mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:30:27 +00:00
roytam1
81d61fa324
- Bug 1265036 - Use NS_ABORT_OOM() if try_realloc() fails. r=billm (c30f4f83d5) - Bug 1263292 - Handle calling realloc(0) (r=jld) (f292859ee9) - Bug 1256366 - Remove linear and exponential stats collection from histogram.cc. r=gfritzsche (f9a1c869a1) - Bug 1263953 - Reduce the growth rate of Pickle. r=wmccloskey (6eb5228490) - Bug 1233275 - Copy environment for IPC using NSPR. r=jld (2004db748e) - Bug 1261094 - Improve how MessageChannel::mInterruptStack is used in IPC code, r=jld (56e2c114a4) - Bug 1246931: Include dbus.h in DBus IPC headers, r=shuang (43e797c2d8) - Bug 1264887: Make DBus helpers available on desktop builds, r=shuang (58bff1f640) - Bug 1268130, part 1 - Reimplement ByteLengthIsValid using CheckedInt. r=froydnj (6018e22ae0) - Bug 1268130, part 2 - Make ByteLengthIsValid failures fatal in release builds. r=froydnj (f9d934a498) - Bug 1269365, part 1 - Swap fallible and infallible TArray ParamTraits. r=froydnj (ad423bc04d) - Bug 1269365, part 2 - Make ParamTraits<nsTArray<E>>::Read use infallible allocation. r=froydnj (9b902a5bc4) - Bug 1269365, part 3 - Use infallible array allocation in implementSpecialArrayPickling. r=froydnj (592fe648d3) - Bug 1264820 - Measure IPC reply size in telemetry (r=mccr8) (62c54d3141) - Bug 1268938 - Use the name of the original message in Send for reply telemetry. r=billm (a2de5c6a91) - Bug 1266954: Remove temporary |ScopedClose| from PDU receive code, r=jacheng (cb06315c33) - Bug 1142109 - Fix IPDL tests (r=dvander) (df3f0cda32) - Bug 1177013 - Fix IPDL tests for not allowing CPOWs during sync (r=dvander) (5da0a8a4c9) - Bug 1261307: Convert RIL sockets to |UniquePtr|, r=nfroyd (08609783b3) - Bug 1253622 - Move the mozilla-trace.h generation into moz.build; r=ted (f01dc418bc) - Bug 1267318 ignore cert expiration for mozilla-signed packages, r=dkeeler (7a1ddd6090) - Bug 1029173 - Clean up nsDataSignatureVerifier. r=keeler (f9602341ea) - bug 1267463 - add a more nuanced subject common name fallback option for prerelease channels r=Cykesiopka,jcj (9b55320c9b) - Bug 1253108 - Enable ESLint "strict" rule for PSM. r=keeler (54802bdc38) - Bug 1255425 - part 1 - clearly delineate steps when outputting HSTS preload list; r=keeler (79f73189c8) - Bug 1251801 - Fully implement nsNSSShutDownObject and obviate manual NSS resource management. r=keeler (af32315d3f) - Bug 1251801 - Improve handling of PK11_* function error codes. r=keeler (9f2c8ac64b) - Fix unified-build bustage from bug 1264706. r=bustage (11bc0417c7) - Bug 1265164 - Always use nsCOMPtrs with getNSSDialogs(). r=keeler (ce5a703972)
90 lines
2.5 KiB
JavaScript
90 lines
2.5 KiB
JavaScript
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
"use strict";
|
|
|
|
// This file is a helper script that generates the list of certificates that
|
|
// make up the preloaded pinset for Google properties.
|
|
//
|
|
// How to run this file:
|
|
// 1. [obtain firefox source code]
|
|
// 2. [build/obtain firefox binaries]
|
|
// 3. run `[path to]/run-mozilla.sh [path to]/xpcshell dumpGoogleRoots.js'
|
|
// 4. [paste the output into the appropriate section in
|
|
// security/manager/tools/PreloadedHPKPins.json]
|
|
|
|
var Cc = Components.classes;
|
|
var Ci = Components.interfaces;
|
|
|
|
function downloadRoots() {
|
|
let req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
|
|
.createInstance(Ci.nsIXMLHttpRequest);
|
|
req.open("GET", "https://pki.google.com/roots.pem", false);
|
|
try {
|
|
req.send();
|
|
}
|
|
catch (e) {
|
|
throw new Error("ERROR: problem downloading Google Root PEMs: " + e);
|
|
}
|
|
|
|
if (req.status != 200) {
|
|
throw new Error("ERROR: problem downloading Google Root PEMs. Status: " +
|
|
req.status);
|
|
}
|
|
|
|
let pem = req.responseText;
|
|
let roots = [];
|
|
let currentPEM = "";
|
|
let readingRoot = false;
|
|
let certDB = Cc["@mozilla.org/security/x509certdb;1"]
|
|
.getService(Ci.nsIX509CertDB);
|
|
for (let line of pem.split(/[\r\n]/)) {
|
|
if (line == "-----END CERTIFICATE-----") {
|
|
if (currentPEM) {
|
|
roots.push(certDB.constructX509FromBase64(currentPEM));
|
|
}
|
|
currentPEM = "";
|
|
readingRoot = false;
|
|
continue;
|
|
}
|
|
if (readingRoot) {
|
|
currentPEM += line;
|
|
}
|
|
if (line == "-----BEGIN CERTIFICATE-----") {
|
|
readingRoot = true;
|
|
}
|
|
}
|
|
return roots;
|
|
}
|
|
|
|
var roots = downloadRoots();
|
|
var rootNicknames = [];
|
|
for (var root of roots) {
|
|
rootNicknames.push(root.nickname.substring("Builtin Object Token:".length));
|
|
}
|
|
rootNicknames.sort(function(rootA, rootB) {
|
|
let rootALowercase = rootA.toLowerCase();
|
|
let rootBLowercase = rootB.toLowerCase();
|
|
if (rootALowercase < rootBLowercase) {
|
|
return -1;
|
|
}
|
|
if (rootALowercase > rootBLowercase) {
|
|
return 1;
|
|
}
|
|
return 0;
|
|
});
|
|
dump(" {\n");
|
|
dump(" \"name\": \"google_root_pems\",\n");
|
|
dump(" \"sha256_hashes\": [\n");
|
|
var first = true;
|
|
for (var nickname of rootNicknames) {
|
|
if (!first) {
|
|
dump(",\n");
|
|
}
|
|
first = false;
|
|
dump(" \"" + nickname + "\"");
|
|
}
|
|
dump("\n");
|
|
dump(" ]\n");
|
|
dump(" }\n");
|