Closed Bug 613394 Opened 9 years ago Closed 9 years ago

November/December 2010 batch of NSS root CA changes

Categories

(NSS :: CA Certificates Code, task)

task
Not set

Tracking

(Not tracked)

RESOLVED FIXED
3.12.9

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(2 files)

November/December 2010 batch of NSS root CA changes
Blocks: 595013
I used the following commands to add the new roots.

addbuiltin -n "TC TrustCenter Universal CA III" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/tctrust.der >> certdata.txt
addbuiltin -n "Autoridad de Certificacion Firmaprofesional CIF A62634068" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/firma.der >> certdata.txt
addbuiltin -n "Izenpe.com" -t C,,C < ~/moz/nss/312/nov11-roots-613394/iz.der >> certdata.txt
addbuiltin -n "Chambers of Commerce Root - 2008" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/camer1.der >> certdata.txt
addbuiltin -n "Global Chambersign Root - 2008" -t C,C,C < ~/moz/nss/312/nov11-roots-613394/camer2.der >> certdata.txt
Attached patch Patch v1Splinter Review
I've carefully verified that the certificates I've added to create the patch have exactly the SHA1 fingerprints shown in the dependent bugs.

It might be sufficient to review that
- I've used the correct commands
- that trust flags seem correct
- I haven't mixed nicknames of Camerfirma roots

I'll not yet request review.
I'll do the test build first.
Assignee: nobody → kaie
Blocks: 585518
Blocks: 592939
Note in this bug, the only work done is adding new roots.
See 4 bugs in dependency list.

For tracking purposes the dependency list also contains other changes included in this batch.
(I'll do a test build with all those changes tomorrow)
Blocks: 614852
Comment on attachment 491731 [details] [diff] [review]
Patch v1

We have positive confirmation from all 4 involved CAs, see bugs in the dependency list.

We are ready to get this added, requesting code review.
Attachment #491731 - Flags: review?(nelson)
This is the output of NSS's ppcertdata program when run on Kai's patch.
Comment on attachment 491731 [details] [diff] [review]
Patch v1

I've verified that the 5 certs added in Kai's patch have the correct SHA1 
fingerprints and the correct trust flags for each, according to the cited 
BMO bugs.  r=nelson
Attachment #491731 - Flags: review?(nelson) → review+
checked in to trunk:

Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.73; previous revision: 1.72
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.70; previous revision: 1.69
done
checked in to 3.12 branch:

Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.67.2.6; previous revision: 1.67.2.5
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.64.2.6; previous revision: 1.64.2.5
done


fixed
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.12.9
You need to log in before you can comment on or make changes to this bug.