gecko-dev/security/pkix/test
David Keeler 47263aefb3 bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj
(adapted from bug 1349762 comment 0)
Google Trust Services (GTS) recently purchased two roots from GlobalSign that
are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC
Root CA - R4".

However, GTS does not have an EV audit, so we are going to turn off EV treatment
for both of those root certificates.

But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended
Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to
be used to migrate their customers off dependence on that root.

This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also
removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless
the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the
chain.

MozReview-Commit-ID: Ej9L9zTwoPN

--HG--
extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad
2017-04-03 17:17:38 -07:00
..
gtest bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj 2017-04-03 17:17:38 -07:00
lib