Dana Keeler 153dbb37e5 Bug 1828968 - osclientcerts: make RSA-PSS support configurable via pref r=jschanck ... Due to design constraints, it is difficult for osclientcerts to properly indicate whether or not each known key supports RSA-PSS. Ideally such a determination would be made close to when a particular key is going to be used, but due to the design of PKCS#11 and NSS' tight coupling to it, osclientcerts would have to make this determination when searching for all known keys, which has been shown to be prohibitively slow on Windows and results in unexpected dialogs on macOS. Thus, previously osclientcerts simply assumed all RSA keys supported RSA-PSS. This has resulted in handshake failures when a server indicates that it accepts RSA-PSS signatures. This patch instead makes RSA-PSS support configurable via a pref (security.osclientcerts.assume_rsa_pss_support). If the pref is true, osclientcerts assumes all RSA keys support RSA-PSS. If it is false, it assumes no RSA keys support RSA-PSS. Differential Revision: https://phabricator.services.mozilla.com/D175966		2023-04-21 17:49:09 +00:00
..
tests/gtest
CertVerifier.cpp
CertVerifier.h
CRLiteTimestamp.h
ExtendedValidation.cpp	Bug 1820573 - Make security/ buildable outside of a unified build environment r=andi,keeler	2023-03-15 07:30:36 +00:00
ExtendedValidation.h
moz.build	Bug 1820573 - Make security/ buildable outside of a unified build environment r=andi,keeler	2023-03-15 07:30:36 +00:00
NSSCertDBTrustDomain.cpp	Bug 1828968 - osclientcerts: make RSA-PSS support configurable via pref r=jschanck	2023-04-21 17:49:09 +00:00
NSSCertDBTrustDomain.h
OCSPCache.cpp	Bug 1820573 - Make security/ buildable outside of a unified build environment r=andi,keeler	2023-03-15 07:30:36 +00:00
OCSPCache.h
TrustOverride-AppleGoogleDigiCertData.inc
TrustOverride-SymantecData.inc
TrustOverrideUtils.h