mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/security/certverifier
История
Dana Keeler aa7979464f Bug 1769150 - try all known EV policy OIDs found in a certificate when verifying for EV r=jschanck 
Before this patch, the certificate verifier would only attempt to build a
trusted path to a root with the first recognized EV OID in the end-entity
certificate. Thus, if an end-entity certificate had more than one EV OID, it
could fail to verify as EV if an intermediate or root had the "wrong" EV OID.
This patch addresses this shortcoming by trying to build a path with each
recognized EV OID in the end-entity certificate until it finds one that works.

Differential Revision: https://phabricator.services.mozilla.com/D149319
 		2022-06-15 18:20:13 +00:00
..
tests/gtest Bug 1713602 - Use NSS only on the socket thread in NSSCertDBTrustDomain::IsChainValid r=keeler 2021-08-14 02:11:30 +00:00
CRLiteTimestamp.h Bug 1747320 - Only query CRLite on covered certificates. r=keeler 2022-01-20 18:09:24 +00:00
CertVerifier.cpp Bug 1769150 - try all known EV policy OIDs found in a certificate when verifying for EV r=jschanck 2022-06-15 18:20:13 +00:00
CertVerifier.h Bug 1766687 - remove support for SHA1 signatures in all certificates (including imported roots) r=jschanck 2022-06-01 17:01:56 +00:00
ExtendedValidation.cpp Bug 1769150 - try all known EV policy OIDs found in a certificate when verifying for EV r=jschanck 2022-06-15 18:20:13 +00:00
ExtendedValidation.h Bug 1769150 - try all known EV policy OIDs found in a certificate when verifying for EV r=jschanck 2022-06-15 18:20:13 +00:00
NSSCertDBTrustDomain.cpp Bug 1773371 - Enforce CRLite revoked status when OCSP confirmation fails. r=keeler 2022-06-10 16:31:39 +00:00
NSSCertDBTrustDomain.h Bug 1773371 - Enforce CRLite revoked status when OCSP confirmation fails. r=keeler 2022-06-10 16:31:39 +00:00
OCSPCache.cpp Bug 1207753 - security/certverifier thread-safety annotations r=keeler 2022-03-21 20:06:01 +00:00
OCSPCache.h Bug 1207753 - security/certverifier thread-safety annotations r=keeler 2022-03-21 20:06:01 +00:00
TrustOverride-AppleGoogleDigiCertData.inc
TrustOverride-SymantecData.inc Bug 1686856 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from TrustOverride-SymantecData.inc. r=keeler 2021-03-08 07:43:55 +00:00
TrustOverrideUtils.h Bug 1713602 - Use NSS only on the socket thread in NSSCertDBTrustDomain::IsChainValid r=keeler 2021-08-14 02:11:30 +00:00
moz.build Bug 1766687 - remove support for SHA1 signatures in all certificates (including imported roots) r=jschanck 2022-06-01 17:01:56 +00:00