From 778b0a8b2cd632c2ce204fe7e754886f0843a51c Mon Sep 17 00:00:00 2001 From: Michael Shuler Date: Sat, 17 Sep 2011 17:11:42 -0500 Subject: [PATCH] Import Debian version 20090624 --- debian/NEWS | 18 + debian/README.Debian | 7 + debian/changelog | 28 ++ debian/control | 2 +- debian/copyright | 36 +- debian/docs | 2 - debian/oldpemfiles | 92 ----- debian/postinst | 13 +- debian/postrm | 1 + debian/rules | 14 - mozilla/Makefile | 2 +- mozilla/blacklist.txt | 8 + mozilla/certdata.txt | 733 ++++++++++++++++++++++++++++++++-- mozilla/certdata2pem.py | 124 ++++++ sbin/update-ca-certificates | 130 ++++-- sbin/update-ca-certificates.8 | 20 +- 16 files changed, 1035 insertions(+), 195 deletions(-) delete mode 100644 debian/docs delete mode 100644 debian/oldpemfiles create mode 100644 mozilla/blacklist.txt create mode 100644 mozilla/certdata2pem.py mode change 100644 => 100755 sbin/update-ca-certificates diff --git a/debian/NEWS b/debian/NEWS index 1e19c94..19c6f38 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,21 @@ +ca-certificates (20090624) unstable; urgency=low + + * This update eases the installation of local certification authorities + by providing a canonical location in `/usr/local/share/ca-certificates'. + All certificates found in this directory will automatically be included + into the list of trusted certificates. For details please see + `/usr/share/doc/ca-certificates/README.Debian'. + * New CA certificates: + - COMODO ECC Certification Authority + - DigiNotar Root CA + - Network Solutions Certificate Authority + - WellsSecure Public Root Certificate Authority + * Removed CA certificates: + - Equifax Secure Global eBusiness CA + - UTN USERFirst Object Root CA + + -- Philipp Kern Wed, 24 Jun 2009 21:04:45 +0200 + ca-certificates (20080809) unstable; urgency=low * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates. diff --git a/debian/README.Debian b/debian/README.Debian index d0fbef2..4e44347 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -21,6 +21,13 @@ used by the web browsers in Debian. It will also generate the hash symlinks and generate a single-file version in “/etc/ssl/certs/ca-certificates.crt”. +If you want to install local certificate authorities to be implicitly +trusted, please put the certificate files as single files ending with +“.crt“ into “/usr/local/share/ca-certificates” and re-run +“update-ca-certificates”. If you want to prepare a local package +of your certificates, you should depend on “ca-certificates“, install +the PEM files into “/usr/local/share/ca-certificates” as above and call +“update-ca-certificates” in the package's “postinst“. How certificates will be accepted into the ca-certificates package ------------------------------------------------------------------ diff --git a/debian/changelog b/debian/changelog index 821a12a..46f792f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,31 @@ +ca-certificates (20090624) unstable; urgency=low + + * Allow local certificate installation. All certificates found + in `/usr/local/share/ca-certificates' will be automatically added + to the list of trusted certificates in `/etc/ssl/certs'. + (Closes: #352637, #419491, #473677, #476663, #511150) + * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision + 1.51): + + COMODO ECC Certification Authority + + DigiNotar Root CA + + Network Solutions Certificate Authority + + WellsSecure Public Root Certificate Authority + - Equifax Secure Global eBusiness CA + - UTN USERFirst Object Root CA + * Reimplemented the Mozilla certdata parser mainly to exclude explicitly + untrusted certificates. This led to the exclusion of the + "MD5 Collisions Forged Rogue CA 23c3" and its parent + "Equifax Secure Global eBusiness CA". Furthermore code signing-only + certificates are no longer included neither. + * Remove the purging of old PEM files in postinst dating back to + versions earlier than 20030414. + * Hooks are now called at every invocation of `update-ca-certificates'. + If no changes were done to `/etc/ssl/certs', the input for the + hooks will be empty, though. Failure exit codes of hooks will not + tear down the upgrade process anymore. They are printed but ignored. + + -- Philipp Kern Tue, 24 Jun 2009 21:04:08 +0200 + ca-certificates (20081127) unstable; urgency=low * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes: diff --git a/debian/control b/debian/control index 7a59559..943ec87 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: misc Priority: optional Maintainer: Philipp Kern Build-Depends: debhelper (>> 4.1.16), po-debconf -Build-Depends-Indep: ruby +Build-Depends-Indep: python Standards-Version: 3.8.0 Package: ca-certificates diff --git a/debian/copyright b/debian/copyright index fbe8351..fadf8e0 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,11 +1,34 @@ -This is ca-certificates, written and maintained by Fumitoshi UKAI -on Mon, 7 Jan 2002 21:16:51 +0900. +ca-certificates was originally written and maintained by Fumitoshi UKAI + on Mon, 7 Jan 2002 21:16:51 +0900. The original source can always be found at: - ftp://ftp.debian.org/dists/unstable/main/source/ - http://alioth.debian.org/projects/ca-certs/ +ftp://ftp.debian.org/dists/unstable/main/source/ -Copyright (C) 2001-2003 Fumitoshi UKAI + +sbin/update-ca-certificates: + + Copyright (c) 2003 Fumitoshi UKAI + Copyright (c) 2009 Philipp Kern + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +mozilla/certdata2pem.py: + + Copyright (c) 2009 Philipp Kern + (based on a Ruby script by Fumitoshi UKAI) + Licensed under the same license as sbin/update-ca-certificates. CA certificates from Mozilla as follows: # The contents of this file are subject to the Mozilla Public @@ -40,4 +63,5 @@ CA certificates from Mozilla as follows: # GPL. On Debian GNU/Linux systems, the complete text of the GNU General Public -License can be found in '/usr/share/common-licenses/GPL' +License can be found in '/usr/share/common-licenses/GPL'. + diff --git a/debian/docs b/debian/docs deleted file mode 100644 index 31b00f6..0000000 --- a/debian/docs +++ /dev/null @@ -1,2 +0,0 @@ -debian/oldpemfiles - diff --git a/debian/oldpemfiles b/debian/oldpemfiles deleted file mode 100644 index f6fbbec..0000000 --- a/debian/oldpemfiles +++ /dev/null @@ -1,92 +0,0 @@ -ABAecom_=sub.,_Am._Bankers_Assn.=_Root_CA.pem -AddTrust_External_Root.pem -AddTrust_Non-Validated_Services_Root.pem -AddTrust_Public_Services_Root.pem -AddTrust_Qualified_Certificates_Root.pem -American_Express_CA.pem -American_Express_Global_CA.pem -Baltimore_CyberTrust_Code_Signing_Root.pem -Baltimore_CyberTrust_Mobile_Commerce_Root.pem -Baltimore_CyberTrust_Root.pem -BankEngine_CA.pem -BelSign_Object_Publishing_CA.pem -BelSign_Secure_Server_CA.pem -CertEngine_CA.pem -Deutsche_Telekom_AG_Root_CA.pem -Digital_Signature_Trust_Co._Global_CA_1.pem -Digital_Signature_Trust_Co._Global_CA_2.pem -Digital_Signature_Trust_Co._Global_CA_3.pem -Digital_Signature_Trust_Co._Global_CA_4.pem -E-Certify_CA.pem -E-Certify_RA.pem -Entrust.net_Global_Secure_Personal_CA.pem -Entrust.net_Global_Secure_Server_CA.pem -Xcert_EZ.pem -Entrust.net_Premium_2048_Secure_Server_CA.pem -Entrust.net_Secure_Personal_CA.pem -Entrust.net_Secure_Server_CA.pem -Equifax_Premium_CA.pem -Equifax_Secure_CA.pem -Equifax_Secure_Global_eBusiness_CA.pem -Equifax_Secure_eBusiness_CA_1.pem -Equifax_Secure_eBusiness_CA_2.pem -FortEngine_CA.pem -GTE_CyberTrust_Global_Root.pem -GTE_CyberTrust_Japan_Root_CA.pem -GTE_CyberTrust_Japan_Secure_Server_CA.pem -GTE_CyberTrust_Root_5.pem -GTE_CyberTrust_Root_CA.pem -GlobalSign_Partners_CA.pem -GlobalSign_Primary_Class_1_CA.pem -GlobalSign_Primary_Class_2_CA.pem -GlobalSign_Primary_Class_3_CA.pem -GlobalSign_Root_CA.pem -MailEngine_CA.pem -TC_TrustCenter,_Germany,_Class_0_CA.pem -TC_TrustCenter,_Germany,_Class_1_CA.pem -TC_TrustCenter,_Germany,_Class_2_CA.pem -TC_TrustCenter,_Germany,_Class_3_CA.pem -Thawte_Server_CA.pem -TC_TrustCenter,_Germany,_Class_4_CA.pem -Thawte_Personal_Basic_CA.pem -Thawte_Personal_Freemail_CA.pem -Thawte_Personal_Premium_CA.pem -Thawte_Premium_Server_CA.pem -Thawte_Time_Stamping_CA.pem -Thawte_Universal_CA_Root.pem -TraderEngine_CA.pem -USPS_Production_1.pem -USPS_Root.pem -ValiCert_Class_1_VA.pem -ValiCert_Class_2_VA.pem -ValiCert_Class_3_VA.pem -ValiCert_OCSP_Responder.pem -VeriSign_Class_4_Primary_CA.pem -Verisign_Class_1_Public_Primary_Certification_Authority.pem -Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem -Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem -Verisign_Class_1_Public_Primary_OCSP_Responder.pem -Verisign_Class_2_Public_Primary_Certification_Authority.pem -Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem -Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem -Verisign_Class_2_Public_Primary_OCSP_Responder.pem -Verisign_Class_3_Public_Primary_Certification_Authority.pem -Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem -Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem -Verisign_Class_3_Public_Primary_OCSP_Responder.pem -Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem -Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.pem -Verisign_RSA_Secure_Server_CA.pem -Verisign_Secure_Server_OCSP_Responder.pem -Verisign_Time_Stamping_Authority_CA.pem -Visa_International_Global_Root_1.pem -Visa_International_Global_Root_2.pem -Visa_International_Global_Root_3.pem -Visa_International_Global_Root_4.pem -Visa_International_Global_Root_5.pem -Xcert_Root_CA.pem -Xcert_Root_CA_1024.pem -Xcert_Root_CA_v1.pem -Xcert_Root_CA_v1_1024.pem -beTRUSTed_Root_CA.pem -Debian.pem diff --git a/debian/postinst b/debian/postinst index dbd20e6..ca6aab0 100644 --- a/debian/postinst +++ b/debian/postinst @@ -38,10 +38,15 @@ delca() { case "$1" in configure) - if dpkg --compare-versions "$2" lt 20030414; then - # remove old *.pem files that ca-certificates installed - (cd /etc/ssl/certs; rm -f $(cat /usr/share/doc/ca-certificates/oldpemfiles)) - fi + if [ ! -e /usr/local/share/ca-certificates ] + then + if mkdir /usr/local/share/ca-certificates 2>/dev/null + then + chown root:staff /usr/local/share/ca-certificates + chmod 2775 /usr/local/share/ca-certificates + fi + fi + . /usr/share/debconf/confmodule db_version 2.0 db_capb multiselect diff --git a/debian/postrm b/debian/postrm index e4feb3e..8aa9d3f 100644 --- a/debian/postrm +++ b/debian/postrm @@ -24,6 +24,7 @@ case "$1" in test -f "$h" || rm -f "$h" done echo done. + rmdir /usr/local/share/ca-certificates 2>/dev/null || true ;; purge) diff --git a/debian/rules b/debian/rules index ec220d5..5cbc4c0 100755 --- a/debian/rules +++ b/debian/rules @@ -62,25 +62,11 @@ binary-indep: build install dh_installdebconf dh_installdocs dh_installexamples -# dh_installmenu -# dh_installlogrotate -# dh_installemacsen -# dh_installpam -# dh_installmime -# dh_installinit -# dh_installcron dh_installman sbin/update-ca-certificates.8 -# dh_installinfo -# dh_undocumented dh_installchangelogs -# dh_link -# dh_strip dh_compress dh_fixperms -# dh_makeshlibs dh_installdeb -# dh_perl -# dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb diff --git a/mozilla/Makefile b/mozilla/Makefile index 94ad5b7..6f46118 100644 --- a/mozilla/Makefile +++ b/mozilla/Makefile @@ -3,7 +3,7 @@ # all: - ruby certdata2pem.rb < certdata.txt + python certdata2pem.py clean: -rm -f *.crt diff --git a/mozilla/blacklist.txt b/mozilla/blacklist.txt new file mode 100644 index 0000000..cc3e19b --- /dev/null +++ b/mozilla/blacklist.txt @@ -0,0 +1,8 @@ +# One blacklist entry per line, corresponding to the label in certdata.txt. + +# Parent of "MD5 Collisions Forged Rogue CA 25c3" +"Equifax Secure Global eBusiness CA" + +# MD5 Collision Proof of Concept CA +"MD5 Collisions Forged Rogue CA 25c3" + diff --git a/mozilla/certdata.txt b/mozilla/certdata.txt index d108bfb..11ddc48 100644 --- a/mozilla/certdata.txt +++ b/mozilla/certdata.txt @@ -34,7 +34,7 @@ # the terms of any one of the MPL, the GPL or the LGPL. # # ***** END LICENSE BLOCK ***** -CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.47 $ $Date: 2008/04/07 07:03:15 $" +CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.51 $ $Date: 2009/01/15 22:35:15 $" # # certdata.txt @@ -2678,19 +2678,19 @@ CKA_ISSUER MULTILINE_OCTAL \156\040\122\157\157\164\040\103\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\002\000\000\000\000\000\326\170\267\224\005 +\002\013\004\000\000\000\000\001\025\113\132\303\224 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\165\060\202\002\135\240\003\002\001\002\002\013\002 -\000\000\000\000\000\326\170\267\224\005\060\015\006\011\052\206 -\110\206\367\015\001\001\004\005\000\060\127\061\013\060\011\006 +\060\202\003\165\060\202\002\135\240\003\002\001\002\002\013\004 +\000\000\000\000\001\025\113\132\303\224\060\015\006\011\052\206 +\110\206\367\015\001\001\005\005\000\060\127\061\013\060\011\006 \003\125\004\006\023\002\102\105\061\031\060\027\006\003\125\004 \012\023\020\107\154\157\142\141\154\123\151\147\156\040\156\166 \055\163\141\061\020\060\016\006\003\125\004\013\023\007\122\157 \157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022 \107\154\157\142\141\154\123\151\147\156\040\122\157\157\164\040 \103\101\060\036\027\015\071\070\060\071\060\061\061\062\060\060 -\060\060\132\027\015\061\064\060\061\062\070\061\062\060\060\060 +\060\060\132\027\015\062\070\060\061\062\070\061\062\060\060\060 \060\132\060\127\061\013\060\011\006\003\125\004\006\023\002\102 \105\061\031\060\027\006\003\125\004\012\023\020\107\154\157\142 \141\154\123\151\147\156\040\156\166\055\163\141\061\020\060\016 @@ -2716,27 +2716,27 @@ CKA_VALUE MULTILINE_OCTAL \327\203\064\377\054\052\301\154\031\103\112\007\205\347\323\174 \366\041\150\357\352\362\122\237\177\223\220\317\002\003\001\000 \001\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\000\006\060\035\006\003\125\035\016\004\026\004\024 -\140\173\146\032\105\015\227\312\211\120\057\175\004\315\064\250 -\377\374\375\113\060\017\006\003\125\035\023\001\001\377\004\005 -\060\003\001\001\377\060\015\006\011\052\206\110\206\367\015\001 -\001\004\005\000\003\202\001\001\000\256\252\237\374\267\322\313 -\037\137\071\051\050\030\236\064\311\154\117\157\032\360\144\242 -\160\112\117\023\206\233\140\050\236\350\201\111\230\175\012\273 -\345\260\235\075\066\333\217\005\121\377\011\061\052\037\335\211 -\167\236\017\056\154\225\004\355\206\313\264\000\077\204\002\115 -\200\152\052\055\170\013\256\157\053\242\203\104\203\037\315\120 -\202\114\044\257\275\367\245\264\310\132\017\364\347\107\136\111 -\216\067\226\376\232\210\005\072\331\300\333\051\207\346\031\226 -\107\247\072\246\214\213\074\167\376\106\143\247\123\332\041\321 -\254\176\111\242\113\346\303\147\131\057\263\212\016\273\054\275 -\251\252\102\174\065\301\330\177\325\247\061\072\116\143\103\071 -\257\010\260\141\064\214\323\230\251\103\064\366\017\207\051\073 -\235\302\126\130\230\167\303\367\033\254\366\235\370\076\252\247 -\124\105\360\365\371\325\061\145\376\153\130\234\161\263\036\327 -\122\352\062\027\374\100\140\035\311\171\044\262\366\154\375\250 -\146\016\202\335\230\313\332\302\104\117\056\240\173\362\367\153 -\054\166\021\204\106\212\170\243\343 +\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 +\024\140\173\146\032\105\015\227\312\211\120\057\175\004\315\064 +\250\377\374\375\113\060\015\006\011\052\206\110\206\367\015\001 +\001\005\005\000\003\202\001\001\000\326\163\347\174\117\166\320 +\215\277\354\272\242\276\064\305\050\062\265\174\374\154\234\054 +\053\275\011\236\123\277\153\136\252\021\110\266\345\010\243\263 +\312\075\141\115\323\106\011\263\076\303\240\343\143\125\033\362 +\272\357\255\071\341\103\271\070\243\346\057\212\046\073\357\240 +\120\126\371\306\012\375\070\315\304\013\160\121\224\227\230\004 +\337\303\137\224\325\025\311\024\101\234\304\135\165\144\025\015 +\377\125\060\354\206\217\377\015\357\054\271\143\106\366\252\374 +\337\274\151\375\056\022\110\144\232\340\225\360\246\357\051\217 +\001\261\025\265\014\035\245\376\151\054\151\044\170\036\263\247 +\034\161\142\356\312\310\227\254\027\135\212\302\370\107\206\156 +\052\304\126\061\225\320\147\211\205\053\371\154\246\135\106\235 +\014\252\202\344\231\121\335\160\267\333\126\075\141\344\152\341 +\134\326\366\376\075\336\101\314\007\256\143\122\277\123\123\364 +\053\351\307\375\266\367\202\137\205\322\101\030\333\201\263\004 +\034\305\037\244\200\157\025\040\311\336\014\210\012\035\326\146 +\125\342\374\110\311\051\046\151\340 END # Trust for Certificate "GlobalSign Root CA" @@ -2746,11 +2746,11 @@ CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE CKA_LABEL UTF8 "GlobalSign Root CA" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\057\027\077\175\351\226\147\257\245\172\370\012\242\321\261\057 -\254\203\003\070 +\261\274\226\213\324\364\235\142\052\250\232\201\362\025\001\122 +\244\035\202\234 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\253\277\352\343\153\051\246\314\246\170\065\231\357\255\053\200 +\076\105\122\025\011\121\222\341\267\135\067\237\261\207\051\212 END CKA_ISSUER MULTILINE_OCTAL \060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061 @@ -2761,7 +2761,7 @@ CKA_ISSUER MULTILINE_OCTAL \156\040\122\157\157\164\040\103\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\002\000\000\000\000\000\326\170\267\224\005 +\002\013\004\000\000\000\000\001\025\113\132\303\224 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -16957,3 +16957,674 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "DigiNotar Root CA" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "DigiNotar Root CA" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 +\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 +\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 +\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 +\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 +\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 +\154 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 +\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 +\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 +\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 +\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 +\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 +\154 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223 +\074\114 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\212\060\202\003\162\240\003\002\001\002\002\020\014 +\166\332\234\221\014\116\054\236\376\025\320\130\223\074\114\060 +\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\137 +\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022\060 +\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164\141 +\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147\151 +\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040\060 +\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151\156 +\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154\060 +\036\027\015\060\067\060\065\061\066\061\067\061\071\063\066\132 +\027\015\062\065\060\063\063\061\061\070\061\071\062\061\132\060 +\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022 +\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164 +\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147 +\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040 +\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151 +\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\254\260\130\301\000\275\330\041\010\013\053\232\376\156\126 +\060\005\237\033\167\220\020\101\134\303\015\207\021\167\216\201 +\361\312\174\351\214\152\355\070\164\065\273\332\337\371\273\300 +\011\067\264\226\163\201\175\063\032\230\071\367\223\157\225\177 +\075\271\261\165\207\272\121\110\350\213\160\076\225\004\305\330 +\266\303\026\331\210\260\261\207\035\160\332\206\264\017\024\213 +\172\317\020\321\164\066\242\022\173\167\206\112\171\346\173\337 +\002\021\150\245\116\206\256\064\130\233\044\023\170\126\042\045 +\036\001\213\113\121\161\373\202\314\131\226\151\210\132\150\123 +\305\271\015\002\067\313\113\274\146\112\220\176\052\013\005\007 +\355\026\137\125\220\165\330\106\311\033\203\342\010\276\361\043 +\314\231\035\326\052\017\203\040\025\130\047\202\056\372\342\042 +\302\111\261\271\001\201\152\235\155\235\100\167\150\166\116\041 +\052\155\204\100\205\116\166\231\174\202\363\363\267\002\131\324 +\046\001\033\216\337\255\123\006\321\256\030\335\342\262\072\313 +\327\210\070\216\254\133\051\271\031\323\230\371\030\003\317\110 +\202\206\146\013\033\151\017\311\353\070\210\172\046\032\005\114 +\222\327\044\324\226\362\254\122\055\243\107\325\122\366\077\376 +\316\204\006\160\246\252\076\242\362\266\126\064\030\127\242\344 +\201\155\347\312\360\152\323\307\221\153\002\203\101\174\025\357 +\153\232\144\136\343\320\074\345\261\353\173\135\206\373\313\346 +\167\111\315\243\145\334\367\271\234\270\344\013\137\223\317\314 +\060\032\062\034\316\034\143\225\245\371\352\341\164\213\236\351 +\053\251\060\173\240\030\037\016\030\013\345\133\251\323\321\154 +\036\007\147\217\221\113\251\212\274\322\146\252\223\001\210\262 +\221\372\061\134\325\246\301\122\010\011\315\012\143\242\323\042 +\246\350\241\331\071\006\227\365\156\215\002\220\214\024\173\077 +\200\315\033\234\272\304\130\162\043\257\266\126\237\306\172\102 +\063\051\007\077\202\311\346\037\005\015\315\114\050\066\213\323 +\310\076\034\306\210\357\136\356\211\144\351\035\353\332\211\176 +\062\246\151\321\335\314\210\237\321\320\311\146\041\334\006\147 +\305\224\172\232\155\142\114\175\314\340\144\200\262\236\107\216 +\243\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 +\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 +\035\016\004\026\004\024\210\150\277\340\216\065\304\073\070\153 +\142\367\050\073\204\201\310\014\327\115\060\015\006\011\052\206 +\110\206\367\015\001\001\005\005\000\003\202\002\001\000\073\002 +\215\313\074\060\350\156\240\255\362\163\263\137\236\045\023\004 +\005\323\366\343\213\273\013\171\316\123\336\344\226\305\321\257 +\163\274\325\303\320\100\125\174\100\177\315\033\137\011\325\362 +\174\237\150\035\273\135\316\172\071\302\214\326\230\173\305\203 +\125\250\325\175\100\312\340\036\367\211\136\143\135\241\023\302 +\135\212\266\212\174\000\363\043\303\355\205\137\161\166\360\150 +\143\252\105\041\071\110\141\170\066\334\361\103\223\324\045\307 +\362\200\145\341\123\002\165\121\374\172\072\357\067\253\204\050 +\127\014\330\324\324\231\126\154\343\242\376\131\204\264\061\350 +\063\370\144\224\224\121\227\253\071\305\113\355\332\335\200\013 +\157\174\051\015\304\216\212\162\015\347\123\024\262\140\101\075 +\204\221\061\150\075\047\104\333\345\336\364\372\143\105\310\114 +\076\230\365\077\101\272\116\313\067\015\272\146\230\361\335\313 +\237\134\367\124\066\202\153\054\274\023\141\227\102\370\170\273 +\314\310\242\237\312\360\150\275\153\035\262\337\215\157\007\235 +\332\216\147\307\107\036\312\271\277\052\102\221\267\143\123\146 +\361\102\243\341\364\132\115\130\153\265\344\244\063\255\134\160 +\035\334\340\362\353\163\024\221\232\003\301\352\000\145\274\007 +\374\317\022\021\042\054\256\240\275\072\340\242\052\330\131\351 +\051\323\030\065\244\254\021\137\031\265\265\033\377\042\112\134 +\306\172\344\027\357\040\251\247\364\077\255\212\247\232\004\045 +\235\016\312\067\346\120\375\214\102\051\004\232\354\271\317\113 +\162\275\342\010\066\257\043\057\142\345\312\001\323\160\333\174 +\202\043\054\026\061\014\306\066\007\220\172\261\037\147\130\304 +\073\130\131\211\260\214\214\120\263\330\206\313\150\243\304\012 +\347\151\113\040\316\301\036\126\113\225\251\043\150\330\060\330 +\303\353\260\125\121\315\345\375\053\270\365\273\021\237\123\124 +\366\064\031\214\171\011\066\312\141\027\045\027\013\202\230\163 +\014\167\164\303\325\015\307\250\022\114\307\247\124\161\107\056 +\054\032\175\311\343\053\073\110\336\047\204\247\143\066\263\175 +\217\240\144\071\044\015\075\173\207\257\146\134\164\033\113\163 +\262\345\214\360\206\231\270\345\305\337\204\301\267\353 +END + +# Trust for Certificate "DigiNotar Root CA" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "DigiNotar Root CA" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\300\140\355\104\313\330\201\275\016\370\154\013\242\207\335\317 +\201\147\107\214 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\172\171\124\115\007\222\073\133\377\101\360\016\307\071\242\230 +END +CKA_ISSUER MULTILINE_OCTAL +\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 +\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 +\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 +\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 +\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 +\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 +\154 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223 +\074\114 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Network Solutions Certificate Authority" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Network Solutions Certificate Authority" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162 +\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056 +\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164 +\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103 +\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 +\162\151\164\171 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162 +\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056 +\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164 +\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103 +\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 +\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\127\313\063\157\302\134\026\346\107\026\027\343\220\061 +\150\340 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\346\060\202\002\316\240\003\002\001\002\002\020\127 +\313\063\157\302\134\026\346\107\026\027\343\220\061\150\340\060 +\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\142 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\041\060 +\037\006\003\125\004\012\023\030\116\145\164\167\157\162\153\040 +\123\157\154\165\164\151\157\156\163\040\114\056\114\056\103\056 +\061\060\060\056\006\003\125\004\003\023\047\116\145\164\167\157 +\162\153\040\123\157\154\165\164\151\157\156\163\040\103\145\162 +\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 +\164\171\060\036\027\015\060\066\061\062\060\061\060\060\060\060 +\060\060\132\027\015\062\071\061\062\063\061\062\063\065\071\065 +\071\132\060\142\061\013\060\011\006\003\125\004\006\023\002\125 +\123\061\041\060\037\006\003\125\004\012\023\030\116\145\164\167 +\157\162\153\040\123\157\154\165\164\151\157\156\163\040\114\056 +\114\056\103\056\061\060\060\056\006\003\125\004\003\023\047\116 +\145\164\167\157\162\153\040\123\157\154\165\164\151\157\156\163 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\060\202\001\042\060\015\006\011\052\206 +\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202 +\001\012\002\202\001\001\000\344\274\176\222\060\155\306\330\216 +\053\013\274\106\316\340\047\226\336\336\371\372\022\323\074\063 +\163\263\004\057\274\161\214\345\237\266\042\140\076\137\135\316 +\011\377\202\014\033\232\121\120\032\046\211\335\325\141\135\031 +\334\022\017\055\012\242\103\135\027\320\064\222\040\352\163\317 +\070\054\006\046\011\172\162\367\372\120\062\370\302\223\323\151 +\242\043\316\101\261\314\344\325\037\066\321\212\072\370\214\143 +\342\024\131\151\355\015\323\177\153\350\270\003\345\117\152\345 +\230\143\151\110\005\276\056\377\063\266\351\227\131\151\370\147 +\031\256\223\141\226\104\025\323\162\260\077\274\152\175\354\110 +\177\215\303\253\252\161\053\123\151\101\123\064\265\260\271\305 +\006\012\304\260\105\365\101\135\156\211\105\173\075\073\046\214 +\164\302\345\322\321\175\262\021\324\373\130\062\042\232\200\311 +\334\375\014\351\177\136\003\227\316\073\000\024\207\047\160\070 +\251\216\156\263\047\166\230\121\340\005\343\041\253\032\325\205 +\042\074\051\265\232\026\305\200\250\364\273\153\060\217\057\106 +\002\242\261\014\042\340\323\002\003\001\000\001\243\201\227\060 +\201\224\060\035\006\003\125\035\016\004\026\004\024\041\060\311 +\373\000\327\116\230\332\207\252\052\320\247\056\261\100\061\247 +\114\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 +\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\122\006\003\125\035\037\004\113\060\111\060\107\240 +\105\240\103\206\101\150\164\164\160\072\057\057\143\162\154\056 +\156\145\164\163\157\154\163\163\154\056\143\157\155\057\116\145 +\164\167\157\162\153\123\157\154\165\164\151\157\156\163\103\145 +\162\164\151\146\151\143\141\164\145\101\165\164\150\157\162\151 +\164\171\056\143\162\154\060\015\006\011\052\206\110\206\367\015 +\001\001\005\005\000\003\202\001\001\000\273\256\113\347\267\127 +\353\177\252\055\267\163\107\205\152\301\344\245\035\344\347\074 +\351\364\131\145\167\265\172\133\132\215\045\066\340\172\227\056 +\070\300\127\140\203\230\006\203\237\271\166\172\156\120\340\272 +\210\054\374\105\314\030\260\231\225\121\016\354\035\270\210\377 +\207\120\034\202\302\343\340\062\200\277\240\013\107\310\303\061 +\357\231\147\062\200\117\027\041\171\014\151\134\336\136\064\256 +\002\265\046\352\120\337\177\030\145\054\311\362\143\341\251\007 +\376\174\161\037\153\063\044\152\036\005\367\005\150\300\152\022 +\313\056\136\141\313\256\050\323\176\302\264\146\221\046\137\074 +\056\044\137\313\130\017\353\050\354\257\021\226\363\334\173\157 +\300\247\210\362\123\167\263\140\136\256\256\050\332\065\054\157 +\064\105\323\046\341\336\354\133\117\047\153\026\174\275\104\004 +\030\202\263\211\171\027\020\161\075\172\242\026\116\365\001\315 +\244\154\145\150\241\111\166\134\103\311\330\274\066\147\154\245 +\224\265\324\314\271\275\152\065\126\041\336\330\303\353\373\313 +\244\140\114\260\125\240\240\173\127\262 +END + +# Trust for Certificate "Network Solutions Certificate Authority" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Network Solutions Certificate Authority" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\164\370\243\303\357\347\263\220\006\113\203\220\074\041\144\140 +\040\345\337\316 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\323\363\246\026\300\372\153\035\131\261\055\226\115\016\021\056 +END +CKA_ISSUER MULTILINE_OCTAL +\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162 +\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056 +\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164 +\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103 +\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 +\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\127\313\063\157\302\134\026\346\107\026\027\343\220\061 +\150\340 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "WellsSecure Public Root Certificate Authority" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "WellsSecure Public Root Certificate Authority" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163 +\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165 +\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154 +\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101 +\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163 +\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157 +\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101 +\165\164\150\157\162\151\164\171 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163 +\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165 +\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154 +\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101 +\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163 +\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157 +\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101 +\165\164\150\157\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\001 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\004\275\060\202\003\245\240\003\002\001\002\002\001\001 +\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 +\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163\040 +\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165\162 +\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154\154 +\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101\061 +\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163\123 +\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157\157 +\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165 +\164\150\157\162\151\164\171\060\036\027\015\060\067\061\062\061 +\063\061\067\060\067\065\064\132\027\015\062\062\061\062\061\064 +\060\060\060\067\065\064\132\060\201\205\061\013\060\011\006\003 +\125\004\006\023\002\125\123\061\040\060\036\006\003\125\004\012 +\014\027\127\145\154\154\163\040\106\141\162\147\157\040\127\145 +\154\154\163\123\145\143\165\162\145\061\034\060\032\006\003\125 +\004\013\014\023\127\145\154\154\163\040\106\141\162\147\157\040 +\102\141\156\153\040\116\101\061\066\060\064\006\003\125\004\003 +\014\055\127\145\154\154\163\123\145\143\165\162\145\040\120\165 +\142\154\151\143\040\122\157\157\164\040\103\145\162\164\151\146 +\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171\060 +\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001 +\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000 +\356\157\264\275\171\342\217\010\041\236\070\004\101\045\357\253 +\133\034\123\222\254\155\236\335\302\304\056\105\224\003\065\210 +\147\164\127\343\337\214\270\247\166\217\073\367\250\304\333\051 +\143\016\221\150\066\212\227\216\212\161\150\011\007\344\350\324 +\016\117\370\326\053\114\244\026\371\357\103\230\217\263\236\122 +\337\155\221\071\217\070\275\167\213\103\143\353\267\223\374\060 +\114\034\001\223\266\023\373\367\241\037\277\045\341\164\067\054 +\036\244\136\074\150\370\113\277\015\271\036\056\066\350\251\344 +\247\370\017\313\202\165\174\065\055\042\326\302\277\013\363\264 +\374\154\225\141\036\127\327\004\201\062\203\122\171\346\203\143 +\317\267\313\143\213\021\342\275\136\353\366\215\355\225\162\050 +\264\254\022\142\351\112\063\346\203\062\256\005\165\225\275\204 +\225\333\052\134\233\216\056\014\270\201\053\101\346\070\126\237 +\111\233\154\166\372\212\135\367\001\171\201\174\301\203\100\005 +\376\161\375\014\077\314\116\140\011\016\145\107\020\057\001\300 +\005\077\217\370\263\101\357\132\102\176\131\357\322\227\014\145 +\002\003\001\000\001\243\202\001\064\060\202\001\060\060\017\006 +\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\071 +\006\003\125\035\037\004\062\060\060\060\056\240\054\240\052\206 +\050\150\164\164\160\072\057\057\143\162\154\056\160\153\151\056 +\167\145\154\154\163\146\141\162\147\157\056\143\157\155\057\167 +\163\160\162\143\141\056\143\162\154\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\001\306\060\035\006\003\125\035\016 +\004\026\004\024\046\225\031\020\331\350\241\227\221\377\334\031 +\331\265\004\076\322\163\012\152\060\201\262\006\003\125\035\043 +\004\201\252\060\201\247\200\024\046\225\031\020\331\350\241\227 +\221\377\334\031\331\265\004\076\322\163\012\152\241\201\213\244 +\201\210\060\201\205\061\013\060\011\006\003\125\004\006\023\002 +\125\123\061\040\060\036\006\003\125\004\012\014\027\127\145\154 +\154\163\040\106\141\162\147\157\040\127\145\154\154\163\123\145 +\143\165\162\145\061\034\060\032\006\003\125\004\013\014\023\127 +\145\154\154\163\040\106\141\162\147\157\040\102\141\156\153\040 +\116\101\061\066\060\064\006\003\125\004\003\014\055\127\145\154 +\154\163\123\145\143\165\162\145\040\120\165\142\154\151\143\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\145 +\040\101\165\164\150\157\162\151\164\171\202\001\001\060\015\006 +\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001 +\000\271\025\261\104\221\314\043\310\053\115\167\343\370\232\173 +\047\015\315\162\273\231\000\312\174\146\031\120\306\325\230\355 +\253\277\003\132\345\115\345\036\310\117\161\227\206\325\343\035 +\375\220\311\074\165\167\127\172\175\370\336\364\324\325\367\225 +\346\164\156\035\074\256\174\235\333\002\003\005\054\161\113\045 +\076\007\343\136\232\365\146\027\051\210\032\070\237\317\252\101 +\003\204\227\153\223\070\172\312\060\104\033\044\104\063\320\344 +\321\334\050\070\364\023\103\065\065\051\143\250\174\242\265\255 +\070\244\355\255\375\306\232\037\377\227\163\376\373\263\065\247 +\223\206\306\166\221\000\346\254\121\026\304\047\062\134\333\163 +\332\245\223\127\216\076\155\065\046\010\131\325\347\104\327\166 +\040\143\347\254\023\147\303\155\261\160\106\174\325\226\021\075 +\211\157\135\250\241\353\215\012\332\303\035\063\154\243\352\147 +\031\232\231\177\113\075\203\121\052\035\312\057\206\014\242\176 +\020\055\053\324\026\225\013\007\252\056\024\222\111\267\051\157 +\330\155\061\175\365\374\241\020\007\207\316\057\131\334\076\130 +\333 +END + +# Trust for Certificate "WellsSecure Public Root Certificate Authority" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "WellsSecure Public Root Certificate Authority" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\347\264\366\235\141\354\220\151\333\176\220\247\100\032\074\364 +\175\117\350\356 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\025\254\245\302\222\055\171\274\350\177\313\147\355\002\317\066 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163 +\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165 +\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154 +\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101 +\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163 +\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157 +\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101 +\165\164\150\157\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\001 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "COMODO ECC Certification Authority" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "COMODO ECC Certification Authority" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 +\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 +\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 +\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 +\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 +\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 +\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 +\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 +\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 +\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 +\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 +\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 +\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143 +\231\052 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037 +\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060 +\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013 +\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006 +\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141 +\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004 +\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003 +\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114 +\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023 +\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164 +\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 +\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060 +\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071 +\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023 +\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162 +\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162 +\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157 +\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115 +\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053 +\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040 +\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157 +\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006 +\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003 +\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221 +\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341 +\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344 +\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011 +\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011 +\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262 +\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026 +\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224 +\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075 +\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254 +\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346 +\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316 +\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223 +\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157 +\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346 +\334\335\363\377\035\054\072\026\127\331\222\071\326 +END + +# Trust for Certificate "COMODO ECC Certification Authority" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "COMODO ECC Certification Authority" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216 +\055\223\303\021 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 +\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 +\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 +\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 +\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 +\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 +\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143 +\231\052 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "MD5 Collisions Forged Rogue CA 25c3" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065 +\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056 +\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162 +\145\145\144\157\155\056\157\162\147\057\155\144\065\051 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141 +\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060 +\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040 +\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102 +\165\163\151\156\145\163\163\040\103\101\055\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\102 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102 +\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060 +\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034 +\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170 +\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053 +\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123 +\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165 +\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060 +\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064 +\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060 +\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154 +\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164 +\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155 +\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060 +\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370 +\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121 +\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333 +\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217 +\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303 +\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336 +\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050 +\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010 +\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060 +\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306 +\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 +\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037 +\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353 +\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240 +\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150 +\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015 +\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340 +\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010 +\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371 +\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271 +\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376 +\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160 +\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026 +\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111 +\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046 +\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236 +\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066 +\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004 +\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107 +\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214 +\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003 +\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016 +\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051 +\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004 +\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072 +\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143 +\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141 +\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026 +\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250 +\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060 +\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001 +\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004 +\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004 +\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045 +\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034 +\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263 +\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145 +\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114 +\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104 +\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165 +\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352 +\321\236\164\310\166\147 +END + +# Trust for Certificate "MD5 Collisions Forged Rogue CA 25c3" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253 +\005\132\213\212 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070 +END +CKA_ISSUER MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141 +\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060 +\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040 +\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102 +\165\163\151\156\145\163\163\040\103\101\055\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\102 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py new file mode 100644 index 0000000..d40b659 --- /dev/null +++ b/mozilla/certdata2pem.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# vim:set et sw=4: +# +# certdata2pem.py - splits certdata.txt into multiple files +# +# Copyright (C) 2009 Philipp Kern +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +import base64 +import os.path +import re +import sys +import textwrap + +objects = [] + +# Dirty file parser. +in_data, in_multiline, in_obj = False, False, False +field, type, value, obj = None, None, None, dict() +for line in open('certdata.txt', 'r'): + # Ignore the file header. + if not in_data: + if line.startswith('BEGINDATA'): + in_data = True + continue + # Ignore comment lines. + if line.startswith('#'): + continue + # Empty lines are significant if we are inside an object. + if in_obj and len(line.strip()) == 0: + objects.append(obj) + obj = dict() + in_obj = False + continue + if len(line.strip()) == 0: + continue + if in_multiline: + if not line.startswith('END'): + if type == 'MULTILINE_OCTAL': + line = line.strip() + for i in re.finditer(r'\\([0-3][0-7][0-7])', line): + value += chr(int(i.group(1), 8)) + else: + value += line + continue + obj[field] = value + in_multiline = False + continue + if line.startswith('CKA_CLASS'): + in_obj = True + line_parts = line.strip().split(' ', 2) + if len(line_parts) > 2: + field, type = line_parts[0:2] + value = ' '.join(line_parts[2:]) + elif len(line_parts) == 2: + field, type = line_parts + value = None + else: + raise NotImplementedError, 'line_parts < 2 not supported.' + if type == 'MULTILINE_OCTAL': + in_multiline = True + value = "" + continue + obj[field] = value +if len(obj.items()) > 0: + objects.append(obj) + +# Read blacklist. +blacklist = [] +if os.path.exists('blacklist.txt'): + for line in open('blacklist.txt', 'r'): + line = line.strip() + if line.startswith('#') or len(line) == 0: + continue + item = line.split('#', 1)[0].strip() + blacklist.append(item) + +# Build up trust database. +trust = dict() +for obj in objects: + if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST': + continue + if obj['CKA_LABEL'] in blacklist: + print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'] + elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR': + trust[obj['CKA_LABEL']] = True + elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR': + trust[obj['CKA_LABEL']] = True + elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED': + print '!'