For CAs trusted by Mozilla, set attribute nss-mozilla-ca-policy: true
Set attribute modifiable: false Require p11-kit 0.23.4
This commit is contained in:
parent
f0b0be2c1f
commit
c1c275770a
@ -38,7 +38,7 @@ Name: ca-certificates
|
|||||||
Version: 2017.2.11
|
Version: 2017.2.11
|
||||||
# for Rawhide, please always use release >= 2
|
# for Rawhide, please always use release >= 2
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
|
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
@ -64,8 +64,8 @@ Source17: README.src
|
|||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
Requires: p11-kit >= 0.19.2
|
Requires: p11-kit >= 0.23.4
|
||||||
Requires: p11-kit-trust >= 0.19.2
|
Requires: p11-kit-trust >= 0.23.4
|
||||||
BuildRequires: perl
|
BuildRequires: perl
|
||||||
BuildRequires: python
|
BuildRequires: python
|
||||||
BuildRequires: openssl
|
BuildRequires: openssl
|
||||||
@ -352,6 +352,11 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 23 2017 Kai Engert <kaie@redhat.com> - 2017.2.11-5
|
||||||
|
- For CAs trusted by Mozilla, set attribute nss-mozilla-ca-policy: true
|
||||||
|
- Set attribute modifiable: false
|
||||||
|
- Require p11-kit 0.23.4
|
||||||
|
|
||||||
* Mon Feb 13 2017 Kai Engert <kaie@redhat.com> - 2017.2.11-4
|
* Mon Feb 13 2017 Kai Engert <kaie@redhat.com> - 2017.2.11-4
|
||||||
- Changed the packaged bundle to use the flexible p11-kit-object-v1 file format,
|
- Changed the packaged bundle to use the flexible p11-kit-object-v1 file format,
|
||||||
as a preparation to fix bugs in the interaction between p11-kit-trust and
|
as a preparation to fix bugs in the interaction between p11-kit-trust and
|
||||||
|
@ -122,6 +122,7 @@ def write_cert_ext_to_file(f, oid, value, public_key):
|
|||||||
f.write("class: x-certificate-extension\n");
|
f.write("class: x-certificate-extension\n");
|
||||||
f.write("object-id: " + oid + "\n")
|
f.write("object-id: " + oid + "\n")
|
||||||
f.write("value: \"" + value + "\"\n")
|
f.write("value: \"" + value + "\"\n")
|
||||||
|
f.write("modifiable: false\n");
|
||||||
f.write(public_key)
|
f.write(public_key)
|
||||||
|
|
||||||
trust_types = {
|
trust_types = {
|
||||||
@ -346,8 +347,9 @@ for tobj in objects:
|
|||||||
else:
|
else:
|
||||||
f.write("trusted: false\n")
|
f.write("trusted: false\n")
|
||||||
|
|
||||||
# enable the following line, after we have upgraded p11-kit-trust
|
# requires p11-kit >= 0.23.4
|
||||||
# f.write("nss-mozilla-ca-policy: true\n")
|
f.write("nss-mozilla-ca-policy: true\n")
|
||||||
|
f.write("modifiable: false\n");
|
||||||
|
|
||||||
f.write("-----BEGIN CERTIFICATE-----\n")
|
f.write("-----BEGIN CERTIFICATE-----\n")
|
||||||
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
|
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
|
||||||
@ -362,6 +364,7 @@ for tobj in objects:
|
|||||||
f.write("\n")
|
f.write("\n")
|
||||||
f.write("class: certificate\n")
|
f.write("class: certificate\n")
|
||||||
f.write("certificate-type: x-509\n")
|
f.write("certificate-type: x-509\n")
|
||||||
|
f.write("modifiable: false\n");
|
||||||
f.write("issuer: \"");
|
f.write("issuer: \"");
|
||||||
f.write(urllib.quote(tobj['CKA_ISSUER']));
|
f.write(urllib.quote(tobj['CKA_ISSUER']));
|
||||||
f.write("\"\n")
|
f.write("\"\n")
|
||||||
|
Loading…
Reference in New Issue
Block a user