Bug 418958, Enable Go Daddy root CA certificates for EV use r=rrelyea, a1.9b4=beltzner
authorkaie@kuix.de
Thu, 28 Feb 2008 10:00:57 -0800
changeset 12404 66fcf1c5b7fb00e28388f0095a18ba0d29261770
parent 12403 5847912c60fa21c7d7b75c6da7238a399137c1b6
child 12405 601924102d127db0938d1ce3b687719e6e83d982
push id1
push userroot
push dateTue, 26 Apr 2011 22:38:44 +0000
treeherdermozilla-beta@bfdb6e623a36 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrrelyea
bugs418958
milestone1.9b4pre
Bug 418958, Enable Go Daddy root CA certificates for EV use r=rrelyea, a1.9b4=beltzner
security/manager/ssl/src/nsIdentityChecking.cpp
--- a/security/manager/ssl/src/nsIdentityChecking.cpp
+++ b/security/manager/ssl/src/nsIdentityChecking.cpp
@@ -75,16 +75,48 @@ struct nsMyTrustedEVInfo
   SECOidTag oid_tag;
   const char *ev_root_subject;
   const char *ev_root_issuer;
   const char *ev_root_sha1_fingerprint;
 };
 
 static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
   {
+    "2.16.840.1.114413.1.7.23.3",
+    "Go Daddy EV OID a",
+    SEC_OID_UNKNOWN,
+    "OU=Go Daddy Class 2 Certification Authority,O=\"The Go Daddy Group, Inc.\",C=US",
+    "OU=Go Daddy Class 2 Certification Authority,O=\"The Go Daddy Group, Inc.\",C=US",
+    "27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4",
+  },
+  {
+    "2.16.840.1.114413.1.7.23.3",
+    "Go Daddy EV OID a",
+    SEC_OID_UNKNOWN,
+    "E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O=\"ValiCert, Inc.\",L=ValiCert Validation Network",
+    "E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O=\"ValiCert, Inc.\",L=ValiCert Validation Network",
+    "31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6",
+  },
+  {
+    "2.16.840.1.114414.1.7.23.3",
+    "Go Daddy EV OID b",
+    SEC_OID_UNKNOWN,
+    "E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O=\"ValiCert, Inc.\",L=ValiCert Validation Network",
+    "E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O=\"ValiCert, Inc.\",L=ValiCert Validation Network",
+    "31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6",
+  },
+  {
+    "2.16.840.1.114414.1.7.23.3",
+    "Go Daddy EV OID b",
+    SEC_OID_UNKNOWN,
+    "OU=Starfield Class 2 Certification Authority,O=\"Starfield Technologies, Inc.\",C=US",
+    "OU=Starfield Class 2 Certification Authority,O=\"Starfield Technologies, Inc.\",C=US",
+    "AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A",
+  },
+  {
     "2.16.840.1.114412.2.1",
     "DigiCert EV OID",
     SEC_OID_UNKNOWN,
     "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US",
     "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US",
     "5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25"
   },
   {
@@ -621,16 +653,19 @@ nsNSSCertificate::hasValidEVOidTag(SECOi
   rv = CERT_PKIXVerifyCert(mCert, certificateUsageSSLServer,
                            cvin, cvout, nsnull);
   if (rv != SECSuccess)
     return NS_OK;
 
   CERTCertificate *issuerCert = cvout[0].value.pointer.cert;
   CERTCertificateCleaner issuerCleaner(issuerCert);
 
+  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CERT_PKIXVerifyCert returned success, issuer: %s\n", 
+    issuerCert->subjectName));
+
   validEV = isApprovedForEV(oid_tag, issuerCert);
   if (validEV)
     resultOidTag = oid_tag;
  
   return NS_OK;
 }
 
 nsresult