Add July 2010 batch of roots to NSS

RESOLVED FIXED in 3.12.8

Status

NSS
CA Certificates Code
P2
enhancement
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

3.12.7
3.12.8
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 2 obsolete attachments)

30.99 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
(Assignee)

Description

7 years ago
Add July 2010 batch of roots to NSS

See dependency list.
(Assignee)

Updated

7 years ago
Blocks: 582580

Comment 1

7 years ago
Some clarifications are needed due to bug 582531.

Updated

7 years ago
Depends on: 582531

Comment 2

7 years ago
Kai, Given bug 582531, I think we should postpone 562395 for now, and remove it from this batch of changes.
(Assignee)

Comment 3

7 years ago
ok. removing 562395.
No longer blocks: 562395
(Assignee)

Comment 4

7 years ago
Created attachment 462618 [details] [diff] [review]
Patch v1

Enabling the roots from the bugs listed in the dependency list.

Not yet requesting code review, pending test results from CAs.
(Assignee)

Comment 5

7 years ago
Removing Izpene root and bug from this batch.
No longer blocks: 578491
(Assignee)

Comment 6

7 years ago
We have confirmation based on test binaries from 4 CAs and their 5 new roots.

I'll attach a new patch that no longer includes Izpene and request review.
(Assignee)

Comment 7

7 years ago
Created attachment 463702 [details] [diff] [review]
Patch v2

Nelson, would you be able to help to review this?
Thanks a lot in advance for letting us know.

(Note this patch excludes the automatically generated certdata.c but I indeed ran gmake generate to produce it and of course will check it in when landing this)
Attachment #462618 - Attachment is obsolete: true
Attachment #463702 - Flags: review?(nelson)
Should bug 582375 be held off due to problems mentioned in bug 507360, comment #23?
(Assignee)

Comment 9

7 years ago
Comment on attachment 463702 [details] [diff] [review]
Patch v2

(In reply to comment #8)
> Should bug 582375 be held off due to problems mentioned in bug 507360, comment
> #23?

I've filed bug 586414 and will remove the GlobalSign root from the current batch.
Attachment #463702 - Attachment is obsolete: true
Attachment #463702 - Flags: review?(nelson)
(Assignee)

Updated

7 years ago
No longer blocks: 582375
(Assignee)

Comment 10

7 years ago
Created attachment 467418 [details] [diff] [review]
Patch v3

This is a subset of the patch that was used for testing. It has GlobalSign removed, will be postponed to a future batch.

All of these certificates look fine without any known issues.

Nelson, can you please review?

(as usual, certdata.c excluded)
Attachment #467418 - Flags: review?(nelson)
(Assignee)

Comment 11

7 years ago
One more thing, given that we have agreed to keep the list of root CAs identical on NSS-Trunk and NSS-Stable-Branch,
I propose to keep the version numbers identical, as long as we continue to have them in sync.

(In particular, let's continue to use the roots-module version numbers dedicated to the 3.12 branch on both branch and trunk.)
(Assignee)

Comment 12

7 years ago
Bug 586414 has been marked as resolved fixed, so I'm including GlobalSign again.
(Assignee)

Updated

7 years ago
Attachment #467418 - Attachment is obsolete: true
Attachment #467418 - Flags: review?(nelson)
(Assignee)

Updated

7 years ago
Blocks: 582375
(Assignee)

Comment 13

7 years ago
Comment on attachment 463702 [details] [diff] [review]
Patch v2

Marking patch v2 as active again.
Sorry for going back and forth, I think we're now final for this batch.

Nelson, could you please review?
Attachment #463702 - Attachment is obsolete: false
Attachment #463702 - Flags: review?(nelson)
will review attachment 463702 [details] [diff] [review].
(Assignee)

Comment 15

7 years ago
(In reply to comment #14)
> will review attachment 463702 [details] [diff] [review].

Correct, thanks!
Comment on attachment 463702 [details] [diff] [review]
Patch v2

r=nelson
Attachment #463702 - Flags: review?(nelson) → review+
(Assignee)

Comment 17

7 years ago
Checked in to NSS trunk for future NSS 3.13

cvs commit: Examining .
Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.68; previous revision: 1.67
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.65; previous revision: 1.64
done
Checking in nssckbi.h;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v  <--  nssckbi.h
new revision: 1.25; previous revision: 1.24
done
(Assignee)

Comment 18

7 years ago
Checked in to NSS 3.12 branch for 3.12.8

cvs commit: Examining .
Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.67.2.1; previous revision: 1.67
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.64.2.1; previous revision: 1.64
done
Checking in nssckbi.h;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v  <--  nssckbi.h
new revision: 1.24.2.1; previous revision: 1.24
done


fixed
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Severity: normal → enhancement
Priority: -- → P2
You need to log in before you can comment on or make changes to this bug.