nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
805885 commits 1 branch 98 tags 6.4 GiB
Commit graph

82 commits

Author SHA1 Message Date
Dana Keeler
b4c45d4248 Bug 1781104 - remove unnecessary bits parameter from nsICertOverrideService r=djackson,necko-reviewers,geckoview-reviewers,extension-reviewers,kershaw,calu 
Differential Revision: https://phabricator.services.mozilla.com/D152826
 2022-08-26 18:48:38 +00:00
Dana Keeler
40cd3d5efd Bug 1781104 - remove unused 'add override by fingerprint' API from nsICertOverrideService r=djackson 
`rememberTemporaryValidityOverrideUsingFingerprint` is no longer used in
`nsICertOverrideService` and can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D152825
 2022-08-26 18:48:37 +00:00
Dana Keeler
f0803728d4 Bug 1772976 - make non-private certificate error overrides available in private contexts r=jschanck 
Certificate error overrides made in non-private contexts should be availble in
private contexts as well (but not vice-versa).

Differential Revision: https://phabricator.services.mozilla.com/D149296
 2022-06-15 18:02:36 +00:00
Randell Jesup
46292cae55 Bug 1207753 - security/manager thread-safety annotations r=keeler,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D131879
 2022-05-12 21:16:11 +00:00
Nika Layzell
052cba0853 Bug 1738106 - Part 3: Switch to TaskQueue::Create, r=xpcom-reviewers,necko-reviewers,media-playback-reviewers,dragana,alwu,barret 
In future parts, TaskQueue will require extra initialization to be performed
which cannot happen in a constructor, as it takes references to the TaskQueue
object itself, which will require the introduction of a helper method. This
patch switches all callers of the TaskQueue constructor to use the new method.

Differential Revision: https://phabricator.services.mozilla.com/D142604
 2022-05-02 20:37:34 +00:00
Henrik Skupin
78f7bbce86 Bug 1719505 - [remote] Unify Remote Agent's running state with Marionette. r=webdriver-reviewers,mossop,smaug,keeler,jdescottes 
Both components are related to WebDriver and should expose the
same flag for their running state.

Differential Revision: https://phabricator.services.mozilla.com/D144982
 2022-04-29 17:38:14 +00:00
Butkovits Atila
fc54f60211 Backed out 6 changesets (bug 1719505) for causing failures at browser_Troubleshoot.js. CLOSED TREE 
Backed out changeset 915b5331f6b2 (bug 1719505)
Backed out changeset 8df69b3445e5 (bug 1719505)
Backed out changeset 674fe8523cf6 (bug 1719505)
Backed out changeset f40c2fe6872d (bug 1719505)
Backed out changeset 3e3df2a6b1e3 (bug 1719505)
Backed out changeset 621024810236 (bug 1719505)
 2022-04-29 17:32:32 +03:00
Henrik Skupin
8a69201f2e Bug 1719505 - [remote] Unify Remote Agent's running state with Marionette. r=webdriver-reviewers,mossop,smaug,keeler,jdescottes 
Both components are related to WebDriver and should expose the
same flag for their running state.

