projects / mirror / dsa-puppet.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d29003c)
ssl/ca-global: add certs recently removed from nss to blacklist
authorJulien Cristau <jcristau@debian.org>
Sun, 3 Sep 2017 13:41:39 +0000 (15:41 +0200)
committerJulien Cristau <jcristau@debian.org>
Sun, 3 Sep 2017 13:41:39 +0000 (15:41 +0200)
modules/ssl/files/ca-certificates-global.conf patch | blob | history

diff --git a/modules/ssl/files/ca-certificates-global.conf b/modules/ssl/files/ca-certificates-global.conf
index c97220f..e578635 100644 (file)
--- a/modules/ssl/files/ca-certificates-global.conf
+++ b/modules/ssl/files/ca-certificates-global.conf
@@ -14,9 +14,47 @@
 !mozilla/CA_WoSign_ECC_Root.crt
 !mozilla/Certification_Authority_of_WoSign_G2.crt
 
-# https://wiki.mozilla.org/CA/Additional_Trust_Changes#CNNIC
+# removed in ca-certificates 20170717 (nss builtins version 2.14)
+!mozilla/AC_Raíz_Certicámara_S.A..crt
+!mozilla/ApplicationCA_-_Japanese_Government.crt
+!mozilla/Buypass_Class_2_CA_1.crt
+!mozilla/ComSign_CA.crt
+!mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
+!mozilla/Equifax_Secure_CA.crt
+!mozilla/Equifax_Secure_eBusiness_CA_1.crt
+!mozilla/Equifax_Secure_Global_eBusiness_CA.crt
+!mozilla/IGC_A.crt
+!mozilla/Juur-SK.crt
+!mozilla/Microsec_e-Szigno_Root_CA.crt
+!mozilla/Root_CA_Generalitat_Valenciana.crt
+!mozilla/RSA_Security_2048_v3.crt
+!mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
+!mozilla/S-TRUST_Universal_Root_CA.crt
+!mozilla/SwissSign_Platinum_CA_-_G2.crt
+!mozilla/TC_TrustCenter_Class_3_CA_II.crt
+!mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.crt
+!mozilla/UTN_USERFirst_Email_Root_CA.crt
+!mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt
+!mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt
+!mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt
+!mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt
+!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt
+!mozilla/WellsSecure_Public_Root_Certificate_Authority.crt
+
+# removed in nss builtins version 2.16
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1380868
 !mozilla/CNNIC_ROOT.crt
 !mozilla/China_Internet_Network_Information_Center_EV_Certificates_Root.crt
-
-# https://wiki.mozilla.org/CA/Additional_Trust_Changes#ANSSI
-!mozilla/IGC_A.crt
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1359515
+!mozilla/Swisscom_Root_CA_2.crt
+!mozilla/Swisscom_Root_CA_1.crt
+!mozilla/Swisscom_Root_EV_CA_2.crt
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1366114
+!mozilla/GeoTrust_Global_CA_2.crt
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1366403
+!mozilla/AddTrust_Low-Value_Services_Root.crt
+!mozilla/AddTrust_Public_Services_Root.crt
+!mozilla/AddTrust_Qualified_Certificates_Root.crt
+!mozilla/Comodo_Secure_Services_root.crt
+!mozilla/Comodo_Trusted_Services_root.crt
+!mozilla/UTN_USERFirst_Hardware_Root_CA.crt
Unnamed repository; edit this file 'description' to name the repository.