Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-24 18:55:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
581,006 Commits 615 Branches 98 Tags 5.9 GiB
72080bd73c
Commit Graph

8 Commits

Author SHA1 Message Date
David Keeler
47263aefb3 bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj 
(adapted from bug 1349762 comment 0)
Google Trust Services (GTS) recently purchased two roots from GlobalSign that
are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC
Root CA - R4".

However, GTS does not have an EV audit, so we are going to turn off EV treatment
for both of those root certificates.

But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended
Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to
be used to migrate their customers off dependence on that root.

This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also
removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless
the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the
chain.

MozReview-Commit-ID: Ej9L9zTwoPN

--HG--
extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad
 2017-04-03 17:17:38 -07:00
Jan de Mooij
31df59e394 Bug 1311996 - Fix code using pkix::Result to not conflict with the new mozilla::Result type. r=keeler 2016-10-31 10:05:13 +01:00
Sergei Chernov
edb1f658f6 Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler 
MozReview-Commit-ID: HZwzSgxarTw

--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
 2016-06-15 11:11:00 +03:00
David Keeler
c17f3a2733 bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj 
MozReview-Commit-ID: 88JhIU1pUji

--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
 2016-05-05 16:11:11 -07:00
Richard Barnes
990593f9cf Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler 2015-09-11 14:52:30 -04:00
Mark Goodwin
fce204e0e0 Bug 1183822 - fix OCSP verification failures (r=keeler) 
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
 2015-07-17 17:07:48 +01:00
Mark Goodwin
c7285efe5a Backed out changeset fb6cbb4ada54 (bug 1183822) 2015-07-17 10:36:58 +01:00
Mark Goodwin
0bfd3046ed Bug 1183822 - fix OCSP verification failures (r=keeler) 
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
 2015-07-17 10:03:56 +01:00