searching for reviewer(keeler)
1f7832017dbb5c53ba00aef3012b40c873a5005d: Bug 1130670 - Remove vestigial RC4 fallback backend. r=keeler
Masatoshi Kimura <VYV03354@nifty.ne.jp> - Fri, 02 Dec 2016 22:09:38 +0900 - rev 325114
Push 24 by maklebus@msu.edu at Tue, 20 Dec 2016 03:11:33 +0000
Bug 1130670 - Remove vestigial RC4 fallback backend. r=keeler MozReview-Commit-ID: 9YRVgnymndI
adf193b5d6c9ce92b05a9370e8b4a5699bae537a: Bug 1317951, part 2 - Certificate Transparency - basic support for disqualified logs. r=keeler
Sergei Chernov <sergei.cv@ndivi.com> - Tue, 29 Nov 2016 22:51:46 +0200 - rev 324936
Push 24 by maklebus@msu.edu at Tue, 20 Dec 2016 03:11:33 +0000
Bug 1317951, part 2 - Certificate Transparency - basic support for disqualified logs. r=keeler MozReview-Commit-ID: 4y2JYFnO9Xm
0d8eb74cce6f781c95d84c875b6f94dd6a29c305: Bug 1317951, part 1 - Certificate Transparency - extracted verification related fields from SCT to a separate struct. r=keeler
Sergei Chernov <sergei.cv@ndivi.com> - Wed, 23 Nov 2016 15:37:31 +0200 - rev 324935
Push 24 by maklebus@msu.edu at Tue, 20 Dec 2016 03:11:33 +0000
Bug 1317951, part 1 - Certificate Transparency - extracted verification related fields from SCT to a separate struct. r=keeler MozReview-Commit-ID: 3iHUdZrzyXB
f1cb42c8da5b70ea5f5391c6c3a78af914426725: bug 1301956 - add more Mozilla resources to preloaded pins r=keeler,rbarnes DONTBUILD NPOTB
Julien Vehent <jvehent@mozilla.com> - Tue, 29 Nov 2016 13:15:32 -0800 - rev 324732
Push 24 by maklebus@msu.edu at Tue, 20 Dec 2016 03:11:33 +0000
bug 1301956 - add more Mozilla resources to preloaded pins r=keeler,rbarnes DONTBUILD NPOTB Also trims the pinset for said Mozilla resources to just DigiCert and Let's Encrypt (as a backup).
9aba8184664ddfca0ae5c95d9ab5f7e8daab049e: Bug 1316283 - Isolate SSL session cache by origin attributes. r=keeler
Jonathan Hao <jhao@mozilla.com> - Fri, 25 Nov 2016 20:07:57 +0800 - rev 324613
Push 24 by maklebus@msu.edu at Tue, 20 Dec 2016 03:11:33 +0000
Bug 1316283 - Isolate SSL session cache by origin attributes. r=keeler
d8a41d4c6215cb13f2a62675486f97c140d96deb: bug 1320510 - clamp the default enabled TLS version range to what NSS supports r=keeler
EKR <ekr@rtfm.com> - Mon, 28 Nov 2016 13:15:34 -0800 - rev 324477
Push 24 by maklebus@msu.edu at Tue, 20 Dec 2016 03:11:33 +0000
bug 1320510 - clamp the default enabled TLS version range to what NSS supports r=keeler In particular, this fixes the case where Firefox is compiled with TLS 1.3 enabled by default with the option --with-system-nss against NSS 3.28, which has TLS 1.3 compile-time disabled by default.
