Page MenuHomeSolus

Update ca-certs to 20190903 and switch to ypkg format
Needs ReviewPublic

Authored by livingsilver94 on Fri, Sep 6, 1:21 PM.

Details

Summary

Update ca-certs to 20190903 and switch to ypkg format.
Fixes T5937.

Test Plan

System still works.
No errors returned from openssl s_client -connect getsol.us:443 and GET /.
curl correctly finds certificates.

Diff Detail

Repository
R478 ca-certs
Branch
master
Lint
No Linters Available
Unit
No Unit Test Coverage

Event Timeline

livingsilver94 created this revision.Fri, Sep 6, 1:21 PM
livingsilver94 requested review of this revision.Fri, Sep 6, 1:21 PM

Since c_rehash is called within package.yml, probably the usysconf hook is now useless, right?

DataDrake requested changes to this revision.Fri, Sep 6, 2:08 PM
DataDrake added a subscriber: DataDrake.

Since c_rehash is called within package.yml, probably the usysconf hook is now useless, right?

No, it's needed when adding additional cert authorities to the system. If anything, I'd rather you not do that in the package.yml and leave it to usysconf post-install.

Beyond that, I need to see a before and after of the file listing because there was none in the old pspec.

This revision now requires changes to proceed.Fri, Sep 6, 2:08 PM
livingsilver94 edited the test plan for this revision. (Show Details)Fri, Sep 6, 2:09 PM

Leave the dirty work to usysconf

"Original list", 149 files:

❯ grep -hr . -e 'Subject:'        
        Subject: C=US, O=SecureTrust Corporation, CN=Secure Global CA
        Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
        Subject: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu
        Subject: C=CN, O=UniTrust, CN=UCA Global G2 Root
        Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
        Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
        Subject: C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
        Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email
        Subject: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
        Subject: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
        Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
        Subject: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
        Subject: C=US, O=AffirmTrust, CN=AffirmTrust Networking
        Subject: C=TW, O=Government Root Certification Authority
        Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X1
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 2 Public Primary Certification Authority - G6
        Subject: C=ES, O=IZENPE S.A., CN=Izenpe.com
        Subject: C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA
        Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
        Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3
        Subject: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA
        Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R3
        Subject: C=US, O=Amazon, CN=Amazon Root CA 2
        Subject: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2
        Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
        Subject: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
        Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
        Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
        Subject: C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1
        Subject: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
        Subject: C=US, O=SecureTrust Corporation, CN=SecureTrust CA
        Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
        Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
        Subject: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
        Subject: C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
        Subject: C=US, O=Amazon, CN=Amazon Root CA 1
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
        Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
        Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
        Subject: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
        Subject: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
        Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
        Subject: CN=Atos TrustedRoot 2011, O=Atos, C=DE
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
        Subject: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
        Subject: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015
        Subject: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
        Subject: C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
        Subject: C=FI, O=Sonera, CN=Sonera Class2 CA
        Subject: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011
        Subject: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
        Subject: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
        Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
        Subject: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
        Subject: C=US, O=Amazon, CN=Amazon Root CA 4
        Subject: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
        Subject: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA
        Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R1
        Subject: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
        Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
        Subject: O=Cybertrust, Inc, CN=Cybertrust Global Root
        Subject: C=US, O=AffirmTrust, CN=AffirmTrust Commercial
        Subject: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
        Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
        Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
        Subject: C=TR, L=Ankara, O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
        Subject: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA/emailAddress=pki@sk.ee
        Subject: C=US, O=Amazon, CN=Amazon Root CA 3
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 2 Public Primary Certification Authority - G4
        Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
        Subject: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
        Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
        Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R4
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
        Subject: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2
        Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
        Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
        Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
        Subject: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
        Subject: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
        Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
        Subject: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
        Subject: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
        Subject: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
        Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R2
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 1 Public Primary Certification Authority - G6
        Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
        Subject: O=TeliaSonera, CN=TeliaSonera Root CA v1
        Subject: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2
        Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2
        Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
        Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
        Subject: OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2
        Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC
        Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
        Subject: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
        Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
        Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
        Subject: C=CN, O=UniTrust, CN=UCA Extended Validation Root
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
        Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA
        Subject: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
        Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
        Subject: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 1 Public Primary Certification Authority - G4
        Subject: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
        Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
        Subject: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
        Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium
        Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-1
        Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
        Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root
        Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
        Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
        Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
        Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
        Subject: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2
        Subject: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
        Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
        Subject: C=FR, O=Certplus, CN=Class 2 Primary CA
        Subject: C=HU, L=Budapest, O=NetLock Kft., OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services), CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
        Subject: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
        Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor ECA-1
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3
        Subject: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA
        Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
        Subject: C=RO, O=certSIGN, OU=certSIGN ROOT CA
        Subject: C=FR, O=Dhimyotis, CN=Certigna
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
        Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root CA 3 2013
        Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
        Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-2

