Import Debian version 20090624

diff --git a/debian/NEWS b/debian/NEWS
index 1e19c9412844cfdcddeafa976a0bcc8dd55e030c..19c6f3882d221b1c2f4e297443367ff325df9c03 100644 (file)
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,21 @@
+ca-certificates (20090624) unstable; urgency=low
+
+  * This update eases the installation of local certification authorities
+    by providing a canonical location in `/usr/local/share/ca-certificates'.
+    All certificates found in this directory will automatically be included
+    into the list of trusted certificates.  For details please see
+    `/usr/share/doc/ca-certificates/README.Debian'.
+  * New CA certificates:
+    - COMODO ECC Certification Authority
+    - DigiNotar Root CA
+    - Network Solutions Certificate Authority
+    - WellsSecure Public Root Certificate Authority
+  * Removed CA certificates:
+    - Equifax Secure Global eBusiness CA
+    - UTN USERFirst Object Root CA
+
+ -- Philipp Kern <pkern@debian.org>  Wed, 24 Jun 2009 21:04:45 +0200
+
 ca-certificates (20080809) unstable; urgency=low
 
   * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.

diff --git a/debian/README.Debian b/debian/README.Debian
index d0fbef2cb4bf598248dab5db56c80815f54c1fb9..4e44347114af1d94e78200fa8be2d83519aded87 100644 (file)
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -21,6 +21,13 @@ used by the web browsers in Debian.  It will also generate the hash
 symlinks and generate a single-file version in
 “/etc/ssl/certs/ca-certificates.crt”.
 
+If you want to install local certificate authorities to be implicitly
+trusted, please put the certificate files as single files ending with
+“.crt“ into “/usr/local/share/ca-certificates” and re-run
+“update-ca-certificates”.  If you want to prepare a local package
+of your certificates, you should depend on “ca-certificates“, install
+the PEM files into “/usr/local/share/ca-certificates” as above and call
+“update-ca-certificates” in the package's “postinst“.
 
 How certificates will be accepted into the ca-certificates package
 ------------------------------------------------------------------

diff --git a/debian/changelog b/debian/changelog
index 821a12aa3966d0e352588e35c4f857c9a38ce47d..46f792f6eb77bc825e5f0dffb930e2edf115123e 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,31 @@
+ca-certificates (20090624) unstable; urgency=low
+
+  * Allow local certificate installation.  All certificates found
+    in `/usr/local/share/ca-certificates' will be automatically added
+    to the list of trusted certificates in `/etc/ssl/certs'.
+    (Closes: #352637, #419491, #473677, #476663, #511150)
+  * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
+    1.51):
+    + COMODO ECC Certification Authority
+    + DigiNotar Root CA
+    + Network Solutions Certificate Authority
+    + WellsSecure Public Root Certificate Authority
+    - Equifax Secure Global eBusiness CA
+    - UTN USERFirst Object Root CA
+  * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
+    untrusted certificates.  This led to the exclusion of the
+    "MD5 Collisions Forged Rogue CA 23c3" and its parent
+    "Equifax Secure Global eBusiness CA".  Furthermore code signing-only
+    certificates are no longer included neither.
+  * Remove the purging of old PEM files in postinst dating back to
+    versions earlier than 20030414.
+  * Hooks are now called at every invocation of `update-ca-certificates'.
+    If no changes were done to `/etc/ssl/certs', the input for the
+    hooks will be empty, though.  Failure exit codes of hooks will not
+    tear down the upgrade process anymore.  They are printed but ignored.
+
+ -- Philipp Kern <pkern@debian.org>  Tue, 24 Jun 2009 21:04:08 +0200
+
 ca-certificates (20081127) unstable; urgency=low
 
   * Remove /etc/ssl{,/certs} in postrm to please piuparts.  (Closes:

diff --git a/debian/control b/debian/control
index 7a5955950e43c40cd1050ba616917f6956f04a1e..943ec8705553171ddcae83611114e543510d0c6e 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: misc
 Priority: optional
 Maintainer: Philipp Kern <pkern@debian.org>
 Build-Depends: debhelper (>> 4.1.16), po-debconf
-Build-Depends-Indep: ruby
+Build-Depends-Indep: python
 Standards-Version: 3.8.0
 
 Package: ca-certificates

diff --git a/debian/copyright b/debian/copyright
index fbe8351dfaea4abd585890193ac361662257555a..fadf8e04ad587d053111486c2b816c73881bbee2 100644 (file)
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,11 +1,34 @@
-This is ca-certificates, written and maintained by Fumitoshi UKAI <ukai@debian.or.jp>
-on Mon,  7 Jan 2002 21:16:51 +0900.
+ca-certificates was originally written and maintained by Fumitoshi UKAI
+<ukai@debian.or.jp> on Mon,  7 Jan 2002 21:16:51 +0900.
 
 The original source can always be found at:
-       ftp://ftp.debian.org/dists/unstable/main/source/
-       http://alioth.debian.org/projects/ca-certs/
+ftp://ftp.debian.org/dists/unstable/main/source/
 
-Copyright (C) 2001-2003  Fumitoshi UKAI
+
+sbin/update-ca-certificates:
+
+    Copyright (c) 2003  Fumitoshi UKAI <ukai@debian.or.jp>
+    Copyright (c) 2009  Philipp Kern <pkern@debian.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+mozilla/certdata2pem.py:
+
+    Copyright (c) 2009  Philipp Kern <pkern@debian.org>
+    (based on a Ruby script by Fumitoshi UKAI)
+    Licensed under the same license as sbin/update-ca-certificates.
 
 CA certificates from Mozilla as follows:
 # The contents of this file are subject to the Mozilla Public
@@ -40,4 +63,5 @@ CA certificates from Mozilla as follows:
 # GPL.
 
