system/ca-certificates: needs to be bumped to NSS >= 3.57
Bugzilla ID | 364 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-10-26 13:26:46 -0500 |
Modified | 2021-04-07 12:49:12 -0500 |
Status | CONFIRMED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | system/ca-certificates |
Description
We are currently shipping NSS 3.53's certificates. The following versions <= 3.58 introduce changes to the certificate store:
== 3.54 ==
The following CA certificates were Added:
Bug 1645186 - certSIGN Root CA G2
SHA-256 Fingerprint: 657CFE2FA73FAA38462571F332A2363A46FCE7020951710702CDFBB6EEDA3305
Bug 1645174 - e-Szigno Root CA 2017
SHA-256 Fingerprint: BEB00B30839B9BC32C32E4447905950641F26421B15ED089198B518AE2EA1B99
Bug 1641716 - Microsoft ECC Root Certificate Authority 2017
SHA-256 Fingerprint: 358DF39D764AF9E1B766E9C972DF352EE15CFAC227AF6AD1D70E8E4A6EDCBA02
Bug 1641716 - Microsoft RSA Root Certificate Authority 2017
SHA-256 Fingerprint: C741F70F4B2A8D88BF2E71C14122EF53EF10EBA0CFA5E64CFA20F418853073E0
The following CA certificates were Removed:
Bug 1645199 - AddTrust Class 1 CA Root
SHA-256 Fingerprint:
8C7209279AC04E275E16D07FD3B775E80154B5968046E31F52DD25766324E9A7
Bug 1645199 - AddTrust External CA Root
SHA-256 Fingerprint:
687FA451382278FFF0C8B11F8D43D576671C6EB2BCEAB413FB83D965D06D2FF2
Bug 1641718 - LuxTrust Global Root 2
SHA-256 Fingerprint: 54455F7129C20B1447C418F997168F24C58FC5023BF5DA5BE2EB6E1DD8902ED5
Bug 1639987 - Staat der Nederlanden Root CA - G2
SHA-256 Fingerprint: 668C83947DA63B724BECE1743C31A0E6AED0DB8EC5B31BE377BB784F91B6716F
Bug 1618402 - Symantec Class 2 Public Primary Certification Authority - G4
SHA-256 Fingerprint: FE863D0822FE7A2353FA484D5924E875656D3DC9FB58771F6F616F9D571BC592
Bug 1618402 - Symantec Class 1 Public Primary Certification Authority - G4
SHA-256 Fingerprint: 363F3C849EAB03B0A2A0F636D7B86D04D3AC7FCFE26A0A9121AB9795F6E176DF
Bug 1618402 - VeriSign Class 3 Public Primary Certification Authority - G3
SHA-256 Fingerprint: EB04CF5EB1F39AFA762F2BB120F296CBA520C1B97DB1589565B81CB9A17B7244
A number of certificates had their Email trust bit disabled. See Bug 1618402 for a complete list.
== 3.57 ==
The following CA certificates were Added:
Bug 1663049 - CN=Trustwave Global Certification Authority
SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
Bug 1663049 - CN=Trustwave Global ECC P256 Certification Authority
SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
Bug 1663049 - CN=Trustwave Global ECC P384 Certification Authority
SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
The following CA certificates were Removed:
Bug 1651211 - CN=EE Certification Centre Root CA
SHA-256 Fingerprint:
3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
Bug 1656077 - O=Government Root Certification Authority; C=TW
SHA-256 Fingerprint:
7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
Trust settings for the following CA certificates were Modified:
Bug 1653092 - CN=OISTE WISeKey Global Root GA CA
Websites (server authentication) trust bit removed.
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases