1 files changed, 10 insertions, 20 deletions

diff --git a/mozilla/blacklist.txt b/mozilla/blacklist.txt
index 6ea1732..37f515c 100644
--- a/mozilla/blacklist.txt
+++ b/mozilla/blacklist.txt
@@ -1,23 +1,13 @@
 # One blacklist entry per line, corresponding to the label in certdata.txt.
 
-# MD5 Collision Proof of Concept CA
-"MD5 Collisions Forged Rogue CA 25c3"
+# Blacklist explicitly distrusted certificates to explicitly ignore them and prevent build errors
+"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
+"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
+"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
+"Explicitly Distrust DigiNotar Root CA"
+"Explicitly Distrusted DigiNotar PKIoverheid G2"
+"MITM subCA 1 issued by Trustwave"
+"MITM subCA 2 issued by Trustwave"
+"TURKTRUST Mis-issued Intermediate CA 1"
+"TURKTRUST Mis-issued Intermediate CA 2"
 
-# DigiNotar Root CA (see debbug#639744)
-"DigiNotar Root CA"
-
-# StartCom and WoSign certificates are now untrusted by the major browser
-# vendors[0]. See [1] for discussion. The list was generated by:
-#
-#   $ egrep 'WoSign|StartCom' mozilla/certdata.txt \
-#         | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq
-#
-# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
-# [1] https://bugs.debian.org/858539
-#
-"StartCom Certification Authority"
-"StartCom Certification Authority G2"
-"WoSign"
-"WoSign China"
-"Certification Authority of WoSign G2"
-"CA WoSign ECC Root"