 On Debian GNU/Linux systems, the complete text of the GNU General Public
-License can be found in '/usr/share/common-licenses/GPL'
+License can be found in '/usr/share/common-licenses/GPL'.
+

diff --git a/debian/docs b/debian/docs
deleted file mode 100644 (file)
index 31b00f6..0000000
--- a/debian/docs
+++ /dev/null
@@ -1,2 +0,0 @@
-debian/oldpemfiles
-

diff --git a/debian/oldpemfiles b/debian/oldpemfiles
deleted file mode 100644 (file)
index f6fbbec..0000000
--- a/debian/oldpemfiles
+++ /dev/null
@@ -1,92 +0,0 @@
-ABAecom_=sub.,_Am._Bankers_Assn.=_Root_CA.pem
-AddTrust_External_Root.pem
-AddTrust_Non-Validated_Services_Root.pem
-AddTrust_Public_Services_Root.pem
-AddTrust_Qualified_Certificates_Root.pem
-American_Express_CA.pem
-American_Express_Global_CA.pem
-Baltimore_CyberTrust_Code_Signing_Root.pem
-Baltimore_CyberTrust_Mobile_Commerce_Root.pem
-Baltimore_CyberTrust_Root.pem
-BankEngine_CA.pem
-BelSign_Object_Publishing_CA.pem
-BelSign_Secure_Server_CA.pem
-CertEngine_CA.pem
-Deutsche_Telekom_AG_Root_CA.pem
-Digital_Signature_Trust_Co._Global_CA_1.pem
-Digital_Signature_Trust_Co._Global_CA_2.pem
-Digital_Signature_Trust_Co._Global_CA_3.pem
-Digital_Signature_Trust_Co._Global_CA_4.pem
-E-Certify_CA.pem
-E-Certify_RA.pem
-Entrust.net_Global_Secure_Personal_CA.pem
-Entrust.net_Global_Secure_Server_CA.pem
-Xcert_EZ.pem
-Entrust.net_Premium_2048_Secure_Server_CA.pem
-Entrust.net_Secure_Personal_CA.pem
-Entrust.net_Secure_Server_CA.pem
-Equifax_Premium_CA.pem
-Equifax_Secure_CA.pem
-Equifax_Secure_Global_eBusiness_CA.pem
-Equifax_Secure_eBusiness_CA_1.pem
-Equifax_Secure_eBusiness_CA_2.pem
-FortEngine_CA.pem
-GTE_CyberTrust_Global_Root.pem
-GTE_CyberTrust_Japan_Root_CA.pem
-GTE_CyberTrust_Japan_Secure_Server_CA.pem
-GTE_CyberTrust_Root_5.pem
-GTE_CyberTrust_Root_CA.pem
-GlobalSign_Partners_CA.pem
-GlobalSign_Primary_Class_1_CA.pem
-GlobalSign_Primary_Class_2_CA.pem
-GlobalSign_Primary_Class_3_CA.pem
-GlobalSign_Root_CA.pem
-MailEngine_CA.pem
-TC_TrustCenter,_Germany,_Class_0_CA.pem
-TC_TrustCenter,_Germany,_Class_1_CA.pem
-TC_TrustCenter,_Germany,_Class_2_CA.pem
-TC_TrustCenter,_Germany,_Class_3_CA.pem
-Thawte_Server_CA.pem
-TC_TrustCenter,_Germany,_Class_4_CA.pem
-Thawte_Personal_Basic_CA.pem
-Thawte_Personal_Freemail_CA.pem
-Thawte_Personal_Premium_CA.pem
-Thawte_Premium_Server_CA.pem
-Thawte_Time_Stamping_CA.pem
-Thawte_Universal_CA_Root.pem
-TraderEngine_CA.pem
-USPS_Production_1.pem
-USPS_Root.pem
-ValiCert_Class_1_VA.pem
-ValiCert_Class_2_VA.pem
-ValiCert_Class_3_VA.pem
-ValiCert_OCSP_Responder.pem
-VeriSign_Class_4_Primary_CA.pem
-Verisign_Class_1_Public_Primary_Certification_Authority.pem
-Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem
-Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
-Verisign_Class_1_Public_Primary_OCSP_Responder.pem
-Verisign_Class_2_Public_Primary_Certification_Authority.pem
-Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem
-Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
-Verisign_Class_2_Public_Primary_OCSP_Responder.pem
-Verisign_Class_3_Public_Primary_Certification_Authority.pem
-Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
-Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
-Verisign_Class_3_Public_Primary_OCSP_Responder.pem
-Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem
-Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.pem
-Verisign_RSA_Secure_Server_CA.pem
-Verisign_Secure_Server_OCSP_Responder.pem
-Verisign_Time_Stamping_Authority_CA.pem
-Visa_International_Global_Root_1.pem
-Visa_International_Global_Root_2.pem
-Visa_International_Global_Root_3.pem
-Visa_International_Global_Root_4.pem
-Visa_International_Global_Root_5.pem
-Xcert_Root_CA.pem
-Xcert_Root_CA_1024.pem
-Xcert_Root_CA_v1.pem
-Xcert_Root_CA_v1_1024.pem
-beTRUSTed_Root_CA.pem
-Debian.pem

diff --git a/debian/postinst b/debian/postinst
index dbd20e6717be07df96d8d133aef8a5f273c8bcfd..ca6aab06b1c7de96b7f0212efcb2babe46bf5741 100644 (file)
--- a/debian/postinst
+++ b/debian/postinst
@@ -38,10 +38,15 @@ delca() {
 
 case "$1" in
     configure)
-        if dpkg --compare-versions "$2" lt 20030414; then
-           # remove old *.pem files that ca-certificates installed 
-           (cd /etc/ssl/certs; rm -f $(cat /usr/share/doc/ca-certificates/oldpemfiles))
-       fi
+        if [ ! -e /usr/local/share/ca-certificates ]
+        then
+            if mkdir /usr/local/share/ca-certificates 2>/dev/null
+            then
+                chown root:staff /usr/local/share/ca-certificates
+                chmod 2775 /usr/local/share/ca-certificates
+            fi
+        fi
+
         . /usr/share/debconf/confmodule
        db_version 2.0
        db_capb multiselect

diff --git a/debian/postrm b/debian/postrm
index e4feb3e05a944b760dc5db54b9258d1273b80d31..8aa9d3fb8167942df1cdf349d11f5d0ecfa5eb3a 100644 (file)
--- a/debian/postrm
+++ b/debian/postrm
@@ -24,6 +24,7 @@ case "$1" in
         test -f "$h" || rm -f "$h"
        done
        echo done.
+       rmdir /usr/local/share/ca-certificates 2>/dev/null || true
        ;;
 
     purge)

