add network solutions and diginotar root certs The purpose of this bug is to get both bug 431621, bug 431381 done with a single patch and review cycle.

This zip file contains a single binary roots module, named nssckbi.dll sha1sum: 6f2b5b53ca11c800c5cd9f0ff73b458ef29a7c85 file size: 303104 Please place into your firefox installation directory, replacing the file you already have. Please note, I do not use Antivirus software on my windows computer, so I can't give any guarantees for this file.

Comment on attachment 318913 [details] [diff] [review] Patch v1 Requesting two reviews. Plan to check this in to 3 branches: - trunk - 3.12.0 branch for ff 3 - 3.11 branch

Comment on attachment 318913 [details] [diff] [review] Patch v1 r+ Both certs are approved. Issuer/SN match the Trust. Trust flags match the approved flags from Frank.

Comment on attachment 318913 [details] [diff] [review] Patch v1 This patch gives both SSL server auth and code signing trust flags to both CAs, Diginotar and to NetSol. But as I read bug 431318, Frank granted only server trust, not code signing, to netsol. So, this patch appears to NOT grant the appropriate trust flags to that CA. Is there somewhere that I missed where Frank DID grant code signing to the NetSol CA cert?

there's a typo in comment 5. I meant bug 431381.

Comment on attachment 318913 [details] [diff] [review] Patch v1 I just re-ran my test, and this time, it shows the correct trust flags on NetSol. I must have done something wrong the first time. It looks right to me now. r+

checked in to trunk Checking in certdata.c; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c new revision: 1.49; previous revision: 1.48 done Checking in certdata.txt; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt new revision: 1.48; previous revision: 1.47 done

checked in to 3.11 branch Checking in certdata.c; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c new revision: 1.36.24.11; previous revision: 1.36.24.10 done Checking in certdata.txt; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt new revision: 1.37.24.10; previous revision: 1.37.24.9 done

Note, I have NOT increased the version number of nssckbi on 3.11 branch, because it got already incremented after we have released 3.11.9

checked in to 3.12.0 branch Checking in certdata.c; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c new revision: 1.48.2.1; previous revision: 1.48 done Checking in certdata.txt; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.txt new revision: 1.47.2.1; previous revision: 1.47 done marking fixed

In reply to comment 10: Groovy :)

Changing target milestone to 3.11.10 (not yet released).