rpms/ca-certificates/devel blacklist.txt, NONE, 1.1 certdata.txt, NONE, 1.1 certdata2pem.py, NONE, 1.1 ca-certificates.spec, 1.8, 1.9
jorton
jorton at fedoraproject.org
Fri Jan 15 17:11:52 UTC 2010
- Previous message: rpms/qscintilla/devel .cvsignore, 1.9, 1.10 qscintilla.spec, 1.35, 1.36 sources, 1.9, 1.10 QScintilla-gpl-2.4-autocomplete_popup.patch, 1.2, NONE
- Next message: rpms/perl-Jemplate/devel Jemplate-0.23-fix-quoted-test.patch, NONE, 1.1 perl-Jemplate.spec, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jorton
Update of /cvs/extras/rpms/ca-certificates/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4404
Modified Files:
ca-certificates.spec
Added Files:
blacklist.txt certdata.txt certdata2pem.py
Log Message:
* Mon Jan 11 2010 Joe Orton <jorton at redhat.com> - 2010-1
- adopt Python certdata.txt parsing script from Debian
--- NEW FILE blacklist.txt ---
# One blacklist entry per line, corresponding to the label in certdata.txt.
# MD5 Collision Proof of Concept CA
"MD5 Collisions Forged Rogue CA 25c3"
--- NEW FILE certdata.txt ---
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.57 $ $Date: 2009/12/03 21:09:32 $"
#
# certdata.txt
#
# This file contains the object definitions for the certs and other
# information "built into" NSS.
#
# Object definitions:
#
# Certificates
#
# -- Attribute -- -- type -- -- value --
# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
# CKA_TOKEN CK_BBOOL CK_TRUE
# CKA_PRIVATE CK_BBOOL CK_FALSE
# CKA_MODIFIABLE CK_BBOOL CK_FALSE
# CKA_LABEL UTF8 (varies)
# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
# CKA_SUBJECT DER+base64 (varies)
# CKA_ID byte array (varies)
# CKA_ISSUER DER+base64 (varies)
# CKA_SERIAL_NUMBER DER+base64 (varies)
# CKA_VALUE DER+base64 (varies)
# CKA_NETSCAPE_EMAIL ASCII7 (unused here)
#
# Trust
#
# -- Attribute -- -- type -- -- value --
# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST
# CKA_TOKEN CK_BBOOL CK_TRUE
# CKA_PRIVATE CK_BBOOL CK_FALSE
# CKA_MODIFIABLE CK_BBOOL CK_FALSE
# CKA_LABEL UTF8 (varies)
# CKA_ISSUER DER+base64 (varies)
# CKA_SERIAL_NUMBER DER+base64 (varies)
# CKA_CERT_HASH binary+base64 (varies)
# CKA_EXPIRES CK_DATE (not used here)
# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies)
# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies)
# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies)
# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies)
# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies)
# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies)
# CKA_TRUST_CRL_SIGN CK_TRUST (varies)
# CKA_TRUST_SERVER_AUTH CK_TRUST (varies)
# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies)
# CKA_TRUST_CODE_SIGNING CK_TRUST (varies)
# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies)
# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies)
# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)
# CKA_TRUST_IPSEC_USER CK_TRUST (varies)
# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)