diff --git a/debian/rules b/debian/rules
index ec220d5b9bfaeeab088ce04ff1dccd3c30fa1993..5cbc4c03498607bf398350da752f9f891d888438 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -62,25 +62,11 @@ binary-indep: build install
        dh_installdebconf       
        dh_installdocs
        dh_installexamples
-#      dh_installmenu
-#      dh_installlogrotate
-#      dh_installemacsen
-#      dh_installpam
-#      dh_installmime
-#      dh_installinit
-#      dh_installcron
        dh_installman sbin/update-ca-certificates.8
-#      dh_installinfo
-#      dh_undocumented
        dh_installchangelogs 
-#      dh_link
-#      dh_strip
        dh_compress
        dh_fixperms
-#      dh_makeshlibs
        dh_installdeb
-#      dh_perl
-#      dh_shlibdeps
        dh_gencontrol
        dh_md5sums
        dh_builddeb

diff --git a/mozilla/Makefile b/mozilla/Makefile
index 94ad5b75a9ad3ba30beba30c7e7abe4c84d069a6..6f4611882d54baea7d2b49ab293d0c8ce5030519 100644 (file)
--- a/mozilla/Makefile
+++ b/mozilla/Makefile
@@ -3,7 +3,7 @@
 #
 
 all:
-       ruby certdata2pem.rb < certdata.txt
+       python certdata2pem.py
 
 clean:
        -rm -f *.crt

diff --git a/mozilla/blacklist.txt b/mozilla/blacklist.txt
new file mode 100644 (file)
index 0000000..cc3e19b
--- /dev/null
+++ b/mozilla/blacklist.txt
@@ -0,0 +1,8 @@
+# One blacklist entry per line, corresponding to the label in certdata.txt.
+
+# Parent of "MD5 Collisions Forged Rogue CA 25c3"
+"Equifax Secure Global eBusiness CA"
+
+# MD5 Collision Proof of Concept CA
+"MD5 Collisions Forged Rogue CA 25c3"
+

diff --git a/mozilla/certdata.txt b/mozilla/certdata.txt
index d108bfb2e12c51f42a5f2376315ad600e4efb502..11ddc483edea250bd3792867aa7012d909256df8 100644 (file)
--- a/mozilla/certdata.txt
+++ b/mozilla/certdata.txt
@@ -34,7 +34,7 @@
 # the terms of any one of the MPL, the GPL or the LGPL.
 #
 # ***** END LICENSE BLOCK *****
-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.47 $ $Date: 2008/04/07 07:03:15 $"
+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.51 $ $Date: 2009/01/15 22:35:15 $"
 
 #
 # certdata.txt
@@ -2678,19 +2678,19 @@ CKA_ISSUER MULTILINE_OCTAL
 \156\040\122\157\157\164\040\103\101
 END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\013\002\000\000\000\000\000\326\170\267\224\005
+\002\013\004\000\000\000\000\001\025\113\132\303\224
 END
 CKA_VALUE MULTILINE_OCTAL
-\060\202\003\165\060\202\002\135\240\003\002\001\002\002\013\002
-\000\000\000\000\000\326\170\267\224\005\060\015\006\011\052\206
-\110\206\367\015\001\001\004\005\000\060\127\061\013\060\011\006
+\060\202\003\165\060\202\002\135\240\003\002\001\002\002\013\004
+\000\000\000\000\001\025\113\132\303\224\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\060\127\061\013\060\011\006
 \003\125\004\006\023\002\102\105\061\031\060\027\006\003\125\004
 \012\023\020\107\154\157\142\141\154\123\151\147\156\040\156\166
 \055\163\141\061\020\060\016\006\003\125\004\013\023\007\122\157
 \157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022
 \107\154\157\142\141\154\123\151\147\156\040\122\157\157\164\040
 \103\101\060\036\027\015\071\070\060\071\060\061\061\062\060\060
-\060\060\132\027\015\061\064\060\061\062\070\061\062\060\060\060
+\060\060\132\027\015\062\070\060\061\062\070\061\062\060\060\060
 \060\132\060\127\061\013\060\011\006\003\125\004\006\023\002\102
 \105\061\031\060\027\006\003\125\004\012\023\020\107\154\157\142
 \141\154\123\151\147\156\040\156\166\055\163\141\061\020\060\016
@@ -2716,27 +2716,27 @@ CKA_VALUE MULTILINE_OCTAL
 \327\203\064\377\054\052\301\154\031\103\112\007\205\347\323\174
 \366\041\150\357\352\362\122\237\177\223\220\317\002\003\001\000
 \001\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004
-\004\003\002\000\006\060\035\006\003\125\035\016\004\026\004\024
-\140\173\146\032\105\015\227\312\211\120\057\175\004\315\064\250
-\377\374\375\113\060\017\006\003\125\035\023\001\001\377\004\005
-\060\003\001\001\377\060\015\006\011\052\206\110\206\367\015\001
-\001\004\005\000\003\202\001\001\000\256\252\237\374\267\322\313
-\037\137\071\051\050\030\236\064\311\154\117\157\032\360\144\242
-\160\112\117\023\206\233\140\050\236\350\201\111\230\175\012\273
-\345\260\235\075\066\333\217\005\121\377\011\061\052\037\335\211
-\167\236\017\056\154\225\004\355\206\313\264\000\077\204\002\115
-\200\152\052\055\170\013\256\157\053\242\203\104\203\037\315\120
-\202\114\044\257\275\367\245\264\310\132\017\364\347\107\136\111
-\216\067\226\376\232\210\005\072\331\300\333\051\207\346\031\226
-\107\247\072\246\214\213\074\167\376\106\143\247\123\332\041\321
-\254\176\111\242\113\346\303\147\131\057\263\212\016\273\054\275
-\251\252\102\174\065\301\330\177\325\247\061\072\116\143\103\071
-\257\010\260\141\064\214\323\230\251\103\064\366\017\207\051\073
-\235\302\126\130\230\167\303\367\033\254\366\235\370\076\252\247
-\124\105\360\365\371\325\061\145\376\153\130\234\161\263\036\327
-\122\352\062\027\374\100\140\035\311\171\044\262\366\154\375\250
-\146\016\202\335\230\313\332\302\104\117\056\240\173\362\367\153
-\054\166\021\204\106\212\170\243\343
+\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004
+\024\140\173\146\032\105\015\227\312\211\120\057\175\004\315\064
+\250\377\374\375\113\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\003\202\001\001\000\326\163\347\174\117\166\320
+\215\277\354\272\242\276\064\305\050\062\265\174\374\154\234\054
+\053\275\011\236\123\277\153\136\252\021\110\266\345\010\243\263
+\312\075\141\115\323\106\011\263\076\303\240\343\143\125\033\362
+\272\357\255\071\341\103\271\070\243\346\057\212\046\073\357\240
+\120\126\371\306\012\375\070\315\304\013\160\121\224\227\230\004
+\337\303\137\224\325\025\311\024\101\234\304\135\165\144\025\015
+\377\125\060\354\206\217\377\015\357\054\271\143\106\366\252\374
+\337\274\151\375\056\022\110\144\232\340\225\360\246\357\051\217
+\001\261\025\265\014\035\245\376\151\054\151\044\170\036\263\247
+\034\161\142\356\312\310\227\254\027\135\212\302\370\107\206\156
+\052\304\126\061\225\320\147\211\205\053\371\154\246\135\106\235
+\014\252\202\344\231\121\335\160\267\333\126\075\141\344\152\341
+\134\326\366\376\075\336\101\314\007\256\143\122\277\123\123\364
+\053\351\307\375\266\367\202\137\205\322\101\030\333\201\263\004
+\034\305\037\244\200\157\025\040\311\336\014\210\012\035\326\146
+\125\342\374\110\311\051\046\151\340
 END
 
