searching for reviewer(franziskus)
15af035c0cf4da68e737aee400ac96a182d5c1a1: bug 1498909 - dynamically load libsecret at runtime if available r=franziskus,jcj
Dana Keeler <dkeeler@mozilla.com> - Thu, 03 Jan 2019 00:39:45 +0000 - rev 512352
Push 1953 by ffxbld-merge at Mon, 11 Mar 2019 12:10:20 +0000
bug 1498909 - dynamically load libsecret at runtime if available r=franziskus,jcj Enough linux-based systems don't have libsecret that we can't make it a requirement on linux. For those that do, however, we can dynamically load the library at runtime. For those that don't, we can fall back to NSS. Differential Revision: https://phabricator.services.mozilla.com/D9969
7918775acbec8eb792edde32c817db9d193ea6d0: bug 1499882 - remove HSTS holepunch for chart.apis.google.com because it now has a valid certificate r=franziskus
Dana Keeler <dkeeler@mozilla.com> - Tue, 13 Nov 2018 08:14:06 +0000 - rev 505317
Push 1905 by ffxbld-merge at Mon, 21 Jan 2019 12:33:13 +0000
bug 1499882 - remove HSTS holepunch for chart.apis.google.com because it now has a valid certificate r=franziskus Differential Revision: https://phabricator.services.mozilla.com/D11695
ccfeb561645b499025c28c26287ee0b8d96cc7ad: bug 1499846 - implement user reauthentication on MacOS r=franziskus,spohl
David Keeler <dkeeler@mozilla.com> - Thu, 25 Oct 2018 00:24:04 +0000 - rev 502093
Push 1905 by ffxbld-merge at Mon, 21 Jan 2019 12:33:13 +0000
bug 1499846 - implement user reauthentication on MacOS r=franziskus,spohl Differential Revision: https://phabricator.services.mozilla.com/D9025
6fc4224069b26bb408ee1b835a74fe1df9c676ed: bug 1498351 - add interface to allow OS-specific user re-authentication r=franziskus
Dana Keeler <dkeeler@mozilla.com> - Tue, 16 Oct 2018 16:06:30 +0000 - rev 499950
Push 1864 by ffxbld-merge at Mon, 03 Dec 2018 15:51:40 +0000
bug 1498351 - add interface to allow OS-specific user re-authentication r=franziskus This patch introduces the interface with a stub implementation that does nothing. Follow-up bugs will add platform-specific implementations. Differential Revision: https://phabricator.services.mozilla.com/D8480
7381bd2bb8eb974217ed0843cb808381e2aabe67: bug 1478480 - enable GlobalSign Root CA - R6 for EV in PSM r=franziskus
Dana Keeler <dkeeler@mozilla.com> - Thu, 11 Oct 2018 07:12:48 +0000 - rev 499210
Push 1864 by ffxbld-merge at Mon, 03 Dec 2018 15:51:40 +0000
bug 1478480 - enable GlobalSign Root CA - R6 for EV in PSM r=franziskus This patch also switches all GlobalSign EV roots to using the CA/Browser Forum EV policy OID. Differential Revision: https://phabricator.services.mozilla.com/D8258
7f11410fc93f53da999993e4bd383fc323958c88: bug 1343927 - add utility function to verify binary transparency inclusion proofs r=franziskus,jcj
Dana Keeler <dkeeler@mozilla.com> - Mon, 08 Oct 2018 20:37:20 +0000 - rev 498464
Push 1864 by ffxbld-merge at Mon, 03 Dec 2018 15:51:40 +0000
bug 1343927 - add utility function to verify binary transparency inclusion proofs r=franziskus,jcj Differential Revision: https://phabricator.services.mozilla.com/D7669
2f4adf14e6231a1668558dd78ecbe56a421591b6: bug 832834 - reimplement nsSecureBrowserUIImpl r=franziskus,Felipe
Dana Keeler <dkeeler@mozilla.com> - Wed, 05 Sep 2018 17:12:36 +0000 - rev 493408
Push 1864 by ffxbld-merge at Mon, 03 Dec 2018 15:51:40 +0000
bug 832834 - reimplement nsSecureBrowserUIImpl r=franziskus,Felipe It turns out nsSecureBrowserUIImpl is considerably more complicated than it needs to be. This patch reimplements it in terms of OnLocationChange only, which is all it needs to produce the same behavior as before. Differential Revision: https://phabricator.services.mozilla.com/D3548
4ad33c6fbfcad5dd5a72a1cc6a916eb49a93c6e4: bug 832834 - reimplement nsSecureBrowserUIImpl r=franziskus,Felipe
David Keeler <dkeeler@mozilla.com> - Tue, 04 Sep 2018 23:10:37 +0000 - rev 493162
Push 1864 by ffxbld-merge at Mon, 03 Dec 2018 15:51:40 +0000
