Confirmed users, Administrators
5,526
edits
CA/EV Processing for CAs: Difference between revisions
Jump to navigation
Jump to search
m
Updated per Bug #1769150 which causes each EV OID in the end-entity cert to be checked until a valid path is found
(Updated per Bug #1769150 which causes each EV OID in the end-entity cert to be checked until a valid path is found) |
m (Updated per Bug #1769150 which causes each EV OID in the end-entity cert to be checked until a valid path is found) |
||
| Line 19: | Line 19: | ||
=== CA-Specific OIDs === | === CA-Specific OIDs === | ||
Firefox matches the EV OID found in the end-entity certificate with one or more EV OIDs associated with the root in the ExtendedValidation.cpp file. In the process of running the [[SecurityEngineering/Certificate_Verification|path building algorithm]], when a potential root certificate has been identified, the | Firefox matches the EV OID found in the end-entity certificate with one or more EV OIDs associated with the root in the ExtendedValidation.cpp file. In the process of running the [[SecurityEngineering/Certificate_Verification|path building algorithm]], when a potential root certificate has been identified, the recognized EV policy OID(s) found in the end-entity certificate is compared to the EV policy OID(s) associated with the root. If they match, the candidate is a valid trust anchor, and the end-entity will be considered EV if all other checks pass. In addition, if the CAB Forum EV policy OID is a recognized OID in the certificatePolicies extension of the end-entity certificate, EV status is granted if the root is EV-enabled for any OID. | ||
=== Policy Constraints === | === Policy Constraints === | ||