Date: Sun, 17 Feb 2008 19:33:29 GMT From: Olli Hauer <ohauer@gmx.de> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/120772: [patch] port security/ca_root_nss Message-ID: <200802171933.m1HJXT64086056@www.freebsd.org> Resent-Message-ID: <200802171940.m1HJe2hN051096@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 120772 >Category: ports >Synopsis: [patch] port security/ca_root_nss >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Feb 17 19:40:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Olli Hauer >Release: FreeBSD 7.0-RC2 >Organization: >Environment: >Description: This patch removes the need of mozilla nss and apache_modssl to build an actual ca_root_nss file. With the parameter LAST someone can also check if there is a never revision in the mozilla cvs. I also added the folowing parts: - fingerprints (root/class3) from https://www.cacert.org - 'ln -s' the ca_root_nss.crt to /etc/ssl/certs.pem to make the command 'openssl verify' happy. Please also note the PR http://www.freebsd.org/cgi/query-pr.cgi?pr=120763 to remove the old and depricated port ca-roots. If the patch is garbled you can download it also here: http://sorry.mine.nu/patches/FreeBSD/ports/ca_root_nss/diff-ca_root_nss.txt or the complete new port. http://sorry.mine.nu/patches/FreeBSD/ports/ca_root_nss/ca_root_nss.tgz Since the Version is less then the old port (i use the cvs revision) i set the PORTEPOCH and CONFLICTs parameter, hope this ok this way. Regards, olli hauer >How-To-Repeat: >Fix: Patch attached with submission follows: diff -Nru ca_root_nss.old/Makefile ca_root_nss/Makefile --- ca_root_nss.old/Makefile 2007-07-11 19:07:13.000000000 +0200 +++ ca_root_nss/Makefile 2008-02-17 19:15:12.000000000 +0100 @@ -4,55 +4,49 @@ # # $FreeBSD: ports/security/ca_root_nss/Makefile,v 1.2 2007/07/11 17:07:13 brooks Exp $ # +# +# To find out if there is a newer version aviable use parameter -DLAST +# example: make -DLAST +# If a newer version is aviable adust PORTVERSION with the new revision to keep +# this transparent for port/package users PORTNAME= ca_root_nss -PORTVERSION= ${VERSION_NSS} +PORTVERSION= 1.45 +PORTEPOCH= 1 CATEGORIES= security -MASTER_SITES= ${MASTER_SITE_MOZILLA} \ - ${MASTER_SITES_MODSSL:S/$/:mod_ssl/} -MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_RTM/src -DISTFILES= ${NSS_FILE} ${MODSSL_FILE}:mod_ssl +MASTER_SITES= +DISTFILES= MAINTAINER= brooks@FreeBSD.org COMMENT= The root certificate bundle from the Mozilla Project +CONFLICTS= ca-root-[0-9]* ca_root_nss-[3]* + USE_PERL5_BUILD= yes NO_WRKSUBDIR= yes CERTDIR?