bug 832834 - reimplement nsSecureBrowserUIImpl r=franziskus,Felipe It turns out nsSecureBrowserUIImpl is considerably more complicated than it needs to be. This patch reimplements it in terms of OnLocationChange only, which is all it needs to produce the same behavior as before. Differential Revision: https://phabricator.services.mozilla.com/D3548
6ef1b4f2756a3acaef780237c50aa9b0e9fd59e8: bug 1460062 - Enforce Symantec distrust in Firefox 63 r=franziskus
David Keeler <dkeeler@mozilla.com> - Mon, 13 Aug 2018 14:59:47 +0000 - rev 488981
Push 1815 by ffxbld-merge at Mon, 15 Oct 2018 10:40:45 +0000
bug 1460062 - Enforce Symantec distrust in Firefox 63 r=franziskus This patch implements the Symantec distrust plan on Nightly only for now. Differential Revision: https://phabricator.services.mozilla.com/D2959
123ca165e8a759ca966de3c557e4b6f53652759d: bug 1476473 - disable EV treatment for DocuSign roots r=franziskus
David Keeler <dkeeler@mozilla.com> - Thu, 02 Aug 2018 07:39:14 +0000 - rev 487560
Push 1815 by ffxbld-merge at Mon, 15 Oct 2018 10:40:45 +0000
bug 1476473 - disable EV treatment for DocuSign roots r=franziskus Differential Revision: https://phabricator.services.mozilla.com/D2255
da4d091b0d2fa9bb8d728771b075e0813c62d201: bug 1433409 - avoid acquiring nsNSSComponent.mMutex when we don't have to r=franziskus
David Keeler <dkeeler@mozilla.com> - Wed, 01 Aug 2018 20:56:28 +0000 - rev 487400
Push 1815 by ffxbld-merge at Mon, 15 Oct 2018 10:40:45 +0000
bug 1433409 - avoid acquiring nsNSSComponent.mMutex when we don't have to r=franziskus In some cases, nsNSSComponent functions were acquiring nsNSSComponent's mMutex to check mNSSInitialized to see if it had been initialized. It turns out this is unnecessary in some cases because those functions are only callable if nsNSSComponent has been initialized. This fixes those instances and renames 'mNSSInitialized' to 'mNonIdempotentCleanupMustHappen' to make it clear exactly what that boolean represents. Differential Revision: https://phabricator.services.mozilla.com/D2577
4bc5e9fd5a1c0075ddece8321daf13eded3032e0: bug 1478667 - implement OS key-store adapter for OS X r=franziskus,spohl
David Keeler <dkeeler@mozilla.com> - Tue, 31 Jul 2018 20:52:56 +0000 - rev 487221
Push 1815 by ffxbld-merge at Mon, 15 Oct 2018 10:40:45 +0000
bug 1478667 - implement OS key-store adapter for OS X r=franziskus,spohl This implements support for OS-backed storage of secrets using the OS X keychain APIs. Differential Revision: https://phabricator.services.mozilla.com/D2487
26ac31d53e50217dff8829e6d9bae18c7e36b812: bug 1475775 - clean up old NSS DB file after upgrade if necessary r=franziskus,mattn
David Keeler <dkeeler@mozilla.com> - Tue, 17 Jul 2018 13:51:00 -0700 - rev 485843
Push 1815 by ffxbld-merge at Mon, 15 Oct 2018 10:40:45 +0000
bug 1475775 - clean up old NSS DB file after upgrade if necessary r=franziskus,mattn Reviewers: franziskus, mattn Bug #: 1475775 Differential Revision: https://phabricator.services.mozilla.com/D2202
7635ef4a997ddfac1a33604bb799af8d71057847: bug 1300420 - add enterprise root support for OS X r=spohl,franziskus
David Keeler <dkeeler@mozilla.com> - Fri, 20 Jul 2018 19:28:09 +0000 - rev 485353
Push 1815 by ffxbld-merge at Mon, 15 Oct 2018 10:40:45 +0000
bug 1300420 - add enterprise root support for OS X r=spohl,franziskus If the preference security.enterprise_roots.enabled is set to true, the platform will import trusted TLS certificates from the OS X keystore. Differential Revision: https://phabricator.services.mozilla.com/D2169
bbe392227b7d6376bb99843e781e7bd056ddeaba: bug 1301547 - remove ancient workaround in client certificate code r=franziskus
David Keeler <dkeeler@mozilla.com> - Mon, 16 Jul 2018 16:30:15 -0700 - rev 484735
Push 1815 by ffxbld-merge at Mon, 15 Oct 2018 10:40:45 +0000
