Closed Bug 835174 Opened 11 years ago Closed 8 years ago

nsIX509CertDB::openSignedJARFile does not support old-style signatures (without SHA1-Digest-Manifest)

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: briansmith, Unassigned)

References

Details

nsIX509CertDB::openSignedJARFile current requires the SHA1-Digest-Manifest in the JAR file, which is technically optional. We do this because relying on SHA1-Digest-Manifest is safer, because it is simpler and because it allows us to process much less untrusted input prior to verifying the signature.

However, the tool in NSS for signing jar files does not add the SHA1-Digest-Manifest attribute when signing, so we can't expect extension developers to have SHA1-Digest-Manifest in their extensions. Consequently, in order for Toolkit to switch to openSignedJARFile for verifying extension signatures, we need to add an option for openSignedJARFile to accept the old (less safe) kind of signature.
AMO is the only entity doing add-on signing now, so we don't have to support this if we don't want to.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.