Robert Relyea
439a513c7a
Update ca-certficates to 2.26 from NSS 3.39
2018-09-24 17:18:53 -07:00
Kai Engert
342574ec95
Update to CKBI 2.24 from NSS 3.37
2018-05-18 13:05:43 +02:00
Kai Engert
a77bc273de
Update to CKBI 2.22 from NSS 3.35
2018-02-06 14:42:09 +01:00
Kai Engert
e3a2f67722
Update to CKBI 2.20 from NSS 3.34.1
2017-11-27 21:37:37 +01:00
Kai Engert
7accaab619
Update to (yet unreleased) CKBI 2.16 which is planned for NSS 3.32. Mozilla removed all trust bits for code signing.
2017-07-19 11:40:38 +02:00
Kai Engert
6cea01c4b1
Update to CKBI 2.14 from NSS 3.30.2
2017-04-26 14:37:22 +02:00
Kai Engert
1926916bb3
Update to CKBI 2.11 from NSS 3.28.1
2017-01-11 14:16:31 +01:00
Kai Engert
00af3f958b
Update to CKBI 2.10 from NSS 3.27
2016-10-04 19:54:47 +02:00
Kai Engert
552fa4a6d3
Revert to the unmodified upstream CA list, changing the legacy trust to an empty list. Keeping the ca-legacy tool and existing config, however, the configuration has no effect after this change.
2016-08-18 14:11:51 +02:00
Kai Engert
02204a071d
Update to CKBI 2.9 from NSS 3.26 with legacy modifications
2016-08-16 18:51:35 +02:00
Kai Engert
54fae46d1e
Update to CKBI 2.8 from NSS 3.25 with legacy modifications
2016-07-15 13:44:08 +02:00
Kai Engert
53674928a5
Update to CKBI 2.7 from NSS 3.23 with legacy modifications
2016-03-16 18:25:23 +01:00
Kai Engert
da979a1a44
Update to CKBI 2.6 from NSS 3.21 with legacy modifications
2015-11-23 17:51:07 +01:00
Kai Engert
6df1740e0f
Update to CKBI 2.5 from NSS 3.19.3 with legacy modifications
...
This update adjusts the diff-from-upstream patch (which is a patch purely provided for documentation purposes).
It shows a modification that was made as part of the 2.4 update (which in fact removed legacy treatment for one certificate, because upstream had reverted it to an earlier trusted state, as documented on the package wiki page).
No changes to the legacy treatment were made in this 2.5 update.
2015-08-13 22:43:25 +02:00
Kai Engert
b2076a019e
Update to CKBI 2.4 from NSS 3.18.1 with legacy modifications
2015-05-05 20:18:08 +02:00
Kai Engert
b18dd49764
Update to CKBI 2.3 from NSS 3.18 with legacy modifications
2015-03-20 22:12:01 +01:00
Kai Engert
b1d00ef388
Fix mistakes in the legacy handling of the upstream 2.1 and 2.2 releases
2015-03-20 21:23:05 +01:00
Kai Engert
053dde8a2f
- Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications
2014-12-16 22:09:03 +01:00
Kai Engert
e24bfeb6b0
- Introduce the ca-legacy utility and a ca-legacy.conf configuration file.
...
By default, legacy roots required for OpenSSL/GnuTLS compatibility
are kept enabled. Using the ca-legacy utility, the legacy roots can be
disabled. If disabled, the system will use the trust set as provided
by the upstream Mozilla CA list. (See also: rhbz#1158197)
2014-10-28 20:54:15 +01:00
Kai Engert
f81c301d27
- Temporarily re-enable several legacy root CA certificates because of
...
compatibility issues with software based on OpenSSL/GnuTLS,
see rhbz#1144808
2014-09-21 10:33:16 +02:00
Kai Engert
18eedda612
- Update to CKBI 2.1 from NSS 3.16.4
...
- Fix rhbz#1130226
2014-08-14 17:06:04 +02:00
Kai Engert
f176bca921
Update to CKBI 1.97 from NSS 3.16
2014-03-19 11:30:07 +01:00
Kai Engert
5df4185c4d
* Thu Jan 09 2014 Kai Engert <kaie@redhat.com> - 2013.1.96-1
...
- Update to CKBI 1.96 from NSS 3.15.4
2014-01-09 17:38:04 +01:00
Kai Engert
9a4d41a78e
* Tue Dec 17 2013 Kai Engert <kaie@redhat.com> - 2013.1.95-1
...
- Update to CKBI 1.95 from NSS 3.15.3.1
2013-12-17 18:51:16 +01:00
Kai Engert
2dc4526741
- update to version 1.94 provided by NSS 3.15 (beta)
2013-05-27 14:57:04 +02:00
Paul Wouters
73800e131b
* Fri Jan 04 2013 Paul Wouters <pwouters@redhat.com> - 2012.87-1
...
- Updated to r1.87 to blacklist mis-issued turktrust CA certs
2013-01-04 12:50:54 -05:00
Paul Wouters
b65d8a87f1
* Tue Oct 23 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-1
...
- update to r1.86
2012-10-23 16:04:09 -04:00
Joe Orton
df639e3f3e
update to r1.85
2012-07-23 11:50:51 +01:00
Joe Orton
229976ab38
update to r1.81
2012-02-13 10:20:14 +00:00
Joe Orton
596824452e
update to r1.80
...
fix handling of certs with dublicate Subject names (#733032 )
2011-11-09 14:36:15 -08:00
Joe Orton
f098063f3d
update to r1.78, removing trust from DigiNotar root ( #734679 )
2011-09-01 14:36:45 +01:00
Joe Orton
fbef64556c
update to r1.75
2011-08-03 11:40:12 +01:00
Joe Orton
37d25f7154
update to r1.74
2011-04-20 10:12:55 +01:00
Joe Orton
bf4a1f1789
- update to r1.70
2011-01-12 13:51:15 +00:00
Joe Orton
96465e81bb
- update to r1.65
2010-11-09 08:24:29 +00:00
jorton
b62ba6e474
- update to certdata.txt r1.63
...
- use upstream RCS version in Version
2010-04-07 09:40:17 +00:00
jorton
708646cc46
- update to certdata.txt r1.58
...
- add /etc/pki/tls/certs/ca-bundle.trust.crt using 'TRUSTED CERTICATE'
format
- exclude ECC certs from the Java cacerts database
- catch keytool failures
- fail parsing certdata.txt on finding untrusted but not blacklisted cert
2010-03-18 12:23:55 +00:00
jorton
5f392b3f7e
- adopt Python certdata.txt parsing script from Debian
2010-01-15 17:11:52 +00:00