From 1bb1c32dd6dce336b036c4f3bef43fd1cce99a77 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Tue, 2 Jun 2020 23:31:26 -0500
Subject: Revert "blacklist: distrust Symantec Root CAs"

As of this writing there are still large service providers still using
GeoTrust-based certificates, such as Apple Mail:

Certificate chain
 0 s:CN = imap.mail.me.com, OU = management:idms.group.859635, O = Apple Inc., ST = California, C = US
   i:CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US
 1 s:CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US
   i:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
 2 s:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
   i:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA

This reverts commit 4023193aac8706830d99720de6628cc0d8eabd84.
---
 blacklist.txt | 24 ------------------------
 1 file changed, 24 deletions(-)

diff --git a/blacklist.txt b/blacklist.txt
index 9c0b4fd..1fc904b 100644
--- a/blacklist.txt
+++ b/blacklist.txt
@@ -13,30 +13,6 @@
 "TURKTRUST Mis-issued Intermediate CA 1"
 "TURKTRUST Mis-issued Intermediate CA 2"
 
-# Distrusted Symantec Root CAs:
-# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911289
-"GeoTrust Global CA"
-"GeoTrust Primary Certification Authority"
-"GeoTrust Primary Certification Authority - G2"
-"GeoTrust Primary Certification Authority - G3"
-"GeoTrust Universal CA"
-"Thawte Premium Server CA"
-"thawte Primary Root CA"
-"thawte Primary Root CA - G2"
-"thawte Primary Root CA - G3"
-"Symantec Class 1 Public Primary Certification Authority - G4"
-"Symantec Class 1 Public Primary Certification Authority - G6"
-"Symantec Class 2 Public Primary Certification Authority - G4"
-"Symantec Class 2 Public Primary Certification Authority - G6"
-"Symantec Class 3 Public Primary Certification Authority - G4"
-"Symantec Class 3 Public Primary Certification Authority - G6"
-"VeriSign Class 1 Public Primary Certification Authority - G3"
-"VeriSign Class 2 Public Primary Certification Authority - G3"
-"VeriSign Class 3 Public Primary Certification Authority - G3"
-"VeriSign Class 3 Public Primary Certification Authority - G4"
-"VeriSign Class 3 Public Primary Certification Authority - G5"
-"VeriSign Universal Root Certification Authority"
-
 # Expired certificates
 # Not Valid Before: Tue May 30 10:48:38 2000
 # Not Valid After : Sat May 30 10:48:38 2020
-- 
cgit v1.2.3-70-g09d2