CA/Additional Trust Changes: Difference between revisions

CA/Additional Trust Changes (view source)

Revision as of 16:18, 6 April 2017

453 bytes added , 6 April 2017

Clarify that the StartCom/WoSign restrictions have been implemented at the NSS code level, too. Fixed the links of StartCom/WoSign and ANSSI to specific revisions, so that they point to the correct functions.

Kaie

Confirmed users

563

edits

@@ Line 17: / Line 17: @@
 ==ANSSI==
-The French Government CA is name-constrained to those ccTLDs whose geographies are under the jurisdiction of France - that is, .fr, .gp, .gf, .mq, .re, .yt, .pm, .bl, .mf, .wf, .pf, .nc, and .tf. The code for that [https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/certdb/genname.c#1588 is in NSS].
+The French Government CA is name-constrained to those ccTLDs whose geographies are under the jurisdiction of France - that is, .fr, .gp, .gf, .mq, .re, .yt, .pm, .bl, .mf, .wf, .pf, .nc, and .tf. The code for that [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certdb/genname.c#l1595 is in NSS].
 ==StartCom==
@@ Line 26: / Line 26: @@
 # CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL
-The code implementing this restriction is [https://dxr.mozilla.org/mozilla-central/source/security/certverifier/NSSCertDBTrustDomain.cpp#737 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.).
+This restriction has been implemented in both [https://hg.mozilla.org/mozilla-central/annotate/facaf90aeaaf/security/certverifier/NSSCertDBTrustDomain.cpp#l740 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.), and in addition, [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certhigh/certvfy.c#l492 in the NSS library code], which is used by applications that use the NSS certificate verification APIs.
 ==WoSign==
@@ Line 37: / Line 37: @@
 # CN=CA WoSign ECC Root, OU=null, O=WoSign CA Limited, C=CN
-The code implementing this restriction is [https://dxr.mozilla.org/mozilla-central/source/security/certverifier/NSSCertDBTrustDomain.cpp#737 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.).
+This restriction has been implemented in both [https://hg.mozilla.org/mozilla-central/annotate/facaf90aeaaf/security/certverifier/NSSCertDBTrustDomain.cpp#l740 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.), and in addition, [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certhigh/certvfy.c#l492 in the NSS library code], which is used by applications that use the NSS certificate verification APIs.