Page MenuHomeSolus
Differential D7096

Update ca-certs to 20200513 and switch to ypkg format
ClosedPublic
Actions

Authored by livingsilver94 on Sep 6 2019, 1:21 PM.
Tags
None
Referenced Files
F11073643: D7096.id21332.diff
Sat, Aug 12, 4:44 AM
F11073642: D7096.id21291.diff
Sat, Aug 12, 4:44 AM
F11073641: D7096.id21292.diff
Sat, Aug 12, 4:44 AM
F11055133: D7096.diff
Fri, Aug 11, 1:32 AM
F11041288: D7096.id21291.diff
Thu, Aug 10, 4:13 AM
F10852458: D7096.id21568.diff
Jun 13 2023, 12:30 AM
F10850881: D7096.id17025.diff
Jun 12 2023, 7:46 AM
F10848612: D7096.id21291.diff
Jun 11 2023, 3:57 PM
View All 18 Files
Subscribers
DataDrake
Tokens
"Burninate" token, awarded by YakoYakoYokuYoku."Yellow Medal" token, awarded by kyrios123.

Details

Reviewers
DataDrake
Group Reviewers
Triage Team
Maniphest Tasks
T5937: Rename Certificates in /etc/ssl/certs to non cryptical names
Commits
R478:39c7de40fe79: Update ca-certs to 20200513 and switch to ypkg format
Summary

Update ca-certs to 20200513 and switch to ypkg format.
Fixes T5937.

Test Plan

System still works.
No errors returned from openssl s_client -connect getsol.us:443 and GET /.
curl correctly finds certificates.

Diff Detail

Repository
R478 ca-certs
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

livingsilver94 created this revision.Sep 6 2019, 1:21 PM
Herald added a reviewer: Triage Team. · View Herald TranscriptSep 6 2019, 1:21 PM
livingsilver94 requested review of this revision.Sep 6 2019, 1:21 PM
livingsilver94 added a comment.Sep 6 2019, 1:22 PM

Since c_rehash is called within package.yml, probably the usysconf hook is now useless, right?

livingsilver94 edited the summary of this revision. (Show Details)Sep 6 2019, 1:23 PM
livingsilver94 added a task: T5937: Rename Certificates in /etc/ssl/certs to non cryptical names.
DataDrake requested changes to this revision.Sep 6 2019, 2:08 PM
DataDrake added a subscriber: DataDrake.
In D7096#112456, @livingsilver94 wrote:

Since c_rehash is called within package.yml, probably the usysconf hook is now useless, right?

No, it's needed when adding additional cert authorities to the system. If anything, I'd rather you not do that in the package.yml and leave it to usysconf post-install.

Beyond that, I need to see a before and after of the file listing because there was none in the old pspec.

This revision now requires changes to proceed.Sep 6 2019, 2:08 PM
livingsilver94 edited the test plan for this revision. (Show Details)Sep 6 2019, 2:09 PM
livingsilver94 updated this revision to Diff 17038.Sep 6 2019, 6:44 PM

Leave the dirty work to usysconf

livingsilver94 added a comment.Sep 6 2019, 7:27 PM

"Original list", 149 files:

