Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
218,460 Commits 3,986 Branches 0 Tags
Commit Graph

445 Commits

Author SHA1 Message Date
ryan.sleevi%gmail.com
04bb52c2f6 Bug 813857: Make certificate trust flags thread safe. 
r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@264626 18797224-902f-48f8-a5cc-f745e15eee43
 2013-01-07 04:11:52 +00:00
ryan.sleevi%gmail.com
4eac635e00 BUG 816853: Add support for trusting the union of explicit trust anchors and 
the trust DB.
r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@264625 18797224-902f-48f8-a5cc-f745e15eee43
 2013-01-07 03:56:15 +00:00
wtc%google.com
8c01f5a009 Bug 818741: cast the 'arg' argument of LOG_ERROR_OR_EXIT and LOG_ERROR 
to void * via an intermediate cast to PRWord to avoid the gcc compiler
warning "cast to pointer from integer of different size". Declare the
error/errorCode argument of cert_AddToVerifyLog as a (signed) long
because NSS/NSPR error codes are negative numbers. r=mentovai.
Modified Files:
	lib/certdb/certi.h lib/certhigh/certvfy.c


git-svn-id: svn://10.0.0.236/trunk@264527 18797224-902f-48f8-a5cc-f745e15eee43
 2012-12-06 17:56:58 +00:00
rrelyea%redhat.com
1c45c2e9d3 Bug 764973 - Augment libpkix with callback at chainvalidate (edit) 
Patch by cviecco, review by bsmith
checkin for bsmith


git-svn-id: svn://10.0.0.236/trunk@264281 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-28 23:40:17 +00:00
wtc%google.com
c53b4fdca1 Bug 794636: CERT_AsciiToName should take a const char * input argument. 
r=kaie.
Modified Files:
	alg1485.c cert.h


git-svn-id: svn://10.0.0.236/trunk@264278 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-28 16:05:02 +00:00
kaie%kuix.de
28ce5c57a0 Bug 578861 - CERT_CompareName should take const input parameters, r=wtc 
git-svn-id: svn://10.0.0.236/trunk@264221 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-19 15:08:07 +00:00
kaie%kuix.de
f01510e026 Bug 745548, nssPKIObject_GetNicknameForToken should always return a copy, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263833 18797224-902f-48f8-a5cc-f745e15eee43
 2012-05-17 21:40:54 +00:00
gerv%gerv.net
f465fa7d7e Bug 716563 - update license to MPL 2. r=rrelyea. 
git-svn-id: svn://10.0.0.236/trunk@263750 18797224-902f-48f8-a5cc-f745e15eee43
 2012-04-25 14:50:19 +00:00
wtc%google.com
75c0724996 Bug 741481: cert_InitLocks should reset certRefCountLock to NULL after 
calling PZ_DestroyLock(certRefCountLock).  The patch is contributed by
Ben Chan <benchan@chromium.org>.  r=wtc.


git-svn-id: svn://10.0.0.236/trunk@263630 18797224-902f-48f8-a5cc-f745e15eee43
 2012-04-03 00:33:36 +00:00
wtc%google.com
c983c74a63 Bug 737802: Treat Netscape international step-up EKU OID as also having SSL 
Server type.  The patch is contributed by Rob Stradling <rob@comodo.com>.
r=wtc.


git-svn-id: svn://10.0.0.236/trunk@263601 18797224-902f-48f8-a5cc-f745e15eee43
 2012-03-23 03:25:57 +00:00
kaie%kuix.de
fcbf5e90ac Bug 671071, const/non-const warnings in pk11wrap, patch by Brian Smith, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263584 18797224-902f-48f8-a5cc-f745e15eee43
 2012-03-19 21:42:57 +00:00
kaie%kuix.de
3e32e37ed1 Bug 633063, initialize variable, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263277 18797224-902f-48f8-a5cc-f745e15eee43
 2012-01-17 22:46:06 +00:00
bsmith%mozilla.com
24363aa2e6 Bug 651523: Remove step-up code, v4, removing EXPORT_VERSION build option, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263080 18797224-902f-48f8-a5cc-f745e15eee43
 2011-11-17 00:20:22 +00:00
kaie%kuix.de
51ddd562f1 Fix Tinderbox bustage, backout all patches from 2011-11-11 
git-svn-id: svn://10.0.0.236/trunk@263077 18797224-902f-48f8-a5cc-f745e15eee43
 2011-11-16 19:12:36 +00:00
bsmith%mozilla.com
af6f931a1a Bug 663733: Add const modifier to declarations of functions used by ocspclnt and certhigh/ocsp.c, make const warning an error on Windows (v3), r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263068 18797224-902f-48f8-a5cc-f745e15eee43
 2011-11-12 05:22:20 +00:00
bsmith%mozilla.com
7a0edbfd6a Bug 651523 - Remove SSL step-up code from libssl and remove step-up extended key usage support, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263066 18797224-902f-48f8-a5cc-f745e15eee43
 2011-11-11 18:47:20 +00:00
wtc%google.com
731bd799ab Bug 642503: Generic blacklisting mechanism for bogus certs (NSS trust 
module), patch 2 part 2: revoke certs in libpkix and add test cases.  The
patch is written by Bob Relyea <rrelyea@redhat.com>.  r=wtc.
Modified Files:
	lib/certdb/certi.h lib/libpkix/include/pkix_pl_pki.h
	lib/libpkix/pkix/top/pkix_build.c
	lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c tests/cert/cert.sh
	tests/common/init.sh


