Closed Bug 385198 Opened 17 years ago Closed 17 years ago

Upgrade NSS on Moz 1.8 branch to pick up new root CA certs

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: KaiE, Assigned: KaiE)

References

(Blocks 1 open bug)

Details

(Keywords: verified1.8.1.5, Whiteboard: [camino-1.5.1])

Attachments

(1 file)

Patch v1
622 bytes, patch
nelson
: review+
dveditz
: approval1.8.1.5+
Details | Diff | Splinter Review 
As of today, MOZILLA_1_8_BRANCH uses NSS_3_11_5_RTM.

We recently created a new release of the builtin roots module included in NSS, version 1.64, which includes the new root CA certs checked in recently to the NSS 3.11 branch. The module was released independently of the rest of NSS.

A cvs tag got created that is a combination of NSS 3.11.5 with CKBI 1.64:
  NSS_3_11_5_WITH_CKBI_1_64_RTM

Mozilla 1.8 branch may upgrade to this new tag.
Attached patch Patch v1Splinter Review 

        Attachment #269089 -
        Flags: review?(nelson)

        Attachment #269089 -
        Flags: approval1.8.1.5?

    
    

    
  
Wonderful :-) Background for drivers: the NSS team has agreed to support the code found at this tag. It is their approved method of upgrading the NSS root certificate store to include recently-added certs without upgrading the rest of NSS. Moving to this tag should not (correct me if I'm wrong, kai or nelson) affect the FIPS status (validated or otherwise) of Firefox.

Gerv



    
    

    
  
Comment on attachment 269089 [details] [diff] [review]
Patch v1

Look right to me. 
Thanks, Kai!

        Attachment #269089 -
        Flags: review?(nelson) → review+

    
    

    
  
(In reply to comment #2)
> Moving to this tag should not [..] affect the FIPS status (validated or 
> otherwise) of Firefox.

Right.  That's the whole idea.


    
    

    
  
Comment on attachment 269089 [details] [diff] [review]
Patch v1

approved for 1.8.1.5, a=dveditz for release-drivers

        Attachment #269089 -
        Flags: approval1.8.1.5? → approval1.8.1.5+

    
    

    
  
fixed on branch only

(but trunk currently uses the same NSS snapshot)
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: fixed1.8.1.5
Resolution: --- → FIXED

    
    

    
  
Verified that this is checked into the tree for branch.
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.1.5verified1.8.1.5

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: