Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: update root certificates #7363

Merged
merged 4 commits into from
Jun 23, 2016

Conversation

bnoordhuis
Copy link
Member

@bnoordhuis bnoordhuis commented Jun 22, 2016

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:

  • Certum Trusted Network CA 2
  • SZAFIR ROOT CA2

Certificates removed:

  • CA Disig
  • NetLock Notary (Class A) Root
  • Staat der Nederlanden Root CA

Note: added/removed will be different across branches.

R=@nodejs/crypto
CI: https://ci.nodejs.org/job/node-test-pull-request/3049/

@bnoordhuis bnoordhuis added tls Issues and PRs related to the tls subsystem. crypto Issues and PRs related to the crypto subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. lts-watch-v4.x lib / src Issues and PRs related to general changes in the lib or src directory. labels Jun 22, 2016
@jasnell
Copy link
Member

jasnell commented Jun 22, 2016

LGTM

@shigeki
Copy link
Contributor

shigeki commented Jun 22, 2016

I made make test-internet and found that test/internet/test-tls-connnect-cnnic.js sometimes leads an error with the message of "unable to verify the first certificate". This is because some of servers of www1.cnnnic.cn seems to be misconfigured so as not to send its intermediate certs. We cannot avoid its error now and I'm not sure if there are other valid and robust web sites of cnnic that we can make tests.

@bnoordhuis Could you add one more commit to remove the test of test/internet/test-tls-connnect-cnnic.js?
I think we need not to have it because the CNNNIC White list of src/CNNICHashWhitelist.inc are not changed for long time in firefox as https://hg.mozilla.org/mozilla-central/log/tip/security/certverifier/CNNICHashWhitelist.inc . Chrome is pruning the list of expired certs as https://chromium.googlesource.com/chromium/src.git/+log/master/net/cert/cert_verify_proc_whitelist.cc but I think we need to not to do it as long as its size does not cause issues.

Other tests of make test-internet are fine.

The current certdata.txt in nightly of Firefox50 has already been updated. It will be scheduled in this November when Firefox50 becomes a stable release

@shigeki
Copy link
Contributor

shigeki commented Jun 22, 2016

If it is better to open a new PR to remove the test, I'm okay with it.

@indutny
Copy link
Member

indutny commented Jun 22, 2016

Rubber-stamp LGTM.

@thefourtheye
Copy link
Contributor

thefourtheye commented Jun 23, 2016

Do we have regressions to make sure that the certificate updates don't break?

Edit: nvm. internet tests. LGTM.

This is the certdata.txt[0] that ships in Firefox 47 and NSS 3.23, last
updated on 2016-02-26.

[0] https://hg.mozilla.org/mozilla-central/raw-file/1f84dea6508d/security/nss/lib/ckfw/builtins/certdata.txt

PR-URL: nodejs#7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Commit eff96d3 ("src: add include guards to internal headers") adds
include guards.  Update tools/mk-ca-bundle.pl to output them when
generating src/node_root_certs.h.

PR-URL: nodejs#7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Certum Trusted Network CA 2
- SZAFIR ROOT CA2

Certificates removed:
- CA Disig
- NetLock Notary (Class A) Root
- Staat der Nederlanden Root CA

PR-URL: nodejs#7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Shigeki Ohtsu points out that the test is unreliable because some of
the www1.cnnnic.cn servers are misconfigured.  Remove it.

PR-URL: nodejs#7363
Refs: nodejs#7363 (comment)
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
@bnoordhuis bnoordhuis closed this Jun 23, 2016
@bnoordhuis bnoordhuis deleted the update-root-certs branch June 23, 2016 07:31
@bnoordhuis bnoordhuis merged commit ede98a7 into nodejs:master Jun 23, 2016
@bnoordhuis
Copy link
Member Author

I've removed the test in ede98a7.

The current certdata.txt in nightly of Firefox50 has already been updated. It will be scheduled in this November when Firefox50 becomes a stable release

Yes, I've seen that but I thought it prudent to update to root certificates that are currently shipping in stable FF.

If you want, we can revisit. We could follow latest stable NSS rather than latest stable FF, for example.

@shigeki
Copy link
Contributor

shigeki commented Jun 23, 2016

@bnoordhuis Thanks for adding the commits. I agree your decision to use the one in the stable Firefox. We will mark the next update schedule in this November.

Fishrock123 pushed a commit that referenced this pull request Jun 27, 2016
This is the certdata.txt[0] that ships in Firefox 47 and NSS 3.23, last
updated on 2016-02-26.