# CKA_TRUST_STEP_UP_APPROVED CK_BBOOL (varies)
# (other trust attributes can be defined)
#
#
# The object to tell NSS that this is a root list and we don't
# have to go looking for others.
#
BEGINDATA
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_BUILTIN_ROOT_LIST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "Mozilla Builtin Roots"
#
# Certificate "Verisign/RSA Secure Server CA"
#
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "Verisign/RSA Secure Server CA"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\040\060\036\006\003\125\004\012\023\027\122\123\101\040\104\141
\164\141\040\123\145\143\165\162\151\164\171\054\040\111\156\143
\056\061\056\060\054\006\003\125\004\013\023\045\123\145\143\165
\162\145\040\123\145\162\166\145\162\040\103\145\162\164\151\146
\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
\171
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\040\060\036\006\003\125\004\012\023\027\122\123\101\040\104\141
\164\141\040\123\145\143\165\162\151\164\171\054\040\111\156\143
\056\061\056\060\054\006\003\125\004\013\023\045\123\145\143\165
\162\145\040\123\145\162\166\145\162\040\103\145\162\164\151\146
\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\002\255\146\176\116\105\376\136\127\157\074\230\031\136
\335\300
END
CKA_VALUE MULTILINE_OCTAL
\060\202\002\064\060\202\001\241\002\020\002\255\146\176\116\105
\376\136\127\157\074\230\031\136\335\300\060\015\006\011\052\206
\110\206\367\015\001\001\002\005\000\060\137\061\013\060\011\006
\003\125\004\006\023\002\125\123\061\040\060\036\006\003\125\004
\012\023\027\122\123\101\040\104\141\164\141\040\123\145\143\165
\162\151\164\171\054\040\111\156\143\056\061\056\060\054\006\003
\125\004\013\023\045\123\145\143\165\162\145\040\123\145\162\166
\145\162\040\103\145\162\164\151\146\151\143\141\164\151\157\156
\040\101\165\164\150\157\162\151\164\171\060\036\027\015\071\064
\061\061\060\071\060\060\060\060\060\060\132\027\015\061\060\060
\061\060\067\062\063\065\071\065\071\132\060\137\061\013\060\011
\006\003\125\004\006\023\002\125\123\061\040\060\036\006\003\125
\004\012\023\027\122\123\101\040\104\141\164\141\040\123\145\143
\165\162\151\164\171\054\040\111\156\143\056\061\056\060\054\006
\003\125\004\013\023\045\123\145\143\165\162\145\040\123\145\162
\166\145\162\040\103\145\162\164\151\146\151\143\141\164\151\157
\156\040\101\165\164\150\157\162\151\164\171\060\201\233\060\015
\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201\211
\000\060\201\205\002\176\000\222\316\172\301\256\203\076\132\252
\211\203\127\254\045\001\166\014\255\256\216\054\067\316\353\065
\170\144\124\003\345\204\100\121\311\277\217\010\342\212\202\010
\322\026\206\067\125\351\261\041\002\255\166\150\201\232\005\242
\113\311\113\045\146\042\126\154\210\007\217\367\201\131\155\204
\007\145\160\023\161\166\076\233\167\114\343\120\211\126\230\110
\271\035\247\051\032\023\056\112\021\131\234\036\025\325\111\124
\054\163\072\151\202\261\227\071\234\155\160\147\110\345\335\055
\326\310\036\173\002\003\001\000\001\060\015\006\011\052\206\110
\206\367\015\001\001\002\005\000\003\176\000\145\335\176\341\262
\354\260\342\072\340\354\161\106\232\031\021\270\323\307\240\264
\003\100\046\002\076\011\234\341\022\263\321\132\366\067\245\267
\141\003\266\133\026\151\073\306\104\010\014\210\123\014\153\227
\111\307\076\065\334\154\271\273\252\337\134\273\072\057\223\140
\266\251\113\115\362\040\367\315\137\177\144\173\216\334\000\134
\327\372\167\312\071\026\131\157\016\352\323\265\203\177\115\115
\102\126\166\264\311\137\004\370\070\370\353\322\137\165\137\315
\173\374\345\216\200\174\374\120
END
# Trust for Certificate "Verisign/RSA Secure Server CA"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "Verisign/RSA Secure Server CA"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\104\143\305\061\327\314\301\000\147\224\141\053\266\126\323\277
\202\127\204\157
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\164\173\202\003\103\360\000\236\153\263\354\107\277\205\245\223
END
CKA_ISSUER MULTILINE_OCTAL
\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\040\060\036\006\003\125\004\012\023\027\122\123\101\040\104\141
\164\141\040\123\145\143\165\162\151\164\171\054\040\111\156\143
\056\061\056\060\054\006\003\125\004\013\023\045\123\145\143\165
\162\145\040\123\145\162\166\145\162\040\103\145\162\164\151\146
\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\002\255\146\176\116\105\376\136\127\157\074\230\031\136
[...21016 lines suppressed...]
