On Tue, Sep 06, 2011 at 03:03:27PM +0200, Giuseppe Iuculano wrote: > Hi, > > On 09/04/2011 09:20 PM, Raphael Geissert wrote: > > NSS now ships modified certs of DigiNotar, their name is "Explicitly > > Disabled > > DigiNotar <rest of the original CN here>" > > In chromium, for example, if you browse a DigiNotar-signed website and > > check > > the certificate chain you will see the Explicitly Disabled cert there. > > > > Giuseppe, do you already have plans for updating chromium? (more info on > > the > > CCed bug.) > > chromium uses libnss, please explain, what kind of update chromium > needs? did I miss something?
You missed the part where chromium uses libpkix (despite mozilla saying it's not ready), and the libpkix path doesn't reject the certs chaining to the Explicitly Disabled CAs. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