[0] https://hg.mozilla.org/mozilla-central/raw-file/1f84dea6508d/security/nss/lib/ckfw/builtins/certdata.txt

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Fishrock123 pushed a commit that referenced this pull request Jun 27, 2016
Commit eff96d3 ("src: add include guards to internal headers") adds
include guards.  Update tools/mk-ca-bundle.pl to output them when
generating src/node_root_certs.h.

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Fishrock123 pushed a commit that referenced this pull request Jun 27, 2016
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Certum Trusted Network CA 2
- SZAFIR ROOT CA2

Certificates removed:
- CA Disig
- NetLock Notary (Class A) Root
- Staat der Nederlanden Root CA

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Fishrock123 pushed a commit that referenced this pull request Jun 27, 2016
Shigeki Ohtsu points out that the test is unreliable because some of
the www1.cnnnic.cn servers are misconfigured.  Remove it.

PR-URL: #7363
Refs: #7363 (comment)
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
@Fishrock123 Fishrock123 mentioned this pull request Jun 27, 2016
bnoordhuis added a commit to bnoordhuis/io.js that referenced this pull request Jul 11, 2016
Shigeki Ohtsu points out that the test is unreliable because some of
the www1.cnnnic.cn servers are misconfigured.  Remove it.

PR-URL: nodejs#7363
Refs: nodejs#7363 (comment)
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
@bnoordhuis
Copy link
Member Author

#7662

MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
This is the certdata.txt[0] that ships in Firefox 47 and NSS 3.23, last
updated on 2016-02-26.

[0] https://hg.mozilla.org/mozilla-central/raw-file/1f84dea6508d/security/nss/lib/ckfw/builtins/certdata.txt

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- CA WoSign ECC Root
- Certification Authority of WoSign G2
- Certinomis - Root CA
- Certum Trusted Network CA 2
- OISTE WISeKey Global Root GB CA
- SZAFIR ROOT CA2
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H5
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H6

Certificates removed:
- A-Trust-nual-03
- Buypass Class 3 CA 1
- CA Disig
- ComSign Secured CA
- Equifax Secure CA
- NetLock Notary (Class A) Root
- Staat der Nederlanden Root CA
- TC TrustCenter Class 2 CA II
- TC TrustCenter Universal CA I
- TURKTRUST Certificate Services Provider Root 1
- TURKTRUST Certificate Services Provider Root 2
- UTN DATACorp SGC Root CA
- Verisign Class 4 Public Primary Certification Authority - G3

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Shigeki Ohtsu points out that the test is unreliable because some of
the www1.cnnnic.cn servers are misconfigured.  Remove it.

PR-URL: #7363
Refs: #7363 (comment)
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
This is the certdata.txt[0] that ships in Firefox 47 and NSS 3.23, last
updated on 2016-02-26.

[0] https://hg.mozilla.org/mozilla-central/raw-file/1f84dea6508d/security/nss/lib/ckfw/builtins/certdata.txt

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- CA WoSign ECC Root
- Certification Authority of WoSign G2
- Certinomis - Root CA
- Certum Trusted Network CA 2
- OISTE WISeKey Global Root GB CA
- SZAFIR ROOT CA2
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H5
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H6

Certificates removed:
- A-Trust-nual-03
- Buypass Class 3 CA 1
- CA Disig
- ComSign Secured CA
- Equifax Secure CA
- NetLock Notary (Class A) Root
- Staat der Nederlanden Root CA
- TC TrustCenter Class 2 CA II
- TC TrustCenter Universal CA I
- TURKTRUST Certificate Services Provider Root 1
- TURKTRUST Certificate Services Provider Root 2
- UTN DATACorp SGC Root CA
- Verisign Class 4 Public Primary Certification Authority - G3

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Shigeki Ohtsu points out that the test is unreliable because some of
the www1.cnnnic.cn servers are misconfigured.  Remove it.

PR-URL: #7363
Refs: #7363 (comment)
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
This is the certdata.txt[0] that ships in Firefox 47 and NSS 3.23, last
updated on 2016-02-26.

[0] https://hg.mozilla.org/mozilla-central/raw-file/1f84dea6508d/security/nss/lib/ckfw/builtins/certdata.txt

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- CA WoSign ECC Root
- Certification Authority of WoSign G2
- Certinomis - Root CA
- Certum Trusted Network CA 2
- OISTE WISeKey Global Root GB CA
- SZAFIR ROOT CA2
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H5
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H6

Certificates removed:
- A-Trust-nual-03
- Buypass Class 3 CA 1
- CA Disig
- ComSign Secured CA
- Equifax Secure CA
- NetLock Notary (Class A) Root
- Staat der Nederlanden Root CA
- TC TrustCenter Class 2 CA II
- TC TrustCenter Universal CA I
- TURKTRUST Certificate Services Provider Root 1
- TURKTRUST Certificate Services Provider Root 2
- UTN DATACorp SGC Root CA
- Verisign Class 4 Public Primary Certification Authority - G3

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Shigeki Ohtsu points out that the test is unreliable because some of
the www1.cnnnic.cn servers are misconfigured.  Remove it.

PR-URL: #7363
Refs: #7363 (comment)
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
This is the certdata.txt[0] that ships in Firefox 47 and NSS 3.23, last
updated on 2016-02-26.

[0] https://hg.mozilla.org/mozilla-central/raw-file/1f84dea6508d/security/nss/lib/ckfw/builtins/certdata.txt

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- CA WoSign ECC Root
- Certification Authority of WoSign G2
- Certinomis - Root CA
- Certum Trusted Network CA 2
- OISTE WISeKey Global Root GB CA
- SZAFIR ROOT CA2
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H5
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H6

Certificates removed:
- A-Trust-nual-03
- Buypass Class 3 CA 1
- CA Disig
- ComSign Secured CA
- Equifax Secure CA
- NetLock Notary (Class A) Root
- Staat der Nederlanden Root CA
- TC TrustCenter Class 2 CA II
- TC TrustCenter Universal CA I
- TURKTRUST Certificate Services Provider Root 1
- TURKTRUST Certificate Services Provider Root 2
- UTN DATACorp SGC Root CA
- Verisign Class 4 Public Primary Certification Authority - G3

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Shigeki Ohtsu points out that the test is unreliable because some of
the www1.cnnnic.cn servers are misconfigured.  Remove it.

PR-URL: #7363
Refs: #7363 (comment)
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
This is the certdata.txt[0] that ships in Firefox 47 and NSS 3.23, last
updated on 2016-02-26.

[0] https://hg.mozilla.org/mozilla-central/raw-file/1f84dea6508d/security/nss/lib/ckfw/builtins/certdata.txt

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- CA WoSign ECC Root
- Certification Authority of WoSign G2
- Certinomis - Root CA
- Certum Trusted Network CA 2
- OISTE WISeKey Global Root GB CA
- SZAFIR ROOT CA2
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H5
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H6

Certificates removed:
- A-Trust-nual-03
- Buypass Class 3 CA 1
- CA Disig
- ComSign Secured CA
- Equifax Secure CA
- NetLock Notary (Class A) Root
- Staat der Nederlanden Root CA
- TC TrustCenter Class 2 CA II
- TC TrustCenter Universal CA I
- TURKTRUST Certificate Services Provider Root 1
- TURKTRUST Certificate Services Provider Root 2
- UTN DATACorp SGC Root CA
- Verisign Class 4 Public Primary Certification Authority - G3

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Shigeki Ohtsu points out that the test is unreliable because some of
the www1.cnnnic.cn servers are misconfigured.  Remove it.

PR-URL: #7363
Refs: #7363 (comment)
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
@MylesBorins MylesBorins mentioned this pull request Jul 12, 2016
MylesBorins pushed a commit that referenced this pull request Jul 14, 2016
This is the certdata.txt[0] that ships in Firefox 47 and NSS 3.23, last
updated on 2016-02-26.

[0] https://hg.mozilla.org/mozilla-central/raw-file/1f84dea6508d/security/nss/lib/ckfw/builtins/certdata.txt

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 14, 2016
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- CA WoSign ECC Root
- Certification Authority of WoSign G2
- Certinomis - Root CA
- Certum Trusted Network CA 2
- OISTE WISeKey Global Root GB CA
- SZAFIR ROOT CA2
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H5
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H6

Certificates removed:
- A-Trust-nual-03
- Buypass Class 3 CA 1
- CA Disig
- ComSign Secured CA
- Equifax Secure CA
- NetLock Notary (Class A) Root
- Staat der Nederlanden Root CA
- TC TrustCenter Class 2 CA II
- TC TrustCenter Universal CA I
- TURKTRUST Certificate Services Provider Root 1
- TURKTRUST Certificate Services Provider Root 2
- UTN DATACorp SGC Root CA
- Verisign Class 4 Public Primary Certification Authority - G3

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 14, 2016
Shigeki Ohtsu points out that the test is unreliable because some of
the www1.cnnnic.cn servers are misconfigured.  Remove it.

PR-URL: #7363
Refs: #7363 (comment)
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 14, 2016
This is the certdata.txt[0] that ships in Firefox 47 and NSS 3.23, last
updated on 2016-02-26.

[0] https://hg.mozilla.org/mozilla-central/raw-file/1f84dea6508d/security/nss/lib/ckfw/builtins/certdata.txt

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 14, 2016
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- CA WoSign ECC Root
- Certification Authority of WoSign G2
- Certinomis - Root CA
- Certum Trusted Network CA 2
- OISTE WISeKey Global Root GB CA
- SZAFIR ROOT CA2
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H5
- TURKTRUST Elektronik Sertifika Hizmet Sa?layıcısı H6

Certificates removed:
- A-Trust-nual-03
- Buypass Class 3 CA 1
- CA Disig
- ComSign Secured CA
- Equifax Secure CA
- NetLock Notary (Class A) Root
- Staat der Nederlanden Root CA
- TC TrustCenter Class 2 CA II
- TC TrustCenter Universal CA I
- TURKTRUST Certificate Services Provider Root 1
- TURKTRUST Certificate Services Provider Root 2
- UTN DATACorp SGC Root CA
- Verisign Class 4 Public Primary Certification Authority - G3

PR-URL: #7363
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 14, 2016
Shigeki Ohtsu points out that the test is unreliable because some of
the www1.cnnnic.cn servers are misconfigured.  Remove it.

PR-URL: #7363
Refs: #7363 (comment)
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
MylesBorins pushed a commit that referenced this pull request Aug 15, 2016
Notable Changes:

Semver Minor:

* buffer:
 * backport new buffer constructor APIs to v4.x
   (Сковорода Никита Андреевич)
   #7562
 * backport --zero-fill-buffers cli option (James M Snell)
   #5745
* build:
  * add Intel Vtune profiling support (Chunyang Dai)
    #5527
* repl:
  * copying tabs shouldn't trigger completion (Eugene Obrezkov)
    #5958
* src:
  * add node::FreeEnvironment public API (Cheng Zhao)
    #3098
* test:
  * run v8 tests from node tree (Bryon Leung)
    #4704
* V8:
  * Add post mortem data to improve object inspection and function's
    context variables inspection (Fedor Indutny)
    #3779

Semver Patch:

* **buffer**:
  * ignore negative allocation lengths (Anna Henningsen)
    #7562
* **crypto**:
  * update root certificates (Ben Noordhuis)
    #7363
* **libuv**:
  * upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé)
    #6796
  * upgrade libuv to 1.9.0 (Saúl Ibarra Corretgé)
    #5994
* **npm**:
  * upgrade to 2.15.9 (Kat Marchán)
    #7692
MylesBorins pushed a commit that referenced this pull request Aug 16, 2016
Notable Changes:

Semver Minor:

* buffer:
 * backport new buffer constructor APIs to v4.x
   (Сковорода Никита Андреевич)
   #7562
 * backport --zero-fill-buffers cli option (James M Snell)
   #5745
* build:
  * add Intel Vtune profiling support (Chunyang Dai)
    #5527
* repl:
  * copying tabs shouldn't trigger completion (Eugene Obrezkov)
    #5958
* src:
  * add node::FreeEnvironment public API (Cheng Zhao)
    #3098
* test:
  * run v8 tests from node tree (Bryon Leung)
    #4704
* V8:
  * Add post mortem data to improve object inspection and function's
    context variables inspection (Fedor Indutny)
    #3779

Semver Patch:

* **buffer**:
  * ignore negative allocation lengths (Anna Henningsen)
    #7562
* **crypto**:
  * update root certificates (Ben Noordhuis)
    #7363
* **libuv**:
  * upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé)
    #6796
  * upgrade libuv to 1.9.0 (Saúl Ibarra Corretgé)
    #5994
* **npm**:
  * upgrade to 2.15.9 (Kat Marchán)
    #7692
MylesBorins pushed a commit that referenced this pull request Aug 16, 2016
Notable Changes:

Semver Minor:

* buffer:
 * backport new buffer constructor APIs to v4.x
   (Сковорода Никита Андреевич)
   #7562
 * backport --zero-fill-buffers cli option (James M Snell)
   #5745
* build:
  * add Intel Vtune profiling support (Chunyang Dai)
    #5527
* repl:
  * copying tabs shouldn't trigger completion (Eugene Obrezkov)
    #5958
* src:
  * add node::FreeEnvironment public API (Cheng Zhao)
    #3098
* test:
  * run v8 tests from node tree (Bryon Leung)
    #4704
* V8:
  * Add post mortem data to improve object inspection and function's
    context variables inspection (Fedor Indutny)
    #3779

Semver Patch:

* **buffer**:
  * ignore negative allocation lengths (Anna Henningsen)
    #7562
* **crypto**:
  * update root certificates (Ben Noordhuis)
    #7363
* **libuv**:
  * upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé)
    #6796
  * upgrade libuv to 1.9.0 (Saúl Ibarra Corretgé)
    #5994
* **npm**:
  * upgrade to 2.15.9 (Kat Marchán)
    #7692
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. lib / src Issues and PRs related to general changes in the lib or src directory. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants