Closed Bug 442561 Opened 12 years ago Closed 11 years ago

Change PSM to enable Entrust Root Certification Authority for EV

Categories

(Core :: Security: PSM, enhancement)

1.9.0 Branch
enhancement
Not set

Tracking

()

RESOLVED FIXED
mozilla1.9

People

(Reporter: hecker, Assigned: kaie)

References

Details

(Keywords: fixed1.9.0.1)

Attachments

(1 file)

Per bug 416544 I've formally approved enabling the Entrust Root Certification Authority root for EV use, and am requesting that the corresponding changes be made to PSM.

Here's the relevant information:

Root name: Entrust Root Certification Authority
SHA-1 fingerprint:
  B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
EV policy OID:
  2.16.840.1.114028.10.1.2

Bruce, could you double-check the above information one last time?
Frank, bug 416544 talks about 3 separate CA certs.

In this bug you only approve one of them.

Because of that I'll prepare a patch that enables only one root cert for EV.
Attached patch Patch v1Splinter Review
This patch gives me EV-green on https://www.entrust.net
Attachment #327428 - Flags: review?(rrelyea)
Comment on attachment 327428 [details] [diff] [review]
Patch v1

r+ pending Entrust's verification of Frank's data.
Attachment #327428 - Flags: review?(rrelyea) → review+
Attachment #327428 - Flags: approval1.9.0.1?
The following information from Comment #1 is confirmed by Entrust:

Root name: Entrust Root Certification Authority
SHA-1 fingerprint:
  B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
EV policy OID:
  2.16.840.1.114028.10.1.2
Is there any possibility that Entrust can test prior to release?
Hey Bruce, when we check this in (someone will comment here when that happens) you'll be able to download the next day's nightly build and it should have this change in it.
Comment on attachment 327428 [details] [diff] [review]
Patch v1

a=beltzner

QA: you'll be able to test this by going to https://managed.entrust.net/ - it should show the name of the company and SSL provider.
Attachment #327428 - Flags: approval1.9.0.1? → approval1.9.0.1+
Checking in security/manager/ssl/src/nsIdentityChecking.cpp;
/cvsroot/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp,v  <--  nsIdentityChecking.cpp
new revision: 1.21; previous revision: 1.20
done
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9
Version: unspecified → 1.9.0 Branch
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(In reply to comment #7)
> (From update of attachment 327428 [details] [diff] [review])
> a=beltzner
> 
> QA: you'll be able to test this by going to https://managed.entrust.net/ - it
> should show the name of the company and SSL provider.
> 

This does NOT work for me using 20080701 trunk builds.
Bill, please try a nightly build from here:
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla1.9.0/

Trunk did not yet receive the fix, only the 1.9.0 branch for 3.0.x has it already.
(In reply to comment #9)
> (In reply to comment #7)
> > (From update of attachment 327428 [details] [diff] [review] [details])
> > a=beltzner
> > 
> > QA: you'll be able to test this by going to https://managed.entrust.net/ - it
> > should show the name of the company and SSL provider.
> > 
> 
> This does NOT work for me using 20080701 trunk builds.
> 

This DOES, however, seem to work on 20080701 branch builds.

What happened to the nothing could be checked into the branch without being tested on the trunk first rule?
fixed on trunk

Status: REOPENED → RESOLVED
Closed: 12 years ago11 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.