Sync from SUSE:ALP:Source:Standard:1.0 ca-certificates-mozilla revision aa1675b3abdb5091197727fe4c8f86bb
This commit is contained in:
commit
6dcdf08dcd
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
4
_multibuild
Normal file
4
_multibuild
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
<multibuild>
|
||||||
|
<package>ca-certificates-mozilla-prebuilt</package>
|
||||||
|
</multibuild>
|
||||||
|
|
17
ca-certificates-mozilla-prebuilt.changes
Normal file
17
ca-certificates-mozilla-prebuilt.changes
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Apr 11 14:05:12 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
- Also mark /usr/share/factory/var/lib/ca-certificates/ as writable
|
||||||
|
by the user during install: allow rpm to properly execute %clean
|
||||||
|
when completed.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Aug 30 10:23:35 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
- Create /var/lib/ca-certificates during build to ensure rpm gives
|
||||||
|
the %ghost'ed directory proper mode attributes.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Oct 4 14:38:44 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
|
||||||
|
|
||||||
|
- new package for minimal base containers (jsc#SLE-22162)
|
88
ca-certificates-mozilla-prebuilt.spec
Normal file
88
ca-certificates-mozilla-prebuilt.spec
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
#
|
||||||
|
# spec file for package ca-certificates-mozilla-prebuilt
|
||||||
|
#
|
||||||
|
# Copyright (c) 2023 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: ca-certificates-mozilla-prebuilt
|
||||||
|
Version: %(rpm -q --qf %{version} ca-certificates-mozilla)
|
||||||
|
Release: 0
|
||||||
|
Summary: Pre-built CA certificates for OpenSSL
|
||||||
|
License: MPL-2.0
|
||||||
|
Group: Productivity/Networking/Security
|
||||||
|
URL: https://www.mozilla.org
|
||||||
|
BuildRequires: ca-certificates-mozilla
|
||||||
|
BuildArch: noarch
|
||||||
|
Requires(post): /bin/cp
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package contains a static set of CA root certificates for
|
||||||
|
OpenSSL extracted from MozillaFirefox for use in containers. The
|
||||||
|
package pre-fills /var/lib/ca-certificates with a static set of
|
||||||
|
certificates if /var/lib/ca-certificates does not exist yet.
|
||||||
|
|
||||||
|
Therefore an upgrade of this package will NOT update the list of
|
||||||
|
root CA certificates in the system.
|
||||||
|
|
||||||
|
It it not possible to configure additional root CA certificates
|
||||||
|
using this package.
|
||||||
|
|
||||||
|
The package is only intended for use in containers that want to
|
||||||
|
avoid installing p11-kit.
|
||||||
|
|
||||||
|
For all other use cases please install the
|
||||||
|
"ca-certificates-mozilla" package.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -qcT
|
||||||
|
|
||||||
|
%build
|
||||||
|
cp /usr/share/licenses/ca-certificates-mozilla/COPYING .
|
||||||
|
|
||||||
|
%install
|
||||||
|
mkdir -p %{buildroot}/etc/ssl
|
||||||
|
mkdir -p %{buildroot}/var/lib/ca-certificates
|
||||||
|
ln -s /var/lib/ca-certificates/pem %{buildroot}/etc/ssl/certs
|
||||||
|
ln -s /var/lib/ca-certificates/ca-bundle.pem %{buildroot}/etc/ssl/ca-bundle.pem
|
||||||
|
mkdir -p %{buildroot}/usr/share/factory/var/lib
|
||||||
|
cp -a /var/lib/ca-certificates %{buildroot}/usr/share/factory/var/lib
|
||||||
|
# need rpm needs to be able to delete the buildroot
|
||||||
|
chmod u+w %{buildroot}/usr/share/factory/var/lib/ca-certificates{,/*}
|
||||||
|
mkdir -p %{buildroot}%{_tmpfilesdir}
|
||||||
|
echo "C /var/lib/ca-certificates" > %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
||||||
|
|
||||||
|
%post
|
||||||
|
if [ -z "${TRANSACTIONAL_UPDATE}" ]; then
|
||||||
|
if [ -x /usr/bin/systemd-tmpfiles ]; then
|
||||||
|
/usr/bin/systemd-tmpfiles --create %{_tmpfilesdir}/ca-certificates-mozilla-prebuilt.conf || :
|
||||||
|
elif [ -x /bin/cp ] && [ ! -e /var/lib/ca-certificates ]; then
|
||||||
|
/bin/cp -as /usr/share/factory/var/lib/ca-certificates /var/lib || :
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license COPYING
|
||||||
|
/etc/ssl/ca-bundle.pem
|
||||||
|
/etc/ssl/certs
|
||||||
|
%{_tmpfilesdir}/%{name}.conf
|
||||||
|
/usr/share/factory
|
||||||
|
%ghost %dir /var/lib/ca-certificates
|
||||||
|
%defattr(0444,root,root,0555)
|
||||||
|
%ghost %dir /var/lib/ca-certificates/pem
|
||||||
|
%ghost %dir /var/lib/ca-certificates/openssl
|
||||||
|
%ghost /var/lib/ca-certificates/java-cacerts
|
||||||
|
%ghost /var/lib/ca-certificates/ca-bundle.pem
|
||||||
|
|
||||||
|
%changelog
|
348
ca-certificates-mozilla.COPYING
Normal file
348
ca-certificates-mozilla.COPYING
Normal file
@ -0,0 +1,348 @@
|
|||||||
|
Mozilla Public License
|
||||||
|
Version 2.0
|
||||||
|
|
||||||
|
1. Definitions
|
||||||
|
|
||||||
|
1.1. “Contributor”
|
||||||
|
|
||||||
|
means each individual or legal entity that creates, contributes to the
|
||||||
|
creation of, or owns Covered Software.
|
||||||
|
|
||||||
|
1.2. “Contributor Version”
|
||||||
|
|
||||||
|
means the combination of the Contributions of others (if any) used by a
|
||||||
|
Contributor and that particular Contributor’s Contribution.
|
||||||
|
|
||||||
|
1.3. “Contribution”
|
||||||
|
|
||||||
|
means Covered Software of a particular Contributor.
|
||||||
|
|
||||||
|
1.4. “Covered Software”
|
||||||
|
|
||||||
|
means Source Code Form to which the initial Contributor has attached the
|
||||||
|
notice in Exhibit A, the Executable Form of such Source Code Form, and
|
||||||
|
Modifications of such Source Code Form, in each case including portions
|
||||||
|
thereof.
|
||||||
|
|
||||||
|
1.5. “Incompatible With Secondary Licenses”
|
||||||
|
|
||||||
|
means
|
||||||
|
|
||||||
|
a. that the initial Contributor has attached the notice described in
|
||||||
|
Exhibit B to the Covered Software; or
|
||||||
|
|
||||||
|
b. that the Covered Software was made available under the terms of version
|
||||||
|
1.1 or earlier of the License, but not also under the terms of a
|
||||||
|
Secondary License.
|
||||||
|
|
||||||
|
1.6. “Executable Form”
|
||||||
|
|
||||||
|
means any form of the work other than Source Code Form.
|
||||||
|
|
||||||
|
1.7. “Larger Work”
|
||||||
|
|
||||||
|
means a work that combines Covered Software with other material, in a
|
||||||
|
separate file or files, that is not Covered Software.
|
||||||
|
|
||||||
|
1.8. “License”
|
||||||
|
|
||||||
|
means this document.
|
||||||
|
|
||||||
|
1.9. “Licensable”
|
||||||
|
|
||||||
|
means having the right to grant, to the maximum extent possible, whether at
|
||||||
|
the time of the initial grant or subsequently, any and all of the rights
|
||||||
|
conveyed by this License.
|
||||||
|
|
||||||
|
1.10. “Modifications”
|
||||||
|
|
||||||
|
means any of the following:
|
||||||
|
|
||||||
|
a. any file in Source Code Form that results from an addition to, deletion
|
||||||
|
from, or modification of the contents of Covered Software; or
|
||||||
|
|
||||||
|
b. any new file in Source Code Form that contains any Covered Software.
|
||||||
|
|
||||||
|
1.11. “Patent Claims” of a Contributor
|
||||||
|
|
||||||
|
means any patent claim(s), including without limitation, method, process,
|
||||||
|
and apparatus claims, in any patent Licensable by such Contributor that
|
||||||
|
would be infringed, but for the grant of the License, by the making, using,
|
||||||
|
selling, offering for sale, having made, import, or transfer of either its
|
||||||
|
Contributions or its Contributor Version.
|
||||||
|
|
||||||
|
1.12. “Secondary License”
|
||||||
|
|
||||||
|
means either the GNU General Public License, Version 2.0, the GNU Lesser
|
||||||
|
General Public License, Version 2.1, the GNU Affero General Public License,
|
||||||
|
Version 3.0, or any later versions of those licenses.
|
||||||
|
|
||||||
|
1.13. “Source Code Form”
|
||||||
|
|
||||||
|
means the form of the work preferred for making modifications.
|
||||||
|
|
||||||
|
1.14. “You” (or “Your”)
|
||||||
|
|
||||||
|
means an individual or a legal entity exercising rights under this License.
|
||||||
|
For legal entities, “You” includes any entity that controls, is controlled
|
||||||
|
by, or is under common control with You. For purposes of this definition,
|
||||||
|
“control” means (a) the power, direct or indirect, to cause the direction
|
||||||
|
or management of such entity, whether by contract or otherwise, or (b)
|
||||||
|
ownership of more than fifty percent (50%) of the outstanding shares or
|
||||||
|
beneficial ownership of such entity.
|
||||||
|
|
||||||
|
2. License Grants and Conditions
|
||||||
|
|
||||||
|
2.1. Grants
|
||||||
|
|
||||||
|
Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive
|
||||||
|
license:
|
||||||
|
|
||||||
|
a. under intellectual property rights (other than patent or trademark)
|
||||||
|
Licensable by such Contributor to use, reproduce, make available, modify,
|
||||||
|
display, perform, distribute, and otherwise exploit its Contributions,
|
||||||
|
either on an unmodified basis, with Modifications, or as part of a Larger
|
||||||
|
Work; and
|
||||||
|
|
||||||
|
b. under Patent Claims of such Contributor to make, use, sell, offer for sale,
|
||||||
|
have made, import, and otherwise transfer either its Contributions or its
|
||||||
|
Contributor Version.
|
||||||
|
|
||||||
|
2.2. Effective Date
|
||||||
|
|
||||||
|
The licenses granted in Section 2.1 with respect to any Contribution become
|
||||||
|
effective for each Contribution on the date the Contributor first distributes
|
||||||
|
such Contribution.
|
||||||
|
|
||||||
|
2.3. Limitations on Grant Scope
|
||||||
|
|
||||||
|
The licenses granted in this Section 2 are the only rights granted under this
|
||||||
|
License. No additional rights or licenses will be implied from the distribution
|
||||||
|
or licensing of Covered Software under this License. Notwithstanding
|
||||||
|
Section 2.1(b) above, no patent license is granted by a Contributor:
|
||||||
|
|
||||||
|
a. for any code that a Contributor has removed from Covered Software; or
|
||||||
|
|
||||||
|
b. for infringements caused by: (i) Your and any other third party’s
|
||||||
|
modifications of Covered Software, or (ii) the combination of its
|
||||||
|
Contributions with other software (except as part of its Contributor
|
||||||
|
Version); or
|
||||||
|
|
||||||
|
c. under Patent Claims infringed by Covered Software in the absence of its
|
||||||
|
Contributions.
|
||||||
|
|
||||||
|
This License does not grant any rights in the trademarks, service marks, or
|
||||||
|
logos of any Contributor (except as may be necessary to comply with the notice
|
||||||
|
requirements in Section 3.4).
|
||||||
|
|
||||||
|
2.4. Subsequent Licenses
|
||||||
|
|
||||||
|
No Contributor makes additional grants as a result of Your choice to distribute
|
||||||
|
the Covered Software under a subsequent version of this License (see
|
||||||
|
Section 10.2) or under the terms of a Secondary License (if permitted under the
|
||||||
|
terms of Section 3.3).
|
||||||
|
|
||||||
|
2.5. Representation
|
||||||
|
|
||||||
|
Each Contributor represents that the Contributor believes its Contributions are
|
||||||
|
its original creation(s) or it has sufficient rights to grant the rights to its
|
||||||
|
Contributions conveyed by this License.
|
||||||
|
|
||||||
|
2.6. Fair Use
|
||||||
|
|
||||||
|
This License is not intended to limit any rights You have under applicable
|
||||||
|
copyright doctrines of fair use, fair dealing, or other equivalents.
|
||||||
|
|
||||||
|
2.7. Conditions
|
||||||
|
|
||||||
|
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
|
||||||
|
Section 2.1.
|
||||||
|
|
||||||
|
3. Responsibilities
|
||||||
|
|
||||||
|
3.1. Distribution of Source Form
|
||||||
|
|
||||||
|
All distribution of Covered Software in Source Code Form, including any
|
||||||
|
Modifications that You create or to which You contribute, must be under the
|
||||||
|
terms of this License. You must inform recipients that the Source Code Form of
|
||||||
|
the Covered Software is governed by the terms of this License, and how they can
|
||||||
|
obtain a copy of this License. You may not attempt to alter or restrict the
|
||||||
|
recipients’ rights in the Source Code Form.
|
||||||
|
|
||||||
|
3.2. Distribution of Executable Form
|
||||||
|
|
||||||
|
If You distribute Covered Software in Executable Form then:
|
||||||
|
|
||||||
|
a. such Covered Software must also be made available in Source Code Form, as
|
||||||
|
described in Section 3.1, and You must inform recipients of the Executable
|
||||||
|
Form how they can obtain a copy of such Source Code Form by reasonable
|
||||||
|
means in a timely manner, at a charge no more than the cost of distribution
|
||||||
|
to the recipient; and
|
||||||
|
|
||||||
|
b. You may distribute such Executable Form under the terms of this License, or
|
||||||
|
sublicense it under different terms, provided that the license for the
|
||||||
|
Executable Form does not attempt to limit or alter the recipients’ rights
|
||||||
|
in the Source Code Form under this License.
|
||||||
|
|
||||||
|
3.3. Distribution of a Larger Work
|
||||||
|
|
||||||
|
You may create and distribute a Larger Work under terms of Your choice,
|
||||||
|
provided that You also comply with the requirements of this License for the
|
||||||
|
Covered Software. If the Larger Work is a combination of Covered Software with
|
||||||
|
a work governed by one or more Secondary Licenses, and the Covered Software is
|
||||||
|
not Incompatible With Secondary Licenses, this License permits You to
|
||||||
|
additionally distribute such Covered Software under the terms of such Secondary
|
||||||
|
License(s), so that the recipient of the Larger Work may, at their option,
|
||||||
|
further distribute the Covered Software under the terms of either this License
|
||||||
|
or such Secondary License(s).
|
||||||
|
|
||||||
|
3.4. Notices
|
||||||
|
|
||||||
|
You may not remove or alter the substance of any license notices (including
|
||||||
|
copyright notices, patent notices, disclaimers of warranty, or limitations of
|
||||||
|
liability) contained within the Source Code Form of the Covered Software,
|
||||||
|
except that You may alter any license notices to the extent required to remedy
|
||||||
|
known factual inaccuracies.
|
||||||
|
|
||||||
|
3.5. Application of Additional Terms
|
||||||
|
|
||||||
|
You may choose to offer, and to charge a fee for, warranty, support, indemnity
|
||||||
|
or liability obligations to one or more recipients of Covered Software.
