Launchpad has imported 14 comments from the remote bug at https://bugzilla.mozilla.org/show_bug.cgi?id=683449.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2011-08-31T08:51:01+00:00 Gervase Markham wrote: It turns out that there are two Staat der Nederlanden roots in our root store, and our patch only exempts one of them from the DigiNotar block :-(( This means that a number of websites whose certs do not chain up to the dis-trusted DigiNotar root are nevertheless having their certificates viewed as untrusted. I'm not sure how many sites this is. The roots are: Staat der Nederlanden Root CA (successfully exempted) Staat der Nederlanden Root CA - G2 (accidentally included) The line of code is this one: if (!strcmp(node->cert->issuerName, "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") ... This check needs to include both the names above. Test site: https://sha2.diginotar.nl/ Gerv Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/0 ------------------------------------------------------------------------ On 2011-08-31T10:09:49+00:00 Mark-janssen wrote: Some more websites: https://g2test.logius.nl/ https://steenwijkerland.bim.mijnbezwaar.nl/ Let me know if you need more. Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/1 ------------------------------------------------------------------------ On 2011-08-31T10:38:46+00:00 Mark-janssen wrote: Again more sites: https://secure.valkenswaard.nl/ https://www8.eindhoven.nl/ Thanks Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/2 ------------------------------------------------------------------------ On 2011-08-31T10:46:09+00:00 Gervase Markham wrote: This bug cannot progress until the right people wake up. If we decide to issue a further update, the turnaround time is about 24 hours. Gerv Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/3 ------------------------------------------------------------------------ On 2011-08-31T14:12:26+00:00 Ehsan-mozilla wrote: I think I may have a patch. Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/4 ------------------------------------------------------------------------ On 2011-08-31T14:14:19+00:00 Ehsan-mozilla wrote: Created attachment 557158 Patch (v1) Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/5 ------------------------------------------------------------------------ On 2011-08-31T14:14:34+00:00 Bsmith-mozilla wrote: Created attachment 557159 WIP - Allow Staat der Nederlanden Root CA - G2 Root This is still building on my machine. Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/6 ------------------------------------------------------------------------ On 2011-08-31T14:16:25+00:00 Ehsan-mozilla wrote: (In reply to Brian Smith (:bsmith) from comment #6) > Created attachment 557159 > WIP - Allow Staat der Nederlanden Root CA - G2 Root > > This is still building on my machine. Same here! Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/7 ------------------------------------------------------------------------ On 2011-08-31T14:24:12+00:00 Bsmith-mozilla wrote: Comment on attachment 557159 WIP - Allow Staat der Nederlanden Root CA - G2 Root Will use Ehsan's patch, which I will r+ as soon as it finishes building on my machine and I can test it. Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/8 ------------------------------------------------------------------------ On 2011-08-31T14:26:01+00:00 Kai Engert wrote: Comment on attachment 557158 Patch (v1) If the Dutch gov insists on this, and Mozilla decides to concur, I'm fine with this code change. r=kaie Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/9 ------------------------------------------------------------------------ On 2011-08-31T14:38:10+00:00 Ehsan-mozilla wrote: Just verified locally that the fix is working for all of the test websites. Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/10 ------------------------------------------------------------------------ On 2011-08-31T14:39:58+00:00 Ehsan-mozilla wrote: http://hg.mozilla.org/mozilla-central/rev/e18dcb523b20 Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/11 ------------------------------------------------------------------------ On 2011-08-31T14:46:21+00:00 Ehsan-mozilla wrote: I landed it on aurora, beta and 1.9.2 (not the relbranch) with johnath's verbal approval: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/72fd28e61b47 http://hg.mozilla.org/releases/mozilla-aurora/rev/ba929aa09503 http://hg.mozilla.org/releases/mozilla-beta/rev/6791db28b82f Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/12 ------------------------------------------------------------------------ On 2011-08-31T14:58:03+00:00 Johnath wrote: (Confirming that this has any approval flags ehsan needs it to have - a=me) Reply at: https://bugs.launchpad.net/firefox/+bug/838322/comments/13 ** Changed in: firefox Status: Unknown => Fix Released ** Changed in: firefox Importance: Unknown => Critical -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/838322 Title: DigiNotar patch erroneously blocks one of the two Staat der Nederlanden roots Status in The Mozilla Firefox Browser: Fix Released Status in “firefox” package in Ubuntu: Triaged Status in “xulrunner-1.9.2” package in Ubuntu: Invalid Status in “firefox” source package in Lucid: In Progress Status in “xulrunner-1.9.2” source package in Lucid: In Progress Status in “firefox” source package in Maverick: In Progress Status in “xulrunner-1.9.2” source package in Maverick: In Progress Status in “firefox” source package in Natty: In Progress Status in “xulrunner-1.9.2” source package in Natty: Invalid Status in “firefox” source package in Oneiric: Triaged Status in “xulrunner-1.9.2” source package in Oneiric: Invalid Bug description: The fix for bug #837557 unfortunately had a small regression for users of Staat der Nederlanden sites. One of their two root CAs was blocked. An update is being prepared to fix the issue. To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/838322/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
