From a4c6115d9202e1d1ecdec25fa1a665fe8d857cc5 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Tue, 2 Jun 2020 18:45:09 -0500
Subject: blacklist: silence untrusted errors

When certdata2pem is run, it checks whether certificates are marked as
untrusted. If they are, it excludes them but emits a loud warning that
they were not explicitly blacklisted.

Silence this warning by explicitly blacklisting them.
---
 blacklist.txt | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/blacklist.txt b/blacklist.txt
index 70ed0d5..88940c0 100644
--- a/blacklist.txt
+++ b/blacklist.txt
@@ -1,2 +1,14 @@
 # One blacklist entry per line, corresponding to the label in certdata.txt.
 
+# Blacklist explicitly distrusted certificates
+# They were already to-be-excluded since they are distrusted, but this
+# silences the loud warning they produce.
+"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
+"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
+"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
+"Explicitly Distrust DigiNotar Root CA"
+"Explicitly Distrusted DigiNotar PKIoverheid G2"
+"MITM subCA 1 issued by Trustwave"
+"MITM subCA 2 issued by Trustwave"
+"TURKTRUST Mis-issued Intermediate CA 1"
+"TURKTRUST Mis-issued Intermediate CA 2"
-- 
cgit v1.2.3-70-g09d2