Commit Graph

113 Commits

Author SHA1 Message Date
Kai Engert
9a4d41a78e * Tue Dec 17 2013 Kai Engert <kaie@redhat.com> - 2013.1.95-1
- Update to CKBI 1.95 from NSS 3.15.3.1
2013-12-17 18:51:16 +01:00
Kai Engert
10e748b11e The PKCS#11 attributes of a stapled extension changed slightly
during the 0.19.x releases. This was due to specification work on
the 'Storing Trust Policy' document. Patch by Stef Walter.
Resolves: rhbz#988745
2013-09-06 17:22:25 +02:00
Kai Engert
e3e96c2ad9 - merge manual improvement from f19 2013-09-03 13:32:18 +02:00
Kai Engert
ec67e63d7a Merge branch 'master' of ssh://pkgs.fedoraproject.org/ca-certificates
Conflicts:
	ca-certificates.spec
2013-09-03 13:07:33 +02:00
Dennis Gilmore
04d3dc5036 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-02 23:13:50 -05:00
Kai Engert
ed9b40a653 - improve manpage 2013-07-17 15:39:41 +02:00
Kai Engert
540618e93b - clarification updates to manual page 2013-07-09 12:50:17 +02:00
Kai Engert
9ac574b7ef - added a manual page and related build requirements
- simplify the README files now that we have a manual page
- set a certificate alias in trusted bundle (thanks to Ludwig Nussel)
2013-07-09 00:59:15 +02:00
Kai Engert
6c5dbfb646 * Mon May 27 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-13
- use correct command in README files, rhbz#961809
2013-05-27 15:28:11 +02:00
Kai Engert
2dc4526741 - update to version 1.94 provided by NSS 3.15 (beta) 2013-05-27 14:57:04 +02:00
Kai Engert
b2e71a9f9a * Mon Apr 22 2013 Kai Engert <kaie@redhat.com> - 2012.87-12
- Use both label and serial to identify cert during conversion, rhbz#927601
- Add myself as contributor to certdata2.pem.py and remove use of rcs/ident.
  (thanks to Michael Shuler for suggesting to do so)
- Update source URLs and comments, add source file for version information.
2013-04-22 14:58:59 +02:00
Kai Engert
34f352da5f * Tue Mar 19 2013 Kai Engert <kaie@redhat.com> - 2012.87-11
- adjust to changed and new functionality provided by p11-kit 0.17.3
- updated READMEs to describe the new directory-specific treatment of files
- ship a new file that contains certificates with neutral trust
- ship a new file that contains distrust objects, and also staple a
  basic constraint extension to one legacy root contained in the
  Mozilla CA list
- adjust the build script to dynamically produce most of above files
- add and own the anchors and blacklist subdirectories
- file generate-cacerts.pl is no longer required
2013-03-24 00:36:13 +01:00
Kai Engert
d538ada99c * Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 2012.87-9
- Major rework for the Fedora SharedSystemCertificates feature.
- Only ship a PEM bundle file using the BEGIN TRUSTED CERTIFICATE file format.
- Require the p11-kit package that contains tools to automatically create
  other file format bundles.
- Convert old file locations to symbolic links that point to dynamically
  generated files.
- Old files, which might have been locally modified, will be saved in backup
  files with .rpmsave extension.
- Added a update-ca-certificates script which can be used to regenerate
  the merged trusted output.
- Refer to the various README files that have been added for more detailed
  explanation of the new system.
- No longer require rsc for building.
- Add explanation for the future version numbering scheme,
  because the old numbering scheme was based on upstream using cvs,
  which is no longer true, and therefore can no longer be used.
- Includes changes from rhbz#873369.
2013-03-09 00:09:26 +01:00
Kai Engert
0ecb427592 * Thu Mar 07 2013 Kai Engert <kaie@redhat.com> - 2012.87-2.fc19.1
- Ship trust bundle file in /usr/share/pki/ca-trust-source/, temporarily in addition.
  This location will soon become the only place containing this file.
2013-03-08 00:03:25 +01:00
Dennis Gilmore
dc139972f7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-13 12:10:59 -06:00
Paul Wouters
73800e131b * Fri Jan 04 2013 Paul Wouters <pwouters@redhat.com> - 2012.87-1
- Updated to r1.87 to blacklist mis-issued turktrust CA certs
2013-01-04 12:50:54 -05:00
Paul Wouters
3f84976ebe Merge branch 'f18'
Conflicts:
	ca-certificates.spec
2012-10-24 14:19:30 -04:00
Paul Wouters
b695953124 Merge branch 'f17' into f18
Conflicts:
	ca-certificates.spec
2012-10-24 14:19:08 -04:00
Paul Wouters
829cbef0ba * Wed Oct 24 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-2
- Updated blacklist with 20 entries (Diginotar, Trustwave, Comodo(?)
- Fix to certdata2pem.py to also check for CKT_NSS_NOT_TRUSTED