|
||||||
|
However, You may do so only on Your own behalf, and not on behalf of any
|
||||||
|
Contributor. You must make it absolutely clear that any such warranty, support,
|
||||||
|
indemnity, or liability obligation is offered by You alone, and You hereby
|
||||||
|
agree to indemnify every Contributor for any liability incurred by such
|
||||||
|
Contributor as a result of warranty, support, indemnity or liability terms You
|
||||||
|
offer. You may include additional disclaimers of warranty and limitations of
|
||||||
|
liability specific to any jurisdiction.
|
||||||
|
|
||||||
|
4. Inability to Comply Due to Statute or Regulation
|
||||||
|
|
||||||
|
If it is impossible for You to comply with any of the terms of this License
|
||||||
|
with respect to some or all of the Covered Software due to statute, judicial
|
||||||
|
order, or regulation then You must: (a) comply with the terms of this License
|
||||||
|
to the maximum extent possible; and (b) describe the limitations and the code
|
||||||
|
they affect. Such description must be placed in a text file included with all
|
||||||
|
distributions of the Covered Software under this License. Except to the extent
|
||||||
|
prohibited by statute or regulation, such description must be sufficiently
|
||||||
|
detailed for a recipient of ordinary skill to be able to understand it.
|
||||||
|
|
||||||
|
5. Termination
|
||||||
|
|
||||||
|
5.1. The rights granted under this License will terminate automatically if You
|
||||||
|
fail to comply with any of its terms. However, if You become compliant, then
|
||||||
|
the rights granted under this License from a particular Contributor are
|
||||||
|
reinstated (a) provisionally, unless and until such Contributor explicitly and
|
||||||
|
finally terminates Your grants, and (b) on an ongoing basis, if such
|
||||||
|
Contributor fails to notify You of the non-compliance by some reasonable means
|
||||||
|
prior to 60 days after You have come back into compliance. Moreover, Your
|
||||||
|
grants from a particular Contributor are reinstated on an ongoing basis if such
|
||||||
|
Contributor notifies You of the non-compliance by some reasonable means, this
|
||||||
|
is the first time You have received notice of non-compliance with this License
|
||||||
|
from such Contributor, and You become compliant prior to 30 days after Your
|
||||||
|
receipt of the notice.
|
||||||
|
|
||||||
|
5.2. If You initiate litigation against any entity by asserting a patent
|
||||||
|
infringement claim (excluding declaratory judgment actions, counter-claims, and
|
||||||
|
cross-claims) alleging that a Contributor Version directly or indirectly
|
||||||
|
infringes any patent, then the rights granted to You by any and all
|
||||||
|
Contributors for the Covered Software under Section 2.1 of this License shall
|
||||||
|
terminate.
|
||||||
|
|
||||||
|
5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
|
||||||
|
license agreements (excluding distributors and resellers) which have been
|
||||||
|
validly granted by You or Your distributors under this License prior to
|
||||||
|
termination shall survive termination.
|
||||||
|
|
||||||
|
6. Disclaimer of Warranty
|
||||||
|
|
||||||
|
Covered Software is provided under this License on an “as is” basis, without
|
||||||
|
warranty of any kind, either expressed, implied, or statutory, including,
|
||||||
|
without limitation, warranties that the Covered Software is free of defects,
|
||||||
|
merchantable, fit for a particular purpose or non-infringing. The entire risk
|
||||||
|
as to the quality and performance of the Covered Software is with You. Should
|
||||||
|
any Covered Software prove defective in any respect, You (not any Contributor)
|
||||||
|
assume the cost of any necessary servicing, repair, or correction. This
|
||||||
|
disclaimer of warranty constitutes an essential part of this License. No use of
|
||||||
|
any Covered Software is authorized under this License except under this
|
||||||
|
disclaimer.
|
||||||
|
|
||||||
|
7. Limitation of Liability
|
||||||
|
|
||||||
|
Under no circumstances and under no legal theory, whether tort (including
|
||||||
|
negligence), contract, or otherwise, shall any Contributor, or anyone who
|
||||||
|
distributes Covered Software as permitted above, be liable to You for any
|
||||||
|
direct, indirect, special, incidental, or consequential damages of any
|
||||||
|
character including, without limitation, damages for lost profits, loss of
|
||||||
|
goodwill, work stoppage, computer failure or malfunction, or any and all other
|
||||||
|
commercial damages or losses, even if such party shall have been informed of
|
||||||
|
the possibility of such damages. This limitation of liability shall not apply
|
||||||
|
to liability for death or personal injury resulting from such party’s
|
||||||
|
negligence to the extent applicable law prohibits such limitation. Some
|
||||||
|
jurisdictions do not allow the exclusion or limitation of incidental or
|
||||||
|
consequential damages, so this exclusion and limitation may not apply to You.
|
||||||
|
|
||||||
|
8. Litigation
|
||||||
|
|
||||||
|
Any litigation relating to this License may be brought only in the courts of a
|
||||||
|
jurisdiction where the defendant maintains its principal place of business and
|
||||||
|
such litigation shall be governed by laws of that jurisdiction, without
|
||||||
|
reference to its conflict-of-law provisions. Nothing in this Section shall
|
||||||
|
prevent a party’s ability to bring cross-claims or counter-claims.
|
||||||
|
|
||||||
|
9. Miscellaneous
|
||||||
|
|
||||||
|
This License represents the complete agreement concerning the subject matter
|
||||||
|
hereof. If any provision of this License is held to be unenforceable, such
|
||||||
|
provision shall be reformed only to the extent necessary to make it
|
||||||
|
enforceable. Any law or regulation which provides that the language of a
|
||||||
|
contract shall be construed against the drafter shall not be used to construe
|
||||||
|
this License against a Contributor.
|
||||||
|
|
||||||
|
10. Versions of the License
|
||||||
|
|
||||||
|
10.1. New Versions
|
||||||
|
|
||||||
|
Mozilla Foundation is the license steward. Except as provided in Section 10.3,
|
||||||
|
no one other than the license steward has the right to modify or publish new
|
||||||
|
versions of this License. Each version will be given a distinguishing version
|
||||||
|
number.
|
||||||
|
|
||||||
|
10.2. Effect of New Versions
|
||||||
|
|
||||||
|
You may distribute the Covered Software under the terms of the version of the
|
||||||
|
License under which You originally received the Covered Software, or under the
|
||||||
|
terms of any subsequent version published by the license steward.
|
||||||
|
|
||||||
|
10.3. Modified Versions
|
||||||
|
|
||||||
|
If you create software not governed by this License, and you want to create a
|
||||||
|
new license for such software, you may create and use a modified version of
|
||||||
|
this License if you rename the license and remove any references to the name of
|
||||||
|
the license steward (except to note that such modified license differs from
|
||||||
|
this License).
|
||||||
|
|
||||||
|
10.4. Distributing Source Code Form that is Incompatible With Secondary
|
||||||
|
Licenses
|
||||||
|
|
||||||
|
If You choose to distribute Source Code Form that is Incompatible With
|
||||||
|
Secondary Licenses under the terms of this version of the License, the notice
|
||||||
|
described in Exhibit B of this License must be attached.
|
||||||
|
|
||||||
|
Exhibit A - Source Code Form License Notice
|
||||||
|
|
||||||
|
This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
|
License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
||||||
|
You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||||
|
|
||||||
|
If it is not possible or desirable to put the notice in a particular file, then
|
||||||
|
You may include the notice in a location (such as a LICENSE file in a relevant
|
||||||
|
directory) where a recipient would be likely to look for such a notice.
|
||||||
|
|
||||||
|
You may add additional accurate notices of copyright ownership.
|
||||||
|
|
||||||
|
Exhibit B - “Incompatible With Secondary Licenses” Notice
|
||||||
|
|
||||||
|
This Source Code Form is “Incompatible With Secondary Licenses”, as defined
|
||||||
|
by the Mozilla Public License, v. 2.0.
|
||||||
|
|
868
ca-certificates-mozilla.changes
Normal file
868
ca-certificates-mozilla.changes
Normal file
@ -0,0 +1,868 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Aug 16 12:59:31 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- readd _multibuild
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 14 10:43:08 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
|
||||||
|
Added:
|
||||||
|
- Atos TrustedRoot Root CA ECC G2 2020
|
||||||
|
- Atos TrustedRoot Root CA ECC TLS 2021
|
||||||
|
- Atos TrustedRoot Root CA RSA G2 2020
|
||||||
|
- Atos TrustedRoot Root CA RSA TLS 2021
|
||||||
|
- BJCA Global Root CA1
|
||||||
|
- BJCA Global Root CA2
|
||||||
|
- LAWtrust Root CA2 (4096)
|
||||||
|
- Sectigo Public Email Protection Root E46
|
||||||
|
- Sectigo Public Email Protection Root R46
|
||||||
|
- Sectigo Public Server Authentication Root E46
|
||||||
|
- Sectigo Public Server Authentication Root R46
|
||||||
|
- SSL.com Client ECC Root CA 2022
|
||||||
|
- SSL.com Client RSA Root CA 2022
|
||||||
|
- SSL.com TLS ECC Root CA 2022
|
||||||
|
- SSL.com TLS RSA Root CA 2022
|
||||||
|
|
||||||
|
Removed CAs:
|
||||||
|
- Chambers of Commerce Root
|
||||||
|
- E-Tugra Certification Authority
|
||||||
|
- E-Tugra Global Root CA ECC v3
|
||||||
|
- E-Tugra Global Root CA RSA v3
|
||||||
|
- Hongkong Post Root CA 1
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 4 14:34:19 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
- Add _multibuild to define 2nd spec file as additional flavor.
|
||||||
|
Eliminates the need for source package links in OBS.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 22 10:38:47 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
|
||||||
|
Removed CAs:
|
||||||
|
- Global Chambersign Root
|
||||||
|
- EC-ACC
|
||||||
|
- Network Solutions Certificate Authority
|
||||||
|
- Staat der Nederlanden EV Root CA
|
||||||
|
- SwissSign Platinum CA - G2
|
||||||
|
|
||||||
|
Added CAs:
|
||||||
|
- DIGITALSIGN GLOBAL ROOT ECDSA CA
|
||||||
|
- DIGITALSIGN GLOBAL ROOT RSA CA
|
||||||
|
- Security Communication ECC RootCA1
|
||||||
|
- Security Communication RootCA3
|
||||||
|
|
||||||
|
Changed trust:
|
||||||
|
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
|
||||||
|
|
||||||
|
- Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022"
|
||||||
|
and it is not clear how many certs were issued for SSL middleware by TrustCor:
|
||||||
|
- TrustCor RootCert CA-1
|
||||||
|
- TrustCor RootCert CA-2
|
||||||
|
- TrustCor ECA-1
|
||||||
|
Patch: remove-trustcor.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 29 11:46:01 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
|
||||||
|
Added:
|
||||||
|
- Certainly Root E1
|
||||||
|
- Certainly Root R1
|
||||||
|
- DigiCert SMIME ECC P384 Root G5
|
||||||
|
- DigiCert SMIME RSA4096 Root G5
|
||||||
|
- DigiCert TLS ECC P384 Root G5
|
||||||
|
- DigiCert TLS RSA4096 Root G5
|
||||||
|
- E-Tugra Global Root CA ECC v3
|
||||||
|
- E-Tugra Global Root CA RSA v3
|
||||||
|
Removed:
|
||||||
|
- Hellenic Academic and Research Institutions RootCA 2011
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 2 11:35:33 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
|
||||||
|
Added:
|
||||||
|
- Autoridad de Certificacion Firmaprofesional CIF A62634068
|
||||||
|
- D-TRUST BR Root CA 1 2020
|
||||||
|
- D-TRUST EV Root CA 1 2020
|
||||||
|
- GlobalSign ECC Root CA R4
|
||||||
|
- GTS Root R1
|
||||||
|
- GTS Root R2
|
||||||
|
- GTS Root R3
|
||||||
|
- GTS Root R4
|
||||||
|
- HiPKI Root CA - G1
|
||||||
|
- ISRG Root X2
|
||||||
|
- Telia Root CA v2
|
||||||
|
- vTrus ECC Root CA
|
||||||
|
- vTrus Root CA
|
||||||
|
|
||||||
|
Removed:
|
||||||
|
- Cybertrust Global Root
|
||||||
|
- DST Root CA X3
|
||||||
|
- DigiNotar PKIoverheid CA Organisatie - G2
|
||||||
|
- GlobalSign ECC Root CA R4
|
||||||
|
- GlobalSign Root CA R2
|
||||||
|
- GTS Root R1
|
||||||
|
- GTS Root R2
|
||||||
|
- GTS Root R3
|
||||||
|
- GTS Root R4
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Oct 2 07:33:52 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
|
||||||
|
- Added CAs:
|
||||||
|
+ HARICA Client ECC Root CA 2021
|
||||||
|
+ HARICA Client RSA Root CA 2021
|
||||||
|
+ HARICA TLS ECC Root CA 2021
|
||||||
|
+ HARICA TLS RSA Root CA 2021
|
||||||
|
+ TunTrust Root CA
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Sep 24 13:56:30 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
|
||||||
|
(bsc#1190858)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jul 5 12:16:33 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
|
||||||
|
Added CAs:
|
||||||
|
|
||||||
|
* AC RAIZ FNMT-RCM SERVIDORES SEGUROS
|
||||||
|
* ANF Secure Server Root CA
|
||||||
|
* Certum EC-384 CA
|
||||||
|
* Certum Trusted Root CA
|
||||||
|
* GlobalSign Root E46
|
||||||
|
* GlobalSign Root R46
|
||||||
|
* GlobalSign Secure Mail Root E45
|
||||||
|
* GlobalSign Secure Mail Root R45
|
||||||
|
* GLOBALTRUST 2020
|
||||||
|
|
||||||
|
Removed CAs:
|
||||||
|
|
||||||
|
* GeoTrust Primary Certification Authority - G2
|
||||||
|
* QuoVadis Root Certification Authority
|
||||||
|
* Sonera Class2 CA
|
||||||
|
* Trustis FPS Root CA
|
||||||
|
* VeriSign Universal Root Certification Authority
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Jul 4 09:14:00 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- fix mozila typo in installed files
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 9 13:11:37 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
|
||||||
|
- Added new root CAs:
|
||||||
|
- NAVER Global Root Certification Authority
|
||||||
|
- Removed old root CA:
|
||||||
|
- GeoTrust Global CA
|
||||||
|
- GeoTrust Primary Certification Authority
|
||||||
|
- GeoTrust Primary Certification Authority - G3
|
||||||
|
- GeoTrust Universal CA
|
||||||
|
- GeoTrust Universal CA 2
|
||||||
|
- thawte Primary Root CA
|
||||||
|
- thawte Primary Root CA - G2
|
||||||
|
- thawte Primary Root CA - G3
|
||||||
|
- VeriSign Class 3 Public Primary Certification Authority - G4
|
||||||
|
- VeriSign Class 3 Public Primary Certification Authority - G5
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Oct 19 09:09:39 UTC 2020 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- Updated to 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
|
||||||
|
|
||||||
|
- Removed CAs:
|
||||||
|
- EE Certification Centre Root CA
|
||||||
|
- Taiwan GRCA
|
||||||
|
|
||||||
|
- Added CAs:
|
||||||
|
- Trustwave Global Certification Authority
|
||||||
|
- Trustwave Global ECC P256 Certification Authority
|
||||||
|
- Trustwave Global ECC P384 Certification Authority
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 29 13:06:19 UTC 2020 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
|
||||||
|
|
||||||
|
Removed CAs:
|
||||||
|
- AddTrust External CA Root
|
||||||
|
- AddTrust Class 1 CA Root
|
||||||
|
- LuxTrust Global Root 2
|
||||||
|
- Staat der Nederlanden Root CA - G2
|
||||||
|
- Symantec Class 1 Public Primary Certification Authority - G4
|
||||||
|
- Symantec Class 2 Public Primary Certification Authority - G4
|
||||||
|
- VeriSign Class 3 Public Primary Certification Authority - G3
|
||||||
|
|
||||||
|
Added CAs:
|
||||||
|
- certSIGN Root CA G2
|
||||||
|
- e-Szigno Root CA 2017
|
||||||
|
- Microsoft ECC Root Certificate Authority 2017
|
||||||
|
- Microsoft RSA Root Certificate Authority 2017
|
||||||
|
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 26 11:38:06 UTC 2020 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- also run update-ca-certificates in %posttrans
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jan 14 07:07:51 UTC 2020 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- update to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160)
|
||||||
|
- removed:
|
||||||
|
- Certplus Class 2 Primary CA
|
||||||
|
- Deutsche Telekom Root CA 2
|
||||||
|
- CN=Swisscom Root CA 2
|
||||||
|
- UTN-USERFirst-Client Authentication and Email
|
||||||
|
|
||||||
|
- added:
|
||||||
|
- Entrust Root Certification Authority - G4
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 18 10:53:59 UTC 2019 - Ludwig Nussel <lnussel@suse.de>
|
||||||
|
|
||||||
|
- make sure p11-kit with patches is installed on SLE (boo#1154871)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 12 09:58:01 UTC 2019 - Ludwig Nussel <lnussel@suse.de>
|
||||||
|
|
||||||
|
- export correct p11kit trust attributes so Firefox detects built in
|
||||||
|
certificates (boo#1154871). Courtesy of Fedora.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Aug 4 14:17:45 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||||
|
|
||||||
|
- update to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169)
|
||||||
|
- Removed CAs:
|
||||||
|
- Certinomis - Root CA
|
||||||
|
- includes added root CAs from the 2.32 version:
|
||||||
|
- emSign ECC Root CA - C3 (email and server auth)
|
||||||
|
- emSign ECC Root CA - G3 (email and server auth)
|
||||||
|
- emSign Root CA - C1 (email and server auth)
|
||||||
|
- emSign Root CA - G1 (email and server auth)
|
||||||
|
- Hongkong Post Root CA 3 (server auth)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 17 06:17:05 UTC 2019 - meissner@suse.com
|
||||||
|
|
||||||
|
- updated to 2.30 state of the Mozilla NSS Certificate store. (bsc#1121446)
|
||||||
|
- Removed CAs:
|
||||||
|
- AC Raiz Certicamara S.A.
|
||||||
|
- Certplus Root CA G1
|
||||||
|
- Certplus Root CA G2
|
||||||
|
- OpenTrust Root CA G1
|
||||||
|
- OpenTrust Root CA G2
|
||||||
|
- OpenTrust Root CA G3
|
||||||
|
- Visa eCommerce Root
|
||||||
|
|
||||||
|
- Added Root CAs:
|
||||||
|
- Certigna Root CA (email and server auth)
|
||||||
|
- GTS Root R1 (server auth)
|
||||||
|
- GTS Root R2 (server auth)
|
||||||
|
- GTS Root R3 (server auth)
|
||||||
|
- GTS Root R4 (server auth)
|
||||||
|
- OISTE WISeKey Global Root GC CA (email and server auth)
|
||||||
|
- UCA Extended Validation Root (server auth)
|
||||||
|
- UCA Global G2 Root (email and server auth)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Aug 16 08:42:38 UTC 2018 - meissner@suse.com
|
||||||
|
|
||||||
|
- updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780)
|
||||||
|
- removed server auth
|
||||||
|
- Certplus Root CA G1
|
||||||
|
- Certplus Root CA G2
|
||||||
|
- OpenTrust Root CA G1
|
||||||
|
- OpenTrust Root CA G2
|
||||||
|
- OpenTrust Root CA G3
|
||||||
|
- remove CA
|
||||||
|
- ComSign CA
|
||||||
|
- added new CA
|
||||||
|
- GlobalSign
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 6 14:40:58 UTC 2018 - meissner@suse.com
|
||||||
|
|
||||||
|
- Updated to 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415)
|
||||||
|
- Removed CAs:
|
||||||
|
* S-TRUST_Universal_Root_CA:2.16.96.86.197.75.35.64.91.100.212.237.37.218.217.214.30.30.crt
|
||||||
|
* TC_TrustCenter_Class_3_CA_II:2.14.74.71.0.1.0.2.229.160.93.214.63.0.81.191.crt
|
||||||
|
* TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5:2.7.0.142.23.254.36.32.129.crt
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Mar 20 13:12:37 CET 2018 - kukuk@suse.de
|
||||||
|
|
||||||
|
- Use %license instead of %doc [bsc#1082318]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 25 09:43:25 UTC 2018 - meissner@suse.com
|
||||||
|
|
||||||
|
- Updated to 2.22 state of the Mozilla NSS Certificate store (bsc#1071152,
|
||||||
|
bsc#1071390, bsc#1010996)
|
||||||
|
- Removed CAs:
|
||||||
|
|
||||||
|
* ACEDICOM Root
|
||||||
|
* AddTrust Public CA Root
|
||||||
|
* AddTrust Qualified CA Root
|
||||||
|
* ApplicationCA - Japanese Government
|
||||||
|
* CA Disig Root R1
|
||||||
|
* CA WoSign ECC Root
|
||||||
|
* Certification Authority of WoSign G2
|
||||||
|
* Certinomis - Autorité Racine
|
||||||
|
* China Internet Network Information Center EV Certificates Root
|
||||||
|
* CNNIC ROOT
|
||||||
|
* Comodo Secure Certificate Services
|
||||||
|
* Comodo Trusted Certificate Services
|
||||||
|
* ComSign Secured CA
|
||||||
|
* DST ACES CA X6
|
||||||
|
* GeoTrust Global CA 2
|
||||||
|
* StartCom Certification Authority
|
||||||
|
* StartCom Certification Authority
|
||||||
|
* StartCom Certification Authority G2
|
||||||
|
* Swisscom Root CA 1
|
||||||
|
* TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
|
||||||
|
* TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
|
||||||
|
* TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
|
||||||
|
* UTN USERFirst Hardware Root CA
|
||||||
|
* UTN USERFirst Object Root CA
|
||||||
|
* VeriSign Class 3 Secure Server CA - G2
|
||||||
|
* WellsSecure Public Root Certificate Authority
|
||||||
|
* Certification Authority of WoSign
|
||||||
|
* WoSign China
|
||||||
|
|
||||||
|
- Added CAs:
|
||||||
|
|
||||||
|
* D-TRUST Root CA 3 2013
|
||||||
|
* GDCA TrustAUTH R5 ROOT
|
||||||
|
* SSL.com EV Root Certification Authority ECC
|
||||||
|
* SSL.com EV Root Certification Authority RSA R2
|
||||||
|
* SSL.com Root Certification Authority ECC
|
||||||
|
* SSL.com Root Certification Authority RSA
|
||||||
|
* TrustCor RootCert CA-1
|
||||||
|
* TrustCor RootCert CA-2
|
||||||
|
* TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 25 12:40:36 UTC 2017 - jmatejek@suse.com
|
||||||
|
|
||||||
|
- convert processing script to Python 3
|
||||||
|
- ensure a stable conversion of UTF8 hex-encoded certificate names
|
||||||
|
- ensure a stable ordering of trust/distrust bits in headers
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jan 24 12:46:29 UTC 2017 - meissner@suse.com
|
||||||
|
|
||||||
|
- updated to 2.11 state of the Mozilla NSS Certificate store.
|
||||||
|
- removed CAs:
|
||||||
|
- Buypass_Class_2_CA_1:2.1.1.crt
|
||||||
|
serverAuth
|
||||||
|
- EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:2.8.76.175.115.66.28.142.116.2.crt
|
||||||
|
codeSigning emailProtection serverAuth
|
||||||
|
- Equifax_Secure_CA:2.4.53.222.244.207.crt
|
||||||
|
emailProtection
|
||||||
|
- Equifax_Secure_eBusiness_CA_1:2.1.4.crt
|
||||||
|
emailProtection
|
||||||
|
- Equifax_Secure_Global_eBusiness_CA:2.1.1.crt
|
||||||
|
emailProtection
|
||||||
|
- IGC_A:2.5.57.17.69.16.148.crt
|
||||||
|
codeSigning emailProtection serverAuth
|
||||||
|
- Juur-SK:2.4.59.142.75.252.crt
|
||||||
|
codeSigning serverAuth
|
||||||
|
- Root_CA_Generalitat_Valenciana:2.4.59.69.229.104.crt
|
||||||
|
codeSigning emailProtection serverAuth
|
||||||
|
- RSA_Security_2048_v3:2.16.10.1.1.1.0.0.2.124.0.0.0.10.0.0.0.2.crt
|
||||||
|
codeSigning emailProtection serverAuth
|
||||||
|
- Sonera_Class_1_Root_CA:2.1.36.crt
|
||||||
|
emailProtection
|
||||||
|
- S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:2.16.55.25.24.230.83.84.124.26.181.184.203.89.90.219.53.183.crt
|
||||||
|
emailProtection
|
||||||
|
- Verisign_Class_1_Public_Primary_Certification_Authority:2.16.63.105.30.129.156.240.154.74.243.115.255.185.72.162.228.221.crt
|
||||||
|
emailProtection
|
||||||
|
- Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:2.17.0.185.47.96.204.136.159.161.122.70.9.184.91.112.108.138.175.crt
|
||||||
|
emailProtection
|
||||||
|
- Verisign_Class_3_Public_Primary_Certification_Authority:2.16.112.186.228.29.16.217.41.52.182.56.202.123.3.204.186.191.crt
|
||||||
|
emailProtection
|
||||||
|
- added CAs:
|
||||||
|
+ AC_RAIZ_FNMT-RCM:2.15.93.147.141.48.103.54.200.6.29.26.199.84.132.105.7.crt
|
||||||
|
serverAuth
|
||||||
|
+ Amazon_Root_CA_1:2.19.6.108.159.207.153.191.140.10.57.226.240.120.138.67.230.150.54.91.202.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ Amazon_Root_CA_2:2.19.6.108.159.210.150.53.134.159.10.15.229.134.120.248.91.38.187.138.55.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ Amazon_Root_CA_3:2.19.6.108.159.213.116.151.54.102.63.59.11.154.217.232.158.118.3.242.74.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ Amazon_Root_CA_4:2.19.6.108.159.215.193.187.16.76.41.67.229.113.123.123.44.200.26.193.14.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ Certplus_Root_CA_G1:2.18.17.32.85.131.228.45.62.84.86.133.45.131.55.183.44.220.70.17.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ Certplus_Root_CA_G2:2.18.17.32.217.145.206.174.163.232.197.231.255.233.2.175.207.115.188.85.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ ISRG_Root_X1:2.17.0.130.16.207.176.210.64.227.89.68.99.224.187.99.130.139.0.crt (bsc#1010996)
|
||||||
|
serverAuth
|
||||||
|
+ LuxTrust_Global_Root_2:2.20.10.126.166.223.75.68.158.218.106.36.133.158.230.184.21.211.22.127.187.177.crt
|
||||||
|
serverAuth
|
||||||
|
+ OpenTrust_Root_CA_G1:2.18.17.32.179.144.85.57.125.127.54.109.100.194.167.159.107.99.142.103.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ OpenTrust_Root_CA_G2:2.18.17.32.161.105.27.191.189.185.189.82.150.143.35.232.72.191.38.17.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ OpenTrust_Root_CA_G3:2.18.17.32.230.248.76.252.36.176.190.5.64.172.218.131.27.52.96.63.crt
|
||||||
|
emailProtection serverAuth
|
||||||
|
+ Symantec_Class_1_Public_Primary_Certification_Authority_-_G4:2.16.33.110.51.165.203.211.136.164.111.41.7.180.39.60.196.216.crt
|
||||||
|
emailProtection
|
||||||
|
+ Symantec_Class_1_Public_Primary_Certification_Authority_-_G6:2.16.36.50.117.242.29.47.210.9.51.247.180.106.202.208.243.152.crt
|
||||||
|
emailProtection
|
||||||
|
+ Symantec_Class_2_Public_Primary_Certification_Authority_-_G4:2.16.52.23.101.18.64.59.183.86.128.45.128.203.121.85.166.30.crt
|
||||||
|
emailProtection
|
||||||
|
+ Symantec_Class_2_Public_Primary_Certification_Authority_-_G6:2.16.100.130.158.252.55.30.116.93.252.151.255.151.200.177.255.65.crt
|
||||||
|
emailProtection
|
||||||
|
|
||||||
|
- diff-from-upstream-2.7.patch: removed as we should be able to do
|
||||||
|
intermediate root chains now with openssl 1.0.2 and also gnutls 3.5
|
||||||
|
is able to do so.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 6 11:21:32 UTC 2016 - meissner@suse.com
|
||||||
|
|
||||||
|
- diff-from-upstream-2.7.patch: restore some important legacy
|
||||||
|
CAs, otherwise Pidgin fails to talk to Google Talk for instance.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 31 13:07:40 UTC 2016 - meissner@suse.com
|
||||||
|
|
||||||
|
- Updated to 2.7 (bsc#973042).
|
||||||
|
- diff-from-upstream-2.2.patch: removed as openssl 1.0.2 can do
|
||||||
|
immediate root CAs.
|
||||||
|
|
||||||
|
- Removed server trust from:
|
||||||
|
AC Raíz Certicámara S.A.
|
||||||
|
ComSign Secured CA
|
||||||
|
NetLock Uzleti (Class B) Tanusitvanykiado
|
||||||
|
NetLock Business (Class B) Root
|
||||||
|
NetLock Expressz (Class C) Tanusitvanykiado
|
||||||
|
TC TrustCenter Class 3 CA II
|
||||||
|
TURKTRUST Certificate Services Provider Root 1
|
||||||
|
TURKTRUST Certificate Services Provider Root 2
|
||||||
|
Equifax Secure Global eBusiness CA-1
|
||||||
|
Verisign Class 4 Public Primary Certification Authority G3
|
||||||
|
- enable server trust
|
||||||
|
Actalis Authentication Root CA
|
||||||
|
- Deleted CAs:
|
||||||
|
A Trust nQual 03
|
||||||
|
Buypass Class 3 CA 1
|
||||||
|
CA Disig
|
||||||
|
Digital Signature Trust Co Global CA 1
|
||||||
|
Digital Signature Trust Co Global CA 3
|
||||||
|
E Guven Kok Elektronik Sertifika Hizmet Saglayicisi
|
||||||
|
NetLock Expressz (Class C) Tanusitvanykiado
|
||||||
|
NetLock Kozjegyzoi (Class A) Tanusitvanykiado
|
||||||
|
NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
|
||||||
|
NetLock Uzleti (Class B) Tanusitvanykiado
|
||||||
|
SG TRUST SERVICES RACINE
|
||||||
|
Staat der Nederlanden Root CA
|
||||||
|
TC TrustCenter Class 2 CA II
|
||||||
|
TC TrustCenter Universal CA I
|
||||||
|
TDC Internet Root CA
|
||||||
|
UTN DATACorp SGC Root CA
|
||||||
|
Verisign Class 1 Public Primary Certification Authority - G2
|
||||||
|
Verisign Class 3 Public Primary Certification Authority
|
||||||
|
Verisign Class 3 Public Primary Certification Authority - G2
|
||||||
|
|
||||||
|
- New added CAs:
|
||||||
|
CA WoSign ECC Root
|
||||||
|
Certification Authority of WoSign
|
||||||
|
Certification Authority of WoSign G2
|
||||||
|
Certinomis - Root CA
|
||||||
|
Certum Trusted Network CA 2
|
||||||
|
CFCA EV ROOT
|
||||||
|
COMODO RSA Certification Authority
|
||||||
|
DigiCert Assured ID Root G2
|
||||||
|
DigiCert Assured ID Root G3
|
||||||
|
DigiCert Global Root G2
|
||||||
|
DigiCert Global Root G3
|
||||||
|
DigiCert Trusted Root G4
|
||||||
|
Entrust Root Certification Authority - EC1
|
||||||
|
Entrust Root Certification Authority - G2
|
||||||
|
GlobalSign
|
||||||
|
GlobalSign
|
||||||
|
IdenTrust Commercial Root CA 1
|
||||||
|
IdenTrust Public Sector Root CA 1
|
||||||
|
OISTE WISeKey Global Root GB CA
|
||||||
|
QuoVadis Root CA 1 G3
|
||||||
|
QuoVadis Root CA 2 G3
|
||||||
|
QuoVadis Root CA 3 G3
|
||||||
|
Staat der Nederlanden EV Root CA
|
||||||
|
Staat der Nederlanden Root CA - G3
|
||||||
|
S-TRUST Universal Root CA
|
||||||
|
SZAFIR ROOT CA2
|
||||||
|
TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
|
||||||
|
TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
|
||||||
|
USERTrust ECC Certification Authority
|
||||||
|
USERTrust RSA Certification Authority
|
||||||
|
沃通根证书
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 14 09:40:00 UTC 2015 - meissner@suse.com
|
||||||
|
|
||||||
|
- diff-from-upstream-2.2.patch:
|
||||||
|
Temporary reenable some root ca trusts, as openssl/gnutls
|
||||||
|
have trouble using intermediates as root CA.
|
||||||
|
|
||||||
|
- GTE CyberTrust Global Root
|
||||||
|
- Thawte Server CA
|
||||||
|
- Thawte Premium Server CA
|
||||||
|
- ValiCert Class 1 VA
|
||||||
|
- ValiCert Class 2 VA
|
||||||
|
- RSA Root Certificate 1
|
||||||
|
- Entrust.net Secure Server CA
|
||||||
|
- America Online Root Certification Authority 1
|
||||||
|
- America Online Root Certification Authority 2
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 12 16:45:23 UTC 2015 - meissner@suse.com
|
||||||
|
|
||||||
|
- Updated to 2.2 (bnc#888534)
|
||||||
|
- The following CAs were removed:
|
||||||
|
+ America_Online_Root_Certification_Authority_1
|
||||||
|
+ America_Online_Root_Certification_Authority_2
|
||||||
|
+ GTE_CyberTrust_Global_Root
|
||||||
|
+ Thawte_Premium_Server_CA
|
||||||
|
+ Thawte_Server_CA
|
||||||
|
- The following CAs were added:
|
||||||
|
+ COMODO_RSA_Certification_Authority
|
||||||
|
codeSigning emailProtection serverAuth
|
||||||
|
+ GlobalSign_ECC_Root_CA_-_R4
|
||||||
|
codeSigning emailProtection serverAuth
|
||||||
|
+ GlobalSign_ECC_Root_CA_-_R5
|
||||||
|
codeSigning emailProtection serverAuth
|
||||||
|
+ USERTrust_ECC_Certification_Authority
|
||||||
|
codeSigning emailProtection serverAuth
|
||||||
|
+ USERTrust_RSA_Certification_Authority
|
||||||
|
codeSigning emailProtection serverAuth
|
||||||
|
+ VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal
|
||||||
|
- The following CAs were changed:
|
||||||
|
+ Equifax_Secure_eBusiness_CA_1
|
||||||
|
remote code signing and https trust, leave email trust
|
||||||
|
+ Verisign_Class_3_Public_Primary_Certification_Authority_-_G2
|
||||||
|
only trust emailProtection
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Aug 26 13:30:12 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- Updated to 2.1 (bnc#888534)
|
||||||
|
|
||||||
|
- The following 1024-bit CA certificates were removed
|
||||||
|
- Entrust.net Secure Server Certification Authority
|
||||||
|
- ValiCert Class 1 Policy Validation Authority
|
||||||
|
- ValiCert Class 2 Policy Validation Authority
|
||||||
|
- ValiCert Class 3 Policy Validation Authority
|
||||||
|
- TDC Internet Root CA
|
||||||
|
- The following CA certificates were added:
|
||||||
|
- Certification Authority of WoSign
|
||||||
|
- CA 沃通根证书
|
||||||
|
- DigiCert Assured ID Root G2
|
||||||
|
- DigiCert Assured ID Root G3
|
||||||
|
- DigiCert Global Root G2
|
||||||
|
- DigiCert Global Root G3
|
||||||
|
- DigiCert Trusted Root G4
|
||||||
|
- QuoVadis Root CA 1 G3
|
||||||
|
- QuoVadis Root CA 2 G3
|
||||||
|
- QuoVadis Root CA 3 G3
|
||||||
|
- The Trust Bits were changed for the following CA certificates
|
||||||
|
- Class 3 Public Primary Certification Authority
|
||||||
|
- Class 3 Public Primary Certification Authority
|
||||||
|
- Class 2 Public Primary Certification Authority - G2
|
||||||
|
- VeriSign Class 2 Public Primary Certification Authority - G3
|
||||||
|
- AC Raíz Certicámara S.A.
|
||||||
|
- NetLock Uzleti (Class B) Tanusitvanykiado
|
||||||
|
- NetLock Expressz (Class C) Tanusitvanykiado
|
||||||
|
|
||||||
|
- certdata-temporary-1024.patch: restore some certificates removed
|
||||||
|
from NSS as these are still used for some major sites.
|
||||||
|
openssl is not as clever as NSS in selecting the new ones in the
|
||||||
|
chain correctly.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 18 15:05:23 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- do not provide openssl-certs, just obsolete it.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 10 12:52:29 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- in sle11 we bumped openssl-certs version to match the NSS version,
|
||||||
|
so provide/obsolete the current version.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 4 08:21:33 UTC 2014 - lnussel@suse.de
|
||||||
|
|
||||||
|
- updated certificates to revision 1.97 (bnc#881241)
|
||||||
|
new: "Atos TrustedRoot 2011" (codeSigning emailProtection serverAuth)
|
||||||
|
new: "Tugra Certification Authority" (codeSigning serverAuth)
|
||||||
|
removed: "Firmaprofesional Root CA"
|
||||||
|
removed: "TDC OCES Root CA"
|
||||||
|
new: "TeliaSonera Root CA v1" (emailProtection serverAuth)
|
||||||
|
new: "T-TeleSec GlobalRoot Class 2" (emailProtection serverAuth)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Feb 21 16:18:35 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- updated certificates to revision 1.96 (bnc#865080)
|
||||||
|
new: ACCVRAIZ1.pem (Spain) (all trusts)
|
||||||
|
new: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email signing only)
|
||||||
|
new: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)
|
||||||
|
removed: Wells_Fargo_Root_CA.pem
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 9 16:01:29 UTC 2013 - meissner@suse.com
|
||||||
|
|
||||||
|
- Updated to 1.95
|
||||||
|
Distrust a sub-ca that issued google.com certificates.
|
||||||
|
"Distrusted AC DG Tresor SSL" (bnc#854367)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 9 09:56:32 UTC 2013 - lnussel@suse.de
|
||||||
|
|
||||||
|
- fix handling of certificates with same name (bnc#854163)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 29 13:52:16 UTC 2013 - meissner@suse.com
|
||||||
|
|
||||||
|
- Updated to 1.94
|
||||||
|
* new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt
|
||||||
|
server auth, code signing, email signing
|
||||||
|
* new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt
|
||||||
|
server auth, code signing, email signing
|
||||||
|
* new: China_Internet_Network_Information_Center_EV_Certificates_Root:2.4.72.159.0.1.crt
|
||||||
|
server auth
|
||||||
|
* changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.crt
|
||||||
|
removed code signing and server auth abilities
|
||||||
|
* changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.crt
|
||||||
|
removed code signing and server auth abilities
|
||||||
|
* new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt
|
||||||
|
server auth
|
||||||
|
* new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt
|
||||||
|
server auth
|
||||||
|
* removed: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.crt
|
||||||
|
* new: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.crt
|
||||||
|
I think the missing flags were adjusted.
|
||||||
|
* removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt
|
||||||
|
* new: PSCProcert:2.1.11.crt
|
||||||
|
server auth, code signing, email signing
|
||||||
|
* new: Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124.74.30.90.24.103.182.crt
|
||||||
|
server auth, code signing, email signing
|
||||||
|
* new: Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.253.16.29.4.31.118.202.88.crt
|
||||||
|
server auth, code signing
|
||||||
|
* changed: TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51.21.2.228.108.244.crt
|
||||||
|
removed all abilities
|
||||||
|
* new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt
|
||||||
|
server auth, code signing
|
||||||
|
* changed: TWCA_Root_Certification_Authority:2.1.1.crt
|
||||||
|
added code signing ability
|
||||||
|
- removed temporary Entrust.net_Premium_2048_Secure_Server_CA.p11-kit override.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 19 13:07:07 UTC 2013 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update Entrust root attributes to new format used by p11-kit
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 24 15:05:31 UTC 2013 - lnussel@suse.de
|
||||||
|
|
||||||
|
- remove superfluous double quotes from certificate names
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 24 14:21:18 UTC 2013 - lnussel@suse.de
|
||||||
|
|
||||||
|
- add fake basic contraints to Entrust root so p11-kit export the cert
|
||||||
|
(bnc#829471)
|
||||||
|
- add nssckbi.h that matches certdata.txt; make sure package has the
|
||||||
|
correct version number which is currently 1.93. No actual content
|
||||||
|
change in certdata.txt compared to 1.85, it's just that the
|
||||||
|
versioning scheme changed.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 27 16:03:05 UTC 2013 - lnussel@suse.de
|
||||||
|
|
||||||
|
- use certdata2pem.py from Fedora to extract all certs
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jun 21 12:59:53 UTC 2013 - lnussel@suse.de
|
||||||
|
|
||||||
|
- use correct 'anchors' subdirectory
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 19 09:30:00 UTC 2013 - lnussel@suse.de
|
||||||
|
|
||||||
|
- new location of CA certificate anchors is
|
||||||
|
/usr/share/ca-certificates/anchors
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 3 19:16:01 UTC 2013 - idonmez@suse.com
|
||||||
|
|
||||||
|
- update certificates to revision 1.87 (bnc#796628)
|
||||||
|
* new "EE Certification Centre Root CA"
|
||||||
|
* new "T-TeleSec GlobalRoot Class 3"
|
||||||
|
* revoke mis-issued intermediate CAs from TURKTRUST
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 10 14:50:00 UTC 2012 - meissner@suse.com
|
||||||
|
|
||||||
|
- updated certificates to revision 1.85 (bnc#783509)
|
||||||
|
* new "Actalis Authentication Root CA"
|
||||||
|
* new "Trustis FPS Root CA"
|
||||||
|
* new "StartCom Certification Authority"
|
||||||
|
* new "StartCom Certification Authority G2"
|
||||||
|
* new "Buypass Class 2 Root CA"
|
||||||
|
* new "Buypass Class 3 Root CA"
|
||||||
|
* updated: "Sonera Class2 CA": remove code-signing
|
||||||
|
* updated: "thawte Primary Root CA": added code-signing
|
||||||
|
* updated: "Trustis_FPS_Root_CA.pem": added code-signing
|
||||||
|
* updated: VeriSign Class 3 Public Primary Certification Authority - G5":
|
||||||
|
added code-signing, email-protection
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 3 12:13:20 UTC 2012 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certificates to revision 1.83 (bnc#760503)
|
||||||
|
* new: EC_ACC.pem
|
||||||
|
* new: Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
|
||||||
|
* new: Security_Communication_RootCA2.pem
|
||||||
|
* removed: TC_TrustCenter_Germany_Class_2_CA.pem
|
||||||
|
* removed: TC_TrustCenter_Germany_Class_3_CA.pem
|
||||||
|
* removed: Verisign_Class_1_Public_Primary_Certification_Authority.1.pem
|
||||||
|
* removed: Verisign_Class_2_Public_Primary_Certification_Authority.pem
|
||||||
|
* removed: Verisign_Class_4_Public_Primary_Certification_Authority_G2.pem
|
||||||
|
- license change to MPL-2.0
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 13 08:52:29 UTC 2012 - cfarrell@suse.com
|
||||||
|
|
||||||
|
- license update: MPL-1.1 or GPL-2.0+ or LGPL-2.1+
|
||||||
|
SPDX format and correct GPL and LGPL tags to include or later
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 12 11:30:31 UTC 2012 - coolo@suse.com
|
||||||
|
|
||||||
|
- change license to be in spdx.org format
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Sep 17 21:58:34 UTC 2011 - jengelh@medozas.de
|
||||||
|
|
||||||
|
- Remove redundant tags/sections from specfile
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Aug 31 09:02:10 UTC 2011 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certificates to revision 1.76
|
||||||
|
* new: Go_Daddy_Root_Certificate_Authority_G2.pem
|
||||||
|
* new: Starfield_Root_Certificate_Authority_G2.pem
|
||||||
|
* new: Starfield_Services_Root_Certificate_Authority_G2.pem
|
||||||
|
* new: AffirmTrust_Commercial.pem
|
||||||
|
* new: AffirmTrust_Networking.pem
|
||||||
|
* new: AffirmTrust_Premium.pem
|
||||||
|
* new: AffirmTrust_Premium_ECC.pem
|
||||||
|
* new: Certum_Trusted_Network_CA.pem
|
||||||
|
* new: Certinomis_Autorit_Racine.pem
|
||||||
|
* new: Root_CA_Generalitat_Valenciana.pem
|
||||||
|
* new: A_Trust_nQual_03.pem
|
||||||
|
* new: TWCA_Root_Certification_Authority.pem
|
||||||
|
* removed: DigiNotar_Root_CA.pem (bnc#714931)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 31 13:43:23 UTC 2011 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certificates to revision 1.70
|
||||||
|
* new: AddTrust_Qualified_Certificates_Root.pem
|
||||||
|
* new: Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
|
||||||
|
* new: Chambers_of_Commerce_Root_2008.pem
|
||||||
|
* new: Global_Chambersign_Root_2008.pem
|
||||||
|
* new: Izenpe_com.pem
|
||||||
|
* new: TC_TrustCenter_Universal_CA_III.pem
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 27 14:27:52 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certificates to revision 1.65
|
||||||
|
* new: E_Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.pem
|
||||||
|
* new: GlobalSign_Root_CA_R3.pem
|
||||||
|
* new: Microsec_e_Szigno_Root_CA_2009.pem
|
||||||
|
* new: Verisign_Class_1_Public_Primary_Certification_Authority.1.pem
|
||||||
|
* new: Verisign_Class_3_Public_Primary_Certification_Authority.1.pem
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 21 12:30:01 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certificates to revision 1.64
|
||||||
|
* removed "RSA Security 1024 V3" certificate
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 8 09:24:37 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- require ca-certificates also for postun
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 1 12:14:11 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- don't output trusted certs by default as it's not supported by
|
||||||
|
gnutls yet and pidgin scans /etc/ssl/certs
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 1 11:39:01 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certificates to revision 1.62
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 26 15:27:34 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- extract trustbits as comment as Fedora does
|
||||||
|
- convert to trusted certificates in spec file instead
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 25 08:16:56 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- rename to ca-certificates-mozilla
|
||||||
|
- output trusted certificates
|
||||||
|
- use utf8 in file names
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 2 16:27:35 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certificates to revision 1.57
|
||||||
|
- add script to compare with previous certificates
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 30 13:17:45 UTC 2009 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certifiates to cvs revision 1.56
|
||||||
|
- exclude certficates that are not trusted for identifying web sites
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 2 11:29:03 CET 2008 - cfarrell@suse.de
|
||||||
|
|
||||||
|
- Add openssl-certs.COPYING to fix bnc#441356
|
||||||
|
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Oct 9 17:49:57 CEST 2008 - lnussel@suse.de
|
||||||
|
|
||||||
|
- use certificates from MozillaFirefox
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 9 15:15:38 CEST 2008 - mkoenig@suse.de
|
||||||
|
|
||||||
|
- split out the CA root certificates from the openssl certs
|
||||||
|
subpackage into a package of its own.
|
||||||
|
|
137
ca-certificates-mozilla.spec
Normal file
137
ca-certificates-mozilla.spec
Normal file
@ -0,0 +1,137 @@
|
|||||||
|
#
|
||||||
|
# spec file for package ca-certificates-mozilla
|
||||||
|
#
|
||||||
|
# Copyright (c) 2023 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
# ensure p11-kit has the required features on SLE for
|
||||||
|
# https://bugzilla.suse.com/show_bug.cgi?id=1154871
|
||||||
|
%if 0%{?suse_version} == 1500
|
||||||
|
%if 0%{?is_opensuse}
|
||||||
|
# Leap 15.1
|
||||||
|
%define p11_kit_min 0.23.2-lp151.4.3.1
|
||||||
|
%else
|
||||||
|
# 15GA
|
||||||
|
%define p11_kit_min 0.23.2-4.5.2
|
||||||
|
%endif
|
||||||
|
%else
|
||||||
|
%if 0%{?suse_version} == 1315 && 0%{?sle_version} > 120300
|
||||||
|
# 12SP3
|
||||||
|
%define p11_kit_min 0.20.7-3.3.1
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
#
|
||||||
|
%define certdir %{trustdir_static}
|
||||||
|
Name: ca-certificates-mozilla
|
||||||
|
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
|
||||||
|
# http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h
|
||||||
|
Version: 2.62
|
||||||
|
Release: 0
|
||||||
|
Summary: CA certificates for OpenSSL
|
||||||
|
License: MPL-2.0
|
||||||
|
Group: Productivity/Networking/Security
|
||||||
|
URL: https://www.mozilla.org
|
||||||
|
# IMPORTANT: procedure to update certificates:
|
||||||
|
# - Check the log of the cert file:
|
||||||
|
# http://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt
|
||||||
|
# - download the new certdata.txt
|
||||||
|
# wget -O certdata.txt "http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/certdata.txt"
|
||||||
|
# - run compareoldnew to show fingerprints of new and changed certificates
|
||||||
|
# - check the bugs referenced in hg log and compare the checksum
|
||||||
|
# to output of compareoldnew
|
||||||
|
# - Watch out that blacklisted or untrusted certificates are not
|
||||||
|
# accidentally included!
|
||||||
|
Source: https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt
|
||||||
|
Source1: https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssckbi.h
|
||||||
|
#Source10: https://src.fedoraproject.org/rpms/ca-certificates/raw/master/f/certdata2pem.py
|
||||||
|
Source10: certdata2pem.py
|
||||||
|
Source11: %{name}.COPYING
|
||||||
|
Source12: compareoldnew
|
||||||
|
Patch0: remove-trustcor.patch
|
||||||
|
BuildRequires: ca-certificates
|
||||||
|
BuildRequires: openssl
|
||||||
|
BuildRequires: p11-kit-devel
|
||||||
|
BuildRequires: python3-base
|
||||||
|
# for update-ca-certificates
|
||||||
|
Requires(post): ca-certificates
|
||||||
|
Requires(postun):ca-certificates
|
||||||
|
#
|
||||||
|
# replaces this package from SLE11 times
|
||||||
|
Obsoletes: openssl-certs
|
||||||
|
BuildArch: noarch
|
||||||
|
%if %{defined p11_kit_min}
|
||||||
|
Conflicts: p11-kit-tools < %p11_kit_min
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package contains some CA root certificates for OpenSSL extracted
|
||||||
|
from MozillaFirefox
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -qcT
|
||||||
|
|
||||||
|
mkdir certs
|
||||||
|
cp %{SOURCE0} certs
|
||||||
|
cd certs
|
||||||
|
%patch0 -p0
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
install -m 644 %{SOURCE11} COPYING
|
||||||
|
ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"`
|
||||||
|
if [ "%{version}" != "$ver" ]; then
|
||||||
|
echo "*** Version number mismatch: spec file should be version $ver"
|
||||||
|
false
|
||||||
|
fi
|
||||||
|
|
||||||
|
%build
|
||||||
|
export LANG=en_US.UTF-8
|
||||||
|
cd certs
|
||||||
|
python3 %{SOURCE10}
|
||||||
|
cd ..
|
||||||
|
(
|
||||||
|
cat <<-EOF
|
||||||
|
# This is a bundle of X.509 certificates of public Certificate
|
||||||
|
# Authorities. It was generated from the Mozilla root CA list.
|
||||||
|
# These certificates and trust/distrust attributes use the file format accepted
|
||||||
|
# by the p11-kit-trust module.
|
||||||
|
#
|
||||||
|
# Source: nss/lib/ckfw/builtins/certdata.txt
|
||||||
|
# Source: nss/lib/ckfw/builtins/nssckbi.h
|
||||||
|
#
|
||||||
|
# Generated from:
|
||||||
|
EOF
|
||||||
|
awk '$2 = "NSS_BUILTINS_LIBRARY_VERSION" {print "# " $2 " " $3}';
|
||||||
|
echo '#';
|
||||||
|
ls -1 certs/*.tmp-p11-kit | sort | xargs cat
|
||||||
|
) > %{name}.trust.p11-kit
|
||||||
|
|
||||||
|
%install
|
||||||
|
mkdir -p %{buildroot}/%{trustdir_static}
|
||||||
|
install -m 644 %{name}.trust.p11-kit "%{buildroot}/%{trustdir_static}/%{name}.trust.p11-kit"
|
||||||
|
|
||||||
|
%post
|
||||||
|
update-ca-certificates || true
|
||||||
|
|
||||||
|
%postun
|
||||||
|
update-ca-certificates || true
|
||||||
|
|
||||||
|
%posttrans
|
||||||
|
update-ca-certificates || true
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license COPYING
|
||||||
|
%{trustdir_static}
|
||||||
|
|
||||||
|
%changelog
|
25567
certdata.txt
Normal file
25567
certdata.txt
Normal file
File diff suppressed because it is too large
Load Diff
413
certdata2pem.py
Normal file
413
certdata2pem.py
Normal file
@ -0,0 +1,413 @@
|
|||||||
|
#!/usr/bin/python
|
||||||
|
# vim:set et sw=4:
|
||||||
|
#
|
||||||
|
# certdata2pem.py - splits certdata.txt into multiple files
|
||||||
|
#
|
||||||
|
# Copyright (C) 2009 Philipp Kern <pkern@debian.org>
|
||||||
|
# Copyright (C) 2013 Kai Engert <kaie@redhat.com>
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
|
||||||
|
# USA.
|
||||||
|
|
||||||
|
import base64
|
||||||
|
import os.path
|
||||||
|
import re
|
||||||
|
import sys
|
||||||
|
import textwrap
|
||||||
|
import urllib.request, urllib.parse, urllib.error
|
||||||
|
import subprocess
|
||||||
|
|
||||||
|
objects = []
|
||||||
|
|
||||||
|
def printable_serial(obj):
|
||||||
|
return ".".join([str(x) for x in obj['CKA_SERIAL_NUMBER']])
|
||||||
|
|
||||||
|
# Dirty file parser.
|
||||||
|
in_data, in_multiline, in_obj = False, False, False
|
||||||
|
field, ftype, value, binval, obj = None, None, None, bytearray(), dict()
|
||||||
|
for line in open('certdata.txt', 'r'):
|
||||||
|
# Ignore the file header.
|
||||||
|
if not in_data:
|
||||||
|
if line.startswith('BEGINDATA'):
|
||||||
|
in_data = True
|
||||||
|
continue
|
||||||
|
# Ignore comment lines.
|
||||||
|
if line.startswith('#'):
|
||||||
|
continue
|
||||||
|
# Empty lines are significant if we are inside an object.
|
||||||
|
if in_obj and len(line.strip()) == 0:
|
||||||
|
objects.append(obj)
|
||||||
|
obj = dict()
|
||||||
|
in_obj = False
|
||||||
|
continue
|
||||||
|
if len(line.strip()) == 0:
|
||||||
|
continue
|
||||||
|
if in_multiline:
|
||||||
|
if not line.startswith('END'):
|
||||||
|
if ftype == 'MULTILINE_OCTAL':
|
||||||
|
line = line.strip()
|
||||||
|
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
|
||||||
|
integ = int(i.group(1), 8)
|
||||||
|
binval.extend((integ).to_bytes(1, sys.byteorder))
|
||||||
|
obj[field] = binval
|
||||||
|
else:
|
||||||
|
value += line
|
||||||
|
obj[field] = value
|
||||||
|
continue
|
||||||
|
in_multiline = False
|
||||||
|
continue
|
||||||
|
if line.startswith('CKA_CLASS'):
|
||||||
|
in_obj = True
|
||||||
|
line_parts = line.strip().split(' ', 2)
|
||||||
|
if len(line_parts) > 2:
|
||||||
|
field, ftype = line_parts[0:2]
|
||||||
|
value = ' '.join(line_parts[2:])
|
||||||
|
elif len(line_parts) == 2:
|
||||||
|
field, ftype = line_parts
|
||||||
|
value = None
|
||||||
|
else:
|
||||||
|
raise NotImplementedError('line_parts < 2 not supported.\n' + line)
|
||||||
|
if ftype == 'MULTILINE_OCTAL':
|
||||||
|
in_multiline = True
|
||||||
|
value = ""
|
||||||
|
binval = bytearray()
|
||||||
|
continue
|
||||||
|
obj[field] = value
|
||||||
|
if len(list(obj.items())) > 0:
|
||||||
|
objects.append(obj)
|
||||||
|
|
||||||
|
# Build up trust database.
|
||||||
|
trustmap = dict()
|
||||||
|
for obj in objects:
|
||||||
|
if obj['CKA_CLASS'] != 'CKO_NSS_TRUST':
|
||||||
|
continue
|
||||||
|
key = obj['CKA_LABEL'] + printable_serial(obj)
|
||||||
|
trustmap[key] = obj
|
||||||
|
print(" added trust", key)
|
||||||
|
|
||||||
|
# Build up cert database.
|
||||||
|
certmap = dict()
|
||||||
|
for obj in objects:
|
||||||
|
if obj['CKA_CLASS'] != 'CKO_CERTIFICATE':
|
||||||
|
continue
|
||||||
|
key = obj['CKA_LABEL'] + printable_serial(obj)
|
||||||
|
certmap[key] = obj
|
||||||
|
print(" added cert", key)
|
||||||
|
|
||||||
|
def obj_to_filename(obj):
|
||||||
|
label = obj['CKA_LABEL'][1:-1]
|
||||||
|
label = label.replace('/', '_')\
|
||||||
|
.replace(' ', '_')\
|
||||||
|
.replace('(', '=')\
|
||||||
|
.replace(')', '=')\
|
||||||
|
.replace(',', '_')
|
||||||
|
labelbytes = bytearray()
|
||||||
|
i = 0
|
||||||
|
imax = len(label)
|
||||||
|
while i < imax:
|
||||||
|
if i < imax-3 and label[i] == '\\' and label[i+1] == 'x':
|
||||||
|
labelbytes.extend(bytes.fromhex(label[i+2:i+4]))
|
||||||
|
i += 4
|
||||||
|
continue
|
||||||
|
labelbytes.extend(str.encode(label[i]))
|
||||||
|
i = i+1
|
||||||
|
continue
|
||||||
|
label = labelbytes.decode('utf-8')
|
||||||
|
serial = printable_serial(obj)
|
||||||
|
return label + ":" + serial
|
||||||
|
|
||||||
|
def write_cert_ext_to_file(f, oid, value, public_key):
|
||||||
|
f.write("[p11-kit-object-v1]\n")
|
||||||
|
f.write("label: ");
|
||||||
|
f.write(tobj['CKA_LABEL'])
|
||||||
|
f.write("\n")
|
||||||
|
f.write("class: x-certificate-extension\n");
|
||||||
|
f.write("object-id: " + oid + "\n")
|
||||||
|
f.write("value: \"" + value + "\"\n")
|
||||||
|
f.write("modifiable: false\n");
|
||||||
|
f.write(public_key)
|
||||||
|
|
||||||
|
trust_types = {
|
||||||
|
"CKA_TRUST_DIGITAL_SIGNATURE": "digital-signature",
|
||||||
|
"CKA_TRUST_NON_REPUDIATION": "non-repudiation",
|
||||||
|
"CKA_TRUST_KEY_ENCIPHERMENT": "key-encipherment",
|
||||||
|
"CKA_TRUST_DATA_ENCIPHERMENT": "data-encipherment",
|
||||||
|
"CKA_TRUST_KEY_AGREEMENT": "key-agreement",
|
||||||
|
"CKA_TRUST_KEY_CERT_SIGN": "cert-sign",
|
||||||
|
"CKA_TRUST_CRL_SIGN": "crl-sign",
|
||||||
|
"CKA_TRUST_SERVER_AUTH": "server-auth",
|
||||||
|
"CKA_TRUST_CLIENT_AUTH": "client-auth",
|
||||||
|
"CKA_TRUST_CODE_SIGNING": "code-signing",
|
||||||
|
"CKA_TRUST_EMAIL_PROTECTION": "email-protection",
|
||||||
|
"CKA_TRUST_IPSEC_END_SYSTEM": "ipsec-end-system",
|
||||||
|
"CKA_TRUST_IPSEC_TUNNEL": "ipsec-tunnel",
|
||||||
|
"CKA_TRUST_IPSEC_USER": "ipsec-user",
|
||||||
|
"CKA_TRUST_TIME_STAMPING": "time-stamping",
|
||||||
|
"CKA_TRUST_STEP_UP_APPROVED": "step-up-approved",
|
||||||
|
}
|
||||||
|
|
||||||
|
legacy_trust_types = {
|
||||||
|
"LEGACY_CKA_TRUST_SERVER_AUTH": "server-auth",
|
||||||
|
"LEGACY_CKA_TRUST_CODE_SIGNING": "code-signing",
|
||||||
|
"LEGACY_CKA_TRUST_EMAIL_PROTECTION": "email-protection",
|
||||||
|
}
|
||||||
|
|
||||||
|
legacy_to_real_trust_types = {
|
||||||
|
"LEGACY_CKA_TRUST_SERVER_AUTH": "CKA_TRUST_SERVER_AUTH",
|
||||||
|
"LEGACY_CKA_TRUST_CODE_SIGNING": "CKA_TRUST_CODE_SIGNING",
|
||||||
|
"LEGACY_CKA_TRUST_EMAIL_PROTECTION": "CKA_TRUST_EMAIL_PROTECTION",
|
||||||
|
}
|
||||||
|
|
||||||
|
openssl_trust = {
|
||||||
|
"CKA_TRUST_SERVER_AUTH": "serverAuth",
|
||||||
|
"CKA_TRUST_CLIENT_AUTH": "clientAuth",
|
||||||
|
"CKA_TRUST_CODE_SIGNING": "codeSigning",
|
||||||
|
"CKA_TRUST_EMAIL_PROTECTION": "emailProtection",
|
||||||
|
}
|
||||||
|
|
||||||
|
cert_distrust_types = {
|
||||||
|
"CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after",
|
||||||
|
"CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after",
|
||||||
|
}
|
||||||
|
|
||||||
|
for tobj in objects:
|
||||||
|
if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
|
||||||
|
key = tobj['CKA_LABEL'] + printable_serial(tobj)
|
||||||
|
print("producing trust for " + key)
|
||||||
|
trustbits = []
|
||||||
|
distrustbits = []
|
||||||
|
openssl_trustflags = []
|
||||||
|
openssl_distrustflags = []
|
||||||
|
legacy_trustbits = []
|
||||||
|
legacy_openssl_trustflags = []
|
||||||
|
for t in list(trust_types.keys()):
|
||||||
|
if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||||
|
trustbits.append(t)
|
||||||
|
if t in openssl_trust:
|
||||||
|
openssl_trustflags.append(openssl_trust[t])
|
||||||
|
if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
|
||||||
|
distrustbits.append(t)
|
||||||
|
if t in openssl_trust:
|
||||||
|
openssl_distrustflags.append(openssl_trust[t])
|
||||||
|
|
||||||
|
for t in list(legacy_trust_types.keys()):
|
||||||
|
if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||||
