Add Comodo CA certs to NSS

VERIFIED FIXED in 3.9.3

Status

NSS
Libraries
P2
enhancement
VERIFIED FIXED
13 years ago
12 years ago

People

(Reporter: Frank Hecker, Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(2 attachments)

(Reporter)

Description

13 years ago
Per the discussion in bug 249710 I've approved adding CA certs for Comodo Group.
There are three certs (for AAACertificateServices, SecureCertificateServices,
and TrustedCertificateServices); see the entry for Comodo Group in
<http://www.hecker.org/mozilla/ca-certificate/list/> or go directly to
<http://www.comodogroup.com/repository/>. All three certs should have trust bits
marked to "all".
(Assignee)

Comment 1

13 years ago
Frank, I get error 404 on the hecker.org URL cited above.
(Assignee)

Comment 2

13 years ago
Taking.  All Frank's other bugs like this are assigned to me, and I have
patches for them.  Might as well take this one too.  
Assignee: wchang0222 → nelson
(Reporter)

Comment 3

13 years ago
(In reply to comment #1)
> Frank, I get error 404 on the hecker.org URL cited above.

Sorry, forgot to correct this earlier; the correct URL is:

  http://www.hecker.org/mozilla/ca-certificate-list/

(Assignee)

Updated

13 years ago
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → 3.10
Version: unspecified → 3.9
(Assignee)

Comment 4

13 years ago
Created attachment 155331 [details] [diff] [review]
patch v1 

This patch depends on the patch for bug 242040 being applied first. 
This patch is supplemental to that one.
(Assignee)

Comment 5

13 years ago
Comment on attachment 155331 [details] [diff] [review]
patch v1 

Julien, please review.
Remember that this patch has two prerequisite patches, neither of which is yet
checked in.
Attachment #155331 - Flags: review?(julien.pierre.bugs)

Updated

13 years ago
Flags: blocking-aviary1.0?
(Assignee)

Comment 6

13 years ago
This has been checked in on the trunk for NSS 3.10.
So, I am marking this bug fixed.  We may also choose to 
port this enhancement back to NSS 3.9.x.  
Status: ASSIGNED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
(Assignee)

Comment 7

13 years ago
Created attachment 158948 [details] [diff] [review]
patch for NSS 3.9 branch

This patch brings the NSS 3.9 branch up to parity with the trunk (NSS 3.10)
with respect to the root CAs.  That is, it adds to the 3.9 branch all the
CA certs that were added to the trunk just a week or two ago.  

With this patch applied to the 3.9 branch, the main differences in nssckbi
between the 3.9 branch and the trunk are 
a) the minor version number (4x for 3.9, 5x for the trunk)
b) the absense/presence of Ian's fix for SSL-StepUp trust flags.  

Otherwise, the certs and trust flags are the same.  

I would like to check this in for NSS 3.9.3, in hopes that firefox 1.0 RTM
will pick up NSS 3.9.3, and therefore support these new CAs in the 1.0
release.  

So, Wan-Teh or Julien, please review this patch for 3.9 with all due haste.
(Assignee)

Comment 8

13 years ago
Comment on attachment 158948 [details] [diff] [review]
patch for NSS 3.9 branch

Wan-Teh please read the comments about this patch in the bug, above, and then
review this patch.  I'd like to see this patch get into firefox 1.0
Attachment #158948 - Flags: review?(wchang0222)

Comment 9

13 years ago
Comment on attachment 158948 [details] [diff] [review]
patch for NSS 3.9 branch

Nelson, I like your changes to nssckbi.h.

I need to sit down with you to review the
trust flags for these new CAs.

We should also find out how to get these
new CAs into the next Mozilla 1.7.x release.

Comment 10

13 years ago
Comment on attachment 158948 [details] [diff] [review]
patch for NSS 3.9 branch

r=wtc.
Attachment #158948 - Flags: review?(wchang0222) → review+
(Assignee)

Comment 11

13 years ago
Checked in on the 3.9 branch.
Checking in builtins/certdata.c;   new revision: 1.27.16.1; previous 1.27
Checking in builtins/certdata.txt; new revision: 1.28.16.1; previous 1.28
Checking in builtins/nssckbi.h;    new revision: 1.6.16.2;  previous 1.6.16.1
Target Milestone: 3.10 → 3.9.3

Updated

13 years ago
Flags: blocking-aviary1.0?

Updated

13 years ago
Attachment #155331 - Flags: review?(julien.pierre.bugs)

Comment 12

12 years ago
Verified with Firefox 1.0.2 that Comodo AAA Certificate
Services, Secure Certificate Services, and Trusted Certificate
Services root CA certs are in the "Builtin Object Token"
with the following trust settings:
This certificate can identify web sites.
This certificate can identify mail users.
This certificate can identify software makers.
Status: RESOLVED → VERIFIED
(Reporter)

Updated

12 years ago
No longer blocks: 249710
You need to log in before you can comment on or make changes to this bug.