Merge branch 'f17' into f18

Conflicts:
	ca-certificates.spec
This commit is contained in:
Paul Wouters 2012-10-24 14:19:08 -04:00
commit b695953124
3 changed files with 31 additions and 5 deletions

View File

@ -3,3 +3,24 @@
# MD5 Collision Proof of Concept CA
"MD5 Collisions Forged Rogue CA 25c3"
# Obtained from certdata.txt version 1.86 on Wed Oct 24 13:49:41 EDT 2012 by Paul Wouters <pwouters@redhat.com>
"Bogus Mozilla Addons"
"Bogus Global Trustee"
"Bogus GMail"
"Bogus Google"
"Bogus Skype"
"Bogus Yahoo 1"
"Bogus Yahoo 2"
"Bogus Yahoo 3"
"Bogus live.com"
"Bogus kuix.de"
"Explicitly Distrust DigiNotar Root CA"
"Explicitly Distrust DigiNotar Services 1024 CA"
"Explicitly Distrust DigiNotar Cyber CA"
"Explicitly Distrust DigiNotar Cyber CA 2nd"
"Explicitly Distrusted DigiNotar PKIoverheid"
"Explicitly Distrusted DigiNotar PKIoverheid G2"
"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
"MITM subCA 1 issued by Trustwave"
"MITM subCA 2 issued by Trustwave"

View File

@ -7,16 +7,16 @@
#
# Keep the RCS version in sync with the spec Version.
#
# The real url is:
# https://hg.mozilla.org/mozilla-central/raw-file/d3de9d8e2b5b/security/nss/lib/ckfw/builtins/certdata.txt
# Note: This will give us the experimental version, not one that
# Firefox deems "stable". For that, we should check a firefox
# release branch for the certdata.txt version.
%define pkidir %{_sysconfdir}/pki
Summary: The Mozilla CA root certificate bundle
Name: ca-certificates
Version: 2012.86
Release: 1%{?dist}
Release: 2%{?dist}
License: Public Domain
Group: System Environment/Base
URL: http://www.mozilla.org/
@ -122,6 +122,10 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/ssl/certs
%changelog
* Wed Oct 24 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-2
- Updated blacklist with 20 entries (Diginotar, Trustwave, Comodo(?)
- Fix to certdata2pem.py to also check for CKT_NSS_NOT_TRUSTED
* Tue Oct 23 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-1
- update to r1.86

View File

@ -104,7 +104,8 @@ for obj in objects:
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR':
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_UNTRUSTED':
# NSS recently changed CKT_NSS_UNTRUSTED to CKT_NSS_NOT_TRUSTED
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_UNTRUSTED' or obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
print '!'*74
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
print '!'*74