+ca-certificates (20090701) unstable; urgency=low
+
+ * Readded Equifax Secure Global eBusiness CA.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:47:02 +0200
+
ca-certificates (20090624) unstable; urgency=low
* This update eases the installation of local certification authorities
+ca-certificates (20090701) unstable; urgency=low
+
+ * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
+ Rationale: The rogue collision CA has its validity period in the past.
+ Thus it does not impose a risk upon us at the moment.
+ * Restrict search for local certificates to add on files ending with '.crt'.
+ * Canonicalize PEM names by applying the same set of substitions to
+ local and other certificates like the Mozilla certdata dumper does.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
+
ca-certificates (20090624) unstable; urgency=low
* Allow local certificate installation. All certificates found
# One blacklist entry per line, corresponding to the label in certdata.txt.
-# Parent of "MD5 Collisions Forged Rogue CA 25c3"
-"Equifax Secure Global eBusiness CA"
-
# MD5 Collision Proof of Concept CA
"MD5 Collisions Forged Rogue CA 25c3"
# bundle.
add() {
CERT="$1"
- PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem"
+ PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
+ -e 's/[()]/=/g' \
+ -e 's/,/_/g').pem"
if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
then
ln -sf "$CERT" "$PEM"
# administrator.
if [ -d "$LOCALCERTSDIR" ]
then
- find -L "$LOCALCERTSDIR" -type f | while read crt
+ find -L "$LOCALCERTSDIR" -type f -name '*.crt' | while read crt
do
add "$crt"
done