d207581536c0ddb8189c643324ffccf491dbbaf0: Bug 1103196 - Add ability to ignore invalid TLS certificates; r=automatedtester,keeler,mossop
Andreas Tolfsen <ato@mozilla.com> - Sun, 06 Nov 2016 18:03:31 +0000 - rev 324343
Push 24 by maklebus@msu.edu at Tue, 20 Dec 2016 03:11:33 +0000
Bug 1103196 - Add ability to ignore invalid TLS certificates; r=automatedtester,keeler,mossop When the `acceptInsecureCerts` capability is set to true on creating a new Marionette session, a `nsICertOverrideService` override service is installed that causes all invalid TLS certificates to be ignored. This is in line with the expectations of the WebDriver specification. It is worth noting that this is a potential security risk and that this feature is only available in Gecko when the Marionette server is enabled. MozReview-Commit-ID: BXrQw17TgDy
9fae5015803b847ab5fdf6c6c93b0aee348e17be: Bug 1103196 - Add ability to ignore invalid TLS certificates; r=automatedtester,keeler,mossop
Andreas Tolfsen <ato@mozilla.com> - Sun, 06 Nov 2016 18:03:31 +0000 - rev 324215
Push 24 by maklebus@msu.edu at Tue, 20 Dec 2016 03:11:33 +0000
Bug 1103196 - Add ability to ignore invalid TLS certificates; r=automatedtester,keeler,mossop When the `acceptInsecureCerts` capability is set to true on creating a new Marionette session, a `nsICertOverrideService` override service is installed that causes all invalid TLS certificates to be ignored. This is in line with the expectations of the WebDriver specification. It is worth noting that this is a potential security risk and that this feature is only available in Gecko when the Marionette server is enabled. MozReview-Commit-ID: BXrQw17TgDy
d7dd10403797f53ca13b86bb751013f5b45aefc9: Bug 1315143 - Disable warnings caused by including BasePrincipal.h r=Cykesiopka,keeler
Jonathan Hao <jhao@mozilla.com> - Wed, 23 Nov 2016 14:56:20 +0800 - rev 323973
Push 24 by maklebus@msu.edu at Tue, 20 Dec 2016 03:11:33 +0000
Bug 1315143 - Disable warnings caused by including BasePrincipal.h r=Cykesiopka,keeler
80a39e170b4106eae2d15d56ff10d1d0a5feb84b: Bug 1315143 - Make OCSP use Origin Attribute framework (PSM). r=Cykesiopka,keeler
Jonathan Hao <jhao@mozilla.com> - Mon, 14 Nov 2016 18:26:15 +0800 - rev 323971
Push 24 by maklebus@msu.edu at Tue, 20 Dec 2016 03:11:33 +0000
Bug 1315143 - Make OCSP use Origin Attribute framework (PSM). r=Cykesiopka,keeler
6e8714a6425ca8a4c7b8c3486e2b31ac86b7ca61: Bug 1248198 - Remove the "security.ssl.enable_npn" pref. r=keeler,mcmanus
Masatoshi Kimura <VYV03354@nifty.ne.jp> - Thu, 17 Nov 2016 20:45:18 +0900 - rev 323321
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1248198 - Remove the "security.ssl.enable_npn" pref. r=keeler,mcmanus MozReview-Commit-ID: J6nYmNAipyL
1c1707b6cef5181c978bf145a9fe9fb84555dfc2: Bug 1318299 - Use C++11's override and remove virtual where applicable in security/manager. r=keeler
Andi-Bogdan Postelnicu <bpostelnicu@mozilla.com> - Thu, 17 Nov 2016 13:43:21 +0200 - rev 323303
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1318299 - Use C++11's override and remove virtual where applicable in security/manager. r=keeler MozReview-Commit-ID: C9679I9oJ6N
beeffee0c4eee03fb75ba4100d7638fe919c2338: Bug 1318299 - Replace string literals containing escaped characters with raw string literals in security/manager. r=keeler
Andi-Bogdan Postelnicu <bpostelnicu@mozilla.com> - Thu, 17 Nov 2016 13:42:38 +0200 - rev 323302
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1318299 - Replace string literals containing escaped characters with raw string literals in security/manager. r=keeler MozReview-Commit-ID: Al4QjodbJ2S
9fad88b953cc4128ed86fbf20b8c8aa04c775c19: Bug 1318299 - Converts for(...; ...; ...) loops to use the new range-based loops in C++11 in security/manager. r=keeler
Andi-Bogdan Postelnicu <bpostelnicu@mozilla.com> - Thu, 17 Nov 2016 13:41:34 +0200 - rev 323301
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1318299 - Converts for(...; ...; ...) loops to use the new range-based loops in C++11 in security/manager. r=keeler MozReview-Commit-ID: 7yZPjVU09rn
411dbec99c3f1e683237640fd3f71d5854d383f7: Bug 1308787 - Certificate Transparency - script for generating the static list of known logs. r=Cykesiopka,keeler
Sergei Chernov <sergei.cv@ndivi.com> - Tue, 08 Nov 2016 13:54:39 +0200 - rev 322607
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1308787 - Certificate Transparency - script for generating the static list of known logs. r=Cykesiopka,keeler MozReview-Commit-ID: 9z7Ac5OQqOP
