PK11PasswordPromptRunnable::RunOnTargetThread instantiates nsINSSComponent and
calls GetPIPNSSBundleString/PIPBundleFormatStringFromName to get some localized
strings. Since that runs on the main thread, we can call the helpers in
nsNSSCertHelper instead.
MozReview-Commit-ID: GsHoGDKBKdB
nsIX509Cert::GetCert() returns a CERTCertificate whose reference count has
already been increased. Before this patch, when IsCertificateDistrustImminent
called CertDNIsInList(rootCert->GetCert(), RootSymantecDNs) and
CertDNIsInList(aCert->GetCert(), RootAppleAndGoogleDNs), the reference count on
those certificates would never get a corresponding decrement, so we would keep
those certificates alive until shut down. A reasonable and consistent solution
is to introduce a UniqueCERTCertificate handle in each case to own the
reference.
The status of this fix can be verified by setting MOZ_LOG="pipnss:4", running
Firefox, connecting to any host, and then shutting down. If an NSS resource
reference has been leaked, "[Main Thread]: E/pipnss NSS SHUTDOWN FAILURE" will
be in the console output. Otherwise,
"[Main Thread]: D/pipnss NSS shutdown =====>> OK <<=====" will be in the console
output.
This patch also removes nsIX509CertList::DeleteCert because it would also leak a
reference. Luckily, nothing was using it.
This patch also clarifies the implementation of nsIX509CertList::AddCert by
making the ownership transfers explicit.
MozReview-Commit-ID: 2qHo3DmhTPz
This patch adds a new diagnostic status flag to nsIWebProgressListener,
STATE_CERT_DISTRUST_IMMINENT, which indicates that the certificate chain is
going to change validity due to an upcoming distrust event. The first of
these events is this bug, affecting various roots from Symantec.
The STATE_CERT_DISTRUST_IMMINENT flag is set by nsNSSCallbacks and passed,
via nsSecureBrowserUIImpl, to browser.js where it is used to alert the console.
Adding this sort of diagnostic printing to be accessible to browser.js is a
long-desired goal, as future functionality can start doing more decision-making
there. We may, for example, also want to degrade the lock icon, which will be
straightforward with this flag.
This commit does not implement the IsCertificateDistrustImminent method. That is
follow-on work.
MozReview-Commit-ID: 75IOdc24XIV
Bug 1364159 introduced an optimization that attempted to avoid reading from the
user's cached certificate database as much as possible when building a verified
certificate chain. Unfortunately this had the side-effect of not preferring root
certificates in path building, which can result in unnecessarily long chains
(which rather defeats the purpose, since it means more signature verifications).
This patch reverts the functionality changes from that bug but keeps the test
that was added (the test didn't directly test the functionality changes - it's
more of a check that path building will query the cached certificate db when
necessary).
MozReview-Commit-ID: I56THTLUytH
This patch adds the group used for TLS key exchange and the siganture scheme of the certificate to SSLStatus and displays it in devtools.
MozReview-Commit-ID: 7aTj0U5GIvo
nsXPIDLStrings are marked as VOIDED upon initialization. Most of these local
nsXPIDLString variables are immediately set via getter_Copies(), which will
either assign a string value (using Adopt()) or do SetIsVoid(). These can be
trivially converted to nsString, which will get the same treatment.
The patch suitably converts the remaining nsXPIDLString local variable as well.
GetHostNameRaw() returns a char* string, which is less safe and ergonomic
compared to the Mozilla string classes. GetHostName() can be used instead.
MozReview-Commit-ID: GYvTnISNN35
CERT_CreateSubjectCertList is not an inexpensive function call, since it
enumerates the certificate database (i.e. reads from disk a lot). If we're
verifying for a TLS handshake, however, we should already have in memory a
certificate chain sent by the peer (there are some cases where we won't, such as
session resumption (see bug 731478)). If we can, we should use those
certificates before falling back to calling CERT_CreateSubjectCertList.
MozReview-Commit-ID: ASjVGsELb1O
There are a few places where we can use the safer functionality provided by the
Mozilla string classes instead.
Also fixes Bug 1268657 (remove vestigial
TransportSecurityInfo::SetShortSecurityDescription declaration).
MozReview-Commit-ID: Cxv5B4bsDua
The only unhandled call updates nsHTTPListener::mHttpResponseContentType, but
nothing actually uses the value of mHttpResponseContentType.
MozReview-Commit-ID: FQXESvoO2ZN
Changed |print("enum ID : uint32_t {", file=output)| to |print("enum HistogramID : uint32_t {", file=output)| at line 53 of the file |toolkit/components/telemetry/gen-histogram-enum.py|, and then replaced all the textual occurrences of |Telemetry::ID| to |Telemetry::HistogramID| and |ID| to |HistogramID| in 43 other files.
mozilla::TimeStamp is generally superior to PRIntervalTime, and switching lets
us get rid of yet another NSPR dependency.
This patch also:
1. Gets rid of code in nsNSSHttpRequestSession::createFcn() that limits the
max OCSP timeout. This is a relic from when NSS was used for OCSP requests,
and is no longer necessary.
2. Converts all uses of PR_NOT_REACHED() to MFBT asserts while we're nearby.
MozReview-Commit-ID: KvgOWWhP8Km
MOZ_ASSERT() is basically equivalent to NS_ASSERTION().
PSM already uses MOZ_ASSERT() for new code, so there's no need to use
NS_ASSERTION() as well.
MozReview-Commit-ID: JHDsbDkYvHf
When doing TLS session resumption, the AuthCertificate hook is bypassed, which
means that the front-end doesn't know whether or not to show the EV indicator.
To deal with this, the platform attempts an EV verification. Before this patch,
this verification lacked much of the original context (e.g. stapled OCSP
responses, SCTs, the hostname, and in particular the first-party origin key).
Furthermore, it was unclear from a code architecture standpoint that a full
verification was even occurring. This patch brings the necessary context to the
verification and makes it much more clear that it is happening. It also takes
the opportunity to remove some unnecessary EV-related fields and information in
code and data structures that don't require it.
MozReview-Commit-ID: LTmZU4Z1YXL
