diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 18:34:59 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 18:34:59 +0000 |
commit | b0410fc20c45227756a7bbdcff65e29eb0bc4d91 (patch) | |
tree | 36bdaeed45bddfc236ac77adf672339174b3c9b3 /security/manager/ssl/AppTrustDomain.cpp | |
parent | Adding debian version 115.9.1esr-1~deb12u1. (diff) | |
download | firefox-esr-b0410fc20c45227756a7bbdcff65e29eb0bc4d91.tar.xz firefox-esr-b0410fc20c45227756a7bbdcff65e29eb0bc4d91.zip |
Merging upstream version 115.10.0esr.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/manager/ssl/AppTrustDomain.cpp')
-rw-r--r-- | security/manager/ssl/AppTrustDomain.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/security/manager/ssl/AppTrustDomain.cpp b/security/manager/ssl/AppTrustDomain.cpp index 2cdf275ade..6ce1a9741e 100644 --- a/security/manager/ssl/AppTrustDomain.cpp +++ b/security/manager/ssl/AppTrustDomain.cpp @@ -33,6 +33,7 @@ #include "addons-public.inc" #include "addons-public-intermediate.inc" #include "addons-stage.inc" +#include "addons-stage-intermediate.inc" // Content signature root certificates #include "content-signature-dev.inc" #include "content-signature-local.inc" @@ -86,9 +87,16 @@ nsresult AppTrustDomain::SetTrustedRoot(AppTrustedRoot trustedRoot) { // If we're verifying add-ons signed by our production root, we want to make // sure a valid intermediate certificate is available for path building. + // The intermediate bundled with signed XPI files may have expired and be + // considered invalid, which can result in bug 1548973. if (trustedRoot == nsIX509CertDB::AddonsPublicRoot) { mAddonsIntermediate = {addonsPublicIntermediate}; } + // Similarly to the above logic for production, we hardcode the intermediate + // stage certificate here, so that stage is equivalent to production. + if (trustedRoot == nsIX509CertDB::AddonsStageRoot) { + mAddonsIntermediate = {addonsStageIntermediate}; + } return NS_OK; } |