Closed
Bug 207379
Opened 22 years ago
Closed 22 years ago
Update built-in roots.
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
VERIFIED
FIXED
3.8.1
People
(Reporter: ssaux, Assigned: rrelyea)
Details
(Whiteboard: [adt1][ETA: can land upon drivers' approval][3.7.6])
Attachments
(4 files, 1 obsolete file)
8.08 KB,
patch
|
rrelyea
:
review+
asa
:
approval1.4+
|
Details | Diff | Splinter Review |
8.08 KB,
patch
|
Details | Diff | Splinter Review | |
2.99 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
9.12 KB,
patch
|
Details | Diff | Splinter Review |
Remove Valicert Class 1 Validation Authority OCSP root.
SHA1 fingerprint:
5B:76:B1:BC:E2:8A:F0:F6:71:91:85:67:26:8D:11:69:0F:17:3F:73
Remove Baltimore:
Comment 1•22 years ago
|
||
adt: nsbeta1+/adt1
Comment 2•22 years ago
|
||
Assigned the bug to Bob. This should block Mozilla
1.4 and the Netscape client based on Mozilla 1.4.
Assignee: wtc → relyea
Flags: blocking1.4?
Priority: -- → P2
Target Milestone: --- → 3.8.1
Comment 3•22 years ago
|
||
For brevity I omitted the changes to certdata.c,
which is a generated file.
Comment 4•22 years ago
|
||
Comment 5•22 years ago
|
||
Comment on attachment 124408 [details] [diff] [review]
Proposed patch for NSS 3.8 branch (changes to certdata.c omitted)
Bob, please review this patch.
I converted the provided hexadecimal SHA1 fingerprint
to octal. It is
133 166 261 274 342 212 360 366 161 221 205 147 046 215 021 151 017 027 077
163.
You can use this to verify that I deleted the right
root cert.
I bumped the minor version to 30 on the 3.8 branch
because 3x seems to be the minor version for the
3.8 branch according to bug 169038. Similarly the
tip (3.9) should have the minor version 40.
Attachment #124408 -
Flags: review?(relyea)
Assignee | ||
Comment 6•22 years ago
|
||
Comment on attachment 124408 [details] [diff] [review]
Proposed patch for NSS 3.8 branch (changes to certdata.c omitted)
r=relyea
patch does remove valicert certificate. & trust object.
Attachment #124408 -
Flags: review?(relyea) → review+
Comment 7•22 years ago
|
||
Comment on attachment 124408 [details] [diff] [review]
Proposed patch for NSS 3.8 branch (changes to certdata.c omitted)
Requesting mozilla 1.4 approval. This is a low risk patch.
It removes a certificate from NSS's built-in list of root
CA certificates. This change is a requirement for the
Netscape client based on Mozilla 1.4.
Attachment #124408 -
Flags: approval1.4?
Comment 8•22 years ago
|
||
a=adt for landing this on the 1.4 branch.
Whiteboard: [adt1] → [adt1][ETA: can land upon drivers' approval]
Comment 9•22 years ago
|
||
Comment on attachment 124408 [details] [diff] [review]
Proposed patch for NSS 3.8 branch (changes to certdata.c omitted)
a=asa (on behalf of drivers) for checkin to the 1.4 branch.
Attachment #124408 -
Flags: approval1.4? → approval1.4+
Comment 10•22 years ago
|
||
Fix checked in on the NSS trunk (NSS 3.9), NSS_3_8_BRANCH (NSS 3.8.1),
NSS_CLIENT_TAG (mozilla 1.5alpha), and MOZILLA_1_4_BRANCH (mozilla 1.4
final).
No changes were made to the Baltimore roots. Please open a separate
bug for them.
Comment 11•22 years ago
|
||
1. Add instructions on removing a builtin root CA cert
to the README file.
2. Add a table of the range of the module's library minor
versions for each NSS 3.x branch to nssckbi.h.
Comment 12•22 years ago
|
||
Attachment #124761 -
Attachment is obsolete: true
Updated•22 years ago
|
Attachment #124768 -
Flags: review?(relyea)
Comment 13•21 years ago
|
||
Bumped the module's minor version to 21 (from 20).
Changed NSS version to 3.7.6 (from 3.7.5).
Bob, could you review this patch? Thanks.
Comment 14•21 years ago
|
||
Patch checked into NSS_3_7_BRANCH for NSS 3.7.6.
Whiteboard: [adt1][ETA: can land upon drivers' approval] → [adt1][ETA: can land upon drivers' approval][3.7.6]
Comment 15•21 years ago
|
||
verified that fix made it into the said branches
Status: RESOLVED → VERIFIED
Updated•21 years ago
|
Flags: blocking1.4?
Assignee | ||
Updated•21 years ago
|
Attachment #124768 -
Flags: review?(rrelyea0264) → review+
You need to log in
before you can comment on or make changes to this bug.
Description
•