mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1706999 - Remove CheckForStartComOrWoSign r=keeler 

Differential Revision: https://phabricator.services.mozilla.com/D113135
This commit is contained in:
R. Martinho Fernandes 2021-05-20 23:13:18 +00:00
Родитель 74fac80bac
Коммит 9bd879aa56
18 изменённых файлов: 0 добавлений и 364 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

49
security/certverifier/NSSCertDBTrustDomain.cpp
Просмотреть файл

@ -48,7 +48,6 @@
#include "TrustOverrideUtils.h"
#include "TrustOverride-AppleGoogleDigiCertData.inc"
#include "TrustOverride-StartComAndWoSignData.inc"
#include "TrustOverride-SymantecData.inc"
using namespace mozilla;
@ -1106,49 +1105,6 @@ Result NSSCertDBTrustDomain::VerifyAndMaybeCacheEncodedOCSPResponse(
return rv;
}
// If a certificate in the given chain appears to have been issued by one of
// seven roots operated by StartCom and WoSign that are not trusted to issue new
// certificates, verify that the end-entity has a notBefore date before 21
// October 2016. If the value of notBefore is after this time, the chain is not
// valid.
// (NB: While there are seven distinct roots being checked for, two of them
// share distinguished names, resulting in six distinct distinguished names to
// actually look for.)
static Result CheckForStartComOrWoSign(const UniqueCERTCertList& certChain) {
if (CERT_LIST_EMPTY(certChain)) {
return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
const CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certChain);
if (!endEntityNode || !endEntityNode->cert) {
return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
PRTime notBefore;
PRTime notAfter;
if (CERT_GetCertTimes(endEntityNode->cert, &notBefore, &notAfter) !=
SECSuccess) {
return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
// PRTime is microseconds since the epoch, whereas JS time is milliseconds.
// (new Date("2016-10-21T00:00:00Z")).getTime() * 1000
static const PRTime OCTOBER_21_2016 = 1477008000000000;
if (notBefore <= OCTOBER_21_2016) {
return Success;
}
for (const CERTCertListNode* node = CERT_LIST_HEAD(certChain);
!CERT_LIST_END(node, certChain); node = CERT_LIST_NEXT(node)) {
if (!node || !node->cert) {
return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
nsTArray<uint8_t> certDER(node->cert->derCert.data,
node->cert->derCert.len);
if (CertDNIsInList(certDER, StartComAndWoSignDNs)) {
return Result::ERROR_REVOKED_CERTIFICATE;
}
}
return Success;
}
SECStatus GetCertDistrustAfterValue(const SECItem* distrustItem,
PRTime& distrustTime) {
if (!distrustItem || !distrustItem->data || distrustItem->len != 13) {
@ -1233,11 +1189,6 @@ Result NSSCertDBTrustDomain::IsChainValid(const DERArray& certArray, Time time,
return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
Result rv = CheckForStartComOrWoSign(certList);
if (rv != Success) {
return rv;
}
// Modernization in-progress: Keep certList as a CERTCertList for storage into
// the mBuiltChain variable at the end.
nsTArray<RefPtr<nsIX509Cert>> nssCertList;

84
security/certverifier/TrustOverride-StartComAndWoSignData.inc
Просмотреть файл

@ -1,84 +0,0 @@
// /C=CN/O=WoSign CA Limited/CN=CA \xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6
// Using a consistent naming convention, this would actually be called
// 'CA沃通根证书DN', but since GCC 6.2.1 apparently can't handle UTF-8
// identifiers, this will have to do.
static const uint8_t CAWoSignRootDN[72] = {
0x30, 0x46, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x43, 0x4E, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11,
0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x43, 0x41, 0x20, 0x4C, 0x69, 0x6D,
0x69, 0x74, 0x65, 0x64, 0x31, 0x1B, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03,
0x0C, 0x12, 0x43, 0x41, 0x20, 0xE6, 0xB2, 0x83, 0xE9, 0x80, 0x9A, 0xE6, 0xA0,
0xB9, 0xE8, 0xAF, 0x81, 0xE4, 0xB9, 0xA6,
};
// /C=CN/O=WoSign CA Limited/CN=CA WoSign ECC Root
static const uint8_t CAWoSignECCRootDN[72] = {
0x30, 0x46, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x43, 0x4E, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11,
0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x43, 0x41, 0x20, 0x4C, 0x69, 0x6D,
0x69, 0x74, 0x65, 0x64, 0x31, 0x1B, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03,
0x13, 0x12, 0x43, 0x41, 0x20, 0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x45,
0x43, 0x43, 0x20, 0x52, 0x6F, 0x6F, 0x74,
};
// /C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
static const uint8_t CertificationAuthorityofWoSignDN[87] = {
0x30, 0x55, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x43, 0x4E, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11,
0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x43, 0x41, 0x20, 0x4C, 0x69, 0x6D,
0x69, 0x74, 0x65, 0x64, 0x31, 0x2A, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03,
0x13, 0x21, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69,
0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20,
0x6F, 0x66, 0x20, 0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E,
};
// /C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign G2
static const uint8_t CertificationAuthorityofWoSignG2DN[90] = {
0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x43, 0x4E, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11,
0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x43, 0x41, 0x20, 0x4C, 0x69, 0x6D,
0x69, 0x74, 0x65, 0x64, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, 0x03,
0x13, 0x24, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69,
0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20,
0x6F, 0x66, 0x20, 0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x47, 0x32,
};
// /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
static const uint8_t StartComCertificationAuthorityDN[127] = {
0x30, 0x7D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x49, 0x4C, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0D,
0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6F, 0x6D, 0x20, 0x4C, 0x74, 0x64, 0x2E,
0x31, 0x2B, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x22, 0x53, 0x65,
0x63, 0x75, 0x72, 0x65, 0x20, 0x44, 0x69, 0x67, 0x69, 0x74, 0x61, 0x6C, 0x20,
0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x53,
0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55,
0x04, 0x03, 0x13, 0x20, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6F, 0x6D, 0x20,
0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E,
0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79,
};
// /C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
static const uint8_t StartComCertificationAuthorityG2DN[85] = {
0x30, 0x53, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x49, 0x4C, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0D,
0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6F, 0x6D, 0x20, 0x4C, 0x74, 0x64, 0x2E,
0x31, 0x2C, 0x30, 0x2A, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x23, 0x53, 0x74,
0x61, 0x72, 0x74, 0x43, 0x6F, 0x6D, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F,
0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
};
static const DataAndLength StartComAndWoSignDNs[]= {
{ CAWoSignRootDN,
sizeof(CAWoSignRootDN) },
{ CAWoSignECCRootDN,
sizeof(CAWoSignECCRootDN) },
{ CertificationAuthorityofWoSignDN,
sizeof(CertificationAuthorityofWoSignDN) },
{ CertificationAuthorityofWoSignG2DN,
sizeof(CertificationAuthorityofWoSignG2DN) },
{ StartComCertificationAuthorityDN,
sizeof(StartComCertificationAuthorityDN) },
{ StartComCertificationAuthorityG2DN,
sizeof(StartComCertificationAuthorityG2DN) },
};

67
security/manager/ssl/tests/unit/test_startcom_wosign.js
Просмотреть файл

@ -1,67 +0,0 @@
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// Any copyright is dedicated to the Public Domain.
// http://creativecommons.org/publicdomain/zero/1.0/
"use strict";
// Tests handling of certificates issued by StartCom and WoSign. If such
// certificates have a notBefore before 21 October 2016, they are handled
// normally. Otherwise, they are treated as revoked.
do_get_profile(); // must be called before getting nsIX509CertDB
const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
Ci.nsIX509CertDB
);
function loadCertWithTrust(certName, trustString) {
addCertFromFile(
certdb,
"test_startcom_wosign/" + certName + ".pem",
trustString
);
}
function certFromFile(certName) {
return constructCertFromFile("test_startcom_wosign/" + certName + ".pem");
}
function checkEndEntity(cert, expectedResult) {
// (new Date("2016-11-01")).getTime() / 1000
const VALIDATION_TIME = 1477958400;
return checkCertErrorGenericAtTime(
certdb,
cert,
expectedResult,
certificateUsageSSLServer,
VALIDATION_TIME
);
}
add_task(async function() {
loadCertWithTrust("ca", "CTu,,");
// This is not a real StartCom CA - it merely has the same distinguished name
// as one (namely "/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority
// G2", encoded with PrintableStrings). By checking for specific DNs, we can
// enforce the date-based policy in a way that is testable.
loadCertWithTrust("StartComCA", ",,");
await checkEndEntity(
certFromFile("StartCom-before-cutoff"),
PRErrorCodeSuccess
);
await checkEndEntity(
certFromFile("StartCom-after-cutoff"),
SEC_ERROR_REVOKED_CERTIFICATE
);
// Similarly, this is not a real WoSign CA. It has the same distinguished name
// as "/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign",
// encoded with PrintableStrings).
loadCertWithTrust("WoSignCA", ",,");
await checkEndEntity(
certFromFile("WoSign-before-cutoff"),
PRErrorCodeSuccess
);
await checkEndEntity(
certFromFile("WoSign-after-cutoff"),
SEC_ERROR_REVOKED_CERTIFICATE
);
});

19
security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem
Просмотреть файл

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDHzCCAgegAwIBAgIUMzsA8O2TjNkD5ARjfvom8NIOGV0wDQYJKoZIhvcNAQEL
BQAwUzELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xLDAqBgNV
BAMTI1N0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEcyMCIYDzIwMTYx
MDIyMDAwMDAwWhgPMjAxNzEwMjIwMDAwMDBaMCAxHjAcBgNVBAMMFVN0YXJ0Q29t
LWFmdGVyLWN1dG9mZjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
+nJRxDHVA6zaGAo17Y0CAwEAAaMaMBgwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20w
DQYJKoZIhvcNAQELBQADggEBAF45Nn67efx82OhjZ865DeQdHjTL4IhIo3dcZwf2
1fLgV1+ZXDFUewnE0Sw7pR57uUKGmaISjoF2lXvNm0U/5Nq6dUbhN9KtnRifaM3x
NavEvpTZAwERnnphDJFlgSJAFSPWLGZDULl7JaZyLyQe0AoQXAFTyghkXrk/QA5m
1LfDYqLiwL1G4NHLGu7QRvLUZ/pxkLS3PaKfZVILCnKiOvI7bmPq+2U7H6ZgTPPP
24Sy/E9AKV5I6IEojGuM6qP+QYgLANOaGygWrIVJ+QpS36V8uRRbetzTcJUHDesw
iMJaepPkWnFNhz2CSS3HyoG9wu/RqfRwiLWqjsOs0dEZTRw=
-----END CERTIFICATE-----

4
security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec
Просмотреть файл

@ -1,4 +0,0 @@
issuer:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
subject:StartCom-after-cutoff
validity:20161022-20171022
extension:subjectAlternativeName:example.com

19
security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem
Просмотреть файл

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDIDCCAgigAwIBAgIUF7D74A6qEV/s6DRPxUqAk7N+bX8wDQYJKoZIhvcNAQEL
BQAwUzELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xLDAqBgNV
BAMTI1N0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEcyMCIYDzIwMTUx
MDIyMDAwMDAwWhgPMjAxNzEwMjIwMDAwMDBaMCExHzAdBgNVBAMMFlN0YXJ0Q29t
LWJlZm9yZS1jdXRvZmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
I/pyUcQx1QOs2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t
MA0GCSqGSIb3DQEBCwUAA4IBAQB2r07MUxWXUj7gAlQJUKNhNJ9Fqlt13751C4Lo
KL9TeUeROqDviPtpwoigG0NV+IMWdXJorRmbkcFmgBOFOZmhyspi2BJ4rCCWC1FI
WFe9SlFsuka7a7sAov9B3ClLJE+JX48H84kZ1yMq1jQmv0tAko9di3d7oMhHpLMp
tBzOQUnuq/kBeS5VlHxyZoRxj7U0MSIORhIOkih/pRzmeLDnn7xBj9FZ6ipoukRL
n3l3wTmj9/aar7DhhgA8QvD6ZtNHXP8ZnheVqW07OZVjWcrzg7nID3+j4LWOZNq/
hdm1nZG5DltMk7JqIGuA4PmdStXQNftEVbeWMzdQ+8cb/wmC
-----END CERTIFICATE-----

4
security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec
Просмотреть файл

@ -1,4 +0,0 @@
issuer:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
subject:StartCom-before-cutoff
validity:20151022-20171022
extension:subjectAlternativeName:example.com

19
security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem
Просмотреть файл

