caroot: Ignore soft distrust of server CA certificates
Needs ReviewPublic
Actions

Authored by michaelo on Thu, Feb 20, 9:55 AM.

Details

Reviewers

jrm
otis
des
emaste
kevans

Summary

Mozilla introduced the field CKA_NSS_SERVER_DISTRUST_AFTER which indicates that
a server CA certificate will be distructed in the future before its NotAfter
time. This means that the CA stops issuing new certificates, but previous ones
are still valid until they expire. We can ignore this until Mozilla removes
it altogether from the bundle.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 62540
Build 59424: arc lint + arc unit

Event Timeline

michaelo created this revision.Thu, Feb 20, 9:55 AM

Herald added a subscriber: imp. · View Herald TranscriptThu, Feb 20, 9:55 AM

michaelo requested review of this revision.Thu, Feb 20, 9:55 AM

Harbormaster completed remote builds in B62540: Diff 151237.Thu, Feb 20, 9:55 AM

Please add other reviewers as you think appropriate.

Here it is: https://bugzilla.mozilla.org/show_bug.cgi?id=1465613

michaelo added a reviewer: kevans.Thu, Feb 20, 11:10 AM

michaelo retitled this revision from secure/caroot: Ignore soft distrust of server CA certificates to caroot: Ignore soft distrust of server CA certificates.Thu, Feb 20, 11:14 AM

Revision Contents
Changeset List

Path

Size

secure/

caroot/

MAca-bundle.pl

12 lines

Diff 151237

View Options

secure/caroot/MAca-bundle.pl

caroot: Ignore soft distrust of server CA certificatesNeeds ReviewPublicActions