Changes

We have At the time of the decision to work on mozilla::pkix, we had a number of options:# We can fix could have fixed the classic verification implementation. As already stated, this would require have required considerable work. # We can fix could have fixed and maintain maintained libpkix ourselves. This is was undesirable for the aforementioned reasons. Furthermore, as Google moves moved away from NSS, we will would have had less and less help working on this library. # We can use could have used whatever verification implementation Google develops. We may would have had to wait a year or more for this, and we would be depending on Google to share their work. # We can use could have used OpenSSL's certificate verification routine. Apparently it is buggy as well. # We can start could have started over from scratch and write written another entirely new verification library. This would have set us back a year. # Finally, we can use could have used the new verification library known as "mozilla::pkix" (formerly known as "insanity::pkix"). This is what we decided to do.

As a library, mozilla::pkix uses the notion of a "trust domain" provided by the application to build a trusted chain from an end-entity certificate to a root. The trust domain is responsible for saying what trust level a certificate has, finding potential issuers of a certificate, and checking the revocation for a certificate. A certificate can be a trust anchor, it can inherit its trust, or it can be actively distrusted. Given an end-entity certificate and a trust domain, the library will perform issuer-independent checks on that certificate (e.g. expiration, appropriate key usages), get a list of potential issuers, and perform a depth-first traversal. If it encounters a distrusted certificate, it abandons searching that path. If it finds a trust anchor, it returns queries the trust domain again to see if that successful path is acceptable (here is where we will add a callback to check key pinning). If so, the trust domain interface that checks the otherwise good chain for applicationend-specific features, such as the presence of a specific key)entity certificate has successfully been verified.

We have been working on this project for a long time. Last year, progress was slower than everyone would have liked. However, starting in late January, development picked up considerably to the point where we had landed a working implementation (albeit with no OCSP checking) within a month. Since then, we have landed OCSP checking and test improvements, as well as an OCSP cache. In fact, we managed to have a sufficiently complete and we are about interoperable implementation for it to land the OCSP cachebe released in Firefox 31 on July 22nd, 2014.

Matt Wobensmith just completed compatibility-testing of 200k HTTPS sites and found 16 with issues. These are being were investigatedand resolved to our satisfaction.