bug 1301547 - remove ancient workaround in client certificate code r=franziskus Apparently a prehistoric server implementation would send a certificate_authorities field that didn't include the outer DER SEQUENCE tag, so PSM attempted to detect this and work around it. Telemetry indicates this is unnecessary now: https://mzl.la/2Lbi1Lz
620ddf00d78b96bb662c5489f44ac106fe21d92f: bug 1475105 - refactor platform-specific enterprise root code into its own file r=franziskus
David Keeler <dkeeler@mozilla.com> - Fri, 13 Jul 2018 17:30:16 +0000 - rev 484318
Push 1815 by ffxbld-merge at Mon, 15 Oct 2018 10:40:45 +0000
bug 1475105 - refactor platform-specific enterprise root code into its own file r=franziskus By separating the platform-specific code that finds enterprise roots to load into its own file, we can make it easier to both add support for other platforms and maintain the implementations going forward. Differential Revision: https://phabricator.services.mozilla.com/D2103
7afeaceba53d9c52a0f0319a3d44f1ac6e5b36c3: bug 1470918 - use only one thread for all DataStorage instances r=franziskus,froydnj
David Keeler <dkeeler@mozilla.com> - Mon, 09 Jul 2018 19:50:33 +0000 - rev 483275
Push 1815 by ffxbld-merge at Mon, 15 Oct 2018 10:40:45 +0000
bug 1470918 - use only one thread for all DataStorage instances r=franziskus,froydnj This introduces a helper class that provides one thread all DataStorage instances can use to do background work. This thread should have a light workload which mainly consists of reading some files at startup, periodically writing to these files, and writing them again at shutdown. One thread should be able to handle this and in any case having multiple threads trying to perform i/o at the same time would probably be less efficient than merely performing the work sequentially. Differential Revision: https://phabricator.services.mozilla.com/D1890
3b0c43b107ff1e48c70891124b0c9cbe199e9e73: bug 1471932 - avoid deadlock when loading 3rd party roots r=franziskus
David Keeler <dkeeler@mozilla.com> - Mon, 09 Jul 2018 19:34:02 +0000 - rev 483272
Push 1815 by ffxbld-merge at Mon, 15 Oct 2018 10:40:45 +0000
bug 1471932 - avoid deadlock when loading 3rd party roots r=franziskus ChangeCertTrustWithPossibleAuthentication should never be called while holding nsNSSComponent::mMutex, because doing so can result in showing the master password dialog, which spins the event loop, which can cause other code to run that may attempt to acquire the same lock (e.g. speculative connect checking nsNSSComponent to see if the user has smart cards or client certificates). Differential Revision: https://phabricator.services.mozilla.com/D2011
1e05e8939a189df7b3d8309ad7936079ec012057: Bug 1475775 - Clean up old NSS DB file after upgrade if necessary. r=franziskus, r=mattn, a=jcristau
David Keeler <dkeeler@mozilla.com> - Tue, 17 Jul 2018 13:51:00 -0700 - rev 480834
Push 1757 by ffxbld-merge at Fri, 24 Aug 2018 17:02:43 +0000
Bug 1475775 - Clean up old NSS DB file after upgrade if necessary. r=franziskus, r=mattn, a=jcristau Reviewers: franziskus, mattn Bug #: 1475775 Differential Revision: https://phabricator.services.mozilla.com/D2202
99a0a46fbae75d8d4acfaf3fcd3f327904e23898: bug 1471932 - avoid deadlock when loading 3rd party roots r=franziskus a=lizzard
David Keeler <dkeeler@mozilla.com> - Mon, 09 Jul 2018 19:34:02 +0000 - rev 480450
Push 1757 by ffxbld-merge at Fri, 24 Aug 2018 17:02:43 +0000
bug 1471932 - avoid deadlock when loading 3rd party roots r=franziskus a=lizzard ChangeCertTrustWithPossibleAuthentication should never be called while holding nsNSSComponent::mMutex, because doing so can result in showing the master password dialog, which spins the event loop, which can cause other code to run that may attempt to acquire the same lock (e.g. speculative connect checking nsNSSComponent to see if the user has smart cards or client certificates). Differential Revision: https://phabricator.services.mozilla.com/D2011