git-svn-id: svn://10.0.0.236/trunk@262874 18797224-902f-48f8-a5cc-f745e15eee43
 2011-09-14 23:16:16 +00:00
wtc%google.com
4c9bec47c7 Bug 217721: change the certUsageObjectSigner case back to 
KU_DIGITAL_SIGNATURE because RFC 5280 says code signing needs
digitalSignature, as opposed to "digitalSignature and/or nonRepudiation".
R=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@262599 18797224-902f-48f8-a5cc-f745e15eee43
 2011-08-05 01:13:14 +00:00
wtc%google.com
0f5bc7f54d Bug 217721: do not use non-repudiation-only certs for SSL client 
authentication.  The patch is contributed by Philipp Hug <debian@hug.cx>.
r=nelson,rrelyea,wtc.
Modified Files:
	certdb.c certt.h


git-svn-id: svn://10.0.0.236/trunk@262548 18797224-902f-48f8-a5cc-f745e15eee43
 2011-07-28 21:38:14 +00:00
wtc%google.com
36b79015b2 Bug 668397: remove support for Fortezza certificates and keys from 
lib/certdb, lib/certhigh, and lib/cryptohi.  The bug was reported by
Tavis Ormandy <taviso@sdf.lonestar.org>.  The patch was written by
Brian Smith <bsmith@mozilla.com>.  r=rrelyea,wtc.
Modified Files:
	lib/certdb/cert.h lib/certdb/certdb.c lib/certdb/crl.c
	lib/certhigh/certvfy.c lib/cryptohi/keyhi.h
	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
	lib/cryptohi/secsign.c lib/pk11wrap/pk11cert.c


git-svn-id: svn://10.0.0.236/trunk@262519 18797224-902f-48f8-a5cc-f745e15eee43
 2011-07-24 13:48:13 +00:00
kaie%kuix.de
3fc0fb884a Bug 602509, Signed email appears as not trustworthy -- Patch contributed by Kaspar Brand -- r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@262482 18797224-902f-48f8-a5cc-f745e15eee43
 2011-07-12 12:39:04 +00:00
rrelyea%redhat.com
b58e695147 Bug 642503 - Generic blacklisting mechanism for bogus certs 
Patch 1: rename (see comment 20).
r=emaldona


git-svn-id: svn://10.0.0.236/trunk@262180 18797224-902f-48f8-a5cc-f745e15eee43
 2011-04-13 00:10:27 +00:00
kaie%kuix.de
c64773d84f Bug 647902, Add general purpose allocation code for CERT_PKIXVerifyCert, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@262173 18797224-902f-48f8-a5cc-f745e15eee43
 2011-04-08 22:54:35 +00:00
emaldona%redhat.com
9fcd62aa52 Bug 625675 - trust flags are not being deleted when we delete the associated certificate, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@262113 18797224-902f-48f8-a5cc-f745e15eee43
 2011-03-26 17:34:22 +00:00
alexei.volkov.bugs%sun.com
e3d68d7de7 635778 - Need an API to pass user defined cert chain when SSL socket is set up. r=nelson, rreleya 
git-svn-id: svn://10.0.0.236/trunk@262033 18797224-902f-48f8-a5cc-f745e15eee43
 2011-03-10 04:29:04 +00:00
rrelyea%redhat.com
e2c3f222ea Bug 592489 - libsmime unable to decrypt Outlook 2010 mail encrypted with smartcard-based key 
patch by rrelyea
r=wtc

