Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Announcing a NSS release for Blocking Fraudulent Certificates

17 views

Skip to first unread message

Kai Engert

unread,

Mar 23, 2011, 6:01:45 PM3/23/11

to mozilla-dev...@lists.mozilla.org

This announcement is related to the same underlying issue as reported in
http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/

While the above mentioned hotfix was made at the Mozilla client
application level, we would like to provide a hotfix at the NSS level, too.

We have created an updated "builtin certificates" module (ckbi) that
includes the fraudulent SSL certificates, and marks them as explicitly
not trusted. (The addbuiltin tool was updated, for that purpose, too.)

When attempting to verify one of the fraudulent certificates, NSS will
report SEC_ERROR_UNTRUSTED_CERT (this is an pre-existing error code).

We've combined this updated module with the most recently released
stable version of NSS 3.12.9

The cvs tag is:
NSS_3_12_9_WITH_CKBI_1_82_RTM

A source archive has been uploaded to
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_9_WITH_CKBI_1_82_RTM

Kai

0 new messages