ec5e5816593915cf9c4ce808b9006ae03457d24c: Bug 1441338 - Change pgo certificates to use certspec/keyspec files r=keeler r=franziskus
J.C. Jones <jjones@mozilla.com> - Mon, 23 Apr 2018 11:14:17 +0200 - rev 471170
Push 1728 by jlund@mozilla.com at Mon, 18 Jun 2018 21:12:27 +0000
Bug 1441338 - Change pgo certificates to use certspec/keyspec files r=keeler r=franziskus (This also fixes Bug 879740 and Bug 1204543.) build/pgo/certs contains an NSS database set that has a bunch of hand-generated certificates, and many of these hand-generated certificates are specifically depended upon for a variety of unit tests. This patch changes all of these to use the "pycert.py" and "pykey.py" utilities that produce deterministic keys and certificates. The naming convention here is new, and defined in the README. It is based on the mochitest runtest.py naming convention that imports .ca and .client PEM-encoded certificates. Unfortunately, the updates to build/pgo/genpgocert.py to generate these files depends on OpenSSL in order to produce PKCS12 archives for pk11tool to import into NSS. This could be done with pure-NSS tooling, but it'd require some new command line functionality, which is out-of-scope for this change. Note that build/pgo/genpgocert.py no longer takes arguments when run. It's not run automatically anywhere that I can see, but could (reasonably) be, now. Differential Revision: https://phabricator.services.mozilla.com/D971
e3e46d91668a35c8b283cc6bcd7262347fbbb1ca: bug 1452139 - Don't include cookies when posting Telemetry r=gfritzsche,franziskus
Chris H-C <chutten@mozilla.com> - Tue, 10 Apr 2018 15:56:07 -0400 - rev 469090
Push 1728 by jlund@mozilla.com at Mon, 18 Jun 2018 21:12:27 +0000
bug 1452139 - Don't include cookies when posting Telemetry r=gfritzsche,franziskus We don't need or want cookies sent to incoming.tmo. It just throws them on the floor, but we needn't waste clients' bandwidth on it. MozReview-Commit-ID: F9WjcDyKFGN
8471e4e4f0df5888fe04ac0c060d426b94883239: Bug 1441338 - Change pgo certificates to use certspec/keyspec files r=keeler r=franziskus a=jcristau
J.C. Jones <jjones@mozilla.com> - Mon, 23 Apr 2018 11:14:17 +0200 - rev 463495
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
Bug 1441338 - Change pgo certificates to use certspec/keyspec files r=keeler r=franziskus a=jcristau (This also fixes Bug 879740 and Bug 1204543.) build/pgo/certs contains an NSS database set that has a bunch of hand-generated certificates, and many of these hand-generated certificates are specifically depended upon for a variety of unit tests. This patch changes all of these to use the "pycert.py" and "pykey.py" utilities that produce deterministic keys and certificates. The naming convention here is new, and defined in the README. It is based on the mochitest runtest.py naming convention that imports .ca and .client PEM-encoded certificates. Unfortunately, the updates to build/pgo/genpgocert.py to generate these files depends on OpenSSL in order to produce PKCS12 archives for pk11tool to import into NSS. This could be done with pure-NSS tooling, but it'd require some new command line functionality, which is out-of-scope for this change. Note that build/pgo/genpgocert.py no longer takes arguments when run. It's not run automatically anywhere that I can see, but could (reasonably) be, now. (This patch rebased for Beta) Differential Revision: https://phabricator.services.mozilla.com/D971
ddcb312fc7dccfba94336c1a557ff4f63181fb9f: Bug 1452139 - Don't include cookies when posting Telemetry. r=gfritzsche, r=franziskus, a=jcristau
Chris H-C <chutten@mozilla.com> - Tue, 10 Apr 2018 15:56:07 -0400 - rev 463325
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
Bug 1452139 - Don't include cookies when posting Telemetry. r=gfritzsche, r=franziskus, a=jcristau We don't need or want cookies sent to incoming.tmo. It just throws them on the floor, but we needn't waste clients' bandwidth on it. MozReview-Commit-ID: F9WjcDyKFGN
