SecurityEngineering/mozpkix-testing: Difference between revisions

m
Line 72: Line 72:


= Behavior Changes =
= Behavior Changes =
Mozilla::pkix includess some changes in support of current best practices and policies, as listed below. If you notice an issue due to any of these changes, please feel free to let us know. However, we believe that in most cases, the simplest resolution will be to update the SSL certificate in your webserver.  
Mozilla::pkix includes some changes in support of current best practices and policies, as listed below. If you notice an issue due to any of these changes, please feel free to [https://groups.google.com/d/msg/mozilla.dev.tech.crypto/EbWse7Ryj8I/mgNRW4yGAwUJ let us know]. However, we believe that in most cases, the simplest resolution will be to update the SSL certificate in your webserver.  
# Mozilla::pkix does not allow x509 version 2 certificates in any position (root, intermediate or End-Entity (EE))  and version 1 certificates are only allowed as trust anchors.  
# Mozilla::pkix does not allow x509 version 2 certificates in any position (root, intermediate or End-Entity (EE))  and version 1 certificates are only allowed as trust anchors.  
# End certificates used by servers are not allowed to have basic constraints asserting isCA=TRUE.  
# End certificates used by servers are not allowed to have basic constraints asserting isCA=TRUE.  
Confirmed users, Administrators
5,526

edits