Revert to the unmodified upstream CA list, changing the legacy trust to an empty list. Keeping the ca-legacy tool and existing config, however, the configuration has no effect after this change.
This commit is contained in:
parent
02204a071d
commit
552fa4a6d3
@ -39,7 +39,7 @@ Name: ca-certificates
|
|||||||
Version: 2016.2.9
|
Version: 2016.2.9
|
||||||
# for Rawhide, please always use release >= 2
|
# for Rawhide, please always use release >= 2
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
|
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
@ -141,37 +141,45 @@ EOF
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
for f in certs/legacy-default/*.crt; do
|
touch %{legacy_default_bundle}
|
||||||
echo "processing $f"
|
NUM_LEGACY_DEFAULT=`find certs/legacy-default -type f | wc -l`
|
||||||
tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
|
if [ $NUM_LEGACY_DEFAULT -ne 0 ]; then
|
||||||
alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
|
for f in certs/legacy-default/*.crt; do
|
||||||
targs=""
|
echo "processing $f"
|
||||||
if [ -n "$tbits" ]; then
|
tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
|
||||||
for t in $tbits; do
|
alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
|
||||||
targs="${targs} -addtrust $t"
|
targs=""
|
||||||
done
|
if [ -n "$tbits" ]; then
|
||||||
fi
|
for t in $tbits; do
|
||||||
if [ -n "$targs" ]; then
|
targs="${targs} -addtrust $t"
|
||||||
echo "legacy default flags $targs for $f" >> info.trust
|
done
|
||||||
openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_default_bundle}
|
fi
|
||||||
fi
|
if [ -n "$targs" ]; then
|
||||||
done
|
echo "legacy default flags $targs for $f" >> info.trust
|
||||||
|
openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_default_bundle}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
for f in certs/legacy-disable/*.crt; do
|
touch %{legacy_disable_bundle}
|
||||||
echo "processing $f"
|
NUM_LEGACY_DISABLE=`find certs/legacy-disable -type f | wc -l`
|
||||||
tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
|
if [ $NUM_LEGACY_DISABLE -ne 0 ]; then
|
||||||
alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
|
for f in certs/legacy-disable/*.crt; do
|
||||||
targs=""
|
echo "processing $f"
|
||||||
if [ -n "$tbits" ]; then
|
tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
|
||||||
for t in $tbits; do
|
alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
|
||||||
targs="${targs} -addtrust $t"
|
targs=""
|
||||||
done
|
if [ -n "$tbits" ]; then
|
||||||
fi
|
for t in $tbits; do
|
||||||
if [ -n "$targs" ]; then
|
targs="${targs} -addtrust $t"
|
||||||
echo "legacy disable flags $targs for $f" >> info.trust
|
done
|
||||||
openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_disable_bundle}
|
fi
|
||||||
fi
|
if [ -n "$targs" ]; then
|
||||||
done
|
echo "legacy disable flags $targs for $f" >> info.trust
|
||||||
|
openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_disable_bundle}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
P11FILES=`find certs -name *.p11-kit | wc -l`
|
P11FILES=`find certs -name *.p11-kit | wc -l`
|
||||||
if [ $P11FILES -ne 0 ]; then
|
if [ $P11FILES -ne 0 ]; then
|
||||||
@ -382,6 +390,11 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 16 2016 Kai Engert <kaie@redhat.com> - 2016.2.9-3
|
||||||
|
- Revert to the unmodified upstream CA list, changing the legacy trust
|
||||||
|
to an empty list. Keeping the ca-legacy tool and existing config,
|
||||||
|
however, the configuration has no effect after this change.
|
||||||
|
|
||||||
* Tue Aug 16 2016 Kai Engert <kaie@redhat.com> - 2016.2.9-2
|
* Tue Aug 16 2016 Kai Engert <kaie@redhat.com> - 2016.2.9-2
|
||||||
- Update to CKBI 2.9 from NSS 3.26 with legacy modifications
|
- Update to CKBI 2.9 from NSS 3.26 with legacy modifications
|
||||||
|
|
||||||
|
1024
certdata.txt
1024
certdata.txt
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user