Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-01-09 05:14:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
bb679fa417
gecko-dev/security/certverifier/moz.build
Dana Keeler 3945602079 Bug 1766687 - remove support for SHA1 signatures in all certificates (including imported roots) r=jschanck 
Previously [0], support for SHA1 signatures in certificates was disabled by
default, except for certificates issued by imported roots. Chrome had a similar
policy, but this was removed in 71 [1]. Telemetry [2] indicates that some users
do still encounter SHA1 signatures at a fraction of the rate of overall
certificate errors, so forbidding all SHA1 signatures should have minimal
compatibility impact.

[0] https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
[1] https://chromeenterprise.google/policies/#EnableSha1ForLocalAnchors
[2] https://mzl.la/3kg5J4j

Differential Revision: https://phabricator.services.mozilla.com/D144870
2022-06-01 17:01:56 +00:00

63 lines
1.3 KiB
Python
Raw Blame History

# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
with Files("**"):
BUG_COMPONENT = ("Core", "Security: PSM")
EXPORTS += [
"CertVerifier.h",
"OCSPCache.h",
]
UNIFIED_SOURCES += [
"CertVerifier.cpp",
"NSSCertDBTrustDomain.cpp",
"OCSPCache.cpp",
]
if not CONFIG["NSS_NO_EV_CERTS"]:
UNIFIED_SOURCES += [
"ExtendedValidation.cpp",
]
LOCAL_INCLUDES += [
"/security/ct",
"/security/manager/ssl",
]
DIRS += [
"../ct",
]
TEST_DIRS += [
"tests/gtest",
]
if CONFIG["CC_TYPE"] == "clang-cl":
# -Wall on clang-cl maps to -Weverything, which turns on way too
# much, so we're passing through -Wall using -Xclang.
CXXFLAGS += ["-Xclang"]
CXXFLAGS += ["-Wall"]
CXXFLAGS += [
"-Wextra",
"-Wunreachable-code",
]
# Gecko headers aren't warning-free enough for us to enable these warnings.
CXXFLAGS += [
"-Wno-unused-parameter",
]
include("/ipc/chromium/chromium-config.mozbuild")
FINAL_LIBRARY = "xul"
if CONFIG["CC_TYPE"] == "clang-cl":
AllowCompilerWarnings() # workaround for bug 1090497
REQUIRES_UNIFIED_BUILD = True
Reference in New Issue View Git Blame Copy Permalink