CA/Additional Trust Changes: Difference between revisions

Jump to navigation Jump to search

CA/Additional Trust Changes (view source)

Revision as of 21:24, 31 January 2018

986 bytes removed ,  31 January 2018
Deleted the WoSign section, because all of the WoSign root certs have been removed from Mozilla's CA program.
(→‎Symantec: link bug)
(Deleted the WoSign section, because all of the WoSign root certs have been removed from Mozilla's CA program.)
Line 25: Line 25:
# CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL  
# CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL  
# CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL  
# CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL  
This restriction has been implemented in both [https://hg.mozilla.org/mozilla-central/annotate/facaf90aeaaf/security/certverifier/NSSCertDBTrustDomain.cpp#l740 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.), and in addition, [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certhigh/certvfy.c#l492 in the NSS library code], which is used by applications that use the NSS certificate verification APIs.
==WoSign==
Mozilla [https://bugzilla.mozilla.org/show_bug.cgi?id=1311824 currently recommends] not trusting any certificates issued by this CA after October 21st, 2016. That recommendation covers the following roots:
# CN=CA 沃通根证书, OU=null, O=WoSign CA Limited, C=CN
# CN=Certification Authority of WoSign, OU=null, O=WoSign CA Limited, C=CN
# CN=Certification Authority of WoSign G2, OU=null, O=WoSign CA Limited, C=CN
# CN=CA WoSign ECC Root, OU=null, O=WoSign CA Limited, C=CN


This restriction has been implemented in both [https://hg.mozilla.org/mozilla-central/annotate/facaf90aeaaf/security/certverifier/NSSCertDBTrustDomain.cpp#l740 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.), and in addition, [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certhigh/certvfy.c#l492 in the NSS library code], which is used by applications that use the NSS certificate verification APIs.
This restriction has been implemented in both [https://hg.mozilla.org/mozilla-central/annotate/facaf90aeaaf/security/certverifier/NSSCertDBTrustDomain.cpp#l740 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.), and in addition, [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certhigh/certvfy.c#l492 in the NSS library code], which is used by applications that use the NSS certificate verification APIs.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1188311"

Navigation menu