Closed
Bug 671002
Opened 13 years ago
Closed 13 years ago
July 2011 batch of CA certificate changes
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.11
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(2 files)
35.10 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
35.21 KB,
patch
|
Details | Diff | Splinter Review |
July 2011 batch of CA certificate changes
Assignee | ||
Comment 1•13 years ago
|
||
I'll create a single patch for multiple bugs. Used these commands: addbuiltin -n "Certinomis - Autorité Racine" -t C,, < certinomis-645880.der >> ../mozilla/security/nss/lib/ckfw/builtins/certdata.txt addbuiltin -n "Root CA Generalitat Valenciana" -t C,C,C < accv-653761.der >> ../mozilla/security/nss/lib/ckfw/builtins/certdata.txt addbuiltin -n "A-Trust-nQual-03" -t C,, < atrust-661672.der >> ../mozilla/security/nss/lib/ckfw/builtins/certdata.txt addbuiltin -n "TWCA Root Certification Authority" -t C,C, < twca-666681.der >> ../mozilla/security/nss/lib/ckfw/builtins/certdata.txt And I manually edited the trust flug for Nederlanden-G2.
Assignee | ||
Comment 2•13 years ago
|
||
Assignee: nobody → kaie
Assignee | ||
Comment 3•13 years ago
|
||
Assignee | ||
Comment 4•13 years ago
|
||
Why are two different patches needed for trunk and branch? Because the symbolic names used in file certdata.txt have been recently renamed (trunk only). The data contained in both patches is identical, it's just the symbolic names that are different.
Assignee | ||
Comment 5•13 years ago
|
||
I was able to connect to all 4 sites, and the email trust flag appears for the Nederlanden-G2 root. I'll do a tryserver build next and ask CAs to test.
Assignee | ||
Comment 6•13 years ago
|
||
The tryserver build http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-34aa937b13fb/ uses this patch: http://hg.mozilla.org/try/rev/34aa937b13fb We are now waiting for feedback from CAs.
Assignee | ||
Comment 7•13 years ago
|
||
The 4 CAs that request addition of a new root have given positive test feedback, which means we're ready to proceed to the code review step. The patch includes one additional trust flag for "Staat der Nederlanden Root CA - G2" Test feedback for this is still pending. Should the CA not give feedback in time for the next release, I might remove this change from the patch prior to checkin.
Assignee | ||
Comment 8•13 years ago
|
||
Comment on attachment 545426 [details] [diff] [review] Patch v1 - trunk version (3.13) Requesting review from Bob. (If someone else would like to review instead, please feel free to jump in.)
Attachment #545426 -
Flags: review?(rrelyea)
Assignee | ||
Updated•13 years ago
|
Target Milestone: --- → 3.12.11
Assignee | ||
Comment 9•13 years ago
|
||
(In reply to comment #7) > > The patch includes one additional trust flag for > "Staat der Nederlanden Root CA - G2" > > Test feedback for this is still pending. We now have positive test feedback for all changes.
Comment 10•13 years ago
|
||
Comment on attachment 545426 [details] [diff] [review] Patch v1 - trunk version (3.13) r+ rrelyea. I was going to point out that you'll need a separate patch for the 3.12 branch because of the symbol name page, but I see you've already noticed this. bob
Attachment #545426 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 11•13 years ago
|
||
trunk: Checking in certdata.c; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c new revision: 1.78; previous revision: 1.77 done Checking in certdata.txt; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt new revision: 1.75; previous revision: 1.74 done Checking in nssckbi.h; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v <-- nssckbi.h new revision: 1.29; previous revision: 1.28 done 3.12 branch: Checking in certdata.c; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c new revision: 1.67.2.10; previous revision: 1.67.2.9 done Checking in certdata.txt; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt new revision: 1.64.2.10; previous revision: 1.64.2.9 done Checking in nssckbi.h; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v <-- nssckbi.h new revision: 1.24.2.5; previous revision: 1.24.2.4 done
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•