1
0

- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1160160)

Removed CAs:
  - AddTrust External CA Root
  - AddTrust Class 1 CA Root
  - LuxTrust Global Root 2
  - Staat der Nederlanden Root CA - G2
  - Symantec Class 1 Public Primary Certification Authority - G4
  - Symantec Class 2 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G3
  Added CAs:
  - certSIGN Root CA G2
  - e-Szigno Root CA 2017
  - Microsoft ECC Root Certificate Authority 2017
  - Microsoft RSA Root Certificate Authority 2017

OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates-mozilla?expand=0&rev=107
This commit is contained in:
Marcus Meissner 2020-07-29 13:57:05 +00:00 committed by Git OBS Bridge
parent f4ea507fb3
commit dcae684d43
5 changed files with 683 additions and 1215 deletions

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Wed Jul 29 13:06:19 UTC 2020 - Marcus Meissner <meissner@suse.com>
- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
Removed CAs:
- AddTrust External CA Root
- AddTrust Class 1 CA Root
- LuxTrust Global Root 2
- Staat der Nederlanden Root CA - G2
- Symantec Class 1 Public Primary Certification Authority - G4
- Symantec Class 2 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G3
Added CAs:
- certSIGN Root CA G2
- e-Szigno Root CA 2017
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
-------------------------------------------------------------------
Thu Mar 26 11:38:06 UTC 2020 - Marcus Meissner <meissner@suse.com>

View File

@ -37,7 +37,7 @@
Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
# http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h
Version: 2.40
Version: 2.42
Release: 0
Summary: CA certificates for OpenSSL
License: MPL-2.0

File diff suppressed because it is too large Load Diff

View File

@ -177,6 +177,11 @@ openssl_trust = {
"CKA_TRUST_EMAIL_PROTECTION": "emailProtection",
}
cert_distrust_types = {
"CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after",
"CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after",
}
for tobj in objects:
if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
key = tobj['CKA_LABEL'] + printable_serial(tobj)
@ -369,6 +374,16 @@ for tobj in objects:
f.write("nss-mozilla-ca-policy: true\n")
f.write("modifiable: false\n");
# requires p11-kit >= 0.23.19
for t in list(cert_distrust_types.keys()):
if t in obj:
value = obj[t]
if value == 'CK_FALSE':
value = bytearray(1)
f.write(cert_distrust_types[t] + ": \"")
f.write(urllib.parse.quote(value));
f.write("\"\n")
f.write("-----BEGIN CERTIFICATE-----\n")
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)

View File

@ -46,8 +46,8 @@
* It's recommend to switch back to 0 after having reached version 98/99.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 40
#define NSS_BUILTINS_LIBRARY_VERSION "2.40"
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 42
#define NSS_BUILTINS_LIBRARY_VERSION "2.42"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1