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDDzCCAfegAwIBAgIUY5ffXJsiXdmKh2ybX2nxSg57mRwwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxMDAxMDEwMDAwMDBaGA8yMDUwMDEwMTAw
MDAwMFowUzELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xLDAq
BgNVBAMTI1N0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
ox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AQEAe6mpnTBxkfYlTrzuvtKQ73A5KCEBfmtRGZaMRPh8rSxdnd8Zf2zTl3eUHYX1
y+pqY1U9YJOkR1TKfbtvQll7bnD5RJ+FJD6eA9QEwSpII7v66teRS7wBPxQrvsrq
SWVZuHyKMpBG3148/nmrPvaIB5kAO5fdedIET88PL3K8LM1XzoVZc272V577pmeD
4N116ghEIz7rhrR6yoGVN0s2TXT7H5AlOscZuVRkirickVUbjSWZma+mYJWdd8hi
Cjufl43OY4EY31w9qO8BKxx8ZugmoSmp93VyMvqWZAV1AoxgxMpOsC9e7ZB83yrU
luXN7wik7bf+xNz78Be6XhBOBA==
-----END CERTIFICATE-----

5
security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec
Просмотреть файл

@ -1,5 +0,0 @@
issuer:ca
subject:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
validity:20100101-20500101
extension:keyUsage:keyCertSign,cRLSign
extension:basicConstraints:cA,

19
security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem
Просмотреть файл

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDHzCCAgegAwIBAgIUC57N1fgWjCRoz95Wt5tIBI4U+AMwDQYJKoZIhvcNAQEL
BQAwVTELMAkGA1UEBhMCQ04xGjAYBgNVBAoTEVdvU2lnbiBDQSBMaW1pdGVkMSow
KAYDVQQDEyFDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBvZiBXb1NpZ24wIhgPMjAx
NjEwMjIwMDAwMDBaGA8yMDE3MTAyMjAwMDAwMFowHjEcMBoGA1UEAwwTV29TaWdu
LWFmdGVyLWN1dG9mZjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
+nJRxDHVA6zaGAo17Y0CAwEAAaMaMBgwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20w
DQYJKoZIhvcNAQELBQADggEBAK+d8oCtnO+HwtV1nEqKAd1/3ATIGmbDJn5kQWKY
m5cVi4NO6UivqhQO7Z8if+sO5DuX/VoodC+LESuv8NQdn8pDH1Ou7WUtm9xyG5Ly
j+D+WgpjmxKfBfD2L0Pd4b8ZrCg8Az3wmz6Jz7MwEU8FqmScQkxJN4JH7S2QlmLa
asrPwrFKy9uOD3jSW6d5H3gv+nV7thIiMASor3up5KV//UdVqWTISOpBZdJKE8wp
QtlPfvIgP5DbrfhtOzDYLuPnO3WzT7oC4Pau0eMXlT5EKC41p+fXGqtU402H0xMB
5ftgAboQ42FDDkp+y13a7wfm1KqcaahWR9CQKrO1ag7Mspk=
-----END CERTIFICATE-----

4
security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec
Просмотреть файл

@ -1,4 +0,0 @@
issuer:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
subject:WoSign-after-cutoff
validity:20161022-20171022
extension:subjectAlternativeName:example.com

19
security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem
Просмотреть файл

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDIDCCAgigAwIBAgIUI4ScwRAmd+wFemr14yqwfKljyEswDQYJKoZIhvcNAQEL
BQAwVTELMAkGA1UEBhMCQ04xGjAYBgNVBAoTEVdvU2lnbiBDQSBMaW1pdGVkMSow
KAYDVQQDEyFDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBvZiBXb1NpZ24wIhgPMjAx
NTEwMjIwMDAwMDBaGA8yMDE3MTAyMjAwMDAwMFowHzEdMBsGA1UEAwwUV29TaWdu
LWJlZm9yZS1jdXRvZmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
I/pyUcQx1QOs2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t
MA0GCSqGSIb3DQEBCwUAA4IBAQAtq4bkF5Dh+Gouc8D+v4c5Siol9ucFZziegFTe
CwCel//tShZwFSObespSLFVjrPPrEhdv+9Wl7/faHaFEIYjX/xBJ+ZsdKal56E/+
hnuXzCWhojpnMcMzWRVPBzKo0KD3g673pdC6m86r78eXDwG+8zYak+IQ4CJAaUOd
hT23GDajLjBbUNdT1pBjIKxYa2iNJOyQ8SVil18r2c1/AtoejS0xZda2MO+FDnf5
01413PgAU1Lf1C6tEQNnncLtMQhT+LKlDIMo9PolJcvMto57f/awQhyiYMLvIAE+
O8NIYXn0cyn+dbpaL59hmx1AJJwtyn3RsskVKQjle7ky3gt7
-----END CERTIFICATE-----

4
security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec
Просмотреть файл

@ -1,4 +0,0 @@
issuer:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
subject:WoSign-before-cutoff
validity:20151022-20171022
extension:subjectAlternativeName:example.com

19
security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem
Просмотреть файл

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDETCCAfmgAwIBAgIUYx3n8sfSMjvHAMPX4R896bPDFB4wDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxMDAxMDEwMDAwMDBaGA8yMDUwMDEwMTAw
MDAwMFowVTELMAkGA1UEBhMCQ04xGjAYBgNVBAoTEVdvU2lnbiBDQSBMaW1pdGVk
MSowKAYDVQQDEyFDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBvZiBXb1NpZ24wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
AAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
A4IBAQABpMKSJzIqD+0DHDAzcBl99nTDTYalGAbYvKvnxKOiD0WVw8K/Lp+Ofoh2
ZicDP35liyEPiyZMfR5IIyfPwPkgvRTIrZtX87SFxHcrsvZHVj+ilijOSWBx9Tgy
z1PhkAdTg49ljzsKa77+nEKDkRXSWIbmt3MUymvCSMq1HXUFOwpPSqB98ssvjMhs
acKcMnpSe5m39Z9OIAczhsR64otg+flV4XH2ocdE0ywBzMnw4HVY49TXEkojs1bY
aXgkTEaFrFKj45UeGw2yBbftZB18bhPemOtkxiMR7ChOtilMKHGI/qH5rvQJXuwV
HkC3s3YcMbHtx0w3aYSC8caspSxt
-----END CERTIFICATE-----

5
security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec
Просмотреть файл

@ -1,5 +0,0 @@
issuer:ca
subject:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
validity:20100101-20500101
extension:keyUsage:keyCertSign,cRLSign
extension:basicConstraints:cA,

17
security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem
Просмотреть файл

@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICyTCCAbGgAwIBAgIUGUKJPXqFyHlaMLy7vfWOkCn+6RswDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxMDAxMDEwMDAwMDBaGA8yMDUwMDEwMTAw
MDAwMFowDTELMAkGA1UEAwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCV2ftsqVDw6pxfW7ToIowvicAL
H1Gwj5AL1aVpPOBFHXJGkKbYkAVl62t2R8OTJzrqjNo9D4sgRKKtqJXwmqlAEyuk
dsA18pA/0/jIEU12/Oq68ra6HB+efTfxQrm4/uU2Yr2UNcCcAo8nKtzxsPsPAiMm
hqKCRkCtYZjGRk18S2y85XihanfTkAqBGlI4GC7q4Otnq7j7y9FwtiQ7iWP+IYQv
OlS+FwCoctrNLGOQE9Jzc4GRD2zlwsbWfHDQUvB1p3tjKwtT35EtWf6F5NpKLWTm
m3SmHIG6pvIePX0zhlac1tR/uvCSpyFAiQ7nG4XDpNyPle1WEFreiS8+ITeM
-----END CERTIFICATE-----

5
security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec
Просмотреть файл

@ -1,5 +0,0 @@
issuer:ca
subject:ca
validity:20100101-20500101
extension:keyUsage:keyCertSign,cRLSign
extension:basicConstraints:cA,

2
security/manager/ssl/tests/unit/xpcshell.ini
Просмотреть файл

@ -41,7 +41,6 @@ support-files =
test_sdr_preexisting_with_password/**
test_self_signed_certs/**
test_signed_apps/**
test_startcom_wosign/**
test_validity/**
tlsserver/**
@ -222,7 +221,6 @@ firefox-appdir = browser
# Sanitization works differently on Android - this doesn't apply.
# browser/modules/Sanitizer.jsm used by the test isn't available in Thunderbird.
skip-if = toolkit == 'android' || appname == 'thunderbird'
[test_startcom_wosign.js]
[test_sts_fqdn.js]
[test_sts_ipv4_ipv6.js]
[test_sts_parser.js]