[EMAIL PROTECTED] wrote:
for "normal" CAs, it's an easy task to add them as trusted root to Mozilla. Now I'm trying to setup my own local extended validation CA. Is it possible to add it locally as trusted root? On the OpenSSL mailing list I was told this wouldn't be an easy tasks, as EV CAs are embedded differently than normal CAs.
As of today, the set of roots approved for EV is embedded into Mozilla application level code. If you need to enable additional CAs, you must recompile.
The sources offer a way to produce a special build, intended for testing and debugging environments, where additional EV approvals can be read at runtime from a text file.
But this feature is (obviously) disabled in official binaries.If you're looking for the code, it all happens in a source file named nsIdentityChecking.cpp
Kai
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
