Skip to content

Audit MozBug 1867624 (do not use nsIX509Cert.isBuiltInRoot)

Bug 1867624 introduced a conflict between 115 and 128 here:

diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js
index dd045561e498b..ddecd6283a61b 100644
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -787,13 +787,7 @@ var gIdentityHandler = {
    * built-in (returns false) or imported (returns true).
    */
   _hasCustomRoot() {
-    let issuerCert = null;
-    issuerCert =
-      this._secInfo.succeededCertChain[
-        this._secInfo.succeededCertChain.length - 1
-      ];
-
-    return !issuerCert.isBuiltInRoot;
+    return !this._secInfo.isBuiltCertChainRootBuiltInRoot;
   },
 
   /**

Checking what this means for us was not trivial, so I preferred accepting the upstream changes, and open this issue to follow up.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information