Update root certs with NSS 3.41, and document the process by sam-github · Pull Request #25113 · nodejs/node (original) (raw)
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Conversation7 Commits3 Checks0 Files changed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
One question about the process: do root certs always get backported? I think so, so should the final step in the process involve any labelling of the PR to indicate request-to-backport/cherry-pick into LTS branches?
/to @bnoordhuis @shigeki
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes- tests and/or benchmarks are included
- documentation is changed or added
- commit message follows commit guidelines
Issues and PRs that require attention from people who are familiar with C++.
Issues and PRs related to general changes in the lib or src directory.
labels
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Good writeup, Sam. There's a typo in the URL in the first commit, it's missing the first 't' in certdata.txt.
PRs that have at least one approval, no pending requests for changes, and a CI started.
label
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA
Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
addaleax pushed a commit that referenced this pull request
addaleax pushed a commit that referenced this pull request
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA
Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
addaleax pushed a commit that referenced this pull request
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
One question about the process: do root certs always get backported?
Sorry, forgot to answer this. The answer is 'mostly' - there have been some certificate changes that we didn't backport in the past for fear of disruption (deprecation/removal of 1024 bits RSA certs was one.)
MylesBorins pushed a commit that referenced this pull request
MylesBorins pushed a commit that referenced this pull request
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA
Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
MylesBorins pushed a commit that referenced this pull request
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
MylesBorins added a commit that referenced this pull request
Notable Changes:
- cli:
- add --max-http-header-size flag (cjihrig) #24811
- crypto:
- deps:
- http:
- add maxHeaderSize property (cjihrig) #24860
PR-URL: #25175
MylesBorins added a commit that referenced this pull request
Notable Changes:
- cli:
- add --max-http-header-size flag (cjihrig) #24811
- crypto:
- deps:
- http:
- add maxHeaderSize property (cjihrig) #24860
PR-URL: #25175
refack pushed a commit to refack/node that referenced this pull request
refack pushed a commit to refack/node that referenced this pull request
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA
Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
PR-URL: nodejs#25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
refack pushed a commit to refack/node that referenced this pull request
PR-URL: nodejs#25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
refack pushed a commit to refack/node that referenced this pull request
BethGriggs pushed a commit that referenced this pull request
BethGriggs pushed a commit that referenced this pull request
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA
Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
BethGriggs pushed a commit that referenced this pull request
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
BethGriggs pushed a commit that referenced this pull request
BethGriggs pushed a commit that referenced this pull request
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA
Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
BethGriggs pushed a commit that referenced this pull request
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
BethGriggs pushed a commit that referenced this pull request
BethGriggs pushed a commit that referenced this pull request
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA
Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
BethGriggs pushed a commit that referenced this pull request
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
MylesBorins pushed a commit that referenced this pull request
MylesBorins pushed a commit that referenced this pull request
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA
Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
MylesBorins pushed a commit that referenced this pull request
PR-URL: #25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
This was referenced
May 29, 2019
bnoordhuis pushed a commit to bnoordhuis/io.js that referenced this pull request
bnoordhuis pushed a commit to bnoordhuis/io.js that referenced this pull request
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA
Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
PR-URL: nodejs#25113 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
BethGriggs pushed a commit that referenced this pull request
BethGriggs pushed a commit that referenced this pull request
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA
Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
PR-URL: #25113 Backport-PR-URL: #29137 Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Ruben Bridgewater ruben@bridgewater.de
Labels
PRs that have at least one approval, no pending requests for changes, and a CI started.
Issues and PRs that require attention from people who are familiar with C++.
Issues and PRs related to general changes in the lib or src directory.