gecko-dev/build/pgo/certs
Kevin Jacobs b93f23a66b Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections. r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D29576

--HG--
extra : moz-landing-system : lando
2019-05-15 23:34:52 +00:00
..
README Bug 1456089 - Make a tutorial out of the genpgocerts.py README. r=jcj 2019-02-25 21:06:41 +00:00
alternateroot.ca
alternateroot.ca.keyspec
alternateroot.certspec
bug413909cert.certspec
cert9.db Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections. r=keeler 2019-05-15 23:34:52 +00:00
dynamicPinningBad.certspec
dynamicPinningBad.server.keyspec
dynamicPinningGood.certspec
escapeattack1.certspec
evintermediate.ca
evintermediate.ca.keyspec
evintermediate.certspec
expired.certspec
imminently_distrusted.certspec
key4.db Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections. r=keeler 2019-05-15 23:34:52 +00:00
mochitest.certspec
mochitest.client Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections. r=keeler 2019-05-15 23:34:52 +00:00
mochitest.client.keyspec
noSubjectAltName.certspec Bug 1483626 - Checks if subjectAltNames has elements that are not empty string, and if it has them, they will be remove, preventing incomplete r=johannh 2019-03-14 15:45:55 +00:00
pgoca.ca
pgoca.ca.keyspec
pgoca.certspec
selfsigned.certspec
sha1_end_entity.certspec
sha256_end_entity.certspec
staticPinningBad.certspec
staticPinningBad.server.keyspec
unknown_ca.certspec
untrusted.certspec
untrustedandexpired.certspec

README

This directory contains CA and server certificates for testing.

You can find instructions on how to add or modify certificates at:

https://firefox-source-docs.mozilla.org/build/buildsystem/test_certificates.html

Specific notes for certs:

  dynamicPinningGood: Changing this keyspec will require changing
  browser/base/content/test/general/pinning_headers.sjs . You can obtain a new
  valid pin via:

  certutil -L -d . -n dynamicPinningGood -r | openssl x509 -inform der -pubkey \
  -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary \
  | openssl enc -base64