summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/AppTrustDomain.cpp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:13:27 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:13:27 +0000
commit40a355a42d4a9444dc753c04c6608dade2f06a23 (patch)
tree871fc667d2de662f171103ce5ec067014ef85e61 /security/manager/ssl/AppTrustDomain.cpp
parentAdding upstream version 124.0.1. (diff)
downloadfirefox-40a355a42d4a9444dc753c04c6608dade2f06a23.tar.xz
firefox-40a355a42d4a9444dc753c04c6608dade2f06a23.zip
Adding upstream version 125.0.1.upstream/125.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/manager/ssl/AppTrustDomain.cpp')
-rw-r--r--security/manager/ssl/AppTrustDomain.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/security/manager/ssl/AppTrustDomain.cpp b/security/manager/ssl/AppTrustDomain.cpp
index 2cdf275ade..6ce1a9741e 100644
--- a/security/manager/ssl/AppTrustDomain.cpp
+++ b/security/manager/ssl/AppTrustDomain.cpp
@@ -33,6 +33,7 @@
#include "addons-public.inc"
#include "addons-public-intermediate.inc"
#include "addons-stage.inc"
+#include "addons-stage-intermediate.inc"
// Content signature root certificates
#include "content-signature-dev.inc"
#include "content-signature-local.inc"
@@ -86,9 +87,16 @@ nsresult AppTrustDomain::SetTrustedRoot(AppTrustedRoot trustedRoot) {
// If we're verifying add-ons signed by our production root, we want to make
// sure a valid intermediate certificate is available for path building.
+ // The intermediate bundled with signed XPI files may have expired and be
+ // considered invalid, which can result in bug 1548973.
if (trustedRoot == nsIX509CertDB::AddonsPublicRoot) {
mAddonsIntermediate = {addonsPublicIntermediate};
}
+ // Similarly to the above logic for production, we hardcode the intermediate
+ // stage certificate here, so that stage is equivalent to production.
+ if (trustedRoot == nsIX509CertDB::AddonsStageRoot) {
+ mAddonsIntermediate = {addonsStageIntermediate};
+ }
return NS_OK;
}