rpms/ca-certificates
6
0
Fork 0
Code Issues Pull Requests Releases Activity
151 Commits 7 Branches 28 Tags 2.2 MiB
1c8b67fb5a
Commit Graph

43 Commits

Author SHA1 Message Date
Bob Relyea
6d222498e8 Update to CKBI 2.50 from NSS 3.67 
Removing:
    # Certificate "Trustis FPS Root CA"
    # Certificate "GlobalSign Code Signing Root R45"
    # Certificate "GlobalSign Code Signing Root E45"
    # Certificate "Halcom Root Certificate Authority"
    # Certificate "Symantec Class 3 Public Primary Certification Authority - G6"
    # Certificate "GLOBALTRUST"
    # Certificate "MULTICERT Root Certification Authority 01"
    # Certificate "Verizon Global Root CA"
    # Certificate "Tunisian Root Certificate Authority - TunRootCA2"
    # Certificate "CAEDICOM Root"
    # Certificate "COMODO Certification Authority"
    # Certificate "Security Communication ECC RootCA1"
    # Certificate "Security Communication RootCA3"
    # Certificate "AC RAIZ DNIE"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
    # Certificate "VeriSign Universal Root Certification Authority"
    # Certificate "GeoTrust Global CA"
    # Certificate "GeoTrust Primary Certification Authority"
    # Certificate "thawte Primary Root CA"
    # Certificate "thawte Primary Root CA - G2"
    # Certificate "thawte Primary Root CA - G3"
    # Certificate "GeoTrust Primary Certification Authority - G3"
    # Certificate "GeoTrust Primary Certification Authority - G2"
    # Certificate "GeoTrust Universal CA"
    # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány"
    # Certificate "GLOBALTRUST 2015"
    # Certificate "emSign Root CA - G2"
    # Certificate "emSign Root CA - C2"
   Adding:
    # Certificate "GLOBALTRUST 2020"
    # Certificate "ANF Secure Server Root CA"
 2021-06-16 13:32:35 -07:00
Bob Relyea
c4c1a32e95 Add code to pull in object signing certs from Common CA Database (ccadb.org). 
Fix the updated merge scripts to handle this.
Prune Expired certificates from certdata.txt and the object signing cert list

Update to CKBI 2.48 from NSS 3.64

   Removing:
    # Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
    # Certificate "GeoTrust Universal CA 2"
    # Certificate "QuoVadis Root CA"
    # Certificate "Sonera Class 2 Root CA"
    # Certificate "Taiwan GRCA"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
    # Certificate "EE Certification Centre Root CA"
    # Certificate "LuxTrust Global Root 2"
    # Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
    # Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
   Adding:
    # Certificate "Microsoft ECC Root Certificate Authority 2017"
    # Certificate "Microsoft RSA Root Certificate Authority 2017"
    # Certificate "e-Szigno Root CA 2017"
    # Certificate "certSIGN Root CA G2"
    # Certificate "Trustwave Global Certification Authority"
    # Certificate "Trustwave Global ECC P256 Certification Authority"
    # Certificate "Trustwave Global ECC P384 Certification Authority"
    # Certificate "NAVER Global Root Certification Authority"
    # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
    # Certificate "GlobalSign Secure Mail Root R45"
    # Certificate "GlobalSign Secure Mail Root E45"
    # Certificate "GlobalSign Root R46"
    # Certificate "GlobalSign Root E46"
    # Certificate "Certum EC-384 CA"
    # Certificate "Certum Trusted Root CA"
    # Certificate "GlobalSign Code Signing Root R45"
    # Certificate "GlobalSign Code Signing Root E45"
    # Certificate "Halcom Root Certificate Authority"
    # Certificate "Symantec Class 3 Public Primary Certification Authority - G6"
    # Certificate "GLOBALTRUST"
    # Certificate "MULTICERT Root Certification Authority 01"
    # Certificate "Verizon Global Root CA"
    # Certificate "Tunisian Root Certificate Authority - TunRootCA2"
    # Certificate "CAEDICOM Root"
    # Certificate "COMODO Certification Authority"
    # Certificate "Security Communication ECC RootCA1"
    # Certificate "Security Communication RootCA3"
    # Certificate "AC RAIZ DNIE"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3"
    # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány"
    # Certificate "GLOBALTRUST 2015"
    # Certificate "emSign Root CA - G2"
    # Certificate "emSign Root CA - C2"
 2021-05-25 16:48:57 -07:00
Bob Relyea
9a68b05c60 Update to CKBI 2.41 from NSS 3.53.0 
Removing:
    # Certificate "AddTrust Low-Value Services Root"
    # Certificate "AddTrust External Root"
    # Certificate "Staat der Nederlanden Root CA - G2"

-Updates several certificates with CKA_SERVER_DISTRUST_AFTER with a data
-Fix circular dependency issue by moving ca-legacy and upcate-ca-trust to
 %posttrans
 2020-06-10 12:45:49 -07:00
Daiki Ueno
eaf3ef8b6b Update to CKBI 2.40 from NSS 3.48 2020-01-22 10:56:12 +01:00
Bob Relyea
605570b71e Resolves: rhbz#1722213 
- Update to CKBI 2.32 from NSS 3.44
   Removing:
    # Certificate "Visa eCommerce Root"
    # Certificate "AC Raiz Certicamara S.A."
    # Certificate "Certplus Root CA G1"
    # Certificate "Certplus Root CA G2"
    # Certificate "OpenTrust Root CA G1"
    # Certificate "OpenTrust Root CA G2"
    # Certificate "OpenTrust Root CA G3"
   Adding:
    # Certificate "GTS Root R1"
    # Certificate "GTS Root R2"
    # Certificate "GTS Root R3"
    # Certificate "GTS Root R4"
    # Certificate "UCA Global G2 Root"
    # Certificate "UCA Extended Validation Root"
    # Certificate "Certigna Root CA"
    # Certificate "emSign Root CA - G1"
    # Certificate "emSign ECC Root CA - G3"
    # Certificate "emSign Root CA - C1"
    # Certificate "emSign ECC Root CA - C3"
    # Certificate "Hongkong Post Root CA 3"
 2019-06-19 10:17:16 -07:00
Robert Relyea
439a513c7a Update ca-certficates to 2.26 from NSS 3.39 2018-09-24 17:18:53 -07:00
Kai Engert
342574ec95 Update to CKBI 2.24 from NSS 3.37 2018-05-18 13:05:43 +02:00
Kai Engert
a77bc273de Update to CKBI 2.22 from NSS 3.35 2018-02-06 14:42:09 +01:00
Kai Engert
e3a2f67722 Update to CKBI 2.20 from NSS 3.34.1 2017-11-27 21:37:37 +01:00
Kai Engert
7accaab619 Update to (yet unreleased) CKBI 2.16 which is planned for NSS 3.32. Mozilla removed all trust bits for code signing. 2017-07-19 11:40:38 +02:00
Kai Engert
6cea01c4b1 Update to CKBI 2.14 from NSS 3.30.2 2017-04-26 14:37:22 +02:00
Kai Engert
1926916bb3 Update to CKBI 2.11 from NSS 3.28.1 2017-01-11 14:16:31 +01:00
Kai Engert
00af3f958b Update to CKBI 2.10 from NSS 3.27 2016-10-04 19:54:47 +02:00
Kai Engert
552fa4a6d3 Revert to the unmodified upstream CA list, changing the legacy trust to an empty list. Keeping the ca-legacy tool and existing config, however, the configuration has no effect after this change. 2016-08-18 14:11:51 +02:00
Kai Engert
02204a071d Update to CKBI 2.9 from NSS 3.26 with legacy modifications 2016-08-16 18:51:35 +02:00
Kai Engert
54fae46d1e Update to CKBI 2.8 from NSS 3.25 with legacy modifications 2016-07-15 13:44:08 +02:00
Kai Engert
53674928a5 Update to CKBI 2.7 from NSS 3.23 with legacy modifications 2016-03-16 18:25:23 +01:00
Kai Engert
da979a1a44 Update to CKBI 2.6 from NSS 3.21 with legacy modifications 2015-11-23 17:51:07 +01:00
Kai Engert
6df1740e0f Update to CKBI 2.5 from NSS 3.19.3 with legacy modifications 
This update adjusts the diff-from-upstream patch (which is a patch purely provided for documentation purposes).
It shows a modification that was made as part of the 2.4 update (which in fact removed legacy treatment for one certificate, because upstream had reverted it to an earlier trusted state, as documented on the package wiki page).
No changes to the legacy treatment were made in this 2.5 update.
 2015-08-13 22:43:25 +02:00
Kai Engert
b2076a019e Update to CKBI 2.4 from NSS 3.18.1 with legacy modifications 2015-05-05 20:18:08 +02:00
Kai Engert
b18dd49764 Update to CKBI 2.3 from NSS 3.18 with legacy modifications 2015-03-20 22:12:01 +01:00
Kai Engert
b1d00ef388 Fix mistakes in the legacy handling of the upstream 2.1 and 2.2 releases 2015-03-20 21:23:05 +01:00
Kai Engert
053dde8a2f - Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications 2014-12-16 22:09:03 +01:00
Kai Engert
e24bfeb6b0 - Introduce the ca-legacy utility and a ca-legacy.conf configuration file. 
By default, legacy roots required for OpenSSL/GnuTLS compatibility
  are kept enabled. Using the ca-legacy utility, the legacy roots can be
  disabled. If disabled, the system will use the trust set as provided
  by the upstream Mozilla CA list. (See also: rhbz#1158197)
 2014-10-28 20:54:15 +01:00
Kai Engert
f81c301d27 - Temporarily re-enable several legacy root CA certificates because of 
compatibility issues with software based on OpenSSL/GnuTLS,
  see rhbz#1144808
 2014-09-21 10:33:16 +02:00
Kai Engert
18eedda612 - Update to CKBI 2.1 from NSS 3.16.4 
- Fix rhbz#1130226
 2014-08-14 17:06:04 +02:00
Kai Engert
f176bca921 Update to CKBI 1.97 from NSS 3.16 2014-03-19 11:30:07 +01:00
Kai Engert
5df4185c4d * Thu Jan 09 2014 Kai Engert <kaie@redhat.com> - 2013.1.96-1 
- Update to CKBI 1.96 from NSS 3.15.4
 2014-01-09 17:38:04 +01:00
Kai Engert
9a4d41a78e * Tue Dec 17 2013 Kai Engert <kaie@redhat.com> - 2013.1.95-1 
- Update to CKBI 1.95 from NSS 3.15.3.1
 2013-12-17 18:51:16 +01:00
Kai Engert
2dc4526741 - update to version 1.94 provided by NSS 3.15 (beta) 2013-05-27 14:57:04 +02:00
Paul Wouters
73800e131b * Fri Jan 04 2013 Paul Wouters <pwouters@redhat.com> - 2012.87-1 
- Updated to r1.87 to blacklist mis-issued turktrust CA certs
 2013-01-04 12:50:54 -05:00
Paul Wouters
b65d8a87f1 * Tue Oct 23 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-1 
- update to r1.86
 2012-10-23 16:04:09 -04:00
Joe Orton
df639e3f3e update to r1.85 2012-07-23 11:50:51 +01:00
Joe Orton
229976ab38 update to r1.81 2012-02-13 10:20:14 +00:00
Joe Orton
596824452e update to r1.80 
fix handling of certs with dublicate Subject names (#733032)
 2011-11-09 14:36:15 -08:00
Joe Orton
f098063f3d update to r1.78, removing trust from DigiNotar root (#734679) 2011-09-01 14:36:45 +01:00
Joe Orton
fbef64556c update to r1.75 2011-08-03 11:40:12 +01:00
Joe Orton
37d25f7154 update to r1.74 2011-04-20 10:12:55 +01:00
Joe Orton
bf4a1f1789 - update to r1.70 2011-01-12 13:51:15 +00:00
Joe Orton
96465e81bb - update to r1.65 2010-11-09 08:24:29 +00:00
jorton
b62ba6e474 - update to certdata.txt r1.63 
- use upstream RCS version in Version
 2010-04-07 09:40:17 +00:00
jorton
708646cc46 - update to certdata.txt r1.58 
- add /etc/pki/tls/certs/ca-bundle.trust.crt using 'TRUSTED CERTICATE'
    format
- exclude ECC certs from the Java cacerts database
- catch keytool failures
- fail parsing certdata.txt on finding untrusted but not blacklisted cert
 2010-03-18 12:23:55 +00:00
jorton
5f392b3f7e - adopt Python certdata.txt parsing script from Debian 2010-01-15 17:11:52 +00:00