public-mirrors/ca-certificates
1
0
Fork 0
mirror of https://git.launchpad.net/ubuntu/+source/ca-certificates synced 2025-04-13 09:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

20090624 (patches unapplied)

Browse source 
Imported using git-ubuntu import.
This commit is contained in:
Philipp Kern 2009-06-24 21:04:08 +02:00 committed by git-ubuntu importer
parent 00e8887dc3
commit 0b0f1b1ec0
Notes: git-ubuntu importer 2020-07-14 23:24:32 +00:00 
  * Allow local certificate installation.  All certificates found
    in `/usr/local/share/ca-certificates' will be automatically added
    to the list of trusted certificates in `/etc/ssl/certs'.
    (Closes: #352637, #419491, #473677, #476663, #511150)
  * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
    1.51):
    + COMODO ECC Certification Authority
    + DigiNotar Root CA
    + Network Solutions Certificate Authority
    + WellsSecure Public Root Certificate Authority
    - Equifax Secure Global eBusiness CA
    - UTN USERFirst Object Root CA
  * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
    untrusted certificates.  This led to the exclusion of the
    "MD5 Collisions Forged Rogue CA 23c3" and its parent
    "Equifax Secure Global eBusiness CA".  Furthermore code signing-only
    certificates are no longer included neither.
  * Remove the purging of old PEM files in postinst dating back to
    versions earlier than 20030414.
  * Hooks are now called at every invocation of `update-ca-certificates'.
    If no changes were done to `/etc/ssl/certs', the input for the
    hooks will be empty, though.  Failure exit codes of hooks will not
    tear down the upgrade process anymore.  They are printed but ignored.
17 changed files with 1035 additions and 195 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
debian/NEWS vendored
View file

@ -1,3 +1,21 @@
ca-certificates (20090624) unstable; urgency=low
* This update eases the installation of local certification authorities
by providing a canonical location in `/usr/local/share/ca-certificates'.
All certificates found in this directory will automatically be included
into the list of trusted certificates. For details please see
`/usr/share/doc/ca-certificates/README.Debian'.
* New CA certificates:
- COMODO ECC Certification Authority
- DigiNotar Root CA
- Network Solutions Certificate Authority
- WellsSecure Public Root Certificate Authority
* Removed CA certificates:
- Equifax Secure Global eBusiness CA
- UTN USERFirst Object Root CA
-- Philipp Kern <pkern@debian.org> Wed, 24 Jun 2009 21:04:45 +0200
ca-certificates (20080809) unstable; urgency=low
* New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.

7
debian/README.Debian vendored
View file

@ -21,6 +21,13 @@ used by the web browsers in Debian. It will also generate the hash
symlinks and generate a single-file version in
“/etc/ssl/certs/ca-certificates.crt”.
If you want to install local certificate authorities to be implicitly
trusted, please put the certificate files as single files ending with
“.crt“ into “/usr/local/share/ca-certificates” and re-run
“update-ca-certificates”. If you want to prepare a local package
of your certificates, you should depend on “ca-certificates“, install
the PEM files into “/usr/local/share/ca-certificates” as above and call
“update-ca-certificates” in the package's “postinst“.
How certificates will be accepted into the ca-certificates package
------------------------------------------------------------------

28
debian/changelog vendored
View file

@ -1,3 +1,31 @@
ca-certificates (20090624) unstable; urgency=low
* Allow local certificate installation. All certificates found
in `/usr/local/share/ca-certificates' will be automatically added
to the list of trusted certificates in `/etc/ssl/certs'.
(Closes: #352637, #419491, #473677, #476663, #511150)
* Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
1.51):
+ COMODO ECC Certification Authority
+ DigiNotar Root CA
+ Network Solutions Certificate Authority
+ WellsSecure Public Root Certificate Authority
- Equifax Secure Global eBusiness CA
- UTN USERFirst Object Root CA
* Reimplemented the Mozilla certdata parser mainly to exclude explicitly
untrusted certificates. This led to the exclusion of the
"MD5 Collisions Forged Rogue CA 23c3" and its parent
"Equifax Secure Global eBusiness CA". Furthermore code signing-only
certificates are no longer included neither.
* Remove the purging of old PEM files in postinst dating back to
versions earlier than 20030414.
* Hooks are now called at every invocation of `update-ca-certificates'.
If no changes were done to `/etc/ssl/certs', the input for the
hooks will be empty, though. Failure exit codes of hooks will not
tear down the upgrade process anymore. They are printed but ignored.
-- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
ca-certificates (20081127) unstable; urgency=low
* Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:

4
debian/config vendored
View file

File diff suppressed because one or more lines are too long

2
debian/control vendored
View file

@ -3,7 +3,7 @@ Section: misc
Priority: optional
Maintainer: Philipp Kern <pkern@debian.org>
Build-Depends: debhelper (>> 4.1.16), po-debconf
Build-Depends-Indep: ruby
Build-Depends-Indep: python
Standards-Version: 3.8.0
Package: ca-certificates

36
debian/copyright vendored
View file

@ -1,11 +1,34 @@
This is ca-certificates, written and maintained by Fumitoshi UKAI <ukai@debian.or.jp>
on Mon, 7 Jan 2002 21:16:51 +0900.
ca-certificates was originally written and maintained by Fumitoshi UKAI
<ukai@debian.or.jp> on Mon, 7 Jan 2002 21:16:51 +0900.
The original source can always be found at:
ftp://ftp.debian.org/dists/unstable/main/source/
http://alioth.debian.org/projects/ca-certs/
ftp://ftp.debian.org/dists/unstable/main/source/
Copyright (C) 2001-2003 Fumitoshi UKAI
sbin/update-ca-certificates:
Copyright (c) 2003 Fumitoshi UKAI <ukai@debian.or.jp>
Copyright (c) 2009 Philipp Kern <pkern@debian.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
mozilla/certdata2pem.py:
Copyright (c) 2009 Philipp Kern <pkern@debian.org>
(based on a Ruby script by Fumitoshi UKAI)
Licensed under the same license as sbin/update-ca-certificates.
CA certificates from Mozilla as follows:
# The contents of this file are subject to the Mozilla Public
@ -40,4 +63,5 @@ CA certificates from Mozilla as follows:
# GPL.
On Debian GNU/Linux systems, the complete text of the GNU General Public
License can be found in '/usr/share/common-licenses/GPL'
License can be found in '/usr/share/common-licenses/GPL'.

2
debian/docs vendored
View file

@ -1,2 +0,0 @@
debian/oldpemfiles

92
debian/oldpemfiles vendored
View file

@ -1,92 +0,0 @@
ABAecom_=sub.,_Am._Bankers_Assn.=_Root_CA.pem
AddTrust_External_Root.pem
AddTrust_Non-Validated_Services_Root.pem
AddTrust_Public_Services_Root.pem
AddTrust_Qualified_Certificates_Root.pem
American_Express_CA.pem
American_Express_Global_CA.pem
Baltimore_CyberTrust_Code_Signing_Root.pem
Baltimore_CyberTrust_Mobile_Commerce_Root.pem
Baltimore_CyberTrust_Root.pem
BankEngine_CA.pem
BelSign_Object_Publishing_CA.pem
BelSign_Secure_Server_CA.pem
CertEngine_CA.pem
Deutsche_Telekom_AG_Root_CA.pem
Digital_Signature_Trust_Co._Global_CA_1.pem
Digital_Signature_Trust_Co._Global_CA_2.pem
Digital_Signature_Trust_Co._Global_CA_3.pem
Digital_Signature_Trust_Co._Global_CA_4.pem
E-Certify_CA.pem
E-Certify_RA.pem
Entrust.net_Global_Secure_Personal_CA.pem
Entrust.net_Global_Secure_Server_CA.pem
Xcert_EZ.pem
Entrust.net_Premium_2048_Secure_Server_CA.pem
Entrust.net_Secure_Personal_CA.pem
Entrust.net_Secure_Server_CA.pem
Equifax_Premium_CA.pem
Equifax_Secure_CA.pem
Equifax_Secure_Global_eBusiness_CA.pem
Equifax_Secure_eBusiness_CA_1.pem
Equifax_Secure_eBusiness_CA_2.pem
FortEngine_CA.pem
GTE_CyberTrust_Global_Root.pem
GTE_CyberTrust_Japan_Root_CA.pem
GTE_CyberTrust_Japan_Secure_Server_CA.pem
GTE_CyberTrust_Root_5.pem
GTE_CyberTrust_Root_CA.pem
GlobalSign_Partners_CA.pem
GlobalSign_Primary_Class_1_CA.pem
GlobalSign_Primary_Class_2_CA.pem
GlobalSign_Primary_Class_3_CA.pem
GlobalSign_Root_CA.pem
MailEngine_CA.pem
TC_TrustCenter,_Germany,_Class_0_CA.pem
TC_TrustCenter,_Germany,_Class_1_CA.pem
TC_TrustCenter,_Germany,_Class_2_CA.pem
TC_TrustCenter,_Germany,_Class_3_CA.pem
Thawte_Server_CA.pem
TC_TrustCenter,_Germany,_Class_4_CA.pem
Thawte_Personal_Basic_CA.pem
Thawte_Personal_Freemail_CA.pem
Thawte_Personal_Premium_CA.pem
Thawte_Premium_Server_CA.pem
Thawte_Time_Stamping_CA.pem
Thawte_Universal_CA_Root.pem
TraderEngine_CA.pem
USPS_Production_1.pem
USPS_Root.pem
ValiCert_Class_1_VA.pem
ValiCert_Class_2_VA.pem
ValiCert_Class_3_VA.pem
ValiCert_OCSP_Responder.pem
VeriSign_Class_4_Primary_CA.pem
Verisign_Class_1_Public_Primary_Certification_Authority.pem
Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem
Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
Verisign_Class_1_Public_Primary_OCSP_Responder.pem
Verisign_Class_2_Public_Primary_Certification_Authority.pem
Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem
Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
Verisign_Class_2_Public_Primary_OCSP_Responder.pem
Verisign_Class_3_Public_Primary_Certification_Authority.pem
Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
Verisign_Class_3_Public_Primary_OCSP_Responder.pem
Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem
Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.pem
Verisign_RSA_Secure_Server_CA.pem
Verisign_Secure_Server_OCSP_Responder.pem
Verisign_Time_Stamping_Authority_CA.pem
Visa_International_Global_Root_1.pem
Visa_International_Global_Root_2.pem
Visa_International_Global_Root_3.pem
Visa_International_Global_Root_4.pem
Visa_International_Global_Root_5.pem
Xcert_Root_CA.pem
Xcert_Root_CA_1024.pem
Xcert_Root_CA_v1.pem
Xcert_Root_CA_v1_1024.pem
beTRUSTed_Root_CA.pem
Debian.pem

13
debian/postinst vendored
View file

@ -38,10 +38,15 @@ delca() {
case "$1" in
configure)
if dpkg --compare-versions "$2" lt 20030414; then
# remove old *.pem files that ca-certificates installed
(cd /etc/ssl/certs; rm -f $(cat /usr/share/doc/ca-certificates/oldpemfiles))
fi
if [ ! -e /usr/local/share/ca-certificates ]
then
if mkdir /usr/local/share/ca-certificates 2>/dev/null
then
chown root:staff /usr/local/share/ca-certificates
chmod 2775 /usr/local/share/ca-certificates
fi
fi
. /usr/share/debconf/confmodule
db_version 2.0
db_capb multiselect

1
debian/postrm vendored
View file

@ -24,6 +24,7 @@ case "$1" in
test -f "$h" || rm -f "$h"
done
echo done.
rmdir /usr/local/share/ca-certificates 2>/dev/null || true
;;
purge)

14
debian/rules vendored
View file

@ -62,25 +62,11 @@ binary-indep: build install
dh_installdebconf
dh_installdocs
dh_installexamples
# dh_installmenu
# dh_installlogrotate
# dh_installemacsen
# dh_installpam
# dh_installmime
# dh_installinit
# dh_installcron
dh_installman sbin/update-ca-certificates.8
# dh_installinfo
# dh_undocumented
dh_installchangelogs
# dh_link
# dh_strip
dh_compress
dh_fixperms
# dh_makeshlibs
dh_installdeb
# dh_perl
# dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb

2
mozilla/Makefile
View file

@ -3,7 +3,7 @@
#
all:
ruby certdata2pem.rb < certdata.txt
python certdata2pem.py
clean:
-rm -f *.crt

8
mozilla/blacklist.txt Normal file
View file

@ -0,0 +1,8 @@
# One blacklist entry per line, corresponding to the label in certdata.txt.
# Parent of "MD5 Collisions Forged Rogue CA 25c3"
"Equifax Secure Global eBusiness CA"
# MD5 Collision Proof of Concept CA
"MD5 Collisions Forged Rogue CA 25c3"

733
mozilla/certdata.txt
View file

@ -34,7 +34,7 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.47 $ $Date: 2008/04/07 07:03:15 $"
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.51 $ $Date: 2009/01/15 22:35:15 $"
#
# certdata.txt
@ -2678,19 +2678,19 @@ CKA_ISSUER MULTILINE_OCTAL
\156\040\122\157\157\164\040\103\101
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\013\002\000\000\000\000\000\326\170\267\224\005
\002\013\004\000\000\000\000\001\025\113\132\303\224
END
CKA_VALUE MULTILINE_OCTAL
\060\202\003\165\060\202\002\135\240\003\002\001\002\002\013\002
\000\000\000\000\000\326\170\267\224\005\060\015\006\011\052\206
\110\206\367\015\001\001\004\005\000\060\127\061\013\060\011\006
\060\202\003\165\060\202\002\135\240\003\002\001\002\002\013\004
\000\000\000\000\001\025\113\132\303\224\060\015\006\011\052\206
\110\206\367\015\001\001\005\005\000\060\127\061\013\060\011\006
\003\125\004\006\023\002\102\105\061\031\060\027\006\003\125\004
\012\023\020\107\154\157\142\141\154\123\151\147\156\040\156\166
\055\163\141\061\020\060\016\006\003\125\004\013\023\007\122\157
\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022
\107\154\157\142\141\154\123\151\147\156\040\122\157\157\164\040
\103\101\060\036\027\015\071\070\060\071\060\061\061\062\060\060
\060\060\132\027\015\061\064\060\061\062\070\061\062\060\060\060
\060\060\132\027\015\062\070\060\061\062\070\061\062\060\060\060
\060\132\060\127\061\013\060\011\006\003\125\004\006\023\002\102
\105\061\031\060\027\006\003\125\004\012\023\020\107\154\157\142
\141\154\123\151\147\156\040\156\166\055\163\141\061\020\060\016
@ -2716,27 +2716,27 @@ CKA_VALUE MULTILINE_OCTAL
\327\203\064\377\054\052\301\154\031\103\112\007\205\347\323\174
\366\041\150\357\352\362\122\237\177\223\220\317\002\003\001\000
\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004
\004\003\002\000\006\060\035\006\003\125\035\016\004\026\004\024
\140\173\146\032\105\015\227\312\211\120\057\175\004\315\064\250
\377\374\375\113\060\017\006\003\125\035\023\001\001\377\004\005
\060\003\001\001\377\060\015\006\011\052\206\110\206\367\015\001
\001\004\005\000\003\202\001\001\000\256\252\237\374\267\322\313
\037\137\071\051\050\030\236\064\311\154\117\157\032\360\144\242
\160\112\117\023\206\233\140\050\236\350\201\111\230\175\012\273
\345\260\235\075\066\333\217\005\121\377\011\061\052\037\335\211
\167\236\017\056\154\225\004\355\206\313\264\000\077\204\002\115
\200\152\052\055\170\013\256\157\053\242\203\104\203\037\315\120
\202\114\044\257\275\367\245\264\310\132\017\364\347\107\136\111
\216\067\226\376\232\210\005\072\331\300\333\051\207\346\031\226
\107\247\072\246\214\213\074\167\376\106\143\247\123\332\041\321
\254\176\111\242\113\346\303\147\131\057\263\212\016\273\054\275
\251\252\102\174\065\301\330\177\325\247\061\072\116\143\103\071
\257\010\260\141\064\214\323\230\251\103\064\366\017\207\051\073
\235\302\126\130\230\167\303\367\033\254\366\235\370\076\252\247
\124\105\360\365\371\325\061\145\376\153\130\234\161\263\036\327
\122\352\062\027\374\100\140\035\311\171\044\262\366\154\375\250
\146\016\202\335\230\313\332\302\104\117\056\240\173\362\367\153
\054\166\021\204\106\212\170\243\343
\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004
\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004
\024\140\173\146\032\105\015\227\312\211\120\057\175\004\315\064
\250\377\374\375\113\060\015\006\011\052\206\110\206\367\015\001
\001\005\005\000\003\202\001\001\000\326\163\347\174\117\166\320
\215\277\354\272\242\276\064\305\050\062\265\174\374\154\234\054
\053\275\011\236\123\277\153\136\252\021\110\266\345\010\243\263
\312\075\141\115\323\106\011\263\076\303\240\343\143\125\033\362
\272\357\255\071\341\103\271\070\243\346\057\212\046\073\357\240
\120\126\371\306\012\375\070\315\304\013\160\121\224\227\230\004
\337\303\137\224\325\025\311\024\101\234\304\135\165\144\025\015
\377\125\060\354\206\217\377\015\357\054\271\143\106\366\252\374
\337\274\151\375\056\022\110\144\232\340\225\360\246\357\051\217
\001\261\025\265\014\035\245\376\151\054\151\044\170\036\263\247
\034\161\142\356\312\310\227\254\027\135\212\302\370\107\206\156
\052\304\126\061\225\320\147\211\205\053\371\154\246\135\106\235
\014\252\202\344\231\121\335\160\267\333\126\075\141\344\152\341
\134\326\366\376\075\336\101\314\007\256\143\122\277\123\123\364
\053\351\307\375\266\367\202\137\205\322\101\030\333\201\263\004
\034\305\037\244\200\157\025\040\311\336\014\210\012\035\326\146
\125\342\374\110\311\051\046\151\340
END
# Trust for Certificate "GlobalSign Root CA"
@ -2746,11 +2746,11 @@ CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "GlobalSign Root CA"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\057\027\077\175\351\226\147\257\245\172\370\012\242\321\261\057
\254\203\003\070
\261\274\226\213\324\364\235\142\052\250\232\201\362\025\001\122
\244\035\202\234
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\253\277\352\343\153\051\246\314\246\170\065\231\357\255\053\200
\076\105\122\025\011\121\222\341\267\135\067\237\261\207\051\212
END
CKA_ISSUER MULTILINE_OCTAL
\060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061
@ -2761,7 +2761,7 @@ CKA_ISSUER MULTILINE_OCTAL
\156\040\122\157\157\164\040\103\101
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\013\002\000\000\000\000\000\326\170\267\224\005
\002\013\004\000\000\000\000\001\025\113\132\303\224
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
@ -16957,3 +16957,674 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "DigiNotar Root CA"
#
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "DigiNotar Root CA"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151
\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061
\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021
\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156
\154
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151
\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061
\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021
\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156
\154
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223
\074\114
END
CKA_VALUE MULTILINE_OCTAL
\060\202\005\212\060\202\003\162\240\003\002\001\002\002\020\014
\166\332\234\221\014\116\054\236\376\025\320\130\223\074\114\060
\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\137
\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022\060
\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164\141
\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147\151
\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040\060
\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151\156
\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154\060
\036\027\015\060\067\060\065\061\066\061\067\061\071\063\066\132
\027\015\062\065\060\063\063\061\061\070\061\071\062\061\132\060
\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022
\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164
\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147
\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040
\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151
\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154
\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
\000\254\260\130\301\000\275\330\041\010\013\053\232\376\156\126
\060\005\237\033\167\220\020\101\134\303\015\207\021\167\216\201
\361\312\174\351\214\152\355\070\164\065\273\332\337\371\273\300
\011\067\264\226\163\201\175\063\032\230\071\367\223\157\225\177
\075\271\261\165\207\272\121\110\350\213\160\076\225\004\305\330
\266\303\026\331\210\260\261\207\035\160\332\206\264\017\024\213
\172\317\020\321\164\066\242\022\173\167\206\112\171\346\173\337
\002\021\150\245\116\206\256\064\130\233\044\023\170\126\042\045
\036\001\213\113\121\161\373\202\314\131\226\151\210\132\150\123
\305\271\015\002\067\313\113\274\146\112\220\176\052\013\005\007
\355\026\137\125\220\165\330\106\311\033\203\342\010\276\361\043
\314\231\035\326\052\017\203\040\025\130\047\202\056\372\342\042
\302\111\261\271\001\201\152\235\155\235\100\167\150\166\116\041
\052\155\204\100\205\116\166\231\174\202\363\363\267\002\131\324
\046\001\033\216\337\255\123\006\321\256\030\335\342\262\072\313
\327\210\070\216\254\133\051\271\031\323\230\371\030\003\317\110
\202\206\146\013\033\151\017\311\353\070\210\172\046\032\005\114
\222\327\044\324\226\362\254\122\055\243\107\325\122\366\077\376
\316\204\006\160\246\252\076\242\362\266\126\064\030\127\242\344
\201\155\347\312\360\152\323\307\221\153\002\203\101\174\025\357
\153\232\144\136\343\320\074\345\261\353\173\135\206\373\313\346
\167\111\315\243\145\334\367\271\234\270\344\013\137\223\317\314
\060\032\062\034\316\034\143\225\245\371\352\341\164\213\236\351
\053\251\060\173\240\030\037\016\030\013\345\133\251\323\321\154
\036\007\147\217\221\113\251\212\274\322\146\252\223\001\210\262
\221\372\061\134\325\246\301\122\010\011\315\012\143\242\323\042
\246\350\241\331\071\006\227\365\156\215\002\220\214\024\173\077
\200\315\033\234\272\304\130\162\043\257\266\126\237\306\172\102
\063\051\007\077\202\311\346\037\005\015\315\114\050\066\213\323
\310\076\034\306\210\357\136\356\211\144\351\035\353\332\211\176
\062\246\151\321\335\314\210\237\321\320\311\146\041\334\006\147
\305\224\172\232\155\142\114\175\314\340\144\200\262\236\107\216
\243\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035
\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125
\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125
\035\016\004\026\004\024\210\150\277\340\216\065\304\073\070\153
\142\367\050\073\204\201\310\014\327\115\060\015\006\011\052\206
\110\206\367\015\001\001\005\005\000\003\202\002\001\000\073\002
\215\313\074\060\350\156\240\255\362\163\263\137\236\045\023\004
\005\323\366\343\213\273\013\171\316\123\336\344\226\305\321\257
\163\274\325\303\320\100\125\174\100\177\315\033\137\011\325\362
\174\237\150\035\273\135\316\172\071\302\214\326\230\173\305\203
\125\250\325\175\100\312\340\036\367\211\136\143\135\241\023\302
\135\212\266\212\174\000\363\043\303\355\205\137\161\166\360\150
\143\252\105\041\071\110\141\170\066\334\361\103\223\324\045\307
\362\200\145\341\123\002\165\121\374\172\072\357\067\253\204\050
\127\014\330\324\324\231\126\154\343\242\376\131\204\264\061\350
\063\370\144\224\224\121\227\253\071\305\113\355\332\335\200\013
\157\174\051\015\304\216\212\162\015\347\123\024\262\140\101\075
\204\221\061\150\075\047\104\333\345\336\364\372\143\105\310\114
\076\230\365\077\101\272\116\313\067\015\272\146\230\361\335\313
\237\134\367\124\066\202\153\054\274\023\141\227\102\370\170\273
\314\310\242\237\312\360\150\275\153\035\262\337\215\157\007\235
\332\216\147\307\107\036\312\271\277\052\102\221\267\143\123\146
\361\102\243\341\364\132\115\130\153\265\344\244\063\255\134\160
\035\334\340\362\353\163\024\221\232\003\301\352\000\145\274\007
\374\317\022\021\042\054\256\240\275\072\340\242\052\330\131\351
\051\323\030\065\244\254\021\137\031\265\265\033\377\042\112\134
\306\172\344\027\357\040\251\247\364\077\255\212\247\232\004\045
\235\016\312\067\346\120\375\214\102\051\004\232\354\271\317\113
\162\275\342\010\066\257\043\057\142\345\312\001\323\160\333\174
\202\043\054\026\061\014\306\066\007\220\172\261\037\147\130\304
\073\130\131\211\260\214\214\120\263\330\206\313\150\243\304\012
\347\151\113\040\316\301\036\126\113\225\251\043\150\330\060\330
\303\353\260\125\121\315\345\375\053\270\365\273\021\237\123\124
\366\064\031\214\171\011\066\312\141\027\045\027\013\202\230\163
\014\167\164\303\325\015\307\250\022\114\307\247\124\161\107\056
\054\032\175\311\343\053\073\110\336\047\204\247\143\066\263\175
\217\240\144\071\044\015\075\173\207\257\146\134\164\033\113\163
\262\345\214\360\206\231\270\345\305\337\204\301\267\353
END
# Trust for Certificate "DigiNotar Root CA"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "DigiNotar Root CA"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\300\140\355\104\313\330\201\275\016\370\154\013\242\207\335\317
\201\147\107\214
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\172\171\124\115\007\222\073\133\377\101\360\016\307\071\242\230
END
CKA_ISSUER MULTILINE_OCTAL
\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151
\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061
\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021
\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156
\154
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223
\074\114
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Network Solutions Certificate Authority"
#
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "Network Solutions Certificate Authority"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162
\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056
\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164
\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103
\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
\162\151\164\171
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162
\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056
\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164
\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103
\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
\162\151\164\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\127\313\063\157\302\134\026\346\107\026\027\343\220\061
\150\340
END
CKA_VALUE MULTILINE_OCTAL
\060\202\003\346\060\202\002\316\240\003\002\001\002\002\020\127
\313\063\157\302\134\026\346\107\026\027\343\220\061\150\340\060
\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\142
\061\013\060\011\006\003\125\004\006\023\002\125\123\061\041\060
\037\006\003\125\004\012\023\030\116\145\164\167\157\162\153\040
\123\157\154\165\164\151\157\156\163\040\114\056\114\056\103\056
\061\060\060\056\006\003\125\004\003\023\047\116\145\164\167\157
\162\153\040\123\157\154\165\164\151\157\156\163\040\103\145\162
\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151
\164\171\060\036\027\015\060\066\061\062\060\061\060\060\060\060
\060\060\132\027\015\062\071\061\062\063\061\062\063\065\071\065
\071\132\060\142\061\013\060\011\006\003\125\004\006\023\002\125
\123\061\041\060\037\006\003\125\004\012\023\030\116\145\164\167
\157\162\153\040\123\157\154\165\164\151\157\156\163\040\114\056
\114\056\103\056\061\060\060\056\006\003\125\004\003\023\047\116
\145\164\167\157\162\153\040\123\157\154\165\164\151\157\156\163
\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
\150\157\162\151\164\171\060\202\001\042\060\015\006\011\052\206
\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202
\001\012\002\202\001\001\000\344\274\176\222\060\155\306\330\216
\053\013\274\106\316\340\047\226\336\336\371\372\022\323\074\063
\163\263\004\057\274\161\214\345\237\266\042\140\076\137\135\316
\011\377\202\014\033\232\121\120\032\046\211\335\325\141\135\031
\334\022\017\055\012\242\103\135\027\320\064\222\040\352\163\317
\070\054\006\046\011\172\162\367\372\120\062\370\302\223\323\151
\242\043\316\101\261\314\344\325\037\066\321\212\072\370\214\143
\342\024\131\151\355\015\323\177\153\350\270\003\345\117\152\345
\230\143\151\110\005\276\056\377\063\266\351\227\131\151\370\147
\031\256\223\141\226\104\025\323\162\260\077\274\152\175\354\110
\177\215\303\253\252\161\053\123\151\101\123\064\265\260\271\305
\006\012\304\260\105\365\101\135\156\211\105\173\075\073\046\214
\164\302\345\322\321\175\262\021\324\373\130\062\042\232\200\311
\334\375\014\351\177\136\003\227\316\073\000\024\207\047\160\070
\251\216\156\263\047\166\230\121\340\005\343\041\253\032\325\205
\042\074\051\265\232\026\305\200\250\364\273\153\060\217\057\106
\002\242\261\014\042\340\323\002\003\001\000\001\243\201\227\060
\201\224\060\035\006\003\125\035\016\004\026\004\024\041\060\311
\373\000\327\116\230\332\207\252\052\320\247\056\261\100\061\247
\114\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
\001\377\060\122\006\003\125\035\037\004\113\060\111\060\107\240
\105\240\103\206\101\150\164\164\160\072\057\057\143\162\154\056
\156\145\164\163\157\154\163\163\154\056\143\157\155\057\116\145
\164\167\157\162\153\123\157\154\165\164\151\157\156\163\103\145
\162\164\151\146\151\143\141\164\145\101\165\164\150\157\162\151
\164\171\056\143\162\154\060\015\006\011\052\206\110\206\367\015
\001\001\005\005\000\003\202\001\001\000\273\256\113\347\267\127
\353\177\252\055\267\163\107\205\152\301\344\245\035\344\347\074
\351\364\131\145\167\265\172\133\132\215\045\066\340\172\227\056
\070\300\127\140\203\230\006\203\237\271\166\172\156\120\340\272
\210\054\374\105\314\030\260\231\225\121\016\354\035\270\210\377
\207\120\034\202\302\343\340\062\200\277\240\013\107\310\303\061
\357\231\147\062\200\117\027\041\171\014\151\134\336\136\064\256
\002\265\046\352\120\337\177\030\145\054\311\362\143\341\251\007
\376\174\161\037\153\063\044\152\036\005\367\005\150\300\152\022
\313\056\136\141\313\256\050\323\176\302\264\146\221\046\137\074
\056\044\137\313\130\017\353\050\354\257\021\226\363\334\173\157
\300\247\210\362\123\167\263\140\136\256\256\050\332\065\054\157
\064\105\323\046\341\336\354\133\117\047\153\026\174\275\104\004
\030\202\263\211\171\027\020\161\075\172\242\026\116\365\001\315
\244\154\145\150\241\111\166\134\103\311\330\274\066\147\154\245
\224\265\324\314\271\275\152\065\126\041\336\330\303\353\373\313
\244\140\114\260\125\240\240\173\127\262
END
# Trust for Certificate "Network Solutions Certificate Authority"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "Network Solutions Certificate Authority"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\164\370\243\303\357\347\263\220\006\113\203\220\074\041\144\140
\040\345\337\316
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\323\363\246\026\300\372\153\035\131\261\055\226\115\016\021\056
END
CKA_ISSUER MULTILINE_OCTAL
\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162
\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056
\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164
\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103
\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
\162\151\164\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\127\313\063\157\302\134\026\346\107\026\027\343\220\061
\150\340
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "WellsSecure Public Root Certificate Authority"
#
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "WellsSecure Public Root Certificate Authority"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123
\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163
\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165
\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154
\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101
\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163
\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157
\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101
\165\164\150\157\162\151\164\171
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123
\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163
\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165
\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154
\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101
\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163
\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157
\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101
\165\164\150\157\162\151\164\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\001
END
CKA_VALUE MULTILINE_OCTAL
\060\202\004\275\060\202\003\245\240\003\002\001\002\002\001\001
\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163\040
\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165\162
\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154\154
\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101\061
\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163\123
\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157\157
\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165
\164\150\157\162\151\164\171\060\036\027\015\060\067\061\062\061
\063\061\067\060\067\065\064\132\027\015\062\062\061\062\061\064
\060\060\060\067\065\064\132\060\201\205\061\013\060\011\006\003
\125\004\006\023\002\125\123\061\040\060\036\006\003\125\004\012
\014\027\127\145\154\154\163\040\106\141\162\147\157\040\127\145
\154\154\163\123\145\143\165\162\145\061\034\060\032\006\003\125
\004\013\014\023\127\145\154\154\163\040\106\141\162\147\157\040
\102\141\156\153\040\116\101\061\066\060\064\006\003\125\004\003
\014\055\127\145\154\154\163\123\145\143\165\162\145\040\120\165
\142\154\151\143\040\122\157\157\164\040\103\145\162\164\151\146
\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171\060
\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001
\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000
\356\157\264\275\171\342\217\010\041\236\070\004\101\045\357\253
\133\034\123\222\254\155\236\335\302\304\056\105\224\003\065\210
\147\164\127\343\337\214\270\247\166\217\073\367\250\304\333\051
\143\016\221\150\066\212\227\216\212\161\150\011\007\344\350\324
\016\117\370\326\053\114\244\026\371\357\103\230\217\263\236\122
\337\155\221\071\217\070\275\167\213\103\143\353\267\223\374\060
\114\034\001\223\266\023\373\367\241\037\277\045\341\164\067\054
\036\244\136\074\150\370\113\277\015\271\036\056\066\350\251\344
\247\370\017\313\202\165\174\065\055\042\326\302\277\013\363\264
\374\154\225\141\036\127\327\004\201\062\203\122\171\346\203\143
\317\267\313\143\213\021\342\275\136\353\366\215\355\225\162\050
\264\254\022\142\351\112\063\346\203\062\256\005\165\225\275\204
\225\333\052\134\233\216\056\014\270\201\053\101\346\070\126\237
\111\233\154\166\372\212\135\367\001\171\201\174\301\203\100\005
\376\161\375\014\077\314\116\140\011\016\145\107\020\057\001\300
\005\077\217\370\263\101\357\132\102\176\131\357\322\227\014\145
\002\003\001\000\001\243\202\001\064\060\202\001\060\060\017\006
\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\071
\006\003\125\035\037\004\062\060\060\060\056\240\054\240\052\206
\050\150\164\164\160\072\057\057\143\162\154\056\160\153\151\056
\167\145\154\154\163\146\141\162\147\157\056\143\157\155\057\167
\163\160\162\143\141\056\143\162\154\060\016\006\003\125\035\017
\001\001\377\004\004\003\002\001\306\060\035\006\003\125\035\016
\004\026\004\024\046\225\031\020\331\350\241\227\221\377\334\031
\331\265\004\076\322\163\012\152\060\201\262\006\003\125\035\043
\004\201\252\060\201\247\200\024\046\225\031\020\331\350\241\227
\221\377\334\031\331\265\004\076\322\163\012\152\241\201\213\244
\201\210\060\201\205\061\013\060\011\006\003\125\004\006\023\002
\125\123\061\040\060\036\006\003\125\004\012\014\027\127\145\154
\154\163\040\106\141\162\147\157\040\127\145\154\154\163\123\145
\143\165\162\145\061\034\060\032\006\003\125\004\013\014\023\127
\145\154\154\163\040\106\141\162\147\157\040\102\141\156\153\040
\116\101\061\066\060\064\006\003\125\004\003\014\055\127\145\154
\154\163\123\145\143\165\162\145\040\120\165\142\154\151\143\040
\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\145
\040\101\165\164\150\157\162\151\164\171\202\001\001\060\015\006
\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
\000\271\025\261\104\221\314\043\310\053\115\167\343\370\232\173
\047\015\315\162\273\231\000\312\174\146\031\120\306\325\230\355
\253\277\003\132\345\115\345\036\310\117\161\227\206\325\343\035
\375\220\311\074\165\167\127\172\175\370\336\364\324\325\367\225
\346\164\156\035\074\256\174\235\333\002\003\005\054\161\113\045
\076\007\343\136\232\365\146\027\051\210\032\070\237\317\252\101
\003\204\227\153\223\070\172\312\060\104\033\044\104\063\320\344
\321\334\050\070\364\023\103\065\065\051\143\250\174\242\265\255
\070\244\355\255\375\306\232\037\377\227\163\376\373\263\065\247
\223\206\306\166\221\000\346\254\121\026\304\047\062\134\333\163
\332\245\223\127\216\076\155\065\046\010\131\325\347\104\327\166
\040\143\347\254\023\147\303\155\261\160\106\174\325\226\021\075
\211\157\135\250\241\353\215\012\332\303\035\063\154\243\352\147
\031\232\231\177\113\075\203\121\052\035\312\057\206\014\242\176
\020\055\053\324\026\225\013\007\252\056\024\222\111\267\051\157
\330\155\061\175\365\374\241\020\007\207\316\057\131\334\076\130
\333
END
# Trust for Certificate "WellsSecure Public Root Certificate Authority"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "WellsSecure Public Root Certificate Authority"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\347\264\366\235\141\354\220\151\333\176\220\247\100\032\074\364
\175\117\350\356
