeler
3d67f57a05023519d9aa25fd75b42635529e09edBrian Smith — Bug 1059924, Part 2: Test that the high tag number form is rejected, r=keeler
1d95d9b80e697a1d482adbf53c8e7dd35c968d16Brian Smith — Bug 1061483 follow-up: remove now-unused deleteCharArray function, r=me, a=bustage
3a4251234a268a5b1dd5d655c7f947c213bf9176Brian Smith — Bug 1061483: Remove dependency on NSPR's PR_smprintf, r=cviecco
46250b0120be54f846ee230a45274015f13306c3Brian Smith — Bug 1061021, Part 17: Use now-unused PLArenaPool infrastructure, r=keeler
101b4b6d8849b35e1fc1a0a2d2af560f311119a7Brian Smith — Bug 1061021, Part 16: Stop using PLArenaPool in pkixocsp_CreateEncodedOCSPRequest, r=keeler
88a132d5b1ab3f40e7634f2fc8727e72eb6653abBrian Smith — Bug 1061021, Part 15: Stop using PLArenaPool in CreateEncodedOCSPResponse, r=keeler
8743adefe38aa1f100d74405ab7fc76caec1ceafBrian Smith — Bug 1061021, Part 14: Stop using PLArenaPool in CreateEncodedCertificate, r=keeler
1fd4a7e00bd180cf93d16905190eb62e46ac48e7Brian Smith — Bug 1061021, Part 13: Remove Output class, r=keeler
07b910800d29a8bd7552cfdca10b200eec54283fBrian Smith — Bug 1061021, Part 12: Stop using PLArenaPool for ResponseData encoding, r=keeler
86d4257c47bcafe5edd30bce4eea39cbdf4cb8abBrian Smith — Bug 1061021, Part 11: Stop using PLArenaPool for TBSCertificate and SignedData encoding, r=keeler
ae1e6fc28aecdc104cf827422ed3f95054bf83ccBrian Smith — Bug 1061021, Part 10: Stop using PLArenaPool for extension encoding, r=keeler
40b2079e912c7ef2246a663fe471099cec41bb14Brian Smith — Bug 1061021, Part 9: Stop using PLArenaPool for SingleResponse encoding, r=keeler
cbd4132642d4c8df7359f071aa3d5243e002dac7Brian Smith — Bug 1061021, Part 8: Stop using PLArenaPool for CertID encoding, r=keeler
bc91f4793d5ad18741284d523d2a27d268be0951Brian Smith — Bug 1061021, Part 7: Stop using PLArenaPool for SignedData encoding, r=keeler
90d09ed5c83b018b9f953e6697cf73a6b5452141Brian Smith — Bug 1061021, Part 6: Stop using PLArenaPool for boolean encoding, r=keeler
acf8ecaeeb3336ab54207393706a87e61c4ef2b0Brian Smith — Bug 1061021, Part 5: Remove InitInputFromSECItem, r=keeler
5754cdc8fa0a43f1b1db36ffec8bfa8974d948ebBrian Smith — Bug 1061021, Part 4: Stop using PLArenaPool for time encoding, r=keeler
edf6255af552dcecc64815decf5489021528e7e8Brian Smith — Bug 1061021, Part 3: Stop using PLArenaPool for BitString encoding, r=keeler
59ca4088b5aeff2012f825d0d22c603059fb8885Brian Smith — Bug 1061021, Part 2: Stop using NSS to encode integers and serial number, r=keeler
cf0ddad16d73713fe3bf4c06415b7fc27932ee14Brian Smith — Bug 1061021, Part 1: Stop using NSS to encode names in tests, r=keeler
956856eaf246f26c26d6c874d7b510a17990e2d7Brian Smith — Bug 1059924, Part 1: Centralize tag and length decoding in mozilla::pkix's DER decoder, r=keeler
1c6057955f8a787f571df5c3523787d2b036f348Brian Smith — Bug 1059928: Remove SECOidTag from mozilla::pkix testsuite interface, r=keeler
7aed8e73b3c2db741b99597c1be938be8f89047fDavid Keeler — bug 1057123 - mozilla::pkix: allow end-entity certificates to assert keyCertSign in some cases r=briansmith
87bd7d4c541a8d4cca69f17554409a2e6fc2d285Mike Hommey — Bug 1041941 - Use templates for programs, simple programs, libraries and C++ unit tests. r=gps
b55a82d00b04e4cd00596edc4bbcd36e484c23dfEhsan Akhgari — Bug 1060975 - Fix bad implicit constructors in security; r=bsmith
0d9e1adba9c0fae4739996826987c08ce26b1ebfCamilo Viecco — Bug 1039166 - Fix intermittent gtest ASAN errors. r=dkeeler
e8409018d8ecc61d47068a7141a5e5608529cc48Brian Smith — Bug 1059926: Give the ability to generate more encodings, r=keeler
5dd940a541d303ac12f82e4f651b7fe3e6d77228Brian Smith — Bug 1057793: Fix build warning on MSVC 2013, r=keeler
5ca5616168ea4178939129d3a4e4ba1900dd40c5Brian Smith — Bug 1057791: Switch PR_ASSERT to assert in pkixcheck.cpp, r=keeler
ef064019410d9da9e45b43cc59213c919811d243Brian Smith — Bug 1057790: Limit scope of CERTCertificate-related stuff to the scope it is used, r=keeler
45de3b56782008bc901f91f3de5bf6f03adf1b61Brian Smith — Bug 1053924: Remove dependencies on PRTime in mozilla::pkix's test code, r=keeler
59fbab61bf9632cffa31d92f2e61cfb0a441f5efCykesiopka — Bug 1052529 - Add missing l10n strings for mozilla::pkix errors. r=keeler
74f7df1f03e8f5d931598368f5637aeafb23bb6aDavid Keeler — bug 1009161 - mozilla::pkix: allow the Netscape certificate type extension if more standardized information is present r=briansmith
5953bf2571f0e4068fc3d73b0ba3dce564f9653fCamilo Viecco — Bug 1047177 - Treat v4 certs as v3 certs (1/2). r=keeler.
1d5756884f35e46a9ade0de205b7111cf08aa3e3Brian Smith — Bug 1053627, Part 2: Use MOZILLA_PKIX_ARRAY_LENGTH instead of PR_ARRAY_SIZE, r=keeler
aab0248be343e13045cc3357e3a96eabf4fbe46eBrian Smith — Bug 1053627, Part 1: use sizeof instead of PR_ARRAY_SIZE for byte arrays, r=keeler
0b09d111368c62f7fde319c7f9d8b6f09828ee6bBrian Smith — Bug 1053621: Stop using PR_NOT_REACHED in mozilla::pkix, r=keeler
85a868671ad712bee871a97e685334f3905262f8Brian Smith — Bug 1053620: Replaces uses of PR_Abort with std::abort in mozilla::pkix, r=keeler
103617bdc565ae5bd9d6ad899293082506f3ac60Brian Smith — Bug 1053617: Reduce scope of DER encoding debugging logic to the file it is used in, r=keeler
b23f97018cceb555389d8a4f722dd8413f54243cBrian Smith — Bug 1053616: Remove uses of PR_SetError from mozilla::pkix tests, r=keeler
636639b0f0b199a261caacac54c73af4657993e0Cykesiopka — Bug 1052257 - Add and use error code specific to inadequate key sizes. r=keeler
ffe4741a32ef7aa695f3590de6c37e314bb0e819Brian Smith — Bug 1048642, Part 3: Remove SECStatus GTest utilities, r=cviecco
91860e48f97b7554945495e611c293cb87f41375Brian Smith — Bug 1048642, Part 2: Change GenerateKeyPair return type from SECStatus to Result, r=cviecco
75b0a9c807fabee0ad81c3c6675babc8d1d8f771Brian Smith — Bug 1048642, Part 1: Change TamperOnce return type from SECStatus to Result, r=cviecco
5d522165ffbbcdb1744ac78026d0f722add3f125David Keeler — bug 1040446 - mozilla::pkix: add error code for CA cert used as end-entity cert r=briansmith
bf2a551e8306de14b8426bbdf4354f191c130ca0Brian Smith — Bug 1048070, Part 2: Remove uses of PR_NOT_REACHED and PR_ARRAY_SIZE in mozilla::pkix, r=keeeler
7e8a72fe2994ad818628ec5d28d5ea251fc92ad7Brian Smith — Bug 1048070, Part 1: Replace uses of PR_ASSERT in mozilla::pkix, r=keeler
75a4cfe83b66d47bd2f9f9d8a55a55364f1718c0Brian Smith — Bug 1042479: Accept the OIW sha1WithRSASignature OID, r=keeler
37e60712078a5ef499dca27cc9377eeb199fc51cDavid Keeler — bug 1047494 - refactor tautological size check in mozilla::pkix::VerifySignedData r=briansmith
d641b9be5414ca0cd4387bc516b8f0cfd848e336Brian Smith — Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler
34706feaf2be580dc3ccdc51872932b6fcc7aa56Brian Smith — Bug 1047792: Rely on mozilla::pkix to filter out expired certs instead of CERT_CreateSubjectCertList, r=keeler
7981db8aab34f4acb07a27ab629cc952dad6a47eBrian Smith — Bug 1041344: Refactor mozilla::pkix::CheckCertificatePolicies, r=cviecco
6d708eb0bd06eb14966f3d243445a512aa8aaeb2Brian Smith — Bug 1041186, Part 3: More renaming, r=keeler
be95f831b8156779b5cf9cd763c64601751d01bfBrian Smith — Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler
8c4c865dffb1f8bfd5a49073b2e29fe86e61c9d4Brian Smith — Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler
028a548273ee208df724770232f0e1658052f0f0Brian Smith — Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco
e40b8c7a1f7cbbfd863982740e1836ef3f638117Brian Smith — Bug 1039601: Use bounds-checked DERArray instead of plain arrays in pkixocsp.cpp, r=cviecco
877ad32f2fb0a924d74a6d8aa1ee7bac1951b4f4Brian Smith — Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler
c3911090925494cd7331eda070c12cb5ba795122Mike Hommey — Bug 1041864 - Remove LIBRARY_NAMEs that aren't used. r=mshal
c3c1bc04d20b56b657ac6546fd1f01397a3214a2Jeff Muizelaar — Bug 1037220. Reorder rendering to avoid render target switches. r=mwoodrow,bgirard
d3bea72b4bac9add6cb34ed3fb80f45b7a6773a0Cykesiopka — Bug 360126 - Stop accepting certs that use RSA1023 or weaker; Original patch by Richard van den Berg. r=briansmith
5c46ec883fa532147e082c2ca4a2b861dd60f7a4Brian Smith — Bug 1038837: Factor out mozilla::pkix::Input into a separate header, r=mmc
1b85010e1e08d5a2d034e690b17feae64752dacbBrian Smith — Bug 1038828: Replace mozilla::pkix::der::Result with uses of mozilla::pkix::Result, r=mmc
ad2dde29f46074c5ef1ff5c488a1a05e81c54569Brian Smith — Bug 916629, Part 4: Unit tests for trust of delegated OCSP responder certificates for mozilla::pkix, r=keeler
fbb75ea73258992e5b704f80c9cf792a0f2520a4Brian Smith — Bug 916629, Part 3: Unit tests for OCSP responses signed by a delegated OCSP responder for mozilla::pkix, r=keeler
6dffe58f144a5a6d971b57a21d936896053dcc5aBrian Smith — Bug 916629, Part 2: Unit tests for "successful" OCSP responses for mozilla::pkix, r=keeler
c1332f88b791f6285a8b0f106aa914e54d2d7a25Brian Smith — Bug 916629, Part 1: Unit tests for OCSP responses without responseBytes, r=keeler
354983173ff099cf87cddab96b98b0b5e9372671Brian Smith — Bug 1036105: Delegate digest operations to the TrustDomain in mozilla::pkix, r=keeler
154fdd34da308a779077a0e5bb110b41a7daeea1Brian Smith — Bug 1036107, Part 2: Test algorithm identifier parsing, r=keeler
b64db3d28963e488a40b215465a9e5df4f408322Brian Smith — Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler
c68c6bc73bb66dfeb669fb2c0eed507be53f791bBrian Smith — Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco
04fc71b7aef15fc3a5e9de8384dad0197eec1d78Brian Smith — Bug 1035942: Decide whether to consider end-entity CN as a dnsName in CheckNameConstraints instead of in BuildCertChain, r=cviecco
