Closed Bug 711829 Opened 10 years ago Closed 10 years ago

December 2011 batch of NSS root CA changes

Categories

(NSS :: CA Certificates Code, task)

3.13.2
task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED
3.13.2

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(2 files)

It's time for new root changes. See the list of dependent bugs that will be addressed in this batch.
I used the following commands to import 3 new root certs and their trust flags:

addbuiltin -n "Security Communication RootCA2" -t C,C,C < ~/moz/nss/head/roots1112/secom-680979.der >> certdata.txt

addbuiltin -n "EC-ACC" -t C,, < ~/moz/nss/head/roots1112/ecacc-707995.der >> certdata.txt

addbuiltin -n "Hellenic Academic and Research Institutions RootCA 2011" -t C,C,C < ~/moz/nss/head/roots1112/harica-711594.der >> certdata.txt
Attached patch Patch v1-trunkSplinter Review
Trunk patch for NSS 3.13.x
Attached patch Patch v1-branchSplinter Review
Patch for the NSS 3.12.x branch, and potentially for Mozilla branches that are based on NSS 3.12.x and would like to update the trust list.

The sole difference between trunk and branch version of the patches is the name of the trust flags (which have been renamed).
Try builds:
http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-43a720a8a5f8/

Because try builds go away quickly, a backup of the most important files is here:
https://kuix.de/mozilla/tryserver-roots-20111218/
Thanks Kai!  Testing of the dependent bugs is complete.
Comment on attachment 582661 [details] [diff] [review]
Patch v1-trunk

Since all changes have been confirmed, I'm requesting code review.
Attachment #582661 - Flags: review?(rrelyea)
A little more detail of all the changes in this patch.

This patch adds 3 new roots: bug 680979, bug 707995, and bug 711594
Removes 5 roots: bug 708009
Removes permissions on 2 roots:  bug 708016
Comment on attachment 582661 [details] [diff] [review]
Patch v1-trunk

r+ rrelyea
Attachment #582661 - Flags: review?(rrelyea) → review+
Will be fixed in NSS 3.13.2


Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.84; previous revision: 1.83
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.81; previous revision: 1.80
done
Checking in nssckbi.h;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v  <--  nssckbi.h
new revision: 1.34; previous revision: 1.33
done
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.13.2
also landed on 3.12.x branch

Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.67.2.15; previous revision: 1.67.2.14
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.64.2.15; previous revision: 1.64.2.14
done
Checking in nssckbi.h;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v  <--  nssckbi.h
new revision: 1.24.2.10; previous revision: 1.24.2.9
done
You need to log in before you can comment on or make changes to this bug.