Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-12 00:50:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
703cd2b421
gecko-dev/security/certverifier
History
Dana Keeler 3d9ab91ab0 Bug 1605273 - only run CRLite on certificates with a CT SCT available r=jcj 
Because CAs can back-date a certificate (i.e. set the "notBefore" field to
earlier than when a certificate actually existed), the "notBefore" field can't
be relied on when determining when CRLite information is recent enough to check
a certificate with. To that end, this patch instead uses the earliest timestamp
from the embedded SCTs in the certificate being checked.

Differential Revision: https://phabricator.services.mozilla.com/D90599
2020-09-24 18:10:05 +00:00
..
tests/gtest
BRNameMatchingPolicy.cpp
BRNameMatchingPolicy.h
CertVerifier.cpp
CertVerifier.h
ExtendedValidation.cpp
ExtendedValidation.h
moz.build
NSSCertDBTrustDomain.cpp Bug 1605273 - only run CRLite on certificates with a CT SCT available r=jcj 2020-09-24 18:10:05 +00:00
NSSCertDBTrustDomain.h Bug 1605273 - only run CRLite on certificates with a CT SCT available r=jcj 2020-09-24 18:10:05 +00:00
OCSPCache.cpp
OCSPCache.h
OCSPVerificationTrustDomain.cpp Bug 1605273 - only run CRLite on certificates with a CT SCT available r=jcj 2020-09-24 18:10:05 +00:00
OCSPVerificationTrustDomain.h Bug 1605273 - only run CRLite on certificates with a CT SCT available r=jcj 2020-09-24 18:10:05 +00:00
TrustOverride-AppleGoogleDigiCertData.inc
TrustOverride-StartComAndWoSignData.inc
TrustOverride-SymantecData.inc
TrustOverride-TestImminentDistrustData.inc
TrustOverrideUtils.h Bug 1664011 - avoid CERTCertificate in nsIX509CertValidity implementation r=rmf 2020-09-11 17:20:25 +00:00