= share/certs -PLIST_DIRS= ${CERTDIR} -PLIST_FILES= ${CERTDIR}/ca-root-nss.crt - -VERSION_NSS= 3.11.7 -VERSION_APACHE= 1.3.37 -VERSION_MODSSL= 2.8.28 -MASTER_SITES_MODSSL= http://www.modssl.org/source/ \ - ftp://ftp.modssl.org/source/ \ - ftp://ftp.blatzheim.com/pub/mod_ssl/ \ - ftp://ftp.fu-berlin.de/unix/security/mod_ssl/ \ - ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/mod_ssl/source,} -MODSSL_FILE= mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE}${EXTRACT_SUFX} -NSS_FILE= nss-${VERSION_NSS}${EXTRACT_SUFX} -CERTDATA_TXT_PATH= nss-${VERSION_NSS}/mozilla/security/nss/lib/ckfw/builtins/certdata.txt -CA_BUNDLE_PL_PATH= mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE}/pkg.sslcfg/ca-bundle.pl do-extract: @${MKDIR} ${WRKDIR} - @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/${MODSSL_FILE} \ - ${CA_BUNDLE_PL_PATH} - @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${EXTRACT_SUFX} \ - ${CERTDATA_TXT_PATH} - @${CP} ${WRKDIR}/${CA_BUNDLE_PL_PATH} ${WRKDIR} - @${CP} ${WRKDIR}/${CERTDATA_TXT_PATH} ${WRKDIR} - @${RM} -rf ${WRKDIR}/mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE} \ - ${WRKDIR}/nss-${VERSION_NSS} + +pre-patch: +.if defined(LAST) + @${SED} -e 's|%%PERL%%|${PERL}|g' \ + ${FILESDIR}/ca-bundle.pl > ${WRKDIR}/ca-bundle.pl +.else + @${SED} -e 's|%%PERL%%|${PERL}|g' \ + -e 's|co -p|co -r ${PORTVERSION} -p|g' \ + ${FILESDIR}/ca-bundle.pl > ${WRKDIR}/ca-bundle.pl +.endif do-build: - @${PERL} ${WRKDIR}/ca-bundle.pl < ${WRKDIR}/certdata.txt > \ - ${WRKDIR}/ca-root-nss.crt + @${PERL} ${WRKDIR}/ca-bundle.pl > ${WRKDIR}/ca-root-nss.crt + @${CAT} ${FILESDIR}/CAcert.txt >> ${WRKDIR}/ca-root-nss.crt do-install: ${MKDIR} ${PREFIX}/${CERTDIR} ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${PREFIX}/${CERTDIR} + ${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem .include <bsd.port.mk> diff -Nru ca_root_nss.old/distinfo ca_root_nss/distinfo --- ca_root_nss.old/distinfo 2007-07-11 19:07:13.000000000 +0200 +++ ca_root_nss/distinfo 1970-01-01 01:00:00.000000000 +0100 @@ -1,6 +0,0 @@ -MD5 (nss-3.11.7.tar.gz) = 82594a0773cedd7bb7aa25009a25f5a3 -SHA256 (nss-3.11.7.tar.gz) = e0cb80cbd08d677f9e73d19bbdedfd75fe931777ea732ec352dc1f133f999b98 -SIZE (nss-3.11.7.tar.gz) = 3731160 -MD5 (mod_ssl-2.8.28-1.3.37.tar.gz) = 5e9486a86fcd4efef395f58fd795aaea -SHA256 (mod_ssl-2.8.28-1.3.37.tar.gz) = 76437105b5b5593a7dbd8ee45af417233897dcaf910cbc337a68b0db24e35489 -SIZE (mod_ssl-2.8.28-1.3.37.tar.gz) = 820417 diff -Nru ca_root_nss.old/files/CAcert.txt ca_root_nss/files/CAcert.txt --- ca_root_nss.old/files/CAcert.txt 1970-01-01 01:00:00.000000000 +0100 +++ ca_root_nss/files/CAcert.txt 2008-02-17 19:15:12.000000000 +0100 @@ -0,0 +1,272 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: md5WithRSAEncryption + Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org + Validity + Not Before: Mar 30 12:29:49 2003 GMT + Not After : Mar 29 12:29:49 2033 GMT + Subject: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (4096 bit) + Modulus (4096 bit): + 00:ce:22:c0:e2:46:7d:ec:36:28:07:50:96:f2:a0: + 33:40:8c:4b:f1:3b:66:3f:31:e5:6b:02:36:db:d6: + 7c:f6:f1:88:8f:4e:77:36:05:41:95:f9:09:f0:12: + cf:46:86:73:60:b7:6e:7e:e8:c0:58:64:ae:cd:b0: + ad:45:17:0c:63:fa:67:0a:e8:d6:d2:bf:3e:e7:98: + c4:f0:4c:fa:e0:03:bb:35:5d:6c:21:de:9e:20:d9: + ba:cd:66:32:37:72:fa:f7:08:f5:c7:cd:58:c9:8e: + e7:0e:5e:ea:3e:fe:1c:a1:14:0a:15:6c:86:84:5b: + 64:66:2a:7a:a9:4b:53:79:f5:88:a2:7b:ee:2f:0a: + 61:2b:8d:b2:7e:4d:56:a5:13:ec:ea:da:92:9e:ac: + 44:41:1e:58:60:65:05:66:f8:c0:44:bd:cb:94:f7: + 42:7e:0b:f7:65:68:98:51:05:f0:f3:05:91:04:1d: + 1b:17:82:ec:c8:57:bb:c3:6b:7a:88:f1:b0:72:cc: + 25:5b:20:91:ec:16:02:12:8f:32:e9:17:18:48:d0: + c7:05:2e:02:30:42:b8:25:9c:05:6b:3f:aa:3a:a7: + eb:53:48:f7:e8:d2:b6:07:98:dc:1b:c6:34:7f:7f: + c9:1c:82:7a:05:58:2b:08:5b:f3:38:a2:ab:17:5d: + 66:c9:98:d7:9e:10:8b:a2:d2:dd:74:9a:f7:71:0c: + 72:60:df:cd:6f:98:33:9d:96:34:76:3e:24:7a:92: + b0:0e:95:1e:6f:e6:a0:45:38:47:aa:d7:41:ed:4a: + b7:12:f6:d7:1b:83:8a:0f:2e:d8:09:b6:59:d7:aa: + 04:ff:d2:93:7d:68:2e:dd:8b:4b:ab:58:ba:2f:8d: + ea:95:a7:a0:c3:54:89:a5:fb:db:8b:51:22:9d:b2: + c3:be:11:be:2c:91:86:8b:96:78:ad:20:d3:8a:2f: + 1a:3f:c6:d0:51:65:87:21:b1:19:01:65:7f:45:1c: + 87:f5:7c:d0:41:4c:4f:29:98:21:fd:33:1f:75:0c: + 04:51:fa:19:77:db:d4:14:1c:ee:81:c3:1d:f5:98: + b7:69:06:91:22:dd:00:50:cc:81:31:ac:12:07:7b: + 38:da:68:5b:e6:2b:d4:7e:c9:5f:ad:e8:eb:72:4c: + f3:01:e5:4b:20:bf:9a:a6:57:ca:91:00:01:8b:a1: + 75:21:37:b5:63:0d:67:3e:46:4f:70:20:67:ce:c5: + d6:59:db:02:e0:f0:d2:cb:cd:ba:62:b7:90:41:e8: + dd:20:e4:29:bc:64:29:42:c8:22:dc:78:9a:ff:43: + ec:98:1b:09:51:4b:5a:5a:c2:71:f1:c4:cb:73:a9: + e5:a1:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 16:B5:32:1B:D4:C7:F3:E0:E6:8E:F3:BD:D2:B0:3A:EE:B2:39:18:D1 + X509v3 Authority Key Identifier: + keyid:16:B5:32:1B:D4:C7:F3:E0:E6:8E:F3:BD:D2:B0:3A:EE:B2:39:18:D1 + DirName:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org + serial:00 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + URI:https://www.cacert.org/revoke.crl + + Netscape CA Revocation Url: + https://www.cacert.org/revoke.crl + Netscape CA Policy Url: + http://www.cacert.org/index.php?id=10 + Netscape Comment: + To get your own certificate for FREE head over to http://www.cacert.org + Signature Algorithm: md5WithRSAEncryption + 28:c7:ee:9c:82:02:ba:5c:80:12:ca:35:0a:1d:81:6f:89:6a: + 99:cc:f2:68:0f:7f:a7:e1:8d:58:95:3e:bd:f2:06:c3:90:5a: + ac:b5:60:f6:99:43:01:a3:88:70:9c:9d:62:9d:a4:87:af:67: + 58:0d:30:36:3b:e6:ad:48:d3:cb:74:02:86:71:3e:e2:2b:03: + 68:f1:34:62:40:46:3b:53:ea:28:f4:ac:fb:66:95:53:8a:4d: + 5d:fd:3b:d9:60:d7:ca:79:69:3b:b1:65:92:a6:c6:81:82:5c: + 9c:cd:eb:4d:01:8a:a5:df:11:55:aa:15:ca:1f:37:c0:82:98: + 70:61:db:6a:7c:96:a3:8e:2e:54:3e:4f:21:a9:90:ef:dc:82: + bf:dc:e8:45:ad:4d:90:73:08:3c:94:65:b0:04:99:76:7f:e2: + bc:c2:6a:15:aa:97:04:37:24:d8:1e:94:4e:6d:0e:51:be:d6: + c4:8f:ca:96:6d:f7:43:df:e8:30:65:27:3b:7b:bb:43:43:63: + c4:43:f7:b2:ec:68:cc:e1:19:8e:22:fb:98:e1:7b:5a:3e:01: + 37:3b:8b:08:b0:a2:f3:95:4e:1a:cb:9b:cd:9a:b1:db:b2:70: + f0:2d:4a:db:d8:b0:e3:6f:45:48:33:12:ff:fe:3c:32:2a:54: + f7:c4:f7:8a:f0:88:23:c2:47:fe:64:7a:71:c0:d1:1e:a6:63: + b0:07:7e:a4:2f:d3:01:8f:dc:9f:2b:b6:c6:08:a9:0f:93:48: + 25:fc:12:fd:9f:42:dc:f3:c4:3e:f6:57:b0:d7:dd:69:d1:06: + 77:34:0a:4b:d2:ca:a0:ff:1c:c6:8c:c9:16:be:c4:cc:32:37: + 68:73:5f:08:fb:51:f7:49:53:36:05:0a:95:02:4c:f2:79:1a: + 10:f6:d8:3a:75:9c:f3:1d:f1:a2:0d:70:67:86:1b:b3:16:f5: + 2f:e5:a4:eb:79:86:f9:3d:0b:c2:73:0b:a5:99:ac:6f:fc:67: + b8:e5:2f:0b:a6:18:24:8d:7b:d1:48:35:29:18:40:ac:93:60: + e1:96:86:50:b4:7a:59:d8:8f:21:0b:9f:cf:82:91:c6:3b:bf: + 6b:dc:07:91:b9:97:56:23:aa:b6:6c:94:c6:48:06:3c:e4:ce: + 4e:aa:e4:f6:2f:09:dc:53:6f:2e:fc:74:eb:3a:63:99:c2:a6: + ac:89:bc:a7:b2:44:a0:0d:8a:10:e3:6c:f2:24:cb:fa:9b:9f: + 70:47:2e:de:14:8b:d4:b2:20:09:96:a2:64:f1:24:1c:dc:a1: + 35:9c:15:b2:d4:bc:55:2e:7d:06:f5:9c:0e:55:f4:5a:d6:93: + da:76:ad:25:73:4c:c5:43 +SHA1 Fingerprint=13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org + Validity + Not Before: Oct 14 07:36:55 2005 GMT + Not After : Mar 28 07:36:55 2033 GMT + Subject: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (4096 bit) + Modulus (4096 bit): + 00:ab:49:35:11:48:7c:d2:26:7e:53:94:cf:43:a9: + dd:28:d7:42:2a:8b:f3:87:78:19:58:7c:0f:9e:da: + 89:7d:e1:fb:eb:72:90:0d:74:a1:96:64:ab:9f:a0: + 24:99:73:da:e2:55:76:c7:17:7b:f5:04:ac:46:b8: + c3:be:7f:64:8d:10:6c:24:f3:61:9c:c0:f2:90:fa: + 51:e6:f5:69:01:63:c3:0f:56:e2:4a:42:cf:e2:44: + 8c:25:28:a8:c5:79:09:7d:46:b9:8a:f3:e9:f3:34: + 29:08:45:e4:1c:9f:cb:94:04:1c:81:a8:14:b3:98: + 65:c4:43:ec:4e:82:8d:09:d1:bd:aa:5b:8d:92:d0: + ec:de:90:c5:7f:0a:c2:e3:eb:e6:31:5a:5e:74:3e: + 97:33:59:e8:c3:03:3d:60:33:bf:f7:d1:6f:47:c4: + cd:ee:62:83:52:6e:2e:08:9a:a4:d9:15:18:91:a6: + 85:92:47:b0:ae:48:eb:6d:b7:21:ec:85:1a:68:72: + 35:ab:ff:f0:10:5d:c0:f4:94:a7:6a:d5:3b:92:7e: + 4c:90:05:7e:93:c1:2c:8b:a4:8e:62:74:15:71:6e: + 0b:71:03:ea:af:15:38:9a:d4:d2:05:72:6f:8c:f9: + 2b:eb:5a:72:25:f9:39:46:e3:72:1b:3e:04:c3:64: + 27:22:10:2a:8a:4f:58:a7:03:ad:be:b4:2e:13:ed: + 5d:aa:48:d7:d5:7d:d4:2a:7b:5c:fa:46:04:50:e4: + cc:0e:42:5b:8c:ed:db:f2:cf:fc:96:93:e0:db:11: + 36:54:62:34:38:8f:0c:60:9b:3b:97:56:38:ad:f3: + d2:5b:8b:a0:5b:ea:4e:96:b8:7c:d7:d5:a0:86:70: + 40:d3:91:29:b7:a2:3c:ad:f5:8c:bb:cf:1a:92:8a: + e4:34:7b:c0:d8:6c:5f:e9:0a:c2:c3:a7:20:9a:5a: + df:2c:5d:52:5c:ba:47:d5:9b:ef:24:28:70:38:20: + 2f:d5:7f:29:c0:b2:41:03:68:92:cc:e0:9c:cc:97: + 4b:45:ef:3a:10:0a:ab:70:3a:98:95:70:ad:35:b1: + ea:85:2b:a4:1c:80:21:31:a9:ae:60:7a:80:26:48: + 00:b8:01:c0:93:63:55:22:91:3c:56:e7:af:db:3a: + 25:f3:8f:31:54:ea:26:8b:81:59:f9:a1:d1:53:11: + c5:7b:9d:03:f6:74:11:e0:6d:b1:2c:3f:2c:86:91: + 99:71:9a:a6:77:8b:34:60:d1:14:b4:2c:ac:9d:af: + 8c:10:d3:9f:c4:6a:f8:6f:13:fc:73:59:f7:66:42: + 74:1e:8a:e3:f8:dc:d2:6f:98:9c:cb:47:98:95:40: + 05:fb:e9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + Authority Information Access: + OCSP - URI:http://ocsp.CAcert.org/ + CA Issuers - URI:http://www.CAcert.org/ca.crt + + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.18506 + CPS: http://www.CAcert.org/index.php?id=10 + + Signature Algorithm: md5WithRSAEncryption + 7f:08:88:a1:da:1a:50:49:da:89:fb:a1:08:72:f3:8a:f7:1e: + c4:3a:b4:79:5b:20:30:b1:45:de:c2:5d:d3:65:69:f1:c2:5d: + 54:54:3c:85:5f:b9:7b:42:91:c2:99:fd:1b:51:9b:ab:46:a5: + a1:10:53:9e:6d:88:ac:73:6e:2c:33:a6:f0:f4:9e:e0:75:c1: + 3e:88:45:a9:e1:66:43:fe:56:5a:d1:7a:41:78:f7:40:da:4a: + 3a:f1:0b:5b:a5:bb:16:06:e6:c2:e7:93:b9:85:4d:97:4f:b1: + 1e:38:43:80:ef:9b:0d:8c:ef:b8:a7:60:00:87:57:7d:1e:44: + 1c:cb:23:ef:9b:3c:99:9d:af:b5:29:1c:45:79:16:96:4d:27: + 6d:f1:1c:6c:c3:c2:55:64:b3:bc:14:e2:f3:a4:1f:1e:32:fc: + 27:15:05:cf:dd:2e:ae:3e:82:61:7b:f0:21:10:18:f6:44:ea: + 53:39:f9:dc:d0:9a:20:e0:c6:bb:e0:bb:5a:4f:c4:99:c8:07: + bd:b5:bd:a2:db:2e:62:0d:42:34:41:bc:ff:8b:8a:f5:51:22: + aa:88:30:00:e2:b0:d4:bc:be:65:ba:d5:03:57:79:9b:e8:dc: + c8:4d:f8:50:ed:91:a5:52:28:a2:ac:fb:36:58:3e:e9:94:2b: + 91:50:87:1b:d6:5e:d6:8c:cc:f7:0f:10:0c:52:4e:d0:16:61: + e5:e5:0a:6c:bf:17:c7:72:46:57:9c:98:f5:6c:60:63:7a:6f: + 5e:b9:4e:2f:c8:b9:b9:bb:6a:85:bc:98:0d:ed:f9:3e:97:84: + 34:94:ae:00:af:a1:e5:e7:92:6e:4e:bd:f3:e2:d9:14:8b:5c: + d2:eb:01:6c:a0:17:a5:2d:10:eb:9c:7a:4a:bd:bd:ee:ce:fd: + ed:22:40:ab:70:38:88:f5:0a:87:6a:c2:ab:05:60:c9:48:05: + da:53:c1:de:44:77:6a:b3:f3:3c:3c:ed:80:bc:a6:38:4a:29: + 24:5f:fe:59:3b:9b:25:7a:56:63:00:64:b9:5d:a4:62:7d:57: + 36:4f:ad:83:ef:1f:92:53:a0:8e:77:57:dd:e5:61:11:3d:23: + 00:90:4c:3c:fa:a3:60:93:04:a3:af:35:f6:0e:6a:8f:4f:4a: + 60:a7:85:05:6c:46:a1:8f:f4:c7:76:e3:a1:59:57:f7:71:b2: + c4:6e:14:5c:6d:6d:41:66:df:1b:93:b1:d4:00:c3:ee:cb:cf: + 3c:3d:21:80:a9:5f:63:65:fc:dd:e0:5f:a4:f4:2b:f0:85:71: + 41:d4:67:25:fb:1a:b1:97:ae:d6:99:82:13:41:d2:6e:a5:1b: + 99:27:80:e7:0b:a9:a8:00 +SHA1 Fingerprint=DB:4C:42:69:07:3F:E9:C2:A3:7D:89:0A:5C:1B:18:C4:18:4E:2A:2D +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS +BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v +cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9 +4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB +Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J +0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ +FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx +bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q +SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb +6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV +m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g +eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG +kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7 +6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG +CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc +aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB +gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w +aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6 +tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0 +nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M +77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV +Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L +ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM +zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU +rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF +YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT +oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu +FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB +0m6lG5kngOcLqagA +-----END CERTIFICATE----- + + diff -Nru ca_root_nss.old/files/ca-bundle.pl ca_root_nss/files/ca-bundle.pl --- ca_root_nss.old/files/ca-bundle.pl 1970-01-01 01:00:00.000000000 +0100 +++ ca_root_nss/files/ca-bundle.pl 2008-02-17 19:15:12.000000000 +0100 @@ -0,0 +1,50 @@ +#!%%PERL%% +## +## ca-bundle.pl -- Regenerate ca-bundle.crt from the Mozilla certdata.txt +## + +# configuration +my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot'; +my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt'; + +my $date = `date`; +$date =~ s/\n$//s; +print <<EOH; +## +## ca-bundle.crt -- Bundle of CA Root Certificates +## +## This is a bundle of X.509 certificates of public Certificate +## Authorities (CA). These were automatically extracted from Mozilla's +## root CA list (the file `certdata.txt'). It contains the certificates +## in both plain text and PEM format and therefore can be directly used +## with an Apache/mod_ssl webserver for SSL client authentication. Just +## configure this file as the SSLCACertificateFile. +## +## (SKIPME) +## +## Last