November/December 2010 batch of NSS root CA changes

RESOLVED FIXED in 3.12.9

Status

NSS
CA Certificates Code
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Assignee)

Description

7 years ago
November/December 2010 batch of NSS root CA changes
(Assignee)

Updated

7 years ago
Blocks: 595013
(Assignee)

Updated

7 years ago
(Assignee)

Comment 1

7 years ago
I used the following commands to add the new roots.

addbuiltin -n "TC TrustCenter Universal CA III" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/tctrust.der >> certdata.txt
addbuiltin -n "Autoridad de Certificacion Firmaprofesional CIF A62634068" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/firma.der >> certdata.txt
addbuiltin -n "Izenpe.com" -t C,,C < ~/moz/nss/312/nov11-roots-613394/iz.der >> certdata.txt
addbuiltin -n "Chambers of Commerce Root - 2008" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/camer1.der >> certdata.txt
addbuiltin -n "Global Chambersign Root - 2008" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/camer2.der >> certdata.txt
(Assignee)

Comment 2

7 years ago
Created attachment 491731 [details] [diff] [review]
Patch v1

I've carefully verified that the certificates I've added to create the patch have exactly the SHA1 fingerprints shown in the dependent bugs.

It might be sufficient to review that
- I've used the correct commands
- that trust flags seem correct
- I haven't mixed nicknames of Camerfirma roots

I'll not yet request review.
I'll do the test build first.
Assignee: nobody → kaie
(Assignee)

Updated

7 years ago
Blocks: 585518
(Assignee)

Updated

7 years ago
Blocks: 592939
(Assignee)

Comment 3

7 years ago
Note in this bug, the only work done is adding new roots.
See 4 bugs in dependency list.

For tracking purposes the dependency list also contains other changes included in this batch.
(I'll do a test build with all those changes tomorrow)
(Assignee)

Updated

7 years ago
Blocks: 614852
(Assignee)

Comment 4

7 years ago
Comment on attachment 491731 [details] [diff] [review]
Patch v1

We have positive confirmation from all 4 involved CAs, see bugs in the dependency list.

We are ready to get this added, requesting code review.
Attachment #491731 - Flags: review?(nelson)
Created attachment 494513 [details]
pretty-printed version of Kai's patch above, for my review

This is the output of NSS's ppcertdata program when run on Kai's patch.
Comment on attachment 491731 [details] [diff] [review]
Patch v1

I've verified that the 5 certs added in Kai's patch have the correct SHA1 
fingerprints and the correct trust flags for each, according to the cited 
BMO bugs.  r=nelson
Attachment #491731 - Flags: review?(nelson) → review+
(Assignee)

Comment 7

7 years ago
checked in to trunk:

Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.73; previous revision: 1.72
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.70; previous revision: 1.69
done
(Assignee)

Comment 8

7 years ago
checked in to 3.12 branch:

Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.67.2.6; previous revision: 1.67.2.5
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.64.2.6; previous revision: 1.64.2.5
done


fixed
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.12.9
You need to log in before you can comment on or make changes to this bug.