Changes

mozilla::pkix was originally implemented as part of mozilla-central (i.e. gecko) but has since been moved into NSS. However, it is not part of NSS' stable C API. As a library, mozilla::pkix uses the notion of a "trust domain" provided by the application to build a trusted chain from an end-entity certificate to a root. The trust domain is responsible for saying what trust level a certificate has, finding potential issuers of a certificate, and checking the revocation for a certificate. A certificate can be a trust anchor, it can inherit its trust, or it can be [[CA/Maintenance_and_Enforcement#Actively_Distrusting_a_Certificate|actively distrusted]]. Given an end-entity certificate and a trust domain, the library will perform issuer-independent checks on that certificate (e.g. expiration, appropriate key usages), get a list of potential issuers, and perform a [https://en.wikipedia.org/wiki/Depth-first_search depth-first traversal]. If it encounters a distrusted certificate, it abandons searching that path. If it finds a trust anchor, it queries the trust domain again to see if that path is acceptable (this is where gecko implements checks that are specific to the platform and not the abstract problem of building a trusted certificate chain). If so, the end-entity certificate has successfully been verified.

The platform looks for trust anchors in a few locations. First, Mozilla ships a list of trust anchors with the platform corresponding to the [[CA/Included_Certificates|root Certificate Authorities (CAs) in the Mozilla Root CA Program]]. Additionally, the user may [[PSM:Changing_Trust_Settings|import their own trust anchors]]. These are stored in the profile's [[NSS_Shared_DB|cert9.db file]]. The user may also import third-party PKCS#11 modules that provide trust anchors. The [https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox enterprise roots feature], if enabled, may collect trust anchors provided by the operating system.

Similarly, the platform gathers [[CA/Intermediate_Certificates|intermediate certificates ]] from a few locations. The TLS specification mandates that the peer include in the handshake any necessary intermediate certificates to verify the [https://en.wikipedia.org/wiki/Public_key_certificate#End-entity_or_leaf_certificate end-entity]. In practice this may not be the case, but the platform uses these if they are available. The user may manually add intermediate certificates. Again these are stored in the profile's cert9.db file. The enterprise roots feature also looks for intermediates provided by the operating system.

As part of [[CA|Mozilla's Root CA Program]], there is a list of root certificates that are trusted to issue [[CA/EV_Processing_for_CAs|Extended Validation (EV) certificates]]. This list is available in code form at https://hg.mozilla.org/mozilla-central/annotate/tip/security/certverifier/ExtendedValidation.cpp.