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\025\254\245\302\222\055\171\274\350\177\313\147\355\002\317\066
END
CKA_ISSUER MULTILINE_OCTAL
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123
\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163
\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165
\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154
\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101
\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163
\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157
\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101
\165\164\150\157\162\151\164\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\001
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "COMODO ECC Certification Authority"
#
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "COMODO ECC Certification Authority"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
\165\164\150\157\162\151\164\171
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
\165\164\150\157\162\151\164\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143
\231\052
END
CKA_VALUE MULTILINE_OCTAL
\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037
\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060
\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013
\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006
\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141
\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004
\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003
\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114
\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023
\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164
\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060
\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071
\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023
\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162
\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162
\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157
\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115
\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053
\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040
\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157
\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006
\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003
\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221
\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341
\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344
\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011
\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011
\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262
\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026
\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224
\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377
\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075
\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254
\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346
\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316
\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223
\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157
\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346
\334\335\363\377\035\054\072\026\127\331\222\071\326
END
# Trust for Certificate "COMODO ECC Certification Authority"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "COMODO ECC Certification Authority"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216
\055\223\303\021
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043
END
CKA_ISSUER MULTILINE_OCTAL
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
\165\164\150\157\162\151\164\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143
\231\052
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "MD5 Collisions Forged Rogue CA 25c3"
#
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065
\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056
\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162
\145\145\144\157\155\056\157\162\147\057\155\144\065\051
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
\165\163\151\156\145\163\163\040\103\101\055\061
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\102
END
CKA_VALUE MULTILINE_OCTAL
\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102
\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034
\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170
\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053
\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123
\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165
\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060
\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064
\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060
\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154
\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164
\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155
\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011
\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370
\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121
\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333
\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217
\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303
\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336
\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050
\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010
\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060
\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306
\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037
\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353
\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240
\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150
\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015
\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340
\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010
\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371
\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271
\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376
\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160
\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026
\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111
\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046
\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236
\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066
\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004
\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107
\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214
\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003
\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017
\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016
\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051
\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004
\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072
\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143
\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141
\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026
\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250
\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060
\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004
\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004
\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045
\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034
\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263
\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145
\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114
\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104
\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165
\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352
\321\236\164\310\166\147
END
# Trust for Certificate "MD5 Collisions Forged Rogue CA 25c3"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253
\005\132\213\212
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070
END
CKA_ISSUER MULTILINE_OCTAL
\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
\165\163\151\156\145\163\163\040\103\101\055\061
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\102
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

124
mozilla/certdata2pem.py Normal file
View file

@ -0,0 +1,124 @@
#!/usr/bin/python
# vim:set et sw=4:
#
# certdata2pem.py - splits certdata.txt into multiple files
#
# Copyright (C) 2009 Philipp Kern <pkern@debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
import base64
import os.path
import re
import sys
import textwrap
objects = []
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
field, type, value, obj = None, None, None, dict()
for line in open('certdata.txt', 'r'):
# Ignore the file header.
if not in_data:
if line.startswith('BEGINDATA'):
in_data = True
continue
# Ignore comment lines.
if line.startswith('#'):
continue
# Empty lines are significant if we are inside an object.
if in_obj and len(line.strip()) == 0:
objects.append(obj)
obj = dict()
in_obj = False
continue
if len(line.strip()) == 0:
continue
if in_multiline:
if not line.startswith('END'):
if type == 'MULTILINE_OCTAL':
line = line.strip()
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
value += chr(int(i.group(1), 8))
else:
value += line
continue
obj[field] = value
in_multiline = False
continue
if line.startswith('CKA_CLASS'):
in_obj = True
line_parts = line.strip().split(' ', 2)
if len(line_parts) > 2:
field, type = line_parts[0:2]
value = ' '.join(line_parts[2:])
elif len(line_parts) == 2:
field, type = line_parts
value = None
else:
raise NotImplementedError, 'line_parts < 2 not supported.'
if type == 'MULTILINE_OCTAL':
in_multiline = True
value = ""
continue
obj[field] = value
if len(obj.items()) > 0:
objects.append(obj)
# Read blacklist.
blacklist = []
if os.path.exists('blacklist.txt'):
for line in open('blacklist.txt', 'r'):
line = line.strip()
if line.startswith('#') or len(line) == 0:
continue
item = line.split('#', 1)[0].strip()
blacklist.append(item)
# Build up trust database.
trust = dict()
for obj in objects:
if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST':
continue
if obj['CKA_LABEL'] in blacklist:
print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED':
print '!'*74
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
print '!'*74
else:
print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
obj['CKA_TRUST_EMAIL_PROTECTION'])
for obj in objects:
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
fname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\
.replace(')', '=')\
.replace(',', '_') + '.crt'
f = open(fname, 'w')
f.write("-----BEGIN CERTIFICATE-----\n")
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
f.write("\n-----END CERTIFICATE-----\n")

