public-mirrors/ca-certificates
1
0
Fork 0
mirror of https://git.launchpad.net/ubuntu/+source/ca-certificates synced 2025-04-13 09:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

20161130+nmu1 (patches unapplied)

Browse source 
Imported using git-ubuntu import.
This commit is contained in:
Chris Lamb 2017-05-19 16:53:16 +02:00 committed by git-ubuntu importer
parent ecb7826d4f
commit 0a3d07219f
Notes: git-ubuntu importer 2020-07-14 23:31:49 +00:00 
  * Non-maintainer upload.
  * Add StartCom and WoSign certificates to mozilla/blacklist.txt as they are
    now untrusted by the major browser vendors. Closes: #858539
2 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
debian/changelog vendored
View file

@ -1,3 +1,11 @@
ca-certificates (20161130+nmu1) unstable; urgency=medium
* Non-maintainer upload.
* Add StartCom and WoSign certificates to mozilla/blacklist.txt as they are
now untrusted by the major browser vendors. Closes: #858539
-- Chris Lamb <lamby@debian.org> Fri, 19 May 2017 16:53:16 +0200
ca-certificates (20161130) unstable; urgency=medium ca-certificates (20161130) unstable; urgency=medium
[ Philipp Kern ] [ Philipp Kern ]

16
mozilla/blacklist.txt
View file

@ -5,3 +5,19 @@
# DigiNotar Root CA (see debbug#639744) # DigiNotar Root CA (see debbug#639744)
"DigiNotar Root CA" "DigiNotar Root CA"
# StartCom and WoSign certificates are now untrusted by the major browser
# vendors[0]. See [1] for discussion. The list was generated by:
#
# $ egrep 'WoSign|StartCom' mozilla/certdata.txt \
# | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq
#
# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
# [1] https://bugs.debian.org/858539
#
"StartCom Certification Authority"
"StartCom Certification Authority G2"
"WoSign"
"WoSign China"
"Certification Authority of WoSign G2"
"CA WoSign ECC Root"