*74 + print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'] + print '!'*74 + else: + print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \ + (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], + obj['CKA_TRUST_EMAIL_PROTECTION']) + +for obj in objects: + if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': + if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: + continue + fname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ + .replace(' ', '_')\ + .replace('(', '=')\ + .replace(')', '=')\ + .replace(',', '_') + '.crt' + f = open(fname, 'w') + f.write("-----BEGIN CERTIFICATE-----\n") + f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64))) + f.write("\n-----END CERTIFICATE-----\n") + diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates old mode 100644 new mode 100755 index 46e4c10..728e909 --- a/sbin/update-ca-certificates +++ b/sbin/update-ca-certificates @@ -3,6 +3,7 @@ # update-ca-certificates # # Copyright (c) 2003 Fumitoshi UKAI +# Copyright (c) 2009 Philipp Kern # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -37,8 +38,47 @@ done CERTSCONF=/etc/ca-certificates.conf CERTSDIR=/usr/share/ca-certificates +LOCALCERTSDIR=/usr/local/share/ca-certificates CERTBUNDLE=ca-certificates.crt ETCCERTSDIR=/etc/ssl/certs + +cleanup() { + rm -f "$TEMPBUNDLE" + rm -f "$ADDED" + rm -f "$REMOVED" +} +trap cleanup 0 + +# Helper files. (Some of them are not simple arrays because we spawn +# subshells later on.) +TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")" +ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" +REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" + +# Adds a certificate to the list of trusted ones. This includes a symlink +# in /etc/ssl/certs to the certificate file and its inclusion into the +# bundle. +add() { + CERT="$1" + PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem" + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] + then + ln -sf "$CERT" "$PEM" + echo +$PEM >> "$ADDED" + fi + cat "$CERT" >> "$TEMPBUNDLE" +} + +remove() { + CERT="$1" + PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem" + if test -L "$PEM" + then + rm -f "$PEM" + echo -$PEM >> "$REMOVED" + fi +} + cd $ETCCERTSDIR if [ "$fresh" = 1 ]; then echo -n "Clearing symlinks in $ETCCERTSDIR..." @@ -54,49 +94,65 @@ if [ "$fresh" = 1 ]; then done echo "done." fi -echo -n "Updating certificates in $ETCCERTSDIR...." -bundletmp=`mktemp "${CERTBUNDLE}.tmp.XXXXXX"` -removed="$(sed -ne 's/^!//p' $CERTSCONF | while read crt +echo -n "Updating certificates in $ETCCERTSDIR... " + +# Handle certificates that should be removed. This is an explicit act +# by prefixing lines in the configuration files with exclamation marks (!). +sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt do - if test "$crt" = ""; then continue; fi - pem=$(basename "$crt" .crt).pem - if test -e "$pem"; then - rm -f "$pem" - echo "-$ETCCERTSDIR/$pem" - fi -done)" - -added="$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt + remove "$CERTSDIR/$crt" +done + +sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt do - if test "$crt" = ""; then continue; fi - if ! test -f "$CERTSDIR/$crt"; then continue; fi - pem=$(basename "$crt" .crt).pem - if ! test -e "$pem"; then echo "+$ETCCERTSDIR/$pem"; fi - ln -sf "$CERTSDIR/$crt" "$pem" - cat "$CERTSDIR/$crt" >> "$bundletmp" -done)" -chmod 0644 "$bundletmp" -mv -f "$bundletmp" "$CERTBUNDLE" - -if [ -n "$added" ] || [ -n "$removed" ]; then - # only run if set of files has changed + if ! test -f "$CERTSDIR/$crt" + then + echo "W: $CERTSDIR/$crt not found, but listed in $CERTSCONF." >&2 + continue + fi + add "$CERTSDIR/$crt" +done - if [ "$verbose" = 0 ]; then +# Now process certificate authorities installed by the local system +# administrator. +if [ -d "$LOCALCERTSDIR" ] +then + find -L "$LOCALCERTSDIR" -type f | while read crt + do + add "$crt" + done +fi + +chmod 0644 "$TEMPBUNDLE" +mv -f "$TEMPBUNDLE" "$CERTBUNDLE" + +ADDED_CNT=$(wc -l < "$ADDED") +REMOVED_CNT=$(wc -l < "$REMOVED") + +if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ] +then + # only run if set of files has changed + if [ "$verbose" = 0 ] + then c_rehash . > /dev/null 2>&1 else c_rehash . fi - echo "done." - - HOOKSDIR=/etc/ca-certificates/update.d - echo -n "Running hooks in $HOOKSDIR...." - VERBOSE_ARG= - [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose - eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook; do - printf -- "${removed:+$removed\n}${added:+$added\n}" | eval $hook - done - echo "done." -else - echo "done." fi + +echo "$ADDED_CNT added, $REMOVED_CNT removed; done." + +HOOKSDIR=/etc/ca-certificates/update.d +echo -n "Running hooks in $HOOKSDIR...." +VERBOSE_ARG= +[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose +eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook +do + ( cat $ADDED + cat $REMOVED ) | $hook || echo E: $hook exited with code $?. +done +echo "done." + +# vim:set et sw=2: + diff --git a/sbin/update-ca-certificates.8 b/sbin/update-ca-certificates.8 index 3c71502..65aa7de 100644 --- a/sbin/update-ca-certificates.8 +++ b/sbin/update-ca-certificates.8 @@ -26,14 +26,18 @@ This manual page documents briefly the commands. This manual page was written for the Debian distribution. .PP -\fBupdate-ca-certificates\fP is a program that updates /etc/ssl/certs -directory to hold SSL certificates and generates certificates.crt that is -single-file version of CA certificates. +\fBupdate-ca-certificates\fP is a program that updates the directory +/etc/ssl/certs to hold SSL certificates and generates certificates.crt, +a concatenated single-file list of certificates. .PP -It reads /etc/ca-certificates.conf file. Each lines list pathname of -activated CA certificates under /usr/share/ca-certificates. -Lines that begin with "#" is comment line. -Lines that begin with "!" is deselect, deactivation of the CA certificates. +It reads the file /etc/ca-certificates.conf. Each line gives a pathname of +a CA certificate under /usr/share/ca-certificates that should be trusted. +Lines that begin with "#" are comment lines and thus ignored. +Lines that begin with "!" are deselected, causing the deactivation of the CA +certificate in question. +.PP +Furthermore all certificates found below /usr/local/share/ca-certificates +are also included as implicitly trusted. .PP Before terminating, \fBupdate-ca-certificates\fP invokes \fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with @@ -61,6 +65,8 @@ all CA certificates that you activated in /etc/ca-certificates.conf. .TP .I /usr/share/ca-certificates Directory of CA certificates. +.I /usr/local/share/ca-certificates +Directory of local CA certificates. .SH SEE ALSO .BR c_rehash (1), .SH AUTHOR -- 2.39.2