Closed Bug 1052099 Opened 11 years ago Closed 11 years ago

August 2014 batch of EV root CA changes

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla34

People

(Reporter: kathleen.a.wilson, Assigned: cviecco)

References

Details

Attachments

(1 file)

august-2014-ev-changes
5.88 KB, patch
keeler
: review+
Details | Diff | Splinter Review
The purpose of this bug is to use a single patch to make the code changes for the August 2014 batch of EV-enablement changes (see the list of bugs this one blocks). Please enable EV treatment in source/security/certverifier/ExtendedValidation.cpp for the following root certs. == Bug #991215 – Actalis – 1 root == Test URL: https://ssltest-a.actalis.it:8443 // CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT EV Policy OID: 1.3.159.1.17.1 Fingerprint (SHA-256): 55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66 Issuer DER Base64: MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxp cyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGlj YXRpb24gUm9vdCBDQQ== Serial DER Base64: VwoRl0LE48w= == Bug #1017299 – WoSign – 2 roots == Test URL: https://root1evtest.wosign.com/ // CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN EV Policy OID: 1.3.6.1.4.1.36305.2 Fingerprint (SHA-256): 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08 Issuer DER Base64: MFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgG A1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWdu Serial DER Base64: XmjWEXGUY1BWAGjzPsnFkQ== Test URL: https://root2evtest.wosign.com // CN=CA ...............,O=WoSign CA Limited,C=CN EV Policy OID: 1.3.6.1.4.1.36305.2 Fingerprint (SHA-256): D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54 Issuer DER Base64: MEYxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkG A1UEAwwSQ0Eg5rKD6YCa5qC56K+B5Lmm Serial DER Base64: UHBrzdgT/BtOOzNy0hFIjQ== == Bug #1021093 – DigiCert – 5 roots == Test URL: https://assured-id-root-g2.digicert.com/ // CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US EV Policy OID: 2.16.840.1.114412.2.1 Fingerprint (SHA-256): 7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85 Issuer DER Base64: MGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg Um9vdCBHMg== Serial DER Base64: C5McOtY5Z+pnI7/Dr5r0Sw== Test URL: https://assured-id-root-g3.digicert.com/ // CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US EV Policy OID: 2.16.840.1.114412.2.1 Fingerprint (SHA-256): 7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2 Issuer DER Base64: MGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg Um9vdCBHMw== Serial DER Base64: C6Fa+h3foLVJRK/NJKBs7A== Test URL: https://global-root-g2.digicert.com/ // CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US EV Policy OID: 2.16.840.1.114412.2.1 Fingerprint (SHA-256): CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F Issuer DER Base64: MGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290 IEcy Serial DER Base64: Azrx5qcRqaC7KGSxHQn65Q== Test URL: https://global-root-g3.digicert.com/ // CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US EV Policy OID: 2.16.840.1.114412.2.1 Fingerprint (SHA-256): 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0 Issuer DER Base64: MGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290 IEcz Serial DER Base64: BVVWvPJepDU1w6QP1atFcg== Test URL: https://trusted-root-g4.digicert.com/ // CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US EV Policy OID: 2.16.840.1.114412.2.1 Fingerprint (SHA-256): 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88 Issuer DER Base64: MGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9v dCBHNA== Serial DER Base64: BZsbV56OITLiOQe9p3d1XA== == Bug #1021106 – QuoVadis – 1 root== Test URL: https://evsslicag3-v.quovadisglobal.com/ // CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM EV Policy OID: 1.3.6.1.4.1.8024.0.2.100.1.2 Fingerprint (SHA-256): 8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40 Issuer DER Base64: MEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYD VQQDExVRdW9WYWRpcyBSb290IENBIDIgRzM= Serial DER Base64: RFc0JFuBiZs18s64KztbpybwdSg=
Assignee: nobody → cviecco
NB: removals of root certs need to regenerate the pinning list. Looks like that doesn't apply here, though.
I tried the test build and it's ok to me.
I have tested with the try-build, and confirm that EV treatment is given as expected for all of the roots listed above. I also reviewed the patch, and the changes are as expected. Thanks!
Attachment #8479431 - Flags: review?(dkeeler)
Comment on attachment 8479431 [details] [diff] [review] august-2014-ev-changes Review of attachment 8479431 [details] [diff] [review]: ----------------------------------------------------------------- LGTM.
Attachment #8479431 - Flags: review?(dkeeler) → review+
https://hg.mozilla.org/mozilla-central/rev/bbb7d48bfea8
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: