diff options
author | kaie%kuix.de <devnull@localhost> | 2012-02-18 21:41:46 +0000 |
---|---|---|
committer | kaie%kuix.de <devnull@localhost> | 2012-02-18 21:41:46 +0000 |
commit | 852fa18e26a272e2ed50174e7319eb612b4c90e3 (patch) | |
tree | 93ce5911647dcd8bb634077eaa41776d4e47f4c7 | |
parent | f05cf8b24a05d75e7eed9537bd1bc5a40b40ce0b (diff) | |
download | nss-hg-852fa18e26a272e2ed50174e7319eb612b4c90e3.tar.gz |
Related to bug 724929, Make sure the offending trustwave intermediates are not trusted in mozilla, patch produced and reviewed by rrelyea, wtc, kaie
-rw-r--r-- | security/nss/lib/ckfw/builtins/certdata.c | 64 | ||||
-rw-r--r-- | security/nss/lib/ckfw/builtins/certdata.txt | 62 | ||||
-rw-r--r-- | security/nss/lib/ckfw/builtins/nssckbi.h | 4 |
3 files changed, 125 insertions, 5 deletions
diff --git a/security/nss/lib/ckfw/builtins/certdata.c b/security/nss/lib/ckfw/builtins/certdata.c index 38e288de5..51bb86b97 100644 --- a/security/nss/lib/ckfw/builtins/certdata.c +++ b/security/nss/lib/ckfw/builtins/certdata.c @@ -1075,6 +1075,12 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_338 [] = { static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED }; +static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED +}; +static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED +}; #ifdef DEBUG static const NSSItem nss_builtins_items_0 [] = { { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, @@ -22713,6 +22719,56 @@ static const NSSItem nss_builtins_items_339 [] = { { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; +static const NSSItem nss_builtins_items_340 [] = { + { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"MITM subCA 1 issued by Trustwave", (PRUint32)33 }, + { (void *)"\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123" +"\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156" +"\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150" +"\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030" +"\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156" +"\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004" +"\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147" +"\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156" +"\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060" +"\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141" +"\100\164\162\165\163\164\167\141\166\145\056\143\157\155" +, (PRUint32)174 }, + { (void *)"\002\004\153\111\322\005" +, (PRUint32)6 }, + { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; +static const NSSItem nss_builtins_items_341 [] = { + { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"MITM subCA 2 issued by Trustwave", (PRUint32)33 }, + { (void *)"\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123" +"\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156" +"\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150" +"\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030" +"\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156" +"\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004" +"\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147" +"\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156" +"\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060" +"\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141" +"\100\164\162\165\163\164\167\141\166\145\056\143\157\155" +, (PRUint32)174 }, + { (void *)"\002\004\153\111\322\006" +, (PRUint32)6 }, + { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; builtinsInternalObject nss_builtins_data[] = { @@ -23057,11 +23113,13 @@ nss_builtins_data[] = { { 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} }, { 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} }, { 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} }, - { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} } + { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }, + { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} }, + { 11, nss_builtins_types_341, nss_builtins_items_341, {NULL} } }; const PRUint32 #ifdef DEBUG - nss_builtins_nObjects = 339+1; + nss_builtins_nObjects = 341+1; #else - nss_builtins_nObjects = 339; + nss_builtins_nObjects = 341; #endif /* DEBUG */ diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt index 729df658e..a4dff270c 100644 --- a/security/nss/lib/ckfw/builtins/certdata.txt +++ b/security/nss/lib/ckfw/builtins/certdata.txt @@ -23413,3 +23413,65 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# Explicitly Distrust "MITM subCA 1 issued by Trustwave", Bug 724929 +# Issuer: E=ca@trustwave.com,CN="Trustwave Organization Issuing CA, Level 2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US +# Serial Number: 1800000005 (0x6b49d205) +# Not Before: Apr 7 15:37:15 2011 GMT +# Not After : Apr 4 15:37:15 2021 GMT +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "MITM subCA 1 issued by Trustwave" +CKA_ISSUER MULTILINE_OCTAL +\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156 +\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150 +\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030 +\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156 +\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004 +\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147 +\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156 +\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060 +\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141 +\100\164\162\165\163\164\167\141\166\145\056\143\157\155 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\004\153\111\322\005 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# Explicitly Distrust "MITM subCA 2 issued by Trustwave", Bug 724929 +# Issuer: E=ca@trustwave.com,CN="Trustwave Organization Issuing CA, Level 2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US +# Serial Number: 1800000006 (0x6b49d206) +# Not Before: Apr 18 21:09:30 2011 GMT +# Not After : Apr 15 21:09:30 2021 GMT +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "MITM subCA 2 issued by Trustwave" +CKA_ISSUER MULTILINE_OCTAL +\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156 +\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150 +\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030 +\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156 +\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004 +\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147 +\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156 +\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060 +\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141 +\100\164\162\165\163\164\167\141\166\145\056\143\157\155 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\004\153\111\322\006 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index 997f8f32d..fb86a76ef 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -77,8 +77,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 89 -#define NSS_BUILTINS_LIBRARY_VERSION "1.89" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 90 +#define NSS_BUILTINS_LIBRARY_VERSION "1.90" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 |