 # Trust for Certificate "GlobalSign Root CA"
@@ -2746,11 +2746,11 @@ CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GlobalSign Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\057\027\077\175\351\226\147\257\245\172\370\012\242\321\261\057
-\254\203\003\070
+\261\274\226\213\324\364\235\142\052\250\232\201\362\025\001\122
+\244\035\202\234
 END
 CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\253\277\352\343\153\051\246\314\246\170\065\231\357\255\053\200
+\076\105\122\025\011\121\222\341\267\135\067\237\261\207\051\212
 END
 CKA_ISSUER MULTILINE_OCTAL
 \060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061
@@ -2761,7 +2761,7 @@ CKA_ISSUER MULTILINE_OCTAL
 \156\040\122\157\157\164\040\103\101
 END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\013\002\000\000\000\000\000\326\170\267\224\005
+\002\013\004\000\000\000\000\001\025\113\132\303\224
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
@@ -16957,3 +16957,674 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DigiNotar Root CA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiNotar Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151
+\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061
+\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021
+\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156
+\154
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151
+\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061
+\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021
+\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156
+\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223
+\074\114
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\212\060\202\003\162\240\003\002\001\002\002\020\014
+\166\332\234\221\014\116\054\236\376\025\320\130\223\074\114\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\137
+\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022\060
+\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164\141
+\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147\151
+\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040\060
+\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151\156
+\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154\060
+\036\027\015\060\067\060\065\061\066\061\067\061\071\063\066\132
+\027\015\062\065\060\063\063\061\061\070\061\071\062\061\132\060
+\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022
+\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164
+\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147
+\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040
+\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151
+\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\254\260\130\301\000\275\330\041\010\013\053\232\376\156\126
+\060\005\237\033\167\220\020\101\134\303\015\207\021\167\216\201
+\361\312\174\351\214\152\355\070\164\065\273\332\337\371\273\300
+\011\067\264\226\163\201\175\063\032\230\071\367\223\157\225\177
+\075\271\261\165\207\272\121\110\350\213\160\076\225\004\305\330
+\266\303\026\331\210\260\261\207\035\160\332\206\264\017\024\213
+\172\317\020\321\164\066\242\022\173\167\206\112\171\346\173\337
+\002\021\150\245\116\206\256\064\130\233\044\023\170\126\042\045
+\036\001\213\113\121\161\373\202\314\131\226\151\210\132\150\123
+\305\271\015\002\067\313\113\274\146\112\220\176\052\013\005\007
+\355\026\137\125\220\165\330\106\311\033\203\342\010\276\361\043
+\314\231\035\326\052\017\203\040\025\130\047\202\056\372\342\042
+\302\111\261\271\001\201\152\235\155\235\100\167\150\166\116\041
+\052\155\204\100\205\116\166\231\174\202\363\363\267\002\131\324
+\046\001\033\216\337\255\123\006\321\256\030\335\342\262\072\313
+\327\210\070\216\254\133\051\271\031\323\230\371\030\003\317\110
+\202\206\146\013\033\151\017\311\353\070\210\172\046\032\005\114
+\222\327\044\324\226\362\254\122\055\243\107\325\122\366\077\376
+\316\204\006\160\246\252\076\242\362\266\126\064\030\127\242\344
+\201\155\347\312\360\152\323\307\221\153\002\203\101\174\025\357
+\153\232\144\136\343\320\074\345\261\353\173\135\206\373\313\346
+\167\111\315\243\145\334\367\271\234\270\344\013\137\223\317\314
+\060\032\062\034\316\034\143\225\245\371\352\341\164\213\236\351
+\053\251\060\173\240\030\037\016\030\013\345\133\251\323\321\154
+\036\007\147\217\221\113\251\212\274\322\146\252\223\001\210\262
+\221\372\061\134\325\246\301\122\010\011\315\012\143\242\323\042
+\246\350\241\331\071\006\227\365\156\215\002\220\214\024\173\077
+\200\315\033\234\272\304\130\162\043\257\266\126\237\306\172\102
+\063\051\007\077\202\311\346\037\005\015\315\114\050\066\213\323
+\310\076\034\306\210\357\136\356\211\144\351\035\353\332\211\176
+\062\246\151\321\335\314\210\237\321\320\311\146\041\334\006\147
+\305\224\172\232\155\142\114\175\314\340\144\200\262\236\107\216
+\243\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125
+\035\016\004\026\004\024\210\150\277\340\216\065\304\073\070\153
+\142\367\050\073\204\201\310\014\327\115\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\003\202\002\001\000\073\002
+\215\313\074\060\350\156\240\255\362\163\263\137\236\045\023\004
+\005\323\366\343\213\273\013\171\316\123\336\344\226\305\321\257
+\163\274\325\303\320\100\125\174\100\177\315\033\137\011\325\362
+\174\237\150\035\273\135\316\172\071\302\214\326\230\173\305\203
+\125\250\325\175\100\312\340\036\367\211\136\143\135\241\023\302
+\135\212\266\212\174\000\363\043\303\355\205\137\161\166\360\150
+\143\252\105\041\071\110\141\170\066\334\361\103\223\324\045\307
+\362\200\145\341\123\002\165\121\374\172\072\357\067\253\204\050
+\127\014\330\324\324\231\126\154\343\242\376\131\204\264\061\350
+\063\370\144\224\224\121\227\253\071\305\113\355\332\335\200\013
+\157\174\051\015\304\216\212\162\015\347\123\024\262\140\101\075
+\204\221\061\150\075\047\104\333\345\336\364\372\143\105\310\114
+\076\230\365\077\101\272\116\313\067\015\272\146\230\361\335\313
+\237\134\367\124\066\202\153\054\274\023\141\227\102\370\170\273
+\314\310\242\237\312\360\150\275\153\035\262\337\215\157\007\235
+\332\216\147\307\107\036\312\271\277\052\102\221\267\143\123\146
+\361\102\243\341\364\132\115\130\153\265\344\244\063\255\134\160
+\035\334\340\362\353\163\024\221\232\003\301\352\000\145\274\007
+\374\317\022\021\042\054\256\240\275\072\340\242\052\330\131\351
+\051\323\030\065\244\254\021\137\031\265\265\033\377\042\112\134
+\306\172\344\027\357\040\251\247\364\077\255\212\247\232\004\045
+\235\016\312\067\346\120\375\214\102\051\004\232\354\271\317\113
+\162\275\342\010\066\257\043\057\142\345\312\001\323\160\333\174
+\202\043\054\026\061\014\306\066\007\220\172\261\037\147\130\304
+\073\130\131\211\260\214\214\120\263\330\206\313\150\243\304\012
+\347\151\113\040\316\301\036\126\113\225\251\043\150\330\060\330
+\303\353\260\125\121\315\345\375\053\270\365\273\021\237\123\124
+\366\064\031\214\171\011\066\312\141\027\045\027\013\202\230\163
+\014\167\164\303\325\015\307\250\022\114\307\247\124\161\107\056
+\054\032\175\311\343\053\073\110\336\047\204\247\143\066\263\175
+\217\240\144\071\044\015\075\173\207\257\146\134\164\033\113\163
+\262\345\214\360\206\231\270\345\305\337\204\301\267\353
+END
+
+# Trust for Certificate "DigiNotar Root CA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiNotar Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\300\140\355\104\313\330\201\275\016\370\154\013\242\207\335\317
+\201\147\107\214
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\172\171\124\115\007\222\073\133\377\101\360\016\307\071\242\230
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151
+\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061
+\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021
+\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156
+\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223
+\074\114
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Network Solutions Certificate Authority"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Network Solutions Certificate Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162
+\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056
+\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164
+\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103
+\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162
+\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056
+\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164
+\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103
+\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\127\313\063\157\302\134\026\346\107\026\027\343\220\061
+\150\340
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\346\060\202\002\316\240\003\002\001\002\002\020\127
+\313\063\157\302\134\026\346\107\026\027\343\220\061\150\340\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\142
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\041\060
+\037\006\003\125\004\012\023\030\116\145\164\167\157\162\153\040
+\123\157\154\165\164\151\157\156\163\040\114\056\114\056\103\056
+\061\060\060\056\006\003\125\004\003\023\047\116\145\164\167\157
+\162\153\040\123\157\154\165\164\151\157\156\163\040\103\145\162
+\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151
+\164\171\060\036\027\015\060\066\061\062\060\061\060\060\060\060
+\060\060\132\027\015\062\071\061\062\063\061\062\063\065\071\065
+\071\132\060\142\061\013\060\011\006\003\125\004\006\023\002\125
+\123\061\041\060\037\006\003\125\004\012\023\030\116\145\164\167
+\157\162\153\040\123\157\154\165\164\151\157\156\163\040\114\056
+\114\056\103\056\061\060\060\056\006\003\125\004\003\023\047\116
+\145\164\167\157\162\153\040\123\157\154\165\164\151\157\156\163
+\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+\150\157\162\151\164\171\060\202\001\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202
+\001\012\002\202\001\001\000\344\274\176\222\060\155\306\330\216
+\053\013\274\106\316\340\047\226\336\336\371\372\022\323\074\063
+\163\263\004\057\274\161\214\345\237\266\042\140\076\137\135\316
+\011\377\202\014\033\232\121\120\032\046\211\335\325\141\135\031
+\334\022\017\055\012\242\103\135\027\320\064\222\040\352\163\317
+\070\054\006\046\011\172\162\367\372\120\062\370\302\223\323\151
+\242\043\316\101\261\314\344\325\037\066\321\212\072\370\214\143
+\342\024\131\151\355\015\323\177\153\350\270\003\345\117\152\345
+\230\143\151\110\005\276\056\377\063\266\351\227\131\151\370\147
+\031\256\223\141\226\104\025\323\162\260\077\274\152\175\354\110
+\177\215\303\253\252\161\053\123\151\101\123\064\265\260\271\305
+\006\012\304\260\105\365\101\135\156\211\105\173\075\073\046\214
+\164\302\345\322\321\175\262\021\324\373\130\062\042\232\200\311
+\334\375\014\351\177\136\003\227\316\073\000\024\207\047\160\070
+\251\216\156\263\047\166\230\121\340\005\343\041\253\032\325\205
+\042\074\051\265\232\026\305\200\250\364\273\153\060\217\057\106
+\002\242\261\014\042\340\323\002\003\001\000\001\243\201\227\060
+\201\224\060\035\006\003\125\035\016\004\026\004\024\041\060\311
+\373\000\327\116\230\332\207\252\052\320\247\056\261\100\061\247
+\114\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\122\006\003\125\035\037\004\113\060\111\060\107\240
+\105\240\103\206\101\150\164\164\160\072\057\057\143\162\154\056
+\156\145\164\163\157\154\163\163\154\056\143\157\155\057\116\145
+\164\167\157\162\153\123\157\154\165\164\151\157\156\163\103\145
+\162\164\151\146\151\143\141\164\145\101\165\164\150\157\162\151
+\164\171\056\143\162\154\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\202\001\001\000\273\256\113\347\267\127
+\353\177\252\055\267\163\107\205\152\301\344\245\035\344\347\074
+\351\364\131\145\167\265\172\133\132\215\045\066\340\172\227\056
+\070\300\127\140\203\230\006\203\237\271\166\172\156\120\340\272
+\210\054\374\105\314\030\260\231\225\121\016\354\035\270\210\377
+\207\120\034\202\302\343\340\062\200\277\240\013\107\310\303\061
+\357\231\147\062\200\117\027\041\171\014\151\134\336\136\064\256
+\002\265\046\352\120\337\177\030\145\054\311\362\143\341\251\007
+\376\174\161\037\153\063\044\152\036\005\367\005\150\300\152\022
+\313\056\136\141\313\256\050\323\176\302\264\146\221\046\137\074
+\056\044\137\313\130\017\353\050\354\257\021\226\363\334\173\157
+\300\247\210\362\123\167\263\140\136\256\256\050\332\065\054\157
+\064\105\323\046\341\336\354\133\117\047\153\026\174\275\104\004
+\030\202\263\211\171\027\020\161\075\172\242\026\116\365\001\315
+\244\154\145\150\241\111\166\134\103\311\330\274\066\147\154\245
+\224\265\324\314\271\275\152\065\126\041\336\330\303\353\373\313
+\244\140\114\260\125\240\240\173\127\262
+END
+
+# Trust for Certificate "Network Solutions Certificate Authority"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Network Solutions Certificate Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\164\370\243\303\357\347\263\220\006\113\203\220\074\041\144\140
+\040\345\337\316
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\323\363\246\026\300\372\153\035\131\261\055\226\115\016\021\056
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162
+\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056
+\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164
+\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103
+\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\127\313\063\157\302\134\026\346\107\026\027\343\220\061
+\150\340
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "WellsSecure Public Root Certificate Authority"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WellsSecure Public Root Certificate Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163
+\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165
+\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154
+\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101
+\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163
+\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157
+\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163
+\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165
+\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154
+\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101
+\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163
+\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157
+\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\275\060\202\003\245\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163\040
+\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165\162
+\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154\154
+\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101\061
+\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163\123
+\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157\157
+\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165
+\164\150\157\162\151\164\171\060\036\027\015\060\067\061\062\061
+\063\061\067\060\067\065\064\132\027\015\062\062\061\062\061\064
+\060\060\060\067\065\064\132\060\201\205\061\013\060\011\006\003
+\125\004\006\023\002\125\123\061\040\060\036\006\003\125\004\012
+\014\027\127\145\154\154\163\040\106\141\162\147\157\040\127\145
+\154\154\163\123\145\143\165\162\145\061\034\060\032\006\003\125
+\004\013\014\023\127\145\154\154\163\040\106\141\162\147\157\040
+\102\141\156\153\040\116\101\061\066\060\064\006\003\125\004\003
+\014\055\127\145\154\154\163\123\145\143\165\162\145\040\120\165
+\142\154\151\143\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171\060
+\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000
+\356\157\264\275\171\342\217\010\041\236\070\004\101\045\357\253
+\133\034\123\222\254\155\236\335\302\304\056\105\224\003\065\210
+\147\164\127\343\337\214\270\247\166\217\073\367\250\304\333\051
+\143\016\221\150\066\212\227\216\212\161\150\011\007\344\350\324
+\016\117\370\326\053\114\244\026\371\357\103\230\217\263\236\122
+\337\155\221\071\217\070\275\167\213\103\143\353\267\223\374\060
+\114\034\001\223\266\023\373\367\241\037\277\045\341\164\067\054
+\036\244\136\074\150\370\113\277\015\271\036\056\066\350\251\344
+\247\370\017\313\202\165\174\065\055\042\326\302\277\013\363\264
+\374\154\225\141\036\127\327\004\201\062\203\122\171\346\203\143
+\317\267\313\143\213\021\342\275\136\353\366\215\355\225\162\050
+\264\254\022\142\351\112\063\346\203\062\256\005\165\225\275\204
+\225\333\052\134\233\216\056\014\270\201\053\101\346\070\126\237
+\111\233\154\166\372\212\135\367\001\171\201\174\301\203\100\005
+\376\161\375\014\077\314\116\140\011\016\145\107\020\057\001\300
+\005\077\217\370\263\101\357\132\102\176\131\357\322\227\014\145
+\002\003\001\000\001\243\202\001\064\060\202\001\060\060\017\006
+\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\071
+\006\003\125\035\037\004\062\060\060\060\056\240\054\240\052\206
+\050\150\164\164\160\072\057\057\143\162\154\056\160\153\151\056
+\167\145\154\154\163\146\141\162\147\157\056\143\157\155\057\167
+\163\160\162\143\141\056\143\162\154\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\306\060\035\006\003\125\035\016
+\004\026\004\024\046\225\031\020\331\350\241\227\221\377\334\031
+\331\265\004\076\322\163\012\152\060\201\262\006\003\125\035\043
+\004\201\252\060\201\247\200\024\046\225\031\020\331\350\241\227
+\221\377\334\031\331\265\004\076\322\163\012\152\241\201\213\244
+\201\210\060\201\205\061\013\060\011\006\003\125\004\006\023\002
+\125\123\061\040\060\036\006\003\125\004\012\014\027\127\145\154
+\154\163\040\106\141\162\147\157\040\127\145\154\154\163\123\145
+\143\165\162\145\061\034\060\032\006\003\125\004\013\014\023\127
+\145\154\154\163\040\106\141\162\147\157\040\102\141\156\153\040
+\116\101\061\066\060\064\006\003\125\004\003\014\055\127\145\154
+\154\163\123\145\143\165\162\145\040\120\165\142\154\151\143\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\145
+\040\101\165\164\150\157\162\151\164\171\202\001\001\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\271\025\261\104\221\314\043\310\053\115\167\343\370\232\173
+\047\015\315\162\273\231\000\312\174\146\031\120\306\325\230\355
+\253\277\003\132\345\115\345\036\310\117\161\227\206\325\343\035
+\375\220\311\074\165\167\127\172\175\370\336\364\324\325\367\225
+\346\164\156\035\074\256\174\235\333\002\003\005\054\161\113\045
+\076\007\343\136\232\365\146\027\051\210\032\070\237\317\252\101
+\003\204\227\153\223\070\172\312\060\104\033\044\104\063\320\344
+\321\334\050\070\364\023\103\065\065\051\143\250\174\242\265\255
+\070\244\355\255\375\306\232\037\377\227\163\376\373\263\065\247
+\223\206\306\166\221\000\346\254\121\026\304\047\062\134\333\163
+\332\245\223\127\216\076\155\065\046\010\131\325\347\104\327\166
+\040\143\347\254\023\147\303\155\261\160\106\174\325\226\021\075
+\211\157\135\250\241\353\215\012\332\303\035\063\154\243\352\147
+\031\232\231\177\113\075\203\121\052\035\312\057\206\014\242\176
+\020\055\053\324\026\225\013\007\252\056\024\222\111\267\051\157
+\330\155\061\175\365\374\241\020\007\207\316\057\131\334\076\130
+\333
+END
+
+# Trust for Certificate "WellsSecure Public Root Certificate Authority"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WellsSecure Public Root Certificate Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\347\264\366\235\141\354\220\151\333\176\220\247\100\032\074\364
+\175\117\350\356
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\025\254\245\302\222\055\171\274\350\177\313\147\355\002\317\066
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163
+\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165
+\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154
+\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101
+\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163
+\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157
+\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "COMODO ECC Certification Authority"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "COMODO ECC Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
+\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
+\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143
+\231\052
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037
+\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060
+\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013
+\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006
+\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141
+\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004
+\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003
+\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114
+\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023
+\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060
+\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071
+\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023
+\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162
+\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162
+\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157
+\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115
+\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053
+\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040
+\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006
+\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003
+\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221
+\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341
+\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344
+\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011
+\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011
+\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262
+\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026
+\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224
+\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075
+\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254
+\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346
+\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316
+\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223
+\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157
+\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346
+\334\335\363\377\035\054\072\026\127\331\222\071\326
+END
+
+# Trust for Certificate "COMODO ECC Certification Authority"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "COMODO ECC Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216
+\055\223\303\021
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
+\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143
+\231\052
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "MD5 Collisions Forged Rogue CA 25c3"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065
+\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056
+\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162
+\145\145\144\157\155\056\157\162\147\057\155\144\065\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
+\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
+\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
+\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
+\165\163\151\156\145\163\163\040\103\101\055\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\102
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102
+\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
+\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034
+\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170
+\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053
+\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123
+\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165
+\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060
+\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064
+\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060
+\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154
+\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164
+\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155
+\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
+\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370
+\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121
+\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333
+\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217
+\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303
+\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336
+\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050
+\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010
+\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060
+\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037
+\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353
+\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240
+\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150
+\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015
+\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340
+\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010
+\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371
+\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271
+\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376
+\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160
+\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026
+\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111
+\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046
+\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236
+\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066
+\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004
+\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107
+\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214
+\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003
+\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016
+\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051
+\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004
+\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072
+\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143
+\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141
+\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026
+\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250
+\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004
+\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004
+\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045
+\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034
+\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263
+\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145
+\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114
+\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104
+\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165
+\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352
+\321\236\164\310\166\147
+END
+
+# Trust for Certificate "MD5 Collisions Forged Rogue CA 25c3"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253
+\005\132\213\212
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
+\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
+\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
+\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
+\165\163\151\156\145\163\163\040\103\101\055\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\102
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
new file mode 100644 (file)
index 0000000..d40b659
--- /dev/null
+++ b/mozilla/certdata2pem.py
@@ -0,0 +1,124 @@
+#!/usr/bin/python
+# vim:set et sw=4:
+#
+# certdata2pem.py - splits certdata.txt into multiple files
+#
+# Copyright (C) 2009 Philipp Kern <pkern@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+import base64
+import os.path
+import re
+import sys
+import textwrap
+
+objects = []
+
+# Dirty file parser.
+in_data, in_multiline, in_obj = False, False, False
+field, type, value, obj = None, None, None, dict()
+for line in open('certdata.txt', 'r'):
+    # Ignore the file header.
+    if not in_data:
+        if line.startswith('BEGINDATA'):
+            in_data = True
+        continue
+    # Ignore comment lines.
+    if line.startswith('#'):
+        continue
+    # Empty lines are significant if we are inside an object.
+    if in_obj and len(line.strip()) == 0:
+        objects.append(obj)
+        obj = dict()
+        in_obj = False
+        continue
+    if len(line.strip()) == 0:
+        continue
+    if in_multiline:
+        if not line.startswith('END'):
+            if type == 'MULTILINE_OCTAL':
+                line = line.strip()
+                for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
+                    value += chr(int(i.group(1), 8))
+            else:
+                value += line
+            continue
+        obj[field] = value
+        in_multiline = False
+        continue
+    if line.startswith('CKA_CLASS'):
+        in_obj = True
+    line_parts = line.strip().split(' ', 2)
+    if len(line_parts) > 2:
+        field, type = line_parts[0:2]
+        value = ' '.join(line_parts[2:])
+    elif len(line_parts) == 2:
+        field, type = line_parts
+        value = None
+    else:
+        raise NotImplementedError, 'line_parts < 2 not supported.'
+    if type == 'MULTILINE_OCTAL':
+        in_multiline = True
+        value = ""
+        continue
+    obj[field] = value
+if len(obj.items()) > 0:
+    objects.append(obj)
+
+# Read blacklist.
+blacklist = []
+if os.path.exists('blacklist.txt'):
+    for line in open('blacklist.txt', 'r'):
+        line = line.strip()
+        if line.startswith('#') or len(line) == 0:
+            continue
+        item = line.split('#', 1)[0].strip()
+        blacklist.append(item)
+
+# Build up trust database.
+trust = dict()
+for obj in objects:
+    if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST':
+        continue
+    if obj['CKA_LABEL'] in blacklist:
+        print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
+    elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
+        trust[obj['CKA_LABEL']] = True
+    elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
+        trust[obj['CKA_LABEL']] = True
+    elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED':
+        print '!'*74
+        print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
+        print '!'*74
+    else:
+        print "Ignoring certificate %s.  SAUTH=%s, EPROT=%s" % \
+              (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
+               obj['CKA_TRUST_EMAIL_PROTECTION'])
+
+for obj in objects:
+    if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
+        if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
+            continue
+        fname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
+                                      .replace(' ', '_')\
+                                      .replace('(', '=')\
+                                      .replace(')', '=')\
+                                      .replace(',', '_') + '.crt'
+        f = open(fname, 'w')
+        f.write("-----BEGIN CERTIFICATE-----\n")
+        f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
+        f.write("\n-----END CERTIFICATE-----\n")
+

diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
old mode 100644 (file)
new mode 100755 (executable)
index 46e4c10..728e909
--- a/sbin/update-ca-certificates
+++ b/sbin/update-ca-certificates
@@ -3,6 +3,7 @@
 # update-ca-certificates
 #
 # Copyright (c) 2003 Fumitoshi UKAI <ukai@debian.or.jp>
+# Copyright (c) 2009 Philipp Kern <pkern@debian.org>
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -37,8 +38,47 @@ done
 
 CERTSCONF=/etc/ca-certificates.conf
 CERTSDIR=/usr/share/ca-certificates
+LOCALCERTSDIR=/usr/local/share/ca-certificates
 CERTBUNDLE=ca-certificates.crt
 ETCCERTSDIR=/etc/ssl/certs
+
+cleanup() {
+  rm -f "$TEMPBUNDLE"
+  rm -f "$ADDED"
+  rm -f "$REMOVED"
+}
+trap cleanup 0
+
+# Helper files.  (Some of them are not simple arrays because we spawn
+# subshells later on.)
+TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
+ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
+REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
+
+# Adds a certificate to the list of trusted ones.  This includes a symlink
+# in /etc/ssl/certs to the certificate file and its inclusion into the
+# bundle.
+add() {
+  CERT="$1"
+  PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem"
+  if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
+  then
+    ln -sf "$CERT" "$PEM"
+    echo +$PEM >> "$ADDED"
+  fi
+  cat "$CERT" >> "$TEMPBUNDLE"
+}
+
+remove() {
+  CERT="$1"
+  PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem"
+  if test -L "$PEM"
+  then
+    rm -f "$PEM"
+    echo -$PEM >> "$REMOVED"
+  fi
+}
+
 cd $ETCCERTSDIR
 if [ "$fresh" = 1 ]; then
   echo -n "Clearing symlinks in $ETCCERTSDIR..."
@@ -54,49 +94,65 @@ if [ "$fresh" = 1 ]; then
   done
   echo "done."
 fi
-echo -n "Updating certificates in $ETCCERTSDIR...."
 
