gecko-dev/security/pkix/lib
David Keeler 47263aefb3 bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj
(adapted from bug 1349762 comment 0)
Google Trust Services (GTS) recently purchased two roots from GlobalSign that
are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC
Root CA - R4".

However, GTS does not have an EV audit, so we are going to turn off EV treatment
for both of those root certificates.

But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended
Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to
be used to migrate their customers off dependence on that root.

This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also
removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless
the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the
chain.

MozReview-Commit-ID: Ej9L9zTwoPN

--HG--
extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad
2017-04-03 17:17:38 -07:00
..
ScopedPtr.h
pkixbuild.cpp bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj 2017-04-03 17:17:38 -07:00
pkixcert.cpp
pkixcheck.cpp bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj 2017-04-03 17:17:38 -07:00
pkixcheck.h Bug 1115718 - Check for empty issuer name in mozilla::pkix; r=keeler 2016-07-28 20:36:18 -05:00
pkixder.cpp
pkixder.h
pkixnames.cpp Bug 1337358 - Converts for(...; ...; ...) loops to use the new range-based loops in C++11 in security/ r=keeler 2017-02-07 13:22:44 +01:00
pkixnss.cpp Bug 1115718 - Check for empty issuer name in mozilla::pkix; r=keeler 2016-07-28 20:36:18 -05:00
pkixocsp.cpp Bug 1337358 - Converts for(...; ...; ...) loops to use the new range-based loops in C++11 in security/ r=keeler 2017-02-07 13:22:44 +01:00
pkixresult.cpp
pkixtime.cpp
pkixutil.h Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka 2016-07-05 08:35:06 +03:00
pkixverify.cpp