\173\031\056\060\045\026\043\150\164\164\160\072\057\057\154\157
\147\157\056\166\145\162\151\163\151\147\156\056\143\157\155\057
\166\163\154\157\147\157\056\147\151\146\060\035\006\003\125\035
\016\004\026\004\024\266\167\372\151\110\107\237\123\022\325\302
\352\007\062\166\007\321\227\007\031\060\015\006\011\052\206\110
\206\367\015\001\001\013\005\000\003\202\001\001\000\112\370\370
\260\003\346\054\147\173\344\224\167\143\314\156\114\371\175\016
\015\334\310\271\065\271\160\117\143\372\044\372\154\203\214\107
\235\073\143\363\232\371\166\062\225\221\261\167\274\254\232\276
\261\344\061\041\306\201\225\126\132\016\261\302\324\261\246\131
\254\361\143\313\270\114\035\131\220\112\357\220\026\050\037\132
\256\020\373\201\120\070\014\154\314\361\075\303\365\143\343\263
\343\041\311\044\071\351\375\025\146\106\364\033\021\320\115\163
\243\175\106\371\075\355\250\137\142\324\361\077\370\340\164\127
\053\030\235\201\264\304\050\332\224\227\245\160\353\254\035\276
\007\021\360\325\333\335\345\214\360\325\062\260\203\346\127\342
\217\277\276\241\252\277\075\035\265\324\070\352\327\260\134\072
\117\152\077\217\300\146\154\143\252\351\331\244\026\364\201\321
\225\024\016\175\315\225\064\331\322\217\160\163\201\173\234\176
\275\230\141\330\105\207\230\220\305\353\206\060\306\065\277\360
\377\303\125\210\203\113\357\005\222\006\161\362\270\230\223\267
\354\315\202\141\361\070\346\117\227\230\052\132\215
END
# Trust for Certificate "VeriSign Universal Root Certification Authority"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\066\171\312\065\146\207\162\060\115\060\245\373\207\073\017\247
\173\267\015\124
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\216\255\265\001\252\115\201\344\214\035\321\341\024\000\225\031
END
CKA_ISSUER MULTILINE_OCTAL
\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123
\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145
\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023
\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162
\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151
\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032
\305\035
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
#
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145
\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
\165\164\150\157\162\151\164\171\040\055\040\107\064
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145
\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
\165\164\150\157\162\151\164\171\040\055\040\107\064
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207
\254\263
END
CKA_VALUE MULTILINE_OCTAL
\060\202\003\204\060\202\003\012\240\003\002\001\002\002\020\057
\200\376\043\214\016\042\017\110\147\022\050\221\207\254\263\060
\012\006\010\052\206\110\316\075\004\003\003\060\201\312\061\013
\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006
\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040
\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126
\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145
\164\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061
\050\143\051\040\062\060\060\067\040\126\145\162\151\123\151\147
\156\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165
\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
\171\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151
\123\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142
\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164
\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
\151\164\171\040\055\040\107\064\060\036\027\015\060\067\061\061
\060\065\060\060\060\060\060\060\132\027\015\063\070\060\061\061
\070\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006
\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004
\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143
\056\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151
\123\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157
\162\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051
