Closed
Bug 921045
Opened 11 years ago
Closed 11 years ago
Let's include the new update cert and remove the no longer used Equifax cert
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
People
(Reporter: akeybl, Assigned: robert.strong.bugs)
References
Details
Attachments
(2 files, 1 obsolete file)
1.32 KB,
patch
|
bbondy
:
review+
lsblakk
:
approval-mozilla-aurora+
lsblakk
:
approval-mozilla-beta+
lsblakk
:
approval-mozilla-esr24+
|
Details | Diff | Splinter Review |
2.98 KB,
patch
|
Details | Diff | Splinter Review |
Let's include the new update cert and remove the Digicert cert when possible
Reporter | ||
Comment 2•11 years ago
|
||
This didn't get in in time, but I'd like us to keep this on the radar for resolution in 26 at least. It's just crufty to have the old cert lying around.
status-firefox25:
--- → wontfix
tracking-firefox26:
--- → +
Comment 3•11 years ago
|
||
Rob can you get a patch up for this?
status-firefox26:
--- → affected
status-firefox27:
--- → affected
status-firefox28:
--- → affected
Flags: needinfo?(robert.bugzilla)
Assignee | ||
Comment 4•11 years ago
|
||
I moved the in use certificate to be the one in use and added the new certifcate.
Attachment #8336657 -
Flags: review?(netzen)
Flags: needinfo?(robert.bugzilla)
Assignee | ||
Comment 5•11 years ago
|
||
If this is uplifted it would be a "good thing" to also uplift bug 928489 especially since it landed over a month ago which removes this requirement for Windows while also solving bugs with some proxies and some corporate network configuration.
Comment 6•11 years ago
|
||
Comment on attachment 8336657 [details] [diff] [review] patch rev1 Review of attachment 8336657 [details] [diff] [review]: ----------------------------------------------------------------- I have no way to validate the correctness of the issuers themselves, but the change itself looks logical to me.
Attachment #8336657 -
Flags: review?(netzen) → review+
Assignee | ||
Updated•11 years ago
|
Summary: Let's include the new update cert and remove the Digicert cert → Let's include the new update cert and remove the no longer used Equifax cert
Assignee | ||
Comment 7•11 years ago
|
||
Pushed to fx-team https://hg.mozilla.org/integration/fx-team/rev/5aad6e015530
Flags: in-testsuite-
Target Milestone: --- → Firefox 28
Assignee | ||
Comment 8•11 years ago
|
||
Comment on attachment 8336657 [details] [diff] [review] patch rev1 This doesn't affect nightly or aurora since we are currently using aus4 for those channels. [Approval Request Comment] Bug caused by (feature/regressing bug #): the backup certificate could not be renewed (see bug 913918) User impact if declined: No backup certificate if the current certificate is compromised. This can be mitigated with the add-on hotfix. Testing completed (on m-c, etc.): Manually verified the digicert certificate. Risk to taking this patch (and alternatives if risky): Small since this is for the backup certificate. String or IDL/UUID changes made by this patch: None
Attachment #8336657 -
Flags: approval-mozilla-beta?
Attachment #8336657 -
Flags: approval-mozilla-aurora?
Updated•11 years ago
|
Attachment #8336657 -
Flags: approval-mozilla-beta?
Attachment #8336657 -
Flags: approval-mozilla-beta+
Attachment #8336657 -
Flags: approval-mozilla-aurora?
Attachment #8336657 -
Flags: approval-mozilla-aurora+
Comment 9•11 years ago
|
||
(In reply to Robert Strong [:rstrong] (do not email) from comment #8) > Comment on attachment 8336657 [details] [diff] [review] > patch rev1 > > This doesn't affect nightly or aurora since we are currently using aus4 for > those channels. > [Approval Request Comment] > Bug caused by (feature/regressing bug #): the backup certificate could not > be renewed (see bug 913918) > User impact if declined: No backup certificate if the current certificate is > compromised. This can be mitigated with the add-on hotfix. > Testing completed (on m-c, etc.): Manually verified the digicert certificate. > Risk to taking this patch (and alternatives if risky): Small since this is > for the backup certificate. > String or IDL/UUID changes made by this patch: None Wait, why is this nominated for aurora approval when you say it doesn't affect aurora?
Flags: needinfo?(robert.bugzilla)
Updated•11 years ago
|
Attachment #8336657 -
Flags: approval-mozilla-aurora+ → approval-mozilla-aurora?
Assignee | ||
Comment 10•11 years ago
|
||
To keep the code the same across branches as well as in case releng decides to revert back to aus3.
Flags: needinfo?(robert.bugzilla)
Updated•11 years ago
|
Attachment #8336657 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Comment 11•11 years ago
|
||
Assignee | ||
Comment 12•11 years ago
|
||
I'll land this either later tonight or tomorrow depending on when the trees reopen
Attachment #8337198 -
Attachment is obsolete: true
Assignee | ||
Comment 13•11 years ago
|
||
pushed to mozilla-aurora https://hg.mozilla.org/releases/mozilla-aurora/rev/a55d3e9d16f3 pushed to mozilla-beta https://hg.mozilla.org/releases/mozilla-beta/rev/bc209570134e
Assignee | ||
Comment 14•11 years ago
|
||
DO you want this backported to esr?
Flags: needinfo?(release-mgmt)
Comment 15•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5aad6e015530
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•11 years ago
|
Updated•11 years ago
|
status-b2g-v1.2:
--- → fixed
Comment 18•11 years ago
|
||
For completeness it can't hurt to have this avenue available to us on 24esr if we should need it - please do.
status-firefox-esr24:
--- → affected
tracking-firefox-esr24:
--- → 26+
Flags: needinfo?(release-mgmt)
Comment 19•11 years ago
|
||
Comment on attachment 8336657 [details] [diff] [review] patch rev1 pre-approving for esr24 with the assumption that any major changes to the patch would be brought to our attention but otherwise this meets the same standards as the other channel approvals.
Attachment #8336657 -
Flags: approval-mozilla-esr24+
Assignee | ||
Comment 20•11 years ago
|
||
Pushed to mozilla-esr24 https://hg.mozilla.org/releases/mozilla-esr24/rev/6d0561e56c03 I backed out my first push and repushed because I forgot to include the bug number... oops! https://hg.mozilla.org/releases/mozilla-esr24/rev/13ddbd51b9b1 https://hg.mozilla.org/releases/mozilla-esr24/rev/c71b9afe744c
Comment 21•11 years ago
|
||
Confirmed new certs in about:config prefs, for debug builds only. I have only confirmed the presence of these prefs, not the functionality enabled by them.
You need to log in
before you can comment on or make changes to this bug.
Description
•