Commit message (Collapse) | Author | Age | Lines | |
---|---|---|---|---|
* | Issue #1338 - Un-bust building of NSS after update to 3.48 on Linux. | wolfbeast | 2020-01-10 | -1/+2 |
| | ||||
* | Be more consistent about decoding IP addresses in PSM. | wolfbeast | 2020-01-09 | -2/+7 |
| | ||||
* | Issue #1338 - Part 2: Update NSS to 3.48-RTM | wolfbeast | 2020-01-02 | -31445/+1622266 |
| | ||||
* | Issue #1118 - Part 6: Fix various tests that are no longer correct. | wolfbeast | 2019-12-22 | -1/+1 |
| | | | | | The behavior change of document.open() requires these tests to be changed to account for the new spec behavior. | |||
* | Update NSS version. | wolfbeast | 2019-12-06 | -6/+8 |
| | ||||
* | [NSS] Bug 1586176 - EncryptUpdate should use maxout not block size. | Craig Disselkoen | 2019-12-06 | -1/+1 |
| | ||||
* | [NSS] Bug 1508776 - Remove unneeded refcounting from SFTKSession | J.C. Jones | 2019-12-06 | -24/+11 |
| | | | | | | | | SFTKSession objects are only ever actually destroyed at PK11 session closure, as the session is always the final holder -- and asserting refCount == 1 shows that to be true. Because of that, NSC_CloseSession can just call `sftk_DestroySession` directly and leave `sftk_FreeSession` as a no-op to be removed in the future. | |||
* | Issue #447 - Update HSTS preload list | wolfbeast | 2019-11-19 | -3828/+3982 |
| | ||||
* | Issue #1289 - Part 3: Update tests. | wolfbeast | 2019-11-14 | -0/+36 |
| | ||||
* | Issue #1289 - Part 2: Clear out the preload list except for test | wolfbeast | 2019-11-14 | -503/+2 |
| | | | | domains. | |||
* | Issue #1289 - Part 1: Add a pref to disable HPKP header processing. | wolfbeast | 2019-11-14 | -4/+37 |
| | ||||
* | Issue #447 - Improve the getHSTSPreloadList script | wolfbeast | 2019-11-09 | -12/+16 |
| | | | | | | | | | - Use HEAD instead of GET for probe to avoid loading pages - Reduce retries to 2 - Reduce timeout to 10 s (since we're just getting a HEAD this is royal) - Identify ourselves to websites as an automated tool - Improve performance of list merging (O(n^2) was getting too expensive) - Add a total counter and perform GC every 200 requests | |||
* | Issue #447 - Update HSTS preload list. | wolfbeast | 2019-11-09 | -11027/+26141 |
| | ||||
* | Issue #1064 - Part 3: Fix notifyObservers() call. | wolfbeast | 2019-11-04 | -1/+1 |
| | ||||
* | Issue #1064 - Part 2: Fix shorthand and services module import. | wolfbeast | 2019-11-04 | -3/+6 |
| | ||||
* | Merge branch 'master' into certexception-work | wolfbeast | 2019-11-04 | -232/+315 |
|\ | ||||
| * | Merge pull request #1262 from athenian200/solaris-work | Moonchild | 2019-11-02 | -193/+200 |
| |\ | | | | | | | Support Modern Solaris | |||
| | * | MoonchildProductions#1251 - Part 16: Resolve namespace conflicts with dbm on ↵ | athenian200 | 2019-10-21 | -193/+200 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Solaris. https://bugzilla.mozilla.org/show_bug.cgi?id=1513913 Mozilla's solution to this is arguably overkill, since the namespace issue on Solaris only required them to change (or temporarily undefine) __log2. Instead they changed ALL the functions to be something along the lines of dbm_log2. They haven't changed the external interface at all, though. If you're unhappy with this patch, I think I could also use XP_SOLARIS ifdefs to undefine __log2 prior to where it's declared in the dbm headers. The good thing about Mozilla's solution is that it guarantees this namespace issue never occurs again on any platform, though. | |||
| * | | Update NSS version | wolfbeast | 2019-10-24 | -6/+7 |
| | | | ||||
| * | | Add length checks for cryptographic primitives | Kevin Jacobs | 2019-10-24 | -9/+56 |
| | | | | | | | | | | | | | | | This rollup patch adds additional length checks around cryptographic primitives. | |||
| * | | Support longer (up to RFC maximum) HKDF outputs | wolfbeast | 2019-10-24 | -8/+25 |
| |/ | | | | | | | | | | | HKDF-Expand enforces a maximum output length much shorter than stated in the RFC. This patch aligns the implementation with the RFC by allocating more output space when necessary. | |||
| * | Properly implement various HSTS states. | wolfbeast | 2019-09-05 | -16/+27 |
