May 2012 batch of changes to the EV-activation list

RESOLVED FIXED in mozilla19

Status

()

Core
Security: PSM
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

10 Branch
mozilla19
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Assignee)

Description

6 years ago
This bug proposes to use a single batch for all the currently pending and requested changes to the list of certificates enabled for EV, as seen in the dependency list.
(Assignee)

Updated

6 years ago
Depends on: 757242
(Assignee)

Comment 1

6 years ago
Created attachment 625785 [details] [diff] [review]
Patch v1
Assignee: nobody → kaie
(Assignee)

Comment 2

6 years ago
The test build can be found at
http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-0aea1af6cb90/
(Assignee)

Comment 3

6 years ago
The link in comment 2 will go away after a couple of days.
A backup download locaiton is http://kuix.de/mozilla/tryserver-roots-20120521/
(Assignee)

Comment 4

6 years ago
In case you're surprised about this change:

// CN=Buypass Class 3 CA 1,O=Buypass AS-983163327,C=NO
     "2.16.578.1.26.1.3.3",
-    "Buypass Class 3 CA 1",
+    "Buypass EV OID",


This string is an identifier string for the OID.
It must be identical for all entries with the same OID.
And the old string didn't make sense as a generic OID string for multiple roots.
(Assignee)

Updated

5 years ago
Assignee: kaie → kwilson

Updated

5 years ago
Assignee: kwilson → honzab.moz
(Assignee)

Comment 5

5 years ago
Comment on attachment 625785 [details] [diff] [review]
Patch v1

This should had been done in May, we missed it.

Asking for review.
Attachment #625785 - Flags: review?(bsmith)
(Assignee)

Comment 6

5 years ago
Given that all versions from FF 15 contain the required roots in NSS, you could consider to target beta.

Comment 7

5 years ago
What needs to be done to get this change in?

I looked at the attached patch, and it has the correct changes, which are as follows:

Bug #751960 – StartCom
Change existing EV OID to 1.3.6.1.4.1.23223.1.1.1
Add
Friendly name: StartCom Certification Authority
SHA1 Fingerprint: A3:F1:33:3F:E2:42:BF:CF:C5:D1:4E:8F:39:42:98:40:68:10:D1:A0
EV Policy OID: 1.3.6.1.4.1.23223.1.1.1  
Add
Friendly name: StartCom Certification Authority G2
SHA1 Fingerprint: 31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17
EV Policy OID: 1.3.6.1.4.1.23223.1.1.1

Bug #752106 – Buypass
Add
Friendly name: Buypass Class 3 Root CA
SHA1 Fingerprint: DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57
EV policy OID: 2.16.578.1.26.1.3.3
(Assignee)

Comment 8

5 years ago
Anyone of the PSM module peers must mark the patch as r+
Comment on attachment 625785 [details] [diff] [review]
Patch v1

Review of attachment 625785 [details] [diff] [review]:
-----------------------------------------------------------------

I suggest that we let kwilson r+ all the EV bit setting and root inclusion requests in the future.
Attachment #625785 - Flags: review?(bsmith) → review+
(Assignee)

Comment 10

5 years ago
Created attachment 672919 [details] [diff] [review]
updated patch to use nsnullptr
Assignee: honzab.moz → kaie
(Assignee)

Comment 11

5 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/49138b4f5fc9
(Assignee)

Updated

5 years ago
Target Milestone: --- → mozilla19
https://hg.mozilla.org/mozilla-central/rev/49138b4f5fc9
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Flags: in-testsuite-
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.