diff options
| author | Max Rees <maxcrees@me.com> | 2020-06-02 23:31:26 -0500 |
|---|---|---|
| committer | Max Rees <maxcrees@me.com> | 2020-06-02 23:51:19 -0500 |
| commit | 1bb1c32dd6dce336b036c4f3bef43fd1cce99a77 (patch) | |
| tree | c7c8d0acf5516dbc5759aa745f6e5ac658dbf9e1 | |
| parent | bbe1168204f3224a7c992aefbb6de08208d0148c (diff) | |
| download | ca-certificates-1bb1c32dd6dce336b036c4f3bef43fd1cce99a77.tar.gz ca-certificates-1bb1c32dd6dce336b036c4f3bef43fd1cce99a77.tar.bz2 ca-certificates-1bb1c32dd6dce336b036c4f3bef43fd1cce99a77.tar.xz ca-certificates-1bb1c32dd6dce336b036c4f3bef43fd1cce99a77.zip | |
Revert "blacklist: distrust Symantec Root CAs"20200603
As of this writing there are still large service providers still using
GeoTrust-based certificates, such as Apple Mail:
Certificate chain
0 s:CN = imap.mail.me.com, OU = management:idms.group.859635, O = Apple Inc., ST = California, C = US
i:CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US
1 s:CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US
i:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
2 s:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
i:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
This reverts commit 4023193aac8706830d99720de6628cc0d8eabd84.
| -rw-r--r-- | blacklist.txt | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/blacklist.txt b/blacklist.txt index 9c0b4fd..1fc904b 100644 --- a/blacklist.txt +++ b/blacklist.txt @@ -13,30 +13,6 @@ "TURKTRUST Mis-issued Intermediate CA 1" "TURKTRUST Mis-issued Intermediate CA 2" -# Distrusted Symantec Root CAs: -# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911289 -"GeoTrust Global CA" -"GeoTrust Primary Certification Authority" -"GeoTrust Primary Certification Authority - G2" -"GeoTrust Primary Certification Authority - G3" -"GeoTrust Universal CA" -"Thawte Premium Server CA" -"thawte Primary Root CA" -"thawte Primary Root CA - G2" -"thawte Primary Root CA - G3" -"Symantec Class 1 Public Primary Certification Authority - G4" -"Symantec Class 1 Public Primary Certification Authority - G6" -"Symantec Class 2 Public Primary Certification Authority - G4" -"Symantec Class 2 Public Primary Certification Authority - G6" -"Symantec Class 3 Public Primary Certification Authority - G4" -"Symantec Class 3 Public Primary Certification Authority - G6" -"VeriSign Class 1 Public Primary Certification Authority - G3" -"VeriSign Class 2 Public Primary Certification Authority - G3" -"VeriSign Class 3 Public Primary Certification Authority - G3" -"VeriSign Class 3 Public Primary Certification Authority - G4" -"VeriSign Class 3 Public Primary Certification Authority - G5" -"VeriSign Universal Root Certification Authority" - # Expired certificates # Not Valid Before: Tue May 30 10:48:38 2000 # Not Valid After : Sat May 30 10:48:38 2020 |