summaryrefslogtreecommitdiff
path: root/mozilla
Commit message (Collapse)AuthorAgeFilesLines
* Update Mozilla certificate authority bundle to version 2.52Julien Cristau2022-01-113-2/+778
|
* Blacklist expired CAsJulien Cristau2022-01-111-0/+2
|
* mozilla/certdata2pem.py: use UTC time when checking cert validityIlya Lipnitskiy2021-12-141-1/+1
| | | | | | | | | | x509.not_valid_after returns naive UTC datetime and so does datetime.utcnow(), so keep the time consistent when performing the comparison. Fixes: 8033d5225917 ("mozilla/certdata2pem.py: print a warning for expired certificates.") Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> Signed-off-by: Julien Cristau <jcristau@debian.org>
* mozilla/certdata2pem.py: print a warning for expired certificates.Julien Cristau2021-10-041-0/+11
|
* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)Julien Cristau2021-10-041-0/+3
|
* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority ↵Julien Cristau2021-10-042-767/+1367
| | | | | | | | | | | | | | | | | | | | | | | bundle to version 2.50 The following certificate authorities were added (+): + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" + "GlobalSign Root R46" + "GlobalSign Root E46" + "GLOBALTRUST 2020" + "ANF Secure Server Root CA" + "Certum EC-384 CA" + "Certum Trusted Root CA" The following certificate authorities were removed (-): - "QuoVadis Root CA" - "Sonera Class 2 Root CA" - "GeoTrust Primary Certification Authority - G2" - "VeriSign Universal Root Certification Authority" - "Chambers of Commerce Root - 2008" - "Global Chambersign Root - 2008" - "Trustis FPS Root CA" - "Staat der Nederlanden Root CA - G3"
* Remove obsolete items from the blacklistJulien Cristau2021-01-191-7/+0
| | | | These entries are no longer present in certdata.txt.
* Update Mozilla certificate authority bundle to version 2.46Julien Cristau2021-01-192-3053/+1212
| | | | | | | | | | | | | | | | | | | | | | | The following certificate authorities were added (+): + "certSIGN ROOT CA G2" + "e-Szigno Root CA 2017" + "Microsoft ECC Root Certificate Authority 2017" + "Microsoft RSA Root Certificate Authority 2017" + "NAVER Global Root Certification Authority" + "Trustwave Global Certification Authority" + "Trustwave Global ECC P256 Certification Authority" + "Trustwave Global ECC P384 Certification Authority" The following certificate authorities were removed (-): - "EE Certification Centre Root CA" - "GeoTrust Universal CA 2" - "LuxTrust Global Root 2" - "OISTE WISeKey Global Root GA CA" - "Staat der Nederlanden Root CA - G2" - "Taiwan GRCA" - "Verisign Class 3 Public Primary Certification Authority - G3"
* Revert "Set release 20200601; add Symantec CAs to blacklist"Michael Shuler2020-06-111-23/+0
| | | | This reverts commit 1efe81a680eedb94111716c8825290a0cde509af.
* Grab Ubuntu patch to make the package compatible and building with Python3Matthias Klose2020-06-032-2/+2
|
* Fix typo on AddTrust CNdebian/20200601archive/debian/20200601Michael Shuler2020-06-011-1/+1
|
* Blacklist expired root certificate, "AddTrust External CA Root"Michael Shuler2020-06-011-0/+4
|
* Set release 20200601; add Symantec CAs to blacklistMichael Shuler2020-06-011-0/+22
|
* Update Mozilla CA bundle to 2.40Michael Shuler2020-01-182-798/+1190
|
* Update Mozilla CA bundle to 2.30Michael Shuler2019-01-102-890/+1038
|
* Update Mozilla CA bundle to 2.28Michael Shuler2018-12-202-745/+290
|
* Update mozilla/blacklist.txtMichael Shuler2018-03-291-20/+10
| | | | | - remove certificates no longer in certdata.txt - explicitly ignore distrusted certificates to prevent build errors
* Update Mozilla CA bundle to 2.22Michael Shuler2018-03-292-5699/+1286
|
* Update Mozilla CA bundle to 2.16Michael Shuler2017-08-142-1898/+96
|
* Remove email-only roots from mozilla trust storeJacob Hoffman-Andrews2017-07-181-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | These roots are trusted in the Mozilla program only for S/MIME, so should not be included in ca-certificates, which most applications use to validate TLS certificates. Per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721976, the only MUAs that depend on or suggest ca-certificates are Mutt and Sylpheed. Sylpheed doesn't use ca-certificates for S/MIME. Mutt does, but I think it is still safe to remove thes because: (a) S/MIME is relatively uncommon, and (b) The CAs that have both TLS and S/MIME bits will continue to work, and (c) Nearly all of the 12 removed email-only CAs have ceased operation of their email certificate services Verisign Class 1 Public Primary Certification Authority - G3 Verisign Class 2 Public Primary Certification Authority - G3 UTN USERFirst Email Root CA SwissSign Platinum CA - G2 AC Raiz Certicamara S.A. TC TrustCenter Class 3 CA II ComSign CA S-TRUST Universal Root CA Symantec Class 1 Public Primary Certification Authority - G6 Symantec Class 2 Public Primary Certification Authority - G6 Symantec Class 1 Public Primary Certification Authority - G4 Symantec Class 2 Public Primary Certification Authority - G4
* Update Mozilla CA bundle to 2.14Michael Shuler2017-07-172-677/+499
|
* merge in NMU for #858539debian/20161130+nmu1Antoine Beaupré2017-07-061-0/+16
|
* Update Mozilla CA bundle to 2.11Michael Shuler2017-01-232-1821/+1381
|
* Update Mozilla CA bundle to 2.9Michael Shuler2016-11-022-122/+1184
|
* Update Mozilla CA bundle to 2.7Michael Shuler2016-08-162-1437/+318
|
* Drop old CK*_NETSCAPE trust flag checksMichael Shuler2015-12-161-7/+4
|
* Update mozilla bundle to 2.6 (NSS 3.21)Michael Shuler2015-12-142-1349/+384
|
* Add Python 3 support to ca-certificates.Michael Shuler2015-11-241-16/+41
| | | | Thanks to Andrew Wilcox and Richard Ipsum for the patch! Closes: #789753
* Revert "Add Python 3 support to ca-certificates."Michael Shuler2015-10-221-19/+13
| | | | | | | This reverts commit a2fa9a13815894500e1e2d9ca3d52bfdd4f75b5a. Conflicts: debian/changelog
* Add Python 3 support to ca-certificates.Michael Shuler2015-10-221-13/+19
| | | | Thanks to Andrew Wilcox for the patch! Closes: #789753
* Update Mozilla CA bundle to version 2.5 (DEV branch)Michael Shuler2015-07-092-762/+488
|
* Update Mozilla CA bundle to 2.4 and release 20150426debian/20150426Michael Shuler2015-04-262-149/+1419
|
* Update Mozilla certificate authority bundle to version 2.2.Michael Shuler2014-11-192-727/+896
|
* Update mozilla/certdata.txt to version 2.1Michael Shuler2014-08-072-2/+279
| | | | They take them out, put them back, take them out again, put them back..
* Update mozilla/certdata.txt to version 2.0Michael Shuler2014-07-072-866/+1502
|
* Update mozilla/certdata.txt to version 1.98Michael Shuler2014-04-122-184/+2
| | | | | This update only removes an untrusted cert for "Bogus kuix.de", which was used for testing by mozilla.
* Update mozilla/certdata.txt to version 1.97+revert_of_936304Michael Shuler2014-03-251-4/+857
|
* Fix certdata2pem.py for multiple CAs using the same CKA_LABELMichael Shuler2014-02-231-3/+7
|
* Update mozilla/certdata.txt to 1.97 (TODO: list/NEWS)Michael Shuler2014-02-072-1027/+625
|
* Update mozilla/certdata.txt to 1.96Michael Shuler2013-12-092-2/+2354
|
* Add updated nssckbi.h for version 1.95..Michael Shuler2013-11-251-2/+2
|
* Update mozilla/certdata.txt to version 1.95Michael Shuler2013-11-151-133/+534
| | | | | | | | Certificates added (+) and removed (-): + "SG TRUST SERVICES RACINE" + "ACCVRAIZ1" + "TWCA Global Root CA" - "Wells Fargo Root CA"
* Move README.source from mozilla/ to debian/, add dev branchMichael Shuler2013-08-311-17/+0
|
* Update mozilla/certdata.txt to NSS version 1.94Michael Shuler2013-08-313-155/+1665
| | | | | | | - Include mozilla/nssckbi.h which contains the version number, since it is no longer contained within certdata.txt - Include mozilla/README.source to document certdata.txt / nssckbi.h locations upstream
* Remove elderly mozilla/certdata2pem.rbMichael Shuler2013-05-151-36/+0
|
* Update mozilla/certdata.txt to version 1.87 Closes: #697366Michael Shuler2013-01-091-166/+69
| | | | - removes CA: "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
* Revert "Blacklist TÜRKTRUST CA."Thijs Kinkhorst2013-01-041-4/+0
| | | | | | | At this point it's unsure if this drastic measure is warranted. The major browsers are not revoking the TÜRKTRUST roots. This reverts commit 96c279e8e121c332a0f00b0cbae00a3fa814e46b.
* Blacklist TÜRKTRUST CA.Thijs Kinkhorst2013-01-031-0/+4
|
* Update mozilla/certdata.txt to version 1.86Michael Shuler2012-11-031-1/+459
| | | | | | | Certificates added (+) (none removed): + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" + "T-TeleSec GlobalRoot Class 3" + "EE Certification Centre Root CA"
* Update mozilla/certdata.txt to version 1.85Michael Shuler2012-07-101-87/+1066
| | | | | | | | | | Certificates added (+) (none removed): + "Actalis Authentication Root CA" + "Trustis FPS Root CA" + "StartCom Certification Authority" + "StartCom Certification Authority G2" + "Buypass Class 2 Root CA" + "Buypass Class 3 Root CA"
View Lorry Controller Status