Commit Graph

35 Commits

Author SHA1 Message Date
Kai Engert
e3a2f67722 Update to CKBI 2.20 from NSS 3.34.1 2017-11-27 21:37:37 +01:00
Kai Engert
7accaab619 Update to (yet unreleased) CKBI 2.16 which is planned for NSS 3.32. Mozilla removed all trust bits for code signing. 2017-07-19 11:40:38 +02:00
Kai Engert
6cea01c4b1 Update to CKBI 2.14 from NSS 3.30.2 2017-04-26 14:37:22 +02:00
Kai Engert
1926916bb3 Update to CKBI 2.11 from NSS 3.28.1 2017-01-11 14:16:31 +01:00
Kai Engert
00af3f958b Update to CKBI 2.10 from NSS 3.27 2016-10-04 19:54:47 +02:00
Kai Engert
552fa4a6d3 Revert to the unmodified upstream CA list, changing the legacy trust to an empty list. Keeping the ca-legacy tool and existing config, however, the configuration has no effect after this change. 2016-08-18 14:11:51 +02:00
Kai Engert
02204a071d Update to CKBI 2.9 from NSS 3.26 with legacy modifications 2016-08-16 18:51:35 +02:00
Kai Engert
54fae46d1e Update to CKBI 2.8 from NSS 3.25 with legacy modifications 2016-07-15 13:44:08 +02:00
Kai Engert
53674928a5 Update to CKBI 2.7 from NSS 3.23 with legacy modifications 2016-03-16 18:25:23 +01:00
Kai Engert
da979a1a44 Update to CKBI 2.6 from NSS 3.21 with legacy modifications 2015-11-23 17:51:07 +01:00
Kai Engert
6df1740e0f Update to CKBI 2.5 from NSS 3.19.3 with legacy modifications
This update adjusts the diff-from-upstream patch (which is a patch purely provided for documentation purposes).
It shows a modification that was made as part of the 2.4 update (which in fact removed legacy treatment for one certificate, because upstream had reverted it to an earlier trusted state, as documented on the package wiki page).
No changes to the legacy treatment were made in this 2.5 update.
2015-08-13 22:43:25 +02:00
Kai Engert
b2076a019e Update to CKBI 2.4 from NSS 3.18.1 with legacy modifications 2015-05-05 20:18:08 +02:00
Kai Engert
b18dd49764 Update to CKBI 2.3 from NSS 3.18 with legacy modifications 2015-03-20 22:12:01 +01:00
Kai Engert
b1d00ef388 Fix mistakes in the legacy handling of the upstream 2.1 and 2.2 releases 2015-03-20 21:23:05 +01:00
Kai Engert
053dde8a2f - Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications 2014-12-16 22:09:03 +01:00
Kai Engert
e24bfeb6b0 - Introduce the ca-legacy utility and a ca-legacy.conf configuration file.
By default, legacy roots required for OpenSSL/GnuTLS compatibility
  are kept enabled. Using the ca-legacy utility, the legacy roots can be
  disabled. If disabled, the system will use the trust set as provided
  by the upstream Mozilla CA list. (See also: rhbz#1158197)
2014-10-28 20:54:15 +01:00
Kai Engert
f81c301d27 - Temporarily re-enable several legacy root CA certificates because of
compatibility issues with software based on OpenSSL/GnuTLS,
  see rhbz#1144808
2014-09-21 10:33:16 +02:00
Kai Engert
18eedda612 - Update to CKBI 2.1 from NSS 3.16.4
- Fix rhbz#1130226
2014-08-14 17:06:04 +02:00
Kai Engert
f176bca921 Update to CKBI 1.97 from NSS 3.16 2014-03-19 11:30:07 +01:00
Kai Engert
5df4185c4d * Thu Jan 09 2014 Kai Engert <kaie@redhat.com> - 2013.1.96-1
- Update to CKBI 1.96 from NSS 3.15.4
2014-01-09 17:38:04 +01:00
Kai Engert
9a4d41a78e * Tue Dec 17 2013 Kai Engert <kaie@redhat.com> - 2013.1.95-1
- Update to CKBI 1.95 from NSS 3.15.3.1
2013-12-17 18:51:16 +01:00
Kai Engert
2dc4526741 - update to version 1.94 provided by NSS 3.15 (beta) 2013-05-27 14:57:04 +02:00
Paul Wouters
73800e131b * Fri Jan 04 2013 Paul Wouters <pwouters@redhat.com> - 2012.87-1
- Updated to r1.87 to blacklist mis-issued turktrust CA certs
2013-01-04 12:50:54 -05:00
Paul Wouters
b65d8a87f1 * Tue Oct 23 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-1
- update to r1.86
2012-10-23 16:04:09 -04:00
Joe Orton
df639e3f3e update to r1.85 2012-07-23 11:50:51 +01:00
Joe Orton
229976ab38 update to r1.81 2012-02-13 10:20:14 +00:00
Joe Orton
596824452e update to r1.80
fix handling of certs with dublicate Subject names (#733032)
2011-11-09 14:36:15 -08:00
Joe Orton
f098063f3d update to r1.78, removing trust from DigiNotar root (#734679) 2011-09-01 14:36:45 +01:00
Joe Orton
fbef64556c update to r1.75 2011-08-03 11:40:12 +01:00
Joe Orton
37d25f7154 update to r1.74 2011-04-20 10:12:55 +01:00
Joe Orton
bf4a1f1789 - update to r1.70 2011-01-12 13:51:15 +00:00
Joe Orton
96465e81bb - update to r1.65 2010-11-09 08:24:29 +00:00
jorton
b62ba6e474 - update to certdata.txt r1.63
- use upstream RCS version in Version
2010-04-07 09:40:17 +00:00
jorton
708646cc46 - update to certdata.txt r1.58
- add /etc/pki/tls/certs/ca-bundle.trust.crt using 'TRUSTED CERTICATE'
    format
- exclude ECC certs from the Java cacerts database
- catch keytool failures
- fail parsing certdata.txt on finding untrusted but not blacklisted cert
2010-03-18 12:23:55 +00:00
jorton
5f392b3f7e - adopt Python certdata.txt parsing script from Debian 2010-01-15 17:11:52 +00:00