[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

On Tue, Sep 06, 2011 at 03:03:27PM +0200, Giuseppe Iuculano wrote:
> Hi,
> On 09/04/2011 09:20 PM, Raphael Geissert wrote:
> > NSS now ships modified certs of DigiNotar, their name is "Explicitly Disabled 
> > DigiNotar <rest of the original CN here>"
> > In chromium, for example, if you browse a DigiNotar-signed website and check 
> > the certificate chain you will see the Explicitly Disabled cert there.
> > 
> > Giuseppe, do you already have plans for updating chromium? (more info on the 
> > CCed bug.)
> chromium uses libnss, please explain, what kind of update chromium
> needs? did I miss something?

You missed the part where chromium uses libpkix (despite mozilla
saying it's not ready), and the libpkix path doesn't reject the certs
chaining to the Explicitly Disabled CAs.


Reply to: