Closed Bug 287495 Opened 20 years ago Closed 20 years ago

Please add Go Daddy root certs to NSS

Categories

(NSS :: Libraries, enhancement, P1)

Product:
NSS
Component:
Libraries
Version:
3.9.5
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: hecker, Assigned: wtc)

References

(
URL
)

Details

Attachments

(1 file)

Proposed patch
16.85 KB, patch
nelson
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review 
Per my comments in bug 284677 I have approved two new root CA certs for Go Daddy
for inclusion in Mozilla-related products. Please include these new certs in NSS
and update the appropriate NSS CVS tag so that the patch will be properly pulled
by Firefox, Thunderbird, etc., nightly builds.

The certs are available in the URL referenced in this bug; direct lines are also
in the Go Daddy entry in <http://www.hecker.org/mozilla/ca-certificate-list>.
I've verified SHA-1 fingerprints with a Go Daddy representative.

Marking this patch as blocking bug 284677.
Attached patch Proposed patchSplinter Review 
The changes to certdata.c are omitted for brevity.

1. README: I removed the obsolete step 1.  I changed
"name" to "nickname".

2. certdata.txt: you only need to review the nicknames
and trust flags for these two root CA
certs:

Go Daddy Class 2 CA	C,C,C
Starfield Class 2 CA	C,C,C

The C,C,C trust string is Go Daddy's wish (see bug
284677 comment 0).

3. nssckbi.h: bumped the nssckbi module's version to
1.53.
Attachment #180522 - Flags: superreview?(rrelyea)
Attachment #180522 - Flags: review?(nelson)
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.10
Version: unspecified → 3.9.5
Comment on attachment 180522 [details] [diff] [review]
Proposed patch

r+ Formatting, and trust are correct. I did not independently verify that the
certificates or generated hashes are correct;).
Attachment #180522 - Flags: superreview?(rrelyea) → superreview+
Comment on attachment 180522 [details] [diff] [review]
Proposed patch

I see no obvious technical errors with this patch.
This is for the trunk, right?
Attachment #180522 - Flags: review?(nelson) → review+
Yes, this patch (attachment 180522 [details] [diff] [review]) is for the trunk
(NSS 3.10).

I've checked it in.

Checking in README;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/README,v  <--  README
new revision: 1.5; previous revision: 1.4
done
Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.34; previous revision: 1.33
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.tx
t
new revision: 1.35; previous revision: 1.34
done
Checking in nssckbi.h;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v  <--  nssckbi.h
new revision: 1.13; previous revision: 1.12
done
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: