diff options
| author | William Pitcock <nenolod@dereferenced.org> | 2017-07-31 13:02:30 +0000 |
|---|---|---|
| committer | William Pitcock <nenolod@dereferenced.org> | 2017-07-31 13:02:30 +0000 |
| commit | db98f6b860734fc5587d5f39c72802689c9262aa (patch) | |
| tree | c490053af3bcb97f5971a7756c41db3d1d93af9e /blacklist.txt | |
| download | ca-certificates-20170726.tar.gz ca-certificates-20170726.tar.bz2 ca-certificates-20170726.tar.xz ca-certificates-20170726.zip | |
import ca-certificates 20170726 data20170726
Diffstat (limited to 'blacklist.txt')
| -rw-r--r-- | blacklist.txt | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/blacklist.txt b/blacklist.txt new file mode 100644 index 0000000..6ea1732 --- /dev/null +++ b/blacklist.txt @@ -0,0 +1,23 @@ +# One blacklist entry per line, corresponding to the label in certdata.txt. + +# MD5 Collision Proof of Concept CA +"MD5 Collisions Forged Rogue CA 25c3" + +# DigiNotar Root CA (see debbug#639744) +"DigiNotar Root CA" + +# StartCom and WoSign certificates are now untrusted by the major browser +# vendors[0]. See [1] for discussion. The list was generated by: +# +# $ egrep 'WoSign|StartCom' mozilla/certdata.txt \ +# | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq +# +# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ +# [1] https://bugs.debian.org/858539 +# +"StartCom Certification Authority" +"StartCom Certification Authority G2" +"WoSign" +"WoSign China" +"Certification Authority of WoSign G2" +"CA WoSign ECC Root" |