Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v8.x] crypto: update root certificates #29137

Closed

Conversation

bnoordhuis
Copy link
Member

This is a back-port of a bunch of PRs. All backports apply cleanly except #26415 for which I did a partial cherry-pick.

Refs: nodejs/Release#466

sam-github and others added 7 commits August 15, 2019 13:03
This is the certdata.txt[0] from NSS 3.41, released on 2018-12-03.

This is the version of NSS that will ship in Firefox 65 on 2018-12-11.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_41_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: nodejs#25113
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
This is the certdata.txt[0] from NSS 3.43, released on 2019-03-15.

This is the version of NSS that will ship in Firefox 67 on
2019-03-19.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_43_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: nodejs#27374
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
This is the certdata.txt[0] from NSS 3.45, released on 2019-07-05.

This is the version of NSS that will ship in Firefox 69 on
2019-09-03.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_45_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: nodejs#28808
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA

Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3

PR-URL: nodejs#25113
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- emSign Root CA - G1
- emSign ECC Root CA - G3
- emSign Root CA - C1
- emSign ECC Root CA - C3
- Hongkong Post Root CA 3

PR-URL: nodejs#27374
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
This is a partial backport of commit f1a3968 ("tls: expose built-in
root certificates") from the master branch. The original commit adds a
new API, this commit just backports the non-visible changes to ease
backporting follow-up commits.

Refs: nodejs#26415
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added: (none)

Certificates removed:
- Certinomis - Root CA

PR-URL: nodejs#28808
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. v8.x labels Aug 15, 2019
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@Trott
Copy link
Member

Trott commented Aug 22, 2019

@nodejs/backporters

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 19, 2019

@BethGriggs
Copy link
Member

Landed on v8.x-staging

@BethGriggs BethGriggs closed this Sep 19, 2019
BethGriggs pushed a commit that referenced this pull request Sep 19, 2019
This is the certdata.txt[0] from NSS 3.41, released on 2018-12-03.

This is the version of NSS that will ship in Firefox 65 on 2018-12-11.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_41_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: #25113
Backport-PR-URL: #29137
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
BethGriggs pushed a commit that referenced this pull request Sep 19, 2019
This is the certdata.txt[0] from NSS 3.43, released on 2019-03-15.

This is the version of NSS that will ship in Firefox 67 on
2019-03-19.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_43_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: #27374
Backport-PR-URL: #29137
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
BethGriggs pushed a commit that referenced this pull request Sep 19, 2019
This is the certdata.txt[0] from NSS 3.45, released on 2019-07-05.

This is the version of NSS that will ship in Firefox 69 on
2019-09-03.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_45_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: #28808
Backport-PR-URL: #29137
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
BethGriggs pushed a commit that referenced this pull request Sep 19, 2019
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA

Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3

PR-URL: #25113
Backport-PR-URL: #29137
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
BethGriggs pushed a commit that referenced this pull request Sep 19, 2019
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- emSign Root CA - G1
- emSign ECC Root CA - G3
- emSign Root CA - C1
- emSign ECC Root CA - C3
- Hongkong Post Root CA 3

PR-URL: #27374
Backport-PR-URL: #29137
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
BethGriggs pushed a commit that referenced this pull request Sep 19, 2019
This is a partial backport of commit f1a3968 ("tls: expose built-in
root certificates") from the master branch. The original commit adds a
new API, this commit just backports the non-visible changes to ease
backporting follow-up commits.

PR-URL: #26415
Backport-PR-URL: #29137
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Ron Korving <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Vse Mozhet Byt <[email protected]>
BethGriggs pushed a commit that referenced this pull request Sep 19, 2019
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added: (none)

Certificates removed:
- Certinomis - Root CA

PR-URL: #28808
Backport-PR-URL: #29137
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants