Update to CKBI 2.5 from NSS 3.19.3 with legacy modifications
This update adjusts the diff-from-upstream patch (which is a patch purely provided for documentation purposes). It shows a modification that was made as part of the 2.4 update (which in fact removed legacy treatment for one certificate, because upstream had reverted it to an earlier trusted state, as documented on the package wiki page). No changes to the legacy treatment were made in this 2.5 update.
This commit is contained in:
Kai Engert
parent
298b40723b
commit
6df1740e0f
1246
certdata.txt
1246
certdata.txt
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
||||
--- certdata-2.3.txt 2015-03-17 00:03:37.000000000 +0100
|
||||
+++ certdata.txt 2015-03-20 22:02:52.672993593 +0100
|
||||
--- certdata-2.5.txt 2015-08-04 20:56:09.774180992 +0200
|
||||
+++ certdata.txt 2015-08-13 22:34:08.128515054 +0200
|
||||
@@ -23,100 +23,515 @@
|
||||
# CKA_SUBJECT DER+base64 (varies)
|
||||
# CKA_ID byte array (varies)
|
||||
@ -516,111 +516,7 @@
|
||||
\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151
|
||||
\164\171\060\201\237\060\015\006\011\052\206\110\206\367\015\001
|
||||
\001\001\005\000\003\201\215\000\060\201\211\002\201\201\000\301
|
||||
@@ -140,100 +555,103 @@
|
||||
\070\062\062\061\066\064\061\065\061\132\060\013\006\003\125\035
|
||||
\017\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030
|
||||
\060\026\200\024\110\346\150\371\053\322\262\225\327\107\330\043
|
||||
\040\020\117\063\230\220\237\324\060\035\006\003\125\035\016\004
|
||||
\026\004\024\110\346\150\371\053\322\262\225\327\107\330\043\040
|
||||
\020\117\063\230\220\237\324\060\014\006\003\125\035\023\004\005
|
||||
\060\003\001\001\377\060\032\006\011\052\206\110\206\366\175\007
|
||||
\101\000\004\015\060\013\033\005\126\063\056\060\143\003\002\006
|
||||
\300\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
|
||||
\003\201\201\000\130\316\051\352\374\367\336\265\316\002\271\027
|
||||
\265\205\321\271\343\340\225\314\045\061\015\000\246\222\156\177
|
||||
\266\222\143\236\120\225\321\232\157\344\021\336\143\205\156\230
|
||||
\356\250\377\132\310\323\125\262\146\161\127\336\300\041\353\075
|
||||
\052\247\043\111\001\004\206\102\173\374\356\177\242\026\122\265
|
||||
\147\147\323\100\333\073\046\130\262\050\167\075\256\024\167\141
|
||||
\326\372\052\146\047\240\015\372\247\163\134\352\160\361\224\041
|
||||
\145\104\137\372\374\357\051\150\251\242\207\171\357\171\357\117
|
||||
\254\007\167\070
|
||||
END
|
||||
|
||||
# Trust for Certificate "Equifax Secure CA"
|
||||
# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
|
||||
# Serial Number: 903804111 (0x35def4cf)
|
||||
# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
|
||||
# Not Valid Before: Sat Aug 22 16:41:51 1998
|
||||
# Not Valid After : Wed Aug 22 16:41:51 2018
|
||||
# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
|
||||
# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Equifax Secure CA"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\322\062\011\255\043\323\024\043\041\164\344\015\177\235\142\023
|
||||
\227\206\143\072
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\147\313\235\300\023\044\212\202\233\262\027\036\321\033\354\324
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141
|
||||
\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151
|
||||
\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151
|
||||
\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\004\065\336\364\317
|
||||
END
|
||||
+LEGACY_CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
+LEGACY_CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
+LEGACY_CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
|
||||
# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
|
||||
# Serial Number: 1407252 (0x157914)
|
||||
# Subject: CN=*.pb.com,OU=Meters,O=Pitney Bowes,L=Danbury,ST=Connecticut,C=US
|
||||
# Not Valid Before: Mon Feb 01 14:54:04 2010
|
||||
# Not Valid After : Tue Sep 30 00:00:00 2014
|
||||
# Fingerprint (MD5): 8F:46:BE:99:47:6F:93:DC:5C:01:54:50:D0:4A:BD:AC
|
||||
# Fingerprint (SHA1): 30:F1:82:CA:1A:5E:4E:4F:F3:6E:D0:E6:38:18:B8:B9:41:CB:5F:8C
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements."
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141
|
||||
\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151
|
||||
\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151
|
||||
\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\003\025\171\024
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Digital Signature Trust Co. Global CA 1"
|
||||
#
|
||||
# Issuer: OU=DSTCA E1,O=Digital Signature Trust Co.,C=US
|
||||
# Serial Number: 913315222 (0x36701596)
|
||||
# Subject: OU=DSTCA E1,O=Digital Signature Trust Co.,C=US
|
||||
# Not Valid Before: Thu Dec 10 18:10:23 1998
|
||||
# Not Valid After : Mon Dec 10 18:40:23 2018
|
||||
# Fingerprint (MD5): 25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD
|
||||
# Fingerprint (SHA1): 81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Digital Signature Trust Co. Global CA 1"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
@@ -530,100 +948,103 @@
|
||||
@@ -530,100 +945,103 @@
|
||||
\005\252\354\003\037\170\177\236\223\271\232\000\252\043\175\326
|
||||
\254\205\242\143\105\307\162\047\314\364\114\306\165\161\322\071
|
||||
\357\117\102\360\165\337\012\220\306\216\040\157\230\017\370\254
|
||||
@ -724,7 +620,7 @@
|
||||
\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
|
||||
\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145
|
||||
\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164
|
||||
@@ -824,100 +1245,103 @@
|
||||
@@ -824,100 +1242,103 @@
|
||||
\005\005\000\003\201\201\000\162\056\371\177\321\361\161\373\304
|
||||
\236\366\305\136\121\212\100\230\270\150\370\233\034\203\330\342
|
||||
\235\275\377\355\241\346\146\352\057\011\364\312\327\352\245\053
|
||||
@ -828,7 +724,7 @@
|
||||
\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
|
||||
\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145
|
||||
\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164
|
||||
@@ -971,100 +1395,103 @@
|
||||
@@ -971,100 +1392,103 @@
|
||||
\005\000\003\201\201\000\121\115\315\276\134\313\230\031\234\025
|
||||
\262\001\071\170\056\115\017\147\160\160\231\306\020\132\224\244
|
||||
\123\115\124\155\053\257\015\135\100\213\144\323\327\356\336\126
|
||||
@ -932,7 +828,7 @@
|
||||
\055\163\141\061\020\060\016\006\003\125\004\013\023\007\122\157
|
||||
\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022
|
||||
\107\154\157\142\141\154\123\151\147\156\040\122\157\157\164\040
|
||||
@@ -1240,100 +1667,520 @@
|
||||
@@ -1240,100 +1664,520 @@
|
||||
\333\335\161\064\032\301\124\332\106\077\340\323\052\253\155\124
|
||||
\042\365\072\142\315\040\157\272\051\211\327\335\221\356\323\134
|
||||
\242\076\241\133\101\365\337\345\144\103\055\351\325\071\253\322
|
||||
@ -1453,7 +1349,7 @@
|
||||
\002\021\000\213\133\165\126\204\124\205\013\000\317\257\070\110
|
||||
\316\261\244
|
||||
END
|
||||
@@ -2008,100 +2855,274 @@
|
||||
@@ -2008,100 +2852,274 @@
|
||||
\154\273\322\036\000\260\041\355\370\101\142\202\271\330\262\304
|
||||
\273\106\120\363\061\305\217\001\250\164\353\365\170\047\332\347
|
||||
\367\146\103\363\236\203\076\040\252\303\065\140\221\316
|
||||
@ -1728,7 +1624,7 @@
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\004\052\060\202\003\022\240\003\002\001\002\002\004\070
|
||||
\143\336\370\060\015\006\011\052\206\110\206\367\015\001\001\005
|
||||
@@ -2410,100 +3431,103 @@
|
||||
@@ -2410,100 +3428,103 @@
|
||||
\305\310\303\141\002\003\001\000\001\243\146\060\144\060\021\006
|
||||
\011\140\206\110\001\206\370\102\001\001\004\004\003\002\000\007
|
||||
\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
|
||||
@ -1832,7 +1728,7 @@
|
||||
\006\003\125\004\003\023\035\105\161\165\151\146\141\170\040\123
|
||||
\145\143\165\162\145\040\145\102\165\163\151\156\145\163\163\040
|
||||
\103\101\055\061\060\036\027\015\071\071\060\066\062\061\060\064
|
||||
@@ -2526,100 +3550,103 @@
|
||||
@@ -2526,100 +3547,103 @@
|
||||
\022\173\376\217\246\003\002\003\001\000\001\243\146\060\144\060
|
||||
\021\006\011\140\206\110\001\206\370\102\001\001\004\004\003\002
|
||||
\000\007\060\017\006\003\125\035\023\001\001\377\004\005\060\003
|
||||
@ -1936,7 +1832,7 @@
|
||||
\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163
|
||||
\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024\101
|
||||
\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164\167
|
||||
@@ -7415,100 +8442,103 @@
|
||||
@@ -7415,100 +8439,103 @@
|
||||
\164\164\160\163\072\057\057\167\167\167\056\156\145\164\154\157
|
||||
\143\153\056\156\145\164\057\144\157\143\163\040\157\162\040\142
|
||||
\171\040\145\055\155\141\151\154\040\141\164\040\143\160\163\100
|
||||
@ -2040,7 +1936,7 @@
|
||||
\002\001\150
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
@@ -7588,100 +8618,103 @@
|
||||
@@ -7588,100 +8615,103 @@
|
||||
\145\164\154\157\143\153\056\156\145\164\057\144\157\143\163\040
|
||||
\157\162\040\142\171\040\145\055\155\141\151\154\040\141\164\040
|
||||
\143\160\163\100\156\145\164\154\157\143\153\056\156\145\164\056
|
||||
@ -2144,7 +2040,7 @@
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\004\060\060\202\003\030\240\003\002\001\002\002\020\120
|
||||
@@ -17139,100 +18172,103 @@
|
||||
@@ -16556,100 +17586,103 @@
|
||||
\005\252\354\003\037\170\177\236\223\271\232\000\252\043\175\326
|
||||
\254\205\242\143\105\307\162\047\314\364\114\306\165\161\322\071
|
||||
\357\117\102\360\165\337\012\220\306\216\040\157\230\017\370\254
|
||||
@ -45,8 +45,8 @@
|
||||
* of the comment in the CK_VERSION type definition.
|
||||
*/
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 4
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "2.4"
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 5
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "2.5"
|
||||
|
||||
/* These version numbers detail the semantic changes to the ckfw engine. */
|
||||
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user