4b5d5f76095ba61495ddc8f3de1afea2e821d3feBrian Smith — Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
de669872700fd9c2efa11a0af2006bf27f343819Camilo Viecco — Bug 1030204 - 1/2 Name constraint ANSSI(DCISS) Root cert in mozilla::pkix. r=keeler
8829186d75429c7a9985a3978e648dcc2bec3b8dChris Peterson — Bug 1035607 - Remove unused empty_null to fix -Wunused warning-as-error in security/pkix. r=briansmith
82de1047683b48d56d4c2c4d083124533573abc9Brian Smith — Bug 1035470: Use signature algorithm OID instead of digest algorithm OID in the signature field of certificates in mozilla::pkix tests, r=cviecco
14288e5a9043fb3409a122cd00725314fda6232dBrian Smith — Bug 1035008, Part 2: Modify existing mozilla::pkix GTests to follow naming conventions, r=mmc
5243b80e85053bda65bb5d3d7773aebb3f434652Brian Smith — Bug 1035008, Part 1: Document naming convention for mozilla::pkix GTests, r=mmc
f08717fca7953591f971af3a7aff341ab066d440Brian Smith — Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc
2f73760f72040670abab6fdc1a5997a2435b72afBrian Smith — Bug 1033563, Part 3: Change mozilla::pkix::TrustDomain::FindPotentialIssuers API to be iterator-like, r=keeler
8f717d66d4c99e8c88edc2224aaa4972b8e33b9dBrian Smith — Bug 1033563, Part 2: Convert mozilla::pkix::BuildForwardInner into an iterator-type thing, r=keeler
0c9f46cd3030f1b3e1eef1e90e3db29dbbf7ee1bBrian Smith — Bug 1033563, Part 1: Move revocation checking code from mozilla::pkix::BuildForward to BuildForwardInner, r=keeler
01c0bf3a7a2a87bbfb2b98fbdada50469c7471c6Brian Smith — Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler
6f192992c5824ce6edb8081fb51be2c26ae2734bBrian Smith — Bug 1029247, Part 1: Add new overload to mozilla::pkix::bind, r=keeler
ef8e2a00b1bf64900d335ce45fcb6927a2af94bbBrian Smith — Bug 1034632: Fix suppression of warnings for MOZILLA_PKIX_ENUM_CLASS, r=mmc
ede58a6cc7259554e4bdecf803cd7c5b6bc2b53aBrian Smith — Bug 1034412: Clarify definition of mozilla::pkix::der::SEQUENCE, r=mmc
f7ed4f51783db19d1e34a14365b3c755792dfdb2Brian Smith — Bug 1019770: Add tests for checking of notAfter and notBefore, r=cviecco
230bf24c3ec916feba020916545e026647117f9eBrian Smith — Bug 1033103: Add and use mozilla::pkix::der::ExpectTagAndGetTLV, r=keeler
df136d24eef6ad2069cfee1125e7f08156107117Brian Smith — Bug 1033092: Add unit tests for mozilla::pkix::der::ExpectTagAndGetValue, r=keeler
f742e1b03ab0092bd5c23631bd38072ae176f672David Keeler — bug 1019770 - follow-up to remove unused const GENERALIZED_TIME_LENGTH r=briansmith
09f2f7e776e8678f4c9a3bcd15d403b0c590e465Brian Smith — Bug 1032947: Change CheckNameConstraints to construct CERTCertificate instances when needed, r=keeler
05df502a4bb8106a64e925fda65d5c53ebcec257Brian Smith — Bug 1019770: Add more tests for parsing GeneralizedTime and TimeChoice, r=cviecco
05443973ca34c153861a2b6428f532f4d7b75e99Brian Smith — Bug 1019770, Part 2: modify existing GeneralizedTime tests to test TimeChoice too, r=cviecco
a6700e7f23cd40e8e345d4932cf77fa052ece58eBrian Smith — Bug 1019770: Use mozilla::pkix::der to decode times and certificate validity period, r=cviecco
2652f9b8ed16727ef0eb5dc81469529db4531b7cWes Kocher — Backed out changeset 70e4c9018648 (bug 1019770)
aba37393cb276049848aebe0d5647310dbbb829dWes Kocher — Backed out changeset 3b8334fda57d (bug 1019770)
d8ed4d7d57276173b8292476535e1fe9843097eeWes Kocher — Backed out changeset e139492ea05b (bug 1019770)
0ba39a20da4c1737c98adc76b8831b4b1d5dfe05Wes Kocher — Backed out changeset 7a3c8389f643 (bug 1032947)
7a3c8389f64371185ed76d6d51e2bc917e58bb9dBrian Smith — Bug 1032947: Change CheckNameConstraints to construct CERTCertificate instances when needed, r=keeler
e139492ea05ba0649799848511679bc4f44beb0aBrian Smith — Bug 1019770: Add more tests for parsing GeneralizedTime and TimeChoice, r=cviecco
3b8334fda57d5e0d9cd59e7c04307e99647263b1Brian Smith — Bug 1019770, Part 2: modify existing GeneralizedTime tests to test TimeChoice too, r=cviecco
70e4c9018648aa6ed6a9a0e3d47e5eaeb1dc7959Brian Smith — Bug 1019770: Use mozilla::pkix::der to decode times and certificate validity period, r=cviecco
e8e9401fca1823e0d7bdd48af20b6a3654f948e2Brian Smith — Bug 1031542: Add test case for key usage without any value bits, r=keeler
a7ce6be46094cb2ddf5f1548d9c94f37d2277b36Brian Smith — Bug 1030475: Use a valid id-ce-inhibitAnyPolicy extension value for test pkix_cert_extensions.KnownCriticalCEExtension, r=keeler
3886549144cea101f718bab733c1730c72c8a6b9Brian Smith — Bug 1030478: Make the AIA extension used in pkix_cert_extensions.CriticalAIAExtension less invalid, r=keeler
0a71e9aa55f388dda643fb4f3c899dea08e467a6Brian Smith — Bug 1031022: Go back to accepting explicit encoding of v1 for certificates and OCSP responses, r=cviecco
6f1da711a5e173abeb7177823178e426891a09b7Brian Smith — Bug 1029341: Factor out decoding of certificate/OCSP extensions, r=keeler
b3320eadf9b9a8a293374a24d913c1098ce6ecf1Brian Smith — Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco
93aa37410859339984eceae3ba8bf7f4d4f16accBrian Smith — Bug 1029992, Improve AlgorithmIdentifier decoding in mozilla::pkix, r=cviecco
bd644e2b3295f5e1bc12c26a884585ed97f57140Carsten "Tomcat" Book — Backed out changeset 7b68babb36ed (bug 1029364) for B2G Device and Emulator Bustage on a CLOSED TREE
6740dc2a0f2b7cb816fe382b3b9248e8def68cfeCarsten "Tomcat" Book — Backed out changeset 293cc90eb1d8 (bug 1029341)
293cc90eb1d84bb0e39e8ac58545bd5654956f45Brian Smith — Bug 1029341: Factor out decoding of certificate/OCSP extensions, r=keeler
7b68babb36edba087f4fbfc5c76fbb5aa3ddd78aBrian Smith — Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco
e1546afaa4cb3a2ef68e8f7a279a05e3662c09e1Brian Smith — Bug 1026261: Remove CERTCertificate from mozilla::pkix revocation checking API, r=keeler
2a2881b88dacd713b6a4169017a2879c27e7bf2bDavid Keeler — bug 997509 - heed expired Revoked or Unknown OCSP responses r=briansmith
b9f36cfede5da9f2033bb0992b6cc874ae284eccBrian Smith — Bug 1006812: Use mozilla::pkix::der to decode the key usage extension, r=keeler
6fb1b8bbfe36976a32d6a8620b8095d62cd0dd4eBrian Smith — Bug 1027255: Add ASSERT_/EXPECT_ GTest helpers for mozilla::pkix::Result, r=mmc
8bf9d1db97564270a82c68abc2d81137ae38bd0eBrian Smith — Bug 1022970: Switch from UNIFIED_SOURCES back to SOURCES in security/pkix, security/certverifier, and security/manager/ssl/src, r=keeler
7501d2d75778b6690318c6451241fc2c0167e788Camilo Viecco — Bug 998513 - Test GeneralizedTime encodings in mozilla::pkix. r=keeler.