\040\062\060\060\067\040\126\145\162\151\123\151\147\156\054\040
\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157
\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105
\060\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147
\156\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143
\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151
\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
\040\055\040\107\064\060\166\060\020\006\007\052\206\110\316\075
\002\001\006\005\053\201\004\000\042\003\142\000\004\247\126\172
\174\122\332\144\233\016\055\134\330\136\254\222\075\376\001\346
\031\112\075\024\003\113\372\140\047\040\331\203\211\151\372\124
\306\232\030\136\125\052\144\336\006\366\215\112\073\255\020\074
\145\075\220\210\004\211\340\060\141\263\256\135\001\247\173\336
\174\262\276\312\145\141\000\206\256\332\217\173\320\211\255\115
\035\131\232\101\261\274\107\200\334\236\142\303\371\243\201\262
\060\201\257\060\017\006\003\125\035\023\001\001\377\004\005\060
\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
\003\002\001\006\060\155\006\010\053\006\001\005\005\007\001\014
\004\141\060\137\241\135\240\133\060\131\060\127\060\125\026\011
\151\155\141\147\145\057\147\151\146\060\041\060\037\060\007\006
\005\053\016\003\002\032\004\024\217\345\323\032\206\254\215\216
\153\303\317\200\152\324\110\030\054\173\031\056\060\045\026\043
\150\164\164\160\072\057\057\154\157\147\157\056\166\145\162\151
\163\151\147\156\056\143\157\155\057\166\163\154\157\147\157\056
\147\151\146\060\035\006\003\125\035\016\004\026\004\024\263\026
\221\375\356\246\156\344\265\056\111\217\207\170\201\200\354\345
\261\265\060\012\006\010\052\206\110\316\075\004\003\003\003\150
\000\060\145\002\060\146\041\014\030\046\140\132\070\173\126\102
\340\247\374\066\204\121\221\040\054\166\115\103\075\304\035\204
\043\320\254\326\174\065\006\316\315\151\275\220\015\333\154\110
\102\035\016\252\102\002\061\000\234\075\110\071\043\071\130\032
\025\022\131\152\236\357\325\131\262\035\122\054\231\161\315\307
\051\337\033\052\141\173\161\321\336\363\300\345\015\072\112\252
\055\247\330\206\052\335\056\020
END
# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\042\325\330\337\217\002\061\321\215\367\235\267\317\212\055\144
\311\077\154\072
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\072\122\341\347\375\157\072\343\157\363\157\231\033\371\042\101
END
CKA_ISSUER MULTILINE_OCTAL
\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145
\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
\165\164\150\157\162\151\164\171\040\055\040\107\064
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207
\254\263
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
--- NEW FILE certdata2pem.py ---
#!/usr/bin/python
# vim:set et sw=4:
#
# certdata2pem.py - splits certdata.txt into multiple files
#
# Copyright (C) 2009 Philipp Kern <pkern at debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
# USA.
import base64
import os.path
import re
import sys
import textwrap
objects = []
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
field, type, value, obj = None, None, None, dict()
for line in open('certdata.txt', 'r'):
# Ignore the file header.
if not in_data:
if line.startswith('BEGINDATA'):
in_data = True
continue
# Ignore comment lines.
if line.startswith('#'):
continue
# Empty lines are significant if we are inside an object.
if in_obj and len(line.strip()) == 0:
objects.append(obj)
obj = dict()
in_obj = False
continue
if len(line.strip()) == 0:
continue
if in_multiline:
if not line.startswith('END'):
if type == 'MULTILINE_OCTAL':
line = line.strip()
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
value += chr(int(i.group(1), 8))
else:
value += line
continue
obj[field] = value
in_multiline = False
continue
if line.startswith('CKA_CLASS'):
in_obj = True
line_parts = line.strip().split(' ', 2)
if len(line_parts) > 2:
field, type = line_parts[0:2]
value = ' '.join(line_parts[2:])
elif len(line_parts) == 2:
field, type = line_parts
value = None
else:
raise NotImplementedError, 'line_parts < 2 not supported.'
