Similar work was done on a per-certificate basis in bug 390530. However, in Firefox, we would like to control this behavior on a per-validation, not per-certificate basis. My plan is to add a cert_pi_ignoreEEValidityDates option to CERT_PKIXVerifyCert. When this option is given, then CERT_PKIXVerifyCert would act as if the EE certifiate had timeOK == PR_TRUE.
Since this touches the same files as bug 764973, shall I make this dependant on that one (in my personal queue) ie: Which would probably land first? (working now on the assumtion that 764973 will land first).
Based on our conversation today, this is not a blocker for bug 699874.
No longer blocks: 699874
Priority: P1 → --
Target Milestone: 3.13.2 → ---
Assignee: brian → nobody
You need to log in before you can comment on or make changes to this bug.