Bug 683449 - DigiNotar patch erroneously blocks one of the two Staat der Nederlanden roots; r=kaie
authorEhsan Akhgari <ehsan@mozilla.com>
Wed, 31 Aug 2011 10:11:17 -0400
changeset 76264 e18dcb523b20413c834e782f3d2efe17e1f8b84b
parent 76263 922f27baed983a3ba3eccc466bca203d13f439ba
child 76267 69c025d6d230192ebea521a1d24fbd7b1e4ed9ef
child 76291 1dbda10bbacf7e0bf07196d8f8084cd247745e57
push id3
push userfelipc@gmail.com
push dateFri, 30 Sep 2011 20:09:13 +0000
reviewerskaie
bugs683449
milestone9.0a1
Bug 683449 - DigiNotar patch erroneously blocks one of the two Staat der Nederlanden roots; r=kaie
security/manager/ssl/src/nsNSSCallbacks.cpp
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -1066,18 +1066,20 @@ PSM_SSL_BlacklistDigiNotar(CERTCertifica
            CERT_GetCertTimes(serverCert, &notBefore, &notAfter) != SECSuccess ||
            notBefore >= cutoff) {
           return SEC_ERROR_REVOKED_CERTIFICATE;
         }
       }
     }
 
     // By request of the Dutch government
-    if (!strcmp(node->cert->issuerName,
-                "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") &&
+    if ((!strcmp(node->cert->issuerName,
+                "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") ||
+         !strcmp(node->cert->issuerName,
+                "CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL")) &&
         CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) {
       return 0;
     }
   }
 
   if (isDigiNotarIssuedCert)
     return SEC_ERROR_UNTRUSTED_ISSUER; // user can override this
   else