Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-25 19:25:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
34fcaf2c44
gecko-dev/security/certverifier
History
Dana Keeler 67fc934d4b bug 1570222 - avoid passing unrelated certificates to mozilla::pkix from NSSCertDBTrustDomain r=kjacobs 
During path building, mozilla::pkix filters out candidate certificates provided
by trust domains where the subject distinguished name does not match the issuer
distinguished name of the certificate it's trying to find an issuer for.
However, if there's a problem decoding the candidate issuer certificate,
mozilla::pkix will make a note of this error, regardless of if that certificate
was potentially a suitable issuer. If no trusted path is found, the error from
that unrelated certificate may ultimately be returned by mozilla::pkix,
resulting in confusion.

Before this patch, NSSCertDBTrustDomain could cause this behavior by blithely
passing every known 3rd party certificate to mozilla::pkix (other sources of
certificates already filter on subject distinguished name). This patch adds
filtering to 3rd party certificates as well.

Differential Revision: https://phabricator.services.mozilla.com/D48120

--HG--
extra : moz-landing-system : lando
2019-10-04 16:46:08 +00:00
..
tests/gtest Bug 1510569 - Implement serializers for nsITransportSecurityInfo, nsIX509Cert, and nsIX509CertList r=froydnj,keeler,mayhemer 2019-08-28 18:55:31 +00:00
BRNameMatchingPolicy.cpp Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
BRNameMatchingPolicy.h Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
CertVerifier.cpp Bug 1560354 - Transform some nss types into gecko types. r=keeler,dragana 2019-09-05 15:49:35 +00:00
CertVerifier.h Bug 1560354 - Transform some nss types into gecko types. r=keeler,dragana 2019-09-05 15:49:35 +00:00
ExtendedValidation.cpp Bug 1515465 - Enable EV Treatment for eMudhra Technologies Limited root certificates r=keeler 2019-04-25 17:46:16 +00:00
ExtendedValidation.h Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
moz.build Bug 1510569 - Implement serializers for nsITransportSecurityInfo, nsIX509Cert, and nsIX509CertList r=froydnj,keeler,mayhemer 2019-08-28 18:55:31 +00:00
NSSCertDBTrustDomain.cpp bug 1570222 - avoid passing unrelated certificates to mozilla::pkix from NSSCertDBTrustDomain r=kjacobs 2019-10-04 16:46:08 +00:00
NSSCertDBTrustDomain.h bug 1577944 - avoid calling CERT_NewTempCertificate in NSSCertDBTrustDomain::GetCertTrust for enterprise certificates r=jcj,kjacobs 2019-09-17 20:30:15 +00:00
OCSPCache.cpp Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
OCSPCache.h Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
OCSPVerificationTrustDomain.cpp Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
OCSPVerificationTrustDomain.h Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
TrustOverride-AppleGoogleDigiCertData.inc
TrustOverride-GlobalSignData.inc
TrustOverride-StartComAndWoSignData.inc
TrustOverride-SymantecData.inc
TrustOverride-TestImminentDistrustData.inc
TrustOverrideUtils.h Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00