add network solutions and diginotar root certs to NSS

RESOLVED FIXED in 3.11.10

Status

RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

trunk
3.11.10
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Assignee)

Description

10 years ago
add network solutions and diginotar root certs

The purpose of this bug is to get both bug 431621, bug 431381 done with a single patch and review cycle.
(Assignee)

Comment 1

10 years ago
Created attachment 318913 [details] [diff] [review]
Patch v1
(Assignee)

Updated

10 years ago
Blocks: 431381
No longer depends on: 431381
(Assignee)

Updated

10 years ago
Blocks: 431621
No longer depends on: 431621
(Assignee)

Comment 2

10 years ago
Created attachment 318917 [details]
zip file with nssckbi.dll (compatible with Firefox 2.0.0.x) 

This zip file contains a single binary roots module, named nssckbi.dll
sha1sum: 6f2b5b53ca11c800c5cd9f0ff73b458ef29a7c85
file size: 303104

Please place into your firefox installation directory, replacing the file you already have.

Please note, I do not use Antivirus software on my windows computer, so I can't give any guarantees for this file.
(Assignee)

Comment 3

10 years ago
Comment on attachment 318913 [details] [diff] [review]
Patch v1

Requesting two reviews.

Plan to check this in to 3 branches:
- trunk
- 3.12.0 branch for ff 3
- 3.11 branch
Attachment #318913 - Flags: superreview?(rrelyea)
Attachment #318913 - Flags: review?(nelson)

Comment 4

10 years ago
Comment on attachment 318913 [details] [diff] [review]
Patch v1

r+ Both certs are approved.
Issuer/SN match the Trust.
Trust flags match the approved flags from Frank.
Attachment #318913 - Flags: superreview?(rrelyea) → superreview+
(Assignee)

Updated

10 years ago
Blocks: 431934
Comment on attachment 318913 [details] [diff] [review]
Patch v1

This patch gives both SSL server auth and code signing trust flags to both CAs, Diginotar and to NetSol. 
But as I read bug 431318, Frank granted only server trust, not code signing, to netsol.
So, this patch appears to NOT grant the appropriate trust flags to that CA.
Is there somewhere that I missed where Frank DID grant code signing to the NetSol CA cert?
Attachment #318913 - Flags: review?(nelson) → review-
there's a typo in comment 5. I meant bug 431381.
Summary: add network solutions and diginotar root certs → add network solutions and diginotar root certs to NSS
Comment on attachment 318913 [details] [diff] [review]
Patch v1

I just re-ran my test, and this time, it shows the correct trust flags on NetSol.  
I must have done something wrong the first time.  
It looks right to me now.
r+
Attachment #318913 - Flags: review- → review+
Assignee: nobody → kengert
(Assignee)

Comment 8

10 years ago
checked in to trunk

Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.49; previous revision: 1.48
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.48; previous revision: 1.47
done
(Assignee)

Comment 9

10 years ago
checked in to 3.11 branch

Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.36.24.11; previous revision: 1.36.24.10
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.37.24.10; previous revision: 1.37.24.9
done

(Assignee)

Comment 10

10 years ago
Note, I have NOT increased the version number of nssckbi on 3.11 branch, because it got already incremented after we have released 3.11.9
(Assignee)

Comment 11

10 years ago
checked in to 3.12.0 branch

Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.48.2.1; previous revision: 1.48
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.47.2.1; previous revision: 1.47
done

marking fixed
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
In reply to comment 10:  Groovy  :)
Target Milestone: --- → 3.12
(Assignee)

Comment 13

10 years ago
Changing target milestone to 3.11.10 (not yet released).
Target Milestone: 3.12 → 3.11.10
You need to log in before you can comment on or make changes to this bug.