mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-25 11:15:34 +00:00
7d0730b216
Because of the DigiCert-controlled sub-CAs and managed-CAs identified as also needing to be whitelisted [1], and that those CAs are using an increasing number of certificates all with different Subjects (but identical public keys) [2][3], we will have to whitelist on SPKI rather than subject DN. This makes the security/manager/ssl/tests/unit/test_symantec_apple_google.js integration test different, as it now uses a real Google certificate that is in the whitelist with only a cert verification rather than a full connection test. This patch does not add the DigiCert SPKIs to the list; I will do that in its own patch. [1] https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md [2] https://chromium-review.googlesource.com/c/chromium/src/+/916730 [3] https://crt.sh/?spkisha256=ac50b5fb738aed6cb781cc35fbfff7786f77109ada7c08867c04a573fd5cf9ee MozReview-Commit-ID: 4qVeogDbSb --HG-- extra : rebase_source : abbdd432b190d059a3b2ceeccf89b85a12c214dd |
||
|---|---|---|
| .. | ||
| apps | ||
| certverifier | ||
| manager | ||
| nss | ||
| pkix | ||
| sandbox | ||
| .eslintrc.js | ||
| generate_certdata.py | ||
| generate_mapfile.py | ||
| moz.build | ||
| nss.symbols | ||