diff --git a/dom/media/MediaDecoderStateMachine.cpp b/dom/media/MediaDecoderStateMachine.cpp index f216117d0..d2f50ceeb 100644 --- a/dom/media/MediaDecoderStateMachine.cpp +++ b/dom/media/MediaDecoderStateMachine.cpp @@ -19,6 +19,7 @@ #include "mediasink/AudioSinkWrapper.h" #include "mediasink/VideoSink.h" #include "mediasink/DecodedStream.h" +#include "mediasink/OutputStreamManager.h" #include "mozilla/DebugOnly.h" #include "mozilla/Logging.h" #include "mozilla/mozalloc.h" @@ -247,7 +248,9 @@ MediaDecoderStateMachine::MediaDecoderStateMachine(MediaDecoder* aDecoder, mSentLoadedMetadataEvent(false), mSentFirstFrameLoadedEvent(false, "MediaDecoderStateMachine::mSentFirstFrameLoadedEvent"), mSentPlaybackEndedEvent(false), - mStreamSink(new DecodedStream(mTaskQueue, mAudioQueue, mVideoQueue)), + mOutputStreamManager(new OutputStreamManager()), + mStreamSink(new DecodedStream( + mTaskQueue, mAudioQueue, mVideoQueue, mOutputStreamManager)), mResource(aDecoder->GetResource()), mAudioOffloading(false), mBuffered(mTaskQueue, TimeIntervals(), @@ -3053,7 +3056,7 @@ void MediaDecoderStateMachine::AddOutputStream(ProcessedMediaStream* aStream, { MOZ_ASSERT(NS_IsMainThread()); DECODER_LOG("AddOutputStream aStream=%p!", aStream); - mStreamSink->AddOutput(aStream, aFinishWhenEnded); + mOutputStreamManager->Add(aStream, aFinishWhenEnded); nsCOMPtr r = NS_NewRunnableMethodWithArg( this, &MediaDecoderStateMachine::SetAudioCaptured, true); OwnerThread()->Dispatch(r.forget()); @@ -3063,8 +3066,8 @@ void MediaDecoderStateMachine::RemoveOutputStream(MediaStream* aStream) { MOZ_ASSERT(NS_IsMainThread()); DECODER_LOG("RemoveOutputStream=%p!", aStream); - mStreamSink->RemoveOutput(aStream); - if (!mStreamSink->HasConsumers()) { + mOutputStreamManager->Remove(aStream); + if (mOutputStreamManager->IsEmpty()) { nsCOMPtr r = NS_NewRunnableMethodWithArg( this, &MediaDecoderStateMachine::SetAudioCaptured, false); OwnerThread()->Dispatch(r.forget()); diff --git a/dom/media/MediaDecoderStateMachine.h b/dom/media/MediaDecoderStateMachine.h index 5b8934486..2dca10a51 100644 --- a/dom/media/MediaDecoderStateMachine.h +++ b/dom/media/MediaDecoderStateMachine.h @@ -105,6 +105,7 @@ class MediaSink; class AudioSegment; class DecodedStream; +class OutputStreamManager; class TaskQueue; extern LazyLogModule gMediaDecoderLog; @@ -1185,6 +1186,9 @@ private: bool mSentPlaybackEndedEvent; + // Data about MediaStreams that are being fed by the decoder. + const RefPtr mOutputStreamManager; + // The SourceMediaStream we are using to feed the mOutputStreams. This stream // is never exposed outside the decoder. // Only written on the main thread while holding the monitor. Therefore it diff --git a/dom/media/mediasink/DecodedStream.cpp b/dom/media/mediasink/DecodedStream.cpp index 5c3cf7850..8e9c18641 100644 --- a/dom/media/mediasink/DecodedStream.cpp +++ b/dom/media/mediasink/DecodedStream.cpp @@ -13,6 +13,7 @@ #include "MediaData.h" #include "MediaQueue.h" #include "MediaStreamGraph.h" +#include "OutputStreamManager.h" #include "SharedBuffer.h" #include "VideoSegment.h" #include "VideoUtils.h" @@ -126,7 +127,7 @@ UpdateStreamSuspended(MediaStream* aStream, bool aBlocking) */ class DecodedStreamData { public: - DecodedStreamData(OutputStreamManager aOutputStreamManager, + DecodedStreamData(OutputStreamManager* aOutputStreamManager, PlaybackInfoInit&& aInit, MozPromiseHolder&& aPromise); ~DecodedStreamData(); @@ -160,10 +161,10 @@ public: // StreamTime going forward. bool mEOSVideoCompensation; - OutputStreamManager mOutputStreamManager; + const RefPtr mOutputStreamManager; }; -DecodedStreamData::DecodedStreamData(OutputStreamManager aOutputStreamManager, +DecodedStreamData::DecodedStreamData(OutputStreamManager* aOutputStreamManager, PlaybackInfoInit&& aInit, MozPromiseHolder&& aPromise) : mAudioFramesWritten(0) @@ -172,7 +173,7 @@ DecodedStreamData::DecodedStreamData(OutputStreamManager aOutputStreamManager, , mHaveSentFinish(false) , mHaveSentFinishAudio(false) , mHaveSentFinishVideo(false) - , mStream(aOutputStreamManager.Graph()->CreateSourceStream(nullptr)) + , mStream(aOutputStreamManager->Graph()->CreateSourceStream(nullptr)) // DecodedStreamGraphListener will resolve this promise. , mListener(new DecodedStreamGraphListener(mStream, Move(aPromise))) // mPlaying is initially true because MDSM won't start playback until playing @@ -182,7 +183,7 @@ DecodedStreamData::DecodedStreamData(OutputStreamManager aOutputStreamManager, , mOutputStreamManager(aOutputStreamManager) { mStream->AddListener(mListener); - mOutputStreamManager.Connect(mStream); + mOutputStreamManager->Connect(mStream); // Initialize tracks. if (aInit.mInfo.HasAudio()) { @@ -197,7 +198,7 @@ DecodedStreamData::DecodedStreamData(OutputStreamManager aOutputStreamManager, DecodedStreamData::~DecodedStreamData() { - mOutputStreamManager.Disconnect(); + mOutputStreamManager->Disconnect(); mListener->Forget(); mStream->Destroy(); } @@ -223,119 +224,12 @@ DecodedStreamData::SetPlaying(bool aPlaying) } } -OutputStreamData::~OutputStreamData() -{ - MOZ_ASSERT(NS_IsMainThread()); - // Break the connection to the input stream if necessary. - if (mPort) { - mPort->Destroy(); - } -} - -void -OutputStreamData::Init(OutputStreamManager* aOwner, ProcessedMediaStream* aStream) -{ - mOwner = aOwner; - mStream = aStream; -} - -void -OutputStreamData::Connect(MediaStream* aStream) -{ - MOZ_ASSERT(NS_IsMainThread()); - MOZ_ASSERT(!mPort, "Already connected?"); - MOZ_ASSERT(!mStream->IsDestroyed(), "Can't connect a destroyed stream."); - - mPort = mStream->AllocateInputPort(aStream); -} - -bool -OutputStreamData::Disconnect() -{ - MOZ_ASSERT(NS_IsMainThread()); - - // During cycle collection, DOMMediaStream can be destroyed and send - // its Destroy message before this decoder is destroyed. So we have to - // be careful not to send any messages after the Destroy(). - if (mStream->IsDestroyed()) { - return false; - } - - // Disconnect the existing port if necessary. - if (mPort) { - mPort->Destroy(); - mPort = nullptr; - } - return true; -} - -MediaStreamGraph* -OutputStreamData::Graph() const -{ - return mStream->Graph(); -} - -void -OutputStreamManager::Add(ProcessedMediaStream* aStream, bool aFinishWhenEnded) -{ - MOZ_ASSERT(NS_IsMainThread()); - // All streams must belong to the same graph. - MOZ_ASSERT(!Graph() || Graph() == aStream->Graph()); - - // Ensure that aStream finishes the moment mDecodedStream does. - if (aFinishWhenEnded) { - aStream->SetAutofinish(true); - } - - OutputStreamData* p = mStreams.AppendElement(); - p->Init(this, aStream); - - // Connect to the input stream if we have one. Otherwise the output stream - // will be connected in Connect(). - if (mInputStream) { - p->Connect(mInputStream); - } -} - -void -OutputStreamManager::Remove(MediaStream* aStream) -{ - MOZ_ASSERT(NS_IsMainThread()); - for (int32_t i = mStreams.Length() - 1; i >= 0; --i) { - if (mStreams[i].Equals(aStream)) { - mStreams.RemoveElementAt(i); - break; - } - } -} - -void -OutputStreamManager::Connect(MediaStream* aStream) -{ - MOZ_ASSERT(NS_IsMainThread()); - mInputStream = aStream; - for (auto&& os : mStreams) { - os.Connect(aStream); - } -} - -void -OutputStreamManager::Disconnect() -{ - MOZ_ASSERT(NS_IsMainThread()); - mInputStream = nullptr; - for (int32_t i = mStreams.Length() - 1; i >= 0; --i) { - if (!mStreams[i].Disconnect()) { - // Probably the DOMMediaStream was GCed. Clean up. - mStreams.RemoveElementAt(i); - } - } -} - DecodedStream::DecodedStream(AbstractThread* aOwnerThread, MediaQueue& aAudioQueue, - MediaQueue& aVideoQueue) + MediaQueue& aVideoQueue, + OutputStreamManager* aOutputStreamManager) : mOwnerThread(aOwnerThread) + , mOutputStreamManager(aOutputStreamManager) , mShuttingDown(false) , mPlaying(false) , mSameOrigin(false) @@ -400,7 +294,7 @@ DecodedStream::Start(int64_t aStartTime, const MediaInfo& aInfo) class R : public nsRunnable { typedef MozPromiseHolder Promise; public: - R(PlaybackInfoInit&& aInit, Promise&& aPromise, OutputStreamManager aManager) + R(PlaybackInfoInit&& aInit, Promise&& aPromise, OutputStreamManager* aManager) : mInit(Move(aInit)), mOutputStreamManager(aManager) { mPromise = Move(aPromise); @@ -410,7 +304,7 @@ DecodedStream::Start(int64_t aStartTime, const MediaInfo& aInfo) MOZ_ASSERT(NS_IsMainThread()); // No need to create a source stream when there are no output streams. This // happens when RemoveOutput() is called immediately after StartPlayback(). - if (!mOutputStreamManager.Graph()) { + if (!mOutputStreamManager->Graph()) { // Resolve the promise to indicate the end of playback. mPromise.Resolve(true, __func__); return NS_OK; @@ -426,7 +320,7 @@ DecodedStream::Start(int64_t aStartTime, const MediaInfo& aInfo) private: PlaybackInfoInit mInit; Promise mPromise; - OutputStreamManager mOutputStreamManager; + RefPtr mOutputStreamManager; UniquePtr mData; }; @@ -491,28 +385,6 @@ DecodedStream::DestroyData(UniquePtr aData) AbstractThread::MainThread()->Dispatch(r.forget()); } - - -bool -DecodedStream::HasConsumers() const -{ - return !mOutputStreamManager.IsEmpty(); -} - - - -void -DecodedStream::AddOutput(ProcessedMediaStream* aStream, bool aFinishWhenEnded) -{ - mOutputStreamManager.Add(aStream, aFinishWhenEnded); -} - -void -DecodedStream::RemoveOutput(MediaStream* aStream) -{ - mOutputStreamManager.Remove(aStream); -} - void DecodedStream::SetPlaying(bool aPlaying) { diff --git a/dom/media/mediasink/DecodedStream.h b/dom/media/mediasink/DecodedStream.h index 1f7877b76..31c524a19 100644 --- a/dom/media/mediasink/DecodedStream.h +++ b/dom/media/mediasink/DecodedStream.h @@ -7,7 +7,6 @@ #ifndef DecodedStream_h_ #define DecodedStream_h_ -#include "nsTArray.h" #include "MediaEventSource.h" #include "MediaInfo.h" #include "MediaSink.h" @@ -20,12 +19,9 @@ namespace mozilla { -class DecodedStream; class DecodedStreamData; class MediaData; -class MediaInputPort; class MediaStream; -class MediaStreamGraph; class OutputStreamManager; struct PlaybackInfoInit; class ProcessedMediaStream; @@ -33,69 +29,14 @@ class TimeStamp; template class MediaQueue; -class OutputStreamData { -public: - ~OutputStreamData(); - void Init(OutputStreamManager* aOwner, ProcessedMediaStream* aStream); - - // Connect mStream to the input stream. - void Connect(MediaStream* aStream); - // Disconnect mStream from its input stream. - // Return false is mStream is already destroyed, otherwise true. - bool Disconnect(); - // Return true if aStream points to the same object as mStream. - // Used by OutputStreamManager to remove an output stream. - bool Equals(MediaStream* aStream) - { - return mStream == aStream; - } - // Return the graph mStream belongs to. - MediaStreamGraph* Graph() const; - -private: - OutputStreamManager* mOwner; - RefPtr mStream; - // mPort connects our mStream to an input stream. - RefPtr mPort; -}; - -class OutputStreamManager { -public: - // Add the output stream to the collection. - void Add(ProcessedMediaStream* aStream, bool aFinishWhenEnded); - // Remove the output stream from the collection. - void Remove(MediaStream* aStream); - // Return true if the collection empty. - bool IsEmpty() const - { - MOZ_ASSERT(NS_IsMainThread()); - return mStreams.IsEmpty(); - } - // Connect all output streams in the collection to the input stream. - void Connect(MediaStream* aStream); - // Disconnect all output streams from the input stream. - void Disconnect(); - // Return the graph these streams belong to or null if empty. - MediaStreamGraph* Graph() const - { - MOZ_ASSERT(NS_IsMainThread()); - return !IsEmpty() ? mStreams[0].Graph() : nullptr; - } - -private: - // Keep the input stream so we can connect the output streams that - // are added after Connect(). - RefPtr mInputStream; - nsTArray mStreams; -}; - class DecodedStream : public media::MediaSink { using media::MediaSink::PlaybackParams; public: DecodedStream(AbstractThread* aOwnerThread, MediaQueue& aAudioQueue, - MediaQueue& aVideoQueue); + MediaQueue& aVideoQueue, + OutputStreamManager* aOutputStreamManager); // MediaSink functions. const PlaybackParams& GetPlaybackParams() const override; @@ -122,11 +63,8 @@ public: // TODO: fix these functions that don't fit into the interface of MediaSink. void BeginShutdown(); - void AddOutput(ProcessedMediaStream* aStream, bool aFinishWhenEnded); - void RemoveOutput(MediaStream* aStream); void SetSameOrigin(bool aSameOrigin); bool IsFinished() const; - bool HasConsumers() const; protected: virtual ~DecodedStream(); @@ -151,7 +89,7 @@ private: * Main thread only members. */ // Data about MediaStreams that are being fed by the decoder. - OutputStreamManager mOutputStreamManager; + const RefPtr mOutputStreamManager; // True if MDSM has begun shutdown. bool mShuttingDown; diff --git a/dom/media/mediasink/OutputStreamManager.cpp b/dom/media/mediasink/OutputStreamManager.cpp new file mode 100644 index 000000000..1d7c03448 --- /dev/null +++ b/dom/media/mediasink/OutputStreamManager.cpp @@ -0,0 +1,127 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "MediaStreamGraph.h" +#include "OutputStreamManager.h" + +namespace mozilla { + +OutputStreamData::~OutputStreamData() +{ + MOZ_ASSERT(NS_IsMainThread()); + // Break the connection to the input stream if necessary. + if (mPort) { + mPort->Destroy(); + } +} + +void +OutputStreamData::Init(OutputStreamManager* aOwner, ProcessedMediaStream* aStream) +{ + mOwner = aOwner; + mStream = aStream; +} + +void +OutputStreamData::Connect(MediaStream* aStream) +{ + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(!mPort, "Already connected?"); + MOZ_ASSERT(!mStream->IsDestroyed(), "Can't connect a destroyed stream."); + + mPort = mStream->AllocateInputPort(aStream); +} + +bool +OutputStreamData::Disconnect() +{ + MOZ_ASSERT(NS_IsMainThread()); + + // During cycle collection, DOMMediaStream can be destroyed and send + // its Destroy message before this decoder is destroyed. So we have to + // be careful not to send any messages after the Destroy(). + if (mStream->IsDestroyed()) { + return false; + } + + // Disconnect the existing port if necessary. + if (mPort) { + mPort->Destroy(); + mPort = nullptr; + } + return true; +} + +bool +OutputStreamData::Equals(MediaStream* aStream) const +{ + return mStream == aStream; +} + +MediaStreamGraph* +OutputStreamData::Graph() const +{ + return mStream->Graph(); +} + +void +OutputStreamManager::Add(ProcessedMediaStream* aStream, bool aFinishWhenEnded) +{ + MOZ_ASSERT(NS_IsMainThread()); + // All streams must belong to the same graph. + MOZ_ASSERT(!Graph() || Graph() == aStream->Graph()); + + // Ensure that aStream finishes the moment mDecodedStream does. + if (aFinishWhenEnded) { + aStream->SetAutofinish(true); + } + + OutputStreamData* p = mStreams.AppendElement(); + p->Init(this, aStream); + + // Connect to the input stream if we have one. Otherwise the output stream + // will be connected in Connect(). + if (mInputStream) { + p->Connect(mInputStream); + } +} + +void +OutputStreamManager::Remove(MediaStream* aStream) +{ + MOZ_ASSERT(NS_IsMainThread()); + for (int32_t i = mStreams.Length() - 1; i >= 0; --i) { + if (mStreams[i].Equals(aStream)) { + mStreams.RemoveElementAt(i); + break; + } + } +} + +void +OutputStreamManager::Connect(MediaStream* aStream) +{ + MOZ_ASSERT(NS_IsMainThread()); + mInputStream = aStream; + for (auto&& os : mStreams) { + os.Connect(aStream); + } +} + +void +OutputStreamManager::Disconnect() +{ + MOZ_ASSERT(NS_IsMainThread()); + mInputStream = nullptr; + for (int32_t i = mStreams.Length() - 1; i >= 0; --i) { + if (!mStreams[i].Disconnect()) { + // Probably the DOMMediaStream was GCed. Clean up. + mStreams.RemoveElementAt(i); + } + } +} + +} // namespace mozilla diff --git a/dom/media/mediasink/OutputStreamManager.h b/dom/media/mediasink/OutputStreamManager.h new file mode 100644 index 000000000..4245fb7ec --- /dev/null +++ b/dom/media/mediasink/OutputStreamManager.h @@ -0,0 +1,79 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef OutputStreamManager_h +#define OutputStreamManager_h + +#include "mozilla/RefPtr.h" +#include "nsTArray.h" + +namespace mozilla { + +class MediaInputPort; +class MediaStream; +class MediaStreamGraph; +class OutputStreamManager; +class ProcessedMediaStream; + +class OutputStreamData { +public: + ~OutputStreamData(); + void Init(OutputStreamManager* aOwner, ProcessedMediaStream* aStream); + + // Connect mStream to the input stream. + void Connect(MediaStream* aStream); + // Disconnect mStream from its input stream. + // Return false is mStream is already destroyed, otherwise true. + bool Disconnect(); + // Return true if aStream points to the same object as mStream. + // Used by OutputStreamManager to remove an output stream. + bool Equals(MediaStream* aStream) const; + // Return the graph mStream belongs to. + MediaStreamGraph* Graph() const; + +private: + OutputStreamManager* mOwner; + RefPtr mStream; + // mPort connects our mStream to an input stream. + RefPtr mPort; +}; + +class OutputStreamManager { + NS_INLINE_DECL_THREADSAFE_REFCOUNTING(OutputStreamManager); + +public: + // Add the output stream to the collection. + void Add(ProcessedMediaStream* aStream, bool aFinishWhenEnded); + // Remove the output stream from the collection. + void Remove(MediaStream* aStream); + // Return true if the collection empty. + bool IsEmpty() const + { + MOZ_ASSERT(NS_IsMainThread()); + return mStreams.IsEmpty(); + } + // Connect all output streams in the collection to the input stream. + void Connect(MediaStream* aStream); + // Disconnect all output streams from the input stream. + void Disconnect(); + // Return the graph these streams belong to or null if empty. + MediaStreamGraph* Graph() const + { + MOZ_ASSERT(NS_IsMainThread()); + return !IsEmpty() ? mStreams[0].Graph() : nullptr; + } + +private: + ~OutputStreamManager() {} + // Keep the input stream so we can connect the output streams that + // are added after Connect(). + RefPtr mInputStream; + nsTArray mStreams; +}; + +} // namespace mozilla + +#endif // OutputStreamManager_h diff --git a/dom/media/mediasink/moz.build b/dom/media/mediasink/moz.build index 228bd2e28..91875c199 100644 --- a/dom/media/mediasink/moz.build +++ b/dom/media/mediasink/moz.build @@ -8,6 +8,7 @@ UNIFIED_SOURCES += [ 'AudioSinkWrapper.cpp', 'DecodedAudioDataSink.cpp', 'DecodedStream.cpp', + 'OutputStreamManager.cpp', 'VideoSink.cpp', ] diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index 23edde2dd..7471da769 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -859,7 +859,6 @@ nsIOService::NewChannelFromURIWithProxyFlags2(nsIURI* aURI, aSecurityFlags, aContentPolicyType); } - NS_ASSERTION(loadInfo, "Please pass security info when creating a channel"); return NewChannelFromURIWithProxyFlagsInternal(aURI, aProxyURI, aProxyFlags, @@ -933,7 +932,6 @@ nsIOService::NewChannel2(const nsACString& aSpec, NS_IMETHODIMP nsIOService::NewChannel(const nsACString &aSpec, const char *aCharset, nsIURI *aBaseURI, nsIChannel **result) { - NS_ASSERTION(false, "Deprecated, use NewChannel2 providing loadInfo arguments!"); return NewChannel2(aSpec, aCharset, aBaseURI, diff --git a/security/certverifier/ExtendedValidation.cpp b/security/certverifier/ExtendedValidation.cpp index 3755c0fe7..9184d039c 100644 --- a/security/certverifier/ExtendedValidation.cpp +++ b/security/certverifier/ExtendedValidation.cpp @@ -21,16 +21,18 @@ extern PRLogModuleInfo* gPIPNSSLog; #define CONST_OID static const unsigned char #define OI(x) { siDEROID, (unsigned char*) x, sizeof x } +// As of TenFourFox FPR9, the oid_tag and cert members are now moved +// into separate arrays so that we can more easily maintain EV roots +// from ESR60+ (TenFourFox issue 512). We can just cut and paste now. + struct nsMyTrustedEVInfo { const char* dotted_oid; const char* oid_name; // Set this to null to signal an invalid structure, // (We can't have an empty list, so we'll use a dummy entry) - SECOidTag oid_tag; const unsigned char ev_root_sha256_fingerprint[SHA256_LENGTH]; const char* issuer_base64; const char* serial_base64; - CERTCertificate* cert; }; // HOWTO enable additional CA root certificates for EV: @@ -117,13 +119,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { // following entry with the new fingerprint, issuer, and serial number. "1.3.6.1.4.1.13769.666.666.666.1.500.9.1", "DEBUGtesting EV OID", - SEC_OID_UNKNOWN, { 0xE4, 0xFB, 0x04, 0x16, 0x10, 0x32, 0x67, 0x08, 0x6C, 0x84, 0x2E, 0x91, 0xF3, 0xEF, 0x0E, 0x45, 0x99, 0xBC, 0xA8, 0x54, 0x73, 0xF5, 0x03, 0x2C, 0x7B, 0xDC, 0x09, 0x70, 0x76, 0x49, 0xBF, 0xAA }, "MBExDzANBgNVBAMMBmV2cm9vdA==", "W9j5PS8YoKgynZdYa9i2Kwexnp8=", - nullptr }, { // This is an RSA root with an inadequate key size. It is used to test that @@ -142,101 +142,42 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { // following entry with the new fingerprint, issuer, and serial number. "1.3.6.1.4.1.13769.666.666.666.1.500.9.1", "DEBUGtesting EV OID", - SEC_OID_UNKNOWN, { 0x49, 0x46, 0x10, 0xF4, 0xF5, 0xB1, 0x96, 0xE7, 0xFB, 0xFA, 0x4D, 0xA6, 0x34, 0x03, 0xD0, 0x99, 0x22, 0xD4, 0x77, 0x20, 0x3F, 0x84, 0xE0, 0xDF, 0x1C, 0xAD, 0xB4, 0xC2, 0x76, 0xBB, 0x63, 0x24 }, "MBsxGTAXBgNVBAMMEGV2X3Jvb3RfcnNhXzIwNDA=", "P1iIBgxk6kH+x64EUBTV3qoHuas=", - nullptr }, #endif - { - // OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP - "1.2.392.200091.100.721.1", - "SECOM EV OID", - SEC_OID_UNKNOWN, - { 0xA2, 0x2D, 0xBA, 0x68, 0x1E, 0x97, 0x37, 0x6E, 0x2D, 0x39, 0x7D, - 0x72, 0x8A, 0xAE, 0x3A, 0x9B, 0x62, 0x96, 0xB9, 0xFD, 0xBA, 0x60, - 0xBC, 0x2E, 0x11, 0xF6, 0x47, 0xF2, 0xC6, 0x75, 0xFB, 0x37 }, - "MGAxCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENP" - "LixMVEQuMSowKAYDVQQLEyFTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVWIFJvb3RD" - "QTE=", - "AA==", - nullptr - }, +// +// Paste new EV roots here. +// { // CN=Cybertrust Global Root,O=Cybertrust, Inc "1.3.6.1.4.1.6334.1.100.1", "Cybertrust EV OID", - SEC_OID_UNKNOWN, { 0x96, 0x0A, 0xDF, 0x00, 0x63, 0xE9, 0x63, 0x56, 0x75, 0x0C, 0x29, 0x65, 0xDD, 0x0A, 0x08, 0x67, 0xDA, 0x0B, 0x9C, 0xBD, 0x6E, 0x77, 0x71, 0x4A, 0xEA, 0xFB, 0x23, 0x49, 0xAB, 0x39, 0x3D, 0xA3 }, "MDsxGDAWBgNVBAoTD0N5YmVydHJ1c3QsIEluYzEfMB0GA1UEAxMWQ3liZXJ0cnVz" "dCBHbG9iYWwgUm9vdA==", "BAAAAAABD4WqLUg=", - nullptr }, { // CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH "2.16.756.1.89.1.2.1.1", "SwissSign EV OID", - SEC_OID_UNKNOWN, { 0x62, 0xDD, 0x0B, 0xE9, 0xB9, 0xF5, 0x0A, 0x16, 0x3E, 0xA0, 0xF8, 0xE7, 0x5C, 0x05, 0x3B, 0x1E, 0xCA, 0x57, 0xEA, 0x55, 0xC8, 0x68, 0x8F, 0x64, 0x7C, 0x68, 0x81, 0xF2, 0xC8, 0x35, 0x7B, 0x95 }, "MEUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMT" "FlN3aXNzU2lnbiBHb2xkIENBIC0gRzI=", "ALtAHEP1Xk+w", - nullptr - }, - { - // CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL - "1.3.6.1.4.1.23223.1.1.1", - "StartCom EV OID", - SEC_OID_UNKNOWN, - { 0xC7, 0x66, 0xA9, 0xBE, 0xF2, 0xD4, 0x07, 0x1C, 0x86, 0x3A, 0x31, - 0xAA, 0x49, 0x20, 0xE8, 0x13, 0xB2, 0xD1, 0x98, 0x60, 0x8C, 0xB7, - 0xB7, 0xCF, 0xE2, 0x11, 0x43, 0xB8, 0x36, 0xDF, 0x09, 0xEA }, - "MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL" - "EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT" - "dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==", - "AQ==", - nullptr - }, - { - // CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL - "1.3.6.1.4.1.23223.1.1.1", - "StartCom EV OID", - SEC_OID_UNKNOWN, - { 0xE1, 0x78, 0x90, 0xEE, 0x09, 0xA3, 0xFB, 0xF4, 0xF4, 0x8B, 0x9C, - 0x41, 0x4A, 0x17, 0xD6, 0x37, 0xB7, 0xA5, 0x06, 0x47, 0xE9, 0xBC, - 0x75, 0x23, 0x22, 0x72, 0x7F, 0xCC, 0x17, 0x42, 0xA9, 0x11 }, - "MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL" - "EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT" - "dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==", - "LQ==", - nullptr - }, - { - // CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL - "1.3.6.1.4.1.23223.1.1.1", - "StartCom EV OID", - SEC_OID_UNKNOWN, - { 0xC7, 0xBA, 0x65, 0x67, 0xDE, 0x93, 0xA7, 0x98, 0xAE, 0x1F, 0xAA, - 0x79, 0x1E, 0x71, 0x2D, 0x37, 0x8F, 0xAE, 0x1F, 0x93, 0xC4, 0x39, - 0x7F, 0xEA, 0x44, 0x1B, 0xB7, 0xCB, 0xE6, 0xFD, 0x59, 0x95 }, - "MFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYDVQQD" - "EyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMg==", - "Ow==", - nullptr }, { // CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US "2.16.840.1.113733.1.7.23.6", "VeriSign EV OID", - SEC_OID_UNKNOWN, { 0x9A, 0xCF, 0xAB, 0x7E, 0x43, 0xC8, 0xD8, 0x80, 0xD0, 0x6B, 0x26, 0x2A, 0x94, 0xDE, 0xEE, 0xE4, 0xB4, 0x65, 0x99, 0x89, 0xC3, 0xD0, 0xCA, 0xF1, 0x9B, 0xAF, 0x64, 0x05, 0xE4, 0x1A, 0xB7, 0xDF }, @@ -246,26 +187,22 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "PFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB" "dXRob3JpdHkgLSBHNQ==", "GNrRniZ96LtKIVjNzGs7Sg==", - nullptr }, { // CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US "1.3.6.1.4.1.14370.1.6", "GeoTrust EV OID", - SEC_OID_UNKNOWN, { 0x37, 0xD5, 0x10, 0x06, 0xC5, 0x12, 0xEA, 0xAB, 0x62, 0x64, 0x21, 0xF1, 0xEC, 0x8C, 0x92, 0x01, 0x3F, 0xC5, 0xF8, 0x2A, 0xE9, 0x8E, 0xE5, 0x33, 0xEB, 0x46, 0x19, 0xB8, 0xDE, 0xB4, 0xD0, 0x6C }, "MFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQD" "EyhHZW9UcnVzdCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5", "GKy1av1pthU6Y2yv2vrEoQ==", - nullptr }, { // CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US "2.16.840.1.113733.1.7.48.1", "Thawte EV OID", - SEC_OID_UNKNOWN, { 0x8D, 0x72, 0x2F, 0x81, 0xA9, 0xC1, 0x13, 0xC0, 0x79, 0x1D, 0xF1, 0x36, 0xA2, 0x96, 0x6D, 0xB2, 0x6C, 0x95, 0x0A, 0x97, 0x1D, 0xB4, 0x6B, 0x41, 0x99, 0xF4, 0xEA, 0x54, 0xB7, 0x8B, 0xFB, 0x9F }, @@ -274,13 +211,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "MjAwNiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0G" "A1UEAxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQQ==", "NE7VVyDV7exJ9C/ON9srbQ==", - nullptr }, { // CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US "2.16.840.1.114404.1.1.2.4.1", "Trustwave EV OID", - SEC_OID_UNKNOWN, { 0xCE, 0xCD, 0xDC, 0x90, 0x50, 0x99, 0xD8, 0xDA, 0xDF, 0xC5, 0xB1, 0xD2, 0x09, 0xB7, 0x37, 0xCB, 0xE2, 0xC1, 0x8C, 0xFB, 0x2C, 0x10, 0xC0, 0xFF, 0x0B, 0xCF, 0x0D, 0x32, 0x86, 0xFC, 0x1A, 0xA2 }, @@ -288,39 +223,33 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "MSQwIgYDVQQKExtYUmFtcCBTZWN1cml0eSBTZXJ2aWNlcyBJbmMxLTArBgNVBAMT" "JFhSYW1wIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==", "UJRs7Bjq1ZxN1ZfvdY+grQ==", - nullptr }, { // CN=SecureTrust CA,O=SecureTrust Corporation,C=US "2.16.840.1.114404.1.1.2.4.1", "Trustwave EV OID", - SEC_OID_UNKNOWN, { 0xF1, 0xC1, 0xB5, 0x0A, 0xE5, 0xA2, 0x0D, 0xD8, 0x03, 0x0E, 0xC9, 0xF6, 0xBC, 0x24, 0x82, 0x3D, 0xD3, 0x67, 0xB5, 0x25, 0x57, 0x59, 0xB4, 0xE7, 0x1B, 0x61, 0xFC, 0xE9, 0xF7, 0x37, 0x5D, 0x73 }, "MEgxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdTZWN1cmVUcnVzdCBDb3Jwb3JhdGlv" "bjEXMBUGA1UEAxMOU2VjdXJlVHJ1c3QgQ0E=", "DPCOXAgWpa1Cf/DrJxhZ0A==", - nullptr }, { // CN=Secure Global CA,O=SecureTrust Corporation,C=US "2.16.840.1.114404.1.1.2.4.1", "Trustwave EV OID", - SEC_OID_UNKNOWN, { 0x42, 0x00, 0xF5, 0x04, 0x3A, 0xC8, 0x59, 0x0E, 0xBB, 0x52, 0x7D, 0x20, 0x9E, 0xD1, 0x50, 0x30, 0x29, 0xFB, 0xCB, 0xD4, 0x1C, 0xA1, 0xB5, 0x06, 0xEC, 0x27, 0xF1, 0x5A, 0xDE, 0x7D, 0xAC, 0x69 }, "MEoxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdTZWN1cmVUcnVzdCBDb3Jwb3JhdGlv" "bjEZMBcGA1UEAxMQU2VjdXJlIEdsb2JhbCBDQQ==", "B1YipOjUiolN9BPI8PjqpQ==", - nullptr }, { // CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB "1.3.6.1.4.1.6449.1.2.1.5.1", "Comodo EV OID", - SEC_OID_UNKNOWN, { 0x17, 0x93, 0x92, 0x7A, 0x06, 0x14, 0x54, 0x97, 0x89, 0xAD, 0xCE, 0x2F, 0x8F, 0x34, 0xF7, 0xF0, 0xB6, 0x6D, 0x0F, 0x3A, 0xE3, 0xA3, 0xB8, 0x4D, 0x21, 0xEC, 0x15, 0xDB, 0xBA, 0x4F, 0xAD, 0xC7 }, @@ -328,13 +257,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "DgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkG" "A1UEAxMiQ09NT0RPIEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==", "H0evqmIAcFBUTAGem2OZKg==", - nullptr }, { // CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB "1.3.6.1.4.1.6449.1.2.1.5.1", "Comodo EV OID", - SEC_OID_UNKNOWN, { 0x0C, 0x2C, 0xD6, 0x3D, 0xF7, 0x80, 0x6F, 0xA3, 0x99, 0xED, 0xE8, 0x09, 0x11, 0x6B, 0x57, 0x5B, 0xF8, 0x79, 0x89, 0xF0, 0x65, 0x18, 0xF9, 0x80, 0x8C, 0x86, 0x05, 0x03, 0x17, 0x8B, 0xAF, 0x66 }, @@ -342,13 +269,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "DgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEnMCUG" "A1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5", "ToEtioJl4AsC7j41AkblPQ==", - nullptr }, { // CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE "1.3.6.1.4.1.6449.1.2.1.5.1", "Comodo EV OID", - SEC_OID_UNKNOWN, { 0x68, 0x7F, 0xA4, 0x51, 0x38, 0x22, 0x78, 0xFF, 0xF0, 0xC8, 0xB1, 0x1F, 0x8D, 0x43, 0xD5, 0x76, 0x67, 0x1C, 0x6E, 0xB2, 0xBC, 0xEA, 0xB4, 0x13, 0xFB, 0x83, 0xD9, 0x65, 0xD0, 0x6D, 0x2F, 0xF2 }, @@ -356,28 +281,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "QWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0" "IEV4dGVybmFsIENBIFJvb3Q=", "AQ==", - nullptr - }, - { - // CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US - "1.3.6.1.4.1.6449.1.2.1.5.1", - "Comodo EV OID", - SEC_OID_UNKNOWN, - { 0x6E, 0xA5, 0x47, 0x41, 0xD0, 0x04, 0x66, 0x7E, 0xED, 0x1B, 0x48, - 0x16, 0x63, 0x4A, 0xA3, 0xA7, 0x9E, 0x6E, 0x4B, 0x96, 0x95, 0x0F, - 0x82, 0x79, 0xDA, 0xFC, 0x8D, 0x9B, 0xD8, 0x81, 0x21, 0x37 }, - "MIGXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFr" - "ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsT" - "GGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEfMB0GA1UEAxMWVVROLVVTRVJGaXJz" - "dC1IYXJkd2FyZQ==", - "RL4Mi1AAJLQR0zYq/mUK/Q==", - nullptr }, { // OU=Go Daddy Class 2 Certification Authority,O=\"The Go Daddy Group, Inc.\",C=US "2.16.840.1.114413.1.7.23.3", "Go Daddy EV OID a", - SEC_OID_UNKNOWN, { 0xC3, 0x84, 0x6B, 0xF2, 0x4B, 0x9E, 0x93, 0xCA, 0x64, 0x27, 0x4C, 0x0E, 0xC6, 0x7C, 0x1E, 0xCC, 0x5E, 0x02, 0x4F, 0xFC, 0xAC, 0xD2, 0xD7, 0x40, 0x19, 0x35, 0x0E, 0x81, 0xFE, 0x54, 0x6A, 0xE4 }, @@ -385,13 +293,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "Yy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRo" "b3JpdHk=", "AA==", - nullptr }, { // CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US "2.16.840.1.114413.1.7.23.3", "Go Daddy EV OID a", - SEC_OID_UNKNOWN, { 0x45, 0x14, 0x0B, 0x32, 0x47, 0xEB, 0x9C, 0xC8, 0xC5, 0xB4, 0xF0, 0xD7, 0xB5, 0x30, 0x91, 0xF7, 0x32, 0x92, 0x08, 0x9E, 0x6E, 0x5A, 0x63, 0xE2, 0x74, 0x9D, 0xD3, 0xAC, 0xA9, 0x19, 0x8E, 0xDA }, @@ -399,13 +305,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "dHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdv" "IERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzI=", "AA==", - nullptr }, { // OU=Starfield Class 2 Certification Authority,O=\"Starfield Technologies, Inc.\",C=US "2.16.840.1.114414.1.7.23.3", "Go Daddy EV OID b", - SEC_OID_UNKNOWN, { 0x14, 0x65, 0xFA, 0x20, 0x53, 0x97, 0xB8, 0x76, 0xFA, 0xA6, 0xF0, 0xA9, 0x95, 0x8E, 0x55, 0x90, 0xE4, 0x0F, 0xCC, 0x7F, 0xAA, 0x4F, 0xB7, 0xC2, 0xC8, 0x67, 0x75, 0x21, 0xFB, 0x5F, 0xB6, 0x58 }, @@ -413,13 +317,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "LCBJbmMuMTIwMAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9u" "IEF1dGhvcml0eQ==", "AA==", - nullptr }, { // CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US "2.16.840.1.114414.1.7.23.3", "Go Daddy EV OID b", - SEC_OID_UNKNOWN, { 0x2C, 0xE1, 0xCB, 0x0B, 0xF9, 0xD2, 0xF9, 0xE1, 0x02, 0x99, 0x3F, 0xBE, 0x21, 0x51, 0x52, 0xC3, 0xB2, 0xDD, 0x0C, 0xAB, 0xDE, 0x1C, 0x68, 0xE5, 0x31, 0x9B, 0x83, 0x91, 0x54, 0xDB, 0xB7, 0xF5 }, @@ -428,13 +330,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "MDAGA1UEAxMpU3RhcmZpZWxkIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0g" "RzI=", "AA==", - nullptr }, { // CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US "2.16.840.1.114412.2.1", "DigiCert EV OID", - SEC_OID_UNKNOWN, { 0x74, 0x31, 0xE5, 0xF4, 0xC3, 0xC1, 0xCE, 0x46, 0x90, 0x77, 0x4F, 0x0B, 0x61, 0xE0, 0x54, 0x40, 0x88, 0x3B, 0xA9, 0xA0, 0x1E, 0xD0, 0x0B, 0xA6, 0xAB, 0xD7, 0x80, 0x6E, 0xD3, 0xB1, 0x18, 0xCF }, @@ -442,26 +342,22 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "EHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJh" "bmNlIEVWIFJvb3QgQ0E=", "AqxcJmoLQJuPC3nyrkYldw==", - nullptr }, { // CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM "1.3.6.1.4.1.8024.0.2.100.1.2", "Quo Vadis EV OID", - SEC_OID_UNKNOWN, { 0x85, 0xA0, 0xDD, 0x7D, 0xD7, 0x20, 0xAD, 0xB7, 0xFF, 0x05, 0xF8, 0x3D, 0x54, 0x2B, 0x20, 0x9D, 0xC7, 0xFF, 0x45, 0x28, 0xF7, 0xD6, 0x77, 0xB1, 0x83, 0x89, 0xFE, 0xA5, 0xE5, 0xC4, 0x9E, 0x86 }, "MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYD" "VQQDExJRdW9WYWRpcyBSb290IENBIDI=", "BQk=", - nullptr }, { // CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US "1.3.6.1.4.1.782.1.2.1.8.1", "Network Solutions EV OID", - SEC_OID_UNKNOWN, { 0x15, 0xF0, 0xBA, 0x00, 0xA3, 0xAC, 0x7A, 0xF3, 0xAC, 0x88, 0x4C, 0x07, 0x2B, 0x10, 0x11, 0xA0, 0x77, 0xBD, 0x77, 0xC0, 0x97, 0xF4, 0x01, 0x64, 0xB2, 0xF8, 0x59, 0x8A, 0xBD, 0x83, 0x86, 0x0C }, @@ -469,13 +365,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "Qy4xMDAuBgNVBAMTJ05ldHdvcmsgU29sdXRpb25zIENlcnRpZmljYXRlIEF1dGhv" "cml0eQ==", "V8szb8JcFuZHFhfjkDFo4A==", - nullptr }, { // CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US "2.16.840.1.114028.10.1.2", "Entrust EV OID", - SEC_OID_UNKNOWN, { 0x73, 0xC1, 0x76, 0x43, 0x4F, 0x1B, 0xC6, 0xD5, 0xAD, 0xF4, 0x5B, 0x0E, 0x76, 0xE7, 0x27, 0x28, 0x7C, 0x8D, 0xE5, 0x76, 0x16, 0xC1, 0xE6, 0xE6, 0x14, 0x1A, 0x2B, 0x2C, 0xBC, 0x7D, 0x8E, 0x4C }, @@ -484,78 +378,66 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "bmNlMR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRF" "bnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHk=", "RWtQVA==", - nullptr }, { // CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE "1.3.6.1.4.1.4146.1.1", "GlobalSign EV OID", - SEC_OID_UNKNOWN, { 0xEB, 0xD4, 0x10, 0x40, 0xE4, 0xBB, 0x3E, 0xC7, 0x42, 0xC9, 0xE3, 0x81, 0xD3, 0x1E, 0xF2, 0xA4, 0x1A, 0x48, 0xB6, 0x68, 0x5C, 0x96, 0xE7, 0xCE, 0xF3, 0xC1, 0xDF, 0x6C, 0xD4, 0x33, 0x1C, 0x99 }, "MFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYD" "VQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0E=", "BAAAAAABFUtaw5Q=", - nullptr }, { // CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 "1.3.6.1.4.1.4146.1.1", "GlobalSign EV OID", - SEC_OID_UNKNOWN, { 0xCA, 0x42, 0xDD, 0x41, 0x74, 0x5F, 0xD0, 0xB8, 0x1E, 0xB9, 0x02, 0x36, 0x2C, 0xF9, 0xD8, 0xBF, 0x71, 0x9D, 0xA1, 0xBD, 0x1B, 0x1E, 0xFC, 0x94, 0x6F, 0x5B, 0x4C, 0x99, 0xF4, 0x2C, 0x1B, 0x9E }, "MEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMwEQYDVQQKEwpH" "bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu", "BAAAAAABD4Ym5g0=", - nullptr }, { // CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 "1.3.6.1.4.1.4146.1.1", "GlobalSign EV OID", - SEC_OID_UNKNOWN, { 0xCB, 0xB5, 0x22, 0xD7, 0xB7, 0xF1, 0x27, 0xAD, 0x6A, 0x01, 0x13, 0x86, 0x5B, 0xDF, 0x1C, 0xD4, 0x10, 0x2E, 0x7D, 0x07, 0x59, 0xAF, 0x63, 0x5A, 0x7C, 0xF4, 0x72, 0x0D, 0xC9, 0x63, 0xC5, 0x3B }, "MEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpH" "bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu", "BAAAAAABIVhTCKI=", - nullptr }, { // CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO "2.16.578.1.26.1.3.3", "Buypass EV OID", - SEC_OID_UNKNOWN, { 0xED, 0xF7, 0xEB, 0xBC, 0xA2, 0x7A, 0x2A, 0x38, 0x4D, 0x38, 0x7B, 0x7D, 0x40, 0x10, 0xC6, 0x66, 0xE2, 0xED, 0xB4, 0x84, 0x3E, 0x4C, 0x29, 0xB4, 0xAE, 0x1D, 0x5B, 0x93, 0x32, 0xE6, 0xB2, 0x4D }, "ME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2MzMyNzEg" "MB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAzIFJvb3QgQ0E=", "Ag==", - nullptr }, { // CN=Class 2 Primary CA,O=Certplus,C=FR "1.3.6.1.4.1.22234.2.5.2.3.1", "Certplus EV OID", - SEC_OID_UNKNOWN, { 0x0F, 0x99, 0x3C, 0x8A, 0xEF, 0x97, 0xBA, 0xAF, 0x56, 0x87, 0x14, 0x0E, 0xD5, 0x9A, 0xD1, 0x82, 0x1B, 0xB4, 0xAF, 0xAC, 0xF0, 0xAA, 0x9A, 0x58, 0xB5, 0xD5, 0x7A, 0x33, 0x8A, 0x3A, 0xFB, 0xCB }, "MD0xCzAJBgNVBAYTAkZSMREwDwYDVQQKEwhDZXJ0cGx1czEbMBkGA1UEAxMSQ2xh" "c3MgMiBQcmltYXJ5IENB", "AIW9S/PY2uNp9pTXX8OlRCM=", - nullptr }, { // CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU "1.3.6.1.4.1.17326.10.14.2.1.2", "Camerfirma EV OID a", - SEC_OID_UNKNOWN, { 0x06, 0x3E, 0x4A, 0xFA, 0xC4, 0x91, 0xDF, 0xD3, 0x32, 0xF3, 0x08, 0x9B, 0x85, 0x42, 0xE9, 0x46, 0x17, 0xD8, 0x93, 0xD7, 0xFE, 0x94, 0x4E, 0x10, 0xA7, 0x93, 0x7E, 0xE2, 0x9D, 0x96, 0x93, 0xC0 }, @@ -564,13 +446,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMT" "IENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4", "AKPaQn6ksa7a", - nullptr }, { // CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU "1.3.6.1.4.1.17326.10.8.12.1.2", "Camerfirma EV OID b", - SEC_OID_UNKNOWN, { 0x13, 0x63, 0x35, 0x43, 0x93, 0x34, 0xA7, 0x69, 0x80, 0x16, 0xA0, 0xD3, 0x24, 0xDE, 0x72, 0x28, 0x4E, 0x07, 0x9D, 0x7B, 0x52, 0x20, 0xBB, 0x8F, 0xBD, 0x74, 0x78, 0x16, 0xEE, 0xBE, 0xBA, 0xCA }, @@ -579,65 +459,55 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMT" "Hkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwOA==", "AMnN0+nVfSPO", - nullptr }, { // CN=AffirmTrust Commercial,O=AffirmTrust,C=US "1.3.6.1.4.1.34697.2.1", "AffirmTrust EV OID a", - SEC_OID_UNKNOWN, { 0x03, 0x76, 0xAB, 0x1D, 0x54, 0xC5, 0xF9, 0x80, 0x3C, 0xE4, 0xB2, 0xE2, 0x01, 0xA0, 0xEE, 0x7E, 0xEF, 0x7B, 0x57, 0xB6, 0x36, 0xE8, 0xA9, 0x3C, 0x9B, 0x8D, 0x48, 0x60, 0xC9, 0x6F, 0x5F, 0xA7 }, "MEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwW" "QWZmaXJtVHJ1c3QgQ29tbWVyY2lhbA==", "d3cGJyapsXw=", - nullptr }, { // CN=AffirmTrust Networking,O=AffirmTrust,C=US "1.3.6.1.4.1.34697.2.2", "AffirmTrust EV OID b", - SEC_OID_UNKNOWN, { 0x0A, 0x81, 0xEC, 0x5A, 0x92, 0x97, 0x77, 0xF1, 0x45, 0x90, 0x4A, 0xF3, 0x8D, 0x5D, 0x50, 0x9F, 0x66, 0xB5, 0xE2, 0xC5, 0x8F, 0xCD, 0xB5, 0x31, 0x05, 0x8B, 0x0E, 0x17, 0xF3, 0xF0, 0xB4, 0x1B }, "MEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwW" "QWZmaXJtVHJ1c3QgTmV0d29ya2luZw==", "fE8EORzUmS0=", - nullptr }, { // CN=AffirmTrust Premium,O=AffirmTrust,C=US "1.3.6.1.4.1.34697.2.3", "AffirmTrust EV OID c", - SEC_OID_UNKNOWN, { 