9ba35f0c9feaca4f6458f55683db7bdef01137cb: Bug 1304004 - Fix regression in firefox-ui security tests caused by bug 1303291. r=keeler
Henrik Skupin <mail@hskupin.info> - Mon, 14 Nov 2016 21:09:16 +0100 - rev 322454
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1304004 - Fix regression in firefox-ui security tests caused by bug 1303291. r=keeler MozReview-Commit-ID: Co7efI9jgeC
690c0cdddff7d0304b2a33051860fec67a40b5cc: Bug 1315143 - Make OCSP use Origin Attribute framework (Necko). r=Cykesiopka,keeler
Jonathan Hao <jhao@mozilla.com> - Mon, 14 Nov 2016 18:26:12 +0800 - rev 322427
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1315143 - Make OCSP use Origin Attribute framework (Necko). r=Cykesiopka,keeler
166114662d40d11ceecbd1931dafa15191b07170: Bug 1301407 - Remove release assert for nss initialization. r=keeler
Dragana Damjanovic <dd.mozilla@gmail.com> - Tue, 08 Nov 2016 00:13:00 +0100 - rev 321911
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1301407 - Remove release assert for nss initialization. r=keeler
8b988d56154b865c3e19786b073315971d3b6313: Bug 1312794 - Annotate OCSP requests by first party domain. (adapted from Tor Browser patch #13670) r=keeler
Jonathan Hao <jhao@mozilla.com> - Thu, 03 Nov 2016 17:53:52 +0800 - rev 321696
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1312794 - Annotate OCSP requests by first party domain. (adapted from Tor Browser patch #13670) r=keeler
b504bc4ede3c3ad80b5624476bf0601c97011043: Bug 1313849 – Stop using nsIDialogParamBlock in setp12password.xul. r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Sat, 05 Nov 2016 01:23:35 +0800 - rev 321692
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1313849 – Stop using nsIDialogParamBlock in setp12password.xul. r=keeler nsIDialogParamBlock isn't a great API, and is best avoided. This patch also splits password.js into two files that implement the functionality of changepassword.xul and setp12password.xul respectively, and adds a test. MozReview-Commit-ID: A1GlnIFl8h
e886c6e03475254a8eb4d40da99502744dda28f1: Bug 1313849 - Alphabetically sort security/manager/pki/resources/jar.mn. r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Sat, 05 Nov 2016 01:23:21 +0800 - rev 321691
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1313849 - Alphabetically sort security/manager/pki/resources/jar.mn. r=keeler MozReview-Commit-ID: HOrj8vt7Hta
11d72a9e3365c9b32e79d8a251c4fc571e29850c: Bug 1310516 - Enable TLS 1.3, r=keeler
Martin Thomson <martin.thomson@gmail.com> - Fri, 04 Nov 2016 14:46:02 +1100 - rev 321543
Push 21 by maklebus@msu.edu at Thu, 01 Dec 2016 06:22:08 +0000
Bug 1310516 - Enable TLS 1.3, r=keeler MozReview-Commit-ID: FrI7fZBIn2w
e3ced3657d49b80da022d24cc7a605d2fdb57bf7: Bug 1260626 - Take advantage of the always present test token. r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Wed, 02 Nov 2016 00:08:34 +0800 - rev 320486
Push 15 by maklebus@msu.edu at Tue, 08 Nov 2016 18:38:37 +0000
Bug 1260626 - Take advantage of the always present test token. r=keeler Now that we have an always present test token, we can add more tests, and make other tests not intermittently fail. MozReview-Commit-ID: LRLmOGGjshb
34bca938935a9d36820e6703bc5dbcac46483c71: Bug 1260626 - Add helper function in head_psm.js to load and unload the test PKCS11 module. r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Wed, 02 Nov 2016 00:08:25 +0800 - rev 320485
Push 15 by maklebus@msu.edu at Tue, 08 Nov 2016 18:38:37 +0000
Bug 1260626 - Add helper function in head_psm.js to load and unload the test PKCS11 module. r=keeler This helps cleanup some tests. MozReview-Commit-ID: 5xBBsIgKYR9
851d4bd145a4323144df303ade2947d1384f1396: Bug 1260626 - Add extra slot and token to pkcs11testmodule that is always present. r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Wed, 02 Nov 2016 00:08:17 +0800 - rev 320484
Push 15 by maklebus@msu.edu at Tue, 08 Nov 2016 18:38:37 +0000
Bug 1260626 - Add extra slot and token to pkcs11testmodule that is always present. r=keeler This allow tests to opt out of pkcs11testmodule's current cyclic token insertions and removals, which is useful for some tests, but an annoyance for others. MozReview-Commit-ID: 790uzLZkdtN
a24793dce64c6c812c1aa18b4b53c8e518134020: Bug 1311996 - Fix code using pkix::Result to not conflict with the new mozilla::Result type. r=keeler
