Closed
Bug 555860
Opened 14 years ago
Closed 14 years ago
Enable Certplus Class 2 Primary CA for EV in PSM
Categories
(Core :: Security: PSM, enhancement)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
People
(Reporter: kathleen.a.wilson, Assigned: KaiE)
References
Details
Attachments
(1 file)
1.52 KB,
patch
|
rrelyea
:
review+
mayhemer
:
review+
dveditz
:
approval1.9.2.7+
dveditz
:
approval1.9.1.11+
|
Details | Diff | Splinter Review |
Per bug 497917 the request from Keynectis/Certplus has been approved to enable its Certplus “Class 2 Primary CA” root certificate for EV use. Please make the corresponding changes to PSM. The relevant information is as follows: Friendly name: Certplus Class 2 Primary CA SHA1 Fingerprint: 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB EV policy OID: 1.3.6.1.4.1.22234.2.5.2.3.1 Test URL: https://www.keynectis.com
Reporter | ||
Comment 1•14 years ago
|
||
Erwann, Please confirm that the above information is correct.
Comment 2•14 years ago
|
||
I double checked the SHA1 fingerprint, and the EV Policy OID. Everything mentioned above is correct. BTW, thank you for your implication.
Reporter | ||
Comment 3•14 years ago
|
||
Thanks for confirming that the data in this bug is correct. Root inclusions/updates are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months. At some point in the next 3 months a test build will be provided and this bug will be updated to request that you test it. Since you are cc'd on this bug, you will get notification via email when that happens.
Assignee | ||
Comment 4•14 years ago
|
||
Using this patch I get the expected green EV indicator.
Attachment #437711 -
Flags: review?(rrelyea)
Assignee | ||
Comment 5•14 years ago
|
||
Kathleen, I wonder if we could simplify the verification procedure (this time only), given that no NSS update is necessary. My proposal is: - I've already tested that it appears to work - we get the code review - we add the code to the experimental Firefox nightly builds - the CA representatives verify correctness using an Firefox 3.7 nightly developer build - if correct, we could proceed (if desired) to add it to stable branches Kathleen, would you be OK with this simplified procedure? Erwann Abalea, would you be OK to perform the test using an "alpha quality" version of Firefox?
Assignee | ||
Comment 6•14 years ago
|
||
For you and my reference, I'm talking about the nightly builds that are updated each night at this location: ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/ (your root is NOT yet enabled in those builds, we'll update the bug if the proposal is accepted and once the code has been added)
Comment 7•14 years ago
|
||
I'm OK to test such an "alpha quality" version of Firefox.
Reporter | ||
Comment 8•14 years ago
|
||
Kai, That sounds like a good plan. Thanks!
Assignee | ||
Updated•14 years ago
|
Attachment #437711 -
Flags: review?(honzab.moz)
Comment 9•14 years ago
|
||
Comment on attachment 437711 [details] [diff] [review] Patch v1 Works for me. >diff --git a/security/manager/ssl/src/nsIdentityChecking.cpp b/security/manager/ssl/src/nsIdentityChecking.cpp >+ // CN=Class 2 Primary CA,O=Certplus,C=FR Maybe just adjust to one space after // to be consistent with the rest of the file. r=honzab
Attachment #437711 -
Flags: review?(honzab.moz) → review+
Comment 10•14 years ago
|
||
Comment on attachment 437711 [details] [diff] [review] Patch v1 r+ rrelyea
Attachment #437711 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 11•14 years ago
|
||
Checked in http://hg.mozilla.org/mozilla-central/rev/e6b82019c7a7 Erwann: Please wait until tomorrow, then go to the address from comment 6, and grab a alpha quality build with a timestamp of May 04. Thanks in advance for testing. Please let us know if it works right for you.
Assignee | ||
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 12•14 years ago
|
||
Sorry I couldn't check yesterday, too busy. I just downloaded and tested the May 05 version, for Linux i686, that's right for me, I get the green bar. Thanks, Kai.
Assignee | ||
Comment 13•14 years ago
|
||
Comment on attachment 437711 [details] [diff] [review] Patch v1 requesting EV approval for stable firefox branches
Attachment #437711 -
Flags: approval1.9.2.5?
Attachment #437711 -
Flags: approval1.9.1.11?
Updated•14 years ago
|
Attachment #437711 -
Flags: approval1.9.2.6+
Attachment #437711 -
Flags: approval1.9.2.5?
Attachment #437711 -
Flags: approval1.9.1.11?
Attachment #437711 -
Flags: approval1.9.1.11+
Comment 14•14 years ago
|
||
Comment on attachment 437711 [details] [diff] [review] Patch v1 Approved for 1.9.2.6 and 1.9.1.11, a=dveditz for release-drivers
Assignee | ||
Comment 15•14 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/a1fd2f3881ff
status1.9.1:
--- → .11-fixed
Assignee | ||
Comment 16•14 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/61b116a969ef
status1.9.2:
--- → .6-fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•