| | | | | | | | | | | | | | | | | Previously, HSTS preload list values could be overridden temporarily due to counter-intuitive behavior of the API's removeState function. This adds an explicit flag to the API for writing knockout values to the Site Security Service, with the default resetting to whatever the preload list state is. | |||
* | | No issue: Clean up `exceptionDialog.js` | wolfbeast | 2019-08-17 | -14/+11 |
| | | | | | | | | | | - Fix some quoting, comments and inconsistencies and code style - Swap manually grabbing service components out for using `Services.*` | |||
* | | Issue #1064: Don't get certificate details synchronously. | wolfbeast | 2019-08-17 | -51/+31 |
|/ | | | | | | | This avoids getting data synchronously on the main thread in an XHR (which has been deprecated for a long time and _may_ actually be blocked in our networking) and attempts to be more predictable by always firing an update request for the dialog from the XHR request handlers. | |||
* | Update NSS version. | wolfbeast | 2019-07-17 | -7/+6 |
| | ||||
* | Prohibit the use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3 | wolfbeast | 2019-07-17 | -0/+20 |
| | | | | This is a spec compliance issue. | |||
* | Don't unnecessarily strip leading 0's from key material during PKCS11 import. | wolfbeast | 2019-07-17 | -18/+30 |
| | ||||
* | Apply better input checking discipline. | wolfbeast | 2019-07-17 | -7/+22 |
| | ||||
* | Change softoken password rounds to a more conservative number still | wolfbeast | 2019-07-03 | -2/+2 |
| | | | | | within industry standard security, considering our db hashing is more CPU intensive than anticipated. | |||
* | Merge pull request #1143 from trav90/master | New Tobin Paradigm | 2019-06-26 | -4115/+6505 |
|\ | | | | | Update HSTS preload list | |||
| * | Update HSTS preload list | trav90 | 2019-06-26 | -4115/+6505 |
| | | | | | | | | Tag #447 | |||
* | | Update NSS to 3.41.1 (custom) | wolfbeast | 2019-06-27 | -49/+218 |
|/ | | | | This resolves #82 | |||
* | Revert "Update NSS to 3.41.1 (custom)" | wolfbeast | 2019-06-26 | -213/+45 |
| | | | | This reverts commit fbc2eaacd679f0c484993ffe23d786fd06da22c3. | |||
* | Update NSS to 3.41.1 (custom) | wolfbeast | 2019-06-26 | -45/+213 |
| | | | | This resolves #82 | |||
* | Update HSTS preload list | wolfbeast | 2019-05-28 | -8368/+16300 |
| | | | | Tag #447 | |||
* | Issue #1053 - Drop support Android and remove Fennec - Part 1b: Remove ↵ | Matt A. Tobin | 2019-04-23 | -1/+1 |
| | | | | MOZ_FENNEC | |||
* | Remove SecurityUI telemetry. | adeshkp | 2019-04-21 | -171/+0 |
| | ||||
* | Fix order of member variables in a couple of initializer lists | adeshkp | 2019-03-14 | -1/+1 |
| | ||||
* | Update HSTS preload list | trav90 | 2019-01-31 | -2982/+5618 |
| | | | | Tag #447 | |||
* | Fix check for HSTS when service is disabled. | Ascrod | 2019-01-17 | -1/+1 |
| | ||||
* | Add preference for fully disabling HSTS. | Ascrod | 2019-01-16 | -0/+25 |
| | ||||
* | Remove a pointless `switch` after telemetry cleanup | adeshkp | 2019-01-14 | -14/+0 |
| | ||||
* | Telemetry: Remove stubs and related code | adeshkp | 2019-01-12 | -837/+18 |
| | ||||
* | Update HSTS preload list | trav90 | 2019-01-02 | -1989/+1978 |
| | | | | Tag #447 | |||
* | Update HSTS preload list | trav90 | 2018-12-15 | -2240/+3430 |
| | | | | Tag #447 | |||
* | Update NSS to 3.41 | wolfbeast | 2018-12-15 | -8328/+47108 |
| | ||||
* | Update HSTS preload list | trav90 | 2018-11-27 | -2835/+4530 |
| | | | | Tag #447 | |||
* | Remove AccumulateCipherSuite() | wolfbeast | 2018-11-08 | -71/+2 |
| | | | | This resolves #858 | |||
* | Remove ancient workaround in client certificate code | wolfbeast | 2018-11-02 | -57/+1 |
| | | | | | | | | Apparently a prehistoric server implementation would send a certificate_authorities field that didn't include the outer DER SEQUENCE tag, so PSM attempted to detect this and work around it. This prehistoric server implementation isn't in use anywhere anymore, so this 18-yo server bug workaround can be removed. | |||
* | Make sure nsNSSCertList handling checks for valid certs. | wolfbeast | 2018-11-02 | -3/+36 |
| |