Closed Bug 1738101 Opened 4 years ago Closed 3 years ago

certdata.txt should transition to SHA 256 instead of listing MD5 and SHA1 fingerprints for CA certificates

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1679803

People

(Reporter: yann, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0

Steps to reproduce:

For each CA certificates listed in https://hg.mozilla.org/projects/nss/file/ed71098aced14453d31984d7547b39a9a46cf43f/lib/ckfw/builtins/certdata.txt, some fingerprints are used to describe each certificates.

Actual results:

The fingerprints use the MD5 and SHA-1 algorithms.

MD5 must be considered broken for most purpose.
SHA-1 is following the same path.

Expected results:

Please correct me, but I don't see the point of keeping MD5.

SHA-1 still have some uses ... for example openssl x509 -fingerprint still default to SHA-1 :(

SHA-256 fingerprint should be added.

https://hg.mozilla.org/projects/nss/rev/7a34cf74b659920161d3a529144e70c0601f8210 addresses my report. Thanks.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE

(see commit above)

You need to log in before you can comment on or make changes to this bug.