зеркало из https://github.com/mozilla/gecko-dev.git
bae8112f6b
Bug 1364159 introduced an optimization that attempted to avoid reading from the user's cached certificate database as much as possible when building a verified certificate chain. Unfortunately this had the side-effect of not preferring root certificates in path building, which can result in unnecessarily long chains (which rather defeats the purpose, since it means more signature verifications). This patch reverts the functionality changes from that bug but keeps the test that was added (the test didn't directly test the functionality changes - it's more of a check that path building will query the cached certificate db when necessary). MozReview-Commit-ID: I56THTLUytH --HG-- extra : rebase_source : 7db9597e25b98942450840519d707046cc660781 |
||
|---|---|---|
| .. | ||
| tests/gtest | ||
| BRNameMatchingPolicy.cpp | ||
| BRNameMatchingPolicy.h | ||
| BTInclusionProof.h | ||
| BTVerifier.cpp | ||
| BTVerifier.h | ||
| Buffer.cpp | ||
| Buffer.h | ||
| CTDiversityPolicy.cpp | ||
| CTDiversityPolicy.h | ||
| CTKnownLogs.h | ||
| CTLog.h | ||
| CTLogVerifier.cpp | ||
| CTLogVerifier.h | ||
| CTObjectsExtractor.cpp | ||
| CTObjectsExtractor.h | ||
| CTPolicyEnforcer.cpp | ||
| CTPolicyEnforcer.h | ||
| CTSerialization.cpp | ||
| CTSerialization.h | ||
| CTUtils.h | ||
| CTVerifyResult.cpp | ||
| CTVerifyResult.h | ||
| CertVerifier.cpp | ||
| CertVerifier.h | ||
| ExtendedValidation.cpp | ||
| ExtendedValidation.h | ||
| MultiLogCTVerifier.cpp | ||
| MultiLogCTVerifier.h | ||
| NSSCertDBTrustDomain.cpp | ||
| NSSCertDBTrustDomain.h | ||
| OCSPCache.cpp | ||
| OCSPCache.h | ||
| OCSPRequestor.cpp | ||
| OCSPRequestor.h | ||
| OCSPVerificationTrustDomain.cpp | ||
| OCSPVerificationTrustDomain.h | ||
| SignedCertificateTimestamp.cpp | ||
| SignedCertificateTimestamp.h | ||
| SignedTreeHead.h | ||
| StartComAndWoSignData.inc | ||
| moz.build | ||