This removes nsIX509Cert.subjectAltNames and reduces potential attack surface
by avoiding parsing subject alternative names in C/C++. It also reduces PSM
reliance on NSS types.
Differential Revision: https://phabricator.services.mozilla.com/D101418
TLS error report sending was disabled by default in bug 1579906. The server
that ingested these reports has been decommissioned as well, so this patch
removes this dead code.
Differential Revision: https://phabricator.services.mozilla.com/D99405
This patch adds the UI for allowing users to enable reporting XFO error.
The reporting UI will be displayed in the error page if the error is a
XFO error.
Differential Revision: https://phabricator.services.mozilla.com/D82331
As we roll out the TLS 1.0 and 1.1 deprecation, sites that don't support TLS 1.2
will show the neterror page. This adds a box to that page that shows in this
specific case. That box explains what is going on and gives an option to
re-enable TLS 1.0.
As mentioned, this will show alongside an option to reset TLS-related
preferences if any overrides are active.
Hitting the button will set the new pref to 'true' and reload the page.
Once the override is engaged, the option won't show, but that option to reset
preferences will show (as this is a TLS-related preference).
The intent is to remove this affordance in March 2020 as we formally move to
having TLS 1.2 the minimum version. All going to plan, this will only affect
prerelease channels, though anyone who has tweaked security.tls.version.* could
also see this.
Differential Revision: https://phabricator.services.mozilla.com/D45799
As we roll out the TLS 1.0 and 1.1 deprecation, sites that don't support TLS 1.2
will show the neterror page. This adds a box to that page that shows in this
specific case. That box explains what is going on and gives an option to
re-enable TLS 1.0.
As mentioned, this will show alongside an option to reset TLS-related
preferences if any overrides are active.
Hitting the button will set the new pref to 'true' and reload the page.
Once the override is engaged, the option won't show, but that option to reset
preferences will show (as this is a TLS-related preference).
The intent is to remove this affordance in March 2020 as we formally move to
having TLS 1.2 the minimum version. All going to plan, this will only affect
prerelease channels, though anyone who has tweaked security.tls.version.* could
also see this.
Differential Revision: https://phabricator.services.mozilla.com/D45799
We were using the same ID on two elements, which kind of messed up things everywhere
our code reasonably expected only one element of the kind to exist. We just use a
class name now.
This also cleans up #advancedPanelErrorTryAgain which worked around this issue
by using a different ID.
Differential Revision: https://phabricator.services.mozilla.com/D30298
The larger changesets in this patch are simply moving code from one file into the other with hg mv.
A short summary of the changes:
- I removed the forked redirection from AboutRedirector.cpp
- I deleted the original aboutNetError.xhtml and aboutNetError.css files
and moved aboutNetError-new.xhtml and aboutNetError-new.css in their place instead.
- I removed the browser.security.newcerterrorpage.enabled pref and all its usages.
- I removed some localization strings and resources that went unused because of the above changes.
Differential Revision: https://phabricator.services.mozilla.com/D25232
This is kind of like the previous patch (where we had a not-very-friendly user experience shutting down misbehaving h2 sessions), but in this case the server has proven to us that it can speak a minimum of h2, so we don't want to just fallback. Instead, when we send a GOAWAY frame because we have detected some error on the part of the server, if it's a top-level page load, we'll show an error page explaining that the server spoke bad http/2, and the site admin(s) need to be contacted. We already did this for INADEQUATE_SECURITY (which is its own special case still), but that didn't cover all the cases.
Differential Revision: https://phabricator.services.mozilla.com/D8436
This patch moves all TLS error string handling to the frontend.
Dev-tools doesn't show the same error code as the page does anymore but only the error code as string.
All logging of these error messages has been removed.
Bug #: 1415279
Differential Revision: https://phabricator.services.mozilla.com/D607
Improves the UI for pages blocked by the enterprise policy manager. These improvements include a new image instead of the generic "info" image and updated, approved strings for the page.
MozReview-Commit-ID: 9d6V9onHGGg