0x70, 0xA7, 0x3F, 0x7F, 0x37, 0x6B, 0x60, 0x07, 0x42, 0x48, 0x90, 0x45, 0x34, 0xB1, 0x14, 0x82, 0xD5, 0xBF, 0x0E, 0x69, 0x8E, 0xCC, 0x49, 0x8D, 0xF5, 0x25, 0x77, 0xEB, 0xF2, 0xE9, 0x3B, 0x9A }, "MEExCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEcMBoGA1UEAwwT" "QWZmaXJtVHJ1c3QgUHJlbWl1bQ==", "bYwURrGmCu4=", - nullptr }, { // CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US "1.3.6.1.4.1.34697.2.4", "AffirmTrust EV OID d", - SEC_OID_UNKNOWN, { 0xBD, 0x71, 0xFD, 0xF6, 0xDA, 0x97, 0xE4, 0xCF, 0x62, 0xD1, 0x64, 0x7A, 0xDD, 0x25, 0x81, 0xB0, 0x7D, 0x79, 0xAD, 0xF8, 0x39, 0x7E, 0xB4, 0xEC, 0xBA, 0x9C, 0x5E, 0x84, 0x88, 0x82, 0x14, 0x23 }, "MEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwX" "QWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0M=", "dJclisc/elQ=", - nullptr }, { // CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL "1.2.616.1.113527.2.5.1.1", "Certum EV OID", - SEC_OID_UNKNOWN, { 0x5C, 0x58, 0x46, 0x8D, 0x55, 0xF5, 0x8E, 0x49, 0x7E, 0x74, 0x39, 0x82, 0xD2, 0xB5, 0x00, 0x10, 0xB6, 0xD1, 0x65, 0x37, 0x4A, 0xCF, 0x83, 0xA7, 0xD4, 0xA3, 0x2D, 0xB7, 0x68, 0xC4, 0x40, 0x8E }, @@ -645,39 +515,45 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAg" "BgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0E=", "BETA", - nullptr + }, + { + // CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL + "1.2.616.1.113527.2.5.1.1", + "Certum EV OID", + { 0xB6, 0x76, 0xF2, 0xED, 0xDA, 0xE8, 0x77, 0x5C, 0xD3, 0x6C, 0xB0, + 0xF6, 0x3C, 0xD1, 0xD4, 0x60, 0x39, 0x61, 0xF4, 0x9E, 0x62, 0x65, + 0xBA, 0x01, 0x3A, 0x2F, 0x03, 0x07, 0xB6, 0xD0, 0xB8, 0x04 }, + "MIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg" + "Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSQw" + "IgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBIDI=", + "IdbQSk8lD8kyN/yqXhKN6Q==", }, { // CN=Izenpe.com,O=IZENPE S.A.,C=ES "1.3.6.1.4.1.14777.6.1.1", "Izenpe EV OID 1", - SEC_OID_UNKNOWN, { 0x25, 0x30, 0xCC, 0x8E, 0x98, 0x32, 0x15, 0x02, 0xBA, 0xD9, 0x6F, 0x9B, 0x1F, 0xBA, 0x1B, 0x09, 0x9E, 0x2D, 0x29, 0x9E, 0x0F, 0x45, 0x48, 0xBB, 0x91, 0x4F, 0x36, 0x3B, 0xC0, 0xD4, 0x53, 0x1F }, "MDgxCzAJBgNVBAYTAkVTMRQwEgYDVQQKDAtJWkVOUEUgUy5BLjETMBEGA1UEAwwK" "SXplbnBlLmNvbQ==", "ALC3WhZIX7/hy/WL1xnmfQ==", - nullptr }, { // CN=Izenpe.com,O=IZENPE S.A.,C=ES "1.3.6.1.4.1.14777.6.1.2", "Izenpe EV OID 2", - SEC_OID_UNKNOWN, { 0x25, 0x30, 0xCC, 0x8E, 0x98, 0x32, 0x15, 0x02, 0xBA, 0xD9, 0x6F, 0x9B, 0x1F, 0xBA, 0x1B, 0x09, 0x9E, 0x2D, 0x29, 0x9E, 0x0F, 0x45, 0x48, 0xBB, 0x91, 0x4F, 0x36, 0x3B, 0xC0, 0xD4, 0x53, 0x1F }, "MDgxCzAJBgNVBAYTAkVTMRQwEgYDVQQKDAtJWkVOUEUgUy5BLjETMBEGA1UEAwwK" "SXplbnBlLmNvbQ==", "ALC3WhZIX7/hy/WL1xnmfQ==", - nullptr }, { // CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE "1.3.6.1.4.1.7879.13.24.1", "T-Systems EV OID", - SEC_OID_UNKNOWN, { 0xFD, 0x73, 0xDA, 0xD3, 0x1C, 0x64, 0x4F, 0xF1, 0xB4, 0x3B, 0xEF, 0x0C, 0xCD, 0xDA, 0x96, 0x71, 0x0B, 0x9C, 0xD9, 0x87, 0x5E, 0xCA, 0x7E, 0x31, 0x70, 0x7A, 0xF3, 0xE9, 0x6D, 0x52, 0x2B, 0xBD }, @@ -685,43 +561,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "U2VydmljZXMgR21iSDEfMB0GA1UECwwWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjEl" "MCMGA1UEAwwcVC1UZWxlU2VjIEdsb2JhbFJvb3QgQ2xhc3MgMw==", "AQ==", - nullptr - }, - { - // CN=TURKTRUST Elektronik Sertifika Hizmet Saglayicisi,O=TURKTRUST Bilgi Illetisim ve Bilisim Guvenligi Hizmetleri A.S.,C=TR - "2.16.792.3.0.3.1.1.5", - "TurkTrust EV OID", - SEC_OID_UNKNOWN, - { 0x97, 0x8C, 0xD9, 0x66, 0xF2, 0xFA, 0xA0, 0x7B, 0xA7, 0xAA, 0x95, - 0x00, 0xD9, 0xC0, 0x2E, 0x9D, 0x77, 0xF2, 0xCD, 0xAD, 0xA6, 0xAD, - 0x6B, 0xA7, 0x4A, 0xF4, 0xB9, 0x1C, 0x66, 0x59, 0x3C, 0x50 }, - "MIG/MT8wPQYDVQQDDDZUw5xSS1RSVVNUIEVsZWt0cm9uaWsgU2VydGlmaWthIEhp" - "em1ldCBTYcSfbGF5xLFjxLFzxLExCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmth" - "cmExXjBcBgNVBAoMVVTDnFJLVFJVU1QgQmlsZ2kgxLBsZXRpxZ9pbSB2ZSBCaWxp" - "xZ9pbSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEuxZ4uIChjKSBBcmFsxLFrIDIw" - "MDc=", - "AQ==", - nullptr - }, - { - // CN=China Internet Network Information Center EV Certificates Root,O=China Internet Network Information Center,C=CN - "1.3.6.1.4.1.29836.1.10", - "CNNIC EV OID", - SEC_OID_UNKNOWN, - { 0x1C, 0x01, 0xC6, 0xF4, 0xDB, 0xB2, 0xFE, 0xFC, 0x22, 0x55, 0x8B, - 0x2B, 0xCA, 0x32, 0x56, 0x3F, 0x49, 0x84, 0x4A, 0xCF, 0xC3, 0x2B, - 0x7B, 0xE4, 0xB0, 0xFF, 0x59, 0x9F, 0x9E, 0x8C, 0x7A, 0xF7 }, - "MIGKMQswCQYDVQQGEwJDTjEyMDAGA1UECgwpQ2hpbmEgSW50ZXJuZXQgTmV0d29y" - "ayBJbmZvcm1hdGlvbiBDZW50ZXIxRzBFBgNVBAMMPkNoaW5hIEludGVybmV0IE5l" - "dHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyIEVWIENlcnRpZmljYXRlcyBSb290", - "SJ8AAQ==", - nullptr }, { // CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW "1.3.6.1.4.1.40869.1.1.22.3", "TWCA EV OID", - SEC_OID_UNKNOWN, { 0xBF, 0xD8, 0x8F, 0xE1, 0x10, 0x1C, 0x41, 0xAE, 0x3E, 0x80, 0x1B, 0xF8, 0xBE, 0x56, 0x35, 0x0E, 0xE9, 0xBA, 0xD1, 0xA6, 0xB9, 0xBD, 0x51, 0x5E, 0xDC, 0x5C, 0x6D, 0x5B, 0x87, 0x11, 0xAC, 0x44 }, @@ -729,40 +573,22 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "b3QgQ0ExKjAoBgNVBAMMIVRXQ0EgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0" "eQ==", "AQ==", - nullptr }, { // CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE "1.3.6.1.4.1.4788.2.202.1", "D-TRUST EV OID", - SEC_OID_UNKNOWN, { 0xEE, 0xC5, 0x49, 0x6B, 0x98, 0x8C, 0xE9, 0x86, 0x25, 0xB9, 0x34, 0x09, 0x2E, 0xEC, 0x29, 0x08, 0xBE, 0xD0, 0xB0, 0xF3, 0x16, 0xC2, 0xD4, 0x73, 0x0C, 0x84, 0xEA, 0xF1, 0xF3, 0xD3, 0x48, 0x81 }, "MFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMM" "IUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOQ==", "CYP0", - nullptr - }, - { - // CN=Swisscom Root EV CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch - "2.16.756.1.83.21.0", - "Swisscom EV OID", - SEC_OID_UNKNOWN, - { 0xD9, 0x5F, 0xEA, 0x3C, 0xA4, 0xEE, 0xDC, 0xE7, 0x4C, 0xD7, 0x6E, - 0x75, 0xFC, 0x6D, 0x1F, 0xF6, 0x2C, 0x44, 0x1F, 0x0F, 0xA8, 0xBC, - 0x77, 0xF0, 0x34, 0xB1, 0x9E, 0x5D, 0xB2, 0x58, 0x01, 0x5D }, - "MGcxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln" - "aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEeMBwGA1UEAxMVU3dpc3Njb20gUm9v" - "dCBFViBDQSAy", - "APL6ZOJ0Y9ON/RAdBB92ylg=", - nullptr }, { // CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US "2.16.840.1.113733.1.7.23.6", "VeriSign EV OID", - SEC_OID_UNKNOWN, { 0x23, 0x99, 0x56, 0x11, 0x27, 0xA5, 0x71, 0x25, 0xDE, 0x8C, 0xEF, 0xEA, 0x61, 0x0D, 0xDF, 0x2F, 0xA0, 0x78, 0xB5, 0xC8, 0x06, 0x7F, 0x4E, 0x82, 0x82, 0x90, 0xBF, 0xB8, 0x60, 0xE8, 0x4B, 0x3C }, @@ -771,13 +597,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "cmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMT" "L1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5", "QBrEZCGzEyEDDrvkEhrFHQ==", - nullptr }, { // CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US "1.3.6.1.4.1.14370.1.6", "GeoTrust EV OID", - SEC_OID_UNKNOWN, { 0xB4, 0x78, 0xB8, 0x12, 0x25, 0x0D, 0xF8, 0x78, 0x63, 0x5C, 0x2A, 0xA7, 0xEC, 0x7D, 0x15, 0x5E, 0xAA, 0x62, 0x5E, 0xE8, 0x29, 0x16, 0xE2, 0xCD, 0x29, 0x43, 0x61, 0x88, 0x6C, 0xD1, 0xFB, 0xD4 }, @@ -786,13 +610,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "bmx5MTYwNAYDVQQDEy1HZW9UcnVzdCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0" "aG9yaXR5IC0gRzM=", "FaxulBmyeUtB9iepwxgPHw==", - nullptr }, { // CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US "2.16.840.1.113733.1.7.48.1", "Thawte EV OID", - SEC_OID_UNKNOWN, { 0x4B, 0x03, 0xF4, 0x58, 0x07, 0xAD, 0x70, 0xF2, 0x1B, 0xFC, 0x2C, 0xAE, 0x71, 0xC9, 0xFD, 0xE4, 0x60, 0x4C, 0x06, 0x4C, 0xF5, 0xFF, 0xB6, 0x86, 0xBA, 0xE5, 0xDB, 0xAA, 0xD7, 0xFD, 0xD3, 0x4C }, @@ -801,39 +623,33 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "MjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG" "A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz", "YAGXt0an6rS0mtZLL/eQ+w==", - nullptr }, { // CN = Autoridad de Certificacion Firmaprofesional CIF A62634068, C = ES "1.3.6.1.4.1.13177.10.1.3.10", "Firmaprofesional EV OID", - SEC_OID_UNKNOWN, { 0x04, 0x04, 0x80, 0x28, 0xBF, 0x1F, 0x28, 0x64, 0xD4, 0x8F, 0x9A, 0xD4, 0xD8, 0x32, 0x94, 0x36, 0x6A, 0x82, 0x88, 0x56, 0x55, 0x3F, 0x3B, 0x14, 0x30, 0x3F, 0x90, 0x14, 0x7F, 0x5D, 0x40, 0xEF }, "MFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNh" "Y2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjg=", "U+w77vuySF8=", - nullptr }, { // CN = TWCA Global Root CA, OU = Root CA, O = TAIWAN-CA, C = TW "1.3.6.1.4.1.40869.1.1.22.3", "TWCA EV OID", - SEC_OID_UNKNOWN, { 0x59, 0x76, 0x90, 0x07, 0xF7, 0x68, 0x5D, 0x0F, 0xCD, 0x50, 0x87, 0x2F, 0x9F, 0x95, 0xD5, 0x75, 0x5A, 0x5B, 0x2B, 0x45, 0x7D, 0x81, 0xF3, 0x69, 0x2B, 0x61, 0x0A, 0x98, 0x67, 0x2F, 0x0E, 0x1B }, "MFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jv" "b3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0E=", "DL4=", - nullptr }, { - // CN = E-Tugra Certification Authority, OU = E-Tugra Sertifikasyon Merkezi, O = E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., L = Ankara, C = TR + // CN = E-Tugra Certification Authority, OU = E-Tugra Sertifikasyon Merkezi, O = E-Tu?ra EBG Bili?im Teknolojileri ve Hizmetleri A.?., L = Ankara, C = TR "2.16.792.3.0.4.1.1.4", "ETugra EV OID", - SEC_OID_UNKNOWN, { 0xB0, 0xBF, 0xD5, 0x2B, 0xB0, 0xD7, 0xD9, 0xBD, 0x92, 0xBF, 0x5D, 0x4D, 0xC1, 0x3D, 0xA2, 0x55, 0xC0, 0x2C, 0x54, 0x2F, 0x37, 0x83, 0x65, 0xEA, 0x89, 0x39, 0x11, 0xF5, 0x5E, 0x55, 0xF2, 0x3C }, @@ -842,13 +658,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "xZ4uMSYwJAYDVQQLDB1FLVR1Z3JhIFNlcnRpZmlrYXN5b24gTWVya2V6aTEoMCYG" "A1UEAwwfRS1UdWdyYSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==", "amg+nFGby1M=", - nullptr }, { // CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT "1.3.159.1.17.1", "Actalis EV OID", - SEC_OID_UNKNOWN, { 0x55, 0x92, 0x60, 0x84, 0xEC, 0x96, 0x3A, 0x64, 0xB9, 0x6E, 0x2A, 0xBE, 0x01, 0xCE, 0x0B, 0xA8, 0x6A, 0x64, 0xFB, 0xFE, 0xBC, 0xC7, 0xAA, 0xB5, 0xAF, 0xC1, 0x55, 0xB3, 0x7F, 0xD7, 0x60, 0x66 }, @@ -856,39 +670,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "cyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGlj" "YXRpb24gUm9vdCBDQQ==", "VwoRl0LE48w=", - nullptr - }, - { - // CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN - "1.3.6.1.4.1.36305.2", - "WoSign EV OID", - SEC_OID_UNKNOWN, - { 0x4B, 0x22, 0xD5, 0xA6, 0xAE, 0xC9, 0x9F, 0x3C, 0xDB, 0x79, 0xAA, - 0x5E, 0xC0, 0x68, 0x38, 0x47, 0x9C, 0xD5, 0xEC, 0xBA, 0x71, 0x64, - 0xF7, 0xF2, 0x2D, 0xC1, 0xD6, 0x5F, 0x63, 0xD8, 0x57, 0x08 }, - "MFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgG" - "A1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWdu", - "XmjWEXGUY1BWAGjzPsnFkQ==", - nullptr - }, - { - // CN=CA ...............,O=WoSign CA Limited,C=CN - "1.3.6.1.4.1.36305.2", - "WoSign EV OID", - SEC_OID_UNKNOWN, - { 0xD6, 0xF0, 0x34, 0xBD, 0x94, 0xAA, 0x23, 0x3F, 0x02, 0x97, 0xEC, - 0xA4, 0x24, 0x5B, 0x28, 0x39, 0x73, 0xE4, 0x47, 0xAA, 0x59, 0x0F, - 0x31, 0x0C, 0x77, 0xF4, 0x8F, 0xDF, 0x83, 0x11, 0x22, 0x54 }, - "MEYxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkG" - "A1UEAwwSQ0Eg5rKD6YCa5qC56K+B5Lmm", - "UHBrzdgT/BtOOzNy0hFIjQ==", - nullptr }, { // CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US "2.16.840.1.114412.2.1", "DigiCert EV OID", - SEC_OID_UNKNOWN, { 0x7D, 0x05, 0xEB, 0xB6, 0x82, 0x33, 0x9F, 0x8C, 0x94, 0x51, 0xEE, 0x09, 0x4E, 0xEB, 0xFE, 0xFA, 0x79, 0x53, 0xA1, 0x14, 0xED, 0xB2, 0xF4, 0x49, 0x49, 0x45, 0x2F, 0xAB, 0x7D, 0x2F, 0xC1, 0x85 }, @@ -896,13 +682,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg" "Um9vdCBHMg==", "C5McOtY5Z+pnI7/Dr5r0Sw==", - nullptr }, { // CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US "2.16.840.1.114412.2.1", "DigiCert EV OID", - SEC_OID_UNKNOWN, { 0x7E, 0x37, 0xCB, 0x8B, 0x4C, 0x47, 0x09, 0x0C, 0xAB, 0x36, 0x55, 0x1B, 0xA6, 0xF4, 0x5D, 0xB8, 0x40, 0x68, 0x0F, 0xBA, 0x16, 0x6A, 0x95, 0x2D, 0xB1, 0x00, 0x71, 0x7F, 0x43, 0x05, 0x3F, 0xC2 }, @@ -910,13 +694,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg" "Um9vdCBHMw==", "C6Fa+h3foLVJRK/NJKBs7A==", - nullptr, }, { // CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US "2.16.840.1.114412.2.1", "DigiCert EV OID", - SEC_OID_UNKNOWN, { 0xCB, 0x3C, 0xCB, 0xB7, 0x60, 0x31, 0xE5, 0xE0, 0x13, 0x8F, 0x8D, 0xD3, 0x9A, 0x23, 0xF9, 0xDE, 0x47, 0xFF, 0xC3, 0x5E, 0x43, 0xC1, 0x14, 0x4C, 0xEA, 0x27, 0xD4, 0x6A, 0x5A, 0xB1, 0xCB, 0x5F }, @@ -924,13 +706,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "EHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290" "IEcy", "Azrx5qcRqaC7KGSxHQn65Q==", - nullptr, }, { // CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US "2.16.840.1.114412.2.1", "DigiCert EV OID", - SEC_OID_UNKNOWN, { 0x31, 0xAD, 0x66, 0x48, 0xF8, 0x10, 0x41, 0x38, 0xC7, 0x38, 0xF3, 0x9E, 0xA4, 0x32, 0x01, 0x33, 0x39, 0x3E, 0x3A, 0x18, 0xCC, 0x02, 0x29, 0x6E, 0xF9, 0x7C, 0x2A, 0xC9, 0xEF, 0x67, 0x31, 0xD0 }, @@ -938,13 +718,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "EHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290" "IEcz", "BVVWvPJepDU1w6QP1atFcg==", - nullptr }, { // CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US "2.16.840.1.114412.2.1", "DigiCert EV OID", - SEC_OID_UNKNOWN, { 0x55, 0x2F, 0x7B, 0xDC, 0xF1, 0xA7, 0xAF, 0x9E, 0x6C, 0xE6, 0x72, 0x01, 0x7F, 0x4F, 0x12, 0xAB, 0xF7, 0x72, 0x40, 0xC7, 0x8E, 0x76, 0x1A, 0xC2, 0x03, 0xD1, 0xD9, 0xD2, 0x0A, 0xC8, 0x99, 0x88 }, @@ -952,26 +730,22 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "EHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9v" "dCBHNA==", "BZsbV56OITLiOQe9p3d1XA==", - nullptr }, { // CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM "1.3.6.1.4.1.8024.0.2.100.1.2", "QuoVadis EV OID", - SEC_OID_UNKNOWN, { 0x8F, 0xE4, 0xFB, 0x0A, 0xF9, 0x3A, 0x4D, 0x0D, 0x67, 0xDB, 0x0B, 0xEB, 0xB2, 0x3E, 0x37, 0xC7, 0x1B, 0xF3, 0x25, 0xDC, 0xBC, 0xDD, 0x24, 0x0E, 0xA0, 0x4D, 0xAF, 0x58, 0xB4, 0x7E, 0x18, 0x40 }, "MEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYD" "VQQDExVRdW9WYWRpcyBSb290IENBIDIgRzM=", "RFc0JFuBiZs18s64KztbpybwdSg=", - nullptr }, { // CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB "1.3.6.1.4.1.6449.1.2.1.5.1", "Comodo EV OID", - SEC_OID_UNKNOWN, { 0x52, 0xF0, 0xE1, 0xC4, 0xE5, 0x8E, 0xC6, 0x29, 0x29, 0x1B, 0x60, 0x31, 0x7F, 0x07, 0x46, 0x71, 0xB8, 0x5D, 0x7E, 0xA8, 0x0D, 0x5B, 0x07, 0x27, 0x34, 0x63, 0x53, 0x4B, 0x32, 0xB4, 0x02, 0x34 }, @@ -979,13 +753,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "DgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkG" "A1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==", "TKr5yttjb+Af907YWwOGnQ==", - nullptr }, { // CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US "1.3.6.1.4.1.6449.1.2.1.5.1", "Comodo EV OID", - SEC_OID_UNKNOWN, { 0xE7, 0x93, 0xC9, 0xB0, 0x2F, 0xD8, 0xAA, 0x13, 0xE2, 0x1C, 0x31, 0x22, 0x8A, 0xCC, 0xB0, 0x81, 0x19, 0x64, 0x3B, 0x74, 0x9C, 0x89, 0x89, 0x64, 0xB1, 0x74, 0x6D, 0x46, 0xC3, 0xD4, 0xCB, 0xD2 }, @@ -993,13 +765,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "SmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwG" "A1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==", "Af1tMPyjylGoG7xkDjUDLQ==", - nullptr }, { // CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US "1.3.6.1.4.1.6449.1.2.1.5.1", "Comodo EV OID", - SEC_OID_UNKNOWN, { 0x4F, 0xF4, 0x60, 0xD5, 0x4B, 0x9C, 0x86, 0xDA, 0xBF, 0xBC, 0xFC, 0x57, 0x12, 0xE0, 0x40, 0x0D, 0x2B, 0xED, 0x3F, 0xBC, 0x4D, 0x4F, 0xBD, 0xAA, 0x86, 0xE0, 0x6A, 0xDC, 0xD2, 0xA9, 0xAD, 0x7A }, @@ -1007,39 +777,22 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "SmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwG" "A1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==", "XIuZxVqUxdJxVt7NiYDMJg==", - nullptr - }, - { - // CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 - "1.3.6.1.4.1.4146.1.1", - "GlobalSign EV OID", - SEC_OID_UNKNOWN, - { 0xBE, 0xC9, 0x49, 0x11, 0xC2, 0x95, 0x56, 0x76, 0xDB, 0x6C, 0x0A, - 0x55, 0x09, 0x86, 0xD7, 0x6E, 0x3B, 0xA0, 0x05, 0x66, 0x7C, 0x44, - 0x2C, 0x97, 0x62, 0xB4, 0xFB, 0xB7, 0x73, 0xDE, 0x22, 0x8C }, - "MFAxJDAiBgNVBAsTG0dsb2JhbFNpZ24gRUNDIFJvb3QgQ0EgLSBSNDETMBEGA1UE" - "ChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbg==", - "KjikHJYKBN5CsiilC+g0mAI=", - nullptr }, { // CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 "1.3.6.1.4.1.4146.1.1", "GlobalSign EV OID", - SEC_OID_UNKNOWN, { 0x17, 0x9F, 0xBC, 0x14, 0x8A, 0x3D, 0xD0, 0x0F, 0xD2, 0x4E, 0xA1, 0x34, 0x58, 0xCC, 0x43, 0xBF, 0xA7, 0xF5, 0x9C, 0x81, 0x82, 0xD7, 0x83, 0xA5, 0x13, 0xF6, 0xEB, 0xEC, 0x10, 0x0C, 0x89, 0x24 }, "MFAxJDAiBgNVBAsTG0dsb2JhbFNpZ24gRUNDIFJvb3QgQ0EgLSBSNTETMBEGA1UE" "ChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbg==", "YFlJ4CYuu1X5CneKcflK2Gw=", - nullptr }, { // CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net "2.16.840.1.114028.10.1.2", "Entrust EV OID", - SEC_OID_UNKNOWN, { 0x6D, 0xC4, 0x71, 0x72, 0xE0, 0x1C, 0xBC, 0xB0, 0xBF, 0x62, 0x58, 0x0D, 0x89, 0x5F, 0xE2, 0xB8, 0xAC, 0x9A, 0xD4, 0xF8, 0x73, 0x80, 0x1E, 0x0C, 0x10, 0xB9, 0xC8, 0x37, 0xD2, 0x1E, 0xB1, 0x77 }, @@ -1048,26 +801,22 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "A1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50" "cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp", "OGPe+A==", - nullptr }, { // CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL "2.16.528.1.1003.1.2.7", "Staat der Nederlanden EV OID", - SEC_OID_UNKNOWN, { 0x4D, 0x24, 0x91, 0x41, 0x4C, 0xFE, 0x95, 0x67, 0x46, 0xEC, 0x4C, 0xEF, 0xA6, 0xCF, 0x6F, 0x72, 0xE2, 0x8A, 0x13, 0x29, 0x43, 0x2F, 0x9D, 0x8A, 0x90, 0x7A, 0xC4, 0xCB, 0x5D, 0xAD, 0xC1, 0x5A }, "MFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4x" "KTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBSb290IENB", "AJiWjQ==", - nullptr }, { // CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US "2.16.840.1.114028.10.1.2", "Entrust EV OID", - SEC_OID_UNKNOWN, { 0x43, 0xDF, 0x57, 0x74, 0xB0, 0x3E, 0x7F, 0xEF, 0x5F, 0xE4, 0x0D, 0x93, 0x1A, 0x7B, 0xED, 0xF1, 0xBB, 0x2E, 0x6B, 0x42, 0x73, 0x8C, 0x4E, 0x6D, 0x38, 0x41, 0x10, 0x3D, 0x3A, 0xA7, 0xF3, 0x39 }, @@ -1077,13 +826,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "MAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH" "Mg==", "SlOMKA==", - nullptr }, { // CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US "2.16.840.1.114028.10.1.2", "Entrust EV OID", - SEC_OID_UNKNOWN, { 0x02, 0xED, 0x0E, 0xB2, 0x8C, 0x14, 0xDA, 0x45, 0x16, 0x5C, 0x56, 0x67, 0x91, 0x70, 0x0D, 0x64, 0x51, 0xD7, 0xFB, 0x56, 0xF0, 0xB2, 0xAB, 0x1D, 0x3B, 0x8E, 0xB0, 0x70, 0xE5, 0x6E, 0xDF, 0xF5 }, @@ -1093,65 +840,33 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "MQYDVQQDEypFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBF" "QzE=", "AKaLeSkAAAAAUNCR+Q==", - nullptr }, { // CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN "2.16.156.112554.3", "CFCA EV OID", - SEC_OID_UNKNOWN, { 0x5C, 0xC3, 0xD7, 0x8E, 0x4E, 0x1D, 0x5E, 0x45, 0x54, 0x7A, 0x04, 0xE6, 0x87, 0x3E, 0x64, 0xF9, 0x0C, 0xF9, 0x53, 0x6D, 0x1C, 0xCC, 0x2E, 0xF8, 0x00, 0xF3, 0x55, 0xC4, 0xC5, 0xFD, 0x70, 0xFD }, "MFYxCzAJBgNVBAYTAkNOMTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlm" "aWNhdGlvbiBBdXRob3JpdHkxFTATBgNVBAMMDENGQ0EgRVYgUk9PVA==", "GErM1g==", - nullptr - }, - { - // CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN - "1.3.6.1.4.1.36305.2", - "WoSign EV OID", - SEC_OID_UNKNOWN, - { 0xD4, 0x87, 0xA5, 0x6F, 0x83, 0xB0, 0x74, 0x82, 0xE8, 0x5E, 0x96, - 0x33, 0x94, 0xC1, 0xEC, 0xC2, 0xC9, 0xE5, 0x1D, 0x09, 0x03, 0xEE, - 0x94, 0x6B, 0x02, 0xC3, 0x01, 0x58, 0x1E, 0xD9, 0x9E, 0x16 }, - "MFgxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEtMCsG" - "A1UEAxMkQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduIEcy", - "ayXaioidfLwPBbOxemFFRA==", - nullptr - }, - { - // CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN - "1.3.6.1.4.1.36305.2", - "WoSign EV OID", - SEC_OID_UNKNOWN, - { 0x8B, 0x45, 0xDA, 0x1C, 0x06, 0xF7, 0x91, 0xEB, 0x0C, 0xAB, 0xF2, - 0x6B, 0xE5, 0x88, 0xF5, 0xFB, 0x23, 0x16, 0x5C, 0x2E, 0x61, 0x4B, - 0xF8, 0x85, 0x56, 0x2D, 0x0D, 0xCE, 0x50, 0xB2, 0x9B, 0x02 }, - "MEYxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkG" - "A1UEAxMSQ0EgV29TaWduIEVDQyBSb290", - "aEpYcIBr8I8C+vbe6LCQkA==", - nullptr }, { // OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP "1.2.392.200091.100.721.1", "SECOM EV OID", - SEC_OID_UNKNOWN, { 0x51, 0x3B, 0x2C, 0xEC, 0xB8, 0x10, 0xD4, 0xCD, 0xE5, 0xDD, 0x85, 0x39, 0x1A, 0xDF, 0xC6, 0xC2, 0xDD, 0x60, 0xD8, 0x7B, 0xB7, 0x36, 0xD2, 0xB5, 0x21, 0x48, 0x4A, 0xA4, 0x7A, 0x0E, 0xBE, 0xF6 }, "MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENP" "LixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=", "AA==", - nullptr }, { // CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH "2.16.756.5.14.7.4.8", "WISeKey EV OID", - SEC_OID_UNKNOWN, { 0x6B, 0x9C, 0x08, 0xE8, 0x6E, 0xB0, 0xF7, 0x67, 0xCF, 0xAD, 0x65, 0xCD, 0x98, 0xB6, 0x21, 0x49, 0xE5, 0x49, 0x4A, 0x67, 0xF5, 0x84, 0x5E, 0x7B, 0xD1, 0xED, 0x01, 0x9F, 0x27, 0xB8, 0x6B, 0xD6 }, @@ -1159,10 +874,194 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "RSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds" "b2JhbCBSb290IEdCIENB", "drEgUnTwhYdGs/gjGvbCwA==", - nullptr + }, + { + // CN=Certplus Root CA G1,O=Certplus,C=FR + "1.3.6.1.4.1.22234.3.5.3.1", + "DocuSign EV OID 1", + { 0x15, 0x2A, 0x40, 0x2B, 0xFC, 0xDF, 0x2C, 0xD5, 0x48, 0x05, 0x4D, + 0x22, 0x75, 0xB3, 0x9C, 0x7F, 0xCA, 0x3E, 0xC0, 0x97, 0x80, 0x78, + 0xB0, 0xF0, 0xEA, 0x76, 0xE5, 0x61, 0xA6, 0xC7, 0x43, 0x3E }, + "MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy" + "dHBsdXMgUm9vdCBDQSBHMQ==", + "ESBVg+QtPlRWhS2DN7cs3EYR", + }, + { + // CN=Certplus Root CA G2,O=Certplus,C=FR + "1.3.6.1.4.1.22234.3.5.3.2", + "DocuSign EV OID 2", + { 0x6C, 0xC0, 0x50, 0x41, 0xE6, 0x44, 0x5E, 0x74, 0x69, 0x6C, 0x4C, + 0xFB, 0xC9, 0xF8, 0x0F, 0x54, 0x3B, 0x7E, 0xAB, 0xBB, 0x44, 0xB4, + 0xCE, 0x6F, 0x78, 0x7C, 0x6A, 0x99, 0x71, 0xC4, 0x2F, 0x17 }, + "MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy" + "dHBsdXMgUm9vdCBDQSBHMg==", + "ESDZkc6uo+jF5//pAq/Pc7xV", + }, + { + // CN=OpenTrust Root CA G1,O=OpenTrust,C=FR + "1.3.6.1.4.1.22234.2.14.3.11", + "DocuSign EV OID 3", + { 0x56, 0xC7, 0x71, 0x28, 0xD9, 0x8C, 0x18, 0xD9, 0x1B, 0x4C, 0xFD, + 0xFF, 0xBC, 0x25, 0xEE, 0x91, 0x03, 0xD4, 0x75, 0x8E, 0xA2, 0xAB, + 0xAD, 0x82, 0x6A, 0x90, 0xF3, 0x45, 0x7D, 0x46, 0x0E, 0xB4 }, + "MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w" + "ZW5UcnVzdCBSb290IENBIEcx", + "ESCzkFU5fX82bWTCp59rY45n", + }, + { + // CN=OpenTrust Root CA G2,O=OpenTrust,C=FR + "1.3.6.1.4.1.22234.2.14.3.11", + "DocuSign EV OID 3", + { 0x27, 0x99, 0x58, 0x29, 0xFE, 0x6A, 0x75, 0x15, 0xC1, 0xBF, 0xE8, + 0x48, 0xF9, 0xC4, 0x76, 0x1D, 0xB1, 0x6C, 0x22, 0x59, 0x29, 0x25, + 0x7B, 0xF4, 0x0D, 0x08, 0x94, 0xF2, 0x9E, 0xA8, 0xBA, 0xF2 }, + "MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w" + "ZW5UcnVzdCBSb290IENBIEcy", + "ESChaRu/vbm9UpaPI+hIvyYR", + }, + { + // CN=OpenTrust Root CA G3,O=OpenTrust,C=FR + "1.3.6.1.4.1.22234.2.14.3.11", + "DocuSign EV OID 3", + { 0xB7, 0xC3, 0x62, 0x31, 0x70, 0x6E, 0x81, 0x07, 0x8C, 0x36, 0x7C, + 0xB8, 0x96, 0x19, 0x8F, 0x1E, 0x32, 0x08, 0xDD, 0x92, 0x69, 0x49, + 0xDD, 0x8F, 0x57, 0x09, 0xA4, 0x10, 0xF7, 0x5B, 0x62, 0x92 }, + "MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w" + "ZW5UcnVzdCBSb290IENBIEcz", + "ESDm+Ez8JLC+BUCs2oMbNGA/", + }, + { + // CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US + "2.16.840.1.113733.1.7.23.6", + "VeriSign EV OID", + { 0x69, 0xDD, 0xD7, 0xEA, 0x90, 0xBB, 0x57, 0xC9, 0x3E, 0x13, 0x5D, + 0xC8, 0x5E, 0xA6, 0xFC, 0xD5, 0x48, 0x0B, 0x60, 0x32, 0x39, 0xBD, + 0xC4, 0x54, 0xFC, 0x75, 0x8B, 0x2A, 0x26, 0xCF, 0x7F, 0x79 }, + "MIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV" + "BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA3IFZl" + "cmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMT" + "PFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB" + "dXRob3JpdHkgLSBHNA==", + "L4D+I4wOIg9IZxIokYessw==", + }, + { + // CN=Amazon Root CA 1,O=Amazon,C=US + "2.23.140.1.1", + "CA/Browser Forum EV OID", + { 0x8E, 0xCD, 0xE6, 0x88, 0x4F, 0x3D, 0x87, 0xB1, 0x12, 0x5B, 0xA3, + 0x1A, 0xC3, 0xFC, 0xB1, 0x3D, 0x70, 0x16, 0xDE, 0x7F, 0x57, 0xCC, + 0x90, 0x4F, 0xE1, 0xCB, 0x97, 0xC6, 0xAE, 0x98, 0x19, 0x6E }, + "MDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZBbWF6b24xGTAXBgNVBAMTEEFtYXpv" + "biBSb290IENBIDE=", + "Bmyfz5m/jAo54vB4ikPmljZbyg==", + }, + { + // CN=Amazon Root CA 2,O=Amazon,C=US + "2.23.140.1.1", + "CA/Browser Forum EV OID", + { 0x1B, 0xA5, 0xB2, 0xAA, 0x8C, 0x65, 0x40, 0x1A, 0x82, 0x96, 0x01, + 0x18, 0xF8, 0x0B, 0xEC, 0x4F, 0x62, 0x30, 0x4D, 0x83, 0xCE, 0xC4, + 0x71, 0x3A, 0x19, 0xC3, 0x9C, 0x01, 0x1E, 0xA4, 0x6D, 0xB4 }, + "MDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZBbWF6b24xGTAXBgNVBAMTEEFtYXpv" + "biBSb290IENBIDI=", + "Bmyf0pY1hp8KD+WGePhbJruKNw==", + }, + { + // CN=Amazon Root CA 3,O=Amazon,C=US + "2.23.140.1.1", + "CA/Browser Forum EV OID", + { 0x18, 0xCE, 0x6C, 0xFE, 0x7B, 0xF1, 0x4E, 0x60, 0xB2, 0xE3, 0x47, + 0xB8, 0xDF, 0xE8, 0x68, 0xCB, 0x31, 0xD0, 0x2E, 0xBB, 0x3A, 0xDA, + 0x27, 0x15, 0x69, 0xF5, 0x03, 0x43, 0xB4, 0x6D, 0xB3, 0xA4 }, + "MDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZBbWF6b24xGTAXBgNVBAMTEEFtYXpv" + "biBSb290IENBIDM=", + "Bmyf1XSXNmY/Owua2eiedgPySg==", + }, + { + // CN=Amazon Root CA 4,O=Amazon,C=US + "2.23.140.1.1", + "CA/Browser Forum EV OID", + { 0xE3, 0x5D, 0x28, 0x41, 0x9E, 0xD0, 0x20, 0x25, 0xCF, 0xA6, 0x90, + 0x38, 0xCD, 0x62, 0x39, 0x62, 0x45, 0x8D, 0xA5, 0xC6, 0x95, 0xFB, + 0xDE, 0xA3, 0xC2, 0x2B, 0x0B, 0xFB, 0x25, 0x89, 0x70, 0x92 }, + "MDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZBbWF6b24xGTAXBgNVBAMTEEFtYXpv" + "biBSb290IENBIDQ=", + "Bmyf18G7EEwpQ+Vxe3ssyBrBDg==", + }, + { + // CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US + "2.23.140.1.1", + "CA/Browser Forum EV OID", + { 0x56, 0x8D, 0x69, 0x05, 0xA2, 0xC8, 0x87, 0x08, 0xA4, 0xB3, 0x02, + 0x51, 0x90, 0xED, 0xCF, 0xED, 0xB1, 0x97, 0x4A, 0x60, 0x6A, 0x13, + 0xC6, 0xE5, 0x29, 0x0F, 0xCB, 0x2A, 0xE6, 0x3E, 0xDA, 0xB5 }, + "MIGYMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2Nv" + "dHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7" + "MDkGA1UEAxMyU3RhcmZpZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0" + "aG9yaXR5IC0gRzI=", + "AA==", + }, + { + // CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU + "1.3.171.1.1.10.5.2", + "LuxTrust EV OID", + { 0x54, 0x45, 0x5F, 0x71, 0x29, 0xC2, 0x0B, 0x14, 0x47, 0xC4, 0x18, + 0xF9, 0x97, 0x16, 0x8F, 0x24, 0xC5, 0x8F, 0xC5, 0x02, 0x3B, 0xF5, + 0xDA, 0x5B, 0xE2, 0xEB, 0x6E, 0x1D, 0xD8, 0x90, 0x2E, 0xD5 }, + "MEYxCzAJBgNVBAYTAkxVMRYwFAYDVQQKDA1MdXhUcnVzdCBTLkEuMR8wHQYDVQQD" + "DBZMdXhUcnVzdCBHbG9iYWwgUm9vdCAy", + "Cn6m30tEntpqJIWe5rgV0xZ/u7E=", + }, + { + // CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN + "1.2.156.112559.1.1.6.1", + "GDCA EV OID", + { 0xBF, 0xFF, 0x8F, 0xD0, 0x44, 0x33, 0x48, 0x7D, 0x6A, 0x8A, 0xA6, + 0x0C, 0x1A, 0x29, 0x76, 0x7A, 0x9F, 0xC2, 0xBB, 0xB0, 0x5E, 0x42, + 0x0F, 0x71, 0x3A, 0x13, 0xB9, 0x92, 0x89, 0x1D, 0x38, 0x93 }, + "MGIxCzAJBgNVBAYTAkNOMTIwMAYDVQQKDClHVUFORyBET05HIENFUlRJRklDQVRF" + "IEFVVEhPUklUWSBDTy4sTFRELjEfMB0GA1UEAwwWR0RDQSBUcnVzdEFVVEggUjUg" + "Uk9PVA==", + "fQmX/vBH6no=", + }, + { + // CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US + "2.23.140.1.1", + "CA/Browser Forum EV OID", + { 0x22, 0xA2, 0xC1, 0xF7, 0xBD, 0xED, 0x70, 0x4C, 0xC1, 0xE7, 0x01, + 0xB5, 0xF4, 0x08, 0xC3, 0x10, 0x88, 0x0F, 0xE9, 0x56, 0xB5, 0xDE, + 0x2A, 0x4A, 0x44, 0xF9, 0x9C, 0x87, 0x3A, 0x25, 0xA7, 0xC8 }, + "MH8xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3Rv" + "bjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTQwMgYDVQQDDCtTU0wuY29tIEVW" + "IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRUND", + "LCmcWxbtBZU=", + }, + { + // CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US + "2.23.140.1.1", + "CA/Browser Forum EV OID", + { 0x2E, 0x7B, 0xF1, 0x6C, 0xC2, 0x24, 0x85, 0xA7, 0xBB, 0xE2, 0xAA, + 0x86, 0x96, 0x75, 0x07, 0x61, 0xB0, 0xAE, 0x39, 0xBE, 0x3B, 0x2F, + 0xE9, 0xD0, 0xCC, 0x6D, 0x4E, 0xF7, 0x34, 0x91, 0x42, 0x5C }, + "MIGCMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0" + "b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE3MDUGA1UEAwwuU1NMLmNvbSBF" + "ViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQSBSMg==", + "VrYpzTS8ePY=", }, }; +// TenFourFox issue 512, backport from ESR60: treat all EV roots as +// SEC_OID_UNKNOWN by default. +#define TENFOURFOX_EV_ARRAY_LENGTH(x) (sizeof(x) / sizeof((x)[0])) +static SECOidTag sEVInfoOIDTags[TENFOURFOX_EV_ARRAY_LENGTH(myTrustedEVInfos)]; +static