summaryrefslogtreecommitdiff
path: root/blacklist.txt
diff options
context:
space:
mode:
authorWilliam Pitcock <nenolod@dereferenced.org>2017-07-31 13:02:30 +0000
committerWilliam Pitcock <nenolod@dereferenced.org>2017-07-31 13:02:30 +0000
commitdb98f6b860734fc5587d5f39c72802689c9262aa (patch)
treec490053af3bcb97f5971a7756c41db3d1d93af9e /blacklist.txt
downloadca-certificates-db98f6b860734fc5587d5f39c72802689c9262aa.tar.gz
ca-certificates-db98f6b860734fc5587d5f39c72802689c9262aa.tar.bz2
ca-certificates-db98f6b860734fc5587d5f39c72802689c9262aa.tar.xz
ca-certificates-db98f6b860734fc5587d5f39c72802689c9262aa.zip
import ca-certificates 20170726 data20170726
Diffstat (limited to 'blacklist.txt')
-rw-r--r--blacklist.txt23
1 files changed, 23 insertions, 0 deletions
diff --git a/blacklist.txt b/blacklist.txt
new file mode 100644
index 0000000..6ea1732
--- /dev/null
+++ b/blacklist.txt
@@ -0,0 +1,23 @@
+# One blacklist entry per line, corresponding to the label in certdata.txt.
+
+# MD5 Collision Proof of Concept CA
+"MD5 Collisions Forged Rogue CA 25c3"
+
+# DigiNotar Root CA (see debbug#639744)
+"DigiNotar Root CA"
+
+# StartCom and WoSign certificates are now untrusted by the major browser
+# vendors[0]. See [1] for discussion. The list was generated by:
+#
+# $ egrep 'WoSign|StartCom' mozilla/certdata.txt \
+# | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq
+#
+# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
+# [1] https://bugs.debian.org/858539
+#
+"StartCom Certification Authority"
+"StartCom Certification Authority G2"
+"WoSign"
+"WoSign China"
+"Certification Authority of WoSign G2"
+"CA WoSign ECC Root"