Confirm, administrator
5,526
edits
Changes
no edit summary
}}
{{FeaturePageBody
|Feature overview=Create tests that check for Mozilla CA Policy compliance, BR complianceEnforce important policy requirements in code; such as enforcing EKUs down the chain (Bug #725351), and enforcing SHA-1 transitions (optionallyBug #942515) EV compliance. As we gather data about how well these policies are being followed, then we can add these checks directly into PSM.
Note that there are two parts to this: 1) adding checks to NSS and PSM as deemed appropriate, and 2) creating a test suite to track progress towards compliance and determine if/when additional checks should be added to NSS and PSM.
For the test suite, the tests should check for Mozilla CA Policy compliance, BR compliance, and (optionally) EV compliance. As we gather data about how well these policies are being followed, then we can determine which checks should be directly into PSM.
We should be able to run the tests separately for a cert chain or website, and over data such as the EFF or CT data.
The tests should provide info about the cert chain and policies that are not being followed.
Things the tests should check for:
* https://bugzilla.mozilla.org/show_bug.cgi?id=927184