7ced88e883e9fd53d4f387bc87b639f46fbb511f: Bug 1432177, land NSS_3_36_RTM, r=franziskus
Kai Engert <kaie@kuix.de> - Mon, 05 Mar 2018 17:16:06 +0100 - rev 461609
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
Bug 1432177, land NSS_3_36_RTM, r=franziskus UPGRADE_NSS_RELEASE
95fd9deac911b5bb667d8750c9669822d68b80fc: Bug 1435644: Regenerate the security/manager/ssl test certificates and keys. r=franziskus a=Aryx on a CLOSED TREE
Emilio Cobos Álvarez <emilio@crisal.io> - Mon, 05 Feb 2018 12:14:22 +0100 - rev 457372
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
Bug 1435644: Regenerate the security/manager/ssl test certificates and keys. r=franziskus a=Aryx on a CLOSED TREE For this, I've uncommented the relevant bits in moz.build files, then: ./mach build security/manager for dir in $(rg GeneratedTestCertificate | grep security | cut -d : -f 1); do cp obj-x86_64-pc-linux-gnu/$(dirname $dir)/*.pem $(dirname $dir); done And same with GeneratedTestKey / *.key MozReview-Commit-ID: C2bkSo6YYCU
c20c3318320141b61b003c499c31a88011f74929: bug 1417680 - explore the feasibility of making XPCOM responsible for shutting down NSS r=jcj r=franziskus r=erahm
David Keeler <dkeeler@mozilla.com> - Fri, 10 Nov 2017 15:03:23 -0800 - rev 455245
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
bug 1417680 - explore the feasibility of making XPCOM responsible for shutting down NSS r=jcj r=franziskus r=erahm Historically, PSM has handled tracking NSS resources, releasing them, and shutting down NSS in a coordinated manner (i.e. preventing races, use-after-frees, etc.). This approach has proved intractable. This patch introduces a new approach: have XPCOM shut down NSS after all threads have been joined and the component manager has been shut down (and so there shouldn't be any XPCOM objects holding NSS resources). Note that this patch only attempts to determine if this approach will work. If it does, we will have to go through alter and remove the remnants of the old approach (i.e. nsNSSShutDownPreventionLock and related machinery). This will be done in bug 1421084. MozReview-Commit-ID: LjgEl1UZqkC
87c5dfa3fc645fab244a4dd294b0ba6c128ca7b9: Bug 1435644: Regenerate the security/manager/ssl test certificates and keys. r=franziskus a=Aryx
Emilio Cobos Álvarez <emilio@crisal.io> - Mon, 05 Feb 2018 12:14:22 +0100 - rev 454649
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1435644: Regenerate the security/manager/ssl test certificates and keys. r=franziskus a=Aryx For this, I've uncommented the relevant bits in moz.build files, then: ./mach build security/manager for dir in $(rg GeneratedTestCertificate | grep security | cut -d : -f 1); do cp obj-x86_64-pc-linux-gnu/$(dirname $dir)/*.pem $(dirname $dir); done And same with GeneratedTestKey / *.key MozReview-Commit-ID: C2bkSo6YYCU
1932a56bc06093b32b8bbd0bf8e77d886d1a0023: bug 1430906 - don't hold around a test key forever in mozilla::pkix gtests r=franziskus
David Keeler <dkeeler@mozilla.com> - Fri, 12 Jan 2018 13:57:51 -0800 - rev 454215
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
bug 1430906 - don't hold around a test key forever in mozilla::pkix gtests r=franziskus Before this patch, mozilla::pkix gtests would generate a public/private key pair and stash it in a global variable. Since this wasn't part of XPCOM nor tracked by the PSM/NSS shutdown machinery, it wouldn't get released at the appropriate time. The solution to this is to generate the key and then essentially export it as data, so no NSS objects are held alive. Since NSS considers private keys stored in the persistent database sensitive and won't export them in the clear, we "encrypt" the key material with an empty password so we can import it when necessary. (While the gtests don't use persistent keys, the test utilties in the gtests are also used by some xpcshell tests that do use persistent keys, hence the need to encrypt the key material.)
