On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote: > All, > > > > We have been working on a new certificate verification library for > > Gecko, and would greatly appreciate it if you will test this new library > > and review the new code. > > > > Background > > > > NSS currently has two code paths for doing certificate verification. > > "Classic" verification has been used for verification of non-EV > > certificates, and libPKIX has been used for verification of EV > > certificates. > > > > As many of you are aware, the NSS team has wanted to replace the > > "classic" verification with libPKIX for a long time. However, the > > current libPKIX code was auto-translated from Java to C, and has proven > > to be very difficult to maintain and use. Therefore, Mozilla has created > > a new certificate verification library called mozilla::pkix. > > > > Request for Testing > > > > Replacing the certificate verification library can only be done after > > gaining sufficient confidence in the new code by having as many people > > and organizations test it as possible. > > > > We ask that all of you help us test this new library as described here: > > https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Request_for_Testing > > > > Testing Window: The mozilla::pkix certificate verification library is > > available for testing now in Nightly Firefox builds. We ask that you > > test as soon as possible, and that you complete your testing before > > Firefox 31 exits the Aurora branch in June. > > (See https://wiki.mozilla.org/RapidRelease/Calendar) > > > > Request for Code Review > > > > The more people who code review the new code, the better. So we ask all > > of you C++ programmers out there to review the code and let us know if > > you see any potential issues. > > https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Request_for_Code_Review > > > > > > We look forward to your help in testing and reviewing this new > > certificate verification library. > > > > Mozilla Security Engineering Team
Mozilla::pkix includes some changes in support of current best practices and policies, as listed below. If you notice an issue due to any of these changes, please feel free to let us know. However, we believe that in most cases, the simplest resolution will be to update the SSL certificate in your webserver. YOU F**KTARDS.. SOMETIMES WE HAVE ABSOLUTELY ZERO F**KING CONTROL OVER THE SSL CERT PRESENTED.. WE **know** IT SHOULD BE TRUSTED BECAUSE ITS AN INTERNAL F**KING DEVICE, AND DON'T GIVE ONE FLYING F**K IF THE CERT IS VALID OR NOT.. WE **SHOULD** BE ALLOWED REGARDLESS OF THE F**KING CAUSE, TO ADD AN EXCEPTION.. TAKE THE SAME F**KING URL TO ANY OTHER BROWSER, AND AT WORST YOU GET CHROME WHICH NOW WON'T REMEMBER USER/PASS COMBOS TO GET INTO THOSE SITES **** BUT IT STILL F**KING LETS YOU GET TO THE GOD DAMNED F**KING SITE! WHY IS IT THAT YOU SMART A** F**KERS CAN'T UNDERSTAND YOU **CAN NOT FORCE THIS ON PEOPLE** YOU **MUST** ALLOW THEM TO ADD AN EXCEPTION EVEN IF TEMPORARY! OTHERWISE BY NOT ALLOWING US TO DO SO YOU FORCE US TO USE ANOTHER BROWSER.. FOR SOME OF US AS PART OF OUR JOB.. AND WHAT THEN IS THE POINT OF HAVING FIREFOX IF YOU CAN'T USE IT TO DO YOUR F**KING WORK? F**KTARD DEVELOPERS you think you're so smart, you think you know everything and that because YOU think vendors of broken hardware should be forced to fix.. or what.. buy something new? ... F U devs.. you fix this.. or see people abandon you and loose what little cred you had in the browser war! -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
