Age | Commit message (Collapse) | Author | Files | Lines |
|
As of this writing there are still large service providers still using
GeoTrust-based certificates, such as Apple Mail:
Certificate chain
0 s:CN = imap.mail.me.com, OU = management:idms.group.859635, O = Apple Inc., ST = California, C = US
i:CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US
1 s:CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US
i:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
2 s:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
i:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
This reverts commit 4023193aac8706830d99720de6628cc0d8eabd84.
|
|
* Remove [ options ]
* There is no c_rehash manpage yet, so don't mention it.
|
|
|
|
|
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911289
|
|
When certdata2pem is run, it checks whether certificates are marked as
untrusted. If they are, it excludes them but emits a loud warning that
they were not explicitly blacklisted.
Silence this warning by explicitly blacklisting them.
|
|
This certificate no longer exists in certdata.txt.
|
|
|
|
There may be certificates that lack a trailing newline, which is allowed
in the certificate format. We work around that by inject a newline after
each cert.
see https://gitlab.alpinelinux.org/alpine/aports/issues/8379
|
|
|
|
musl removed SYMLINK_MAX define[1]. Use PATH_MAX instead for symlink
target.
[1]: http://git.musl-libc.org/cgit/musl/commit/?id=767f7a1091af3a3dcee2f7a49d0713359a81961c
|
|
|
|
These roots are trusted in the Mozilla program only for S/MIME, so should not be
included in ca-certificates, which most applications use to validate TLS
certificates.
Per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721976, the only MUAs that
depend on or suggest ca-certificates are Mutt and Sylpheed. Sylpheed doesn't use
ca-certificates for S/MIME. Mutt does, but I think it is still safe to remove
thes because:
(a) S/MIME is relatively uncommon, and
(b) The CAs that have both TLS and S/MIME bits will continue to work, and
(c) Nearly all of the 12 removed email-only CAs have ceased operation of their
email certificate services
Verisign Class 1 Public Primary Certification Authority - G3
Verisign Class 2 Public Primary Certification Authority - G3
UTN USERFirst Email Root CA
SwissSign Platinum CA - G2
AC Raiz Certicamara S.A.
TC TrustCenter Class 3 CA II
ComSign CA
S-TRUST Universal Root CA
Symantec Class 1 Public Primary Certification Authority - G6
Symantec Class 2 Public Primary Certification Authority - G6
Symantec Class 1 Public Primary Certification Authority - G4
Symantec Class 2 Public Primary Certification Authority - G4
|
|
|
|
|
|
Remove WoSign from blacklist since the certs themselves are gone.
Update certdata.txt from NSS upstream.
Update VERSION file for new release.
|
|
|
|
pointless
|
|
|
|
|
|
|
|
|