Closed
Bug 757197
Opened 12 years ago
Closed 12 years ago
May 2012 batch of NSS root CA changes
Categories
(NSS :: CA Certificates Code, task)
Tracking
(firefox-esr10 verified)
VERIFIED
FIXED
3.13.6
Tracking | Status | |
---|---|---|
firefox-esr10 | --- | verified |
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file, 1 obsolete file)
68.57 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
This single bug intends to deal with multiple pending change requests, as of mid May 2012, see dependency list.
Assignee | ||
Updated•12 years ago
|
Assignee | ||
Comment 1•12 years ago
|
||
Ok, this bug also depends on bug 757189. We should make a decision which trust flag to use for consistency, and the patch in this bug should use the agreed not-explicitly-trusted flag from bug 757189
Depends on: 757189
Assignee | ||
Comment 2•12 years ago
|
||
This patch adds 6 new root CA certificates as requested in 4 bugs. This patch also changes the the trust flags of 3 certificates as requested in 3 bugs. The certificate additions were created using the patch from bug 757189 (which uses the CKT_NSS_TRUST_UNKNOWN flag) and the following commands: addbuiltin -n "Actalis Authentication Root CA" -t C,,C < ~/moz/nss/head/root0512/actalis-742525.der >> certdata.txt addbuiltin -n "Trustis FPS Root CA" -t C,C, < ~/moz/nss/head/root0512/trustis-742514.der >> certdata.txt addbuiltin -n "StartCom Certification Authority" -t C,C,C < ~/moz/nss/head/root0512/startcom-sha256-751954.der >> certdata.txt addbuiltin -n "StartCom Certification Authority G2" -t C,C,C < ~/moz/nss/head/root0512/startcom-g2-751954.der >> certdata.txt addbuiltin -n "Buypass Class 2 Root CA" -t C,, < ~/moz/nss/head/root0512/buypass-c2-752103.der >> certdata.txt addbuiltin -n "Buypass Class 3 Root CA" -t C,, < ~/moz/nss/head/root0512/buypass-c3-752103.der >> certdata.txt
Assignee: nobody → kaie
Assignee | ||
Comment 3•12 years ago
|
||
I'm NOT yet requesting review. I propose to produce a test build first. As a first step, I propose that Kathleen might do a sanity check that the actions from bug 757189 didn't have a bad effect for the roots where we're doing the consistency cleanup (which should have zero effect on functionality.) Later, after the first step succeeded, I will proceed with asking CAs to test and give feedback.
Assignee | ||
Comment 4•12 years ago
|
||
The test build can be found at http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-0aea1af6cb90/
Assignee | ||
Comment 5•12 years ago
|
||
The link in comment 4 will go away after a couple of days. A backup download locaiton is http://kuix.de/mozilla/tryserver-roots-20120521/
Assignee | ||
Updated•12 years ago
|
Target Milestone: 3.13.5 → 3.14
Assignee | ||
Comment 6•12 years ago
|
||
Comment on attachment 625758 [details] [diff] [review] Patch v1 We'll use a different patch and a new build, because we want to use a different approach for bug 757189 and we want to include bug 760167, too.
Attachment #625758 -
Attachment is obsolete: true
Assignee | ||
Comment 7•12 years ago
|
||
This patch must be applied on top of the patch from bug 757189.
Assignee | ||
Comment 8•12 years ago
|
||
I created an updated try build http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-b51f34a5b5c1/ I created backups at http://kuix.de/mozilla/tryserver-roots-20120604/
Assignee | ||
Comment 9•12 years ago
|
||
Comment on attachment 629325 [details] [diff] [review] Patch v3 Bob, we've received all the necessary testing confirmation, therefore I'd like to ask for your code review. Thanks
Attachment #629325 -
Flags: review?(rrelyea)
Comment 10•12 years ago
|
||
Comment on attachment 629325 [details] [diff] [review] Patch v3 r+ rrelyea
Attachment #629325 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 11•12 years ago
|
||
trunk for 3.14: cvs commit: Examining . Checking in certdata.c; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c new revision: 1.88; previous revision: 1.87 done Checking in certdata.txt; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt new revision: 1.85; previous revision: 1.84 done 3.13.4 branch for 3.13.6: cvs commit: Examining . Checking in certdata.c; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c new revision: 1.85.2.2; previous revision: 1.85.2.1 done Checking in certdata.txt; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt new revision: 1.82.2.2; previous revision: 1.82.2.1 done
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•12 years ago
|
Target Milestone: 3.14 → 3.13.6
Assignee | ||
Comment 12•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-esr10/rev/ef60da380f1b
status-firefox-esr10:
--- → fixed
Comment 13•12 years ago
|
||
Kai, anything QA needs to be on the lookout for in terms of potential Firefox 10.0.12esr regressions?
Whiteboard: [qa?]
Assignee | ||
Comment 14•12 years ago
|
||
Anthony, besides new root CA certs now being trusted by Firefox (now the same set of certificates that are trusted in the most recent release of Firefox 18), you shouldn't see anything else.
Comment 15•12 years ago
|
||
Do we know of any websites utilizing the new root CA certs that we can spotcheck?
Comment 16•12 years ago
|
||
As per bug 795355 comment 16, adding verifyme to spotcheck the test URLs mentioned in the dependent bugs.
Keywords: verifyme
Whiteboard: [qa?]
Comment 17•12 years ago
|
||
(In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #15) > Do we know of any websites utilizing the new root CA certs that we can > spotcheck? Bug #718841 -- https://www.verisign.com Bug #722843 -- https://www.thawte.com/ Bug #742514 -- https://www.trustis.com/ Bug #742525 -- https://portal-pte.actalis.it/ Bug #751954 -- https://www.startssl.com/ , https://g2.startcom.org/ Bug #752103 -- https://valid.domainplus.ca22.ssl.buypass.no/CA2Class2 https://valid.evident.ca23.ssl.buypass.no/CA2Class3 Bug #752110 – https://repository.trust.teliasonera.com/ Bug #757189 – none Bug #760167 -- none
Comment 18•12 years ago
|
||
Thank you Kathleen!
Comment 19•12 years ago
|
||
Verified fixed on Firefox 10.0.12 ESR, for the following OSs: Windows 7 64-bit, Ubuntu 12.04 32-bit, Mac OSX 10.8. I've also done some exploratory on these links: refreshing tabs, closing & reopening tabs, session restore, etc. Build ID: 20130103094221 User Agents: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.12) Gecko/20100101 Firefox/10.0.12 Mozilla/5.0 (X11; Linux i686; rv:10.0.12) Gecko/20100101 Firefox/10.0.12 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:10.0.12) Gecko/20100101 Firefox/10.0.12
You need to log in
before you can comment on or make changes to this bug.
Description
•