Bug 1045189 - Include "USERTrust Legacy Secure Server CA" intermediate CA cert (no explicit trust) to ease transition off of roots removed in NSS 3.16.3, r=rrelyea NSS_3_16_3_PLUS_BRANCH
authorKai Engert <kaie@kuix.de>
Tue, 05 Aug 2014 19:23:05 +0200
branchNSS_3_16_3_PLUS_BRANCH
changeset 11218 dbbcf31070004cfee937a3c32e4667a207cee89f
parent 11217 8415f0f743765af7378264d8d31b7f9e0f47c7f5
child 11219 b61fc28515fce399372a7eaf7807656a8b5cd18f
push id452
push userkaie@kuix.de
push dateTue, 05 Aug 2014 17:24:53 +0000
reviewersrrelyea
bugs1045189
Bug 1045189 - Include "USERTrust Legacy Secure Server CA" intermediate CA cert (no explicit trust) to ease transition off of roots removed in NSS 3.16.3, r=rrelyea
lib/ckfw/builtins/certdata.txt
lib/ckfw/builtins/nssckbi.h
--- a/lib/ckfw/builtins/certdata.txt
+++ b/lib/ckfw/builtins/certdata.txt
@@ -29988,8 +29988,166 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\020\120\160\153\315\330\023\374\033\116\073\063\162\322\021
 \110\215
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "USERTrust-temporary-intermediate-after-1024bit-removal"
+#
+# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Serial Number:5d:20:61:8e:8c:0e:b9:34:40:93:b9:b1:d8:63:95:b6
+# Subject: CN=USERTrust Legacy Secure Server CA,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Tue Aug 05 00:00:00 2014
+# Not Valid After : Sun Nov 01 23:59:59 2015
+# Fingerprint (SHA-256): 92:96:6E:83:44:D2:FB:3A:28:0E:B8:60:4D:81:40:77:4C:E1:A0:57:C5:82:BE:BC:83:4D:03:02:E8:59:BC:43
+# Fingerprint (SHA1): 7C:2F:91:E2:BB:96:68:A9:C6:F6:BD:10:19:2C:6B:52:5A:1B:BA:48
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "USERTrust-temporary-intermediate-after-1024bit-removal"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\052\060\050\006\003\125\004\003\023\041
+\125\123\105\122\124\162\165\163\164\040\114\145\147\141\143\171
+\040\123\145\143\165\162\145\040\123\145\162\166\145\162\040\103
+\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
+\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
+\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
+\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
+\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
+\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\135\040\141\216\214\016\271\064\100\223\271\261\330\143
+\225\266
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\231\060\202\003\201\240\003\002\001\002\002\020\135
+\040\141\216\214\016\271\064\100\223\271\261\330\143\225\266\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\157
+\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024\060
+\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163\164
+\040\101\102\061\046\060\044\006\003\125\004\013\023\035\101\144
+\144\124\162\165\163\164\040\105\170\164\145\162\156\141\154\040
+\124\124\120\040\116\145\164\167\157\162\153\061\042\060\040\006
+\003\125\004\003\023\031\101\144\144\124\162\165\163\164\040\105
+\170\164\145\162\156\141\154\040\103\101\040\122\157\157\164\060
+\036\027\015\061\064\060\070\060\065\060\060\060\060\060\060\132
+\027\015\061\065\061\061\060\061\062\063\065\071\065\071\132\060
+\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\052\060\050\006\003\125\004\003\023\041\125
+\123\105\122\124\162\165\163\164\040\114\145\147\141\143\171\040
+\123\145\143\165\162\145\040\123\145\162\166\145\162\040\103\101
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\331\115\040\072\346\051\060\206\362\351\206\211\166\064\116
+\150\037\226\104\367\321\371\326\202\116\246\070\236\356\313\133
+\341\216\056\275\362\127\200\375\311\077\374\220\163\104\274\217
+\273\127\133\345\055\037\024\060\165\066\365\177\274\317\126\364
+\177\201\377\256\221\315\330\322\152\313\227\371\367\315\220\152
+\105\055\304\273\244\205\023\150\127\137\357\051\272\052\312\352
+\365\314\244\004\233\143\315\000\353\375\355\215\335\043\306\173
+\036\127\035\066\177\037\010\232\015\141\333\132\154\161\002\123
+\050\302\372\215\375\253\273\263\361\215\164\113\337\275\275\314
+\006\223\143\011\225\302\020\172\235\045\220\062\235\001\302\071
+\123\260\340\025\153\307\327\164\345\244\042\233\344\224\377\204
+\221\373\055\263\031\103\055\223\017\234\022\011\344\147\271\047
+\172\062\255\172\052\314\101\130\300\156\131\137\356\070\053\027
