Closed
Bug 1335904
Opened 8 years ago
Closed 8 years ago
Disable EV treatment for TurkTrust H6 root certificate
Categories
(Core :: Security: PSM, enhancement)
Tracking
()
RESOLVED
FIXED
mozilla54
People
(Reporter: kathleen.a.wilson, Assigned: keeler)
References
Details
(Whiteboard: [psm-assigned])
Attachments
(1 file)
59 bytes,
text/x-review-board-request
|
jcj
:
review+
jcristau
:
approval-mozilla-esr52+
|
Details |
Please remove EV treatment for following root certificate:
Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6, OU=null, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., C=TR
SHA-1 Fingerprint: 8A:5C:8C:EE:A5:03:E6:05:56:BA:D8:1B:D4:F6:C9:B0:ED:E5:2F:E0
SHA-256 Fingerprint: 8D:E7:86:55:E1:BE:7F:78:47:80:0B:93:F6:94:D2:1D:36:8C:C0:6E:03:3E:7F:AB:04:BB:5E:B9:9D:A6:B7:00
EV Policy OID: 2.16.792.3.0.3.1.1.5
From the CA: "...as TURKTRUST we decided to hold our EV SSL operations. ... Please feel free to proceed with filing a Bugzilla Bug to remove H6 root certificate from the NSS root store."
Assignee | ||
Comment 1•8 years ago
|
||
Looks like https://testsuite12002.turktrust.com.tr/ is a good test site for this.
Assignee: nobody → dkeeler
Whiteboard: [psm-assigned]
Comment hidden (mozreview-request) |
Comment 3•8 years ago
|
||
mozreview-review |
Comment on attachment 8833089 [details]
bug 1335904 - disable EV treatment for TurkTrust H6 root certificate
https://reviewboard.mozilla.org/r/109314/#review110462
Attachment #8833089 -
Flags: review?(jjones) → review+
Assignee | ||
Comment 4•8 years ago
|
||
Thanks!
Comment 6•8 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox54:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
Assignee | ||
Comment 7•8 years ago
|
||
Comment on attachment 8833089 [details]
bug 1335904 - disable EV treatment for TurkTrust H6 root certificate
[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration: needed for bug 1357599
User impact if declined: bug 1357599 can't land
Fix Landed on Version: 54
Risk to taking this patch (and alternatives if risky): very low - this just removes a small amount of static data
String or UUID changes made by this patch: none
See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.
Attachment #8833089 -
Flags: approval-mozilla-esr52?
Comment 8•8 years ago
|
||
Hello jcristau, can you please consider to approve this bug for uplift to ESR 52?
This isn't a code change. It's simply removal of static data, that enablec a CA for EV status, and currently has a test that tries to assert the underlying root CA is actually present as part of NSS.
Given that we remove this old root CA from NSS, we must remove the EV enablement, too, to avoid the test failure.
Flags: needinfo?(jcristau)
Comment 9•8 years ago
|
||
Comment on attachment 8833089 [details]
bug 1335904 - disable EV treatment for TurkTrust H6 root certificate
remove EV bit from a TurkTrust root, needed for nss update, esr52+
ritu fyi
Flags: needinfo?(jcristau) → needinfo?(rkothari)
Attachment #8833089 -
Flags: approval-mozilla-esr52? → approval-mozilla-esr52+
Comment 10•8 years ago
|
||
Hello Ritu, can you please consider to approve this bug for uplift to ESR 52?
This isn't a code/logic change. It's simply removal of static data, that previously enabled a CA for EV status, and currently has a test that tries to assert the underlying root CA is actually present as part of NSS.
Given that we want to remove the old root CA from NSS in bug 1357599, we must remove this EV enablement, too, to avoid the test failure, and allow to land approved bug 1357599.
Comment 11•8 years ago
|
||
bugherder uplift |
status-firefox-esr52:
--- → fixed
Updated•8 years ago
|
Flags: needinfo?(rkothari)
You need to log in
before you can comment on or make changes to this bug.
Description
•