gecko-dev/security/apps
David Keeler 47263aefb3 bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj
(adapted from bug 1349762 comment 0)
Google Trust Services (GTS) recently purchased two roots from GlobalSign that
are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC
Root CA - R4".

However, GTS does not have an EV audit, so we are going to turn off EV treatment
for both of those root certificates.

But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended
Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to
be used to migrate their customers off dependence on that root.

This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also
removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless
the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the
chain.

MozReview-Commit-ID: Ej9L9zTwoPN

--HG--
extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad
2017-04-03 17:17:38 -07:00
..
AppSignatureVerification.cpp Bug 1338897 - Avoid using NSS Base64 functions in PSM. r=keeler 2017-03-17 23:31:40 +08:00
AppTrustDomain.cpp bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj 2017-04-03 17:17:38 -07:00
AppTrustDomain.h bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj 2017-04-03 17:17:38 -07:00
addons-public.crt
addons-stage.crt
gen_cert_header.py Bug 1332636 - Remove PSM support for Firefox Marketplace apps and Trusted Hosted Apps. r=keeler 2017-02-06 23:43:38 +08:00
moz.build Bug 1346315 - Enable gcc/clang -Wextra for security/apps/, security/manager/pki/ and security/manager/ssl/. r=keeler 2017-04-04 16:56:26 +08:00
privileged-package-root.der