crypto: update certdata to NSS 3.56 #35546

codebytere · 2020-10-07T18:56:50Z

This PR updates the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl

This is the certdata.txt from NSS 3.56, released on 2020-08-21 - https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

Certificates added:

Microsoft ECC Root Certificate Authority 2017
Microsoft RSA Root Certificate Authority 2017
e-Szigno Root CA 2017
certSIGN Root CA G2

Certificates removed:

Verisign Class 3 Public Primary Certification Authority - G3
AddTrust External Root
Staat der Nederlanden Root CA - G2
LuxTrust Global Root 2

Electron found this issue via electron/electron#24123 - which we solved by doing this same update. This also allows us to remove a patch.

cc @nodejs/crypto

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
commit message follows commit guidelines

This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21. [0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt crypto: update root certificates Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl. Certificates added: - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 - e-Szigno Root CA 2017 - certSIGN Root CA G2 Certificates removed: - Verisign Class 3 Public Primary Certification Authority - G3 - AddTrust External Root - Staat der Nederlanden Root CA - G2 - LuxTrust Global Root 2

nodejs-github-bot · 2020-10-07T19:22:52Z

CI: https://ci.nodejs.org/job/node-test-pull-request/33464/

Trott

Rubber-stamp LGTM

This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21. [0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt crypto: update root certificates Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl. Certificates added: - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 - e-Szigno Root CA 2017 - certSIGN Root CA G2 Certificates removed: - Verisign Class 3 Public Primary Certification Authority - G3 - AddTrust External Root - Staat der Nederlanden Root CA - G2 - LuxTrust Global Root 2 PR-URL: #35546 Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: James M Snell <jasnell@gmail.com>

gengjiawen · 2020-10-13T01:37:24Z

Landed in 44a66ad

This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21. [0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt crypto: update root certificates Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl. Certificates added: - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 - e-Szigno Root CA 2017 - certSIGN Root CA G2 Certificates removed: - Verisign Class 3 Public Primary Certification Authority - G3 - AddTrust External Root - Staat der Nederlanden Root CA - G2 - LuxTrust Global Root 2 PR-URL: #35546 Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Notable changes: crypto: * update certdata to NSS 3.56 (Shelley Vohr) #35546 doc: * add aduh95 to collaborators (Antoine du Hamel) #35542 fs: * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494 http: * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274 src: * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512 PR-URL: TODO

Notable changes: crypto: * update certdata to NSS 3.56 (Shelley Vohr) #35546 doc: * add aduh95 to collaborators (Antoine du Hamel) #35542 fs: * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494 http: * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274 src: * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512 PR-URL: #35648

nodejs/node#35546

* chore: bump node in DEPS to v14.14.0 * Remove upstreamed certs patch nodejs/node#35546 * Remove V8 Isolate callbacks patch nodejs/node#35512 * Update patch indices * Update Node.js filenames Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>

This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21. [0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt crypto: update root certificates Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl. Certificates added: - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 - e-Szigno Root CA 2017 - certSIGN Root CA G2 Certificates removed: - Verisign Class 3 Public Primary Certification Authority - G3 - AddTrust External Root - Staat der Nederlanden Root CA - G2 - LuxTrust Global Root 2 PR-URL: #35546 Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Notable changes: crypto: * update certdata to NSS 3.56 (Shelley Vohr) #35546 deps: * update llhttp to 2.1.3 (Fedor Indutny) #35435 * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333 doc: * add aduh95 to collaborators (Antoine du Hamel) #35542 fs: * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134 http: * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278 module: * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718 * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249 n-api: * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214 src: * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470 * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472 * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512 PR-URL: TODO

h1z1 · 2020-11-11T06:42:51Z

Why does node need to ship it's own compiled in certs to begin with?

Notable changes: crypto: * update certdata to NSS 3.56 (Shelley Vohr) nodejs/node#35546 doc: * add aduh95 to collaborators (Antoine du Hamel) nodejs/node#35542 fs: * (SEMVER-MINOR) add rm method (Ian Sutherland) nodejs/node#35494 http: * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) nodejs/node#35274 src: * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) nodejs/node#35512 PR-URL: nodejs/node#35648

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. labels Oct 7, 2020

codebytere added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 7, 2020

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 7, 2020

gengjiawen added the notable-change PRs with changes that should be highlighted in changelogs. label Oct 8, 2020

gengjiawen approved these changes Oct 8, 2020

View reviewed changes

Trott approved these changes Oct 8, 2020

View reviewed changes

evanlucas approved these changes Oct 12, 2020

View reviewed changes

jasnell approved these changes Oct 13, 2020

View reviewed changes

gengjiawen closed this Oct 13, 2020

codebytere deleted the update-cert-data branch October 13, 2020 01:38

MylesBorins mentioned this pull request Oct 14, 2020

v14.14.0 proposal #35648

Merged

codebytere added a commit to electron/electron that referenced this pull request Oct 16, 2020

Remove upstreamed certs patch

863aa8d

nodejs/node#35546

codebytere added a commit to electron/electron that referenced this pull request Oct 19, 2020

Remove upstreamed certs patch

28c9ff6

nodejs/node#35546

MylesBorins mentioned this pull request Nov 3, 2020

v12.20.0 proposal #35950

Merged

This was referenced Jul 11, 2021

chore(deps): update node.js to >=v12.22.3 kufu/smarthr-ui#1741

Closed

chore(deps): update node.js -> >=v12.22.12 - engines brodycj/react-native-module-init#125

Open

gary-kim-bot mentioned this pull request Aug 2, 2021

chore(deps): update node.js to >=v12.22.4 gary-kim/nc-build-script#63

Open

1 task

renovate bot mentioned this pull request Aug 3, 2021

Update Node.js to >=v12.22.4 Pytal/deploy-env#89

Merged

1 task

This was referenced Aug 11, 2021

Update Node.js to v12.22.5 SirReiva/backend-mongo-express-jwt#48

Closed

Update Node.js to v12.22.12 shaimael-ws-java-demo/mariadb#41

Open

richardlau mentioned this pull request Oct 2, 2021

Update root certs to NSS 3.71 #40280

Closed

isysd-mirror mentioned this pull request Dec 22, 2021

AppImage doesn't start on linux due to NSS cert error Superalgos/Superalgos#3211

Closed

richardlau mentioned this pull request Apr 6, 2023

tools: add root certificate update script #47425

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto: update certdata to NSS 3.56 #35546

crypto: update certdata to NSS 3.56 #35546

codebytere commented Oct 7, 2020 •

edited

Loading

nodejs-github-bot commented Oct 7, 2020

Trott left a comment

gengjiawen commented Oct 13, 2020

h1z1 commented Nov 11, 2020

crypto: update certdata to NSS 3.56 #35546

crypto: update certdata to NSS 3.56 #35546

Conversation

codebytere commented Oct 7, 2020 • edited Loading

Checklist

nodejs-github-bot commented Oct 7, 2020

Trott left a comment

Choose a reason for hiding this comment

gengjiawen commented Oct 13, 2020

h1z1 commented Nov 11, 2020

codebytere commented Oct 7, 2020 •

edited

Loading