Closed Bug 1138716 Opened 5 years ago Closed 5 years ago

Regenerate PSM data structures affected by February 2015 batch of root changes

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla39
Tracking Status
firefox38 --- fixed
firefox39 --- fixed

People

(Reporter: kwilson, Assigned: keeler)

References

Details

Attachments

(1 file)

Please regenerate the pinning list and notify the corresponding site operators regarding the February 2015 batch of root changes in Bug #1132496

In particular, the following root certificates will either be removed or have their websites trust bit turned off.

Bug #986019
Equifax Secure Certificate Authority
Equifax Secure Global eBusiness CA-1

Bug #1105374
TC TrustCenter Class 3 CA II
AFAICT, the pinning list will automatically pick up the correct changes (no pinsets used the roots that were removed). There are other data structures that need to be updated, however (namely, the root-related telemetry).
Summary: Regenerate Pinning list due to February 2015 batch of root changes → Regenerate PSM data structures affected by February 2015 batch of root changes
Attached patch patchSplinter Review
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #8581772 - Flags: review?(mmc)
Attachment #8581772 - Flags: review?(mmc) → review+
https://hg.mozilla.org/mozilla-central/rev/bcebc84e7238
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Comment on attachment 8581772 [details] [diff] [review]
patch

Approval Request Comment
[Feature/regressing bug #]: February 2015 root changes (bug 1132496)
[User impact if declined]: root CA telemetry will be inaccurate
[Describe test coverage new/current, TreeHerder]: n/a
[Risks and why]: low
[String/UUID change made/needed]: none
Attachment #8581772 - Flags: approval-mozilla-aurora?
Attachment #8581772 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.