Bug 683449 - DigiNotar patch erroneously blocks one of the two Staat der Nederlanden roots; r=kaie
authorEhsan Akhgari <ehsan@mozilla.com>
Wed, 31 Aug 2011 10:11:17 -0400
changeset 77575 e18dcb523b20413c834e782f3d2efe17e1f8b84b
parent 77574 922f27baed983a3ba3eccc466bca203d13f439ba
child 77578 69c025d6d230192ebea521a1d24fbd7b1e4ed9ef
child 77602 1dbda10bbacf7e0bf07196d8f8084cd247745e57
push id78
push userclegnitto@mozilla.com
push dateFri, 16 Dec 2011 17:32:24 +0000
treeherdermozilla-release@79d24e644fdd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskaie
bugs683449
milestone9.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 683449 - DigiNotar patch erroneously blocks one of the two Staat der Nederlanden roots; r=kaie
security/manager/ssl/src/nsNSSCallbacks.cpp
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -1066,18 +1066,20 @@ PSM_SSL_BlacklistDigiNotar(CERTCertifica
            CERT_GetCertTimes(serverCert, &notBefore, &notAfter) != SECSuccess ||
            notBefore >= cutoff) {
           return SEC_ERROR_REVOKED_CERTIFICATE;
         }
       }
     }
 
     // By request of the Dutch government
-    if (!strcmp(node->cert->issuerName,
-                "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") &&
+    if ((!strcmp(node->cert->issuerName,
+                "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") ||
+         !strcmp(node->cert->issuerName,
+                "CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL")) &&
         CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) {
       return 0;
     }
   }
 
   if (isDigiNotarIssuedCert)
     return SEC_ERROR_UNTRUSTED_ISSUER; // user can override this
   else