[v12.x] Backport update root certs to NSS 3.71#41125
Closed
richardlau wants to merge 2 commits intonodejs:v12.x-stagingfrom
Closed
[v12.x] Backport update root certs to NSS 3.71#41125richardlau wants to merge 2 commits intonodejs:v12.x-stagingfrom
richardlau wants to merge 2 commits intonodejs:v12.x-stagingfrom
Conversation
This is the certdata.txt[0] from NSS 3.71, released on 2021-09-30. This is the version of NSS that will ship in Firefox 94 on 2021-11-02. [0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_71_RTM/lib/ckfw/builtins/certdata.txt PR-URL: nodejs#40280 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl. Certificates added: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority - NAVER Global Root Certification Authority - AC RAIZ FNMT-RCM SERVIDORES SEGUROS - GlobalSign Root R46 - GlobalSign Root E46 - GLOBALTRUST 2020 - ANF Secure Server Root CA - Certum EC-384 CA - Certum Trusted Root CA - TunTrust Root CA - HARICA TLS RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 Certificates removed: - GeoTrust Global CA - GeoTrust Universal CA - GeoTrust Universal CA 2 - QuoVadis Root CA - Sonera Class 2 Root CA - Taiwan GRCA - GeoTrust Primary Certification Authority - thawte Primary Root CA - VeriSign Class 3 Public Primary Certification Authority - G5 - OISTE WISeKey Global Root GA CA - GeoTrust Primary Certification Authority - G3 - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - GeoTrust Primary Certification Authority - G2 - VeriSign Universal Root Certification Authority - VeriSign Class 3 Public Primary Certification Authority - G4 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Trustis FPS Root CA - EE Certification Centre Root CA - Staat der Nederlanden Root CA - G3 PR-URL: nodejs#40280 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
github-actions
bot
added
c++
Contributor
|
+1 to backporting so these release lines have as long of a "good" lifespan as they possibly can. |
Member
Author
|
Since there have not been any objections, I've cherry-picked the commits across and included them in #41161. |
Member
Author
|
This went out in #41161 (commits cherry-picked cleanly). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a backport of #40280 to
v12.x-staging. There are actually no merge conflicts and the commits cherry-pick cleanly but it was suggested in the most recent release WG meeting to open a backport pull request to drive discussion on whether we should update the root certificates in maintenance LTS (i.e. 12.x and 14.x). Please post comments if you have views either way on whether we should update the root certificates in the maintenance LTS lines.See the commit messages for the list of root certificates added and removed.
cc @nodejs/lts