Skip to content

/ node

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: update certdata to NSS 3.56 #35546

Closed
wants to merge 1 commit into from
Closed

crypto: update certdata to NSS 3.56 #35546

wants to merge 1 commit into from
+788 −1,422

Conversation

@codebytere
Copy link
Member

@codebytere codebytere commented Oct 7, 2020
edited

This PR updates the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl

This is the certdata.txt from NSS 3.56, released on 2020-08-21 - https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

Certificates added:

  • Microsoft ECC Root Certificate Authority 2017
  • Microsoft RSA Root Certificate Authority 2017
  • e-Szigno Root CA 2017
  • certSIGN Root CA G2

Certificates removed:

  • Verisign Class 3 Public Primary Certification Authority - G3
  • AddTrust External Root
  • Staat der Nederlanden Root CA - G2
  • LuxTrust Global Root 2

Electron found this issue via electron/electron#24123 - which we solved by doing this same update. This also allows us to remove a patch.

cc @nodejs/crypto

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines
@codebytere
crypto: update certdata to NSS 3.56
Verified
This commit was signed with a verified signature.
codebytere Shelley Vohr
GPG key ID: F13993A75599653C Learn about signing commits
Loading status checks…
a8391ef 
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2
@github-actions github-actions bot removed the request-ci label Oct 7, 2020
@nodejs-github-bot
Copy link

@nodejs-github-bot nodejs-github-bot commented Oct 7, 2020

CI: https://ci.nodejs.org/job/node-test-pull-request/33464/
@gengjiawen
gengjiawen approved these changes Oct 8, 2020
View changes
@Trott
Trott approved these changes Oct 8, 2020
View changes
Copy link
Member

@Trott Trott left a comment

Rubber-stamp LGTM
@evanlucas
evanlucas approved these changes Oct 12, 2020
View changes
@jasnell
jasnell approved these changes Oct 13, 2020
View changes
gengjiawen added a commit that referenced this pull request Oct 13, 2020
@codebytere @gengjiawen
crypto: update certdata to NSS 3.56
Loading status checks…
44a66ad 
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2

PR-URL: #35546
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@gengjiawen
Copy link
Member

@gengjiawen gengjiawen commented Oct 13, 2020

Landed in 44a66ad
@gengjiawen gengjiawen closed this Oct 13, 2020
@codebytere codebytere deleted the codebytere:update-cert-data branch Oct 13, 2020
MylesBorins added a commit that referenced this pull request Oct 14, 2020
@codebytere @MylesBorins
crypto: update certdata to NSS 3.56
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
7e7afc5 
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2

PR-URL: #35546
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins added a commit that referenced this pull request Oct 14, 2020
@MylesBorins
2020-10-15, Version 14.14.0 (Current)
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
Loading status checks…
6112962 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
@MylesBorins MylesBorins mentioned this pull request Oct 14, 2020
Merged
MylesBorins added a commit that referenced this pull request Oct 15, 2020
@MylesBorins
2020-10-15, Version 14.14.0 (Current)
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
Loading status checks…
0ea4bd2 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
MylesBorins added a commit that referenced this pull request Oct 15, 2020
@MylesBorins
2020-10-15, Version 14.14.0 (Current)
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
Loading status checks…
354b6a9 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: #35648
MylesBorins added a commit that referenced this pull request Oct 16, 2020
@MylesBorins
2020-10-15, Version 14.14.0 (Current)
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
Loading status checks…
59d578e 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) #35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) #35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: #35648
codebytere added a commit to electron/electron that referenced this pull request Oct 16, 2020
@codebytere
Remove upstreamed certs patch
Verified
This commit was signed with a verified signature.
codebytere Shelley Vohr
GPG key ID: F13993A75599653C Learn about signing commits
863aa8d 
nodejs/node#35546
codebytere added a commit to electron/electron that referenced this pull request Oct 19, 2020
@codebytere
Remove upstreamed certs patch
Verified
This commit was signed with a verified signature.
codebytere Shelley Vohr
GPG key ID: F13993A75599653C Learn about signing commits
28c9ff6 
nodejs/node#35546
codebytere added a commit to electron/electron that referenced this pull request Oct 19, 2020
@electron-bot @codebytere
chore: bump node to v14.14.0 (master) (#25994)
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
e895353 
* chore: bump node in DEPS to v14.14.0

* Remove upstreamed certs patch

nodejs/node#35546

* Remove V8 Isolate callbacks patch

nodejs/node#35512

* Update patch indices

* Update Node.js filenames

Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
MylesBorins added a commit that referenced this pull request Nov 3, 2020
@codebytere @MylesBorins
crypto: update certdata to NSS 3.56
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
ba1e561 
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2

PR-URL: #35546
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins added a commit that referenced this pull request Nov 3, 2020
@MylesBorins
2020-11-24, Version 12.20.0 'Erbium' (LTS)
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
Loading status checks…
8227fbc 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) #35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
@MylesBorins MylesBorins mentioned this pull request Nov 3, 2020
Merged
MylesBorins added a commit that referenced this pull request Nov 4, 2020
@MylesBorins
2020-11-24, Version 12.20.0 'Erbium' (LTS)
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
Loading status checks…
21e1b62 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) #35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
@h1z1
Copy link

@h1z1 h1z1 commented Nov 11, 2020

Why does node need to ship it's own compiled in certs to begin with?
MylesBorins added a commit that referenced this pull request Nov 16, 2020
@MylesBorins
2020-11-24, Version 12.20.0 'Erbium' (LTS)
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
Loading status checks…
288f50a 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) #35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: TODO
MylesBorins added a commit that referenced this pull request Nov 16, 2020
@codebytere @MylesBorins
crypto: update certdata to NSS 3.56
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
42f64eb 
This is the certdata.txt[0] from NSS 3.56, released on 2020-08-21.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_56_RTM/lib/ckfw/builtins/certdata.txt

crypto: update root certificates

Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- e-Szigno Root CA 2017
- certSIGN Root CA G2

Certificates removed:
- Verisign Class 3 Public Primary Certification Authority - G3
- AddTrust External Root
- Staat der Nederlanden Root CA - G2
- LuxTrust Global Root 2

PR-URL: #35546
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins added a commit that referenced this pull request Nov 16, 2020
@MylesBorins
2020-11-24, Version 12.20.0 'Erbium' (LTS)
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
Loading status checks…
d84392f 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) #35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: #35950
MylesBorins added a commit that referenced this pull request Nov 24, 2020
@MylesBorins
2020-11-24, Version 12.20.0 'Erbium' (LTS)
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
Loading status checks…
ed79ace 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) #35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: #35950
MylesBorins added a commit that referenced this pull request Nov 24, 2020
@MylesBorins
2020-11-24, Version 12.20.0 'Erbium' (LTS)
Verified
This commit was signed with a verified signature.
MylesBorins Myles Borins
GPG key ID: 933B01F40B5CA946 Learn about signing commits
Loading status checks…
219332e 
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) #35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) #35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) #35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) #35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) #33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) #33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) #34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) #35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) #35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) #35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) #35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) #35512

PR-URL: #35950
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell

@evanlucas evanlucas

@Trott Trott

@gengjiawen gengjiawen

Assignees
No one assigned
Labels
C++ lib / src notable-change
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

7 participants
@codebytere @nodejs-github-bot @gengjiawen @h1z1 @jasnell @evanlucas @Trott
You can’t perform that action at this time.