From dde03743df0aa6b785653582951549d386fdd72f Mon Sep 17 00:00:00 2001 From: "kaie@kuix.de" Date: Thu, 28 Feb 2008 10:00:57 -0800 Subject: [PATCH] Bug 418958, Enable Go Daddy root CA certificates for EV use r=rrelyea, a1.9b4=beltzner --- .../manager/ssl/src/nsIdentityChecking.cpp | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/manager/ssl/src/nsIdentityChecking.cpp b/security/manager/ssl/src/nsIdentityChecking.cpp index 9dd54c211586..7d018d9c3911 100644 --- a/security/manager/ssl/src/nsIdentityChecking.cpp +++ b/security/manager/ssl/src/nsIdentityChecking.cpp @@ -79,6 +79,38 @@ struct nsMyTrustedEVInfo }; static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { + { + "2.16.840.1.114413.1.7.23.3", + "Go Daddy EV OID a", + SEC_OID_UNKNOWN, + "OU=Go Daddy Class 2 Certification Authority,O=\"The Go Daddy Group, Inc.\",C=US", + "OU=Go Daddy Class 2 Certification Authority,O=\"The Go Daddy Group, Inc.\",C=US", + "27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4", + }, + { + "2.16.840.1.114413.1.7.23.3", + "Go Daddy EV OID a", + SEC_OID_UNKNOWN, + "E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O=\"ValiCert, Inc.\",L=ValiCert Validation Network", + "E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O=\"ValiCert, Inc.\",L=ValiCert Validation Network", + "31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6", + }, + { + "2.16.840.1.114414.1.7.23.3", + "Go Daddy EV OID b", + SEC_OID_UNKNOWN, + "E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O=\"ValiCert, Inc.\",L=ValiCert Validation Network", + "E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O=\"ValiCert, Inc.\",L=ValiCert Validation Network", + "31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6", + }, + { + "2.16.840.1.114414.1.7.23.3", + "Go Daddy EV OID b", + SEC_OID_UNKNOWN, + "OU=Starfield Class 2 Certification Authority,O=\"Starfield Technologies, Inc.\",C=US", + "OU=Starfield Class 2 Certification Authority,O=\"Starfield Technologies, Inc.\",C=US", + "AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A", + }, { "2.16.840.1.114412.2.1", "DigiCert EV OID", @@ -626,6 +658,9 @@ nsNSSCertificate::hasValidEVOidTag(SECOidTag &resultOidTag, PRBool &validEV) CERTCertificate *issuerCert = cvout[0].value.pointer.cert; CERTCertificateCleaner issuerCleaner(issuerCert); + PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CERT_PKIXVerifyCert returned success, issuer: %s\n", + issuerCert->subjectName)); + validEV = isApprovedForEV(oid_tag, issuerCert); if (validEV) resultOidTag = oid_tag;