Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: update certdata to NSS 3.56 #35546

Closed
wants to merge 1 commit into from

Conversation

codebytere
Copy link
Member

@codebytere codebytere commented Oct 7, 2020

This PR updates the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl

This is the certdata.txt from NSS 3.56, released on 2020-08-21 - https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

Certificates added:

  • Microsoft ECC Root Certificate Authority 2017
  • Microsoft RSA Root Certificate Authority 2017
  • e-Szigno Root CA 2017
  • certSIGN Root CA G2

Certificates removed:

  • Verisign Class 3 Public Primary Certification Authority - G3
  • AddTrust External Root
  • Staat der Nederlanden Root CA - G2
  • LuxTrust Global Root 2

Electron found this issue via electron/electron#24123 - which we solved by doing this same update. This also allows us to remove a patch.

cc @nodejs/crypto

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. labels Oct 7, 2020
@codebytere codebytere added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 7, 2020
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 7, 2020
@nodejs-github-bot
Copy link
Collaborator

@gengjiawen gengjiawen added the notable-change PRs with changes that should be highlighted in changelogs. label Oct 8, 2020
Copy link
Member

@Trott Trott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber-stamp LGTM

gengjiawen pushed a commit that referenced this pull request Oct 13, 2020
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2

PR-URL: #35546
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@gengjiawen
Copy link
Member

Landed in 44a66ad

@gengjiawen gengjiawen closed this Oct 13, 2020
@codebytere codebytere deleted the update-cert-data branch October 13, 2020 01:38
MylesBorins pushed a commit that referenced this pull request Oct 14, 2020
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2

PR-URL: #35546
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins added a commit that referenced this pull request Oct 14, 2020
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
@MylesBorins MylesBorins mentioned this pull request Oct 14, 2020
MylesBorins added a commit that referenced this pull request Oct 15, 2020
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
MylesBorins added a commit that referenced this pull request Oct 15, 2020
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: #35648
MylesBorins added a commit that referenced this pull request Oct 16, 2020
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: #35648
codebytere added a commit to electron/electron that referenced this pull request Oct 16, 2020
codebytere added a commit to electron/electron that referenced this pull request Oct 19, 2020
codebytere added a commit to electron/electron that referenced this pull request Oct 19, 2020
* chore: bump node in DEPS to v14.14.0

* Remove upstreamed certs patch

nodejs/node#35546

* Remove V8 Isolate callbacks patch

nodejs/node#35512

* Update patch indices

* Update Node.js filenames

Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
MylesBorins pushed a commit that referenced this pull request Nov 3, 2020
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2

PR-URL: #35546
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins added a commit that referenced this pull request Nov 3, 2020
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) #35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
@MylesBorins MylesBorins mentioned this pull request Nov 3, 2020
MylesBorins added a commit that referenced this pull request Nov 4, 2020
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) #35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
@h1z1
Copy link

h1z1 commented Nov 11, 2020

Why does node need to ship it's own compiled in certs to begin with?

ryanhc pushed a commit to Samsung/lwnode that referenced this pull request Jun 29, 2022
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) nodejs/node#35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) nodejs/node#35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) nodejs/node#35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) nodejs/node#35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) nodejs/node#35512

PR-URL: nodejs/node#35648
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. notable-change PRs with changes that should be highlighted in changelogs.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants