|
|
Subscribe / Log in / New account

The patch is out

The patch is out

Posted Aug 30, 2011 19:17 UTC (Tue) by cesarb (subscriber, #6266)
Parent article: Fraudulent *.google.com certificate issued

According to https://bugzilla.mozilla.org/show_bug.cgi?id=682956#c18 the patch is now in the Mercurial repository (http://hg.mozilla.org/releases/mozilla-release/rev/436365...).

Interesting things from the patch (please correct me if I got anything wrong):

1. The true bug number is 682927. Looking at the preceding and following bug reports, it was created between 2011-08-29 11:59 PDT and 2011-08-29 12:05 PDT.
2. Certificates from the "DigiNotar Root CA" issued after "01-JUL-2011 00:00" are blacklisted, and the user cannot override this.
3. Certificates issued by "Staat der Nederlanden Root CA" (and which do not fall into the previous rule) are still trusted by default, according to a code comment, "By request of the Dutch government".
4. Other DigiNotar certificates are considered untrusted by default (but the user can override this according to the comments, probably the same way a user can trust a self-signed certificate).

to post comments

The patch is out

Posted Aug 30, 2011 23:39 UTC (Tue) by lkundrak (subscriber, #43452) [Link] 

    1.55 +    return 0; // No DigiNotor cert => carry on as normal
This is an amusing typo (?)

And the bug report is now open

Posted Aug 31, 2011 12:36 UTC (Wed) by cesarb (subscriber, #6266) [Link]

https://bugzilla.mozilla.org/show_bug.cgi?id=682927


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds