On Tue, Jul 22, 2014 at 2:00 PM, Brian Smith <br...@briansmith.org> wrote:
> Firefox's cert override mechanism uses a different pinning mechanism > than the "key pinning" feature. Basically, Firefox saves a tuple > (domain, port, cert fingerprint, isDomainMismatch, > isValidityPeriodProblem, isUntrustedIssuer) into a database. When it > encounters an untrsuted certificate, it computes that tuple and tries > to find a matching one in the database; if so, it allows the > connection. Interesting! Thanks for the clue. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
