mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 03:45:46 +00:00
aa7979464f
Before this patch, the certificate verifier would only attempt to build a trusted path to a root with the first recognized EV OID in the end-entity certificate. Thus, if an end-entity certificate had more than one EV OID, it could fail to verify as EV if an intermediate or root had the "wrong" EV OID. This patch addresses this shortcoming by trying to build a path with each recognized EV OID in the end-entity certificate until it finds one that works. Differential Revision: https://phabricator.services.mozilla.com/D149319
44 lines
1.2 KiB
C++
44 lines
1.2 KiB
C++
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef ExtendedValidation_h
|
|
#define ExtendedValidation_h
|
|
|
|
#include "ScopedNSSTypes.h"
|
|
#include "certt.h"
|
|
|
|
namespace mozilla {
|
|
namespace pkix {
|
|
struct CertPolicyId;
|
|
} // namespace pkix
|
|
} // namespace mozilla
|
|
|
|
namespace mozilla {
|
|
namespace psm {
|
|
|
|
nsresult LoadExtendedValidationInfo();
|
|
|
|
/**
|
|
* Finds all policy OIDs in the given cert that are known to be EV policy OIDs.
|
|
*
|
|
* @param cert
|
|
* The bytes of the cert to find the EV policies of.
|
|
* @param policies
|
|
* The found policies.
|
|
*/
|
|
void GetKnownEVPolicies(
|
|
const nsTArray<uint8_t>& cert,
|
|
/*out*/ nsTArray<mozilla::pkix::CertPolicyId>& policies);
|
|
|
|
// CertIsAuthoritativeForEVPolicy does NOT evaluate whether the cert is trusted
|
|
// or distrusted.
|
|
bool CertIsAuthoritativeForEVPolicy(const nsTArray<uint8_t>& cert,
|
|
const mozilla::pkix::CertPolicyId& policy);
|
|
|
|
} // namespace psm
|
|
} // namespace mozilla
|
|
|
|
#endif // ExtendedValidation_h
|