Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-22 09:45:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f0fe67f321
gecko-dev/security/certverifier
History
Kevin Jacobs b964726542 Bug 1575735 - Explicitly check key strength of TLS channel by setting authKeyBits earlier in SSL_AuthCertificate r=keeler 
This patch provides Delegated Credential information (authKeyBits and signature scheme) to CertVerifier such that we can enforce a policy check and disallow weak keys in the Delegated Credential.

This information is not passed from http3 - adding this will be done in a separate bug.

Differential Revision: https://phabricator.services.mozilla.com/D47181

--HG--
rename : security/manager/ssl/tests/unit/test_delegated_credentials/delegated-selfsigned.key => security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key
rename : security/manager/ssl/tests/unit/test_delegated_credentials/delegated-selfsigned.key.keyspec => security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key.keyspec
extra : moz-landing-system : lando
2019-11-07 22:13:43 +00:00
..
tests/gtest Bug 1510569 - Implement serializers for nsITransportSecurityInfo, nsIX509Cert, and nsIX509CertList r=froydnj,keeler,mayhemer 2019-08-28 18:55:31 +00:00
BRNameMatchingPolicy.cpp
BRNameMatchingPolicy.h
CertVerifier.cpp Bug 1575735 - Explicitly check key strength of TLS channel by setting authKeyBits earlier in SSL_AuthCertificate r=keeler 2019-11-07 22:13:43 +00:00
CertVerifier.h Bug 1575735 - Explicitly check key strength of TLS channel by setting authKeyBits earlier in SSL_AuthCertificate r=keeler 2019-11-07 22:13:43 +00:00
ExtendedValidation.cpp Bug 1586081 - Remove special EV treatment from GlobalSign Extended Validation CA - SHA256 - G2. r=keeler 2019-10-15 17:11:35 +00:00
ExtendedValidation.h
moz.build Bug 1510569 - Implement serializers for nsITransportSecurityInfo, nsIX509Cert, and nsIX509CertList r=froydnj,keeler,mayhemer 2019-08-28 18:55:31 +00:00
NSSCertDBTrustDomain.cpp Bug 1592355 - Convert certList to raw array for Pins verification r=keeler 2019-10-31 23:56:32 +00:00
NSSCertDBTrustDomain.h bug 1063276 - include the peer cert chain from the TLS handshake when verifying server certificates r=kjacobs 2019-10-24 22:48:40 +00:00
OCSPCache.cpp
OCSPCache.h
OCSPVerificationTrustDomain.cpp
OCSPVerificationTrustDomain.h
TrustOverride-AppleGoogleDigiCertData.inc
TrustOverride-StartComAndWoSignData.inc
TrustOverride-SymantecData.inc
TrustOverride-TestImminentDistrustData.inc
TrustOverrideUtils.h Bug 1592355 - Convert certList to raw array for Pins verification r=keeler 2019-10-31 23:56:32 +00:00