CERTCertificate* sEVCERTs[TENFOURFOX_EV_ARRAY_LENGTH(myTrustedEVInfos)]; +static_assert(SEC_OID_UNKNOWN == 0, + "We depend on zero-initialized globals being interpreted as SEC_OID_UNKNOWN."); +static_assert(TENFOURFOX_EV_ARRAY_LENGTH(sEVInfoOIDTags) == TENFOURFOX_EV_ARRAY_LENGTH(myTrustedEVInfos), + "These arrays are used in parallel and must have the same length."); +static_assert(TENFOURFOX_EV_ARRAY_LENGTH(sEVCERTs) == TENFOURFOX_EV_ARRAY_LENGTH(myTrustedEVInfos), + "These arrays are used in parallel and must have the same length."); + static SECOidTag register_oid(const SECItem* oid_item, const char* oid_name) { @@ -1182,9 +1081,8 @@ register_oid(const SECItem* oid_item, const char* oid_name) static bool isEVPolicy(SECOidTag policyOIDTag) { - for (size_t iEV = 0; iEV < PR_ARRAY_SIZE(myTrustedEVInfos); ++iEV) { - nsMyTrustedEVInfo& entry = myTrustedEVInfos[iEV]; - if (policyOIDTag == entry.oid_tag) { + for (const SECOidTag& oidTag : sEVInfoOIDTags) { + if (policyOIDTag == oidTag) { return true; } } @@ -1204,9 +1102,8 @@ CertIsAuthoritativeForEVPolicy(const CERTCertificate* cert, } for (size_t iEV = 0; iEV < PR_ARRAY_SIZE(myTrustedEVInfos); ++iEV) { - nsMyTrustedEVInfo& entry = myTrustedEVInfos[iEV]; - if (entry.cert && CERT_CompareCerts(cert, entry.cert)) { - const SECOidData* oidData = SECOID_FindOIDByTag(entry.oid_tag); + if (sEVCERTs[iEV] && CERT_CompareCerts(cert, sEVCERTs[iEV])) { + const SECOidData* oidData = SECOID_FindOIDByTag(sEVInfoOIDTags[iEV]); if (oidData && oidData->oid.len == policy.numBytes && !memcmp(oidData->oid.data, policy.bytes, policy.numBytes)) { return true; @@ -1241,7 +1138,7 @@ IdentityInfoInit() ias.serialNumber.type = siUnsignedInteger; - entry.cert = CERT_FindCertByIssuerAndSN(nullptr, &ias); + sEVCERTs[iEV] = CERT_FindCertByIssuerAndSN(nullptr, &ias); SECITEM_FreeItem(&ias.derIssuer, false); SECITEM_FreeItem(&ias.serialNumber, false); @@ -1251,7 +1148,7 @@ IdentityInfoInit() // version of system NSS is installed). We assert on debug builds, but // silently continue on release builds. In both cases, the root cert does // not get EV treatment. - if (!entry.cert) { + if (!sEVCERTs[iEV]) { #ifdef DEBUG // The debug CA structs are at positions 0 to NUM_TEST_EV_ROOTS - 1, and // are NOT in the NSS root DB. @@ -1260,13 +1157,16 @@ IdentityInfoInit() } #endif PR_NOT_REACHED("Could not find EV root in NSS storage"); +// If we're hitting this assert, we probably need to update the EV roots stored +// in this file (see "Paste new EV roots here"). +fprintf(stderr, "Warning: TenFourFox could not find an EV root in NSS storage.\n"); continue; } unsigned char certFingerprint[SHA256_LENGTH]; rv = PK11_HashBuf(SEC_OID_SHA256, certFingerprint, - entry.cert->derCert.data, - static_cast(entry.cert->derCert.len)); + sEVCERTs[iEV]->derCert.data, + static_cast(sEVCERTs[iEV]->derCert.len)); PR_ASSERT(rv == SECSuccess); if (rv == SECSuccess) { bool same = !memcmp(certFingerprint, entry.ev_root_sha256_fingerprint, @@ -1280,8 +1180,8 @@ IdentityInfoInit() rv = SEC_StringToOID(nullptr, &ev_oid_item, entry.dotted_oid, 0); PR_ASSERT(rv == SECSuccess); if (rv == SECSuccess) { - entry.oid_tag = register_oid(&ev_oid_item, entry.oid_name); - if (entry.oid_tag == SEC_OID_UNKNOWN) { + sEVInfoOIDTags[iEV] = register_oid(&ev_oid_item, entry.oid_name); + if (sEVInfoOIDTags[iEV] == SEC_OID_UNKNOWN) { rv = SECFailure; } SECITEM_FreeItem(&ev_oid_item, false); @@ -1293,9 +1193,9 @@ IdentityInfoInit() } if (rv != SECSuccess) { - CERT_DestroyCertificate(entry.cert); - entry.cert = nullptr; - entry.oid_tag = SEC_OID_UNKNOWN; + CERT_DestroyCertificate(sEVCERTs[iEV]); + sEVCERTs[iEV] = nullptr; + sEVInfoOIDTags[iEV] = SEC_OID_UNKNOWN; return PR_FAILURE; } } @@ -1315,10 +1215,9 @@ void CleanupIdentityInfo() { for (size_t iEV = 0; iEV < PR_ARRAY_SIZE(myTrustedEVInfos); ++iEV) { - nsMyTrustedEVInfo &entry = myTrustedEVInfos[iEV]; - if (entry.cert) { - CERT_DestroyCertificate(entry.cert); - entry.cert = nullptr; + if (sEVCERTs[iEV]) { + CERT_DestroyCertificate(sEVCERTs[iEV]); + sEVCERTs[iEV] = nullptr; } } diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp index 0d15deb9f..7d4622808 100644 --- a/security/manager/ssl/nsNSSCallbacks.cpp +++ b/security/manager/ssl/nsNSSCallbacks.cpp @@ -477,6 +477,7 @@ nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error, } } +#if(0) if (!event->mStartTime.IsNull()) { if (request_canceled) { Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 0); @@ -501,6 +502,7 @@ nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error, else { Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 3); } +#endif if (request_canceled) return SECFailure; @@ -921,7 +923,7 @@ PreliminaryHandshakeDone(PRFileDesc* fd) else { infoObject->SetNegotiatedNPN(nullptr, 0); } - mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state); + //mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state); } else { infoObject->SetNegotiatedNPN(nullptr, 0); @@ -1015,8 +1017,8 @@ CanFalseStartCallback(PRFileDesc* fd, void* client_data, PRBool *canFalseStart) } } - Telemetry::Accumulate(Telemetry::SSL_REASONS_FOR_NOT_FALSE_STARTING, - reasonsForNotFalseStarting); + //Telemetry::Accumulate(Telemetry::SSL_REASONS_FOR_NOT_FALSE_STARTING, + // reasonsForNotFalseStarting); if (reasonsForNotFalseStarting == 0) { *canFalseStart = PR_TRUE; diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 991671e9a..6e7305c8a 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -833,6 +833,7 @@ CipherSuiteChangeObserver::Observe(nsISupports* aSubject, void nsNSSComponent::setValidationOptions(bool isInitialSetting, const MutexAutoLock& lock) { +#if(0) // This preference controls whether we do OCSP fetching and does not affect // OCSP stapling. // 0 = disabled, 1 = enabled @@ -848,6 +849,7 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, Telemetry::Accumulate(Telemetry::CERT_OCSP_ENABLED, ocspEnabled); Telemetry::Accumulate(Telemetry::CERT_OCSP_REQUIRED, ocspRequired); } +#endif bool ocspStaplingEnabled = Preferences::GetBool("security.ssl.enable_ocsp_stapling", true); diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp index bce66f183..adc6303ef 100644 --- a/security/manager/ssl/nsNSSIOLayer.cpp +++ b/security/manager/ssl/nsNSSIOLayer.cpp @@ -242,9 +242,11 @@ nsNSSSocketInfo::NoteTimeUntilReady() mNotedTimeUntilReady = true; +#if(0) // This will include TCP and proxy tunnel wait time Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY, mSocketCreationTimestamp, TimeStamp::Now()); +#endif MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] nsNSSSocketInfo::NoteTimeUntilReady\n", mFd)); } @@ -252,6 +254,7 @@ nsNSSSocketInfo::NoteTimeUntilReady() void nsNSSSocketInfo::SetHandshakeCompleted() { +#if(0) if (!mHandshakeCompleted) { enum HandshakeType { Resumption = 1, @@ -275,7 +278,7 @@ nsNSSSocketInfo::SetHandshakeCompleted() handshakeType == Resumption); Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_TYPE, handshakeType); } - +#endif // Remove the plain text layer as it is not needed anymore. // The plain text layer is not always present - so its not a fatal error @@ -618,10 +621,12 @@ nsNSSSocketInfo::SetCertVerificationResult(PRErrorCode errorCode, SetCanceled(errorCode, errorMessageType); } +#if(0) if (mPlaintextBytesRead && !errorCode) { Telemetry::Accumulate(Telemetry::SSL_BYTES_BEFORE_CERT_CALLBACK, AssertedCast(mPlaintextBytesRead)); } +#endif mCertVerificationState = after_cert_verification; } @@ -1108,6 +1113,7 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo) // this as a hard failure, but forget any intolerance so that later attempts // don't use this version (i.e., range.max) and trigger the error again. +#if(0) // First, track the original cause of the version fallback. This uses the // same buckets as the telemetry below, except that bucket 0 will include // all cases where there wasn't an original reason. @@ -1116,6 +1122,7 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo) socketInfo->GetPort()); Telemetry::Accumulate(Telemetry::SSL_VERSION_FALLBACK_INAPPROPRIATE, tlsIntoleranceTelemetryBucket(originalReason)); +#endif helpers.forgetIntolerance(socketInfo->GetHostName(), socketInfo->GetPort()); @@ -1136,11 +1143,11 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo) if (!fallbackLimitReached || helpers.mUnrestrictedRC4Fallback) { if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(), socketInfo->GetPort(), err)) { - Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, - tlsIntoleranceTelemetryBucket(err)); + //Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, + // tlsIntoleranceTelemetryBucket(err)); return true; } - Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0); + //Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0); } else if (err == SSL_ERROR_NO_CYPHER_OVERLAP) { // Indicate that the override UI should be shown. socketInfo->SetSecurityState( @@ -1164,6 +1171,7 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo) return false; } +#if(0) Telemetry::ID pre; Telemetry::ID post; switch (range.max) { @@ -1191,6 +1199,7 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo) // The difference between _PRE and _POST represents how often we avoided // TLS intolerance fallback due to remembered tolerance. Telemetry::Accumulate(pre, reason); +#endif if (!helpers.rememberIntolerantAtVersion(socketInfo->GetHostName(), socketInfo->GetPort(), @@ -1198,7 +1207,8 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo) return false; } - Telemetry::Accumulate(post, reason); + + //Telemetry::Accumulate(post, reason); return true; }