Opened 6 days ago

Last modified 45 hours ago

#20012 assigned enhancement

nss-3.101.1 (Wait for next release)

Reported by: Bruce Dubbs Owned by: Rahul Chandra
Priority: normal Milestone: 99-Waiting
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Rahul Chandra, 6 days ago

Owner: changed from blfs-book to Rahul Chandra
Status: newassigned

comment:2 by Xi Ruoyao, 6 days ago

The only change is rejecting certificates issued by "GLOBALTRUST 2020" since Jun 30, 2024, because the CA failed to handle multiple security incidents properly: https://bugzilla.mozilla.org/show_bug.cgi?id=1893546

For BLFS users using pkcs11/p11-kit-trust.so as libnssckbi.so this update makes no difference. make-ca should have already updated the system trust store to include the info: 

[p11-kit-object-v1]
label: "GLOBALTRUST 2020"
trusted: true
nss-mozilla-ca-policy: true
modifiable: false
nss-server-distrust-after: "240630000000Z"
nss-email-distrust-after: "240630000000Z"

comment:3 by Xi Ruoyao, 6 days ago

Unfortunately nss-{server,email}-distrust-after cannot be stored into OpenSSL trust store (/etc/ssl/certs). OpenSSL does not understand these properties at all.

comment:4 by Rahul Chandra, 45 hours ago

Milestone: 12.299-Waiting
Summary: nss-3.101.1nss-3.101.1 (Wait for next release)

Wait for next release

Note: See TracTickets for help on using tickets.