if type == 'MULTILINE_OCTAL':
in_multiline = True
value = ""
continue
obj[field] = value
if len(obj.items()) > 0:
objects.append(obj)
# Read blacklist.
blacklist = []
if os.path.exists('blacklist.txt'):
for line in open('blacklist.txt', 'r'):
line = line.strip()
if line.startswith('#') or len(line) == 0:
continue
item = line.split('#', 1)[0].strip()
blacklist.append(item)
# Build up trust database.
trust = dict()
for obj in objects:
if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST':
continue
if obj['CKA_LABEL'] in blacklist:
print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED':
print '!'*74
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
print '!'*74
else:
print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
obj['CKA_TRUST_EMAIL_PROTECTION'])
def label_to_filename(label):
label = label.replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\
.replace(')', '=')\
.replace(',', '_') + '.crt'
return re.sub(r'\\x[0-9a-fA-F]{2}', lambda m:chr(int(m.group(0)[2:], 16)), label)
for obj in objects:
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
fname = label_to_filename(obj['CKA_LABEL'][1:-1])
f = open(fname, 'w')
f.write("-----BEGIN CERTIFICATE-----\n")
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
f.write("\n-----END CERTIFICATE-----\n")
Index: ca-certificates.spec
===================================================================
RCS file: /cvs/extras/rpms/ca-certificates/devel/ca-certificates.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- ca-certificates.spec 24 Jul 2009 18:34:22 -0000 1.8
+++ ca-certificates.spec 15 Jan 2010 17:11:52 -0000 1.9
@@ -6,16 +6,17 @@
Summary: The Mozilla CA root certificate bundle
Name: ca-certificates
-Version: 2009
-Release: 2%{?dist}
+Version: 2010
+Release: 1%{?dist}
License: Public Domain
Group: System Environment/Base
URL: http://www.mozilla.org/
-Source0: ca-bundle.crt
-Source1: generate-cacerts.pl
-Source2: mkcabundle.pl
+Source0: certdata.txt
+Source1: blacklist.txt
+Source2: generate-cacerts.pl
+Source3: certdata2pem.py
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: perl, java-openjdk
+BuildRequires: perl, java-openjdk, python
BuildArch: noarch
%description
@@ -24,11 +25,30 @@ Mozilla Foundation for use with the Inte
%prep
rm -rf %{name}
-mkdir %{name}
+mkdir %{name} %{name}/certs
%build
+pushd %{name}/certs
+ cp %{SOURCE0} %{SOURCE1} .
+ python %{SOURCE3}
+popd
pushd %{name}
- %{__perl} %{SOURCE1} %{_bindir}/keytool %{SOURCE0}
+ (
+ cat <<EOF
+# This is a bundle of X.509 certificates of public Certificate
+# Authorities. It was generated from the Mozilla root CA list.
+#
+# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+#
+# Generated from:
+EOF
+ ident -q %{SOURCE0} | sed '1d;s/^/#/';
+ echo '#';
+ for f in certs/*.crt; do
+ openssl x509 -text -in "$f"
+ done;
+ ) > ca-bundle.crt
+ %{__perl} %{SOURCE2} %{_bindir}/keytool ca-bundle.crt
touch -r %{SOURCE0} cacerts
popd
@@ -37,8 +57,9 @@ rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT{%{pkidir}/tls/certs,%{pkidir}/java}
-install -p -m 644 %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
+install -p -m 644 ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/cert.pem
+touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
# Install Java cacerts file.
mkdir -p -m 700 $RPM_BUILD_ROOT%{pkidir}/java
@@ -57,6 +78,9 @@ rm -rf $RPM_BUILD_ROOT
%{pkidir}/tls/cert.pem
%changelog
+* Mon Jan 11 2010 Joe Orton <jorton at redhat.com> - 2010-1
+- adopt Python certdata.txt parsing script from Debian
+
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2009-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- Previous message: rpms/qscintilla/devel .cvsignore, 1.9, 1.10 qscintilla.spec, 1.35, 1.36 sources, 1.9, 1.10 QScintilla-gpl-2.4-autocomplete_popup.patch, 1.2, NONE
- Next message: rpms/perl-Jemplate/devel Jemplate-0.23-fix-quoted-test.patch, NONE, 1.1 perl-Jemplate.spec, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list