Re: add-on signing error, Adblock Plus from AMO [solved] - Mozilla

This is a discussion on Re: add-on signing error, Adblock Plus from AMO [solved] - Mozilla ; On Dec 17, 10:35*pm, Q wrote: > I've got nss-3.12.3-r1, which isn't the latest from Mozilla but which > is well after StartCom certs were added. StartCom certs were added long ago but they were only allowed for signing code ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: add-on signing error, Adblock Plus from AMO [solved]

  1. Re: add-on signing error, Adblock Plus from AMO [solved]

    On Dec 17, 10:35*pm, Q wrote:
    > I've got nss-3.12.3-r1, which isn't the latest from Mozilla but which
    > is well after StartCom certs were added.


    StartCom certs were added long ago but they were only allowed for
    signing code relatively recently. The version of NSS isn't important
    here, it's the version of the certificate store (ckbi library) that is
    relevant. Mozilla used NSS_3_12_2_WITH_CKBI_1_75_RTM in Firefox
    3.0.12, that's the first version to support StartCom's code signing.
    From the look of it, Gentoo simply gets the source code from the FTP
    server - version 3.12.3 there comes with ckbi 1.73, only version
    3.12.3.1 has ckbi 1.75.

  2. Re: add-on signing error, Adblock Plus from AMO [solved]

    On Dec 18, 11:00*am, Wladimir Palant wrote:
    > From the look of it, Gentoo simply gets the source code from the FTP
    > server - version 3.12.3 there comes with ckbi 1.73, only version
    > 3.12.3.1 has ckbi 1.75.


    Looking further into this, I see why I've seen only two reports on
    this issue so far. Official builds for both Firefox and SeaMonkey come
    with their own NSS library, those always work correctly. Only vendor-
    supplied builds rely on an independent NSS package which could be
    outdated (but not always is, at least some distributions already use
    NSS 3.12.4).

  3. Re: add-on signing error, Adblock Plus from AMO [solved]

    On Dec 18, 8:00*pm, Q wrote:
    > Do any of you know if Mozilla supplies source patches to NSS tarballs
    > when the certificate store is updated, or does it just wait for the
    > next NSS version number? *If there are patches provided, I'll point the
    > Gentoo maintainer to them.


    That's mostly what 3.12.3.1 is. I checked, updated certificate store
    is almost the only difference between 3.12.3.1 and 3.12.3 - plus two
    or three minor fixes that are probably applied in Gentoo anyway.

+ Reply to Thread