December 2011 batch of NSS root CA changes

RESOLVED FIXED in 3.13.2

Status

NSS
CA Certificates Code
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

3.13.2
3.13.2
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Assignee)

Description

6 years ago
It's time for new root changes. See the list of dependent bugs that will be addressed in this batch.
(Assignee)

Comment 1

6 years ago
I used the following commands to import 3 new root certs and their trust flags:

addbuiltin -n "Security Communication RootCA2" -t C,C,C < ~/moz/nss/head/roots1112/secom-680979.der >> certdata.txt

addbuiltin -n "EC-ACC" -t C,, < ~/moz/nss/head/roots1112/ecacc-707995.der >> certdata.txt

addbuiltin -n "Hellenic Academic and Research Institutions RootCA 2011" -t C,C,C < ~/moz/nss/head/roots1112/harica-711594.der >> certdata.txt
(Assignee)

Comment 2

6 years ago
Created attachment 582661 [details] [diff] [review]
Patch v1-trunk

Trunk patch for NSS 3.13.x
(Assignee)

Comment 3

6 years ago
Created attachment 582662 [details] [diff] [review]
Patch v1-branch

Patch for the NSS 3.12.x branch, and potentially for Mozilla branches that are based on NSS 3.12.x and would like to update the trust list.

The sole difference between trunk and branch version of the patches is the name of the trust flags (which have been renamed).
(Assignee)

Comment 4

6 years ago
Try builds:
http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-43a720a8a5f8/

Because try builds go away quickly, a backup of the most important files is here:
https://kuix.de/mozilla/tryserver-roots-20111218/

Comment 5

6 years ago
Thanks Kai!  Testing of the dependent bugs is complete.
(Assignee)

Comment 6

6 years ago
Comment on attachment 582661 [details] [diff] [review]
Patch v1-trunk

Since all changes have been confirmed, I'm requesting code review.
Attachment #582661 - Flags: review?(rrelyea)

Comment 7

6 years ago
A little more detail of all the changes in this patch.

This patch adds 3 new roots: bug 680979, bug 707995, and bug 711594
Removes 5 roots: bug 708009
Removes permissions on 2 roots:  bug 708016

Comment 8

6 years ago
Comment on attachment 582661 [details] [diff] [review]
Patch v1-trunk

r+ rrelyea
Attachment #582661 - Flags: review?(rrelyea) → review+
(Assignee)

Comment 9

6 years ago
Will be fixed in NSS 3.13.2


Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.84; previous revision: 1.83
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.81; previous revision: 1.80
done
Checking in nssckbi.h;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v  <--  nssckbi.h
new revision: 1.34; previous revision: 1.33
done
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.13.2
(Assignee)

Comment 10

6 years ago
also landed on 3.12.x branch

Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.67.2.15; previous revision: 1.67.2.14
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.64.2.15; previous revision: 1.64.2.14
done
Checking in nssckbi.h;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v  <--  nssckbi.h
new revision: 1.24.2.10; previous revision: 1.24.2.9
done
You need to log in before you can comment on or make changes to this bug.