Closed
Bug 244982
Opened 21 years ago
Closed 20 years ago
Add ipsCA root certificates to NSS
Categories
(NSS :: Libraries, enhancement, P2)
Tracking
(Not tracked)
VERIFIED
FIXED
3.9.3
People
(Reporter: hecker, Assigned: nelson)
References
Details
Attachments
(1 file)
|
180.74 KB,
patch
|
Details | Diff | Splinter Review |
|
Reporter | |
Comment 1•21 years ago
|
||
Sigh. I keep hitting return in Bugzilla before I'm supposed to :-(
Per my comments in bug 232695 I'm approving inclusion of root CA certs for ipsCA
in Mozilla. For the complete list of certs see
<http://www.hecker.org/mozilla/ca-certificate-list>. To my knowledge all the
certs are true root certs.
Blocks: 232695
|
Assignee | |
Comment 2•21 years ago
|
||
Put on 3.10 radar screen.
Frank, are there any more of these forthcoming?
Priority: -- → P2
Target Milestone: --- → 3.10
|
|
Reporter | |
Comment 3•21 years ago
|
||
Yes, there may be at least one or two more shortly. I'll post to n.p.m.crypto
today with details.
|
|
Assignee | |
Comment 4•21 years ago
|
||
One of the 7 ipsca root CA certs claims to be a timestamping CA cert.
But NSS doesn't implement signed timestamping (or recognize it).
Also, that timestamping CA cert is marked to be valid for many uses,
including SSL server auth, SSL client auth, email, and not just for
timestamping.
So, we we want to include that CA cert?
|
|
Assignee | |
Comment 5•21 years ago
|
||
This patch depends on the patches to bug 242040 and bug 252132 being
applied first.
|
|
Assignee | |
Comment 6•21 years ago
|
||
Frank, I would like someone from IPS CA to contact me by email to arrange
to test an engineering build of nssckbi with these certs in it. I have
not found any email addresses in the CC lists of any of the relevant bugs.
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 7•21 years ago
|
||
Comment on attachment 155333 [details] [diff] [review]
patch v1
Julien, please review. Remember that this patch has a prerequisite patch that
has not yet been applied.
Attachment #155333 -
Flags: review?(julien.pierre.bugs)
|
||
Comment 8•20 years ago
|
||
KDE
http://bugs.kde.org/show_bug.cgi?id=61626
is going to implement it as well.
|
||
Updated•20 years ago
|
Flags: blocking-aviary1.0?
|
|
Assignee | |
Comment 9•20 years ago
|
||
This has been checked in on the trunk for NSS 3.10.
So, I am marking this bug fixed. We may also choose to
port this enhancement back to NSS 3.9.x.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 10•20 years ago
|
||
Checked in on the 3.9 branch.
Checking in builtins/certdata.c; new revision: 1.27.16.1; previous 1.27
Checking in builtins/certdata.txt; new revision: 1.28.16.1; previous 1.28
Checking in builtins/nssckbi.h; new revision: 1.6.16.2; previous 1.6.16.1
Target Milestone: 3.10 → 3.9.3
|
|
Assignee | |
Comment 11•20 years ago
|
||
*** Bug 213177 has been marked as a duplicate of this bug. ***
|
||
Updated•20 years ago
|
Flags: blocking-aviary1.0?
|
||
Updated•20 years ago
|
Attachment #155333 -
Flags: review?(julien.pierre.bugs)
|
||
Comment 12•20 years ago
|
||
Verified with Firefox 1.0.2 that seven IPS root CA certs
(including the timestamping CA) are in the "Builtin
Object Token" and their trust settings are:
This certificate can identify web sites.
This certificate can identify mail users.
This certificate can identify software makers.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•