Firefox 3.0.6 wants to pick up the NSS fix for bug 471715. NSS_3_12_2_WITH_CKBI_1_73_RTM is what you want, it's the currently used 3.12.2 plus the single bugfix.
Created attachment 357243 [details] [diff] [review] Patch v1
Comment on attachment 357243 [details] [diff] [review] Patch v1 r=me Approved for 126.96.36.199. a=samuel.sidler
checked in, marking fixed I'm sure Samuel meant to say "approved for 188.8.131.52"
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Er, yeah. 184.108.40.206. :) Thanks Kai!
Verified for 220.127.116.11 by verifying bug 471715.
Keywords: fixed18.104.22.168 → verified22.214.171.124
The same should be done for the next Firefox 3.1 beta.
Summary: NSS_3_12_2_WITH_CKBI_1_73_RTM for Firefox 3.0.6 → NSS_3_12_2_WITH_CKBI_1_73_RTM for Firefox 3.0.6 and 3.1 beta
Created attachment 358295 [details] [diff] [review] upgrade action for mozilla-1.9.1 (ff 3.1) Mike, FYI, in mercurial (hg) we use imported snapshots of NSPR and NSS. Currently mozilla-1.9.1 uses NSS 3.12.2. This set of commands is the necessary action to bring mozilla-1.9.1 to a newer snapshot which has only that collision attack protection cert in addition.
Comment on attachment 358295 [details] [diff] [review] upgrade action for mozilla-1.9.1 (ff 3.1) r+a191=beltzner
pushed for 1.9.1 http://hg.mozilla.org/releases/mozilla-1.9.1/rev/42e811a01a34
Is there a manual test case that can be performed to mark this VERIFIED?
I'm surprised that anyone still wants CKBI 1.73. I would have thought that any new builds of any browser, old or new, would want CKBI 1.75 with all the latest new roots. No? In reply to comment 10: > Is there a manual test case that can be performed to mark this VERIFIED? Yes. It involves setting your system clock back to August 1, 2004 and visiting https://i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org/ See bug 471715 comment 0 for details.
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1pre) Gecko/20090527 Shiretoko/3.5pre Using https://i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org/ I see the following error: Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) I get this error whether my date is current, Aug 1 2004, or Apr 1 2004. Marking VERIFIED.
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
(In reply to comment #11) > I'm surprised that anyone still wants CKBI 1.73. > I would have thought that any new builds of any browser, old or new, would > want CKBI 1.75 with all the latest new roots. No? Nelson, he was simply trying to verify this old bug.
You need to log in before you can comment on or make changes to this bug.