On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote: > All, > > > > We have been working on a new certificate verification library for > > Gecko, and would greatly appreciate it if you will test this new library > > and review the new code. > > > > Background > > > > NSS currently has two code paths for doing certificate verification. > > "Classic" verification has been used for verification of non-EV > > certificates, and libPKIX has been used for verification of EV > > certificates. > > > > As many of you are aware, the NSS team has wanted to replace the > > "classic" verification with libPKIX for a long time. However, the > > current libPKIX code was auto-translated from Java to C, and has proven > > to be very difficult to maintain and use. Therefore, Mozilla has created > > a new certificate verification library called mozilla::pkix. > > > > Request for Testing > > > > Replacing the certificate verification library can only be done after > > gaining sufficient confidence in the new code by having as many people > > and organizations test it as possible. > > > > We ask that all of you help us test this new library as described here: > > https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Request_for_Testing > > > > Testing Window: The mozilla::pkix certificate verification library is > > available for testing now in Nightly Firefox builds. We ask that you > > test as soon as possible, and that you complete your testing before > > Firefox 31 exits the Aurora branch in June. > > (See https://wiki.mozilla.org/RapidRelease/Calendar) > > > > Request for Code Review > > > > The more people who code review the new code, the better. So we ask all > > of you C++ programmers out there to review the code and let us know if > > you see any potential issues. > > https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Request_for_Code_Review > > > > > > We look forward to your help in testing and reviewing this new > > certificate verification library. > > > > Mozilla Security Engineering Team
Yup - having a problem. Novell ZENworks optionally uses an internal CA and with FF 31 I can no longer connect to the management console or any of the other web services. I'll try turning off the new CA checker to see if that works. I like the idea of better security, but you just pissed off a lot of my customers. Bruce McDowell McDowell Consulting LLC br...@consultbruce.com -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