2056f72684e8fab04adf98812aa4b80ca56f54afDavid Keeler — bug 1020993 - properly handle unknown critical extensions in BackCert::Init r=briansmith
c87a64ddc34e069f980534d565d98400bd68472bCamilo Viecco — Bug 1021797 - Rename ArenaFalseCleaner to PORT_FreeArena_false. r=keeler
285280a366a27d0bbcd6754063718d47e02b76aeBrian Smith — Bug 1020683, Part 3: Fix build bustage, a=BUSTAGE on a CLOSED TREE
802f0aeb80f1bc9499c1f468cc82df5194ca3e6aBrian Smith — Bug 1020682: Simplify mozilla::pkix results cert chain construction and make it more efficient, r=cviecco
00685ee5dc8b39407aaecdc1b4e89e8c97a72079Brian Smith — Bug 1020683, Part 2: Remove more references to CERTCertificate from mozilla::pkix, r=keeler
409b85bc56668102eeefaed6d363d195dfe4c493Brian Smith — Bug 1020683, Part 1: Remove internal uses of CERTCertificate from mozilla::pkix::VerifyEncodedOCSPResponse, r=keeler
aaf2f5dbf4107c0ed6f12cf9d87f9703a3949159Brian Smith — Bug 1018411: Factor out signed data parsing in mozilla::pkix into a reusable and separately-testable function, r=keeler
fa6a44d6406b6179c109f287ac503d1cc5b658efCamilo Viecco — Bug 1000548 - Leaking arenas allocated in mozilla::pkix r=keeler
256ba8fcdc48876de2726622a71c952d0ec02ea2Brian Smith — Bug 1019814: Remove CERTCertificate dependency from TrustDomain::GetCertTrust, r=keeler
596d6e2edb9dec40557038bbffaa0e796e3eaba0Brian Smith — Bug 1019109: Add tool, r=keeler
e02114bec135e151d7832e748b7453c4676b5f6eBrian Smith — Bug 1018633: Simplify the max cert chain length check code in mozilla::pkix and make it more efficient, r=cviecco
7892ae7fa4c5497d9e064e9052b2fd856f602e4cBrian Smith — Bug 1001188: Set the error code when the max cert chain length limit is exceeded, r=cviecco
b02b3fe865a2c4a2b7f6e905a8da96dc15a08d82Brian Smith — Bug 1018642: Factor out reusable NSS GTest infrastructure into a new NSSTest class, r=cviecco
b7273e1ff04bcd000e6042fb428ebbc1c0b3cc6bBrian Smith — Bug 1018064: Replace mozilla::pkix::der::Input::Match with mozilla::pkix::der::Input::MatchRest, r=mmc
c2db252ba069299d2618f5602c3a0606e48655f1Brian Smith — Bug 1018061: Have mozilla::pkix::der::Input::Read use EnsureLength instead of its own checks, r=mmc
43f0db236c0598a13ecf771811e3fde81d5047b6Camilo Viecco — Bug 991815 - Part 1/2 - Allow intermediate OCSP responses up to 1 year old. r=keeler
654f509c6524e911583043e644b0b31239bd070fBrian Smith — Bug 1018033: Prevent buffer read overflow due to integer overflow in mozilla::pkix::der::Input::EnsureLength, r=keeler
0f8f93ecc6380d21fc213cef73960ccaddccd386Brian Smith — Bug 1018041: Fix linking error in pkix_ocsp_request_tests when GTest is enabled on Windows, r=keeler
2c2c06d50c9e94dc133e1bd870eabb8c5a3988bfChris Peterson — Bug 1007708 - Part 1: Fix warnings in security/pkix/test/ and mark as FAIL_ON_WARNINGS. r=briansmith
c91ca2050c0fb38e6e62fb58f03261914251b9daDavid Keeler — bug 986150 - fix some comments in mozilla::pkix DER tests r=mmc
9760266b33d1dcc3de3d0a0de9f77b01bcb61a21David Keeler — bug 986150 - test mozilla::pkix::der::OptionalBoolean r=mmc
4ccf8ac0ae2d47dbe9b0223bb9f26b9f8bcb9560David Keeler — bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith
48f62dea0cc420b595003b4247a296c247845827David Keeler — bug 1002814 - retry PK11_GenerateKeyPair when it fails non-fatally r=briansmith
b9b08e5e4685d7180e311795a7be588fac0a8ecdBrian Smith — Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler
6fa351c654032e20eef6ef76fb0f94a4a74a3cf9Brian Smith — Bug 1010581: Document Expect/Match/Skip terminology in mozilla::pkix::der and make that code more consistent, r=keeler
34c3d9eaf99530cc168a0481a315643ef2aa9f8fBrian Smith — Bug 1006041: Use mozilla::pkix::der for decoding the extended key usage extension, r=keeler
12e0942396f772e3f843ebb0f5ed7ff4487181adBrian Smith — Bug 989564, Part 2: Remove CERTCertificate dependency from CheckBasicConstraints, r=keeler
137b800c2371dbe05e2ade6ec227567641bc39f8Brian Smith — Bug 989564, Part 1: Decode basic constraints extension using mozilla::pkix::der, r=keeler
b4de91b65bc7341a719708a02c4f95c9b5232c1eDavid Keeler — backout fefd98914b02 (bug 1002814) for gtest breakage
fefd98914b02c209f8ad0744bb1fca40c2e6d0a0David Keeler — bug 1002814 - OCSP requests: long serial check should be on cert, not issuerCert r=briansmith
54ae61542a726d68c49857f3ecd42cacb7df0384Gervase Markham — Bug 1007195 - Change licensing on mozilla::pkix to dual Apache 2/MPL 2. r=briansmith.