❯ grep -hr . -e 'Subject:'        
        Subject: C=US, O=SecureTrust Corporation, CN=Secure Global CA
        Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
        Subject: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu
        Subject: C=CN, O=UniTrust, CN=UCA Global G2 Root
        Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
        Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
        Subject: C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
        Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email
        Subject: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
        Subject: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
        Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
        Subject: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
        Subject: C=US, O=AffirmTrust, CN=AffirmTrust Networking
        Subject: C=TW, O=Government Root Certification Authority
        Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X1
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 2 Public Primary Certification Authority - G6
        Subject: C=ES, O=IZENPE S.A., CN=Izenpe.com
        Subject: C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA
        Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
        Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3
        Subject: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA
        Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R3
        Subject: C=US, O=Amazon, CN=Amazon Root CA 2
        Subject: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2
        Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
        Subject: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
        Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
        Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
        Subject: C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1
        Subject: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
        Subject: C=US, O=SecureTrust Corporation, CN=SecureTrust CA
        Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
        Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
        Subject: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
        Subject: C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
        Subject: C=US, O=Amazon, CN=Amazon Root CA 1
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
        Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
        Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
        Subject: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
        Subject: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
        Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
        Subject: CN=Atos TrustedRoot 2011, O=Atos, C=DE
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
        Subject: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
        Subject: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015
        Subject: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
        Subject: C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
        Subject: C=FI, O=Sonera, CN=Sonera Class2 CA
        Subject: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011
        Subject: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
        Subject: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
        Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
        Subject: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
        Subject: C=US, O=Amazon, CN=Amazon Root CA 4
        Subject: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
        Subject: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA
        Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R1
        Subject: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
        Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
        Subject: O=Cybertrust, Inc, CN=Cybertrust Global Root
        Subject: C=US, O=AffirmTrust, CN=AffirmTrust Commercial
        Subject: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
        Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
        Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
        Subject: C=TR, L=Ankara, O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
        Subject: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA/emailAddress=pki@sk.ee
        Subject: C=US, O=Amazon, CN=Amazon Root CA 3
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 2 Public Primary Certification Authority - G4
        Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
        Subject: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
        Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
        Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R4
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
        Subject: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2
        Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
        Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
        Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
        Subject: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
        Subject: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
        Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
        Subject: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
        Subject: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
        Subject: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
        Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R2
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 1 Public Primary Certification Authority - G6
        Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
        Subject: O=TeliaSonera, CN=TeliaSonera Root CA v1
        Subject: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2
        Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2
        Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
        Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
        Subject: OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2
        Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC
        Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
        Subject: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
        Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
        Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
        Subject: C=CN, O=UniTrust, CN=UCA Extended Validation Root
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
        Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA
        Subject: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
        Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
        Subject: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 1 Public Primary Certification Authority - G4
        Subject: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
        Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
        Subject: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
        Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium
        Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-1
        Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
        Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root
        Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
        Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
        Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
        Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
        Subject: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2
        Subject: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
        Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
        Subject: C=FR, O=Certplus, CN=Class 2 Primary CA
        Subject: C=HU, L=Budapest, O=NetLock Kft., OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services), CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
        Subject: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
        Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor ECA-1
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3
        Subject: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA
        Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
        Subject: C=RO, O=certSIGN, OU=certSIGN ROOT CA
        Subject: C=FR, O=Dhimyotis, CN=Certigna
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
        Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root CA 3 2013
        Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
        Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-2

"New list", 139 files:

❯ find /etc/ssl/certs -name '*.pem'
/etc/ssl/certs/thawte_Primary_Root_CA.pem
/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
/etc/ssl/certs/GTS_Root_R1.pem
/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.pem
/etc/ssl/certs/GTS_Root_R2.pem
/etc/ssl/certs/USERTrust_ECC_Certification_Authority.pem
/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.pem
/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.pem
/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem
/etc/ssl/certs/certSIGN_ROOT_CA.pem
/etc/ssl/certs/AC_RAIZ_FNMT-RCM.pem
/etc/ssl/certs/SecureTrust_CA.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem
/etc/ssl/certs/E-Tugra_Certification_Authority.pem
/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
/etc/ssl/certs/QuoVadis_Root_CA_3_G3.pem
/etc/ssl/certs/NetLock_Arany_(Class_Gold)_FÅ?tanúsítvány.pemm
/etc/ssl/certs/QuoVadis_Root_CA.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority.pem
/etc/ssl/certs/AffirmTrust_Premium.pem
/etc/ssl/certs/EC-ACC.pem
/etc/ssl/certs/Certum_Trusted_Network_CA_2.pem
/etc/ssl/certs/Security_Communication_RootCA2.pem
/etc/ssl/certs/DigiCert_Global_Root_G2.pem
/etc/ssl/certs/TeliaSonera_Root_CA_v1.pem
/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.pem
/etc/ssl/certs/CFCA_EV_ROOT.pem
/etc/ssl/certs/ACCVRAIZ1.pem
/etc/ssl/certs/AffirmTrust_Premium_ECC.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.pem
/etc/ssl/certs/Atos_TrustedRoot_2011.pem
/etc/ssl/certs/DigiCert_Global_Root_G3.pem
/etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem
/etc/ssl/certs/Go_Daddy_Class_2_CA.pem
/etc/ssl/certs/Network_Solutions_Certificate_Authority.pem
/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
/etc/ssl/certs/LuxTrust_Global_Root_2.pem
/etc/ssl/certs/emSign_Root_CA_-_C1.pem
/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
/etc/ssl/certs/COMODO_ECC_Certification_Authority.pem
/etc/ssl/certs/ePKI_Root_Certification_Authority.pem
/etc/ssl/certs/Amazon_Root_CA_3.pem
/etc/ssl/certs/Amazon_Root_CA_2.pem
/etc/ssl/certs/SwissSign_Gold_CA_-_G2.pem
/etc/ssl/certs/UCA_Global_G2_Root.pem
/etc/ssl/certs/TrustCor_ECA-1.pem
/etc/ssl/certs/thawte_Primary_Root_CA_-_G3.pem
/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
/etc/ssl/certs/Hongkong_Post_Root_CA_3.pem
/etc/ssl/certs/Certplus_Class_2_Primary_CA.pem
/etc/ssl/certs/Actalis_Authentication_Root_CA.pem
/etc/ssl/certs/thawte_Primary_Root_CA_-_G2.pem
/etc/ssl/certs/Comodo_AAA_Services_root.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.pem
/etc/ssl/certs/Certum_Trusted_Network_CA.pem
/etc/ssl/certs/SwissSign_Silver_CA_-_G2.pem
/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem
/etc/ssl/certs/CA_Disig_Root_R2.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.pem
/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.pem
/etc/ssl/certs/AffirmTrust_Networking.pem
/etc/ssl/certs/TrustCor_RootCert_CA-1.pem
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.pem
/etc/ssl/certs/UCA_Extended_Validation_Root.pem
/etc/ssl/certs/Secure_Global_CA.pem
/etc/ssl/certs/TWCA_Root_Certification_Authority.pem
/etc/ssl/certs/Buypass_Class_3_Root_CA.pem
/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.pem
/etc/ssl/certs/GlobalSign_Root_CA_-_R6.pem
/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
/etc/ssl/certs/DigiCert_Global_Root_CA.pem
/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.pem
/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem
/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.pem
/etc/ssl/certs/DST_Root_CA_X3.pem
/etc/ssl/certs/QuoVadis_Root_CA_2.pem
/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem
/etc/ssl/certs/SZAFIR_ROOT_CA2.pem
/etc/ssl/certs/Amazon_Root_CA_1.pem
/etc/ssl/certs/Cybertrust_Global_Root.pem
/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
/etc/ssl/certs/QuoVadis_Root_CA_3.pem
/etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.pem
/etc/ssl/certs/AddTrust_External_Root.pem
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem
/etc/ssl/certs/emSign_Root_CA_-_G1.pem
/etc/ssl/certs/OISTE_WISeKey_Global_Root_GA_CA.pem
/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.pem
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G2.pem
/etc/ssl/certs/QuoVadis_Root_CA_1_G3.pem
/etc/ssl/certs/GeoTrust_Universal_CA.pem
/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem
/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.pem
/etc/ssl/certs/Hongkong_Post_Root_CA_1.pem
/etc/ssl/certs/Certigna.pem
/etc/ssl/certs/Sonera_Class_2_Root_CA.pem
/etc/ssl/certs/Security_Communication_Root_CA.pem
/etc/ssl/certs/XRamp_Global_CA_Root.pem
/etc/ssl/certs/Trustis_FPS_Root_CA.pem
/etc/ssl/certs/COMODO_Certification_Authority.pem
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.pem
/etc/ssl/certs/COMODO_RSA_Certification_Authority.pem
/etc/ssl/certs/Starfield_Class_2_CA.pem
/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.pem
/etc/ssl/certs/GTS_Root_R3.pem
/etc/ssl/certs/Chambers_of_Commerce_Root_-_2008.pem
/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.pem
/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.pem
/etc/ssl/certs/Taiwan_GRCA.pem
/etc/ssl/certs/EE_Certification_Centre_Root_CA.pem
/etc/ssl/certs/GlobalSign_Root_CA.pem
/etc/ssl/certs/Global_Chambersign_Root_-_2008.pem
/etc/ssl/certs/SecureSign_RootCA11.pem
/etc/ssl/certs/AffirmTrust_Commercial.pem
/etc/ssl/certs/Amazon_Root_CA_4.pem
/etc/ssl/certs/GeoTrust_Universal_CA_2.pem
/etc/ssl/certs/Buypass_Class_2_Root_CA.pem
/etc/ssl/certs/Izenpe.com.pem
/etc/ssl/certs/DigiCert_Trusted_Root_G4.pem
/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.pem
/etc/ssl/certs/Baltimore_CyberTrust_Root.pem
/etc/ssl/certs/Certigna_Root_CA.pem
/etc/ssl/certs/GeoTrust_Global_CA.pem
/etc/ssl/certs/QuoVadis_Root_CA_2_G3.pem
/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem
/etc/ssl/certs/TrustCor_RootCert_CA-2.pem
/etc/ssl/certs/GTS_Root_R4.pem
/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem
/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.pem
/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.pem
/etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem
/etc/ssl/certs/TWCA_Global_Root_CA.pem
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.pem
/etc/ssl/certs/ISRG_Root_X1.pem
livingsilver94 added a comment.Sep 6 2019, 9:44 PM

convert_mozilla_certdata.go by default skips untrusted certificates. You can include them by passing a flag.

livingsilver94 added a comment.Sep 7 2019, 8:59 AM

I ran into an issue with curl (error="curl: Problem with the SSL CA cert (path? access rights?)"). I'll fix it.

livingsilver94 added a parent revision: D7109: Use CA path instead of a CA file.Sep 7 2019, 10:08 AM
livingsilver94 edited the test plan for this revision. (Show Details)Sep 7 2019, 11:28 AM
livingsilver94 added a comment.Sep 24 2019, 7:28 PM

There's no easy way to import multiple *.pem certificates in mono, so that opens two roads: either to ship the bundle along with the individual cert files, or to ship the bundle within the mono package only, leaving ca-certs alone.

livingsilver94 updated this revision to Diff 21290.May 13 2020, 11:36 AM

Update to 20200513

livingsilver94 updated this revision to Diff 21291.May 13 2020, 11:41 AM

Fix git commit history

livingsilver94 edited the summary of this revision. (Show Details)May 13 2020, 11:44 AM
livingsilver94 updated this revision to Diff 21292.May 13 2020, 11:46 AM

And remove leftovers

DataDrake accepted this revision.May 13 2020, 3:25 PM

LGTM. Thanks!

This revision is now accepted and ready to land.May 13 2020, 3:25 PM
livingsilver94 updated this revision to Diff 21332.May 13 2020, 8:57 PM

Generate certificate bundle

livingsilver94 retitled this revision from Update ca-certs to 20190903 and switch to ypkg format to Update ca-certs to 20200513 and switch to ypkg format.May 19 2020, 12:37 PM
kyrios123 awarded a token.May 19 2020, 1:27 PM
YakoYakoYokuYoku awarded a token.May 19 2020, 1:35 PM
Closed by commit R478:39c7de40fe79: Update ca-certs to 20200513 and switch to ypkg format (authored by livingsilver94, committed by DataDrake). · Explain WhyMay 30 2020, 12:48 PM
This revision was automatically updated to reflect the committed changes.
DataDrake added a commit: R478:39c7de40fe79: Update ca-certs to 20200513 and switch to ypkg format.

Revision Contents
Changeset List

Diff 21568

View Options

README

Loading...
View Options

actions.py

Loading...
View Options

comar/package.py

Loading...
View Options

component.xml

Loading...
View Options

files/build_certs.sh

Loading...
View Options

files/make-ca.sh

Loading...
View Options

files/make-cert.pl

Loading...
View Options

files/remove-expired-certs.sh

Loading...
View Options

package.yml

Loading...
View Options

pspec.xml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.