Closed
Bug 450429
Opened 16 years ago
Closed 16 years ago
Enable COMODO ECC Certificate Authority for EV in PSM
Categories
(Core :: Security: PSM, enhancement)
Core
Security: PSM
Tracking
()
VERIFIED
FIXED
People
(Reporter: hecker, Assigned: KaiE)
References
Details
(Keywords: verified1.9.0.4)
Attachments
(1 file)
1.43 KB,
patch
|
nelson
:
review+
dveditz
:
approval1.9.0.4+
|
Details | Diff | Splinter Review |
Per bug 421946 I have approved the request from Comodo to enable its Comodo ECC Certification Authority root certificate for EV use. Please make the corresponding changes to PSM. The relevant information is as follows: Name: Comodo ECC Certification Authority SHA-1 fingerprint: 9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11 EV policy OID: 1.3.6.1.4.1.6449.1.2.1.5.1
Reporter | ||
Updated•16 years ago
|
Comment 1•16 years ago
|
||
That's the correct SHA-1 fingerprint and EV Policy OID, but the Root Certificate's name has "COMODO" in capitals. Thanks.
Assignee | ||
Comment 2•16 years ago
|
||
I tried to test, but got an error with your test site: https://comodoecccertificationauthority-ev.comodoca.com/ Secure Connection Failed An error occurred during a connection to comodoecccertificationauthority-ev.comodoca.com. The OCSP server has refused this request as unauthorized. (Error code: sec_error_ocsp_unauthorized_request)
Assignee | ||
Comment 3•16 years ago
|
||
Note that I got the previous error, because I configured my Firefox profile to treat certs as invalid, if an OCSP server connection fails. If I switch Firefox into the relaxed mode (default), I can connect to your site, but I don't get the EV UI, because of the OCSP failure.
Assignee | ||
Comment 4•16 years ago
|
||
Comment 5•16 years ago
|
||
(in reply to Comments #2 and #3) Kai, Bug #421946 Comment #2 still applies today. We anticipate bringing our ECC private keys online soon. Once we've done that, we will be able to generate OCSP Responses properly. (further to Bug #450427 Comment #11) Since Bug #413997 is still unresolved, I've just tested your *-win32.installer.exe test build with our "second test EV certificate that contains neither CRL nor OCSP URLs". I got the EV UI. :-) (in reply to Comment #4) I notice that your Patch v1 also adds a missing comma to the entry for the Sample Certification Authority. Now that there are 20+ real EV Roots in myTrustedEVInfos[], I think that the entry for Sample Certification Authority has served its purpose and could now be removed. What do you think?
Assignee | ||
Updated•16 years ago
|
Attachment #343489 -
Flags: review?(rrelyea)
Assignee | ||
Comment 6•16 years ago
|
||
Comment on attachment 343489 [details] [diff] [review] Patch v1 I need this review very soon, or we'll miss the train. CHeckin deadline is Friday, but I will be travelling on Friday. Given that we review, trunk checkin, branch approval, then branch landing, we're very short in time.
Attachment #343489 -
Flags: superreview?(nelson)
Comment 7•16 years ago
|
||
Comment on attachment 343489 [details] [diff] [review] Patch v1 r=nelson
Attachment #343489 -
Flags: superreview?(nelson) → review+
Assignee | ||
Comment 8•16 years ago
|
||
Comment on attachment 343489 [details] [diff] [review] Patch v1 Nelson, thanks for helping out with this review.
Attachment #343489 -
Flags: review?(rrelyea)
Assignee | ||
Comment 9•16 years ago
|
||
Pushed to mozilla-central, although I realize it doesn't make much sense without landing NSS, will do that soon. 20742:91cdfc32b8d4
Assignee | ||
Comment 10•16 years ago
|
||
Comment on attachment 343489 [details] [diff] [review] Patch v1 required for bug 451305
Attachment #343489 -
Flags: approval1.9.0.4?
Updated•16 years ago
|
Attachment #343489 -
Flags: approval1.9.0.4? → approval1.9.0.4+
Comment 11•16 years ago
|
||
Comment on attachment 343489 [details] [diff] [review] Patch v1 Approved for 1.9.0.4, a=dveditz for release-drivers
Assignee | ||
Comment 12•16 years ago
|
||
Checked in to cvs trunk for 1.9.0.4 Checking in nsIdentityChecking.cpp; /cvsroot/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp,v <-- nsIdentityChecking.cpp new revision: 1.25; previous revision: 1.24 done
Comment 13•16 years ago
|
||
Verified for 1.9.0.4 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4pre) Gecko/2008102306 GranParadiso/3.0.4pre. I don't get the security error any longer that I receive with 3.0.3.
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.0.4 → verified1.9.0.4
You need to log in
before you can comment on or make changes to this bug.
Description
•