Due to design constraints, it is difficult for osclientcerts to properly
indicate whether or not each known key supports RSA-PSS. Ideally such a
determination would be made close to when a particular key is going to be used,
but due to the design of PKCS#11 and NSS' tight coupling to it, osclientcerts
would have to make this determination when searching for all known keys, which
has been shown to be prohibitively slow on Windows and results in unexpected
dialogs on macOS.
Thus, previously osclientcerts simply assumed all RSA keys supported RSA-PSS.
This has resulted in handshake failures when a server indicates that it accepts
RSA-PSS signatures.
This patch instead makes RSA-PSS support configurable via a pref
(security.osclientcerts.assume_rsa_pss_support). If the pref is true,
osclientcerts assumes all RSA keys support RSA-PSS. If it is false, it assumes
no RSA keys support RSA-PSS.
Differential Revision: https://phabricator.services.mozilla.com/D175966
Due to design constraints, it is difficult for osclientcerts to properly
indicate whether or not each known key supports RSA-PSS. Ideally such a
determination would be made close to when a particular key is going to be used,
but due to the design of PKCS#11 and NSS' tight coupling to it, osclientcerts
would have to make this determination when searching for all known keys, which
has been shown to be prohibitively slow on Windows and results in unexpected
dialogs on macOS.
Thus, previously osclientcerts simply assumed all RSA keys supported RSA-PSS.
This has resulted in handshake failures when a server indicates that it accepts
RSA-PSS signatures.
This patch instead makes RSA-PSS support configurable via a pref
(security.osclientcerts.assume_rsa_pss_support). If the pref is true,
osclientcerts assumes all RSA keys support RSA-PSS. If it is false, it assumes
no RSA keys support RSA-PSS.
Differential Revision: https://phabricator.services.mozilla.com/D175966
Due to design constraints, it is difficult for osclientcerts to properly
indicate whether or not each known key supports RSA-PSS. Ideally such a
determination would be made close to when a particular key is going to be used,
but due to the design of PKCS#11 and NSS' tight coupling to it, osclientcerts
would have to make this determination when searching for all known keys, which
has been shown to be prohibitively slow on Windows and results in unexpected
dialogs on macOS.
Thus, previously osclientcerts simply assumed all RSA keys supported RSA-PSS.
This has resulted in handshake failures when a server indicates that it accepts
RSA-PSS signatures.
This patch instead makes RSA-PSS support configurable via a pref
(security.osclientcerts.assume_rsa_pss_support). If the pref is true,
osclientcerts assumes all RSA keys support RSA-PSS. If it is false, it assumes
no RSA keys support RSA-PSS.
Differential Revision: https://phabricator.services.mozilla.com/D175966
Certificate verification can take a while, which is why it runs in a separate
thread pool. At shutdown, the thread pool gets joined. To make this fast,
certificate verification tasks should check for shutdown before doing
time-consuming operations and return early if appropriate.
Differential Revision: https://phabricator.services.mozilla.com/D175163
The use of `-Xclang -Wall` somehow makes `-Wno-unknown-pragmas`
ineffective. `-Xclang -Wno-unknown-pragmas` does however work.
But we don't need to set `-Xclang -Wall` from the moz.builds in the first
place, as that's already done properly via warnings.configure (setting
-Wall on non-clang-cl and -W3 on clang-cl, which is the equivalent).
Differential Revision: https://phabricator.services.mozilla.com/D159366
Defines the OCSP_AGE_AT_CRLITE_OVERRIDE histogram which records the age of an
OCSP response, in hours, when CRLite says a certificate is revoked and OCSP
says it's OK.
Differential Revision: https://phabricator.services.mozilla.com/D158991
Adds the CERT_REVOCATION_MECHANISMS histogram with bins "CRLite", "Stapled OCSP", "Cached OCSP", "OCSP", "OneCRL", and "Short Validity" to gauge how often we use each certificate revocation checking mechanisms. The Short Validity bin counts cases where a revocation check was not performed because the certificate had a short validity period. The other bin names are self-explanatory. We may use more than one mechanism per certificate, so we may accumulate to more than one bin per certificate.
Differential Revision: https://phabricator.services.mozilla.com/D158975
Before this patch, the certificate verifier would only attempt to build a
trusted path to a root with the first recognized EV OID in the end-entity
certificate. Thus, if an end-entity certificate had more than one EV OID, it
could fail to verify as EV if an intermediate or root had the "wrong" EV OID.
This patch addresses this shortcoming by trying to build a path with each
recognized EV OID in the end-entity certificate until it finds one that works.
Differential Revision: https://phabricator.services.mozilla.com/D149319
This changes the behavior of CRLite when configured in `ConfirmRevocations`
mode (the default mode on nightly and early beta). Under the new definition,
ConfirmRevocations mode fails closed when OCSP fails open. In particular, a
certificate will be marked as "Revoked" in the following scenarios:
- CRLite returns "Revoked" and the certificate does not list an OCSP URL,
- CRLite returns "Revoked" and the OCSP responder is unreachable,
- CRLite returns "Revoked" and the OCSP responder returns an error.
Differential Revision: https://phabricator.services.mozilla.com/D148686
Before this patch, the content signature verifier
(nsIContentSignatureVerifier/ContentSignatureVerifier) would identify the root
it trusted based on the value of a preference. This patch changes the
implementation to require a specified hard-coded root to trust as with add-on
signature verification.
Depends on D146644
Differential Revision: https://phabricator.services.mozilla.com/D146645
Bug 1766687 will remove support for sha-1 signatures in certificates entirely.
This patch will disable sha-1 via the preference and ride the trains first, to
allow time for any organizations that somehow still use certificates with sha-1
signatures to re-sign them.
Differential Revision: https://phabricator.services.mozilla.com/D145359
The Baseline Requirements no longer require an OCSP URI for EV certificate
intermediates. Since OneCRL covers intermediates anyways, OCSP checking for
intermediates can be skipped entirely.
Differential Revision: https://phabricator.services.mozilla.com/D142369
Dana Keeler
Sandor Molnar
Cosmin Sabou
serge-sans-paille
John M. Schanck
Mike Hommey
Dennis Jackson
Butkovits Atila
Fabrice Desré
Andreea Pavel
serge-sans-paille
Noemi Erli
Masatoshi Kimura
Randell Jesup
Jens Stutte