Also updated pointer to certdata.txt explaining that's a pointer to
an unstable version.
2012-10-24 14:17:36 -04:00
Paul Wouters
0d3a176f72 * blacklist.txt: updated blacklist with 20 entries
These contain bogus issues from Comodo(?), Diginotar and Trustwave
2012-10-24 13:59:21 -04:00
Paul Wouters
d5bb2887a4 * certdata2pem.py was checking an obsoleted variable CKT_NSS_UNTRUSTED
This was recently changed to CKT_NSS_NOT_TRUSTED, so I've changed the
python code to check for both.
2012-10-24 13:55:29 -04:00
Paul Wouters
4ced2b6694 * Added real source url for certdata.txt on hg.mozilla.org 2012-10-23 21:38:13 -04:00
Paul Wouters
1e5066520f * Added real source url for certdata.txt on hg.mozilla.org 2012-10-23 21:35:11 -04:00
Paul Wouters
0a930f04ef * Added real source url for certdata.txt on hg.mozilla.org 2012-10-23 21:34:15 -04:00
Paul Wouters
b65d8a87f1 * Tue Oct 23 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-1
- update to r1.86
2012-10-23 16:04:09 -04:00
Joe Orton
bc18e50165 add openssl to BuildRequires 2012-07-23 12:49:30 +01:00
Joe Orton
df639e3f3e update to r1.85 2012-07-23 11:50:51 +01:00
Dennis Gilmore
816ae11fdb - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-18 13:30:37 -05:00
Joe Orton
1a704861b2 merge 2012-02-13 10:21:52 +00:00
Joe Orton
229976ab38 update to r1.81 2012-02-13 10:20:14 +00:00
Dennis Gilmore
8c27f267a8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-12 16:58:40 -06:00
Joe Orton
0aa3fca140 remove stale ca-bundle.crt 2011-11-15 17:02:56 +00:00
Joe Orton
596824452e update to r1.80
fix handling of certs with dublicate Subject names (#733032)
2011-11-09 14:36:15 -08:00
Joe Orton
f098063f3d update to r1.78, removing trust from DigiNotar root (#734679) 2011-09-01 14:36:45 +01:00
Joe Orton
fbef64556c update to r1.75 2011-08-03 11:40:12 +01:00
Joe Orton
3f0275ff7a update to r1.74 2011-04-20 10:27:11 +01:00
Joe Orton
37d25f7154 update to r1.74 2011-04-20 10:12:55 +01:00
Dennis Gilmore
9ee01c7c25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 00:15:48 -06:00
Joe Orton
0d2dd802d9 - fix firmaprofessional alias conflict 2011-01-12 14:25:09 +00:00
Joe Orton
bf4a1f1789 - update to r1.70 2011-01-12 13:51:15 +00:00
Joe Orton
96465e81bb - update to r1.65 2010-11-09 08:24:29 +00:00
Fedora Release Engineering
9320d8ebfd dist-git conversion 2010-07-28 11:24:33 +00:00
jorton
1e4f909cf7 ignore more. 2010-04-07 14:54:17 +00:00
jorton
c9fb114c90 - package /etc/ssl/certs symlink for third-party apps (#572725) 2010-04-07 14:51:30 +00:00
jorton
58bb64fcf4 - rebuild 2010-04-07 10:32:36 +00:00
jorton
b62ba6e474 - update to certdata.txt r1.63
- use upstream RCS version in Version
2010-04-07 09:40:17 +00:00
jorton
dc70b1f07b - fix ca-bundle.crt (#575111) 2010-03-19 14:00:29 +00:00
jorton
708646cc46 - update to certdata.txt r1.58
- add /etc/pki/tls/certs/ca-bundle.trust.crt using 'TRUSTED CERTICATE'
    format
- exclude ECC certs from the Java cacerts database
- catch keytool failures
- fail parsing certdata.txt on finding untrusted but not blacklisted cert
2010-03-18 12:23:55 +00:00
jorton
8d292c2dfd - revert temp hack 2010-01-18 09:23:31 +00:00
jorton
a74f4c6767 - tone down debugging. 2010-01-15 21:02:49 +00:00