Closed Bug 816820 Opened 13 years ago Closed 11 years ago

Use libpkix-enabled PKCS7 signature verification and stop modifying the existing contents of NSS's certdata.txt during B2G builds

Tracking

()

Status:

RESOLVED INVALID

Milestone:

mozilla20

People

(Reporter: briansmith, Assigned: briansmith)

References

Details

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Assignee

Description

•

13 years ago

Basically, for app signing, we need to stop using the "object signing" trust bit from NSS, and instead use a custom set of trust anchors for validating B2G apps' signatures. This would require us to implement a new variant of PKCS7 signature verification that uses libpkix so we can pass in a trust anchor set as input to the validation.

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Assignee

Updated

•

13 years ago

Summary: PKCS7 libpkix → Use libpkix-enabled PKCS7 signature verification and stop modifying the existing contents of NSS's certdata.txt during B2G builds

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Assignee

Updated

•

13 years ago

Depends on: 816853

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Assignee

Comment 1

•

11 years ago

We already implemented insanity::pkix-based validation of JAR certificates in bug 896620. Bug 972201 tracks the removal of the MOZ_B2G_CERTDATA back.

Status: NEW → RESOLVED

Closed: 11 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Use libpkix-enabled PKCS7 signature verification and stop modifying the existing contents of NSS's certdata.txt during B2G builds

Categories

(Core :: Security: PSM, defect)

Tracking

()

People

(Reporter: briansmith, Assigned: briansmith)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 1