Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

crypto: update certdata to NSS 3.56 #35546

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
codebytere wants to merge 1 commit into from
Closed

crypto: update certdata to NSS 3.56 #35546

codebytere wants to merge 1 commit into from

Conversation

@codebytere
Copy link
Member

@codebytere codebytere commented Oct 7, 2020
edited
Loading

This PR updates the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl

This is the certdata.txt from NSS 3.56, released on 2020-08-21 - https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

Certificates added:

  • Microsoft ECC Root Certificate Authority 2017
  • Microsoft RSA Root Certificate Authority 2017
  • e-Szigno Root CA 2017
  • certSIGN Root CA G2

Certificates removed:

  • Verisign Class 3 Public Primary Certification Authority - G3
  • AddTrust External Root
  • Staat der Nederlanden Root CA - G2
  • LuxTrust Global Root 2

Electron found this issue via electron/electron#24123 - which we solved by doing this same update. This also allows us to remove a patch.

cc @nodejs/crypto

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@codebytere
crypto: update certdata to NSS 3.56
a8391ef 
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. labels Oct 7, 2020
@codebytere codebytere added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 7, 2020
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 7, 2020
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 7, 2020

CI: https://ci.nodejs.org/job/node-test-pull-request/33464/

@gengjiawen gengjiawen added the notable-change PRs with changes that should be highlighted in changelogs. label Oct 8, 2020
Trott
Trott approved these changes Oct 8, 2020
View reviewed changes
Copy link
Member

@Trott Trott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber-stamp LGTM

gengjiawen pushed a commit that referenced this pull request Oct 13, 2020
@codebytere @gengjiawen
crypto: update certdata to NSS 3.56
44a66ad 
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2

PR-URL: #35546
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@gengjiawen
Copy link
Member

gengjiawen commented Oct 13, 2020

Landed in 44a66ad

@gengjiawen gengjiawen closed this Oct 13, 2020
@codebytere codebytere deleted the update-cert-data branch October 13, 2020 01:38
MylesBorins pushed a commit that referenced this pull request Oct 14, 2020
@codebytere @MylesBorins
crypto: update certdata to NSS 3.56
7e7afc5 
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2

PR-URL: #35546
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins added a commit that referenced this pull request Oct 14, 2020
@MylesBorins
2020-10-15, Version 14.14.0 (Current)
6112962 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
@MylesBorins MylesBorins mentioned this pull request Oct 14, 2020
Merged
MylesBorins added a commit that referenced this pull request Oct 15, 2020
@MylesBorins
2020-10-15, Version 14.14.0 (Current)
0ea4bd2 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
MylesBorins added a commit that referenced this pull request Oct 15, 2020
@MylesBorins
2020-10-15, Version 14.14.0 (Current)
354b6a9 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: #35648
MylesBorins added a commit that referenced this pull request Oct 16, 2020
@MylesBorins
2020-10-15, Version 14.14.0 (Current)
59d578e 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: #35648
codebytere added a commit to electron/electron that referenced this pull request Oct 16, 2020
@codebytere
Remove upstreamed certs patch
863aa8d 
nodejs/node#35546
codebytere added a commit to electron/electron that referenced this pull request Oct 19, 2020
@codebytere
Remove upstreamed certs patch
28c9ff6 
nodejs/node#35546
codebytere added a commit to electron/electron that referenced this pull request Oct 19, 2020
@electron-bot @codebytere
chore: bump node to v14.14.0 (master) (#25994)
e895353 
* chore: bump node in DEPS to v14.14.0

* Remove upstreamed certs patch

nodejs/node#35546

* Remove V8 Isolate callbacks patch

nodejs/node#35512

* Update patch indices

* Update Node.js filenames

Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
MylesBorins pushed a commit that referenced this pull request Nov 3, 2020
@codebytere @MylesBorins
crypto: update certdata to NSS 3.56
ba1e561 
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2

PR-URL: #35546
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins added a commit that referenced this pull request Nov 3, 2020
@MylesBorins
2020-11-24, Version 12.20.0 'Erbium' (LTS)
8227fbc 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) #35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
@MylesBorins MylesBorins mentioned this pull request Nov 3, 2020
Merged
MylesBorins added a commit that referenced this pull request Nov 4, 2020
@MylesBorins
2020-11-24, Version 12.20.0 'Erbium' (LTS)
21e1b62 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) #35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
@h1z1
Copy link

h1z1 commented Nov 11, 2020

Why does node need to ship it's own compiled in certs to begin with?

This was referenced Jun 23, 2021
Closed
Closed
Closed
Closed
Merged
This was referenced Jul 1, 2021
Merged
Merged
Closed
Closed
Merged
This was referenced Jul 11, 2021
Closed
Open
This was referenced Jul 23, 2021
Merged
Merged
Merged
Open
Merged
This was referenced Jul 31, 2021
Merged
Merged
Closed
Closed
Closed
@gary-kim-bot gary-kim-bot mentioned this pull request Aug 2, 2021
Open
1 task
@renovate renovate bot mentioned this pull request Aug 3, 2021
Merged
1 task
This was referenced Aug 11, 2021
Closed
Open
@richardlau richardlau mentioned this pull request Oct 2, 2021
Closed
@isysd-mirror isysd-mirror mentioned this pull request Dec 22, 2021
Closed
ryanhc pushed a commit to Samsung/lwnode that referenced this pull request Jun 29, 2022
@MylesBorins
2020-10-15, Version 14.14.0 (Current)
edc407f 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) nodejs/node#35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) nodejs/node#35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) nodejs/node#35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) nodejs/node#35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) nodejs/node#35512

PR-URL: nodejs/node#35648
@richardlau richardlau mentioned this pull request Apr 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell jasnell approved these changes

@Trott Trott Trott approved these changes

@gengjiawen gengjiawen gengjiawen approved these changes

+1 more reviewer

@evanlucas evanlucas evanlucas approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. notable-change PRs with changes that should be highlighted in changelogs.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@codebytere @nodejs-github-bot @gengjiawen @h1z1 @jasnell @evanlucas @Trott
Morty Proxy This is a proxified and sanitized view of the page, visit original site.