Closed
Bug 613394
Opened 14 years ago
Closed 14 years ago
November/December 2010 batch of NSS root CA changes
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.9
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(2 files)
46.28 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
35.73 KB,
text/plain
|
Details |
November/December 2010 batch of NSS root CA changes
Assignee | ||
Comment 1•14 years ago
|
||
I used the following commands to add the new roots.
addbuiltin -n "TC TrustCenter Universal CA III" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/tctrust.der >> certdata.txt
addbuiltin -n "Autoridad de Certificacion Firmaprofesional CIF A62634068" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/firma.der >> certdata.txt
addbuiltin -n "Izenpe.com" -t C,,C < ~/moz/nss/312/nov11-roots-613394/iz.der >> certdata.txt
addbuiltin -n "Chambers of Commerce Root - 2008" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/camer1.der >> certdata.txt
addbuiltin -n "Global Chambersign Root - 2008" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/camer2.der >> certdata.txt
Assignee | ||
Comment 2•14 years ago
|
||
I've carefully verified that the certificates I've added to create the patch have exactly the SHA1 fingerprints shown in the dependent bugs.
It might be sufficient to review that
- I've used the correct commands
- that trust flags seem correct
- I haven't mixed nicknames of Camerfirma roots
I'll not yet request review.
I'll do the test build first.
Assignee: nobody → kaie
Assignee | ||
Comment 3•14 years ago
|
||
Note in this bug, the only work done is adding new roots.
See 4 bugs in dependency list.
For tracking purposes the dependency list also contains other changes included in this batch.
(I'll do a test build with all those changes tomorrow)
Assignee | ||
Comment 4•14 years ago
|
||
Comment on attachment 491731 [details] [diff] [review]
Patch v1
We have positive confirmation from all 4 involved CAs, see bugs in the dependency list.
We are ready to get this added, requesting code review.
Attachment #491731 -
Flags: review?(nelson)
Comment 5•14 years ago
|
||
This is the output of NSS's ppcertdata program when run on Kai's patch.
Comment 6•14 years ago
|
||
Comment on attachment 491731 [details] [diff] [review]
Patch v1
I've verified that the 5 certs added in Kai's patch have the correct SHA1
fingerprints and the correct trust flags for each, according to the cited
BMO bugs. r=nelson
Attachment #491731 -
Flags: review?(nelson) → review+
Assignee | ||
Comment 7•14 years ago
|
||
checked in to trunk:
Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c
new revision: 1.73; previous revision: 1.72
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt
new revision: 1.70; previous revision: 1.69
done
Assignee | ||
Comment 8•14 years ago
|
||
checked in to 3.12 branch:
Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c
new revision: 1.67.2.6; previous revision: 1.67.2.5
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt
new revision: 1.64.2.6; previous revision: 1.64.2.5
done
fixed
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.12.9
You need to log in
before you can comment on or make changes to this bug.
Description
•