diff options
Diffstat (limited to 'mozilla/blacklist.txt')
-rw-r--r-- | mozilla/blacklist.txt | 30 |
1 files changed, 10 insertions, 20 deletions
diff --git a/mozilla/blacklist.txt b/mozilla/blacklist.txt index 6ea1732..37f515c 100644 --- a/mozilla/blacklist.txt +++ b/mozilla/blacklist.txt @@ -1,23 +1,13 @@ # One blacklist entry per line, corresponding to the label in certdata.txt. -# MD5 Collision Proof of Concept CA -"MD5 Collisions Forged Rogue CA 25c3" +# Blacklist explicitly distrusted certificates to explicitly ignore them and prevent build errors +"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)" +"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)" +"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)" +"Explicitly Distrust DigiNotar Root CA" +"Explicitly Distrusted DigiNotar PKIoverheid G2" +"MITM subCA 1 issued by Trustwave" +"MITM subCA 2 issued by Trustwave" +"TURKTRUST Mis-issued Intermediate CA 1" +"TURKTRUST Mis-issued Intermediate CA 2" -# DigiNotar Root CA (see debbug#639744) -"DigiNotar Root CA" - -# StartCom and WoSign certificates are now untrusted by the major browser -# vendors[0]. See [1] for discussion. The list was generated by: -# -# $ egrep 'WoSign|StartCom' mozilla/certdata.txt \ -# | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq -# -# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ -# [1] https://bugs.debian.org/858539 -# -"StartCom Certification Authority" -"StartCom Certification Authority G2" -"WoSign" -"WoSign China" -"Certification Authority of WoSign G2" -"CA WoSign ECC Root" |