Closed
Bug 1478826
Opened 6 years ago
Closed 5 years ago
consider limiting TrustLoaded3rdPartyRoots to only trusting self-signed certificates (i.e. roots)
Categories
(Core :: Security: PSM, enhancement, P2)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 1526004
People
(Reporter: keeler, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-backlog])
I'm fairly sure the OS X implementation of GatherEnterpriseRoots has the downside of returning intermediate certificates as well as roots. When we then call TrustLoaded3rdPartyRoots, we'll trust those intermediates as roots, which isn't a disaster but could have unexpected consequences (e.g. pinning failures, but this would require users setting security.cert_pinning.enforcement_level to 2 (i.e. not the default) and security.cert_pinning.process_headers_from_non_builtin_roots to true (also not the default) and having servers actually set hpkp). If we instead only trusted roots as roots and left the intermediates as inherit-trust (and retained in memory so path-building can find them (NB: we have to test that this actually works)), this will more accurately reflect the expected PKI. As an added bonus, we could potentially do the same thing on Windows and import intermediates as well (we've had more than one bug filed that boils down to "the server isn't sending the intermediate, why doesn't it work, chrome works fine").
Reporter | ||
Updated•5 years ago
|
Blocks: enterprise-roots
Reporter | ||
Comment 1•5 years ago
|
||
Bug 1526004 fixed this behavior (and bug 1514118 removed TrustLoaded3rdPartyRoots anyway).
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•