Date: Wed, 3 Nov 2021 20:54:18 GMT From: Gordon Tetlow <gordon@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: b76aaa35423e - releng/13.0 - Root certificate bundle update. Message-ID: <202111032054.1A3KsIv3071146@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch releng/13.0 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=b76aaa35423e7a0f47029d9526149505828568c8 commit b76aaa35423e7a0f47029d9526149505828568c8 Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2021-11-03 20:30:05 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2021-11-03 20:37:26 +0000 Root certificate bundle update. Approved by: so Security: EN-21:27.caroot --- secure/caroot/MAca-bundle.pl | 55 ++++++-- .../Camerfirma_Chambers_of_Commerce_Root.pem | 0 .../Camerfirma_Global_Chambersign_Root.pem | 0 .../{trusted => blacklisted}/Certum_Root_CA.pem | 0 .../Chambers_of_Commerce_Root_-_2008.pem | 0 .../D-TRUST_Root_CA_3_2013.pem | 0 secure/caroot/{trusted => blacklisted}/EC-ACC.pem | 0 ...oTrust_Primary_Certification_Authority_-_G2.pem | 0 .../Global_Chambersign_Root_-_2008.pem | 0 .../OISTE_WISeKey_Global_Root_GA_CA.pem | 0 .../{trusted => blacklisted}/QuoVadis_Root_CA.pem | 2 + .../Sonera_Class_2_Root_CA.pem | 2 + .../Staat_der_Nederlanden_Root_CA_-_G3.pem | 0 .../SwissSign_Platinum_CA_-_G2.pem | 0 ...Public_Primary_Certification_Authority_-_G6.pem | 0 ...Public_Primary_Certification_Authority_-_G6.pem | 0 .../Trustis_FPS_Root_CA.pem | 0 ...Sign_Universal_Root_Certification_Authority.pem | 0 ...Public_Primary_Certification_Authority_-_G3.pem | 0 ...Public_Primary_Certification_Authority_-_G3.pem | 0 secure/caroot/trusted/ACCVRAIZ1.pem | 2 + secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem | 2 + .../AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem | 69 ++++++++++ .../caroot/trusted/ANF_Secure_Server_Root_CA.pem | 139 +++++++++++++++++++++ .../trusted/Actalis_Authentication_Root_CA.pem | 2 + secure/caroot/trusted/AffirmTrust_Commercial.pem | 2 + secure/caroot/trusted/AffirmTrust_Networking.pem | 2 + secure/caroot/trusted/AffirmTrust_Premium.pem | 2 + secure/caroot/trusted/AffirmTrust_Premium_ECC.pem | 2 + secure/caroot/trusted/Amazon_Root_CA_1.pem | 2 + secure/caroot/trusted/Amazon_Root_CA_2.pem | 2 + secure/caroot/trusted/Amazon_Root_CA_3.pem | 2 + secure/caroot/trusted/Amazon_Root_CA_4.pem | 2 + secure/caroot/trusted/Atos_TrustedRoot_2011.pem | 2 + ...ertificacion_Firmaprofesional_CIF_A62634068.pem | 2 + .../caroot/trusted/Baltimore_CyberTrust_Root.pem | 2 + secure/caroot/trusted/Buypass_Class_2_Root_CA.pem | 2 + secure/caroot/trusted/Buypass_Class_3_Root_CA.pem | 2 + secure/caroot/trusted/CA_Disig_Root_R2.pem | 2 + secure/caroot/trusted/CFCA_EV_ROOT.pem | 2 + .../trusted/COMODO_Certification_Authority.pem | 2 + .../trusted/COMODO_ECC_Certification_Authority.pem | 2 + .../trusted/COMODO_RSA_Certification_Authority.pem | 2 + secure/caroot/trusted/Certigna.pem | 2 + secure/caroot/trusted/Certigna_Root_CA.pem | 2 + secure/caroot/trusted/Certum_EC-384_CA.pem | 68 ++++++++++ .../caroot/trusted/Certum_Trusted_Network_CA.pem | 2 + .../caroot/trusted/Certum_Trusted_Network_CA_2.pem | 2 + secure/caroot/trusted/Certum_Trusted_Root_CA.pem | 136 ++++++++++++++++++++ secure/caroot/trusted/Comodo_AAA_Services_root.pem | 2 + secure/caroot/trusted/Cybertrust_Global_Root.pem | 2 + .../trusted/D-TRUST_Root_Class_3_CA_2_2009.pem | 2 + .../trusted/D-TRUST_Root_Class_3_CA_2_EV_2009.pem | 2 + secure/caroot/trusted/DST_Root_CA_X3.pem | 2 + .../caroot/trusted/DigiCert_Assured_ID_Root_CA.pem | 2 + .../caroot/trusted/DigiCert_Assured_ID_Root_G2.pem | 2 + .../caroot/trusted/DigiCert_Assured_ID_Root_G3.pem | 2 + secure/caroot/trusted/DigiCert_Global_Root_CA.pem | 2 + secure/caroot/trusted/DigiCert_Global_Root_G2.pem | 2 + secure/caroot/trusted/DigiCert_Global_Root_G3.pem | 2 + .../trusted/DigiCert_High_Assurance_EV_Root_CA.pem | 2 + secure/caroot/trusted/DigiCert_Trusted_Root_G4.pem | 2 + .../trusted/E-Tugra_Certification_Authority.pem | 2 + .../Entrust_Root_Certification_Authority.pem | 2 + .../Entrust_Root_Certification_Authority_-_EC1.pem | 2 + .../Entrust_Root_Certification_Authority_-_G2.pem | 2 + .../Entrust_Root_Certification_Authority_-_G4.pem | 2 + .../Entrust_net_Premium_2048_Secure_Server_CA.pem | 2 + secure/caroot/trusted/GDCA_TrustAUTH_R5_ROOT.pem | 2 + secure/caroot/trusted/GLOBALTRUST_2020.pem | 138 ++++++++++++++++++++ secure/caroot/trusted/GTS_Root_R1.pem | 2 + secure/caroot/trusted/GTS_Root_R2.pem | 2 + secure/caroot/trusted/GTS_Root_R3.pem | 2 + secure/caroot/trusted/GTS_Root_R4.pem | 2 + .../caroot/trusted/GlobalSign_ECC_Root_CA_-_R4.pem | 2 + .../caroot/trusted/GlobalSign_ECC_Root_CA_-_R5.pem | 2 + secure/caroot/trusted/GlobalSign_Root_CA.pem | 2 + secure/caroot/trusted/GlobalSign_Root_CA_-_R2.pem | 2 + secure/caroot/trusted/GlobalSign_Root_CA_-_R3.pem | 2 + secure/caroot/trusted/GlobalSign_Root_CA_-_R6.pem | 2 + secure/caroot/trusted/GlobalSign_Root_E46.pem | 66 ++++++++++ secure/caroot/trusted/GlobalSign_Root_R46.pem | 134 ++++++++++++++++++++ secure/caroot/trusted/Go_Daddy_Class_2_CA.pem | 2 + .../Go_Daddy_Root_Certificate_Authority_-_G2.pem | 2 + ...c_and_Research_Institutions_ECC_RootCA_2015.pem | 2 + ...demic_and_Research_Institutions_RootCA_2011.pem | 2 + ...demic_and_Research_Institutions_RootCA_2015.pem | 2 + secure/caroot/trusted/Hongkong_Post_Root_CA_1.pem | 2 + secure/caroot/trusted/Hongkong_Post_Root_CA_3.pem | 2 + secure/caroot/trusted/ISRG_Root_X1.pem | 2 + .../trusted/IdenTrust_Commercial_Root_CA_1.pem | 2 + .../trusted/IdenTrust_Public_Sector_Root_CA_1.pem | 2 + secure/caroot/trusted/Izenpe_com.pem | 2 + .../trusted/Microsec_e-Szigno_Root_CA_2009.pem | 2 + ...crosoft_ECC_Root_Certificate_Authority_2017.pem | 2 + ...crosoft_RSA_Root_Certificate_Authority_2017.pem | 2 + .../NAVER_Global_Root_Certification_Authority.pem | 2 + ...etLock_Arany__Class_Gold__F__tan__s__tv__ny.pem | 2 + .../Network_Solutions_Certificate_Authority.pem | 2 + .../trusted/OISTE_WISeKey_Global_Root_GB_CA.pem | 2 + .../trusted/OISTE_WISeKey_Global_Root_GC_CA.pem | 2 + secure/caroot/trusted/QuoVadis_Root_CA_1_G3.pem | 2 + secure/caroot/trusted/QuoVadis_Root_CA_2.pem | 2 + secure/caroot/trusted/QuoVadis_Root_CA_2_G3.pem | 2 + secure/caroot/trusted/QuoVadis_Root_CA_3.pem | 2 + secure/caroot/trusted/QuoVadis_Root_CA_3_G3.pem | 2 + ...SSL_com_EV_Root_Certification_Authority_ECC.pem | 2 + ..._com_EV_Root_Certification_Authority_RSA_R2.pem | 2 + .../SSL_com_Root_Certification_Authority_ECC.pem | 2 + .../SSL_com_Root_Certification_Authority_RSA.pem | 2 + secure/caroot/trusted/SZAFIR_ROOT_CA2.pem | 2 + secure/caroot/trusted/SecureSign_RootCA11.pem | 2 + secure/caroot/trusted/SecureTrust_CA.pem | 2 + secure/caroot/trusted/Secure_Global_CA.pem | 2 + .../trusted/Security_Communication_RootCA2.pem | 2 + .../trusted/Security_Communication_Root_CA.pem | 2 + .../trusted/Staat_der_Nederlanden_EV_Root_CA.pem | 2 + secure/caroot/trusted/Starfield_Class_2_CA.pem | 2 + .../Starfield_Root_Certificate_Authority_-_G2.pem | 2 + ...ld_Services_Root_Certificate_Authority_-_G2.pem | 2 + secure/caroot/trusted/SwissSign_Gold_CA_-_G2.pem | 2 + secure/caroot/trusted/SwissSign_Silver_CA_-_G2.pem | 2 + .../trusted/T-TeleSec_GlobalRoot_Class_2.pem | 2 + .../trusted/T-TeleSec_GlobalRoot_Class_3.pem | 2 + ...BITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem | 2 + secure/caroot/trusted/TWCA_Global_Root_CA.pem | 2 + .../trusted/TWCA_Root_Certification_Authority.pem | 2 + secure/caroot/trusted/TeliaSonera_Root_CA_v1.pem | 2 + secure/caroot/trusted/TrustCor_ECA-1.pem | 2 + secure/caroot/trusted/TrustCor_RootCert_CA-1.pem | 2 + secure/caroot/trusted/TrustCor_RootCert_CA-2.pem | 2 + .../Trustwave_Global_Certification_Authority.pem | 2 + ...ave_Global_ECC_P256_Certification_Authority.pem | 2 + ...ave_Global_ECC_P384_Certification_Authority.pem | 2 + .../trusted/UCA_Extended_Validation_Root.pem | 2 + secure/caroot/trusted/UCA_Global_G2_Root.pem | 2 + .../USERTrust_ECC_Certification_Authority.pem | 2 + .../USERTrust_RSA_Certification_Authority.pem | 2 + secure/caroot/trusted/XRamp_Global_CA_Root.pem | 2 + secure/caroot/trusted/certSIGN_ROOT_CA.pem | 2 + secure/caroot/trusted/certSIGN_Root_CA_G2.pem | 2 + secure/caroot/trusted/e-Szigno_Root_CA_2017.pem | 2 + .../trusted/ePKI_Root_Certification_Authority.pem | 2 + secure/caroot/trusted/emSign_ECC_Root_CA_-_C3.pem | 2 + secure/caroot/trusted/emSign_ECC_Root_CA_-_G3.pem | 2 + secure/caroot/trusted/emSign_Root_CA_-_C1.pem | 2 + secure/caroot/trusted/emSign_Root_CA_-_G1.pem | 2 + 147 files changed, 1037 insertions(+), 12 deletions(-) diff --git a/secure/caroot/MAca-bundle.pl b/secure/caroot/MAca-bundle.pl index bfac77c73941..8521b620337f 100755 --- a/secure/caroot/MAca-bundle.pl +++ b/secure/caroot/MAca-bundle.pl @@ -76,6 +76,8 @@ sub print_header($$) ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $VERSION ## @@ -91,6 +93,8 @@ EOFH ## Authorities (CA). These were automatically extracted from Mozilla's ## root CA list (the file `certdata.txt'). ## +## It contains certificates trusted for server authentication. +## ## Extracted from nss ## with $VERSION ## @@ -100,6 +104,13 @@ EOH } } +# returns a string like YYMMDDhhmmssZ of current time in GMT zone +sub timenow() +{ + my ($sec,$min,$hour,$mday,$mon,$year,undef,undef,undef) = gmtime(time); + return sprintf "%02d%02d%02d%02d%02d%02dZ", $year-100, $mon+1, $mday, $hour, $min, $sec; +} + sub printcert($$$) { my ($fh, $label, $certdata) = @_; @@ -110,6 +121,8 @@ sub printcert($$$) close(OUT) or die "openssl x509 failed with exit code $?"; } +# converts a datastream that is to be \177-style octal constants +# from <> to a (binary) string and returns it sub graboct($) { my $ifh = shift; @@ -125,13 +138,13 @@ sub graboct($) return $data; } - sub grabcert($) { my $ifh = shift; my $certdata; - my $cka_label; - my $serial; + my $cka_label = ''; + my $serial = 0; + my $distrust = 0; while (<$ifh>) { chomp; @@ -148,6 +161,19 @@ sub grabcert($) if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) { $serial = graboct($ifh); } + + if (/^CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL/) + { + my $distrust_after = graboct($ifh); + my $time_now = timenow(); + if ($time_now >= $distrust_after) { $distrust = 1; } + if ($debug) { + printf STDERR "line $.: $cka_label ser #%d: distrust after %s, now: %s -> distrust $distrust\n", $serial, $distrust_after, timenow(); + } + if ($distrust) { + return undef; + } + } } return ($serial, $cka_label, $certdata); } @@ -171,13 +197,13 @@ sub grabtrust($) { $serial = graboct($ifh); } - if (/^CKA_TRUST_(SERVER_AUTH|EMAIL_PROTECTION|CODE_SIGNING) CK_TRUST (\S+)$/) + if (/^CKA_TRUST_SERVER_AUTH CK_TRUST (\S+)$/) { - if ($2 eq 'CKT_NSS_NOT_TRUSTED') { + if ($1 eq 'CKT_NSS_NOT_TRUSTED') { $distrust = 1; - } elsif ($2 eq 'CKT_NSS_TRUSTED_DELEGATOR') { + } elsif ($1 eq 'CKT_NSS_TRUSTED_DELEGATOR') { $maytrust = 1; - } elsif ($2 ne 'CKT_NSS_MUST_VERIFY_TRUST') { + } elsif ($1 ne 'CKT_NSS_MUST_VERIFY_TRUST') { confess "Unknown trust setting on line $.:\n" . "$_\n" . "Script must be updated:"; @@ -197,16 +223,22 @@ if (!$outputdir) { print_header(*STDOUT, ""); } +my $untrusted = 0; + while (<$inputfh>) { if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) { my ($serial, $label, $certdata) = grabcert($inputfh); if (defined $certs{$label."\0".$serial}) { warn "Certificate $label duplicated!\n"; } - $certs{$label."\0".$serial} = $certdata; - # We store the label in a separate hash because truncating the key - # with \0 was causing garbage data after the end of the text. - $labels{$label."\0".$serial} = $label; + if (defined $certdata) { + $certs{$label."\0".$serial} = $certdata; + # We store the label in a separate hash because truncating the key + # with \0 was causing garbage data after the end of the text. + $labels{$label."\0".$serial} = $label; + } else { # $certdata undefined? distrust_after in effect + $untrusted ++; + } } elsif (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/) { my ($serial, $label, $trust) = grabtrust($inputfh); if (defined $trusts{$label."\0".$serial}) { @@ -226,7 +258,6 @@ sub label_to_filename(@) { } # weed out untrusted certificates -my $untrusted = 0; foreach my $it (keys %trusts) { if (!$trusts{$it}) { if (!exists($certs{$it})) { diff --git a/secure/caroot/trusted/Camerfirma_Chambers_of_Commerce_Root.pem b/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem similarity index 100% rename from secure/caroot/trusted/Camerfirma_Chambers_of_Commerce_Root.pem rename to secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem diff --git a/secure/caroot/trusted/Camerfirma_Global_Chambersign_Root.pem b/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem similarity index 100% rename from secure/caroot/trusted/Camerfirma_Global_Chambersign_Root.pem rename to secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem diff --git a/secure/caroot/trusted/Certum_Root_CA.pem b/secure/caroot/blacklisted/Certum_Root_CA.pem similarity index 100% rename from secure/caroot/trusted/Certum_Root_CA.pem rename to secure/caroot/blacklisted/Certum_Root_CA.pem diff --git a/secure/caroot/trusted/Chambers_of_Commerce_Root_-_2008.pem b/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem similarity index 100% rename from secure/caroot/trusted/Chambers_of_Commerce_Root_-_2008.pem rename to secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem diff --git a/secure/caroot/trusted/D-TRUST_Root_CA_3_2013.pem b/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem similarity index 100% rename from secure/caroot/trusted/D-TRUST_Root_CA_3_2013.pem rename to secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem diff --git a/secure/caroot/trusted/EC-ACC.pem