Modified: $date +EOH +open(IN, "cvs -d $cvsroot co -p $certdata|") + || die "could not check out certdata.txt"; +my $incert = 0; +while (<IN>) { + if (/^CKA_VALUE MULTILINE_OCTAL/) { + $incert = 1; + open(OUT, "|openssl x509 -text -inform DER -fingerprint") + || die "could not pipe to openssl x509"; + } elsif (/^END/ && $incert) { + close(OUT); + $incert = 0; + print "\n\n"; + } elsif ($incert) { + my @bs = split(/\\/); + foreach my $b (@bs) { + chomp $b; + printf(OUT "%c", oct($b)) unless $b eq ''; + } + } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) { + print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n"; + } +} +close(IN); + diff -Nru ca_root_nss.old/files/patch-ca-bundle.pl ca_root_nss/files/patch-ca-bundle.pl --- ca_root_nss.old/files/patch-ca-bundle.pl 2007-07-06 23:37:35.000000000 +0200 +++ ca_root_nss/files/patch-ca-bundle.pl 1970-01-01 01:00:00.000000000 +0100 @@ -1,39 +0,0 @@ - -$FreeBSD: ports/security/ca_root_nss/files/patch-ca-bundle.pl,v 1.1 2007/07/06 21:37:35 brooks Exp $ - ---- ca-bundle.pl.orig -+++ ca-bundle.pl -@@ -3,30 +3,18 @@ - ## - - # configuration --my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot'; --my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt'; -- --my $date = `date`; --$date =~ s/\n$//s; - print <<EOH; - ## - ## ca-bundle.crt -- Bundle of CA Root Certificates - ## - ## This is a bundle of X.509 certificates of public Certificate - ## Authorities (CA). These were automatically extracted from Mozilla's --## root CA list (the file `certdata.txt'). It contains the certificates --## in both plain text and PEM format and therefore can be directly used --## with an Apache/mod_ssl webserver for SSL client authentication. Just --## configure this file as the SSLCACertificateFile. --## --## (SKIPME) -+## root CA list (the file `certdata.txt'). - ## --## Last Modified: $date -+## Extracted from nss-%%VERSION_NSS%% - EOH --open(IN, "cvs -d $cvsroot co -p $certdata|") -- || die "could not check out certdata.txt"; - my $incert = 0; --while (<IN>) { -+while (<STDIN>) { - if (/^CKA_VALUE MULTILINE_OCTAL/) { - $incert = 1; - open(OUT, "|openssl x509 -text -inform DER -fingerprint") diff -Nru ca_root_nss.old/pkg-plist ca_root_nss/pkg-plist --- ca_root_nss.old/pkg-plist 1970-01-01 01:00:00.000000000 +0100 +++ ca_root_nss/pkg-plist 2008-02-17 19:15:12.000000000 +0100 @@ -0,0 +1,5 @@ +@exec mkdir -p %D/share/certs +share/certs/ca-root-nss.crt +@exec ln -sf %D/share/certs/ca-root-nss.crt /etc/ssl/cert.pem +@unexec [ -L /etc/ssl/cert.pem ] && rm -f /etc/ssl/cert.pem +@unexec rmdir %D/share/certs >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802171933.m1HJXT64086056>