The recent NSS 3.11.9 release included a new builtins module with an updated list of root certs. A new NSS tag has been prepared that could be used by Mozilla on the stable 1.8 branch for the next Firefox 2.0.0.x release. NSS_3_11_5_WITH_CKBI_1_65_RTM
Created attachment 301977 [details] [diff] [review] Patch v1
Comment on attachment 301977 [details] [diff] [review] Patch v1 As approved today be the nss team r+
I've completed a local test build of the 1.8 branch plus this patch and it works for me.
Kai (or anyone, really), can we get some detail on what's changed in this new tag and why we're making the change?
The only change in this new tag is some new root CA certificates. We'd like to make the new root CAs available in Firefox 2.0.0.x.
To be clear: Mozilla Foundation would like the new root CAs to be available in FireFox 2.0.0.x. The tag cited in comment 0 was created in response to that request.
Why the NSS_IMPLEMENTS_DATA changes? Is that related to the root changes or just stuff that happened to be in your tree?
The NSS_IMPLEMENT_DATA changes are the fix for bug 402285. They are unrelated to the root changes, but we want to upgrade the entire mozilla/security/nss/lib/ckfw/builtin directory for easy of maintenance. The NSS_IMPLEMENT_DATA changes are simpler than they look. Most of the changes are line reordering caused by grouping variable declarations by their types.
Comment on attachment 301977 [details] [diff] [review] Patch v1 approved for 220.127.116.11, a=dveditz for release-drivers