b/secure/caroot/blacklisted/EC-ACC.pem similarity index 100% rename from secure/caroot/trusted/EC-ACC.pem rename to secure/caroot/blacklisted/EC-ACC.pem diff --git a/secure/caroot/trusted/GeoTrust_Primary_Certification_Authority_-_G2.pem b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem similarity index 100% rename from secure/caroot/trusted/GeoTrust_Primary_Certification_Authority_-_G2.pem rename to secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem diff --git a/secure/caroot/trusted/Global_Chambersign_Root_-_2008.pem b/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem similarity index 100% rename from secure/caroot/trusted/Global_Chambersign_Root_-_2008.pem rename to secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem diff --git a/secure/caroot/trusted/OISTE_WISeKey_Global_Root_GA_CA.pem b/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem similarity index 100% rename from secure/caroot/trusted/OISTE_WISeKey_Global_Root_GA_CA.pem rename to secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem diff --git a/secure/caroot/trusted/QuoVadis_Root_CA.pem b/secure/caroot/blacklisted/QuoVadis_Root_CA.pem similarity index 98% rename from secure/caroot/trusted/QuoVadis_Root_CA.pem rename to secure/caroot/blacklisted/QuoVadis_Root_CA.pem index 3619cd0cbd03..25e6300f5231 100644 --- a/secure/caroot/trusted/QuoVadis_Root_CA.pem +++ b/secure/caroot/blacklisted/QuoVadis_Root_CA.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Sonera_Class_2_Root_CA.pem b/secure/caroot/blacklisted/Sonera_Class_2_Root_CA.pem similarity index 98% rename from secure/caroot/trusted/Sonera_Class_2_Root_CA.pem rename to secure/caroot/blacklisted/Sonera_Class_2_Root_CA.pem index 7b38ef463d6a..b23c237e319f 100644 --- a/secure/caroot/trusted/Sonera_Class_2_Root_CA.pem +++ b/secure/caroot/blacklisted/Sonera_Class_2_Root_CA.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Staat_der_Nederlanden_Root_CA_-_G3.pem b/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem similarity index 100% rename from secure/caroot/trusted/Staat_der_Nederlanden_Root_CA_-_G3.pem rename to secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem diff --git a/secure/caroot/trusted/SwissSign_Platinum_CA_-_G2.pem b/secure/caroot/blacklisted/SwissSign_Platinum_CA_-_G2.pem similarity index 100% rename from secure/caroot/trusted/SwissSign_Platinum_CA_-_G2.pem rename to secure/caroot/blacklisted/SwissSign_Platinum_CA_-_G2.pem diff --git a/secure/caroot/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem b/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem similarity index 100% rename from secure/caroot/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem rename to secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem diff --git a/secure/caroot/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem b/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem similarity index 100% rename from secure/caroot/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem rename to secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem diff --git a/secure/caroot/trusted/Trustis_FPS_Root_CA.pem b/secure/caroot/blacklisted/Trustis_FPS_Root_CA.pem similarity index 100% rename from secure/caroot/trusted/Trustis_FPS_Root_CA.pem rename to secure/caroot/blacklisted/Trustis_FPS_Root_CA.pem diff --git a/secure/caroot/trusted/VeriSign_Universal_Root_Certification_Authority.pem b/secure/caroot/blacklisted/VeriSign_Universal_Root_Certification_Authority.pem similarity index 100% rename from secure/caroot/trusted/VeriSign_Universal_Root_Certification_Authority.pem rename to secure/caroot/blacklisted/VeriSign_Universal_Root_Certification_Authority.pem diff --git a/secure/caroot/trusted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem b/secure/caroot/blacklisted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem similarity index 100% rename from secure/caroot/trusted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem rename to secure/caroot/blacklisted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem diff --git a/secure/caroot/trusted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem b/secure/caroot/blacklisted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem similarity index 100% rename from secure/caroot/trusted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem rename to secure/caroot/blacklisted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem diff --git a/secure/caroot/trusted/ACCVRAIZ1.pem b/secure/caroot/trusted/ACCVRAIZ1.pem index 0c7c7c41b57d..1c96e53b8f17 100644 --- a/secure/caroot/trusted/ACCVRAIZ1.pem +++ b/secure/caroot/trusted/ACCVRAIZ1.