From 8cfe8b5ed220ba7b8ef8db9de5dcec0fd4ede679 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Mon, 22 Jul 2019 10:19:48 -0700 Subject: [PATCH 1/3] tools: update certdata.txt This is the certdata.txt[0] from NSS 3.45, released on 2019-07-05. This is the version of NSS that will ship in Firefox 69 on 2019-09-03. [0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_45_RTM/lib/ckfw/builtins/certdata.txt --- tools/certdata.txt | 166 --------------------------------------------- 1 file changed, 166 deletions(-) diff --git a/tools/certdata.txt b/tools/certdata.txt index 61ce1dee63db31..3466f6ee40ed90 100644 --- a/tools/certdata.txt +++ b/tools/certdata.txt @@ -17745,172 +17745,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Certinomis - Root CA" -# -# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Serial Number: 1 (0x1) -# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Not Valid Before: Mon Oct 21 09:17:18 2013 -# Not Valid After : Fri Oct 21 09:17:18 2033 -# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58 -# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certinomis - Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\222\060\202\003\172\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\023 -\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156\157 -\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060\060 -\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060\033 -\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155\151 -\163\040\055\040\122\157\157\164\040\103\101\060\036\027\015\061 -\063\061\060\062\061\060\071\061\067\061\070\132\027\015\063\063 -\061\060\062\061\060\071\061\067\061\070\132\060\132\061\013\060 -\011\006\003\125\004\006\023\002\106\122\061\023\060\021\006\003 -\125\004\012\023\012\103\145\162\164\151\156\157\155\151\163\061 -\027\060\025\006\003\125\004\013\023\016\060\060\060\062\040\064 -\063\063\071\071\070\071\060\063\061\035\060\033\006\003\125\004 -\003\023\024\103\145\162\164\151\156\157\155\151\163\040\055\040 -\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\324\314\011\012\054\077\222\366 -\177\024\236\013\234\232\152\035\100\060\144\375\252\337\016\036 -\006\133\237\120\205\352\315\215\253\103\147\336\260\372\176\200 -\226\236\204\170\222\110\326\343\071\356\316\344\131\130\227\345 -\056\047\230\352\223\250\167\233\112\360\357\164\200\055\353\060 -\037\265\331\307\200\234\142\047\221\210\360\112\211\335\334\210 -\346\024\371\325\003\057\377\225\333\275\237\354\054\372\024\025 -\131\225\012\306\107\174\151\030\271\247\003\371\312\166\251\317 -\307\157\264\136\005\376\356\301\122\262\165\062\207\354\355\051 -\146\073\363\112\026\202\366\326\232\333\162\230\351\336\360\305 -\114\245\253\265\352\001\342\214\056\144\177\144\157\375\243\045 -\223\213\310\242\016\111\215\064\360\037\354\130\105\056\064\252 -\204\120\275\347\262\112\023\270\260\017\256\070\135\260\251\033 -\346\163\311\132\241\331\146\100\252\251\115\246\064\002\255\204 -\176\262\043\301\373\052\306\147\364\064\266\260\225\152\063\117 -\161\104\265\255\300\171\063\210\340\277\355\243\240\024\264\234 -\011\260\012\343\140\276\370\370\146\210\315\133\361\167\005\340 -\265\163\156\301\175\106\056\216\113\047\246\315\065\012\375\345 -\115\175\252\052\243\051\307\132\150\004\350\345\326\223\244\142 -\302\305\346\364\117\306\371\237\032\215\202\111\031\212\312\131 -\103\072\350\015\062\301\364\114\023\003\157\156\246\077\221\163 -\313\312\163\157\022\040\213\356\300\202\170\336\113\056\302\111 -\303\035\355\026\366\044\364\047\033\134\127\061\334\125\356\250 -\036\157\154\254\342\105\314\127\127\212\165\127\031\340\265\130 -\231\111\066\061\074\063\001\155\026\112\315\270\052\203\204\206 -\233\371\140\322\037\155\221\003\323\140\246\325\075\232\335\167 -\220\075\065\244\237\017\136\365\122\104\151\271\300\272\334\317 -\175\337\174\331\304\254\206\042\062\274\173\153\221\357\172\370 -\027\150\260\342\123\125\140\055\257\076\302\203\330\331\011\053 -\360\300\144\333\207\213\221\314\221\353\004\375\166\264\225\232 -\346\024\006\033\325\064\035\276\330\377\164\034\123\205\231\340 -\131\122\112\141\355\210\236\153\111\211\106\176\040\132\331\347 -\112\345\152\356\322\145\021\103\002\003\001\000\001\243\143\060 -\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\035\006\003\125\035\016\004\026\004\024\357\221\114 -\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170\164 -\331\060\037\006\003\125\035\043\004\030\060\026\200\024\357\221 -\114\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170 -\164\331\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\003\202\002\001\000\176\075\124\332\042\135\032\130\076\073 -\124\047\272\272\314\310\343\032\152\352\076\371\022\353\126\137 -\075\120\316\340\352\110\046\046\317\171\126\176\221\034\231\077 -\320\241\221\034\054\017\117\230\225\131\123\275\320\042\330\210 -\135\234\067\374\373\144\301\170\214\213\232\140\011\352\325\372 -\041\137\320\164\145\347\120\305\277\056\271\013\013\255\265\260 -\027\246\022\214\324\142\170\352\126\152\354\012\322\100\303\074 -\005\060\076\115\224\267\237\112\003\323\175\047\113\266\376\104 -\316\372\031\063\032\155\244\102\321\335\314\310\310\327\026\122 -\203\117\065\224\263\022\125\175\345\342\102\353\344\234\223\011 -\300\114\133\007\253\307\155\021\240\120\027\224\043\250\265\012 -\222\017\262\172\301\140\054\070\314\032\246\133\377\362\014\343 -\252\037\034\334\270\240\223\047\336\143\343\177\041\237\072\345 -\236\372\340\023\152\165\353\226\134\142\221\224\216\147\123\266 -\211\370\022\011\313\157\122\133\003\162\206\120\225\010\324\215 -\207\206\025\037\225\044\330\244\157\232\316\244\235\233\155\322 -\262\166\006\206\306\126\010\305\353\011\332\066\302\033\133\101 -\276\141\052\343\160\346\270\246\370\266\132\304\275\041\367\377 -\252\137\241\154\166\071\146\326\352\114\125\341\000\063\233\023 -\230\143\311\157\320\001\040\011\067\122\347\014\117\076\315\274 -\365\137\226\047\247\040\002\225\340\056\350\007\101\005\037\025 -\156\326\260\344\031\340\017\002\223\000\047\162\305\213\321\124 -\037\135\112\303\100\227\176\125\246\174\301\063\004\024\001\035 -\111\040\151\013\031\223\235\156\130\042\367\100\014\106\014\043 -\143\363\071\322\177\166\121\247\364\310\241\361\014\166\042\043 -\106\122\051\055\342\243\101\007\126\151\230\322\005\011\274\151 -\307\132\141\315\217\201\140\025\115\200\335\220\342\175\304\120 -\362\214\073\156\112\307\306\346\200\053\074\201\274\021\200\026 -\020\047\327\360\315\077\171\314\163\052\303\176\123\221\326\156 -\370\365\363\307\320\121\115\216\113\245\133\346\031\027\073\326 -\201\011\334\042\334\356\216\271\304\217\123\341\147\273\063\270 -\210\025\106\317\355\151\065\377\165\015\106\363\316\161\341\305 -\153\206\102\006\271\101 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Certinomis - Root CA" -# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Serial Number: 1 (0x1) -# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Not Valid Before: Mon Oct 21 09:17:18 2013 -# Not Valid After : Fri Oct 21 09:17:18 2033 -# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58 -# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certinomis - Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\235\160\273\001\245\244\240\030\021\056\367\034\001\271\062\305 -\064\347\210\250 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\024\012\375\215\250\050\265\070\151\333\126\176\141\042\003\077 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "OISTE WISeKey Global Root GB CA" # From ac6b05c2ede3fdb5a287e383f357aaf4071b69ee Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Mon, 