security/certverifier/CertVerifier.cpp
078bf91ed20ade5d1564af8b81d5a4668931a135
created 2016-03-15 17:19 -0700
pushed 2016-07-25 16:35 +0000
David Keeler David Keeler - bug 1240118 - add functionality to treat a test certificate as a built-in root r=mgoodwin
86c4213bc6289a6d29277d352814620572b0d194
created 2016-03-04 17:06 -0800
pushed 2016-07-25 16:35 +0000
David Keeler David Keeler - bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin
5c19306be55e240d32c7b36f39a06b640c69fce5
created 2016-01-28 10:36 -0800
pushed 2016-07-25 16:35 +0000
sajitk sajitk - Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd
38bf4f8e55bcc609eaeda0e7b5666f91f82a9a6c
created 2016-03-09 14:22 -0800
pushed 2016-07-25 16:35 +0000
Wes Kocher Wes Kocher - Backed out changeset 490eb9194ae1 (bug 1228175) for TestIsCertBuiltInRoot failures on at least Android
490eb9194ae1bdd73cf4e105654dae2bf4d1abfe
created 2016-03-04 17:06 -0800
pushed 2016-07-25 16:35 +0000
David Keeler David Keeler - bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin
7d517a67d1a2d6b9f858b4a60deda10246a6bcfd
created 2016-02-18 06:01 -0800
pushed 2016-06-01 01:31 +0000
Cykesiopka Cykesiopka - Bug 1248874 - Replace Scoped.h templates used only by PSM in ScopedNSSTypes.h with UniquePtr equivalents. r=dkeeler
5e5b76d866341d47db93066b393af616b1e78f43
created 2016-01-29 10:15 -0800
pushed 2016-06-01 01:31 +0000
Wes Kocher Wes Kocher - Backed out changeset 7ec471c99263 (bug 1219482) to hopefully fix the intermittent hazard failures CLOSED TREE
7ec471c9926360990ad4ec55376c53b54638da3f
created 2016-01-28 10:36 -0500
pushed 2016-06-01 01:31 +0000
sajitk sajitk - Bug 1219482 - Replace PRLogModuleInfo with LazyLogModule in security subdirectory. r=froydnj
bb6bfd172d6e40b5d6a87d8118faf860c02f8545
created 2016-01-13 12:50 -0800
pushed 2016-04-15 21:02 +0000
David Keeler David Keeler - bug 1239455 - rework telemetry for SHA-1 certificates to reflect possible policy states r=Cykesiopka,mgoodwin,rbarnes
801655542a1297462d83ee52f4f96c809e69458d
created 2015-11-13 16:49 +0000
pushed 2016-02-29 17:11 +0000
Mark Goodwin Mark Goodwin - Bug 901698 - Implement OCSP-must-staple; r=keeler
0516d4db29a9d76361dd51331036e0b059b4dd60
created 2015-09-11 14:52 -0400
pushed 2015-12-04 23:28 +0000
Richard Barnes Richard Barnes - Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
fc86e9f2d6ea34b486058211fe468f4ada67f144
created 2015-08-21 15:14 +0100
pushed 2015-12-04 23:28 +0000
Mark Goodwin Mark Goodwin - Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler)
31d0ae4d8c62e08a17784a6be2ad185d6b2f4e23
created 2015-07-09 07:22 +0100
pushed 2015-10-26 12:58 +0000
Mark Goodwin Mark Goodwin - Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)
a2b818a26d8528a8da37b16622e06df4d0c1676f
created 2015-06-29 22:19 +0200
pushed 2015-10-26 12:58 +0000
Cykesiopka Cykesiopka - Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler
7da175eb7a6fc3673ce9a5fdee8b12fef1350fca
created 2015-06-01 13:55 -0700
pushed 2015-09-14 18:56 +0000
David Keeler David Keeler - bug 1170303 - treat malformed name information in certificates as a domain name mismatch r=Cykesiopka
4bc3d8e62192ea5ff9084681778e5e95648cfa48
created 2015-05-28 13:29 -0700
pushed 2015-09-14 18:56 +0000
Richard Barnes Richard Barnes - Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler
3ba889bb0741884c66bbe902a571ac2e1e2be8cd
created 2015-06-08 11:37 -0400
pushed 2015-09-14 18:56 +0000
Ryan VanderMeulen Ryan VanderMeulen - Backed out changeset fda85020d842 (bug 1010068) for Android test_cert_overrides.js failures.
