module is loaded afterwards,
Summary: When the builtin trust module is loaded after some temp certs
being created, these temp certs are usually not accompanied by trust
information. This causes a problem in UXP as it loads the module from a
separate thread while accessing the network cache which populates temp
certs.
This change makes it properly roll up the trust information, if a temp
cert doesn't have trust information.
SFTKSession objects are only ever actually destroyed at PK11 session
closure, as the session is always the final holder -- and asserting
refCount == 1 shows that to be true. Because of that, NSC_CloseSession
can just call `sftk_DestroySession` directly and leave
`sftk_FreeSession` as a no-op to be removed in the future.
- Use HEAD instead of GET for probe to avoid loading pages
- Reduce retries to 2
- Reduce timeout to 10 s (since we're just getting a HEAD this is royal)
- Identify ourselves to websites as an automated tool
- Improve performance of list merging (O(n^2) was getting too expensive)
- Add a total counter and perform GC every 200 requests
HKDF-Expand enforces a maximum output length much shorter than stated in
the RFC. This patch aligns the implementation with the RFC by allocating
more output space when necessary.
https://bugzilla.mozilla.org/show_bug.cgi?id=1513913
Mozilla's solution to this is arguably overkill, since the namespace issue on Solaris only required them to change (or temporarily undefine) __log2. Instead they changed ALL the functions to be something along the lines of dbm_log2. They haven't changed the external interface at all, though.
If you're unhappy with this patch, I think I could also use XP_SOLARIS ifdefs to undefine __log2 prior to where it's declared in the dbm headers. The good thing about Mozilla's solution is that it guarantees this namespace issue never occurs again on any platform, though.
Previously, HSTS preload list values could be overridden temporarily due
to counter-intuitive behavior of the API's removeState function.
This adds an explicit flag to the API for writing knockout values to
the Site Security Service, with the default resetting to whatever the
preload list state is.
This avoids getting data synchronously on the main thread in an XHR
(which has been deprecated for a long time and _may_ actually be blocked
in our networking) and attempts to be more predictable by always firing
an update request for the dialog from the XHR request handlers.
Kai Engert
Daiki Ueno
wolfbeast
Craig Disselkoen
J.C. Jones
Moonchild
Kevin Jacobs
athenian200
New Tobin Paradigm
trav90
adeshkp
Ascrod
wolfbeast