This modifies crtshToDNStruct.py to be able to produce SPKI or DN-based lists,
and adds a SPKI-search method to TrustOverrideUtils.h.
This also regenerates the TrustOverride files to use the new script.
MozReview-Commit-ID: BhMoJbYXs7Y
--HG--
rename : security/manager/tools/crtshToDNStruct/crtshToDNStruct.py => security/manager/tools/crtshToIdentifyingStruct/crtshToIdentifyingStruct.py
rename : security/manager/tools/crtshToDNStruct/requirements.txt => security/manager/tools/crtshToIdentifyingStruct/requirements.txt
extra : rebase_source : 9ae4999ceea2d4092119fe81b787c4d66a5e17b1
This modifies crtshToDNStruct.py to be able to produce SPKI or DN-based lists,
and adds a SPKI-search method to TrustOverrideUtils.h.
This also regenerates the TrustOverride files to use the new script.
MozReview-Commit-ID: BhMoJbYXs7Y
--HG--
rename : security/manager/tools/crtshToDNStruct/crtshToDNStruct.py => security/manager/tools/crtshToIdentifyingStruct/crtshToIdentifyingStruct.py
rename : security/manager/tools/crtshToDNStruct/requirements.txt => security/manager/tools/crtshToIdentifyingStruct/requirements.txt
extra : rebase_source : 335d7fc05fa35fbb54ee7ee518b9f4e0c7a00159
This is the list of affected Symantec roots and the Apple and Google carved out
sub-CAs being whitelisted. These lists are created using the crtshToDNStruct
tool.
These sub-CAs are to be explicitly whitelisted in the distrust logic being
applied to Symantec root CAs.
Sources:
https://groups.google.com/d/msg/mozilla.dev.security.policy/FLHRT79e3XE/riCrpXsfAgAJhttps://groups.google.com/d/msg/mozilla.dev.security.policy/FLHRT79e3XE/90qkf8jsAQAJ
MozReview-Commit-ID: 3atUGcjG6GD
* * *
[mq]: crtsh_linting
MozReview-Commit-ID: 5gGq5DZXEIi
* * *
[mq]: fix_crtsh_script
MozReview-Commit-ID: JRgkD6OODnO
* * *
[mq]: fix_crtsh_also
MozReview-Commit-ID: Gza1HnYic2I
--HG--
extra : rebase_source : 8ca642964d3ce0308b8081fc52713d9f0104024d
J.C. Jones
Sebastian Hengst