fda85020d8424532ec552b7178b457015ca3d031
created 2015-05-28 13:29 -0700
pushed 2015-09-14 18:56 +0000
Richard Barnes Richard Barnes - Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler
f52c18aac7ce0949190da943ec5d4ee86627d0f8
created 2015-06-03 15:25 -0700
pushed 2015-09-14 18:56 +0000
Eric Rahm Eric Rahm - Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
3c8ed81098ddbe4a4c09e7aa652b5288dc4ce0d3
created 2015-06-02 13:05 +0200
pushed 2015-09-14 18:56 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out 14 changesets (bug 1165515) for linux x64 e10s m2 test failures
7c3b45a47811b55f4e973d996dd149c5d575721b
created 2015-06-01 22:17 -0700
pushed 2015-09-14 18:56 +0000
Eric Rahm Eric Rahm - Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
3f1f9238e02fe107701bf3ab4237c0cb3b125710
created 2015-06-01 17:57 -0700
pushed 2015-09-14 18:56 +0000
Wes Kocher Wes Kocher - Backed out 14 changesets (bug 1165515) for b2g mochitest-6 permafail CLOSED TREE
150606c022a29517f43ee6907075170db825c947
created 2015-06-01 14:31 -0700
pushed 2015-09-14 18:56 +0000
Eric Rahm Eric Rahm - Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
8a03e892db51e07a20a85f97abe073cee7be0fa0
created 2015-05-21 13:22 -0700
pushed 2015-09-14 18:56 +0000
Eric Rahm Eric Rahm - Bug 1165515 - Part 1: Convert PR_LOG to MOZ_LOG. r=froydnj
1853f12d7d8c336d0689a8d3e0e21e174609f50a
created 2015-04-06 16:10 -0700
pushed 2015-09-14 18:56 +0000
David Keeler David Keeler - bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
b46612a5525552a32c511d9b223e1e8291262a13
created 2015-05-07 11:06 -0700
pushed 2015-09-14 18:56 +0000
David Keeler David Keeler - bug 1102436 - remove PublicKeyPinningService::CheckChainAgainstAllNames r=Cykesiopka
0ddc5628704f72f0913507cb80afc48ef113f1fb
created 2015-06-15 13:53 -0700
pushed 2015-08-03 13:22 +0000
Richard Barnes Richard Barnes - Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android. r=keeler, a=lizzard
4dd61213c4677cac242f4b4423148465cf4bf7b5
created 2015-06-11 14:56 -0700
pushed 2015-08-03 13:22 +0000
David Keeler David Keeler - Bug 1170303 - Treat malformed name information in certificates as a domain name mismatch. r=Cykesiopka, a=lizzard
3cdce28ffcc6de50fac4fce22a8bca0a467db44b
created 2015-05-08 14:36 -0700
pushed 2015-08-03 13:22 +0000
Eric Rahm Eric Rahm - Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj
056a30240faefe2a525d5bcd8ccb098510626b98
created 2015-06-11 14:56 -0700
pushed 2015-06-19 19:24 +0000
David Keeler David Keeler - Bug 1170303 - Treat malformed name information in certificates as a domain name mismatch. r=Cykesiopka, a=lizzard
5ab6348ad96ea26ebb837d530abb114d70f0d1f8
created 2015-03-25 11:04 -0700
pushed 2015-06-19 19:24 +0000
David Keeler David Keeler - bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc, r=smaug, r=cykesiopka, r=past, a=sledru
eee856befda3b54b11383be5192ce333de40ea08
created 2015-03-05 16:41 +0100
pushed 2015-06-19 19:24 +0000
Cykesiopka Cykesiopka - Bug 1139177 - RSA public key size checking cleanups. r=keeler
a76195f874dedc6d57c5b7fcae3f235634447ebf
created 2015-02-24 15:48 -0800
pushed 2015-04-21 23:03 +0000
David Keeler David Keeler - Bug 1049740 - Implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys. r=briansmith
fa67b437a89ab8590a5bcd3a91a4d779f716c6dd
created 2015-01-23 06:17 +0100
pushed 2015-04-21 23:03 +0000
TheKK TheKK - Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz
f1ba8432414daea5876b80dce3a2e633c8434414
created 2014-12-17 21:31 -0500
pushed 2015-03-23 22:08 +0000
Kaspar Brand Kaspar Brand - Bug 1112487 - The signing certificates with key usage only non-repudiation is taken as invalid for signing. r=keeler
63f7bbd24da3d620d9c0d076e01826a64aa7d268
created 2014-12-11 23:22 -0800
pushed 2015-02-18 20:30 +0000
Brian Smith Brian Smith - Bug 1107666 - Fix OCSP stapling telemetry (SSL_OCSP_STAPLING). r=keeler
c7c48ab6ee5e3e0c65e35966511e838bc680a80f
created 2014-10-28 15:28 -0700
pushed 2015-02-18 20:30 +0000
Brian Smith Brian Smith - Reland Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
ed2cdcdb52408e549b5f5d47c6ebc02d506d83bb
created 2014-10-28 12:30 -0700
pushed 2015-02-18 20:30 +0000
Brian Smith Brian Smith - Back out cset 9b72d139e817 (Bug 1063281, Part 9) due to compatibility regressions on a CLOSED TREE, a=ryanvm
9b72d139e81766bdcf363c7b9ed0bf3f248c32d2
created 2014-09-21 17:43 -0700
pushed 2015-02-18 20:30 +0000
Brian Smith Brian Smith - Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
