Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0.26.3 release preparation, GLOBALTRUST 2020 removal #74

Merged
merged 2 commits into from
Jun 17, 2024
Merged

0.26.3 release preparation, GLOBALTRUST 2020 removal #74

merged 2 commits into from
Jun 17, 2024

Conversation

cpu
Copy link
Member

@cpu cpu commented Jun 17, 2024
edited
Loading

lib: remove GLOBALTRUST 2020

This CA is being distrusted by the Mozilla root program for TLS certificates issued after 2024.06.30.

Because webpki-roots can't express this distrust after date without breaking changes, and because the extant trusted certificates by this CA number less than 100, we choose to distrust the trust anchor in webpki-roots immediately and without any further qualification.

See the MDSP announcement post, and this bugzilla bug for more information.

Resolves #72

Proposed Release Notes

Removed trust anchors:

  • GLOBALTRUST 2020 CA has been removed due to a prolonged pattern of operational and compliance issues.

cpu added 2 commits June 17, 2024 12:28
@cpu
lib: remove GLOBALTRUST 2020
1e366a7 
This CA is being distrusted by the Mozilla root program for TLS
certificates issued after 2024.06.30.

Because `webpki-roots` can't express this distrust after date without
breaking changes, and because the extant trusted certificates by this CA
number less than 100, we choose to distrust the trust anchor in
webpki-roots immediately and without any further qualification.

See the MDSP announcement post[0] for more information.

[0]: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI/m/JBNFg3aVAwAJ
@cpu
Cargo: version 0.26.2 -> 0.26.3
dda9839
@cpu cpu self-assigned this Jun 17, 2024
@cpu cpu mentioned this pull request Jun 17, 2024
Closed
@cpu cpu requested a review from ctz June 17, 2024 17:53
@cpu cpu merged commit a7b62a3 into rustls:main Jun 17, 2024
1 check passed
@cpu cpu deleted the cpu-0.26.3-prep branch June 17, 2024 18:21
@cpu
Copy link
Member Author

cpu commented Jun 17, 2024

@cpu cpu mentioned this pull request Nov 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctz ctz ctz approved these changes

@djc djc djc approved these changes

Assignees

@cpu cpu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

GLOBALTRUST 2020 CA distrust
3 participants
@cpu @djc @ctz