Jan de Mooij <jdemooij@mozilla.com> - Mon, 31 Oct 2016 10:05:13 +0100 - rev 320280
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1311996 - Fix code using pkix::Result to not conflict with the new mozilla::Result type. r=keeler
52df9f0848ce92e04f8a41ca2a8de66d68bc2745: Bug 1312154 – Stop using nsIDialogParamBlock in downloadcert.(js|xul). r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Fri, 28 Oct 2016 02:13:38 +0800 - rev 320180
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1312154 – Stop using nsIDialogParamBlock in downloadcert.(js|xul). r=keeler nsIDialogParamBlock isn't a great API, and is best avoided. This patch also updates downloadcert.js to match modern PSM style, and adds a test. MozReview-Commit-ID: J2g2H0iBAn4
a14a46bd1ea229e6bb735c8a59f270c1c0aa748e: Bug 1301407 - Ensure nss initialized during nsHttpHandler initialization. r=mcmanus, r=keeler
Dragana Damjanovic dd.mozilla@gmail.com - Tue, 25 Oct 2016 10:43:00 -0400 - rev 319621
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1301407 - Ensure nss initialized during nsHttpHandler initialization. r=mcmanus, r=keeler
bc220b980c085fc53cefb7bf5ee26696e5250b98: Bug 1305289 - Certificate Transparency - basic UI indicator; r=Dolske,keeler
Sergei Chernov <sergei.cv@ndivi.com> - Wed, 28 Sep 2016 20:19:56 +0300 - rev 319547
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1305289 - Certificate Transparency - basic UI indicator; r=Dolske,keeler MozReview-Commit-ID: b0SUW2WNJT
35996f91e760b614ce2e3e5992968bc7465df4bc: Bug 1312152 - Stop using nsIDialogParamBlock in the client auth UI. r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Sun, 23 Oct 2016 12:57:41 +0800 - rev 319296
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1312152 - Stop using nsIDialogParamBlock in the client auth UI. r=keeler nsIDialogParamBlock isn't a great API, and is best avoided. MozReview-Commit-ID: 2B0HkKNJizo
7d608304562af28f6a824ab1e59a7f973b2760dd: Bug 1308888 - Simplify passing handle to the cert to view in the cert viewer. r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Fri, 21 Oct 2016 00:33:36 +0800 - rev 318954
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1308888 - Simplify passing handle to the cert to view in the cert viewer. r=keeler The cert viewer currently supports two ways to pass a handle to the cert: 1. Passing the nickname of the cert via window.name. 2. Via an nsIDialogParamBlock, which is itself accessed through window.arguments. Method 1 is unused and unnecessary. Method 2 is overly complex: the relevant nsIX509Cert can just be passed directly. This patch does the following: 1. Makes it so that there is only a single, straightforward way to pass a handle to the cert. 2. Makes the cert viewer title localisable while we're nearby. 3. Renames viewCertDetails.js to better reflect the current use of the file. MozReview-Commit-ID: pqtfNgvImT
4adb7daf5033d99baf8c55483ea7d628f4693424: Bug 1264562 - Part 5: Double key OCSP cache with firstPartyDomain (adapted from Tor Browser patch #13670) r=keeler
Jonathan Hao <jhao@mozilla.com> - Tue, 18 Oct 2016 17:08:39 +0800 - rev 318769
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1264562 - Part 5: Double key OCSP cache with firstPartyDomain (adapted from Tor Browser patch #13670) r=keeler
ae2a347924822bf4b55bd45e0825820dfcc66be8: Bug 1264562 - Part 4: Instantiates an NSSCertDBTrustDomain containing the first party domain (adapted from Tor Browser patch #13670) r=keeler
Jonathan Hao <jhao@mozilla.com> - Tue, 04 Oct 2016 16:49:55 +0800 - rev 318768
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1264562 - Part 4: Instantiates an NSSCertDBTrustDomain containing the first party domain (adapted from Tor Browser patch #13670) r=keeler
c986e96fe095a1cdd67df0a0aa90f6493ffbc386: Bug 1264562 - Part 3: Store the firstPartyDomain in TransportSecurityInfo (adapted from Tor Browser patch 13670) r=keeler
Jonathan Hao <jhao@mozilla.com> - Tue, 18 Oct 2016 16:45:23 +0800 - rev 318767
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1264562 - Part 3: Store the firstPartyDomain in TransportSecurityInfo (adapted from Tor Browser patch 13670) r=keeler
bc8904f6dc8df08979e2d0eb03ae34ce45e364fb: Bug 1264562 - Part 2: Test firstPartyDomain in test_ocsp_caching.js r=keeler
Jonathan Hao <jhao@mozilla.com> - Fri, 14 Oct 2016 19:43:51 +0800 - rev 318766
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1264562 - Part 2: Test firstPartyDomain in test_ocsp_caching.js r=keeler
