ca-certificates/nssckbi.h
Bob Relyea c4c1a32e95 Add code to pull in object signing certs from Common CA Database (ccadb.org).
Fix the updated merge scripts to handle this.
Prune Expired certificates from certdata.txt and the object signing cert list

Update to CKBI 2.48 from NSS 3.64

   Removing:
    # Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
    # Certificate "GeoTrust Universal CA 2"
    # Certificate "QuoVadis Root CA"
    # Certificate "Sonera Class 2 Root CA"
    # Certificate "Taiwan GRCA"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
    # Certificate "EE Certification Centre Root CA"
    # Certificate "LuxTrust Global Root 2"
    # Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
    # Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
   Adding:
    # Certificate "Microsoft ECC Root Certificate Authority 2017"
    # Certificate "Microsoft RSA Root Certificate Authority 2017"
    # Certificate "e-Szigno Root CA 2017"
    # Certificate "certSIGN Root CA G2"
    # Certificate "Trustwave Global Certification Authority"
    # Certificate "Trustwave Global ECC P256 Certification Authority"
    # Certificate "Trustwave Global ECC P384 Certification Authority"
    # Certificate "NAVER Global Root Certification Authority"
    # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
    # Certificate "GlobalSign Secure Mail Root R45"
    # Certificate "GlobalSign Secure Mail Root E45"
    # Certificate "GlobalSign Root R46"
    # Certificate "GlobalSign Root E46"
    # Certificate "Certum EC-384 CA"
    # Certificate "Certum Trusted Root CA"
    # Certificate "GlobalSign Code Signing Root R45"
    # Certificate "GlobalSign Code Signing Root E45"
    # Certificate "Halcom Root Certificate Authority"
    # Certificate "Symantec Class 3 Public Primary Certification Authority - G6"
    # Certificate "GLOBALTRUST"
    # Certificate "MULTICERT Root Certification Authority 01"
    # Certificate "Verizon Global Root CA"
    # Certificate "Tunisian Root Certificate Authority - TunRootCA2"
    # Certificate "CAEDICOM Root"
    # Certificate "COMODO Certification Authority"
    # Certificate "Security Communication ECC RootCA1"
    # Certificate "Security Communication RootCA3"
    # Certificate "AC RAIZ DNIE"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3"
    # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány"
    # Certificate "GLOBALTRUST 2015"
    # Certificate "emSign Root CA - G2"
    # Certificate "emSign Root CA - C2"
2021-05-25 16:48:57 -07:00

62 lines
2.4 KiB
C

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef NSSCKBI_H
#define NSSCKBI_H
/*
* NSS BUILTINS Version numbers.
*
* These are the version numbers for the builtins module packaged with
* this release on NSS. To determine the version numbers of the builtin
* module you are using, use the appropriate PKCS #11 calls.
*
* These version numbers detail changes to the PKCS #11 interface. They map
* to the PKCS #11 spec versions.
*/
#define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
#define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20
/* These version numbers detail the changes
* to the list of trusted certificates.
*
* The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
* whenever we change the list of trusted certificates.
*
* Please use the following rules when increasing the version number:
*
* - starting with version 2.14, NSS_BUILTINS_LIBRARY_VERSION_MINOR
* must always be an EVEN number (e.g. 16, 18, 20 etc.)
*
* - whenever possible, if older branches require a modification to the
* list, these changes should be made on the main line of development (trunk),
* and the older branches should update to the most recent list.
*
* - ODD minor version numbers are reserved to indicate a snapshot that has
* deviated from the main line of development, e.g. if it was necessary
* to modify the list on a stable branch.
* Once the version has been changed to an odd number (e.g. 2.13) on a branch,
* it should remain unchanged on that branch, even if further changes are
* made on that branch.
*
* NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear
* whether we may use its full range (0-255) or only 0-99 because
* of the comment in the CK_VERSION type definition.
* It's recommend to switch back to 0 after having reached version 98/99.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 48
#define NSS_BUILTINS_LIBRARY_VERSION "2.48"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
#define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
/* These version numbers detail the semantic changes to ckbi itself
* (new PKCS #11 objects), etc. */
#define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
#define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0
#endif /* NSSCKBI_H */