ddfff454c810d25532d60ca8a60f0d7a86edb1f8: Bug 1420060, export new NSS APIs in Firefox' specific API export list, r=franziskus
Kai Engert <kaie@kuix.de> - Thu, 11 Jan 2018 14:42:09 +0100 - rev 453299
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1420060, export new NSS APIs in Firefox' specific API export list, r=franziskus
92dcb99abd054bd9a502ae3b9da2af983d137aad: Bug 1420060, NSS_3_35_BETA1, r=franziskus
Kai Engert <kaie@kuix.de> - Thu, 11 Jan 2018 14:09:34 +0100 - rev 453298
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1420060, NSS_3_35_BETA1, r=franziskus UPGRADE_NSS_RELEASE
fb3c27bdee4648e0240e61b5dd6e1b82ec4884ca: Bug 1420060, NSS_3_35_BETA1, r=franziskus
Kai Engert <kaie@kuix.de> - Thu, 11 Jan 2018 14:09:34 +0100 - rev 453099
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1420060, NSS_3_35_BETA1, r=franziskus UPGRADE_NSS_RELEASE
28f876e75d47e8c2843332e631145b6a1acf0263: bug 1417680 - explore the feasibility of making XPCOM responsible for shutting down NSS r=jcj r=franziskus r=erahm
David Keeler <dkeeler@mozilla.com> - Fri, 10 Nov 2017 15:03:23 -0800 - rev 452964
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
bug 1417680 - explore the feasibility of making XPCOM responsible for shutting down NSS r=jcj r=franziskus r=erahm Historically, PSM has handled tracking NSS resources, releasing them, and shutting down NSS in a coordinated manner (i.e. preventing races, use-after-frees, etc.). This approach has proved intractable. This patch introduces a new approach: have XPCOM shut down NSS after all threads have been joined and the component manager has been shut down (and so there shouldn't be any XPCOM objects holding NSS resources). Note that this patch only attempts to determine if this approach will work. If it does, we will have to go through alter and remove the remnants of the old approach (i.e. nsNSSShutDownPreventionLock and related machinery). This will be done in bug 1421084. MozReview-Commit-ID: LjgEl1UZqkC
4928928a5e46e20fc92f8bb65598659016e8f052: bug 1417680 - explore the feasibility of not shutting down NSS by no-op-ing the guts of the shutdown infrastructure r=jcj r=franziskus
David Keeler <dkeeler@mozilla.com> - Fri, 10 Nov 2017 15:03:23 -0800 - rev 449701
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
bug 1417680 - explore the feasibility of not shutting down NSS by no-op-ing the guts of the shutdown infrastructure r=jcj r=franziskus Adapted from https://wiki.mozilla.org/SecurityEngineering/NSS_Startup_and_Shutdown_in_Gecko : Properly implementing the coordinated shutdown of NSS has, to date, proved intractable. For architectural reasons and due to the significant complexity involved, the NSS resource tracking and shutdown infrastructure has been an ongoing source of crashes and hangs in Firefox. To that end, we have been exploring the possibility of not shutting down NSS at all. For this to work, we have had to address a number of potential concerns. Certificate and key database corruption: In theory, if Firefox were to exit without coordinating with NSS, data stored in the certificate and key databases (backed by BerkeleyDB) could be lost. To mitigate this, we have migrated to using the sqlite-backed implementation. The databases are now journaled, and short of a bug in sqlite, we do not anticipate data loss due to database corruption. PKCS#11 devices: In theory, if Firefox were to exit without coordinating with NSS and thus any attached PKCS#11 devices, data could be lost on these devices. However, it is our understanding that these devices must be robust against unexpected physical