Last Comment Bug 207379 - Update built-in roots.
: Update built-in roots.
Status: VERIFIED FIXED
[adt1][ETA: can land upon drivers' ap...
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: unspecified
: x86 Windows XP
: P2 normal (vote)
: 3.8.1
Assigned To: Robert Relyea
: Bishakha Banerjee
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-05-28 10:57 PDT by Stephane Saux
Modified: 2003-06-11 00:02 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Proposed patch for NSS 3.8 branch (changes to certdata.c omitted) (8.08 KB, patch)
2003-05-28 17:39 PDT, Wan-Teh Chang
rrelyea: review+
asa: approval1.4+
Details | Diff | Splinter Review
Proposed patch for NSS tip (changes to certdata.c omitted) (8.08 KB, patch)
2003-05-28 17:43 PDT, Wan-Teh Chang
no flags Details | Diff | Splinter Review
Documentation change (3.15 KB, patch)
2003-06-02 14:15 PDT, Wan-Teh Chang
no flags Details | Diff | Splinter Review
Documentation change v1.1 (2.99 KB, patch)
2003-06-02 15:17 PDT, Wan-Teh Chang
rrelyea: review+
Details | Diff | Splinter Review
Proposed patch for NSS 3.7 branch (changes to certdata.c omitted) (9.12 KB, patch)
2003-06-04 11:38 PDT, Wan-Teh Chang
no flags Details | Diff | Splinter Review

Description Stephane Saux 2003-05-28 10:57:11 PDT
Remove Valicert Class 1 Validation Authority OCSP root.
SHA1 fingerprint: 
5B:76:B1:BC:E2:8A:F0:F6:71:91:85:67:26:8D:11:69:0F:17:3F:73

Remove Baltimore:
Comment 1 Samir Gehani 2003-05-28 16:13:15 PDT
adt: nsbeta1+/adt1
Comment 2 Wan-Teh Chang 2003-05-28 16:36:31 PDT
Assigned the bug to Bob.  This should block Mozilla
1.4 and the Netscape client based on Mozilla 1.4.
Comment 3 Wan-Teh Chang 2003-05-28 17:39:28 PDT
Created attachment 124408 [details] [diff] [review]
Proposed patch for NSS 3.8 branch (changes to certdata.c omitted)

For brevity I omitted the changes to certdata.c,
which is a generated file.
Comment 4 Wan-Teh Chang 2003-05-28 17:43:27 PDT
Created attachment 124409 [details] [diff] [review]
Proposed patch for NSS tip (changes to certdata.c omitted)
Comment 5 Wan-Teh Chang 2003-05-28 17:48:30 PDT
Comment on attachment 124408 [details] [diff] [review]
Proposed patch for NSS 3.8 branch (changes to certdata.c omitted)

Bob, please review this patch.

I converted the provided hexadecimal SHA1 fingerprint
to octal.  It is
133 166 261 274 342 212 360 366 161 221 205 147 046 215 021 151 017 027 077
163.
You can use this to verify that I deleted the right
root cert.

I bumped the minor version to 30 on the 3.8 branch
because 3x seems to be the minor version for the
3.8 branch according to bug 169038.  Similarly the
tip (3.9) should have the minor version 40.
Comment 6 Robert Relyea 2003-05-29 07:09:56 PDT
Comment on attachment 124408 [details] [diff] [review]
Proposed patch for NSS 3.8 branch (changes to certdata.c omitted)

r=relyea

patch does remove valicert certificate. & trust object.
Comment 7 Wan-Teh Chang 2003-05-29 07:50:14 PDT
Comment on attachment 124408 [details] [diff] [review]
Proposed patch for NSS 3.8 branch (changes to certdata.c omitted)

Requesting mozilla 1.4 approval.  This is a low risk patch.
It removes a certificate from NSS's built-in list of root
CA certificates.  This change is a requirement for the
Netscape client based on Mozilla 1.4.
Comment 8 Samir Gehani 2003-05-30 10:31:28 PDT
a=adt for landing this on the 1.4 branch.
Comment 9 Asa Dotzler [:asa] 2003-06-01 01:47:31 PDT
Comment on attachment 124408 [details] [diff] [review]
Proposed patch for NSS 3.8 branch (changes to certdata.c omitted)

a=asa (on behalf of drivers) for checkin to the 1.4 branch.
Comment 10 Wan-Teh Chang 2003-06-02 10:25:08 PDT
Fix checked in on the NSS trunk (NSS 3.9), NSS_3_8_BRANCH (NSS 3.8.1),
NSS_CLIENT_TAG (mozilla 1.5alpha), and MOZILLA_1_4_BRANCH (mozilla 1.4
final).

No changes were made to the Baltimore roots.  Please open a separate
bug for them.
Comment 11 Wan-Teh Chang 2003-06-02 14:15:27 PDT
Created attachment 124761 [details] [diff] [review]
Documentation change

1. Add instructions on removing a builtin root CA cert
to the README file.

2. Add a table of the range of the module's library minor
versions for each NSS 3.x branch to nssckbi.h.
Comment 12 Wan-Teh Chang 2003-06-02 15:17:41 PDT
Created attachment 124768 [details] [diff] [review]
Documentation change v1.1
Comment 13 Wan-Teh Chang 2003-06-04 11:38:05 PDT
Created attachment 124925 [details] [diff] [review]
Proposed patch for NSS 3.7 branch (changes to certdata.c omitted)

Bumped the module's minor version to 21 (from 20).
Changed NSS version to 3.7.6 (from 3.7.5).

Bob, could you review this patch?  Thanks.
Comment 14 Wan-Teh Chang 2003-06-05 15:12:37 PDT
Patch checked into NSS_3_7_BRANCH for NSS 3.7.6.
Comment 15 Bishakha Banerjee 2003-06-09 14:53:54 PDT
verified that fix made it into the said branches
Comment 16 Paul Wyskoczka 2003-06-10 18:04:22 PDT
marking verified1.4

Note You need to log in before you can comment on or make changes to this bug.