Differential Revision: https://phabricator.services.mozilla.com/D144982
 2022-04-29 11:55:43 +00:00
R. Martinho Fernandes
9c6150db68 Bug 1736763 - correctly delimit ipv6 hostnames for keying certificate overrides r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D136499
 2022-01-24 13:07:15 +00:00
R. Martinho Fernandes
73a91c8fd6 Bug 1736763: Correctly parse IPv6 hosts in certificate overrides r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D135617
 2022-01-13 14:29:41 +00:00
Randell Jesup
08f296ee63 Bug 1743895: Add names to all TaskQueues, remove no-name constructor r=nika,necko-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D132638
 2021-12-03 03:16:15 +00:00
Moritz Birghan
ce95630c6e Bug 1700165 - Remove NSS types from nsICertOverrideService.idl r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D109382
 2021-10-28 20:26:08 +00:00
criss
9eb751c548 Backed out changeset 9963c30121ab (bug 1700165) for causing failures on test_certs.js. CLOSED TREE 2021-10-12 15:31:11 +03:00
Moritz Birghan
9b720034a0 Bug 1700165 - Remove NSS types from nsICertOverrideService.idl r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D109382
 2021-10-12 11:59:49 +00:00
criss
7b08264b23 Backed out changeset b20fc3c89cf8 (bug 1700165) for causing bustages on nsCertOverrideService.cpp. CLOSED TREE 2021-10-12 12:22:14 +03:00
Moritz Birghan
59ddfb41f3 Bug 1700165 - Remove unused API nsICertOverrideService.isCertUsedForOverrides r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D109382
 2021-10-12 08:51:33 +00:00
Paul Zuehlcke
dc5ce17977 Bug 1717463 - Update SecuritySettingsCleaner to clear partitioned client auth remember decisions. r=johannh,keeler 
Differential Revision: https://phabricator.services.mozilla.com/D118451
 2021-06-25 10:27:00 +00:00
Dana Keeler
cd240f895e Bug 1715142 - clear the TLS session cache in SetDisableAllSecurityChecksAndLetAttackersInterceptMyData r=rmf 
Previously, SetDisableAllSecurityChecksAndLetAttackersInterceptMyData would
only work as expected if another operation happened to clear the TLS session
cache (namely, changing a preference that caused nsNSSComponent to change its
TLS options and clear the TLS session cache). This patch ensures that this
function works without relying on such coincidences.

Differential Revision: https://phabricator.services.mozilla.com/D117495
 2021-06-12 01:12:24 +00:00
Butkovits Atila
e4394b27a2 Backed out 3 changesets (bug 1715142) for causing build bustages. CLOSED TREE 
Backed out changeset 7e67994f6a65 (bug 1715142)
Backed out changeset f58d5156f332 (bug 1715142)
Backed out changeset f8a7bd4519c6 (bug 1715142)
 2021-06-11 21:20:02 +03:00
Dana Keeler
6c87c3560b Bug 1715142 - clear the TLS session cache in SetDisableAllSecurityChecksAndLetAttackersInterceptMyData r=rmf 
Previously, SetDisableAllSecurityChecksAndLetAttackersInterceptMyData would
only work as expected if another operation happened to clear the TLS session
cache (namely, changing a preference that caused nsNSSComponent to change its
TLS options and clear the TLS session cache). This patch ensures that this
function works without relying on such coincidences.

Differential Revision: https://phabricator.services.mozilla.com/D117495
 2021-06-11 17:58:18 +00:00
Kershaw Chang
e9963421a1 Bug 1711971 - Make connection coalescing works for http3, r=necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D115528
 2021-06-07 09:52:31 +00:00
R. Martinho Fernandes
7ea1bcd018 Bug 1597600 - make certificate overrides depend on origin attributes r=keeler,geckoview-reviewers,smaug,agi 
Differential Revision: https://phabricator.services.mozilla.com/D91962
 2021-06-01 06:55:07 +00:00
Dorel Luca
211b017ce9 Backed out changeset 089c88b9657b (bug 1597600) for XPCshell failures in toolkit/components/cleardata/tests/unit/test_certs.js. CLOSED TREE 2021-05-29 23:31:00 +03:00
R. Martinho Fernandes
a9e55ea7fc Bug 1597600 - make certificate overrides depend on origin attributes r=keeler,geckoview-reviewers,smaug,agi 
Differential Revision: https://phabricator.services.mozilla.com/D91962
 2021-05-29 19:34:35 +00:00
Henrik Skupin
fa4fbb78b4 Bug 1695031 - Combine build flags --disable-marionette and --enable-cdp as --disable-webdriver. r=firefox-build-system-reviewers,Gijs,smaug,keeler,jdescottes,glandium 
Differential Revision: https://phabricator.services.mozilla.com/D115583
 2021-05-25 09:13:28 +00:00
Horst
9c2c4d3a52 Bug 1685883 - building with --disable-marionette fails with compile error r=keeler,whimboo,smaug 
building firefox 84.0.2 from source (https://archive.mozilla.org/pub/firefox/releases/84.0.2/source/) fails when using `ac_add_options --disable-marionette` because of missing header

Differential Revision: https://phabricator.services.mozilla.com/D101390
 2021-03-04 11:56:54 +00:00
smolnar
9a5a166751 Backed out changeset 5dc57770d113 (bug 1685883) for causing failures nsICertOverrideService. CLOSED TREE DONTBUILD 2021-02-07 02:29:09 +02:00
Horst
efff090e64 Bug 1685883 - building with --disable-marionette fails with compile error r=keeler 
building firefox 84.0.2 from source (https://archive.mozilla.org/pub/firefox/releases/84.0.2/source/) fails when using `ac_add_options --disable-marionette` because of missing header

Differential Revision: https://phabricator.services.mozilla.com/D101390
 2021-02-06 21:45:08 +00:00
Dana Keeler
90f034e991 Bug 1682412 - (part 1/2) remove dead code from nsCertTree.cpp and related files r=rmf,mbirghan 
Differential Revision: https://phabricator.services.mozilla.com/D99730
 2021-01-07 17:44:33 +00:00
R. Martinho Fernandes
62af5a59d9 Bug 1680320 - Use nsIX509Cert::GetSha256Fingerprint instead of GetCertFingerprintByOidTag r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D99107
 2020-12-10 12:35:38 +00:00
Bogdan Tara
ade4d82c59 Backed out changeset 98c3e6255c58 (bug 1597600) for browser_installssl.js failures CLOSED TREE 2020-12-07 21:01:50 +02:00
R. Martinho Fernandes
c99fe51d2d Bug 1597600 - make certificate overrides depend on origin attributes r=keeler,geckoview-reviewers,smaug,agi 
Differential Revision: https://phabricator.services.mozilla.com/D91962
 2020-12-07 17:10:52 +00:00
Dana Keeler
4f13e2395d Bug 1675339 - make nsCertOverrideService only block shutdown when a write is pending r=kjacobs 
Bug 1634065 will involve changing when nsCertOverrideService gets initialized.
It turns out that doing this causes
services/crypto/tests/unit/test_crypto_random.js to fail various assertions in
the JS engine. It's unclear what the underlying issue is, but the failures
happen as a result of marking nsCertOverrideService as a shutdown blocker
unconditionally in its initialization. This patch works around this by marking
the service as a blocker only when there's a write event happening, which is
arguably more correct anyway.

Differential Revision: https://phabricator.services.mozilla.com/D95899
 2020-11-06 18:16:51 +00:00
Simon Giesecke
de7bab0f06 Bug 1650145 - Replace all value uses of Empty[C]String by 0-length _ns literals. r=froydnj,geckoview-reviewers,agi 
Differential Revision: https://phabricator.services.mozilla.com/D82325
 2020-09-23 15:17:15 +00:00
Moritz Birghan
628ee042f6 Bug 1659810 - Refactoring the cert manager server tab to use a richlist r=keeler,fluent-reviewers,preferences-reviewers,Gijs 
Differential Revision: https://phabricator.services.mozilla.com/D87498
 2020-09-14 10:06:31 +00:00
Simon Giesecke
e3c223da3e Bug 1648010 - Fix uses of NS_LITERAL_STRING with C string literals. r=geckoview-reviewers,agi,froydnj 
Differential Revision: https://phabricator.services.mozilla.com/D80861
 2020-07-01 08:34:12 +00:00
Simon Giesecke
cd8b8939b9 Bug 1648010 - Replace uses of NS_LITERAL_STRING/NS_LITERAL_CSTRING macros by _ns literals. r=geckoview-reviewers,jgilbert,agi,hsivonen,froydnj 
Differential Revision: https://phabricator.services.mozilla.com/D80860
 2020-07-01 08:29:29 +00:00
Nihanth Subramanya
359cdd5536 Bug 1555557 - Do cert override file writes off the main thread. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D35375
 2020-06-29 17:00:58 +00:00
Coroiu Cristina
a2dd6e3165 Backed out changeset 7e9307a4a744 (bug 1555557) for talos failures on a CLOSED TREE 2020-06-26 17:32:28 +03:00
Nihanth Subramanya
376f7d3883 Bug 1555557 - Do cert override file writes off the main thread. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D35375
 2020-06-26 10:48:42 +00:00
Butkovits Atila
305a24de4b Backed out changeset 6a93e7a5e237 (bug 1555557) for causing build bustage on nsCertOverrideService.cpp. CLOSED TREE 2020-06-26 02:54:59 +03:00
Nihanth Subramanya
7c0a2f07b9 Bug 1555557 - Do cert override file writes off the main thread. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D35375
 2020-06-25 17:15:36 +00:00
Butkovits Atila
f2f500e3e6 Backed out changeset 7fbc8bcf6859 (bug 1555557) as requested by dev. CLOSED TREE 2020-06-25 20:11:41 +03:00
Nihanth Subramanya
d34c9a3778 Bug 1555557 - Do cert override file writes off the main thread. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D35375
 2020-06-25 16:30:54 +00:00
Simon Giesecke
92497d5662 Bug 1613985 - Use default for equivalent-to-default constructors/destructors in security. r=rrelyea 
Differential Revision: https://phabricator.services.mozilla.com/D65499