removal. Uncoordinated shutdown should present no worse a risk to user data. FIPS 140-2 mode: While Mozilla does not ship a version of Firefox that supports FIPS mode out of the box, Red Hat does. It is our understanding that clearing key material is a requirement of FIPS and that not shutting down NSS may pose a problem for this requirement. Red Hat's FIPS 140-2 Security Policy[0] specifies that the application (i.e. Firefox) using the module (i.e. NSS) is responsible for zeroization of key material. More specifically, it says "All plaintext secret and private keys must be zeroized when the Module is shut down (with a FC_Finalize call), reinitialized (with a FC_InitToken call), or when the session is closed (with a FC_CloseSession or FC_CloseAllSessions call)." Thus, if Firefox never shuts down NSS, this requirement is trivially met. Leak detection: By not shutting down NSS, technically we leak some allocated memory until shutdown. This could cause problems if our test infrastructure detected and reported these leaks. However, it appears not to (which itself is somewhat concerning). In any case, we will have to deal with this if and when we can detect these leaks. Given that these concerns all have at least a preliminary answer, we will move forward with attempting to not shut down NSS in Firefox. This may expose unexpected issues that may lead to a reassessment of the situation, so this will be on a trial basis only in Nightly. [0] https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3070.pdf MozReview-Commit-ID: LjgEl1UZqkC
955ace249ab7df2b35adb35548e9fb97e1f33dbd: bug 1421816 - (2/2) add option to sign_app.py to include COSE signatures r=franziskus
David Keeler <dkeeler@mozilla.com> - Wed, 29 Nov 2017 13:37:42 -0800 - rev 449482
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
bug 1421816 - (2/2) add option to sign_app.py to include COSE signatures r=franziskus MozReview-Commit-ID: H7ZLCsH9HrJ
0734ae99655e64c30e29968d628b9f4a6c00123a: Bug 1435644 - Regenerate the security/manager/ssl test certificates and keys. r=franziskus, a=test-only
Emilio Cobos Álvarez <emilio@crisal.io> - Mon, 05 Feb 2018 18:14:35 +0200 - rev 445710
Push 1642 by ryanvm@gmail.com at Mon, 05 Feb 2018 20:55:06 +0000
Bug 1435644 - Regenerate the security/manager/ssl test certificates and keys. r=franziskus, a=test-only For this, I've uncommented the relevant bits in moz.build files, then: ./mach build security/manager for dir in $(rg GeneratedTestCertificate | grep security | cut -d : -f 1); do cp obj-x86_64-pc-linux-gnu/$(dirname $dir)/*.pem $(dirname $dir); done And same with GeneratedTestKey / *.key. Also regenerate the signed apps and metadata for tests expecting specific dates. MozReview-Commit-ID: C2bkSo6YYCU
996440f4c25776f30092caa38051e25d6008faca: Bug 1414735 - Upgrade Firefox to NSS 3.35, r=franziskus UPGRADE_NSS_RELEASE
Martin Thomson <martin.thomson@gmail.com> - Tue, 07 Nov 2017 12:24:58 +1100 - rev 443749
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1414735 - Upgrade Firefox to NSS 3.35, r=franziskus UPGRADE_NSS_RELEASE MozReview-Commit-ID: 6hDnHCWVeWz
f019d4ffff53e1931355ec6bf7afa77016222ff8: Bug 1414735 - Upgrade Firefox to NSS 3.35, r=franziskus
Martin Thomson <martin.thomson@gmail.com> - Mon, 06 Nov 2017 18:55:42 +1100 - rev 443559
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1414735 - Upgrade Firefox to NSS 3.35, r=franziskus UPGRADE_NSS_RELEASE MozReview-Commit-ID: KRx6mpQC4rr
6a21a19886ec08165b8ff3153f851df1fcb562a4: Bug 1401594 - "Upgrade Firefox 58 to use NSS 3.34" r=franziskus
Kai Engert <kaie> - Wed, 20 Sep 2017 08:17:00 +0200 - rev 437737