a581aefd17aac3878746e2315894efbc7d4ae356Jacek Caban — Bug 1005309 - Fixed MSVC detection.
0804e1157e5607a77b8ec528e9f2984a96fffcedDavid Keeler — bug 1007962 - CreateEncodedCertificate should take a SECItem as its serialNumber argument r=mmc
ec31af989ab650853eab91deda53cc783c33fa98David Keeler — bug 1007813 - match CreateEncodedCertificate declaration to its definition r=mmc
3e8a44292f8f7dfdb3ab1f34956afbcd5ed238d4Monica Chew — Bug 1000354: Fix comment and make test clearer (r=keeler)
1afd82fa39367718ac10dee2d547bca78c771815Brian Smith — Bug 1005667: Fix build warning due to buggy test code in pkixtestutil.cpp, r=dholbert
ef752e779de97852fb3fbf293460515bcd90e3baBrian Smith — Bug 1005309, Part 2: Enable extended compiler warnings (-W4 -Wall) in mozilla::pkix, r=mmc
050dd0c10115057976fa635fc46d1685007b90b0Brian Smith — Bug 1005309, Part 1: Improve type conversion and error checking for hashing done in mozilla::pkix's pkixocsp.cpp. r=mmc
54d6b9b49948790285405d6e165e293e2181df2bBrian Smith — Bug 1005256: Improve parameter validation in mozilla::pkix::der::Input::GetSECItem, r=mmc
b7c76c4e8539df8d7e29175ed86d0eb7a09d3fcbBrian Smith — Bug 1005208: Rename issuerKeyHash to keyHash in mozilla::pkix's pkixocsp.cpp, r=mmc
986d711b9236281433e54640aeb115b072844fd4Brian Smith — Bug 1005198: Make it easy to create test certificates in GTest tests, r=keeler
6d0697138495f5fddeb44784a87996c53c75e77cBrian Smith — Bug 1003290: Fix OID parser template type, r=keeler
18ec05e5157cd1c4084788d7e679d98d62e66de9Brian Smith — Bug 1002933: Use Strongly-typed enums more often in mozilla::pkix, r=mmc
0a09d9702f54dfafd90d5816a3eec5b5d11fb807Brian Smith — Bug 1002929: Avoid implicit conversion of Result to boolean in mozilla::der::GeneralizedTime, r=keeler
1647211b28ced05ea3af826c8140c5b90faab4acCamilo Viecco — Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler
c47a0c94e8c16c02a39ce2faeaa37c9665064edaBrian Smith — Bug 998067: Add utility code for making it easier to create GTests based on NSS, r=keeler
e9863539786142ee6319293c26c90639eb274fcaBrian Smith — Bug 1000544: Use "Fail(x, y)" instead of "PR_SetError(y, 0); return x;" more consistently, r=mmc
9b228e18e706f40496a3f8b64674c84fb60c6d6cBrian Smith — Bug 1000482: Remove unused stapledOCSPResponse parmaeter from BuildForwardInner, r=mmc, r=keeler
2948061a6a96ed4801add653c85d565209770e3bBrian Smith — Bug 1000483: Remove unused isTrustAnchor parameter from CheckKeyUsage, r=cviecco
086db8b0bd47f4b28ba972ef73e2be884ffffa6bStefan Arentz — Bug 968490: Add mozilla::pkix::der unit tests (r=cviecco)
1e75b5f05d2a8a4721d7755f3b376fa1b60bf64eDavid Keeler — bug 991898 - mozilla::pkix: temporarily allow empty Extensions in OCSP responses r=briansmith
8060d6d3870797faba321604b8f65c0ebf1ce014David Keeler — bug 997843 - mozilla::pkix::der::Input::Expect should take a uint16_t as its length argument r=briansmith
