Mon, 30 May 2016 13:15:53 -0700 sslutil: move and change warning when cert verification is disabled
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 May 2016 13:15:53 -0700] rev 29289
sslutil: move and change warning when cert verification is disabled A short time ago, validatesocket() didn't know the reasons why cert verification was disabled. Multiple code paths could lead to cert verification being disabled. e.g. --insecure and lack of loaded CAs. With the recent refactorings to sslutil.py, we now know the reasons behind security settings. This means we can recognize when the user requested security be disabled (as opposed to being unable to provide certificate verification due to lack of CAs). This patch moves the check for certificate verification being disabled and changes the wording to distinguish it from other states. The warning message is purposefully more dangerous sounding in order to help discourage people from disabling security outright. We may want to add a URL or hint to this message. I'm going to wait until additional changes to security defaults before committing to something.
Wed, 01 Jun 2016 19:57:20 -0700 sslutil: add devel.disableloaddefaultcerts to disable CA loading
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 01 Jun 2016 19:57:20 -0700] rev 29288
sslutil: add devel.disableloaddefaultcerts to disable CA loading There are various tests for behavior when CA certs aren't loaded. Previously, we would pass --insecure to disable loading of CA certs. This has worked up to this point because the error message for --insecure and no CAs loaded is the same. Upcoming commits will change the error message for --insecure and will change behavior when CAs aren't loaded. This commit introduces the ability to disable loading of CA certs by setting devel.disableloaddefaultcerts. This allows a testing backdoor to disable loading of CA certs even if system/default CA certs are available. The flag is purposefully not exposed to end-users because there should not be a need for this in the wild: certificate pinning and --insecure provide workarounds to disable cert loading/validation. Tests have been updated to use the new method. The variable used to disable CA certs has been renamed because the method is not OS X specific.
Mon, 30 May 2016 11:20:31 -0700 sslutil: store flag for whether cert verification is disabled
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 May 2016 11:20:31 -0700] rev 29287
sslutil: store flag for whether cert verification is disabled This patch effectively moves the ui.insecureconnections check to _hostsettings(). After this patch, validatesocket() no longer uses the ui instance for anything except writing messages. This patch also enables us to introduce a per-host config option for disabling certificate verification.
Mon, 30 May 2016 11:19:43 -0700 sslutil: remove "strict" argument from validatesocket()
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 May 2016 11:19:43 -0700] rev 29286
sslutil: remove "strict" argument from validatesocket() It was only used by mail.py as part of processing smtp.verifycert, which was just removed.
Sat, 04 Jun 2016 11:13:28 -0700 mail: unsupport smtp.verifycert (BC)
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 04 Jun 2016 11:13:28 -0700] rev 29285
mail: unsupport smtp.verifycert (BC) smtp.verifycert was accidentally broken by cca59ef27e60. And, I believe the "loose" value has been broken for longer than that. The current code refuses to talk to a remote server unless the CA is trusted or the fingerprint is validated. In other words, we lost the ability for smtp.verifycert to lower/disable security. There are special considerations for smtp.verifycert in sslutil.validatesocket() (the "strict" argument). This violates the direction sslutil is evolving towards, which has all security options determined at wrapsocket() time and a unified code path and configs for determining security options. Since smtp.verifycert is broken and since we'll soon have new security defaults and new mechanisms for controlling host security, this patch formally deprecates smtp.verifycert. With this patch, the socket security code in mail.py now effectively mirrors code in url.py and other places we're doing socket security. For the record, removing smtp.verifycert because it was accidentally broken is a poor excuse to remove it. However, I would have done this anyway because smtp.verifycert is a one-off likely used by few people (users of the patchbomb extension) and I don't think the existence of this seldom-used one-off in security code can be justified, especially when you consider that better mechanisms are right around the corner.
Tue, 05 Apr 2016 07:30:01 +0200 update: fix bare --clean to work on new branch (issue5003) (BC)
liscju <piotr.listkiewicz@gmail.com> [Tue, 05 Apr 2016 07:30:01 +0200] rev 29284
update: fix bare --clean to work on new branch (issue5003) (BC) Before this commit bare update --clean on newly created branch updates to the parent commit, even if there are later commits on the parent commit's branch. Update to the latest head on the parent commit's branch instead. This seems reasonable as clean should discard uncommited changes, branch is one of them.
Fri, 03 Jun 2016 15:55:07 +0200 revert: use "discard"/"revert" verb when reverting interactively (issue5143)
Denis Laxalde <denis.laxalde@logilab.fr> [Fri, 03 Jun 2016 15:55:07 +0200] rev 29283
revert: use "discard"/"revert" verb when reverting interactively (issue5143) Instead of "record this change to 'FILE'?" now prompt with: * "discard this change to 'FILE'?" when reverting to the parent of working directory, and, * "revert this change to 'FILE'?" otherwise.
Tue, 05 Apr 2016 01:35:58 +0000 run-tests: add support for RTUNICODEPEDANTRY environment variable
timeless <timeless@mozdev.org> [Tue, 05 Apr 2016 01:35:58 +0000] rev 29282
run-tests: add support for RTUNICODEPEDANTRY environment variable based on 73e4a02e6d23
Fri, 27 May 2016 05:24:45 +0000 obsolete: fix grammar
timeless <timeless@mozdev.org> [Fri, 27 May 2016 05:24:45 +0000] rev 29281
obsolete: fix grammar
Sun, 03 Apr 2016 20:49:30 +0000 tests: add run-test .testtimes basic testing
timeless <timeless@mozdev.org> [Sun, 03 Apr 2016 20:49:30 +0000] rev 29280
tests: add run-test .testtimes basic testing
(0) -10000 -3000 -1000 -300 -100 -10 +10 +100 +300 +1000 +3000 +10000 tip