Fix tinderbox crashes caused by freeing arena allocated memory indirectly
through hash tables


git-svn-id: svn://10.0.0.236/trunk@261905 18797224-902f-48f8-a5cc-f745e15eee43
 2011-02-08 19:08:02 +00:00
nelson%bolyard.com
96b47c1239 Bug 592489: populate NSS's hash table of SubjectKeyID to token object. 
Patch contributed by Kaspar Brand <mozbugzilla@velox.ch>, r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@261871 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-29 22:17:20 +00:00
emaldona%redhat.com
ad5143d66f Bug 627806 - Remove unimplemented CERT_DecodeCertificate function prototype, r=nelson 
git-svn-id: svn://10.0.0.236/trunk@261867 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-29 16:49:31 +00:00
kaie%kuix.de
856edfa42a bug 337433, Need CERT_FindCertByNicknameOrEmailAddrByUsage 
r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@261270 18797224-902f-48f8-a5cc-f745e15eee43
 2010-09-24 13:31:58 +00:00
nelson%bolyard.com
809830b8b5 Bug 388978: Add EV-defined subject name attributes, r=emaldona 
git-svn-id: svn://10.0.0.236/trunk@261231 18797224-902f-48f8-a5cc-f745e15eee43
 2010-09-18 21:17:53 +00:00
nelson%bolyard.com
b4cfd67ad6 Bug 578697: Wildcards and IP addresses don't mix. 
git-svn-id: svn://10.0.0.236/trunk@261080 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-22 20:59:01 +00:00
wtc%google.com
48d388a984 Bug 585842: Remove CERT_GetNickName. Drop support for 
SEC_OID_NETSCAPE_NICKNAME.  r=nelson.
Modified Files:
	certdb/cert.h certdb/certdb.c certdb/genname.c util/secoidt.h


git-svn-id: svn://10.0.0.236/trunk@261036 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-13 01:18:19 +00:00
wtc%google.com
47cbc017c4 Bug 585842: Don't call CERT_IsCACert twice in CERT_ImportCerts. Remove 
the unnecessary variable freeNickname.  r=nelson.


git-svn-id: svn://10.0.0.236/trunk@261035 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-13 01:08:48 +00:00
wtc%google.com
d857335b4f Bug 585842: CERT_MakeCANickname should return NULL instead a static 
empty string in error case, so that the return value can be safely freed
with PORT_Free.  The patch is contributed by Matt Mueller of Google
<mattm@chromium.org>.  r=wtc.


git-svn-id: svn://10.0.0.236/trunk@261023 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-11 22:52:06 +00:00
wtc%google.com
cf35dccbce Bug 583966: Remove unnecessary "REQUIRES = dbm" from manifest.mn. Remove 
an unnecessary LIBSRCS variable in lib/cryptohi/manifest.mn.  r=Christophe.
Modified Files:
	cmd/lib/manifest.mn cmd/shlibsign/manifest.mn
	lib/certdb/manifest.mn lib/certhigh/manifest.mn
	lib/cryptohi/manifest.mn lib/jar/manifest.mn
	lib/libpkix/pkix/certsel/manifest.mn
	lib/libpkix/pkix/checker/manifest.mn
	lib/libpkix/pkix/crlsel/manifest.mn
	lib/libpkix/pkix/params/manifest.mn
	lib/libpkix/pkix/results/manifest.mn
	lib/libpkix/pkix/store/manifest.mn
	lib/libpkix/pkix/top/manifest.mn
	lib/libpkix/pkix/util/manifest.mn
	lib/libpkix/pkix_pl_nss/module/manifest.mn
	lib/libpkix/pkix_pl_nss/pki/manifest.mn
	lib/libpkix/pkix_pl_nss/system/manifest.mn lib/nss/manifest.mn
	lib/pk11wrap/manifest.mn lib/pkcs12/manifest.mn
	lib/pkcs7/manifest.mn lib/smime/manifest.mn
	lib/softoken/manifest.mn


git-svn-id: svn://10.0.0.236/trunk@260952 18797224-902f-48f8-a5cc-f745e15eee43
 2010-08-03 18:56:48 +00:00
wtc%google.com
de7eb876fc Bug 552775: If cert_pi_policyOID is not specified, it means the user is not 
concerned about certificate policy (i.e., the user-initial-policy-set
contains the special value any-policy as defined in RFC 5280 Sec. 6.1.1).
Map PKIX_FUNCTIONMUSTNOTBEUSED to SEC_ERROR_LIBPKIX_INTERNAL instead of
SEC_ERROR_INVALID_ARGS.  Add PKIX_PRECONDITIONFAILED, and add a
precondition check to pkix_PolicyChecker_CalculateIntersection.  Fix an
input argument check in pkix_PolicyChecker_PolicyMapProcessing.  Add three
new test cases.  r=alexei.
Modified Files:
	lib/certdb/certt.h lib/certhigh/certvfypkix.c
	lib/libpkix/include/pkix_errorstrings.h
	lib/libpkix/pkix/checker/pkix_policychecker.c
	tests/chains/scenarios/anypolicywithlevel.cfg