+\042\234\211\372\156\347\345\127\065\364\132\355\222\225\223\055
+\371\314\044\077\245\034\075\047\275\042\003\163\314\365\312\363
+\251\364\334\376\317\351\320\134\320\017\253\207\374\203\375\310
+\251\002\003\001\000\001\243\202\001\037\060\202\001\033\060\037
+\006\003\125\035\043\004\030\060\026\200\024\255\275\230\172\064
+\264\046\367\372\304\046\124\357\003\275\340\044\313\124\032\060
+\035\006\003\125\035\016\004\026\004\024\257\244\100\257\237\026
+\376\253\061\375\373\325\227\213\365\221\243\044\206\026\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\022
+\006\003\125\035\023\001\001\377\004\010\060\006\001\001\377\002
+\001\000\060\035\006\003\125\035\045\004\026\060\024\006\010\053
+\006\001\005\005\007\003\001\006\010\053\006\001\005\005\007\003
+\002\060\031\006\003\125\035\040\004\022\060\020\060\016\006\014
+\053\006\001\004\001\262\061\001\002\001\003\004\060\104\006\003
+\125\035\037\004\075\060\073\060\071\240\067\240\065\206\063\150
+\164\164\160\072\057\057\143\162\154\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\057\101\144\144\124\162\165\163\164
+\105\170\164\145\162\156\141\154\103\101\122\157\157\164\056\143
+\162\154\060\065\006\010\053\006\001\005\005\007\001\001\004\051
+\060\047\060\045\006\010\053\006\001\005\005\007\060\001\206\031
+\150\164\164\160\072\057\057\157\143\163\160\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\204\256\055
+\150\070\021\154\203\121\142\300\221\302\230\274\306\073\372\245
+\305\275\073\011\346\156\140\157\060\003\206\042\032\262\213\363
+\306\316\036\273\033\171\340\026\024\115\322\232\005\113\377\217
+\354\360\050\051\352\052\004\035\075\257\021\022\325\111\230\120
+\102\237\141\146\072\266\100\231\004\014\153\020\062\351\367\317
+\206\130\117\055\315\323\254\176\350\133\152\203\174\015\240\234
+\134\120\066\165\015\155\176\102\267\337\246\334\220\134\157\043
+\116\227\035\363\042\165\277\003\065\346\135\177\307\371\233\054
+\207\366\216\326\045\226\131\235\317\352\020\036\357\156\352\132
+\233\167\030\064\314\201\167\257\232\207\302\012\345\345\236\023
+\225\123\275\275\111\032\245\166\022\366\334\362\221\267\351\032
+\341\274\115\075\225\161\175\370\215\174\076\003\117\123\355\376
+\122\375\312\137\223\341\032\001\033\002\267\163\116\272\146\351
+\170\213\120\376\021\313\321\147\320\042\117\167\352\315\024\025
+\100\256\146\135\350\056\177\036\210\157\125\171\326\271\176\343
+\265\375\221\240\300\362\046\207\113\057\235\365\240
+END
+
+# Trust for "USERTrust-temporary-intermediate-after-1024bit-removal"
+# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Serial Number:5d:20:61:8e:8c:0e:b9:34:40:93:b9:b1:d8:63:95:b6
+# Subject: CN=USERTrust Legacy Secure Server CA,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Tue Aug 05 00:00:00 2014
+# Not Valid After : Sun Nov 01 23:59:59 2015
+# Fingerprint (SHA-256): 92:96:6E:83:44:D2:FB:3A:28:0E:B8:60:4D:81:40:77:4C:E1:A0:57:C5:82:BE:BC:83:4D:03:02:E8:59:BC:43
+# Fingerprint (SHA1): 7C:2F:91:E2:BB:96:68:A9:C6:F6:BD:10:19:2C:6B:52:5A:1B:BA:48
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "USERTrust-temporary-intermediate-after-1024bit-removal"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\174\057\221\342\273\226\150\251\306\366\275\020\031\054\153\122
+\132\033\272\110
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\131\153\146\214\004\251\341\013\017\356\105\245\220\044\037\016
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
+\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
+\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
+\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
+\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
+\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\135\040\141\216\214\016\271\064\100\223\271\261\330\143
+\225\266
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
--- a/lib/ckfw/builtins/nssckbi.h
+++ b/lib/ckfw/builtins/nssckbi.h
@@ -40,18 +40,18 @@
  *     ...
  *   - NSS 3.29 branch: 250-255
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 0
-#define NSS_BUILTINS_LIBRARY_VERSION "2.0"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 1
+#define NSS_BUILTINS_LIBRARY_VERSION "2.1"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These version numbers detail the semantic changes to ckbi itself 
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1