|
real_t = legacy_to_real_trust_types[t]
|
||||||
|
legacy_trustbits.append(real_t)
|
||||||
|
if real_t in openssl_trust:
|
||||||
|
legacy_openssl_trustflags.append(openssl_trust[real_t])
|
||||||
|
if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
|
||||||
|
raise NotImplementedError('legacy distrust not supported.\n' + line)
|
||||||
|
|
||||||
|
fname = obj_to_filename(tobj)
|
||||||
|
try:
|
||||||
|
obj = certmap[key]
|
||||||
|
except:
|
||||||
|
obj = None
|
||||||
|
|
||||||
|
# optional debug code, that dumps the parsed input to files
|
||||||
|
#fulldump = "dump-" + fname
|
||||||
|
#dumpf = open(fulldump, 'w')
|
||||||
|
#dumpf.write(str(obj));
|
||||||
|
#dumpf.write(str(tobj));
|
||||||
|
#dumpf.close();
|
||||||
|
|
||||||
|
is_legacy = 0
|
||||||
|
if 'LEGACY_CKA_TRUST_SERVER_AUTH' in tobj or 'LEGACY_CKA_TRUST_EMAIL_PROTECTION' in tobj or 'LEGACY_CKA_TRUST_CODE_SIGNING' in tobj:
|
||||||
|
is_legacy = 1
|
||||||
|
if obj == None:
|
||||||
|
raise NotImplementedError('found legacy trust without certificate.\n' + line)
|
||||||
|
|
||||||
|
legacy_fname = "legacy-default/" + fname + ".crt"
|
||||||
|
f = open(legacy_fname, 'w')
|
||||||
|
f.write("# alias=%s\n"%tobj['CKA_LABEL'])
|
||||||
|
f.write("# trust=" + " ".join(legacy_trustbits) + "\n")
|
||||||
|
if legacy_openssl_trustflags:
|
||||||
|
f.write("# openssl-trust=" + " ".join(legacy_openssl_trustflags) + "\n")
|
||||||
|
f.write("-----BEGIN CERTIFICATE-----\n")
|
||||||
|
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
|
||||||
|
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
|
||||||
|
f.write("\n".join(temp_wrapped))
|
||||||
|
f.write("\n-----END CERTIFICATE-----\n")
|
||||||
|
f.close()
|
||||||
|
|
||||||
|
if 'CKA_TRUST_SERVER_AUTH' in tobj or 'CKA_TRUST_EMAIL_PROTECTION' in tobj or 'CKA_TRUST_CODE_SIGNING' in tobj:
|
||||||
|
legacy_fname = "legacy-disable/" + fname + ".crt"
|
||||||
|
f = open(legacy_fname, 'w')
|
||||||
|
f.write("# alias=%s\n"%tobj['CKA_LABEL'])
|
||||||
|
f.write("# trust=" + " ".join(trustbits) + "\n")
|
||||||
|
if openssl_trustflags:
|
||||||
|
f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n")
|
||||||
|
f.write("-----BEGIN CERTIFICATE-----\n")
|
||||||
|
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
|
||||||
|
f.write("\n-----END CERTIFICATE-----\n")
|
||||||
|
f.close()
|
||||||
|
|
||||||
|
# don't produce p11-kit output for legacy certificates
|
||||||
|
continue
|
||||||
|
|
||||||
|
pk = ''
|
||||||
|
cert_comment = ''
|
||||||
|
if obj != None:
|
||||||
|
# must extract the public key from the cert, let's use openssl
|
||||||
|
cert_fname = "cert-" + fname
|
||||||
|
fc = open(cert_fname, 'w')
|
||||||
|
fc.write("-----BEGIN CERTIFICATE-----\n")
|
||||||
|
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
|
||||||
|
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
|
||||||
|
fc.write("\n".join(temp_wrapped))
|
||||||
|
fc.write("\n-----END CERTIFICATE-----\n")
|
||||||
|
fc.close();
|
||||||
|
pk_fname = "pubkey-" + fname
|
||||||
|
fpkout = open(pk_fname, "w")
|
||||||
|
dump_pk_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-pubkey"]
|
||||||
|
subprocess.call(dump_pk_command, stdout=fpkout)
|
||||||
|
fpkout.close()
|
||||||
|
with open (pk_fname, "r") as myfile:
|
||||||
|
pk=myfile.read()
|
||||||
|
# obtain certificate information suitable as a comment
|
||||||
|
comment_fname = "comment-" + fname
|
||||||
|
fcout = open(comment_fname, "w")
|
||||||
|
comment_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-text"]
|
||||||
|
subprocess.call(comment_command, stdout=fcout)
|
||||||
|
fcout.close()
|
||||||
|
sed_command = ["sed", "--in-place", "s/^/#/", comment_fname]
|
||||||
|
subprocess.call(sed_command)
|
||||||
|
with open (comment_fname, "r", errors = 'replace') as myfile:
|
||||||
|
cert_comment=myfile.read()
|
||||||
|
|
||||||
|
fname += ".tmp-p11-kit"
|
||||||
|
f = open(fname, 'w')
|
||||||
|
|
||||||
|
if obj != None:
|
||||||
|
is_distrusted = False
|
||||||
|
has_server_trust = False
|
||||||
|
has_email_trust = False
|
||||||
|
has_code_trust = False
|
||||||
|
|
||||||
|
if 'CKA_TRUST_SERVER_AUTH' in tobj:
|
||||||
|
if tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
|
||||||
|
is_distrusted = True
|
||||||
|
elif tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||||
|
has_server_trust = True
|
||||||
|
|
||||||
|
if 'CKA_TRUST_EMAIL_PROTECTION' in tobj:
|
||||||
|
if tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED':
|
||||||
|
is_distrusted = True
|
||||||
|
elif tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||||
|
has_email_trust = True
|
||||||
|
|
||||||
|
if 'CKA_TRUST_CODE_SIGNING' in tobj:
|
||||||
|
if tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED':
|
||||||
|
is_distrusted = True
|
||||||
|
elif tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||||
|
has_code_trust = True
|
||||||
|
|
||||||
|
if is_distrusted:
|
||||||
|
trust_ext_oid = "1.3.6.1.4.1.3319.6.10.1"
|
||||||
|
trust_ext_value = "0.%06%0a%2b%06%01%04%01%99w%06%0a%01%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
|
||||||
|
write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk)
|
||||||
|
|
||||||
|
trust_ext_oid = "2.5.29.37"
|
||||||
|
if has_server_trust:
|
||||||
|
if has_email_trust:
|
||||||
|
if has_code_trust:
|
||||||
|
# server + email + code
|
||||||
|
trust_ext_value = "0%2a%06%03U%1d%25%01%01%ff%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
|
||||||
|
else:
|
||||||
|
# server + email
|
||||||
|
trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01"
|
||||||
|
else:
|
||||||
|
if has_code_trust:
|
||||||
|
# server + code
|
||||||
|
trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
|
||||||
|
else:
|
||||||
|
# server
|
||||||
|
trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%01"
|
||||||
|
else:
|
||||||
|
if has_email_trust:
|
||||||
|
if has_code_trust:
|
||||||
|
# email + code
|
||||||
|
trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%03"
|
||||||
|
else:
|
||||||
|
# email
|
||||||
|
trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%04"
|
||||||
|
else:
|
||||||
|
if has_code_trust:
|
||||||
|
# code
|
||||||
|
trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%03"
|
||||||
|
else:
|
||||||
|
# none
|
||||||
|
trust_ext_value = "0%18%06%03U%1d%25%01%01%ff%04%0e0%0c%06%0a%2b%06%01%04%01%99w%06%0a%10"
|
||||||
|
|
||||||
|
# no 2.5.29.37 for neutral certificates
|
||||||
|
if (is_distrusted or has_server_trust or has_email_trust or has_code_trust):
|
||||||
|
write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk)
|
||||||
|
|
||||||
|
pk = ''
|
||||||
|
f.write("\n")
|
||||||
|
|
||||||
|
f.write("[p11-kit-object-v1]\n")
|
||||||
|
f.write("label: ");
|
||||||
|
f.write(tobj['CKA_LABEL'])
|
||||||
|
f.write("\n")
|
||||||
|
if is_distrusted:
|
||||||
|
f.write("x-distrusted: true\n")
|
||||||
|
elif has_server_trust or has_email_trust or has_code_trust:
|
||||||
|
f.write("trusted: true\n")
|
||||||
|
else:
|
||||||
|
f.write("trusted: false\n")
|
||||||
|
|
||||||
|
# requires p11-kit >= 0.23.4
|
||||||
|
f.write("nss-mozilla-ca-policy: true\n")
|
||||||
|
f.write("modifiable: false\n");
|
||||||
|
|
||||||
|
# requires p11-kit >= 0.23.19
|
||||||
|
for t in list(cert_distrust_types.keys()):
|
||||||
|
if t in obj:
|
||||||
|
value = obj[t]
|
||||||
|
if value == 'CK_FALSE':
|
||||||
|
value = bytearray(1)
|
||||||
|
f.write(cert_distrust_types[t] + ": \"")
|
||||||
|
f.write(urllib.parse.quote(value));
|
||||||
|
f.write("\"\n")
|
||||||
|
|
||||||
|
f.write("-----BEGIN CERTIFICATE-----\n")
|
||||||
|
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
|
||||||
|
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
|
||||||
|
f.write("\n".join(temp_wrapped))
|
||||||
|
f.write("\n-----END CERTIFICATE-----\n")
|
||||||
|
f.write(cert_comment)
|
||||||
|
f.write("\n")
|
||||||
|
|
||||||
|
else:
|
||||||
|
f.write("[p11-kit-object-v1]\n")
|
||||||
|
f.write("label: ");
|
||||||
|
f.write(tobj['CKA_LABEL']);
|
||||||
|
f.write("\n")
|
||||||
|
f.write("class: certificate\n")
|
||||||
|
f.write("certificate-type: x-509\n")
|
||||||
|
f.write("modifiable: false\n");
|
||||||
|
f.write("issuer: \"");
|
||||||
|
f.write(urllib.parse.quote(tobj['CKA_ISSUER']));
|
||||||
|
f.write("\"\n")
|
||||||
|
f.write("serial-number: \"");
|
||||||
|
f.write(urllib.parse.quote(tobj['CKA_SERIAL_NUMBER']));
|
||||||
|
f.write("\"\n")
|
||||||
|
if (tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED'):
|
||||||
|
f.write("x-distrusted: true\n")
|
||||||
|
f.write("\n\n")
|
||||||
|
f.close()
|
||||||
|
print(" -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags))
|
47
compareoldnew
Normal file
47
compareoldnew
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# print fingerprints of new or changed certificates
|
||||||
|
set -e
|
||||||
|
cleanup()
|
||||||
|
{
|
||||||
|
rm -rf new{,.files} old{,.files}
|
||||||
|
}
|
||||||
|
showcert()
|
||||||
|
{
|
||||||
|
openssl x509 -in "$1" -noout -subject -fingerprint -nameopt multiline,utf8,-esc_msb \
|
||||||
|
| sed -ne 's/ *commonName *= / CN=/p; s/.*Fingerprint=/ sha1=/p'
|
||||||
|
sed -ne '/^# \(openssl\|distrust\|alias\)/s/^#/ /p' < "$1"
|
||||||
|
}
|
||||||
|
cleanup
|
||||||
|
trap cleanup EXIT
|
||||||
|
mkdir old new
|
||||||
|
cd old
|
||||||
|
echo old...
|
||||||
|
ln -s ../.osc/certdata.txt
|
||||||
|
python3 ../certdata2pem.py > stdout 2> stderr
|
||||||
|
ls -1 cert-* | sort > ../old.files
|
||||||
|
cd ..
|
||||||
|
cd new
|
||||||
|
echo new...
|
||||||
|
ln -s ../certdata.txt
|
||||||
|
python3 ../certdata2pem.py > stdout 2> stderr
|
||||||
|
ls -1 cert-* | sort > ../new.files
|
||||||
|
cd ..
|
||||||
|
echo '----------------------------'
|
||||||
|
while read line; do
|
||||||
|
IFS='#' eval set -- \$line
|
||||||
|
old="$1"
|
||||||
|
new="$2"
|
||||||
|
common="$3"
|
||||||
|
if [ -n "$old" ]; then
|
||||||
|
echo "- $old"
|
||||||
|
showcert old/$old
|
||||||
|
elif [ -n "$new" ]; then
|
||||||
|
echo "+ $new"
|
||||||
|
showcert new/$new
|
||||||
|
elif ! cmp "old/$common" "new/$common"; then
|
||||||
|
echo "~ $common"
|
||||||
|
showcert old/$common
|
||||||
|
showcert new/$common
|
||||||
|
diff -u old/$common new/$common || true
|
||||||
|
fi
|
||||||
|
done < <(comm --output-delimiter='#' old.files new.files)
|
61
nssckbi.h
Normal file
61
nssckbi.h
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||||
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||||
|
|
||||||
|
#ifndef NSSCKBI_H
|
||||||
|
#define NSSCKBI_H
|
||||||
|
|
||||||
|
/*
|
||||||
|
* NSS BUILTINS Version numbers.
|
||||||
|
*
|
||||||
|
* These are the version numbers for the builtins module packaged with
|
||||||
|
* this release on NSS. To determine the version numbers of the builtin
|
||||||
|
* module you are using, use the appropriate PKCS #11 calls.
|
||||||
|
*
|
||||||
|
* These version numbers detail changes to the PKCS #11 interface. They map
|
||||||
|
* to the PKCS #11 spec versions.
|
||||||
|
*/
|
||||||
|
#define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
|
||||||
|
#define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20
|
||||||
|
|
||||||
|
/* These version numbers detail the changes
|
||||||
|
* to the list of trusted certificates.
|
||||||
|
*
|
||||||
|
* The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
|
||||||
|
* whenever we change the list of trusted certificates.
|
||||||
|
*
|
||||||
|
* Please use the following rules when increasing the version number:
|
||||||
|
*
|
||||||
|
* - starting with version 2.14, NSS_BUILTINS_LIBRARY_VERSION_MINOR
|
||||||
|
* must always be an EVEN number (e.g. 16, 18, 20 etc.)
|
||||||
|
*
|
||||||
|
* - whenever possible, if older branches require a modification to the
|
||||||
|
* list, these changes should be made on the main line of development (trunk),
|
||||||
|
* and the older branches should update to the most recent list.
|
||||||
|
*
|
||||||
|
* - ODD minor version numbers are reserved to indicate a snapshot that has
|
||||||
|
* deviated from the main line of development, e.g. if it was necessary
|
||||||
|
* to modify the list on a stable branch.
|
||||||
|
* Once the version has been changed to an odd number (e.g. 2.13) on a branch,
|
||||||
|
* it should remain unchanged on that branch, even if further changes are
|
||||||
|
* made on that branch.
