Closed
Bug 795355
Opened 12 years ago
Closed 12 years ago
September 2012 batch of root CA changes
Categories
(NSS :: CA Certificates Code, task)
Tracking
(firefox-esr1018+ verified, firefox-esr1718+ verified)
VERIFIED
FIXED
3.14
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
(Keywords: verifyme)
Attachments
(1 file, 3 obsolete files)
57.19 KB,
patch
|
rrelyea
:
review+
bajaj
:
approval-mozilla-esr10+
bajaj
:
approval-mozilla-esr17+
|
Details | Diff | Splinter Review |
This single bug intends to deal with multiple pending change requests, as of September 2012, see dependency list.
Assignee | ||
Comment 1•12 years ago
|
||
Patch. Delaying review until we have test feedback for the changes. Test build started: https://tbpl.mozilla.org/?tree=Try&rev=564a5a2618f5
Assignee: nobody → kaie
Assignee | ||
Comment 2•12 years ago
|
||
This updated patch is a subset of the previous patch. It contains the roots from TurkTrust and T-TeleSec, that have been confirmed as having been correctly added in the test build.
Attachment #668019 -
Attachment is obsolete: true
Attachment #669320 -
Flags: review?(rrelyea)
Assignee | ||
Comment 3•12 years ago
|
||
Updated patch to increase the version number of the builtins module.
Attachment #669320 -
Attachment is obsolete: true
Attachment #669320 -
Flags: review?(rrelyea)
Attachment #669322 -
Flags: review?(rrelyea)
Assignee | ||
Comment 4•12 years ago
|
||
Given that Bob hadn't yet started the review, I'm updating the patch again. This once again includes all 3 new roots. It's the same set of roots that had been included in the test build, plus the version number change.
Attachment #669322 -
Attachment is obsolete: true
Attachment #669322 -
Flags: review?(rrelyea)
Attachment #670464 -
Flags: review?(rrelyea)
Comment 5•12 years ago
|
||
Kai, where's the bug for the 3rd root?
Comment 6•12 years ago
|
||
Comment on attachment 670464 [details] [diff] [review] Patch v5 r+ found the bug and attached it. bob
Attachment #670464 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 7•12 years ago
|
||
Checking in certdata.c; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c new revision: 1.90; previous revision: 1.89 done Checking in certdata.txt; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt new revision: 1.86; previous revision: 1.85 done Checking in nssckbi.h; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v <-- nssckbi.h new revision: 1.38; previous revision: 1.37 done
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.14
Assignee | ||
Comment 8•12 years ago
|
||
Also landed on NSS_3_13_4_BRANCH. Checking in certdata.c; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/Attic/certdata.c,v <-- certdata.c new revision: 1.85.2.3; previous revision: 1.85.2.2 done Checking in certdata.txt; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt new revision: 1.82.2.3; previous revision: 1.82.2.2 done Checking in nssckbi.h; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v <-- nssckbi.h new revision: 1.35.2.2; previous revision: 1.35.2.1 done
Assignee | ||
Comment 9•12 years ago
|
||
Should we adjust the target milestone to 3.13.7 ?
Assignee | ||
Updated•12 years ago
|
tracking-firefox-esr10:
--- → ?
tracking-firefox17:
--- → ?
Assignee | ||
Updated•12 years ago
|
tracking-firefox17:
? → ---
tracking-firefox-esr17:
--- → ?
Assignee | ||
Comment 10•12 years ago
|
||
Comment on attachment 670464 [details] [diff] [review] Patch v5 Required as a base patch for root module consistency across Firefox branches.
Attachment #670464 -
Flags: approval-mozilla-esr17?
Attachment #670464 -
Flags: approval-mozilla-esr10?
Updated•12 years ago
|
status-firefox-esr10:
--- → affected
status-firefox-esr17:
--- → affected
Updated•12 years ago
|
Attachment #670464 -
Flags: approval-mozilla-esr17?
Attachment #670464 -
Flags: approval-mozilla-esr17+
Attachment #670464 -
Flags: approval-mozilla-esr10?
Attachment #670464 -
Flags: approval-mozilla-esr10+
Assignee | ||
Comment 11•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-esr17/rev/1c235f2c2c27
Assignee | ||
Comment 12•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-esr10/rev/ef60da380f1b
Comment 13•11 years ago
|
||
Kai, anything QA needs to be on the lookout for in terms of potential Firefox 10.0.12esr and 17.0.2esr regressions?
Whiteboard: [qa?]
Assignee | ||
Comment 14•11 years ago
|
||
Anthony, besides new root CA certs now being trusted by Firefox (now the same set of certificates that are trusted in the most recent release of Firefox 18), you shouldn't see anything else.
Comment 15•11 years ago
|
||
Do we know of any websites using the new root CA certs that we could spotcheck?
Assignee | ||
Comment 16•11 years ago
|
||
(In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #15) > Do we know of any websites using the new root CA certs that we could > spotcheck? See the dependency list in this bug (and in the may 2012 bug). Each bug should have a link to an example page.
Comment 17•11 years ago
|
||
Thanks Kai. Adding verifyme to spotcheck the test URLs mentioned in the dependency bugs.
Keywords: verifyme
Whiteboard: [qa?]
Comment 18•11 years ago
|
||
(In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #15) > Do we know of any websites using the new root CA certs that we could > spotcheck? bug #795355 -- Test URL: https://root-class3.test.telesec.de bug #768547 -- Test URL: https://evssl.turktrust.com.tr (should fail) bug #795020 -- Test URL: https://www.openxades.org/
Comment 19•11 years ago
|
||
Wow, thanks Kathleen! Would you be able to add a similar update to bug 757197?
Comment 20•11 years ago
|
||
Verified fixed on Firefox 10.0.12 ESR, for the following OSs: Windows 7 64-bit, Ubuntu 12.04 32-bit, Mac OSX 10.8. Build ID: 20130103094221 User Agents: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.12) Gecko/20100101 Firefox/10.0.12 Mozilla/5.0 (X11; Linux i686; rv:10.0.12) Gecko/20100101 Firefox/10.0.12 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:10.0.12) Gecko/20100101 Firefox/10.0.12
QA Contact: manuela.muntean
Comment 21•11 years ago
|
||
Thank you Manuela. Can you also please test this against the 17.0.2esr candidate builds (they should be appearing on FTP in a few hours)?
Comment 22•11 years ago
|
||
Verified fixed on Firefox 17.0.2 ESR, for the following OSs: Windows 7 64-bit, Ubuntu 12.04 32-bit, Mac OSX 10.8. Build ID: 20130107124423 User Agents: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0 Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20100101 Firefox/17.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20100101 Firefox/17.0 I couldn't connect to the server for this page: https://evssl.turktrust.com.tr (that should fail the test), neither on Firefox nor on Chrome, for all 3 OSs tested.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•