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem b/secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem index 579f50d8d730..6a64be5ce138 100644 --- a/secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem +++ b/secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem b/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem new file mode 100644 index 000000000000..71ee49574e84 --- /dev/null +++ b/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem @@ -0,0 +1,69 @@ +## +## AC RAIZ FNMT-RCM SERVIDORES SEGUROS +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## It contains a certificate trusted for server authentication. +## +## Extracted from nss +## with $FreeBSD$ +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 62:f6:32:6c:e5:c4:e3:68:5c:1b:62:dd:9c:2e:9d:95 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C = ES, O = FNMT-RCM, OU = Ceres, organizationIdentifier = VATES-Q2826004J, CN = AC RAIZ FNMT-RCM SERVIDORES SEGUROS + Validity + Not Before: Dec 20 09:37:33 2018 GMT + Not After : Dec 20 09:37:33 2043 GMT + Subject: C = ES, O = FNMT-RCM, OU = Ceres, organizationIdentifier = VATES-Q2826004J, CN = AC RAIZ FNMT-RCM SERVIDORES SEGUROS + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:f6:ba:57:53:c8:ca:ab:df:36:4a:52:21:e4:97: + d2:83:67:9e:f0:65:51:d0:5e:87:c7:47:b1:59:f2: + 57:47:9b:00:02:93:44:17:69:db:42:c7:b1:b2:3a: + 18:0e:b4:5d:8c:b3:66:5d:a1:34:f9:36:2c:49:db: + f3:46:fc:b3:44:69:44:13:66:fd:d7:c5:fd:af:36: + 4d:ce:03:4d:07:71:cf:af:6a:05:d2:a2:43:5a:0a: + 52:6f:01:03:4e:8e:8b + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 01:B9:2F:EF:BF:11:86:60:F2:4F:D0:41:6E:AB:73:1F:E7:D2:6E:49 + Signature Algorithm: ecdsa-with-SHA384 + 30:66:02:31:00:ae:4a:e3:2b:40:c3:74:11:f2:95:ad:16:23: + de:4e:0c:1a:e6:5d:a5:24:5e:6b:44:7b:fc:38:e2:4f:cb:9c: + 45:17:11:4c:14:27:26:55:39:75:4a:03:cc:13:90:9f:92:02: + 31:00:fa:4a:6c:60:88:73:f3:ee:b8:98:62:a9:ce:2b:c2:d9: + 8a:a6:70:31:1d:af:b0:94:4c:eb:4f:c6:e3:d1:f3:62:a7:3c: + ff:93:2e:07:5c:49:01:67:69:12:02:72:bf:e7 +SHA1 Fingerprint=62:FF:D9:9E:C0:65:0D:03:CE:75:93:D2:ED:3F:2D:32:C9:E3:E5:4A +-----BEGIN CERTIFICATE----- +MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQsw +CQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgw +FgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1S +Q00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4MTIyMDA5MzczM1oXDTQzMTIyMDA5 +MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMQ4wDAYDVQQL +DAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNBQyBS +QUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LH +sbI6GA60XYyzZl2hNPk2LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oK +Um8BA06Oi6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqGSM49BAMDA2kAMGYCMQCu +SuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoDzBOQn5IC +MQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJy +v+c= +-----END CERTIFICATE----- diff --git a/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem b/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem new file mode 100644 index 000000000000..6114a5ccdb2d --- /dev/null +++ b/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem @@ -0,0 +1,139 @@ +## +## ANF Secure Server Root CA +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## It contains a certificate trusted for server authentication. +## +## Extracted from nss +## with $FreeBSD$ +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 996390341000653745 (0xdd3e3bc6cf96bb1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: serialNumber = G63287510, C = ES, O = ANF Autoridad de Certificacion, OU = ANF CA Raiz, CN = ANF Secure Server Root CA + Validity + Not Before: Sep 4 10:00:38 2019 GMT + Not After : Aug 30 10:00:38 2039 GMT + Subject: serialNumber = G63287510, C = ES, O = ANF Autoridad de Certificacion, OU = ANF CA Raiz, CN = ANF Secure Server Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:db:eb:6b:2b:e6:64:54:95:82:90:a3:72:a4:19: + 01:9d:9c:0b:81:5f:73:49:ba:a7:ac:f3:04:4e:7b: + 96:0b:ec:11:e0:5b:a6:1c:ce:1b:d2:0d:83:1c:2b: + b8:9e:1d:7e:45:32:60:0f:07:e9:77:58:7e:9f:6a: + c8:61:4e:b6:26:c1:4c:8d:ff:4c:ef:34:b2:1f:65: + d8:b9:78:f5:ad:a9:71:b9:ef:4f:58:1d:a5:de:74: + 20:97:a1:ed:68:4c:de:92:17:4b:bc:ab:ff:65:9a: + 9e:fb:47:d9:57:72:f3:09:a1:ae:76:44:13:6e:9c: + 2d:44:39:bc:f9:c7:3b:a4:58:3d:41:bd:b4:c2:49: + a3:c8:0d:d2:97:2f:07:65:52:00:a7:6e:c8:af:68: + ec:f4:14:96:b6:57:1f:56:c3:39:9f:2b:6d:e4:f3: + 3e:f6:35:64:da:0c:1c:a1:84:4b:2f:4b:4b:e2:2c: + 24:9d:6d:93:40:eb:b5:23:8e:32:ca:6f:45:d3:a8: + 89:7b:1e:cf:1e:fa:5b:43:8b:cd:cd:a8:0f:6a:ca: + 0c:5e:b9:9e:47:8f:f0:d9:b6:0a:0b:58:65:17:33: + b9:23:e4:77:19:7d:cb:4a:2e:92:7b:4f:2f:10:77: + b1:8d:2f:68:9c:62:cc:e0:50:f8:ec:91:a7:54:4c: + 57:09:d5:76:63:c5:e8:65:1e:ee:6d:6a:cf:09:9d: + fa:7c:4f:ad:60:08:fd:56:99:0f:15:2c:7b:a9:80: + ab:8c:61:8f:4a:07:76:42:de:3d:f4:dd:b2:24:33: + 5b:b8:b5:a3:44:c9:ac:7f:77:3c:1d:23:ec:82:a9: + a6:e2:c8:06:4c:02:fe:ac:5c:99:99:0b:2f:10:8a: + a6:f4:7f:d5:87:74:0d:59:49:45:f6:f0:71:5c:39: + 29:d6:bf:4a:23:8b:f5:5f:01:63:d2:87:73:28:b5: + 4b:0a:f5:f8:ab:82:2c:7e:73:25:32:1d:0b:63:0a: + 17:81:00:ff:b6:76:5e:e7:b4:b1:40:ca:21:bb:d5: + 80:51:e5:48:52:67:2c:d2:61:89:07:0d:0f:ce:42: + 77:c0:44:73:9c:44:50:a0:db:10:0a:2d:95:1c:81: + af:e4:1c:e5:14:1e:f1:36:41:01:02:2f:7d:73:a7: + de:42:cc:4c:e9:89:0d:56:f7:9f:91:d4:03:c6:6c: + c9:8f:db:d8:1c:e0:40:98:5d:66:99:98:80:6e:2d: + ff:01:c5:ce:cb:46:1f:ac:02:c6:43:e6:ae:a2:84: + 3c:c5:4e:1e:3d:6d:c9:14:4c:e3:2e:41:bb:ca:39: + bf:36:3c:2a:19:aa:41:87:4e:a5:ce:4b:32:79:dd: + 90:49:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:9C:5F:D0:6C:63:A3:5F:93:CA:93:98:08:AD:8C:87:A5:2C:5C:C1:37 + + X509v3 Subject Key Identifier: + 9C:5F:D0:6C:63:A3:5F:93:CA:93:98:08:AD:8C:87:A5:2C:5C:C1:37 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 4e:1e:b9:8a:c6:a0:98:3f:6e:c3:69:c0:6a:5c:49:52:ac:cb: + 2b:5d:78:38:c1:d5:54:84:9f:93:f0:87:19:3d:2c:66:89:eb: + 0d:42:fc:cc:f0:75:85:3f:8b:f4:80:5d:79:e5:17:67:bd:35: + 82:e2:f2:3c:8e:7d:5b:36:cb:5a:80:00:29:f2:ce:2b:2c:f1: + 8f:aa:6d:05:93:6c:72:c7:56:eb:df:50:23:28:e5:45:10:3d: + e8:67:a3:af:0e:55:0f:90:09:62:ef:4b:59:a2:f6:53:f1:c0: + 35:e4:2f:c1:24:bd:79:2f:4e:20:22:3b:fd:1a:20:b0:a4:0e: + 2c:70:ed:74:3f:b8:13:95:06:51:c8:e8:87:26:ca:a4:5b:6a: + 16:21:92:dd:73:60:9e:10:18:de:3c:81:ea:e8:18:c3:7c:89: + f2:8b:50:3e:bd:11:e2:15:03:a8:36:7d:33:01:6c:48:15:d7: + 88:90:99:04:c5:cc:e6:07:f4:bc:f4:90:ed:13:e2:ea:8b:c3: + 8f:a3:33:0f:c1:29:4c:13:4e:da:15:56:71:73:72:82:50:f6: + 9a:33:7c:a2:b1:a8:1a:34:74:65:5c:ce:d1:eb:ab:53:e0:1a: + 80:d8:ea:3a:49:e4:26:30:9b:e5:1c:8a:a8:a9:15:32:86:99: + 92:0a:10:23:56:12:e0:f6:ce:4c:e2:bb:be:db:8d:92:73:01: + 66:2f:62:3e:b2:72:27:45:36:ed:4d:56:e3:97:99:ff:3a:35: + 3e:a5:54:4a:52:59:4b:60:db:ee:fe:78:11:7f:4a:dc:14:79: + 60:b6:6b:64:03:db:15:83:e1:a2:be:f6:23:97:50:f0:09:33: + 36:a7:71:96:25:f3:b9:42:7d:db:38:3f:2c:58:ac:e8:42:e1: + 0e:d8:d3:3b:4c:2e:82:e9:83:2e:6b:31:d9:dd:47:86:4f:6d: + 97:91:2e:4f:e2:28:71:35:16:d1:f2:73:fe:25:2b:07:47:24: + 63:27:c8:f8:f6:d9:6b:fc:12:31:56:08:c0:53:42:af:9c:d0: + 33:7e:fc:06:f0:31:44:03:14:f1:58:ea:f2:6a:0d:a9:11:b2: + 83:be:c5:1a:bf:07:ea:59:dc:a3:88:35:ef:9c:76:32:3c:4d: + 06:22:ce:15:e5:dd:9e:d8:8f:da:de:d2:c4:39:e5:17:81:cf: + 38:47:eb:7f:88:6d:59:1b:df:9f:42:14:ae:7e:cf:a8:b0:66: + 65:da:37:af:9f:aa:3d:ea:28:b6:de:d5:31:58:16:82:5b:ea: + bb:19:75:02:73:1a:ca:48:1a:21:93:90:0a:8e:93:84:a7:7d: + 3b:23:18:92:89:a0:8d:ac +SHA1 Fingerprint=5B:6E:68:D0:CC:15:B6:A0:5F:1E:C1:5F:AE:02:FC:6B:2F:5D:6F:74 +-----BEGIN CERTIFICATE----- +MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNV +BAUTCUc2MzI4NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlk +YWQgZGUgQ2VydGlmaWNhY2lvbjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNV +BAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3QgQ0EwHhcNMTkwOTA0MTAwMDM4WhcN +MzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF +UzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYD +VQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9v +dCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCj +cqQZAZ2cC4Ffc0m6p6zzBE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9q +yGFOtibBTI3/TO80sh9l2Ll49a2pcbnvT1gdpd50IJeh7WhM3pIXS7yr/2WanvtH +2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcvB2VSAKduyK9o7PQUlrZX +H1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXsezx76W0OL +zc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyR +p1RMVwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQz +W7i1o0TJrH93PB0j7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/ +SiOL9V8BY9KHcyi1Swr1+KuCLH5zJTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJn +LNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe8TZBAQIvfXOn3kLMTOmJDVb3 +n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVOHj1tyRRM4y5B +u8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj +o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AgEATh65isagmD9uw2nAalxJUqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L +9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzxj6ptBZNscsdW699QIyjlRRA96Gej +rw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDtdD+4E5UGUcjohybK +pFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM5gf0 +vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjq +OknkJjCb5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ +/zo1PqVUSlJZS2Db7v54EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ9 +2zg/LFis6ELhDtjTO0wugumDLmsx2d1Hhk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI ++PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGyg77FGr8H6lnco4g175x2 +MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3r5+qPeoo +tt7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= +-----END CERTIFICATE----- diff --git a/secure/caroot/trusted/Actalis_Authentication_Root_CA.pem b/secure/caroot/trusted/Actalis_Authentication_Root_CA.pem index 7248545350e2..7c971e1229a2 100644 --- a/secure/caroot/trusted/Actalis_Authentication_Root_CA.pem +++ b/secure/caroot/trusted/Actalis_Authentication_Root_CA.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/AffirmTrust_Commercial.pem b/secure/caroot/trusted/AffirmTrust_Commercial.pem index 1d85c32853c8..282d1a5dcf6f 100644 --- a/secure/caroot/trusted/AffirmTrust_Commercial.pem +++ b/secure/caroot/trusted/AffirmTrust_Commercial.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/AffirmTrust_Networking.pem b/secure/caroot/trusted/AffirmTrust_Networking.pem index 222bde26c934..830cf3f0c3c2 100644 --- a/secure/caroot/trusted/AffirmTrust_Networking.pem +++ b/secure/caroot/trusted/AffirmTrust_Networking.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/AffirmTrust_Premium.pem b/secure/caroot/trusted/AffirmTrust_Premium.pem index dc1447429465..725747aafdaf 100644 --- a/secure/caroot/trusted/AffirmTrust_Premium.pem +++ b/secure/caroot/trusted/AffirmTrust_Premium.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/AffirmTrust_Premium_ECC.pem b/secure/caroot/trusted/AffirmTrust_Premium_ECC.pem index a6f01409a2ef..6fe75939863e 100644 --- a/secure/caroot/trusted/AffirmTrust_Premium_ECC.pem +++ b/secure/caroot/trusted/AffirmTrust_Premium_ECC.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Amazon_Root_CA_1.pem b/secure/caroot/trusted/Amazon_Root_CA_1.pem index 6bf1acafd4c7..2aca2eee3e9b 100644 --- a/secure/caroot/trusted/Amazon_Root_CA_1.pem +++ b/secure/caroot/trusted/Amazon_Root_CA_1.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Amazon_Root_CA_2.pem b/secure/caroot/trusted/Amazon_Root_CA_2.pem index 80a1eb66bee2..95ca81db30bb 100644 --- a/secure/caroot/trusted/Amazon_Root_CA_2.pem +++ b/secure/caroot/trusted/Amazon_Root_CA_2.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Amazon_Root_CA_3.pem b/secure/caroot/trusted/Amazon_Root_CA_3.pem index 6b61b3e18fa0..294f7dc8f0b6 100644 --- a/secure/caroot/trusted/Amazon_Root_CA_3.pem +++ b/secure/caroot/trusted/Amazon_Root_CA_3.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Amazon_Root_CA_4.pem b/secure/caroot/trusted/Amazon_Root_CA_4.pem index df7aa6f1c165..649917b9638a 100644 --- a/secure/caroot/trusted/Amazon_Root_CA_4.pem +++ b/secure/caroot/trusted/Amazon_Root_CA_4.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Atos_TrustedRoot_2011.pem b/secure/caroot/trusted/Atos_TrustedRoot_2011.pem index 21b229561733..7058d3fb6edf 100644 --- a/secure/caroot/trusted/Atos_TrustedRoot_2011.pem +++ b/secure/caroot/trusted/Atos_TrustedRoot_2011.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem b/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem index 4d2eaa61962f..db4f44195dbd 100644 --- a/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem +++ b/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Baltimore_CyberTrust_Root.pem b/secure/caroot/trusted/Baltimore_CyberTrust_Root.pem index 3dc1de849346..0f356d59962f 100644 --- a/secure/caroot/trusted/Baltimore_CyberTrust_Root.pem +++ b/secure/caroot/trusted/Baltimore_CyberTrust_Root.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Buypass_Class_2_Root_CA.pem b/secure/caroot/trusted/Buypass_Class_2_Root_CA.pem index dc2c86edbed1..0168f641fd42 100644 --- a/secure/caroot/trusted/Buypass_Class_2_Root_CA.pem +++ b/secure/caroot/trusted/Buypass_Class_2_Root_CA.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Buypass_Class_3_Root_CA.pem b/secure/caroot/trusted/Buypass_Class_3_Root_CA.pem index fda39f8731d1..7ae24799e638 100644 --- a/secure/caroot/trusted/Buypass_Class_3_Root_CA.pem +++ b/secure/caroot/trusted/Buypass_Class_3_Root_CA.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/CA_Disig_Root_R2.pem b/secure/caroot/trusted/CA_Disig_Root_R2.pem index 0ecc9d1ee08d..0dda6d97e2aa 100644 --- a/secure/caroot/trusted/CA_Disig_Root_R2.pem +++ b/secure/caroot/trusted/CA_Disig_Root_R2.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/CFCA_EV_ROOT.pem b/secure/caroot/trusted/CFCA_EV_ROOT.pem index 7eb37baa3bed..722499b9ed42 100644 --- a/secure/caroot/trusted/CFCA_EV_ROOT.pem +++ b/secure/caroot/trusted/CFCA_EV_ROOT.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/COMODO_Certification_Authority.pem b/secure/caroot/trusted/COMODO_Certification_Authority.pem index 7aa1237bb8e1..fc3e4b554cc3 100644 --- a/secure/caroot/trusted/COMODO_Certification_Authority.pem +++ b/secure/caroot/trusted/COMODO_Certification_Authority.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/COMODO_ECC_Certification_Authority.pem b/secure/caroot/trusted/COMODO_ECC_Certification_Authority.pem index 215581b14fdf..5f839a858d00 100644 --- a/secure/caroot/trusted/COMODO_ECC_Certification_Authority.pem +++ b/secure/caroot/trusted/COMODO_ECC_Certification_Authority.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/COMODO_RSA_Certification_Authority.pem b/secure/caroot/trusted/COMODO_RSA_Certification_Authority.pem index 38e275f1365e..7faefe98b8bf 100644 --- a/secure/caroot/trusted/COMODO_RSA_Certification_Authority.pem +++ b/secure/caroot/trusted/COMODO_RSA_Certification_Authority.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Certigna.pem b/secure/caroot/trusted/Certigna.pem index bbcd413be511..e9104ef6c3da 100644 --- a/secure/caroot/trusted/Certigna.pem +++ b/secure/caroot/trusted/Certigna.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Certigna_Root_CA.pem b/secure/caroot/trusted/Certigna_Root_CA.pem index c1a0286ab2a0..a0a7248b51ea 100644 --- a/secure/caroot/trusted/Certigna_Root_CA.pem +++ b/secure/caroot/trusted/Certigna_Root_CA.pem @@ -5,6 +5,8 @@ ## Authority (CA). It was automatically extracted from Mozilla's ## root CA list (the file `certdata.txt' in security/nss). ## +## It contains a certificate trusted for server authentication. +## ## Extracted from nss ## with $FreeBSD$ ## diff --git a/secure/caroot/trusted/Certum_EC-384_CA.pem b/secure/caroot/trusted/Certum_EC-384_CA.pem new file mode 100644 index 000000000000..67b5d644f809 --- /dev/null +++ b/secure/caroot/trusted/Certum_EC-384_CA.pem @@ -0,0 +1,68 @@ +## +## Certum EC-384 CA +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## It contains a certificate trusted for server authentication. +## +## Extracted from nss +## with $FreeBSD$ +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 78:8f:27:5c:81:12:52:20:a5:04:d0:2d:dd:ba:73:f4 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C = PL, O = Asseco Data Systems S.A., OU = Certum Certification Authority, CN = Certum EC-384 CA + Validity + Not Before: Mar 26 07:24:54 2018 GMT + Not After : Mar 26 07:24:54 2043 GMT + Subject: C = PL, O = Asseco Data Systems S.A., OU = Certum Certification Authority, CN = Certum EC-384 CA + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:c4:28:8e:ab:18:5b:6a:be:6e:64:37:63:e4:cd: + ec:ab:3a:f7:cc:a1:b8:0e:82:49:d7:86:29:9f:a1: + 94:f2:e3:60:78:98:81:78:06:4d:f2:ec:9a:0e:57: + 60:83:9f:b4:e6:17:2f:1a:b3:5d:02:5b:89:23:3c: + c2:11:05:2a:a7:88:13:18:f3:50:84:d7:bd:34:2c: + 27:89:55:ff:ce:4c:e7:df:a6:1f:28:c4:f0:54:c3: + b9:7c:b7:53:ad:eb:c2 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 8D:06:66:74:24:76:3A:F3:89:F7:BC:D6:BD:47:7D:2F:BC:10:5F:4B + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: ecdsa-with-SHA384 + 30:65:02:30:03:55:2d:a6:e6:18:c4:7c:ef:c9:50:6e:c1:27: + 0f:9c:87:af:6e:d5:1b:08:18:bd:92:29:c1:ef:94:91:78:d2: + 3a:1c:55:89:62:e5:1b:09:1e:ba:64:6b:f1:76:b4:d4:02:31: + 00:b4:42:84:99:ff:ab:e7:9e:fb:91:97:27:5d:dc:b0:5b:30: + 71:ce:5e:38:1a:6a:d9:25:e7:ea:f7:61:92:56:f8:ea:da:36: + c2:87:65:96:2e:72:25:2f:7f:df:c3:13:c9 +SHA1 Fingerprint=F3:3E:78:3C:AC:DF:F4:A2:CC:AC:67:55:69:56:D7:E5:16:3C:E1:ED +-----BEGIN CERTIFICATE----- +MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw +CQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw +JQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT +EENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2MDcyNDU0WhcNNDMwMzI2MDcyNDU0 +WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBT +LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAX +BgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATE +KI6rGFtqvm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7Tm +Fy8as10CW4kjPMIRBSqniBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68Kj *** 1764 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202111032054.1A3KsIv3071146>