|
||||||
|
*
|
||||||
|
* NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear
|
||||||
|
* whether we may use its full range (0-255) or only 0-99 because
|
||||||
|
* of the comment in the CK_VERSION type definition.
|
||||||
|
* It's recommend to switch back to 0 after having reached version 98/99.
|
||||||
|
*/
|
||||||
|
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
|
||||||
|
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 62
|
||||||
|
#define NSS_BUILTINS_LIBRARY_VERSION "2.62"
|
||||||
|
|
||||||
|
/* These version numbers detail the semantic changes to the ckfw engine. */
|
||||||
|
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
|
||||||
|
#define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
|
||||||
|
|
||||||
|
/* These version numbers detail the semantic changes to ckbi itself
|
||||||
|
* (new PKCS #11 objects), etc. */
|
||||||
|
#define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
|
||||||
|
#define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0
|
||||||
|
|
||||||
|
#endif /* NSSCKBI_H */
|
539
remove-trustcor.patch
Normal file
539
remove-trustcor.patch
Normal file
@ -0,0 +1,539 @@
|
|||||||
|
--- certdata.txt.orig 2022-12-22 11:47:04.063815746 +0100
|
||||||
|
+++ certdata.txt 2022-12-22 11:51:46.000000000 +0100
|
||||||
|
@@ -14610,536 +14610,6 @@
|
||||||
|
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||||
|
|
||||||
|
#
|
||||||
|
-# Certificate "TrustCor RootCert CA-1"
|
||||||
|
-#
|
||||||
|
-# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Serial Number:00:da:9b:ec:71:f3:03:b0:19
|
||||||
|
-# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Not Valid Before: Thu Feb 04 12:32:16 2016
|
||||||
|
-# Not Valid After : Mon Dec 31 17:23:16 2029
|
||||||
|
-# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
|
||||||
|
-# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A
|
||||||
|
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||||
|
-CKA_TOKEN CK_BBOOL CK_TRUE
|
||||||
|
-CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_LABEL UTF8 "TrustCor RootCert CA-1"
|
||||||
|
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||||
|
-CKA_SUBJECT MULTILINE_OCTAL
|
||||||
|
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
|
||||||
|
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
|
||||||
|
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
|
||||||
|
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
|
||||||
|
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
|
||||||
|
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
|
||||||
|
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
|
||||||
|
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
|
||||||
|
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
|
||||||
|
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
|
||||||
|
-\162\164\040\103\101\055\061
|
||||||
|
-END
|
||||||
|
-CKA_ID UTF8 "0"
|
||||||
|
-CKA_ISSUER MULTILINE_OCTAL
|
||||||
|
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
|
||||||
|
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
|
||||||
|
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
|
||||||
|
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
|
||||||
|
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
|
||||||
|
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
|
||||||
|
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
|
||||||
|
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
|
||||||
|
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
|
||||||
|
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
|
||||||
|
-\162\164\040\103\101\055\061
|
||||||
|
-END
|
||||||
|
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||||
|
-\002\011\000\332\233\354\161\363\003\260\031
|
||||||
|
-END
|
||||||
|
-CKA_VALUE MULTILINE_OCTAL
|
||||||
|
-\060\202\004\060\060\202\003\030\240\003\002\001\002\002\011\000
|
||||||
|
-\332\233\354\161\363\003\260\031\060\015\006\011\052\206\110\206
|
||||||
|
-\367\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003
|
||||||
|
-\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010
|
||||||
|
-\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004
|
||||||
|
-\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044
|
||||||
|
-\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157
|
||||||
|
-\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040
|
||||||
|
-\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124
|
||||||
|
-\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143
|
||||||
|
-\141\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060
|
||||||
|
-\035\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162
|
||||||
|
-\040\122\157\157\164\103\145\162\164\040\103\101\055\061\060\036
|
||||||
|
-\027\015\061\066\060\062\060\064\061\062\063\062\061\066\132\027
|
||||||
|
-\015\062\071\061\062\063\061\061\067\062\063\061\066\132\060\201
|
||||||
|
-\244\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017
|
||||||
|
-\060\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061
|
||||||
|
-\024\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141
|
||||||
|
-\040\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033
|
||||||
|
-\124\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163
|
||||||
|
-\040\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006
|
||||||
|
-\003\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103
|
||||||
|
-\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
|
||||||
|
-\162\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124
|
||||||
|
-\162\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164
|
||||||
|
-\040\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110
|
||||||
|
-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
|
||||||
|
-\012\002\202\001\001\000\277\216\267\225\342\302\046\022\153\063
|
||||||
|
-\031\307\100\130\012\253\131\252\215\000\243\374\200\307\120\173
|
||||||
|
-\216\324\040\046\272\062\022\330\043\124\111\045\020\042\230\235
|
||||||
|
-\106\322\301\311\236\116\033\056\054\016\070\363\032\045\150\034
|
||||||
|
-\246\132\005\346\036\213\110\277\230\226\164\076\151\312\351\265
|
||||||
|
-\170\245\006\274\325\000\136\011\012\362\047\172\122\374\055\325
|
||||||
|
-\261\352\264\211\141\044\363\032\023\333\251\317\122\355\014\044
|
||||||
|
-\272\271\236\354\176\000\164\372\223\255\154\051\222\256\121\264
|
||||||
|
-\273\323\127\277\263\363\250\215\234\364\044\113\052\326\231\236
|
||||||
|
-\364\236\376\300\176\102\072\347\013\225\123\332\267\150\016\220
|
||||||
|
-\114\373\160\077\217\112\054\224\363\046\335\143\151\251\224\330
|
||||||
|
-\020\116\305\107\010\220\231\033\027\115\271\154\156\357\140\225
|
||||||
|
-\021\216\041\200\265\275\240\163\330\320\262\167\304\105\352\132
|
||||||
|
-\046\373\146\166\166\370\006\037\141\155\017\125\305\203\267\020
|
||||||
|
-\126\162\006\007\245\363\261\032\003\005\144\016\235\132\212\326
|
||||||
|
-\206\160\033\044\336\376\050\212\053\320\152\260\374\172\242\334
|
||||||
|
-\262\171\016\213\145\017\002\003\001\000\001\243\143\060\141\060
|
||||||
|
-\035\006\003\125\035\016\004\026\004\024\356\153\111\074\172\077
|
||||||
|
-\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060\037
|
||||||
|
-\006\003\125\035\043\004\030\060\026\200\024\356\153\111\074\172
|
||||||
|
-\077\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060
|
||||||
|
-\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
|
||||||
|
-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
|
||||||
|
-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
|
||||||
|
-\202\001\001\000\045\030\324\221\217\023\356\217\036\035\021\123
|
||||||
|
-\332\055\104\051\031\240\036\153\061\236\115\016\236\255\075\134
|
||||||
|
-\101\157\225\053\044\241\171\230\072\070\066\373\273\146\236\110
|
||||||
|
-\377\220\220\357\075\324\270\233\264\207\165\077\040\233\316\162
|
||||||
|
-\317\241\125\301\115\144\242\031\006\241\007\063\014\013\051\345
|
||||||
|
-\361\352\253\243\354\265\012\164\220\307\175\162\362\327\134\237
|
||||||
|
-\221\357\221\213\267\334\355\146\242\317\216\146\073\274\237\072
|
||||||
|
-\002\340\047\335\026\230\300\225\324\012\244\344\201\232\165\224
|
||||||
|
-\065\234\220\137\210\067\006\255\131\225\012\260\321\147\323\031
|
||||||
|
-\312\211\347\062\132\066\034\076\202\250\132\223\276\306\320\144
|
||||||
|
-\221\266\317\331\266\030\317\333\176\322\145\243\246\304\216\027
|
||||||
|
-\061\301\373\176\166\333\323\205\343\130\262\167\172\166\073\154
|
||||||
|
-\057\120\034\347\333\366\147\171\037\365\202\225\232\007\247\024
|
||||||
|
-\257\217\334\050\041\147\011\322\326\115\132\034\031\034\216\167
|
||||||
|
-\134\303\224\044\075\062\153\113\176\324\170\224\203\276\067\115
|
||||||
|
-\316\137\307\036\116\074\340\211\063\225\013\017\245\062\326\074
|
||||||
|
-\132\171\054\031
|
||||||
|
-END
|
||||||
|
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||||
|
-# For Server Distrust After: Wed Nov 30 00:00:00 2022
|
||||||
|
-CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
|
||||||
|
-\062\062\061\061\063\060\060\060\060\060\060\060\132
|
||||||
|
-END
|
||||||
|
-# For Email Distrust After: Wed Nov 30 00:00:00 2022
|
||||||
|
-CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL
|
||||||
|
-\062\062\061\061\063\060\060\060\060\060\060\060\132
|
||||||
|
-END
|
||||||
|
-
|
||||||
|
-# Trust for "TrustCor RootCert CA-1"
|
||||||
|
-# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Serial Number:00:da:9b:ec:71:f3:03:b0:19
|
||||||
|
-# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Not Valid Before: Thu Feb 04 12:32:16 2016
|
||||||
|
-# Not Valid After : Mon Dec 31 17:23:16 2029
|
||||||
|
-# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
|
||||||
|
-# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A
|
||||||
|
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||||
|
-CKA_TOKEN CK_BBOOL CK_TRUE
|
||||||
|
-CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_LABEL UTF8 "TrustCor RootCert CA-1"
|
||||||
|
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||||
|
-\377\275\315\347\202\310\103\136\074\157\046\206\134\312\250\072
|
||||||
|
-\105\133\303\012
|
||||||
|
-END
|
||||||
|
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||||
|
-\156\205\361\334\032\000\323\042\325\262\262\254\153\067\005\105
|
||||||
|
-END
|
||||||
|
-CKA_ISSUER MULTILINE_OCTAL
|
||||||
|
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
|
||||||
|
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
|
||||||
|
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
|
||||||
|
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
|
||||||
|
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
|
||||||
|
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
|
||||||
|
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
|
||||||
|
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
|
||||||
|
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
|
||||||
|
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
|
||||||
|
-\162\164\040\103\101\055\061
|
||||||
|
-END
|
||||||
|
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||||
|
-\002\011\000\332\233\354\161\363\003\260\031
|
||||||
|
-END
|
||||||
|
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||||
|
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||||
|
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||||
|
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||||
|
-
|
||||||
|
-#
|
||||||
|
-# Certificate "TrustCor RootCert CA-2"
|
||||||
|
-#
|
||||||
|
-# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Serial Number:25:a1:df:ca:33:cb:59:02
|
||||||
|
-# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Not Valid Before: Thu Feb 04 12:32:23 2016
|
||||||
|
-# Not Valid After : Sun Dec 31 17:26:39 2034
|
||||||
|
-# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
|
||||||
|
-# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0
|
||||||
|
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||||
|
-CKA_TOKEN CK_BBOOL CK_TRUE
|
||||||
|
-CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_LABEL UTF8 "TrustCor RootCert CA-2"
|
||||||
|
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||||
|
-CKA_SUBJECT MULTILINE_OCTAL
|
||||||
|
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
|
||||||
|
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
|
||||||
|
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
|
||||||
|
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
|
||||||
|
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
|
||||||
|
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
|
||||||
|
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
|
||||||
|
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
|
||||||
|
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
|
||||||
|
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
|
||||||
|
-\162\164\040\103\101\055\062
|
||||||
|
-END
|
||||||
|
-CKA_ID UTF8 "0"
|
||||||
|
-CKA_ISSUER MULTILINE_OCTAL
|
||||||
|
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
|
||||||
|
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
|
||||||
|
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
|
||||||
|
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
|
||||||
|
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
|
||||||
|
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
|
||||||
|
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
|
||||||
|
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
|
||||||
|
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
|
||||||
|
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
|
||||||
|
-\162\164\040\103\101\055\062
|
||||||
|
-END
|
||||||
|
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||||
|
-\002\010\045\241\337\312\063\313\131\002
|
||||||
|
-END
|
||||||
|
-CKA_VALUE MULTILINE_OCTAL
|
||||||
|
-\060\202\006\057\060\202\004\027\240\003\002\001\002\002\010\045
|
||||||
|
-\241\337\312\063\313\131\002\060\015\006\011\052\206\110\206\367
|
||||||
|
-\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003\125
|
||||||
|
-\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014
|
||||||
|
-\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007
|
||||||
|
-\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060
|
||||||
|
-\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162
|
||||||
|
-\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122
|
||||||
|
-\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162
|
||||||
|
-\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141
|
||||||
|
-\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060\035
|
||||||
|
-\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162\040
|
||||||
|
-\122\157\157\164\103\145\162\164\040\103\101\055\062\060\036\027
|
||||||
|
-\015\061\066\060\062\060\064\061\062\063\062\062\063\132\027\015
|
||||||
|
-\063\064\061\062\063\061\061\067\062\066\063\071\132\060\201\244
|
||||||
|
-\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017\060
|
||||||
|
-\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061\024
|
||||||
|
-\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141\040
|
||||||
|
-\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033\124
|
||||||
|
-\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163\040
|
||||||
|
-\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006\003
|
||||||
|
-\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103\145
|
||||||
|
-\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162
|
||||||
|
-\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124\162
|
||||||
|
-\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164\040
|
||||||
|
-\103\101\055\062\060\202\002\042\060\015\006\011\052\206\110\206
|
||||||
|
-\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
|
||||||
|
-\002\202\002\001\000\247\040\156\302\052\242\142\044\225\220\166
|
||||||
|
-\310\070\176\200\322\253\301\233\145\005\224\364\301\012\020\325
|
||||||
|
-\002\254\355\237\223\307\207\310\260\047\053\102\014\075\012\076
|
||||||
|
-\101\132\236\165\335\215\312\340\233\354\150\062\244\151\222\150
|
||||||
|
-\214\013\201\016\126\240\076\032\335\054\045\024\202\057\227\323
|
||||||
|
-\144\106\364\124\251\334\072\124\055\061\053\231\202\362\331\052
|
||||||
|
-\327\357\161\000\270\061\244\276\172\044\007\303\102\040\362\212
|
||||||
|
-\324\222\004\033\145\126\114\154\324\373\266\141\132\107\043\264
|
||||||
|
-\330\151\264\267\072\320\164\074\014\165\241\214\116\166\241\351
|
||||||
|
-\333\052\245\073\372\316\260\377\176\152\050\375\047\034\310\261
|
||||||
|
-\351\051\361\127\156\144\264\320\301\025\155\016\276\056\016\106
|
||||||
|
-\310\136\364\121\376\357\016\143\072\073\161\272\317\157\131\312
|
||||||
|
-\014\343\233\135\111\270\114\342\127\261\230\212\102\127\234\166
|
||||||
|
-\357\357\275\321\150\250\322\364\011\273\167\065\276\045\202\010
|
||||||
|
-\304\026\054\104\040\126\251\104\021\167\357\135\264\035\252\136
|
||||||
|
