X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fssl%2Ffiles%2Fca-certificates-global.conf;h=e578635aea9cdcb3baa9dfab58465e3e019abe3c;hb=a3602762e8a1122180fd557284f7e78875ea89ec;hp=fa10a90fe2842cd6d07cc6c5a0e69918cba9419c;hpb=958c7e4b9ff1a826751f7020e320e17bb99a37ac;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ssl/files/ca-certificates-global.conf b/modules/ssl/files/ca-certificates-global.conf
index fa10a90fe..e578635ae 100644
--- a/modules/ssl/files/ca-certificates-global.conf
+++ b/modules/ssl/files/ca-certificates-global.conf
@@ -1,5 +1,5 @@
 # This file is under puppet control
-# All CAs are trusted, see /etc/ssl/ca-global/README
+# All CAs are trusted, see /etc/ssl/README
 
 # blacklist SPI's old CA
 !spi-inc.org/spi-cacert-2008.crt
@@ -13,3 +13,48 @@
 !mozilla/WoSign.crt
 !mozilla/CA_WoSign_ECC_Root.crt
 !mozilla/Certification_Authority_of_WoSign_G2.crt
+
+# removed in ca-certificates 20170717 (nss builtins version 2.14)
+!mozilla/AC_Raíz_Certicámara_S.A..crt
+!mozilla/ApplicationCA_-_Japanese_Government.crt
+!mozilla/Buypass_Class_2_CA_1.crt
+!mozilla/ComSign_CA.crt
+!mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
+!mozilla/Equifax_Secure_CA.crt
+!mozilla/Equifax_Secure_eBusiness_CA_1.crt
+!mozilla/Equifax_Secure_Global_eBusiness_CA.crt
+!mozilla/IGC_A.crt
+!mozilla/Juur-SK.crt
+!mozilla/Microsec_e-Szigno_Root_CA.crt
+!mozilla/Root_CA_Generalitat_Valenciana.crt
+!mozilla/RSA_Security_2048_v3.crt
+!mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
+!mozilla/S-TRUST_Universal_Root_CA.crt
+!mozilla/SwissSign_Platinum_CA_-_G2.crt
+!mozilla/TC_TrustCenter_Class_3_CA_II.crt
+!mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.crt
+!mozilla/UTN_USERFirst_Email_Root_CA.crt
+!mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt
+!mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt
+!mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt
+!mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt
+!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt
+!mozilla/WellsSecure_Public_Root_Certificate_Authority.crt
+
+# removed in nss builtins version 2.16
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1380868
+!mozilla/CNNIC_ROOT.crt
+!mozilla/China_Internet_Network_Information_Center_EV_Certificates_Root.crt
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1359515
+!mozilla/Swisscom_Root_CA_2.crt
+!mozilla/Swisscom_Root_CA_1.crt
+!mozilla/Swisscom_Root_EV_CA_2.crt
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1366114
+!mozilla/GeoTrust_Global_CA_2.crt
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1366403
+!mozilla/AddTrust_Low-Value_Services_Root.crt
+!mozilla/AddTrust_Public_Services_Root.crt
+!mozilla/AddTrust_Qualified_Certificates_Root.crt
+!mozilla/Comodo_Secure_Services_root.crt
+!mozilla/Comodo_Trusted_Services_root.crt
+!mozilla/UTN_USERFirst_Hardware_Root_CA.crt