summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/AppTrustDomain.cpp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 18:34:59 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 18:34:59 +0000
commitb0410fc20c45227756a7bbdcff65e29eb0bc4d91 (patch)
tree36bdaeed45bddfc236ac77adf672339174b3c9b3 /security/manager/ssl/AppTrustDomain.cpp
parentAdding debian version 115.9.1esr-1~deb12u1. (diff)
downloadfirefox-esr-b0410fc20c45227756a7bbdcff65e29eb0bc4d91.tar.xz
firefox-esr-b0410fc20c45227756a7bbdcff65e29eb0bc4d91.zip
Merging upstream version 115.10.0esr.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/manager/ssl/AppTrustDomain.cpp')
-rw-r--r--security/manager/ssl/AppTrustDomain.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/security/manager/ssl/AppTrustDomain.cpp b/security/manager/ssl/AppTrustDomain.cpp
index 2cdf275ade..6ce1a9741e 100644
--- a/security/manager/ssl/AppTrustDomain.cpp
+++ b/security/manager/ssl/AppTrustDomain.cpp
@@ -33,6 +33,7 @@
#include "addons-public.inc"
#include "addons-public-intermediate.inc"
#include "addons-stage.inc"
+#include "addons-stage-intermediate.inc"
// Content signature root certificates
#include "content-signature-dev.inc"
#include "content-signature-local.inc"
@@ -86,9 +87,16 @@ nsresult AppTrustDomain::SetTrustedRoot(AppTrustedRoot trustedRoot) {
// If we're verifying add-ons signed by our production root, we want to make
// sure a valid intermediate certificate is available for path building.
+ // The intermediate bundled with signed XPI files may have expired and be
+ // considered invalid, which can result in bug 1548973.
if (trustedRoot == nsIX509CertDB::AddonsPublicRoot) {
mAddonsIntermediate = {addonsPublicIntermediate};
}
+ // Similarly to the above logic for production, we hardcode the intermediate
+ // stage certificate here, so that stage is equivalent to production.
+ if (trustedRoot == nsIX509CertDB::AddonsStageRoot) {
+ mAddonsIntermediate = {addonsStageIntermediate};
+ }
return NS_OK;
}