git-svn-id: svn://10.0.0.236/trunk@260480 18797224-902f-48f8-a5cc-f745e15eee43
 2010-06-18 00:34:24 +00:00
wtc%google.com
6945cd9c30 Bug 562544: Remove dead code in lib/certdb/crl.c. r=rrelyea. 
Modified Files:
	certi.h crl.c


git-svn-id: svn://10.0.0.236/trunk@260351 18797224-902f-48f8-a5cc-f745e15eee43
 2010-05-21 00:43:51 +00:00
wtc%google.com
0e00eaafad Bug 562542: An invalid CRL should not cause all certificates issued by that 
CA to be considered revoked.  Report the unknown status instead.
r=nelson,rrelyea.
Modified Files:
	certi.h crl.c


git-svn-id: svn://10.0.0.236/trunk@260349 18797224-902f-48f8-a5cc-f745e15eee43
 2010-05-20 22:29:10 +00:00
nelson%bolyard.com
e32d4abdea Bug 394919 - dNSName constraints should constrain cert Common Names in EE 
certs when verifying certs for SSL usage, r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@260248 18797224-902f-48f8-a5cc-f745e15eee43
 2010-04-30 07:47:48 +00:00
nelson%bolyard.com
25cae7d289 Bug 506041: Correct misspellings in source code comments 
Patch contributed by Michael Kohler <michaelkohler@live.com>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@260229 18797224-902f-48f8-a5cc-f745e15eee43
 2010-04-25 23:37:40 +00:00
nelson%bolyard.com
4931a184dc Bug 554425: Remove support for Netscape's SSL server name extension 
r=rrelyea@redhat.com,matt@mattmccutchen.net


git-svn-id: svn://10.0.0.236/trunk@260224 18797224-902f-48f8-a5cc-f745e15eee43
 2010-04-25 00:44:55 +00:00
nelson%bolyard.com
c0b5e7332d Bug 415565: Use new NSPR atomic macros in NSS 
Patch contributed by Steve Snyder <swsnyder@snydernet.net>, r=wtc


git-svn-id: svn://10.0.0.236/trunk@260135 18797224-902f-48f8-a5cc-f745e15eee43
 2010-04-03 18:27:33 +00:00
wtc%google.com
da452eb737 Bug 515870: Fix compiler warnings regarding unsigned char * vs. char *. 
r=nelson.
Modified Files:
	cmd/ssltap/ssltap.c lib/certdb/alg1485.c lib/certdb/certdb.c
	lib/pkcs7/certread.c


git-svn-id: svn://10.0.0.236/trunk@259663 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-10 02:00:57 +00:00
wtc%google.com
83374322f8 Bug 515870: Make conditional expressions explicit when they involve 
assignments.  r=nelson.
Modified Files:
	lib/certdb/secname.c lib/libpkix/pkix/util/pkix_list.c


git-svn-id: svn://10.0.0.236/trunk@259662 18797224-902f-48f8-a5cc-f745e15eee43
 2010-02-10 01:54:31 +00:00
alexei.volkov.bugs%sun.com
d26b36b737 360421 - Implement TLS Server Name Indication for servers. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@259396 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-14 22:15:26 +00:00
julien.pierre.boogz%sun.com
17c03a2785 Fix for bug 506635 . Switch to pre-allocating data buffer in arena. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@258043 18797224-902f-48f8-a5cc-f745e15eee43
 2009-08-10 22:25:44 +00:00
christophe.ravel.bugs%sun.com
18255f226b Bug 507482 - NSS 3.12.3 (and later) doesn't build on AIX 5.1 
r=nelson


git-svn-id: svn://10.0.0.236/trunk@257901 18797224-902f-48f8-a5cc-f745e15eee43
 2009-07-31 18:35:44 +00:00
nelson%bolyard.com
dd033b61ea Bug 506407: NULs in cert SAN email addresses are not properly escaped 
r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@257836 18797224-902f-48f8-a5cc-f745e15eee43
 2009-07-28 23:47:27 +00:00
wtc%google.com
712dfe7374 Bug 495365: The 'nickname' parameter of SEC_CertNicknameConflict should be 
a const char *.  r=nelson.
Modified Files:
	certdb.h stanpcertdb.c


git-svn-id: svn://10.0.0.236/trunk@257303 18797224-902f-48f8-a5cc-f745e15eee43
 2009-05-29 19:16:54 +00:00
alexei.volkov.bugs%sun.com
fe3dcd05dd 494087 - Passing NULL as the value of cert_pi_trustAnchors causes a crash in cert_pkixSetParam. r=wtc. 
git-svn-id: svn://10.0.0.236/trunk@257299 18797224-902f-48f8-a5cc-f745e15eee43
 2009-05-29 18:10:39 +00:00