f564fff0642cfbd82f7192d7e2d8b00610e16091
created 2014-10-18 15:18 +0200
pushed 2015-02-18 20:30 +0000
Cykesiopka Cykesiopka - Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
209ec35a59c13bfccd4b5a787268cb4e1eaf1bb3
created 2014-10-17 13:14 +0200
pushed 2015-02-18 20:30 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests
3afdc3253979b356a146c55e49eb68eb48580927
created 2014-10-16 05:13 +0200
pushed 2015-02-18 20:30 +0000
Cykesiopka Cykesiopka - Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
f378b68991bca8a6711b54bfe11b09a65fc13d27
created 2014-12-11 23:22 -0800
pushed 2015-01-05 23:23 +0000
Brian Smith Brian Smith - Bug 1107666 - Fix OCSP stapling telemetry (SSL_OCSP_STAPLING). r=keeler, a=sledru
4f90b7fb1918462222c557100342cdd627e2f3f3
created 2014-09-25 11:18 -0700
pushed 2015-01-05 23:23 +0000
David Keeler David Keeler - bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco
9dc5491eb546b9d334fd305488d50891e2749773
created 2014-09-25 11:08 -0700
pushed 2015-01-05 23:23 +0000
David Keeler David Keeler - bug 1071308 - (1/2) rename pinning_enforcement_level to PinningMode for brevity r=cviecco
fea4ac1165f99364b6c997c8e4e1e825c399c3f9
created 2014-11-05 09:37 -0800
pushed 2014-11-24 19:04 +0000
David Keeler David Keeler - bug 1083118 - backout removal of unsafe, non-standardized legacy window.crypto functions r=bz a=lmandel ba=lmandel
46ddbee26635ab23a6f62d9b2dcee51681473e74
created 2014-09-12 13:20 -0700
pushed 2014-11-24 19:04 +0000
David Keeler David Keeler - Bug 1066190 - Ensure that pinning checks are done for otherwise overridable errors. r=mmc, a=sledru
c4d1c00413479524bbd1f9ef4ba1f0809099af65
created 2014-08-21 10:37 -0700
pushed 2014-11-24 19:04 +0000
David Keeler David Keeler - bug 1049095 - re-verify joinee certificate with joining hostname when joining connections r=briansmith r=mcmanus r=cviecco r=mmc r=rbarnes
68499003df5ed29ba5cc594aeac3b166f4730de7
created 2014-08-14 09:38 -0700
pushed 2014-11-24 19:04 +0000
David Keeler David Keeler - bug 1030963 - remove non-standard window.crypto functions/properties r=jst r=briansmith r=glandium
a4a8b3b58191206f53748d823cf255fba4042253
created 2014-08-02 08:49 -0700
pushed 2014-11-24 19:04 +0000
Brian Smith Brian Smith - Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler
c989be71f8443b628a15cd0aab16f47de73d3582
created 2014-07-31 12:17 -0700
pushed 2014-11-24 19:04 +0000
Brian Smith Brian Smith - Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler
c04d170a0bd9ad169065d5546a1149554a543422
created 2014-07-18 22:30 -0700
pushed 2014-11-24 19:04 +0000
Brian Smith Brian Smith - Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler
5f7dc391e8611d1f12f77d55f2c5a56ef8f6f29e
created 2014-07-18 11:48 -0700
pushed 2014-11-24 19:04 +0000
Brian Smith Brian Smith - Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler
1e3320340bd2375cf89bc2d8bb746db4795dd24e
created 2014-09-12 13:20 -0700
pushed 2014-10-06 12:51 +0000
David Keeler David Keeler - Bug 1066190 - Ensure that pinning checks are done for otherwise overridable errors. r=mmc, a=sledru
1f599d357743c088c6e1237580d367a9c5a6278c
created 2014-07-18 11:48 -0700
pushed 2014-10-06 12:51 +0000
Brian Smith Brian Smith - Bug 1039064 - Use strongly-typed enum instead of NSPR-style error handling. r=keeler, a=lmandel
b8c9b76b6585da4b72cb4822185c4076299bbc9e
created 2014-09-15 15:57 -0400
pushed 2014-10-06 12:51 +0000
Ryan VanderMeulen Ryan VanderMeulen - Backed out 3 changesets (bug 1039064, bug 1040446, bug 1034124) for ASAN xpcshell hangs.
f3115a9f645c1a88e4f21a38b214d3665945222d
created 2014-07-18 11:48 -0700
pushed 2014-10-06 12:51 +0000
Brian Smith Brian Smith - Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler a=lmandel
d8e146e60d2401c8038041740e99477aabc3b4f0
created 2014-08-21 10:37 -0700
pushed 2014-10-06 12:51 +0000
David Keeler David Keeler - Bug 1049095 - Re-verify joinee certificate with joining hostname when joining connections. r=briansmith, r=mcmanus, r=cviecco, r=mmc, r=rbarnes, a=sledru
a6389627c3a4d841462b60223357bedc5494ebca
created 2014-07-14 16:43 -0700
pushed 2014-10-06 12:51 +0000
Brian Smith Brian Smith - Bug 1038098: Save intermediate certificates during TLS handshake, r=keeler
0ed88d692f42f34802beafcea77797f61c918155
created 2014-07-06 15:55 -0700
pushed 2014-10-06 12:51 +0000
Brian Smith Brian Smith - Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler
less more (0) -100 -60 tip