Closed Bug 207379 Opened 22 years ago Closed 22 years ago

Update built-in roots.

Categories

(NSS :: Libraries, defect, P2)

x86
Windows XP
defect

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: ssaux, Assigned: rrelyea)

Details

(Whiteboard: [adt1][ETA: can land upon drivers' approval][3.7.6])

Attachments

(4 files, 1 obsolete file)

Remove Valicert Class 1 Validation Authority OCSP root. SHA1 fingerprint: 5B:76:B1:BC:E2:8A:F0:F6:71:91:85:67:26:8D:11:69:0F:17:3F:73 Remove Baltimore:
adt: nsbeta1+/adt1
Keywords: nsbeta1nsbeta1+
Whiteboard: [adt1]
Assigned the bug to Bob. This should block Mozilla 1.4 and the Netscape client based on Mozilla 1.4.
Assignee: wtc → relyea
Flags: blocking1.4?
Priority: -- → P2
Target Milestone: --- → 3.8.1
For brevity I omitted the changes to certdata.c, which is a generated file.
Comment on attachment 124408 [details] [diff] [review] Proposed patch for NSS 3.8 branch (changes to certdata.c omitted) Bob, please review this patch. I converted the provided hexadecimal SHA1 fingerprint to octal. It is 133 166 261 274 342 212 360 366 161 221 205 147 046 215 021 151 017 027 077 163. You can use this to verify that I deleted the right root cert. I bumped the minor version to 30 on the 3.8 branch because 3x seems to be the minor version for the 3.8 branch according to bug 169038. Similarly the tip (3.9) should have the minor version 40.
Attachment #124408 - Flags: review?(relyea)
Comment on attachment 124408 [details] [diff] [review] Proposed patch for NSS 3.8 branch (changes to certdata.c omitted) r=relyea patch does remove valicert certificate. & trust object.
Attachment #124408 - Flags: review?(relyea) → review+
Comment on attachment 124408 [details] [diff] [review] Proposed patch for NSS 3.8 branch (changes to certdata.c omitted) Requesting mozilla 1.4 approval. This is a low risk patch. It removes a certificate from NSS's built-in list of root CA certificates. This change is a requirement for the Netscape client based on Mozilla 1.4.
Attachment #124408 - Flags: approval1.4?
a=adt for landing this on the 1.4 branch.
Whiteboard: [adt1] → [adt1][ETA: can land upon drivers' approval]
Comment on attachment 124408 [details] [diff] [review] Proposed patch for NSS 3.8 branch (changes to certdata.c omitted) a=asa (on behalf of drivers) for checkin to the 1.4 branch.
Attachment #124408 - Flags: approval1.4? → approval1.4+
Fix checked in on the NSS trunk (NSS 3.9), NSS_3_8_BRANCH (NSS 3.8.1), NSS_CLIENT_TAG (mozilla 1.5alpha), and MOZILLA_1_4_BRANCH (mozilla 1.4 final). No changes were made to the Baltimore roots. Please open a separate bug for them.
Status: NEW → RESOLVED
Closed: 22 years ago
Keywords: fixed1.4
Resolution: --- → FIXED
Attached patch Documentation change (obsolete) — Splinter Review
1. Add instructions on removing a builtin root CA cert to the README file. 2. Add a table of the range of the module's library minor versions for each NSS 3.x branch to nssckbi.h.
Attachment #124761 - Attachment is obsolete: true
Attachment #124768 - Flags: review?(relyea)
Bumped the module's minor version to 21 (from 20). Changed NSS version to 3.7.6 (from 3.7.5). Bob, could you review this patch? Thanks.
Patch checked into NSS_3_7_BRANCH for NSS 3.7.6.
Whiteboard: [adt1][ETA: can land upon drivers' approval] → [adt1][ETA: can land upon drivers' approval][3.7.6]
verified that fix made it into the said branches
Status: RESOLVED → VERIFIED
marking verified1.4
Keywords: fixed1.4verified1.4
Flags: blocking1.4?
Attachment #124768 - Flags: review?(rrelyea0264) → review+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: