Opened 9 months ago
Closed 9 months ago
#20012 closed enhancement (fixed)
nss-3.102
| Reported by: | Bruce Dubbs | Owned by: | Rahul Chandra |
|---|---|---|---|
| Priority: | normal | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (6)
comment:1 by , 9 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 9 months ago
comment:3 by , 9 months ago
Unfortunately nss-{server,email}-distrust-after cannot be stored into OpenSSL trust store (/etc/ssl/certs). OpenSSL does not understand these properties at all.
comment:4 by , 9 months ago
| Milestone: | 12.2 → 99-Waiting |
|---|---|
| Summary: | nss-3.101.1 → nss-3.101.1 (Wait for next release) |
Wait for next release
comment:5 by , 9 months ago
| Milestone: | 99-Waiting → 12.2 |
|---|---|
| Summary: | nss-3.101.1 (Wait for next release) → nss-3.102 |
nss-3.102 has been released.
Changes in NSS 3.102
- Add Valgrind annotations to freebl Chacha20-Poly1305
- missing sqlite header.
- GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
- improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling.
- correct length of raw SPKI data before printing in pp utility.
comment:6 by , 9 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed @ 5260628ddb6f83b6ae303ccbf5898a6f96389d2f nss-3.102 15e9b3233da7ea69a7503d3ac2bf8df2f3975aba - bluez-5.77 0b730335067ad8147f230932352c1f130a09f346 - nodejs-20.15.1
Note:
See TracTickets
for help on using tickets.
The only change is rejecting certificates issued by "GLOBALTRUST 2020" since Jun 30, 2024, because the CA failed to handle multiple security incidents properly: https://bugzilla.mozilla.org/show_bug.cgi?id=1893546
For BLFS users using pkcs11/p11-kit-trust.so as libnssckbi.so this update makes no difference. make-ca should have already updated the system trust store to include the info: