| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
certdata2pem.py is incompatible the cryptography package version 2.
$ pip3 install -U cryptography~=2.0 # 2.9.2
...
$ python3 certdata2pem.py
...
Traceback (most recent call last):
File "certdata2pem.py", line 125, in <module>
cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
$ pip3 install -U cryptography~=3.0 # 3.4.8
...
$ python3 certdata2pem.py # ok
...
I think this should be noted in README.
cryptography>=35.0 is also incompatible:
$ pip3 install -U cryptography~=35.0
...
$ python3 certdata2pem.py
Traceback (most recent call last):
File "certdata2pem.py", line 125, in <module>
cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
File "/home/wsh/.local/lib/python3.8/site-packages/cryptography/x509/base.py", line 443, in load_der_x509_certificate
return rust_x509.load_der_x509_certificate(data)
TypeError: argument 'data': 'bytearray' object cannot be converted to 'PyBytes'
|
|
|
|
| |
Closes: #980821
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| | |
update-ca-certificates: compat with non-GNU mktemp(1)
See merge request debian/ca-certificates!8
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
BSD and BusyBox lacks --tmpdir support.
Emulate it with -p instead.
Close bugs #1000847
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
|
|/
|
|
|
|
|
|
|
|
| |
x509.not_valid_after returns naive UTC datetime and so does
datetime.utcnow(), so keep the time consistent when performing the
comparison.
Fixes: 8033d5225917 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
| |
|
|
|
|
| |
[jcristau: also make the restorecon call conditional]
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bundle to version 2.50
The following certificate authorities were added (+):
+ "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
+ "GlobalSign Root R46"
+ "GlobalSign Root E46"
+ "GLOBALTRUST 2020"
+ "ANF Secure Server Root CA"
+ "Certum EC-384 CA"
+ "Certum Trusted Root CA"
The following certificate authorities were removed (-):
- "QuoVadis Root CA"
- "Sonera Class 2 Root CA"
- "GeoTrust Primary Certification Authority - G2"
- "VeriSign Universal Root Certification Authority"
- "Chambers of Commerce Root - 2008"
- "Global Chambersign Root - 2008"
- "Trustis FPS Root CA"
- "Staat der Nederlanden Root CA - G3"
|
|\
| |
| |
| |
| | |
ca-certificates: Two small updates
See merge request debian/ca-certificates!5
|
| |
| |
| |
| |
| |
| |
| | |
According to coreutils docs, mktemp -t is deprecated, switch to the
--tmpdir option instead.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|/
|
|
|
|
|
|
|
| |
Some project sharing ca-certificates from Debian allow configuration
of the installation location. Make the sbin location configurable.
Also ensure the target directory exists
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
It would previously go missing for a short while (closes: #920348).
Thanks, Dimitris Aragiorgis!
|
|
|
|
| |
Closes: #923784
|
|
|
|
|
| |
Fixes: lintian: debian-changelog-has-wrong-day-of-week
See-also: https://lintian.debian.org/tags/debian-changelog-has-wrong-day-of-week.html
|
| |
|
|
|
|
| |
These entries are no longer present in certdata.txt.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following certificate authorities were added (+):
+ "certSIGN ROOT CA G2"
+ "e-Szigno Root CA 2017"
+ "Microsoft ECC Root Certificate Authority 2017"
+ "Microsoft RSA Root Certificate Authority 2017"
+ "NAVER Global Root Certification Authority"
+ "Trustwave Global Certification Authority"
+ "Trustwave Global ECC P256 Certification Authority"
+ "Trustwave Global ECC P384 Certification Authority"
The following certificate authorities were removed (-):
- "EE Certification Centre Root CA"
- "GeoTrust Universal CA 2"
- "LuxTrust Global Root 2"
- "OISTE WISeKey Global Root GA CA"
- "Staat der Nederlanden Root CA - G2"
- "Taiwan GRCA"
- "Verisign Class 3 Public Primary Certification Authority - G3"
|
| |
|
|
|
|
| |
This reverts commit 1efe81a680eedb94111716c8825290a0cde509af.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This should prevent `openssl rehash` from exiting with an error on a
symlink with nonexistent target, since the behavior changed from c_rehash.
See #895482, #895473.
|
|
|
|
|
|
|
| |
This reverts commit 1ef0fd15cc77c854e79a4f599d5228a67548ab87.
While this worked great to fix the error, it also broke the counting on
upgrade for how many certificates were removed.. (-_-)
|
|
|
|
|
|
| |
This should prevent `openssl rehash` from exiting with an error on a
symlink with nonexistent target, since the behavior changed from c_rehash.
See #895482, #895473.
|
|
|
|
| |
Follow symlinks to stat the correct permissions and ownership - 916833
|
| |
|