diff options
Diffstat (limited to 'mozilla/blacklist.txt')
| -rw-r--r-- | mozilla/blacklist.txt | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/mozilla/blacklist.txt b/mozilla/blacklist.txt index 911f9f1..6ea1732 100644 --- a/mozilla/blacklist.txt +++ b/mozilla/blacklist.txt @@ -5,3 +5,19 @@ # DigiNotar Root CA (see debbug#639744) "DigiNotar Root CA" + +# StartCom and WoSign certificates are now untrusted by the major browser +# vendors[0]. See [1] for discussion. The list was generated by: +# +# $ egrep 'WoSign|StartCom' mozilla/certdata.txt \ +# | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq +# +# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ +# [1] https://bugs.debian.org/858539 +# +"StartCom Certification Authority" +"StartCom Certification Authority G2" +"WoSign" +"WoSign China" +"Certification Authority of WoSign G2" +"CA WoSign ECC Root" |