6d73b7dae5983d707cac1e2b1fd44b3b7c9a4bca: Bug 1310955 - Fix nsSiteSecurityService cache retrieval r=ckerschb,keeler
Kate McKinley <kmckinley@mozilla.com> - Tue, 18 Oct 2016 20:09:15 +0900 - rev 318676
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1310955 - Fix nsSiteSecurityService cache retrieval r=ckerschb,keeler MozReview-Commit-ID: 55DpKrqcL1x
005f4ce1bf67627089986974e97eee1a5c16743c: Bug 1304004 - Fix regression in firefox-ui security tests caused by bug 1303291. r=keeler
Henrik Skupin <mail@hskupin.info> - Wed, 19 Oct 2016 14:26:12 +0200 - rev 318671
Push 11 by maklebus@msu.edu at Mon, 31 Oct 2016 21:03:58 +0000
Bug 1304004 - Fix regression in firefox-ui security tests caused by bug 1303291. r=keeler MozReview-Commit-ID: Co7efI9jgeC
debc3dfbc36a4ec980bdc4fc07647fd65cce1adb: Bug 1267012 - Update and re-enable test_signed_dir.js. r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Tue, 18 Oct 2016 17:35:23 +0800 - rev 318359
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1267012 - Update and re-enable test_signed_dir.js. r=keeler test_signed_dir.js was previously disabled for perma-failing after a year or so. The reason was that the signature for sslcontrol.xpi (the test extension used in the test) expired. Bug 1267318 fixed this expiry problem in general by simply ignoring expired signatures. This patch does the following: 1. Replaces sslcontrol.xpi with a newer extension. Lightbeam is now used for this purpose, since it is still hosted on AMO, is a Mozilla extension, and is MPL2 code. 2. Moves the test extension outside of test_signed_apps/. The extension and the test itself have nothing to do with the rest of the files in that directory. 3. Makes misc improvements to the test file. MozReview-Commit-ID: 8uLDS5ypycO
493604f175c858dc059b28e6496e9fc13bd938b4: Bug 1309859 - Send two key shares in tls1.3 client hello, r=mt,keeler
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 13 Oct 2016 14:15:51 +0200 - rev 318100
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1309859 - Send two key shares in tls1.3 client hello, r=mt,keeler
14d6e492e2bbbd18dee8475847ce2bd20f215df3: Bug 1297552 - Reorder parts of U2F.cpp r=keeler
J.C. Jones <jjones@mozilla.com> - Thu, 06 Oct 2016 14:35:57 -0700 - rev 317982
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1297552 - Reorder parts of U2F.cpp r=keeler MozReview-Commit-ID: L1juEjU6AMJ
8ffab2bebce514abb1df000808408ab5ce3b4c73: Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler
J.C. Jones <jjones@mozilla.com> - Wed, 12 Oct 2016 20:56:56 -0700 - rev 317981
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG
bf9ddecd3f458234c1f85137b2263f40131b3d61: Bug 1297552 - Only permit U2F operations in e10s mode r=keeler
J.C. Jones <jjones@mozilla.com> - Fri, 07 Oct 2016 17:28:52 -0700 - rev 317980
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1297552 - Only permit U2F operations in e10s mode r=keeler - Breaks compatibility with non-e10s windows, as the underlying USB implementation from Bug 1298838 won't support non-e10s either. - Now that U2F doesn't support non-e10s, disable tests if we're not in e10s mode. MozReview-Commit-ID: 5F2323xtXEC
f824c01ff5ca54dfaf16d8a64110ef8ca2ddbac2: Bug 1297552 - Perform U2F hash operations more efficiently r=keeler
J.C. Jones <jjones@mozilla.com> - Thu, 06 Oct 2016 13:07:17 -0700 - rev 317979
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1297552 - Perform U2F hash operations more efficiently r=keeler Moves hash calculations to happen only once per JS-invoked Register/Sign operation. MozReview-Commit-ID: FuA95qCl1rG
88be27f821aad089e816d470d4c5de3b111c484b: Bug 1306142 - Unchecked return code in U2F. r=keeler
J.C. Jones <jjones@mozilla.com> - Fri, 07 Oct 2016 16:48:55 -0700 - rev 317617
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1306142 - Unchecked return code in U2F. r=keeler The U2F.cpp code fails to test all returns from CryptoBuffer.Assign(), leading (when OOM) to potentially empty registration keys (during Register), or empty attestations (during Sign). This is a protocol violation, and forced testing at Dropbox, u2fdemo.appspot.com, and u2f.bin.coffee show that those Relying Parties' implementations properly error out if the registration or attestation is empty, as would happen in this instance. As this is only on an OOM condition, it's not really feasible to add an automated test. Also catches one other Assign() that isn't properly returning "NS_ERROR_OUT_OF_MEMORY".
c4876903db081647838bd629627d35e839deb9a0: Bug 1017616 - Filter out some more unnecessary characters when exporting certs. r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Tue, 11 Oct 2016 10:17:57 -0700 - rev 317559
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1017616 - Filter out some more unnecessary characters when exporting certs. r=keeler MozReview-Commit-ID: 2dHJTo3xusc
c1477dd6413c60c8a799ce2d9fa3d34e735002fd: Bug 1281932 - Fix intermittent u2f tests r=keeler
J.C. Jones <jjones@mozilla.com> - Mon, 10 Oct 2016 17:06:31 -0700 - rev 317380
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1281932 - Fix intermittent u2f tests r=keeler This is reworking the U2F tests to do two things: 1) Don't run all the tests in one big frame; that makes it hard to tell what test is actually dying in Treeherder. 2) Fix the obvious possible test races with the async functions which could be causing the intermittent - Review updates per keeler - Change inappropriate uses of 'var' to 'let' in u2futil.js (kudos, keeler) - Rework frame_no_token.html to follow the same pattern as the others - Catch unexpected messages on the u2f testing harness - Update 2: Go back to a pre-set number of expected async tests. MozReview-Commit-ID: 6uLt5O1lUa3
12c51a960f265258615dcb04304509d8499bb975: Bug 1296317 - Stop calling PR_SetError() in VerifyCert() and VerifySSLServerCert(). r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Mon, 10 Oct 2016 15:44:41 +0800 - rev 317251
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1296317 - Stop calling PR_SetError() in VerifyCert() and VerifySSLServerCert(). r=keeler The PR_SetError() + PR_GetError() pattern currently used is error prone and unnecessary. The functions involved can instead return mozilla::pkix::Result, which is equally expressive and more robust. MozReview-Commit-ID: Hkd39eqTvds
1f6f908368e5e56a101efe74667306a133df291f: Bug 1305289 - Certificate Transparency - basic UI indicator; r=Dolske,keeler
Sergei Chernov <sergei.cv@ndivi.com> - Wed, 28 Sep 2016 20:19:56 +0300 - rev 317242
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1305289 - Certificate Transparency - basic UI indicator; r=Dolske,keeler MozReview-Commit-ID: b0SUW2WNJT
a9c47d6024ba545708250adc5ad4506ff4de702c: Bug 1306471 - Modify the SiteSecurityService to allow dynamic pin preloads r=keeler
Mark Goodwin <mgoodwin@mozilla.com> - Thu, 06 Oct 2016 11:00:43 +0100 - rev 317045
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1306471 - Modify the SiteSecurityService to allow dynamic pin preloads r=keeler MozReview-Commit-ID: JLbJcMuvcyI
2f033b5b7fd6eaff5cc7a6e5209e52f0a77ee607: Bug 1296214 - Stop storing handle to CERTCertificate in ExtendedValidation.cpp. r=keeler
Cykesiopka <cykesiopka.bmo@gmail.com> - Thu, 06 Oct 2016 16:43:45 +0800 - rev 316869
Push 7 by maklebus@msu.edu at Wed, 19 Oct 2016 22:03:57 +0000
Bug 1296214 - Stop storing handle to CERTCertificate in ExtendedValidation.cpp. r=keeler This may save us some memory and reduce the number of static constructors. MozReview-Commit-ID: FNIkiFtRjfK