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1401594 - "Upgrade Firefox 58 to use NSS 3.34" r=franziskus MozReview-Commit-ID: 2ExI2oh0bPY
36496a0fbbab4f9fe0765301cec818233831b23a: Bug 1350291, uplift NSPR_4_15_BETA2, r=franziskus
Kai Engert <kaie@kuix.de> - Wed, 10 May 2017 17:36:58 +0200 - rev 408044
Push 1490 by mtabara@mozilla.com at Mon, 31 Jul 2017 14:08:16 +0000
Bug 1350291, uplift NSPR_4_15_BETA2, r=franziskus
ddc2134eb60392a934dd04677c3aa0d6782df981: Bug 1350291, uplift NSPR_4_15_BETA, r=franziskus
Kai Engert <kaie@kuix.de> - Fri, 24 Mar 2017 14:58:00 +0100 - rev 400033
Push 1490 by mtabara@mozilla.com at Mon, 31 Jul 2017 14:08:16 +0000
Bug 1350291, uplift NSPR_4_15_BETA, r=franziskus
207b3f2c43c721208584c2dfb2431c0847119438: Bug 1347932, land NSPR_4_14_RTM, no code change, reusing r=franziskus
Kai Engert <kaie@kuix.de> - Fri, 24 Mar 2017 12:07:13 +0100 - rev 400010
Push 1490 by mtabara@mozilla.com at Mon, 31 Jul 2017 14:08:16 +0000
Bug 1347932, land NSPR_4_14_RTM, no code change, reusing r=franziskus DONTBUILD
3f8e4d46c6562c2a7fc0c724dc2c42cb0b960431: Bug 1347932, uplift NSPR_4_14_BETA2, r=franziskus
Kai Engert <kaie@kuix.de> - Thu, 16 Mar 2017 17:22:25 +0100 - rev 398496
Push 1490 by mtabara@mozilla.com at Mon, 31 Jul 2017 14:08:16 +0000
Bug 1347932, uplift NSPR_4_14_BETA2, r=franziskus
0189f0cccfdc5dfaab7f17f123639b01a4c2ef03: Bug 1334127 - update firefox nss.symbols, r=franziskus
Kai Engert <kaie> - Fri, 10 Feb 2017 02:29:00 +0100 - rev 391739
Push 1468 by asasaki@mozilla.com at Mon, 05 Jun 2017 19:31:07 +0000
Bug 1334127 - update firefox nss.symbols, r=franziskus
c4ae65fa000ae230b11bc8dc757c51071613dab1: Bug 1305622 - turn off hsts, mixed_content block to suspress intermittent on try. r=franziskus
Thomas Nguyen <tnguyen@mozilla.com> - Wed, 21 Dec 2016 17:01:56 +0800 - rev 374065
Push 1419 by jlund@mozilla.com at Mon, 10 Apr 2017 20:44:07 +0000
Bug 1305622 - turn off hsts, mixed_content block to suspress intermittent on try. r=franziskus MozReview-Commit-ID: FkJZ4TLJVlE
1855ca2813a522d78cb4641aed9f098e19380a0d: Bug 1337580 - Upgrade Firefox 52 to NSS 3.28.2. r=franziskus, a=jcristau
Martin Thomson <martin.thomson@gmail.com> - Wed, 08 Feb 2017 16:09:14 +1100 - rev 369213
Push 1369 by jlorenzo@mozilla.com at Mon, 27 Feb 2017 14:59:41 +0000
Bug 1337580 - Upgrade Firefox 52 to NSS 3.28.2. r=franziskus, a=jcristau MozReview-Commit-ID: EGbb1l1Gnof
aca64a177c446e4cf4b080115a6569dc347e0df9: Bug 1296266, land NSS_3_27_BETA4, r=franziskus
Kai Engert <kaie@kuix.de> - Thu, 22 Sep 2016 21:21:30 +0200 - rev 360098
Push 1369 by jlorenzo@mozilla.com at Mon, 27 Feb 2017 14:59:41 +0000
Bug 1296266, land NSS_3_27_BETA4, r=franziskus
ae2af50de1a2f85392fbdd86ad6d699c1990a015: Bug 1291253, land NSS_3_26_RTM, r=franziskus
Kai Engert <kaie@kuix.de> - Fri, 05 Aug 2016 18:16:01 +0200 - rev 351923
Push 1324 by mtabara@mozilla.com at Mon, 16 Jan 2017 13:07:44 +0000
Bug 1291253, land NSS_3_26_RTM, r=franziskus
79f0792841417c6cdf8cb78e8ee5026f53ba72aa: Bug 1291253, land differences between rc0 and final RTM of NSS 3.26, r=franziskus, a=ritu
Kai Engert <kaie@kuix.de> - Mon, 08 Aug 2016 22:47:58 +0200 - rev 349666
Push 1230 by jlund@mozilla.com at Mon, 31 Oct 2016 18:13:35 +0000
Bug 1291253, land differences between rc0 and final RTM of NSS 3.26, r=franziskus, a=ritu
d0da4f67c418464fa6daccf5c9cb2f08a9527e4a: Bug 1283376 - Land NSS_3_26_BETA2 r=franziskus
Tim Taubert <ttaubert@mozilla.com> - Tue, 12 Jul 2016 12:34:33 +0200 - rev 346765
Push 1230 by jlund@mozilla.com at Mon, 31 Oct 2016 18:13:35 +0000
Bug 1283376 - Land NSS_3_26_BETA2 r=franziskus