Merge branch 'f17' into f18
Conflicts: ca-certificates.spec
This commit is contained in:
commit
b695953124
@ -3,3 +3,24 @@
|
||||
# MD5 Collision Proof of Concept CA
|
||||
"MD5 Collisions Forged Rogue CA 25c3"
|
||||
|
||||
# Obtained from certdata.txt version 1.86 on Wed Oct 24 13:49:41 EDT 2012 by Paul Wouters <pwouters@redhat.com>
|
||||
"Bogus Mozilla Addons"
|
||||
"Bogus Global Trustee"
|
||||
"Bogus GMail"
|
||||
"Bogus Google"
|
||||
"Bogus Skype"
|
||||
"Bogus Yahoo 1"
|
||||
"Bogus Yahoo 2"
|
||||
"Bogus Yahoo 3"
|
||||
"Bogus live.com"
|
||||
"Bogus kuix.de"
|
||||
"Explicitly Distrust DigiNotar Root CA"
|
||||
"Explicitly Distrust DigiNotar Services 1024 CA"
|
||||
"Explicitly Distrust DigiNotar Cyber CA"
|
||||
"Explicitly Distrust DigiNotar Cyber CA 2nd"
|
||||
"Explicitly Distrusted DigiNotar PKIoverheid"
|
||||
"Explicitly Distrusted DigiNotar PKIoverheid G2"
|
||||
"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
|
||||
"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
|
||||
"MITM subCA 1 issued by Trustwave"
|
||||
"MITM subCA 2 issued by Trustwave"
|
||||
|
@ -7,16 +7,16 @@
|
||||
#
|
||||
# Keep the RCS version in sync with the spec Version.
|
||||
#
|
||||
# The real url is:
|
||||
# https://hg.mozilla.org/mozilla-central/raw-file/d3de9d8e2b5b/security/nss/lib/ckfw/builtins/certdata.txt
|
||||
|
||||
# Note: This will give us the experimental version, not one that
|
||||
# Firefox deems "stable". For that, we should check a firefox
|
||||
# release branch for the certdata.txt version.
|
||||
|
||||
%define pkidir %{_sysconfdir}/pki
|
||||
|
||||
Summary: The Mozilla CA root certificate bundle
|
||||
Name: ca-certificates
|
||||
Version: 2012.86
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Base
|
||||
URL: http://www.mozilla.org/
|
||||
@ -122,6 +122,10 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_sysconfdir}/ssl/certs
|
||||
|
||||
%changelog
|
||||
* Wed Oct 24 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-2
|
||||
- Updated blacklist with 20 entries (Diginotar, Trustwave, Comodo(?)
|
||||
- Fix to certdata2pem.py to also check for CKT_NSS_NOT_TRUSTED
|
||||
|
||||
* Tue Oct 23 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-1
|
||||
- update to r1.86
|
||||
|
||||
|
@ -104,7 +104,8 @@ for obj in objects:
|
||||
trust[obj['CKA_LABEL']] = True
|
||||
elif obj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
trust[obj['CKA_LABEL']] = True
|
||||
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_UNTRUSTED':
|
||||
# NSS recently changed CKT_NSS_UNTRUSTED to CKT_NSS_NOT_TRUSTED
|
||||
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_UNTRUSTED' or obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
|
||||
print '!'*74
|
||||
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
|
||||
print '!'*74
|
||||
|
Loading…
Reference in New Issue
Block a user