126
sbin/update-ca-certificates Normal file → Executable file
View file

@ -3,6 +3,7 @@
# update-ca-certificates
#
# Copyright (c) 2003 Fumitoshi UKAI <ukai@debian.or.jp>
# Copyright (c) 2009 Philipp Kern <pkern@debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@ -37,8 +38,47 @@ done
CERTSCONF=/etc/ca-certificates.conf
CERTSDIR=/usr/share/ca-certificates
LOCALCERTSDIR=/usr/local/share/ca-certificates
CERTBUNDLE=ca-certificates.crt
ETCCERTSDIR=/etc/ssl/certs
cleanup() {
rm -f "$TEMPBUNDLE"
rm -f "$ADDED"
rm -f "$REMOVED"
}
trap cleanup 0
# Helper files. (Some of them are not simple arrays because we spawn
# subshells later on.)
TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
# Adds a certificate to the list of trusted ones. This includes a symlink
# in /etc/ssl/certs to the certificate file and its inclusion into the
# bundle.
add() {
CERT="$1"
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem"
if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
then
ln -sf "$CERT" "$PEM"
echo +$PEM >> "$ADDED"
fi
cat "$CERT" >> "$TEMPBUNDLE"
}
remove() {
CERT="$1"
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem"
if test -L "$PEM"
then
rm -f "$PEM"
echo -$PEM >> "$REMOVED"
fi
}
cd $ETCCERTSDIR
if [ "$fresh" = 1 ]; then
echo -n "Clearing symlinks in $ETCCERTSDIR..."
@ -54,49 +94,65 @@ if [ "$fresh" = 1 ]; then
done
echo "done."
fi
echo -n "Updating certificates in $ETCCERTSDIR...."
bundletmp=`mktemp "${CERTBUNDLE}.tmp.XXXXXX"`
removed="$(sed -ne 's/^!//p' $CERTSCONF | while read crt
echo -n "Updating certificates in $ETCCERTSDIR... "
# Handle certificates that should be removed. This is an explicit act
# by prefixing lines in the configuration files with exclamation marks (!).
sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt
do
if test "$crt" = ""; then continue; fi
pem=$(basename "$crt" .crt).pem
if test -e "$pem"; then
rm -f "$pem"
echo "-$ETCCERTSDIR/$pem"
fi
done)"
remove "$CERTSDIR/$crt"
done
added="$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
do
if test "$crt" = ""; then continue; fi
if ! test -f "$CERTSDIR/$crt"; then continue; fi
pem=$(basename "$crt" .crt).pem
if ! test -e "$pem"; then echo "+$ETCCERTSDIR/$pem"; fi
ln -sf "$CERTSDIR/$crt" "$pem"
cat "$CERTSDIR/$crt" >> "$bundletmp"
done)"
chmod 0644 "$bundletmp"
mv -f "$bundletmp" "$CERTBUNDLE"
if ! test -f "$CERTSDIR/$crt"
then
echo "W: $CERTSDIR/$crt not found, but listed in $CERTSCONF." >&2
continue
fi
add "$CERTSDIR/$crt"
done
if [ -n "$added" ] || [ -n "$removed" ]; then
# Now process certificate authorities installed by the local system
# administrator.
if [ -d "$LOCALCERTSDIR" ]
then
find -L "$LOCALCERTSDIR" -type f | while read crt
do
add "$crt"
done
fi
chmod 0644 "$TEMPBUNDLE"
mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
ADDED_CNT=$(wc -l < "$ADDED")
REMOVED_CNT=$(wc -l < "$REMOVED")
if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
then
# only run if set of files has changed
if [ "$verbose" = 0 ]; then
if [ "$verbose" = 0 ]
then
c_rehash . > /dev/null 2>&1
else
c_rehash .
fi
echo "done."
HOOKSDIR=/etc/ca-certificates/update.d
echo -n "Running hooks in $HOOKSDIR...."
VERBOSE_ARG=
[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook; do
printf -- "${removed:+$removed\n}${added:+$added\n}" | eval $hook
done
echo "done."
else
echo "done."
fi
echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
HOOKSDIR=/etc/ca-certificates/update.d
echo -n "Running hooks in $HOOKSDIR...."
VERBOSE_ARG=
[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook
do
( cat $ADDED
cat $REMOVED ) | $hook || echo E: $hook exited with code $?.
done
echo "done."
# vim:set et sw=2:

20
sbin/update-ca-certificates.8
View file

@ -26,14 +26,18 @@ This manual page documents briefly the
commands.
This manual page was written for the Debian distribution.
.PP
\fBupdate-ca-certificates\fP is a program that updates /etc/ssl/certs
directory to hold SSL certificates and generates certificates.crt that is
single-file version of CA certificates.
\fBupdate-ca-certificates\fP is a program that updates the directory
/etc/ssl/certs to hold SSL certificates and generates certificates.crt,
a concatenated single-file list of certificates.
.PP
It reads /etc/ca-certificates.conf file. Each lines list pathname of
activated CA certificates under /usr/share/ca-certificates.
Lines that begin with "#" is comment line.
Lines that begin with "!" is deselect, deactivation of the CA certificates.
It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
a CA certificate under /usr/share/ca-certificates that should be trusted.
Lines that begin with "#" are comment lines and thus ignored.
Lines that begin with "!" are deselected, causing the deactivation of the CA
certificate in question.
.PP
Furthermore all certificates found below /usr/local/share/ca-certificates
are also included as implicitly trusted.
.PP
Before terminating, \fBupdate-ca-certificates\fP invokes
\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with
@ -61,6 +65,8 @@ all CA certificates that you activated in /etc/ca-certificates.conf.
.TP
.I /usr/share/ca-certificates
Directory of CA certificates.
.I /usr/local/share/ca-certificates
Directory of local CA certificates.
.SH SEE ALSO
.BR c_rehash (1),
.SH AUTHOR