Distrust certs issued after 00:00:00 Oct. 21, 2016 by StartCom and WoSign #9469
Commits on Feb 3, 2017
-
crypto: add cert check issued by StartCom/WoSign
When tls client connects to the server with certification issued by either StartCom or WoSign listed in StartComAndWoSignData.inc, check notBefore of the server certificate and CERT_REVOKED error returns if it is after 00:00:00 on October 21, 2016. See for details in https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/, https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html and https://support.apple.com/en-us/HT204132
-
crypto: Remove expired certs from CNNIC whitelist
CNNIC Whitelist was updated with removing expired certificates.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.