mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 12:15:33 +00:00
f60f796fb1
As a result of CNNIC issuing an unconstrained intermediate certificate that misissued an end-entity certificate for google.com (see bug 1146026 and bug 1177209), we implemented a system that would in theory enable Firefox to continue to trust certificates that were valid at the time but not newly issued certificates. This consisted of a whitelist added in bug 1151512. The CNNIC roots have since been removed from NSS in bug 1380868. We can now remove the whitelist in Firefox. MozReview-Commit-ID: 7VXOuvwzbct --HG-- extra : rebase_source : 20e6e39c40417a9b7f2962e06cf9de85e3e08ee8 |
||
---|---|---|
.. | ||
tests/gtest | ||
BRNameMatchingPolicy.cpp | ||
BRNameMatchingPolicy.h | ||
CertVerifier.cpp | ||
CertVerifier.h | ||
CTDiversityPolicy.cpp | ||
CTDiversityPolicy.h | ||
CTKnownLogs.h | ||
CTLog.h | ||
CTLogVerifier.cpp | ||
CTLogVerifier.h | ||
CTObjectsExtractor.cpp | ||
CTObjectsExtractor.h | ||
CTPolicyEnforcer.cpp | ||
CTPolicyEnforcer.h | ||
CTSerialization.cpp | ||
CTSerialization.h | ||
CTVerifyResult.cpp | ||
CTVerifyResult.h | ||
ExtendedValidation.cpp | ||
ExtendedValidation.h | ||
moz.build | ||
MultiLogCTVerifier.cpp | ||
MultiLogCTVerifier.h | ||
NSSCertDBTrustDomain.cpp | ||
NSSCertDBTrustDomain.h | ||
OCSPCache.cpp | ||
OCSPCache.h | ||
OCSPRequestor.cpp | ||
OCSPRequestor.h | ||
OCSPVerificationTrustDomain.cpp | ||
OCSPVerificationTrustDomain.h | ||
SignedCertificateTimestamp.cpp | ||
SignedCertificateTimestamp.h | ||
SignedTreeHead.h | ||
StartComAndWoSignData.inc |