"New list", 139 files:

❯ find /etc/ssl/certs -name '*.pem'
/etc/ssl/certs/thawte_Primary_Root_CA.pem
/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
/etc/ssl/certs/GTS_Root_R1.pem
/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.pem
/etc/ssl/certs/GTS_Root_R2.pem
/etc/ssl/certs/USERTrust_ECC_Certification_Authority.pem
/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.pem
/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.pem
/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem
/etc/ssl/certs/certSIGN_ROOT_CA.pem
/etc/ssl/certs/AC_RAIZ_FNMT-RCM.pem
/etc/ssl/certs/SecureTrust_CA.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem
/etc/ssl/certs/E-Tugra_Certification_Authority.pem
/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
/etc/ssl/certs/QuoVadis_Root_CA_3_G3.pem
/etc/ssl/certs/NetLock_Arany_(Class_Gold)_FÅ?tanúsítvány.pemm
/etc/ssl/certs/QuoVadis_Root_CA.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority.pem
/etc/ssl/certs/AffirmTrust_Premium.pem
/etc/ssl/certs/EC-ACC.pem
/etc/ssl/certs/Certum_Trusted_Network_CA_2.pem
/etc/ssl/certs/Security_Communication_RootCA2.pem
/etc/ssl/certs/DigiCert_Global_Root_G2.pem
/etc/ssl/certs/TeliaSonera_Root_CA_v1.pem
/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.pem
/etc/ssl/certs/CFCA_EV_ROOT.pem
/etc/ssl/certs/ACCVRAIZ1.pem
/etc/ssl/certs/AffirmTrust_Premium_ECC.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.pem
/etc/ssl/certs/Atos_TrustedRoot_2011.pem
/etc/ssl/certs/DigiCert_Global_Root_G3.pem
/etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem
/etc/ssl/certs/Go_Daddy_Class_2_CA.pem
/etc/ssl/certs/Network_Solutions_Certificate_Authority.pem
/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
/etc/ssl/certs/LuxTrust_Global_Root_2.pem
/etc/ssl/certs/emSign_Root_CA_-_C1.pem
/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
/etc/ssl/certs/COMODO_ECC_Certification_Authority.pem
/etc/ssl/certs/ePKI_Root_Certification_Authority.pem
/etc/ssl/certs/Amazon_Root_CA_3.pem
/etc/ssl/certs/Amazon_Root_CA_2.pem
/etc/ssl/certs/SwissSign_Gold_CA_-_G2.pem
/etc/ssl/certs/UCA_Global_G2_Root.pem
/etc/ssl/certs/TrustCor_ECA-1.pem
/etc/ssl/certs/thawte_Primary_Root_CA_-_G3.pem
/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
/etc/ssl/certs/Hongkong_Post_Root_CA_3.pem
/etc/ssl/certs/Certplus_Class_2_Primary_CA.pem
/etc/ssl/certs/Actalis_Authentication_Root_CA.pem
/etc/ssl/certs/thawte_Primary_Root_CA_-_G2.pem
/etc/ssl/certs/Comodo_AAA_Services_root.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.pem
/etc/ssl/certs/Certum_Trusted_Network_CA.pem
/etc/ssl/certs/SwissSign_Silver_CA_-_G2.pem
/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem
/etc/ssl/certs/CA_Disig_Root_R2.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.pem
/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.pem
/etc/ssl/certs/AffirmTrust_Networking.pem
/etc/ssl/certs/TrustCor_RootCert_CA-1.pem
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.pem
/etc/ssl/certs/UCA_Extended_Validation_Root.pem
/etc/ssl/certs/Secure_Global_CA.pem
/etc/ssl/certs/TWCA_Root_Certification_Authority.pem
/etc/ssl/certs/Buypass_Class_3_Root_CA.pem
/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.pem
/etc/ssl/certs/GlobalSign_Root_CA_-_R6.pem
/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
/etc/ssl/certs/DigiCert_Global_Root_CA.pem
/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.pem
/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem
/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.pem
/etc/ssl/certs/DST_Root_CA_X3.pem
/etc/ssl/certs/QuoVadis_Root_CA_2.pem
/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem
/etc/ssl/certs/SZAFIR_ROOT_CA2.pem
/etc/ssl/certs/Amazon_Root_CA_1.pem
/etc/ssl/certs/Cybertrust_Global_Root.pem
/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
/etc/ssl/certs/QuoVadis_Root_CA_3.pem
/etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.pem
/etc/ssl/certs/AddTrust_External_Root.pem
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem
/etc/ssl/certs/emSign_Root_CA_-_G1.pem
/etc/ssl/certs/OISTE_WISeKey_Global_Root_GA_CA.pem
/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.pem
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G2.pem
/etc/ssl/certs/QuoVadis_Root_CA_1_G3.pem
/etc/ssl/certs/GeoTrust_Universal_CA.pem
/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem
/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.pem
/etc/ssl/certs/Hongkong_Post_Root_CA_1.pem
/etc/ssl/certs/Certigna.pem
/etc/ssl/certs/Sonera_Class_2_Root_CA.pem
/etc/ssl/certs/Security_Communication_Root_CA.pem
/etc/ssl/certs/XRamp_Global_CA_Root.pem
/etc/ssl/certs/Trustis_FPS_Root_CA.pem
/etc/ssl/certs/COMODO_Certification_Authority.pem
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.pem
/etc/ssl/certs/COMODO_RSA_Certification_Authority.pem
/etc/ssl/certs/Starfield_Class_2_CA.pem
/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.pem
/etc/ssl/certs/GTS_Root_R3.pem
/etc/ssl/certs/Chambers_of_Commerce_Root_-_2008.pem
/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.pem
/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.pem
/etc/ssl/certs/Taiwan_GRCA.pem
/etc/ssl/certs/EE_Certification_Centre_Root_CA.pem
/etc/ssl/certs/GlobalSign_Root_CA.pem
/etc/ssl/certs/Global_Chambersign_Root_-_2008.pem
/etc/ssl/certs/SecureSign_RootCA11.pem
/etc/ssl/certs/AffirmTrust_Commercial.pem
/etc/ssl/certs/Amazon_Root_CA_4.pem
/etc/ssl/certs/GeoTrust_Universal_CA_2.pem
/etc/ssl/certs/Buypass_Class_2_Root_CA.pem
/etc/ssl/certs/Izenpe.com.pem
/etc/ssl/certs/DigiCert_Trusted_Root_G4.pem
/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.pem
/etc/ssl/certs/Baltimore_CyberTrust_Root.pem
/etc/ssl/certs/Certigna_Root_CA.pem
/etc/ssl/certs/GeoTrust_Global_CA.pem
/etc/ssl/certs/QuoVadis_Root_CA_2_G3.pem
/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem
/etc/ssl/certs/TrustCor_RootCert_CA-2.pem
/etc/ssl/certs/GTS_Root_R4.pem
/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem
/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.pem
/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.pem
/etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem
/etc/ssl/certs/TWCA_Global_Root_CA.pem
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.pem
/etc/ssl/certs/ISRG_Root_X1.pem

convert_mozilla_certdata.go by default skips untrusted certificates. You can include them by passing a flag.

I ran into an issue with curl (error="curl: Problem with the SSL CA cert (path? access rights?)"). I'll fix it.

livingsilver94 edited the test plan for this revision. (Show Details)Sat, Sep 7, 11:28 AM