b9001dcffbf176ecb9e15ae03853499235fe65e1David Keeler — bug 982774 - der::ExpectTagAndGetLength: check that input has enough capacity for the length described r=briansmith
c681e793c40cb717f4c5ffe8802a9016b5ebb396David Keeler — bug 972753 - OCSP testing: delegated responses and including multiple certificates r=cviecco
5bd6c8f9aebf9867b7b22b60e51b2326e82ab6deDavid Keeler — bug 991209 - mozilla::pkix: allow non-end-entity certs to have OCSP signing EKU r=briansmith
4e06281520ea27ab20f6631f719fdd104e66bec4David Keeler — bug 990603 - mozilla::pkix: defer reporting end-entity cert errors until after path building r=briansmith
285ef601001bcb208c3313df0b03c2987315c434David Keeler — bug 989516 - mozilla::pkix: temporarily allow improper basicConstraint:cA encodings r=cviecco
2c9813fb0e7d8f8a0f057f1b7cb263b927f21b1bDavid Keeler — bug 987295 - mozilla::pkix: test ocsp extension decoding r=cviecco
979ea432c7d9b9525f2db06153f9764f8b77da7eDavid Keeler — bug 987295 - mozilla::pkix: fix decoding OCSP response extensions r=cviecco
4b6d95a862f635af79a89b1bd271f39c2b7d1f75Camilo Viecco — Bug 986156 - Allow anypolicyoid and reject on inhibitAnypolicy (mozilla::pkix). r=bsmith
02f80b8cb3c8a41f33deb6a23b5f25d63490575eCamilo Viecco — Bug 982292 - Allow nsSGC to 'nest' TLS Web Server Authentication EKU in moz::pkix. r=bsmith
7279667ea89e0a3bf19f5bea40c0efc0304dd40aBrian Smith — Bug 982778: Initialize parameters of output value of der::AlgorithmIdentifier, r=keeler
fbb00ee44519fbf3ad56c7b2e33a5d148c215b34Camilo Viecco — Bug 969188 - Part 2/3 - mozilla::pkix only decode v3 extensions in v3 certificates. r=briansmith
bd70b7a38f18e806be6908feef01a1eb9ca9c417Camilo Viecco — Bug 969188 - Part 1/3 - Fix mozilla::pkix handling of trusted v1 certificates. r=briansmith
5311da21eb8250ae4efbb650893730d5ca18d94eDavid Keeler — bug 987262 - mozilla::pkix: refactor Nested AtEnd() checks in pkixder.h r=briansmith
d9086abee5866fcc1a3e14c98a67a890ad0936beDavid Keeler — bug 985021 - mozilla::pkix: temporarily accept pathLenConstraint in EE basic constraints extensions r=briansmith
d92b7e25c7c728d2bfe44f238da7ede5a9f54b13David Keeler — backout bug 985021 (5ef925251f56) for another build breakage on a CLOSED TREE r=backout
5ef925251f56b4cbb653229e6f149316bc0edf57David Keeler — bug 985021 - mozilla::pkix: temporarily accept pathLenConstraint in EE basic constraints extensions r=briansmith
65f5d187786ade4bde386847ada8d2b8f46af28fDavid Keeler — backout bug 985021 (76f63c6ad15b) for build breakage r=backout
76f63c6ad15b9aa648474c0ebecce8bad2b48d32David Keeler — bug 985021 - mozilla::pkix: temporarily accept pathLenConstraint in EE basic constraints extensions r=briansmith
b67a4d8cf24cc0e8378582fa1f12560c0e614936David Keeler — bug 985201 - rename insanity::pkix to mozilla::pkix r=cviecco r=briansmith