Closed Bug 1356623 Opened 8 years ago Closed 8 years ago

remove CNNIC whitelist

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla57
Tracking Flags:
Tracking Status
firefox57 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

bug 1356623 - remove now-unnecessary CNNIC certificate whitelist
59 bytes, text/x-review-board-request
jcj
: review+
Details
Now that we've disabled SHA-1, a number of CNNIC certificates can be removed from the whitelist. At the same time, we can remove some expired ones.
Actually, doing this results in 41 entries on the whitelist, so I'm morphing this bug to just remove the list and associated machinery once the roots have been removed from NSS.
Depends on: 1358546
Summary: update CNNIC whitelist to remove SHA-1 certificates → remove CNNIC whitelist
Whiteboard: [psm-assigned] → [psm-blocked][psm-assigned]
Whiteboard: [psm-blocked][psm-assigned] → [psm-assigned]
Comment on attachment 8893606 [details] bug 1356623 - remove now-unnecessary CNNIC certificate whitelist https://reviewboard.mozilla.org/r/164692/#review170122
Attachment #8893606 - Flags: review?(jjones) → review+
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ec588b600d32 remove now-unnecessary CNNIC certificate whitelist r=jcj
https://hg.mozilla.org/mozilla-central/rev/ec588b600d32
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox57: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: