Confirmed users
563
edits
CA/Additional Trust Changes: Difference between revisions
Added section for Turkish Government CA, Kamu SM
(Clarify that the StartCom/WoSign restrictions have been implemented at the NSS code level, too. Fixed the links of StartCom/WoSign and ANSSI to specific revisions, so that they point to the correct functions.) |
(Added section for Turkish Government CA, Kamu SM) |
||
| Line 38: | Line 38: | ||
This restriction has been implemented in both [https://hg.mozilla.org/mozilla-central/annotate/facaf90aeaaf/security/certverifier/NSSCertDBTrustDomain.cpp#l740 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.), and in addition, [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certhigh/certvfy.c#l492 in the NSS library code], which is used by applications that use the NSS certificate verification APIs. | This restriction has been implemented in both [https://hg.mozilla.org/mozilla-central/annotate/facaf90aeaaf/security/certverifier/NSSCertDBTrustDomain.cpp#l740 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.), and in addition, [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certhigh/certvfy.c#l492 in the NSS library code], which is used by applications that use the NSS certificate verification APIs. | ||
==Kamu SM== | |||
The Turkish Government CA is name-constrained to a set of turkish toplevel domains - that is, .gov.tr, .k12.tr, .pol.tr, .mil.tr, .tsk.tr, .kep.tr, .bel.tr, .edu.tr and .org.tr. The code for that [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certdb/genname.c#l1622 is in NSS]. | |||