Closed
Bug 614852
Opened 14 years ago
Closed 14 years ago
Enable multiple roots from NSS 3.12.9 for EV. (Nov/Dec 2010 batch)
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
VERIFIED
FIXED
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file, 1 obsolete file)
2.26 KB,
patch
|
mayhemer
:
review+
johnath
:
approval2.0+
dveditz
:
approval1.9.2.17+
dveditz
:
approval1.9.1.19+
|
Details | Diff | Splinter Review |
Enable multiple roots for EV. (Nov/Dec 2010 batch, most depend on NSS 3.12.9)
Assignee | ||
Updated•14 years ago
|
Summary: Enable multiple roots for EV. (Nov/Dec 2010 batch, most depend on NSS 3.12.9) → Enable multiple roots from NSS 3.12.9 for EV. (Nov/Dec 2010 batch)
Assignee | ||
Updated•14 years ago
|
Assignee | ||
Comment 1•14 years ago
|
||
I used this patch for initial testing.
Only 1 out of multiple test sites gives me EV.
Assignee | ||
Comment 2•14 years ago
|
||
We have positive test results for TC Trustcenter, they will be included.
We were unable to confirm that Izenpe.com's OCSP infrastructure is set up correctly, I'm removing them from this batch.
Regarding Camerfirma:
Based on incomplete test server infrastructure, it has been decided, only a subset of the request will be implemented. I'm removing 2 OIDs. I'm keeping the 2 OIDs which gave positive test results.
Assignee | ||
Comment 3•14 years ago
|
||
Attachment #493296 -
Attachment is obsolete: true
Attachment #494393 -
Flags: review?(honzab.moz)
Comment 4•14 years ago
|
||
Comment on attachment 494393 [details] [diff] [review]
Patch v2
r=honzab
OIDs checked via the pending certificate list page.
Only concern I have - Camerfirma seems to use different OID for EV and OV certs, shouldn't we duplicate both entries also for the secondary OIDs (1.3.6.1.4.1.17326.10.14.2.2.2 and 1.3.6.1.4.1.17326.10.8.12.2.2) ?
Attachment #494393 -
Flags: review?(honzab.moz) → review+
Assignee | ||
Updated•14 years ago
|
Whiteboard: [waiting-for-nss-3.12.9-landing]
Assignee | ||
Comment 5•14 years ago
|
||
> r=honzab
Thanks
> Only concern I have - Camerfirma seems to use different OID for EV and OV
> certs, shouldn't we duplicate both entries also for the secondary OIDs
> (1.3.6.1.4.1.17326.10.14.2.2.2 and 1.3.6.1.4.1.17326.10.8.12.2.2) ?
No. Camerfirma agreed to omit these OIDs,
because they could not provide us with test URLS for these OIDs.
See bug 562399 comment 19 and 20.
Assignee | ||
Comment 6•14 years ago
|
||
Comment on attachment 494393 [details] [diff] [review]
Patch v2
Now that NSS 3.12.9 (beta) has been landed, and the new roots are available, we're ready to get these enabled for EV.
Attachment #494393 -
Flags: approval2.0?
Assignee | ||
Updated•14 years ago
|
Whiteboard: [waiting-for-nss-3.12.9-landing]
Updated•14 years ago
|
Attachment #494393 -
Flags: approval2.0? → approval2.0+
Assignee | ||
Comment 7•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•14 years ago
|
Attachment #494393 -
Flags: approval1.9.2.15?
Attachment #494393 -
Flags: approval1.9.1.18?
Assignee | ||
Comment 9•14 years ago
|
||
You should get green EV identity status at
https://testserver.universal-iii.trustcenter.de/
https://www.camerfirma.com/
https://server3.camerfirma.com/
Comment 10•14 years ago
|
||
(In reply to comment #9)
> You should get green EV identity status at
> https://testserver.universal-iii.trustcenter.de/
> https://www.camerfirma.com/
> https://server3.camerfirma.com/
Thanks. Verified FIXED with Firefox 4.0b12pre 20110221.
Status: RESOLVED → VERIFIED
Comment 11•14 years ago
|
||
Comment on attachment 494393 [details] [diff] [review]
Patch v2
Approved for 1.9.2.15 and 1.9.1.18, a=dveditz for release-drivers
Attachment #494393 -
Flags: approval1.9.2.15?
Attachment #494393 -
Flags: approval1.9.2.15+
Attachment #494393 -
Flags: approval1.9.1.18?
Attachment #494393 -
Flags: approval1.9.1.18+
Assignee | ||
Comment 12•14 years ago
|
||
status1.9.1:
--- → .18-fixed
Assignee | ||
Comment 13•14 years ago
|
||
status1.9.2:
--- → .15-fixed
Comment 14•14 years ago
|
||
The "3.6.15" we're releasing today does not fix this bug, the release containing this bug fix has been renamed to "3.6.16" and the bugzilla flags will be updated to reflect that soon. Today's release is a re-release of 3.6.14 plus a fix for a bug that prevented many Java applets from starting up.
You need to log in
before you can comment on or make changes to this bug.
Description
•