--HG--
extra : moz-landing-system : lando
 2020-03-16 10:56:56 +00:00
Bogdan Tara
c60fd3fdd2 Backed out 4 changesets (bug 1613985) for causing build bustages CLOSED TREE 
Backed out changeset fba0caac746c (bug 1613985)
Backed out changeset 8605d7a19107 (bug 1613985)
Backed out changeset 41e858fbf235 (bug 1613985)
Backed out changeset 847433cf1e0a (bug 1613985)
 2020-03-16 12:41:41 +02:00
Simon Giesecke
554d54a0be Bug 1613985 - Use default for equivalent-to-default constructors/destructors in security. r=rrelyea 
Differential Revision: https://phabricator.services.mozilla.com/D65499

--HG--
extra : moz-landing-system : lando
 2020-03-16 09:57:45 +00:00
Kershaw Chang
583ae04d36 Bug 1607445 - Clear tokens cache at places where SSL_ClearSessionCache() is called r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D62021

--HG--
extra : moz-landing-system : lando
 2020-02-18 19:04:28 +00:00
Andreas Tolfsen
691d52fe90 bug 1606317: security: allow remote agent to disable security checks; r=keeler 
The remote agent is an implementation of a subset of
the Chromium Remote Debugging Protocol (CDP) for Gecko.
For similar reasons as Marionette it needs the ability to call
nsCertOverrideService::SetDisableAllSecurityChecksAndLetAttackersInterceptMyData().

It calls this method from remote/domains/parent/Security.jsm which
implements the Security.setIgnoreCertificateErrors protocol method.

The remote agent is slated to replace Marionette, but there is
currently no timeline for this.

Differential Revision: https://phabricator.services.mozilla.com/D58435

--HG--
extra : moz-landing-system : lando
 2020-01-03 13:46:00 +00:00
Andreas Tolfsen
a0465d6c54 bug 1606317: security: use nsIMarionette.running() for disable security check; r=keeler 
It must only be possible to call
nsCertOverrideService::SetDisableAllSecurityChecksAndLetAttackersInterceptMyData()
when Marionette is actually active, but the MOZ_MARIONETTE environment
variable can in theory be set by any user.

MOZ_MARIONETTE was introduced to support in-application restarts
so that the forked main process knows to re-initialise Marionette.
This makes it approximately equivalent to passing the --marionette flag.

Because Marionette can be started and stopped at runtime through
modifying the marionette.enabled preference, and Marionette never
resets MOZ_MARIONETTE, this makes it theoretically possible that
a future caller could circumvent this security check.

This is however not a security problem at present because the
method is only ever called from within testing/marionette/cert.js,
which itself is never called unless Marionette indeed is active.

Still, it would be safer for this to use nsIMarionette.running()
which returns true whenever the Marionette server is listening for
connections, and false when the Marionette automation protocol is
not enabled.

Differential Revision: https://phabricator.services.mozilla.com/D58434

--HG--
extra : moz-landing-system : lando
 2020-01-03 13:46:38 +00:00