22 Jul 2019 10:26:10 -0700 Subject: [PATCH 2/3] crypto: update root certificates Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl. Certificates added: (none) Certificates removed: - Certinomis - Root CA --- src/node_root_certs.h | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/src/node_root_certs.h b/src/node_root_certs.h index b6b05c47e1e547..a5032d645202fd 100644 --- a/src/node_root_certs.h +++ b/src/node_root_certs.h @@ -2598,37 +2598,6 @@ "Kc2Jo5YPSjXnTkLAdc0Hz+Ys63su\n" "-----END CERTIFICATE-----", -/* Certinomis - Root CA */ -"-----BEGIN CERTIFICATE-----\n" -"MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjETMBEGA1UE\n" -"ChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAbBgNVBAMTFENlcnRp\n" -"bm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMzMTAyMTA5MTcxOFowWjELMAkG\n" -"A1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAz\n" -"MR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0gUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" -"ADCCAgoCggIBANTMCQosP5L2fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4\n" -"kkjW4znuzuRZWJflLieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9\n" -"n+ws+hQVWZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF\n" -"TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb5nPJWqHZ\n" -"ZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLScCbAK42C++PhmiM1b\n" -"8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6RiwsXm9E/G+Z8ajYJJGYrKWUM6\n" -"6A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJwx3tFvYk9CcbXFcx3FXuqB5vbKziRcxX\n" -"V4p1VxngtViZSTYxPDMBbRZKzbgqg4SGm/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC6\n" -"3M9933zZxKyGIjK8e2uR73r4F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb\n" -"1TQdvtj/dBxThZngWVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB\n" -"/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0\n" -"2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsFAAOCAgEA\n" -"fj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/0KGRHCwPT5iVWVO9\n" -"0CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWwF6YSjNRieOpWauwK0kDDPAUw\n" -"Pk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZSg081lLMSVX3l4kLr5JyTCcBMWwerx20R\n" -"oFAXlCOotQqSD7J6wWAsOMwaplv/8gzjqh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5n\n" -"U7aJ+BIJy29SWwNyhlCVCNSNh4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrj\n" -"cOa4pvi2WsS9Iff/ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu\n" -"6AdBBR8Vbtaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj\n" -"Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ8ow7bkrH\n" -"xuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvWgQncItzujrnEj1Ph\n" -"Z7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE=\n" -"-----END CERTIFICATE-----", - /* OISTE WISeKey Global Root GB CA */ "-----BEGIN CERTIFICATE-----\n" "MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYD\n" From f50ab29ec45b865ca3c1c6e7ea92addc366dee39 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Mon, 22 Jul 2019 10:27:45 -0700 Subject: [PATCH 3/3] doc: fix type in NSS update instructions The perl script must be fully named, correct so that the command can be copy-pasted-run from the docs. --- doc/guides/updating-root-certs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/guides/updating-root-certs.md b/doc/guides/updating-root-certs.md index f25f74a3e7ba8c..5cd82fbe2d5e3d 100644 --- a/doc/guides/updating-root-certs.md +++ b/doc/guides/updating-root-certs.md @@ -31,7 +31,7 @@ version in the [tag list][]. Update the tag in the commands below, and run: ```shell cd tools/ -./mk-ca-bundle -v 2>_before +./mk-ca-bundle.pl -v 2>_before curl -O https://hg.mozilla.org/projects/nss/raw-file/NSS_3_41_RTM/lib/ckfw/builtins/certdata.txt ```