As of today, MOZILLA_1_8_BRANCH uses NSS_3_11_5_RTM. We recently created a new release of the builtin roots module included in NSS, version 1.64, which includes the new root CA certs checked in recently to the NSS 3.11 branch. The module was released independently of the rest of NSS. A cvs tag got created that is a combination of NSS 3.11.5 with CKBI 1.64: NSS_3_11_5_WITH_CKBI_1_64_RTM Mozilla 1.8 branch may upgrade to this new tag.
Created attachment 269089 [details] [diff] [review] Patch v1
Wonderful :-) Background for drivers: the NSS team has agreed to support the code found at this tag. It is their approved method of upgrading the NSS root certificate store to include recently-added certs without upgrading the rest of NSS. Moving to this tag should not (correct me if I'm wrong, kai or nelson) affect the FIPS status (validated or otherwise) of Firefox. Gerv
Comment on attachment 269089 [details] [diff] [review] Patch v1 Look right to me. Thanks, Kai!
Attachment #269089 - Flags: review?(nelson) → review+
(In reply to comment #2) > Moving to this tag should not [..] affect the FIPS status (validated or > otherwise) of Firefox. Right. That's the whole idea.
Comment on attachment 269089 [details] [diff] [review] Patch v1 approved for 184.108.40.206, a=dveditz for release-drivers
Attachment #269089 - Flags: approval220.127.116.11? → approval18.104.22.168+
fixed on branch only (but trunk currently uses the same NSS snapshot)
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Verified that this is checked into the tree for branch.
Status: RESOLVED → VERIFIED
Keywords: fixed22.214.171.124 → verified126.96.36.199
You need to log in before you can comment on or make changes to this bug.