-bundletmp=`mktemp "${CERTBUNDLE}.tmp.XXXXXX"`
-removed="$(sed -ne 's/^!//p' $CERTSCONF | while read crt
+echo -n "Updating certificates in $ETCCERTSDIR... "
+
+# Handle certificates that should be removed.  This is an explicit act
+# by prefixing lines in the configuration files with exclamation marks (!).
+sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt
 do
- if test "$crt" = ""; then continue; fi
- pem=$(basename "$crt" .crt).pem
- if test -e "$pem"; then
-  rm -f "$pem"
-  echo "-$ETCCERTSDIR/$pem"
- fi
-done)"
-
-added="$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
+  remove "$CERTSDIR/$crt"
+done
+
+sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
 do
- if test "$crt" = ""; then continue; fi
- if ! test -f "$CERTSDIR/$crt"; then continue; fi
- pem=$(basename "$crt" .crt).pem
- if ! test -e "$pem"; then echo "+$ETCCERTSDIR/$pem"; fi
- ln -sf "$CERTSDIR/$crt" "$pem"
- cat "$CERTSDIR/$crt" >> "$bundletmp"
-done)"
-chmod 0644 "$bundletmp"
-mv -f "$bundletmp" "$CERTBUNDLE"
-
-if [ -n "$added" ] || [ -n "$removed" ]; then
-  # only run if set of files has changed
+  if ! test -f "$CERTSDIR/$crt"
+  then
+    echo "W: $CERTSDIR/$crt not found, but listed in $CERTSCONF." >&2
+    continue
+  fi
+  add "$CERTSDIR/$crt"
+done
 
-  if [ "$verbose" = 0 ]; then
+# Now process certificate authorities installed by the local system
+# administrator.
+if [ -d "$LOCALCERTSDIR" ]
+then
+  find -L "$LOCALCERTSDIR" -type f | while read crt
+  do
+    add "$crt"
+  done
+fi
+
+chmod 0644 "$TEMPBUNDLE"
+mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
+
+ADDED_CNT=$(wc -l < "$ADDED")
+REMOVED_CNT=$(wc -l < "$REMOVED")
+
+if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
+then
+  # only run if set of files has changed
+  if [ "$verbose" = 0 ]
+  then
     c_rehash . > /dev/null 2>&1
   else
     c_rehash .
   fi
-  echo "done."
-
-  HOOKSDIR=/etc/ca-certificates/update.d
-  echo -n "Running hooks in $HOOKSDIR...."
-  VERBOSE_ARG=
-  [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
-  eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook; do
-  printf -- "${removed:+$removed\n}${added:+$added\n}" | eval $hook
-  done
-  echo "done."
-else
-  echo "done."
 fi
+
+echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
+
+HOOKSDIR=/etc/ca-certificates/update.d
+echo -n "Running hooks in $HOOKSDIR...."
+VERBOSE_ARG=
+[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
+eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook
+do
+  ( cat $ADDED
+    cat $REMOVED ) | $hook || echo E: $hook exited with code $?.
+done
+echo "done."
+
+# vim:set et sw=2:
+

diff --git a/sbin/update-ca-certificates.8 b/sbin/update-ca-certificates.8
index 3c71502548e9c98ca96f4d65bb50ef780ab806b4..65aa7debe6489876dd25e46359516b00dd8b7072 100644 (file)
--- a/sbin/update-ca-certificates.8
+++ b/sbin/update-ca-certificates.8
@@ -26,14 +26,18 @@ This manual page documents briefly the
 commands.
 This manual page was written for the Debian distribution.
 .PP
-\fBupdate-ca-certificates\fP is a program that updates /etc/ssl/certs
-directory to hold SSL certificates and generates certificates.crt that is
-single-file version of CA certificates.
+\fBupdate-ca-certificates\fP is a program that updates the directory
+/etc/ssl/certs to hold SSL certificates and generates certificates.crt,
+a concatenated single-file list of certificates.
 .PP
-It reads /etc/ca-certificates.conf file. Each lines list pathname of
-activated CA certificates under /usr/share/ca-certificates.
-Lines that begin with "#" is comment line. 
-Lines that begin with "!" is deselect, deactivation of the CA certificates. 
+It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
+a CA certificate under /usr/share/ca-certificates that should be trusted.
+Lines that begin with "#" are comment lines and thus ignored.
+Lines that begin with "!" are deselected, causing the deactivation of the CA
+certificate in question. 
+.PP
+Furthermore all certificates found below /usr/local/share/ca-certificates
+are also included as implicitly trusted.
 .PP
 Before terminating, \fBupdate-ca-certificates\fP invokes
 \fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with
@@ -61,6 +65,8 @@ all CA certificates that you activated in /etc/ca-certificates.conf.
 .TP
 .I /usr/share/ca-certificates
 Directory of CA certificates.
+.I /usr/local/share/ca-certificates
+Directory of local CA certificates.
 .SH SEE ALSO
 .BR c_rehash (1),
 .SH AUTHOR