Confirmed users
563
edits
PSM:EV Testing: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(New page: This document explains how to modify PSM (mozilla/security/manager) sources in order to enable a root CA cert for Extended Validation (EV). Ensure the root CA cert has been added to NSS s...) |
No edit summary |
||
| Line 11: | Line 11: | ||
Each entry should have a comment that mentions the cert's subject name, to make it easier for human readers to find the referenced cert. | Each entry should have a comment that mentions the cert's subject name, to make it easier for human readers to find the referenced cert. | ||
Should you require to test various root certs with EV, and want to build only once, PSM offers a mechanism to load "EV approvals" from an external text file. This code is excluded in release builds for safety reasons, and enabled in debug builds. The source code switch is controlled using #define PSM_ENABLE_TEST_EV_ROOTS | |||
You could produce such a build once and use it for future testing. In addition to using an enabled build, you must switch it on when starting the application (e.g. Firefox). To do so, set environment variable ENABLE_TEST_EV_ROOTS_FILE=1 | |||
PSM will load a file called test_ev_roots.txt from the profile directory. Please refer to the source code comments in function loadTestEVInfos() for the expected format of that file. | |||
At the time of writing of this page, an example entry would look like this (4 lines): | |||
1_fingerprint 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39 | |||
2_readable_oid 2.16.840.1.114028.10.1.2 | |||
3_issuer MIHDMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 | |||
4_serial N0rSQw== | |||