Closed Bug 431384 Opened 12 years ago Closed 12 years ago

Enable Network Solutions Certificate Authority for EV

Categories

(Core :: Security: PSM, enhancement)

enhancement
Not set

Tracking

()

VERIFIED FIXED

People

(Reporter: hecker, Assigned: kaie)

References

Details

Attachments

(1 file)

Per bug 403915 I've approved enabling the Network Solutions Certificate Authority root CA certificate for Extended Validation use, and am now requesting that the root be marked as such in PSM.

The SHA-1 fingerprint for the root is:
74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE

The corresponding EV policy OID is:
1.3.6.1.4.1.782.1.2.1.8.1

Marking this bug as dependent on first adding the root in question to NSS (bug
422921).
Depends on: 431381
No longer depends on: 422921
Blocks: 403915
(In reply to comment #0)
> Marking this bug as dependent on first adding the root in question to NSS (bug
> 422921).

D'oh. That should be bug 431381. Also marking this bug as blocking bug 403915.

Flags: blocking1.9?
Attached patch patch v1Splinter Review
This won't block, but we'll take it. Who's to review the patch? We're talking about 7% of the EV-SSL market, so we should do it, but like everyone else, if we don't get it in time we'll take it on the branch.
Flags: wanted1.9.0.x+
Flags: wanted-next+
Flags: blocking1.9?
Flags: blocking1.9-
It's too early to start the review process. This depends on bug 431381.

But Network Solution has not yet responded to the reqest in bug 431381 to confirm the test binary is working.
Attachment #318911 - Flags: review?(rrelyea)
Kai, I downloaded your test binary and tried it with FireFox 2.0.0.13 on Windows XP and I found that our beacon site at https://evbeacon.networksolutions.com/ was shown as being trusted, (as against not showing as trusted with the default build).

The Root Certificate appears correctly in the Certificate Manager.

With that in mind, can we pull some last minute heroics for our good friends at Network Solutions?
Comment on attachment 318911 [details] [diff] [review]
patch v1

r+ rrelyea
Attachment #318911 - Flags: review?(rrelyea) → review+
Attachment #318911 - Flags: approval1.9?
Please note, landing this depends on bug 431772 to get done first.
In addition to bug 431772, we'll also need another step to create a new NSS tag and change mozilla/client.mk to use it.
Depends on: 431934
(In reply to comment #8)
> Please note, landing this depends on bug 431772 to get done first.
> In addition to bug 431772, we'll also need another step to create a new NSS tag
> and change mozilla/client.mk to use it.

Filed bug 431934 for that purpose.
An approval for this bug requires an approval for bug 431934, too.
Comment on attachment 318911 [details] [diff] [review]
patch v1

>+    "Network Solutions EV OID", // for real entries use a string like "Sample INVALID EV OID"
 Lose this ugly comment           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(In reply to comment #10)
> (From update of attachment 318911 [details] [diff] [review])
> >+    "Network Solutions EV OID", // for real entries use a string like "Sample INVALID EV OID"
>  Lose this ugly comment          
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


Thanks Nelson, good catch.
I've removed that comment in my local tree, and will check it in without that comment.
Comment on attachment 318911 [details] [diff] [review]
patch v1

a1.9=beltzner
Attachment #318911 - Flags: approval1.9? → approval1.9+
checked in, marking fixed
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9pre) Gecko/2008050504 Minefield/3.0pre.
Status: RESOLVED → VERIFIED
Flags: wanted1.9.0.x+
You need to log in before you can comment on or make changes to this bug.