-\153\076\213\062\366\007\057\127\004\222\312\365\376\235\302\351
|
||||||
|
-\350\263\216\114\113\002\061\331\344\074\110\202\047\367\030\202
|
||||||
|
-\166\110\072\161\261\023\241\071\325\056\305\064\302\035\142\205
|
||||||
|
-\337\003\376\115\364\257\075\337\134\133\215\372\160\341\245\176
|
||||||
|
-\047\307\206\056\152\217\022\306\204\136\103\121\120\234\031\233
|
||||||
|
-\170\346\374\366\355\107\176\173\075\146\357\023\023\210\137\074
|
||||||
|
-\241\143\373\371\254\207\065\237\363\202\236\244\077\012\234\061
|
||||||
|
-\151\213\231\244\210\112\216\156\146\115\357\026\304\017\171\050
|
||||||
|
-\041\140\015\205\026\175\327\124\070\361\222\126\375\265\063\114
|
||||||
|
-\203\334\327\020\237\113\375\306\370\102\275\272\174\163\002\340
|
||||||
|
-\377\175\315\133\341\324\254\141\173\127\325\112\173\133\324\205
|
||||||
|
-\130\047\135\277\370\053\140\254\240\046\256\024\041\047\306\167
|
||||||
|
-\232\063\200\074\136\106\077\367\303\261\243\206\063\306\350\136
|
||||||
|
-\015\271\065\054\252\106\301\205\002\165\200\240\353\044\373\025
|
||||||
|
-\252\344\147\177\156\167\077\364\004\212\057\174\173\343\027\141
|
||||||
|
-\360\335\011\251\040\310\276\011\244\320\176\104\303\262\060\112
|
||||||
|
-\070\252\251\354\030\232\007\202\053\333\270\234\030\255\332\340
|
||||||
|
-\106\027\254\317\135\002\003\001\000\001\243\143\060\141\060\035
|
||||||
|
-\006\003\125\035\016\004\026\004\024\331\376\041\100\156\224\236
|
||||||
|
-\274\233\075\234\175\230\040\031\345\214\060\142\262\060\037\006
|
||||||
|
-\003\125\035\043\004\030\060\026\200\024\331\376\041\100\156\224
|
||||||
|
-\236\274\233\075\234\175\230\040\031\345\214\060\142\262\060\017
|
||||||
|
-\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
|
||||||
|
-\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060
|
||||||
|
-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
|
||||||
|
-\002\001\000\236\105\236\014\073\266\357\341\072\310\174\321\000
|
||||||
|
-\075\317\342\352\006\265\262\072\273\006\113\150\172\320\043\227
|
||||||
|
-\164\247\054\360\010\330\171\132\327\132\204\212\330\022\232\033
|
||||||
|
-\331\175\134\115\160\305\245\371\253\345\243\211\211\335\001\372
|
||||||
|
-\354\335\371\351\222\227\333\260\106\102\363\323\142\252\225\376
|
||||||
|
-\061\147\024\151\130\220\012\252\013\356\067\043\307\120\121\264
|
||||||
|
-\365\176\236\343\173\367\344\314\102\062\055\111\014\313\377\111
|
||||||
|
-\014\233\036\064\375\156\156\226\212\171\003\266\157\333\011\313
|
||||||
|
-\375\137\145\024\067\341\070\365\363\141\026\130\344\265\155\015
|
||||||
|
-\013\004\033\077\120\055\177\263\307\172\032\026\200\140\370\212
|
||||||
|
-\037\351\033\052\306\371\272\001\032\151\277\322\130\307\124\127
|
||||||
|
-\010\217\341\071\140\167\113\254\131\204\032\210\361\335\313\117
|
||||||
|
-\170\327\347\341\063\055\374\356\101\372\040\260\276\313\367\070
|
||||||
|
-\224\300\341\320\205\017\273\355\054\163\253\355\376\222\166\032
|
||||||
|
-\144\177\133\015\063\011\007\063\173\006\077\021\244\134\160\074
|
||||||
|
-\205\300\317\343\220\250\203\167\372\333\346\305\214\150\147\020
|
||||||
|
-\147\245\122\055\360\304\231\217\177\277\321\153\342\265\107\326
|
||||||
|
-\331\320\205\231\115\224\233\017\113\215\356\000\132\107\035\021
|
||||||
|
-\003\254\101\030\257\207\267\157\014\072\217\312\317\334\003\301
|
||||||
|
-\242\011\310\345\375\200\136\310\140\102\001\033\032\123\132\273
|
||||||
|
-\067\246\267\274\272\204\351\036\154\032\324\144\332\324\103\376
|
||||||
|
-\223\213\113\362\054\171\026\020\324\223\013\210\217\241\330\206
|
||||||
|
-\024\106\221\107\233\050\044\357\127\122\116\134\102\234\252\367
|
||||||
|
-\111\354\047\350\100\036\263\246\211\042\162\234\365\015\063\264
|
||||||
|
-\130\243\060\073\335\324\152\124\223\276\032\115\363\223\224\367
|
||||||
|
-\374\204\013\077\204\040\134\064\003\104\305\332\255\274\012\301
|
||||||
|
-\002\317\036\345\224\331\363\216\133\330\114\360\235\354\141\027
|
||||||
|
-\273\024\062\124\014\002\051\223\036\222\206\366\177\357\347\222
|
||||||
|
-\005\016\131\335\231\010\056\056\372\234\000\122\323\305\146\051
|
||||||
|
-\344\247\227\104\244\016\050\201\023\065\305\366\157\144\346\101
|
||||||
|
-\304\325\057\314\064\105\045\317\101\000\226\075\112\056\302\226
|
||||||
|
-\230\117\116\112\234\227\267\333\037\222\062\310\377\017\121\156
|
||||||
|
-\326\354\011
|
||||||
|
-END
|
||||||
|
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||||
|
-# For Server Distrust After: Wed Nov 30 00:00:00 2022
|
||||||
|
-CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
|
||||||
|
-\062\062\061\061\063\060\060\060\060\060\060\060\132
|
||||||
|
-END
|
||||||
|
-# For Email Distrust After: Wed Nov 30 00:00:00 2022
|
||||||
|
-CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL
|
||||||
|
-\062\062\061\061\063\060\060\060\060\060\060\060\132
|
||||||
|
-END
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-# Trust for "TrustCor RootCert CA-2"
|
||||||
|
-# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Serial Number:25:a1:df:ca:33:cb:59:02
|
||||||
|
-# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Not Valid Before: Thu Feb 04 12:32:23 2016
|
||||||
|
-# Not Valid After : Sun Dec 31 17:26:39 2034
|
||||||
|
-# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
|
||||||
|
-# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0
|
||||||
|
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||||
|
-CKA_TOKEN CK_BBOOL CK_TRUE
|
||||||
|
-CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_LABEL UTF8 "TrustCor RootCert CA-2"
|
||||||
|
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||||
|
-\270\276\155\313\126\361\125\271\143\324\022\312\116\006\064\307
|
||||||
|
-\224\262\034\300
|
||||||
|
-END
|
||||||
|
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||||
|
-\242\341\370\030\013\272\105\325\307\101\052\273\067\122\105\144
|
||||||
|
-END
|
||||||
|
-CKA_ISSUER MULTILINE_OCTAL
|
||||||
|
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
|
||||||
|
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
|
||||||
|
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
|
||||||
|
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
|
||||||
|
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
|
||||||
|
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
|
||||||
|
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
|
||||||
|
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
|
||||||
|
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
|
||||||
|
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
|
||||||
|
-\162\164\040\103\101\055\062
|
||||||
|
-END
|
||||||
|
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||||
|
-\002\010\045\241\337\312\063\313\131\002
|
||||||
|
-END
|
||||||
|
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||||
|
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||||
|
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||||
|
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||||
|
-
|
||||||
|
-#
|
||||||
|
-# Certificate "TrustCor ECA-1"
|
||||||
|
-#
|
||||||
|
-# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Serial Number:00:84:82:2c:5f:1c:62:d0:40
|
||||||
|
-# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Not Valid Before: Thu Feb 04 12:32:33 2016
|
||||||
|
-# Not Valid After : Mon Dec 31 17:28:07 2029
|
||||||
|
-# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
|
||||||
|
-# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD
|
||||||
|
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||||
|
-CKA_TOKEN CK_BBOOL CK_TRUE
|
||||||
|
-CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_LABEL UTF8 "TrustCor ECA-1"
|
||||||
|
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||||
|
-CKA_SUBJECT MULTILINE_OCTAL
|
||||||
|
-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
|
||||||
|
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
|
||||||
|
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
|
||||||
|
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
|
||||||
|
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
|
||||||
|
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
|
||||||
|
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
|
||||||
|
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
|
||||||
|
-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
|
||||||
|
-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
|
||||||
|
-END
|
||||||
|
-CKA_ID UTF8 "0"
|
||||||
|
-CKA_ISSUER MULTILINE_OCTAL
|
||||||
|
-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
|
||||||
|
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
|
||||||
|
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
|
||||||
|
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
|
||||||
|
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
|
||||||
|
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
|
||||||
|
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
|
||||||
|
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
|
||||||
|
-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
|
||||||
|
-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
|
||||||
|
-END
|
||||||
|
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||||
|
-\002\011\000\204\202\054\137\034\142\320\100
|
||||||
|
-END
|
||||||
|
-CKA_VALUE MULTILINE_OCTAL
|
||||||
|
-\060\202\004\040\060\202\003\010\240\003\002\001\002\002\011\000
|
||||||
|
-\204\202\054\137\034\142\320\100\060\015\006\011\052\206\110\206
|
||||||
|
-\367\015\001\001\013\005\000\060\201\234\061\013\060\011\006\003
|
||||||
|
-\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010
|
||||||
|
-\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004
|
||||||
|
-\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044
|
||||||
|
-\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157
|
||||||
|
-\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040
|
||||||
|
-\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124
|
||||||
|
-\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143
|
||||||
|
-\141\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060
|
||||||
|
-\025\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162
|
||||||
|
-\040\105\103\101\055\061\060\036\027\015\061\066\060\062\060\064
|
||||||
|
-\061\062\063\062\063\063\132\027\015\062\071\061\062\063\061\061
|
||||||
|
-\067\062\070\060\067\132\060\201\234\061\013\060\011\006\003\125
|
||||||
|
-\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014
|
||||||
|
-\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007
|
||||||
|
-\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060
|
||||||
|
-\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162
|
||||||
|
-\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122
|
||||||
|
-\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162
|
||||||
|
-\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141
|
||||||
|
-\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060\025
|
||||||
|
-\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162\040
|
||||||
|
-\105\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110
|
||||||
|
-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
|
||||||
|
-\012\002\202\001\001\000\317\217\340\021\265\237\250\166\166\333
|
||||||
|
-\337\017\124\357\163\143\051\202\255\107\306\243\153\355\376\137
|
||||||
|
-\063\370\103\121\351\032\063\221\061\027\240\164\304\324\247\001
|
||||||
|
-\346\262\222\076\152\235\355\016\371\164\230\100\323\077\003\200
|
||||||
|
-\006\202\100\350\261\342\247\121\247\035\203\046\153\253\336\372
|
||||||
|
-\027\221\053\330\306\254\036\261\236\031\001\325\227\246\352\015
|
||||||
|
-\267\304\125\037\047\174\322\010\325\166\037\051\025\207\100\071
|
||||||
|
-\335\070\105\021\165\320\232\247\064\340\277\315\310\122\035\271
|
||||||
|
-\107\176\015\270\273\306\014\366\163\127\026\132\176\103\221\037
|
||||||
|
-\125\072\306\155\104\004\252\234\251\234\247\114\211\027\203\256
|
||||||
|
-\243\004\136\122\200\213\036\022\045\021\031\327\014\175\175\061
|
||||||
|
-\104\101\352\333\257\260\034\357\201\320\054\305\232\041\233\075
|
||||||
|
-\355\102\073\120\046\362\354\316\161\141\006\142\041\124\116\177
|
||||||
|
-\301\235\076\177\040\214\200\313\052\330\227\142\310\203\063\221
|
||||||
|
-\175\260\242\132\017\127\350\073\314\362\045\262\324\174\057\354
|
||||||
|
-\115\306\241\072\025\172\347\266\135\065\365\366\110\112\066\105
|
||||||
|
-\146\324\272\230\130\301\002\003\001\000\001\243\143\060\141\060
|
||||||
|
-\035\006\003\125\035\016\004\026\004\024\104\236\110\365\314\155
|
||||||
|
-\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060\037
|
||||||
|
-\006\003\125\035\043\004\030\060\026\200\024\104\236\110\365\314
|
||||||
|
-\155\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060
|
||||||
|
-\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
|
||||||
|
-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
|
||||||
|
-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
|
||||||
|
-\202\001\001\000\005\076\065\134\025\160\233\311\307\163\141\157
|
||||||
|
-\162\053\324\302\217\362\103\135\002\316\304\224\271\224\021\203
|
||||||
|
-\147\135\342\147\154\165\166\277\273\014\252\066\306\255\107\223
|
||||||
|
-\143\334\036\176\326\336\056\376\351\031\062\070\003\177\024\366
|
||||||
|
-\000\163\054\131\261\041\006\341\373\254\030\225\014\243\377\231
|
||||||
|
-\226\367\053\047\233\325\044\314\035\335\301\072\340\230\104\260
|
||||||
|
-\304\344\076\167\261\163\251\144\054\366\034\001\174\077\135\105
|
||||||
|
-\205\300\205\347\045\217\225\334\027\363\074\237\032\156\260\312
|
||||||
|
-\343\035\052\351\114\143\372\044\141\142\326\332\176\266\034\154
|
||||||
|
-\365\002\035\324\052\335\125\220\353\052\021\107\074\056\136\164
|
||||||
|
-\262\202\042\245\175\123\037\105\354\047\221\175\347\042\026\350
|
||||||
|
-\300\150\066\330\306\361\117\200\104\062\371\341\321\321\035\252
|
||||||
|
-\336\250\253\234\004\257\255\040\016\144\230\115\245\153\300\110
|
||||||
|
-\130\226\151\115\334\007\214\121\223\242\337\237\017\075\213\140
|
||||||
|
-\264\202\215\252\010\116\142\105\340\371\013\322\340\340\074\133
|
||||||
|
-\336\134\161\047\045\302\346\003\201\213\020\123\343\307\125\242
|
||||||
|
-\264\237\327\346
|
||||||
|
-END
|
||||||
|
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||||
|
-# For Server Distrust After: Wed Nov 30 00:00:00 2022
|
||||||
|
-CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
|
||||||
|
-\062\062\061\061\063\060\060\060\060\060\060\060\132
|
||||||
|
-END
|
||||||
|
-# For Email Distrust After: Wed Nov 30 00:00:00 2022
|
||||||
|
-CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL
|
||||||
|
-\062\062\061\061\063\060\060\060\060\060\060\060\132
|
||||||
|
-END
|
||||||
|
-
|
||||||
|
-# Trust for "TrustCor ECA-1"
|
||||||
|
-# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Serial Number:00:84:82:2c:5f:1c:62:d0:40
|
||||||
|
-# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
|
||||||
|
-# Not Valid Before: Thu Feb 04 12:32:33 2016
|
||||||
|
-# Not Valid After : Mon Dec 31 17:28:07 2029
|
||||||
|
-# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
|
||||||
|
-# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD
|
||||||
|
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||||
|
-CKA_TOKEN CK_BBOOL CK_TRUE
|
||||||
|
-CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||||
|
-CKA_LABEL UTF8 "TrustCor ECA-1"
|
||||||
|
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||||
|
-\130\321\337\225\225\147\153\143\300\360\133\034\027\115\213\204
|
||||||
|
-\013\310\170\275
|
||||||
|
-END
|
||||||
|
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||||
|
-\047\222\043\035\012\365\100\174\351\346\153\235\330\365\347\154
|
||||||
|
-END
|
||||||
|
-CKA_ISSUER MULTILINE_OCTAL
|
||||||
|
-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
|
||||||
|
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
|
||||||
|
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
|
||||||
|
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
|
||||||
|
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
|
||||||
|
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
|
||||||
|
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
|
||||||
|
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
|
||||||
|
-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
|
||||||
|
-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
|
||||||
|
-END
|
||||||
|
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||||
|
-\002\011\000\204\202\054\137\034\142\320\100
|
||||||
|
-END
|
||||||
|
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||||
|
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||||
|
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||||
|
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||||
|
-
|
||||||
|
-#
|
||||||
|
# Certificate "SSL.com Root Certification Authority RSA"
|
||||||
|
#
|
||||||
|
# Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
|
Loading…
Reference in New Issue
Block a user