From b32b5779dde0b2405a97b41bcc49f9354d9f3abf Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Wed, 25 Dec 2019 16:31:52 +0800 Subject: [PATCH 01/15] [NSS] config.mk: remove defining NO_NSPR_10_SUPPORT to fix VC7.1 build --- security/nss/coreconf/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/nss/coreconf/config.mk b/security/nss/coreconf/config.mk index 99c6ce6c1..afbef2509 100644 --- a/security/nss/coreconf/config.mk +++ b/security/nss/coreconf/config.mk @@ -184,7 +184,7 @@ DEFINES += -DUSE_UTIL_DIRECTLY USE_UTIL_DIRECTLY = 1 # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features -DEFINES += -DNO_NSPR_10_SUPPORT +#DEFINES += -DNO_NSPR_10_SUPPORT # Hide old, deprecated, TLS cipher suite names when building NSS DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES From b1bbd767b35db5c7ed5290908ac446ecdb9ad107 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Wed, 25 Dec 2019 16:32:44 +0800 Subject: [PATCH 02/15] [NSS] ssl3con: fix broken comparsion which breaks VC7.1 build --- security/nss/lib/ssl/ssl3con.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index e15446ef0..b22bc0042 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -1670,7 +1670,7 @@ ssl3_InitPendingContextsBypass(sslSocket *ss) calg = cipher_def->calg; - if ( cipher_def == type_aead ) { + if ( cipher_def->type == type_aead ) { pwSpec->encode = NULL; pwSpec->decode = NULL; pwSpec->destroy = NULL; From 430790c1b1240f4f4c8fc3171819fad458a0b5e8 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 15:11:52 +0800 Subject: [PATCH 03/15] cherry-picked mozilla NSS upstream changes (to rev 5fe63c0b, sha512.c changes are refined for VC6): bug1182667(other parts), bug1117022, bug1190248, bug1192020, bug1185033, bug1199349, bug1199467, bug1199494 --- security/nss/cmd/bltest/blapitest.c | 2 +- security/nss/cmd/certcgi/certcgi.c | 4 +- security/nss/cmd/lib/secpwd.c | 6 +- security/nss/cmd/selfserv/selfserv.c | 34 +- security/nss/cmd/signtool/certgen.c | 31 +- security/nss/cmd/tstclnt/tstclnt.c | 20 +- security/nss/coreconf/Darwin.mk | 20 + security/nss/coreconf/Linux.mk | 30 +- security/nss/coreconf/rules.mk | 24 +- security/nss/lib/dbm/src/h_page.c | 12 +- security/nss/lib/dbm/src/hash.c | 2 +- security/nss/lib/freebl/drbg.c | 2 +- security/nss/lib/freebl/ecl/ecp_192.c | 4 +- security/nss/lib/freebl/ecl/ecp_224.c | 2 +- security/nss/lib/freebl/mpi/mpi.c | 29 +- security/nss/lib/freebl/pqg.c | 2 +- security/nss/lib/freebl/sha512.c | 18 +- security/nss/lib/jar/jarfile.c | 2 +- .../module/pkix_pl_ldapdefaultclient.c | 2 +- .../pkix_pl_nss/module/pkix_pl_ldapresponse.c | 2 +- .../pkix_pl_nss/system/pkix_pl_object.c | 4 +- security/nss/lib/pk11wrap/pk11mech.c | 4 + security/nss/lib/pk11wrap/pk11merge.c | 6 +- security/nss/lib/pk11wrap/pk11obj.c | 4 +- security/nss/lib/pk11wrap/pk11pk12.c | 8 +- security/nss/lib/softoken/legacydb/keydb.c | 2 +- security/nss/lib/softoken/legacydb/lginit.c | 2 +- security/nss/lib/softoken/pkcs11.c | 10 +- security/nss/lib/softoken/pkcs11c.c | 101 +++- security/nss/lib/softoken/sftkdb.c | 6 +- security/nss/lib/ssl/SSLerrs.h | 6 + security/nss/lib/ssl/derive.c | 2 +- security/nss/lib/ssl/ssl.h | 8 + security/nss/lib/ssl/ssl3con.c | 557 +++++++++++++----- security/nss/lib/ssl/ssl3ecc.c | 16 +- security/nss/lib/ssl/ssl3ext.c | 116 +++- security/nss/lib/ssl/sslerr.h | 3 + security/nss/lib/ssl/sslimpl.h | 7 +- security/nss/lib/ssl/sslinfo.c | 2 + security/nss/lib/ssl/sslsnce.c | 95 +-- security/nss/lib/ssl/sslsock.c | 14 + security/nss/lib/ssl/sslt.h | 9 +- security/nss/lib/util/pkcs11n.h | 43 +- security/nss/lib/util/secport.h | 10 +- security/nss/lib/util/utilmod.c | 12 +- security/nss/tests/common/cleanup.sh | 12 +- 46 files changed, 965 insertions(+), 342 deletions(-) diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 81c3061bb..204814d82 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -3552,7 +3552,7 @@ int main(int argc, char **argv) unsigned int keySize = 1024; unsigned long exponent = 65537; int rounds = 1; - int ret; + int ret = -1; if (bltest.options[opt_KeySize].activated) { keySize = PORT_Atoi(bltest.options[opt_KeySize].arg); diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c index 889de2540..1095d80ed 100644 --- a/security/nss/cmd/certcgi/certcgi.c +++ b/security/nss/cmd/certcgi/certcgi.c @@ -508,8 +508,8 @@ get_serial_number(Pair *data) if (find_field_bool(data, "serial-auto", PR_TRUE)) { serialFile = fopen(filename, "r"); if (serialFile != NULL) { - fread(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { + size_t nread = fread(&serial, sizeof(int), 1, serialFile); + if (ferror(serialFile) != 0 || nread != 1) { error_out("Error: Unable to read serial number file"); } if (serial == -1) { diff --git a/security/nss/cmd/lib/secpwd.c b/security/nss/cmd/lib/secpwd.c index 2c4579d78..d78e56ccd 100644 --- a/security/nss/cmd/lib/secpwd.c +++ b/security/nss/cmd/lib/secpwd.c @@ -74,7 +74,9 @@ char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, echoOff(infd); } - QUIET_FGETS ( phrase, sizeof(phrase), input); + if (QUIET_FGETS(phrase, sizeof(phrase), input) == NULL) { + return NULL; + } if (isTTY) { fprintf(output, "\n"); @@ -87,7 +89,7 @@ char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, /* Validate password */ if (!(*ok)(phrase)) { /* Not weird enough */ - if (!isTTY) return 0; + if (!isTTY) return NULL; fprintf(output, "Password must be at least 8 characters long with one or more\n"); fprintf(output, "non-alphabetic characters\n"); continue; diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c index 9509892d3..549fda53e 100644 --- a/security/nss/cmd/selfserv/selfserv.c +++ b/security/nss/cmd/selfserv/selfserv.c @@ -65,7 +65,7 @@ static const char inheritableSockName[] = { "SELFSERV_LISTEN_SOCKET" }; #define MAX_BULK_TEST 1048576 /* 1 MB */ static PRBool testBulk; static PRUint32 testBulkSize = DEFAULT_BULK_TEST; -static PRUint32 testBulkTotal; +static PRInt32 testBulkTotal; static char* testBulkBuf; static PRDescIdentity log_layer_id = PR_INVALID_IO_LAYER; static PRFileDesc *loggingFD; @@ -74,10 +74,10 @@ static PRIOMethods loggingMethods; static PRBool logStats; static PRBool loggingLayer; static int logPeriod = 30; -static PRUint32 loggerOps; -static PRUint32 loggerBytes; -static PRUint32 loggerBytesTCP; -static PRUint32 bulkSentChunks; +static PRInt32 loggerOps; +static PRInt32 loggerBytes; +static PRInt32 loggerBytesTCP; +static PRInt32 bulkSentChunks; static enum ocspStaplingModeEnum { osm_disabled, /* server doesn't support stapling */ osm_good, /* supply a signed good status */ @@ -428,10 +428,11 @@ printSecurityInfo(PRFileDesc *fd) suite.macBits, suite.macAlgorithmName); FPRINTF(stderr, "selfserv: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n" - " Compression: %s\n", + " Compression: %s, Extended Master Secret: %s\n", channel.authKeyBits, suite.authAlgorithmName, channel.keaKeyBits, suite.keaTypeName, - channel.compressionMethodName); + channel.compressionMethodName, + channel.extendedMasterSecretUsed ? "Yes": "No"); } } if (verbose) { @@ -751,8 +752,8 @@ logger(void *arg) PRIntervalTime period; PRIntervalTime previousTime; PRIntervalTime latestTime; - PRUint32 previousOps; - PRUint32 ops; + PRInt32 previousOps; + PRInt32 ops; PRIntervalTime logPeriodTicks = PR_TicksPerSecond(); PRFloat64 secondsPerTick = 1.0 / (PRFloat64)logPeriodTicks; int iterations = 0; @@ -771,7 +772,7 @@ logger(void *arg) */ PR_Sleep(logPeriodTicks); secondsElapsed++; - totalPeriodBytes += PR_ATOMIC_SET(&loggerBytes, 0); + totalPeriodBytes += PR_ATOMIC_SET(&loggerBytes, 0); totalPeriodBytesTCP += PR_ATOMIC_SET(&loggerBytesTCP, 0); if (secondsElapsed != logPeriod) { continue; @@ -837,6 +838,8 @@ PRBool testbypass = PR_FALSE; PRBool enableSessionTickets = PR_FALSE; PRBool enableCompression = PR_FALSE; PRBool failedToNegotiateName = PR_FALSE; +PRBool enableExtendedMasterSecret = PR_FALSE; + static char *virtServerNameArray[MAX_VIRT_SERVER_NAME_ARRAY_INDEX]; static int virtServerNameIndex = 1; @@ -1942,6 +1945,13 @@ server_main( } } + if (enableExtendedMasterSecret) { + rv = SSL_OptionSet(model_sock, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE); + if (rv != SECSuccess) { + errExit("error enabling extended master secret "); + } + } + for (kea = kt_rsa; kea < kt_kea_size; kea++) { if (cert[kea] != NULL) { secStatus = SSL_ConfigSecureServer(model_sock, @@ -2218,7 +2228,7 @@ main(int argc, char **argv) ** numbers, then capital letters, then lower case, alphabetical. */ optstate = PL_CreateOptState(argc, argv, - "2:A:BC:DEH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); + "2:A:BC:DEGH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { ++optionsFound; switch(optstate->option) { @@ -2234,6 +2244,8 @@ main(int argc, char **argv) case 'E': disableStepDown = PR_TRUE; break; case 'H': configureDHE = (PORT_Atoi(optstate->value) != 0); break; + case 'G': enableExtendedMasterSecret = PR_TRUE; break; + case 'I': /* reserved for OCSP multi-stapling */ break; case 'L': diff --git a/security/nss/cmd/signtool/certgen.c b/security/nss/cmd/signtool/certgen.c index 0f7c596dd..5a645049c 100644 --- a/security/nss/cmd/signtool/certgen.c +++ b/security/nss/cmd/signtool/certgen.c @@ -73,6 +73,9 @@ GenerateCert(char *nickname, int keysize, char *token) LL_L2UI(serial, PR_Now()); subject = GetSubjectFromUser(serial); + if (!subject) { + FatalError("Unable to get subject from user"); + } cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject, serial, keysize, token); @@ -122,7 +125,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "certificate common name: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp == '\0') { sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME, @@ -144,7 +149,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "organization: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp != '\0') { org = PORT_ZAlloc(strlen(cp) + 5); @@ -163,7 +170,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "organization unit: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp != '\0') { orgunit = PORT_ZAlloc(strlen(cp) + 6); @@ -181,7 +190,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "state or province: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp != '\0') { state = PORT_ZAlloc(strlen(cp) + 6); @@ -199,7 +210,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "country (must be exactly 2 characters): "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(cp); if (strlen(cp) != 2) { *cp = '\0'; /* country code must be 2 chars */ @@ -220,7 +233,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "username: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp != '\0') { uid = PORT_ZAlloc(strlen(cp) + 7); @@ -238,7 +253,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "email address: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp != '\0') { email = PORT_ZAlloc(strlen(cp) + 5); diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index ddfadafd5..93a702220 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -129,10 +129,11 @@ void printSecurityInfo(PRFileDesc *fd) suite.macBits, suite.macAlgorithmName); FPRINTF(stderr, "tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n" - " Compression: %s\n", + " Compression: %s, Extended Master Secret: %s\n", channel.authKeyBits, suite.authAlgorithmName, channel.keaKeyBits, suite.keaTypeName, - channel.compressionMethodName); + channel.compressionMethodName, + channel.extendedMasterSecretUsed ? "Yes": "No"); } } cert = SSL_RevealCert(fd); @@ -231,6 +232,7 @@ static void PrintParameterUsage(void) fprintf(stderr, "%-20s Enable compression.\n", "-z"); fprintf(stderr, "%-20s Enable false start.\n", "-g"); fprintf(stderr, "%-20s Enable the cert_status extension (OCSP stapling).\n", "-T"); + fprintf(stderr, "%-20s Enable the extended master secret extension (session hash).\n", "-G"); fprintf(stderr, "%-20s Require fresh revocation info from side channel.\n" "%-20s -F once means: require for server cert only\n" "%-20s -F twice means: require for intermediates, too\n" @@ -919,6 +921,7 @@ int main(int argc, char **argv) int enableFalseStart = 0; int enableCertStatus = 0; int forceFallbackSCSV = 0; + int enableExtendedMasterSecret = 0; PRSocketOptionData opt; PRNetAddr addr; PRPollDesc pollset[2]; @@ -967,7 +970,7 @@ int main(int argc, char **argv) SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); optstate = PL_CreateOptState(argc, argv, - "46BCDFKM:OR:STV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz"); + "46BCDFGKM:OR:STV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -989,6 +992,8 @@ int main(int argc, char **argv) serverCertAuth.testFreshStatusFromSideChannel = PR_TRUE; break; + case 'G': enableExtendedMasterSecret = PR_TRUE; break; + case 'I': /* reserved for OCSP multi-stapling */ break; case 'O': serverCertAuth.shouldPause = PR_FALSE; break; @@ -1386,6 +1391,15 @@ int main(int argc, char **argv) return 1; } + /* enable extended master secret mode */ + if (enableExtendedMasterSecret) { + rv = SSL_OptionSet(s, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE); + if (rv != SECSuccess) { + SECU_PrintError(progName, "error enabling extended master secret"); + return 1; + } + } + SSL_SetPKCS11PinArg(s, &pwdata); serverCertAuth.dbHandle = CERT_GetDefaultCertDB(); diff --git a/security/nss/coreconf/Darwin.mk b/security/nss/coreconf/Darwin.mk index 18a134818..786825c76 100644 --- a/security/nss/coreconf/Darwin.mk +++ b/security/nss/coreconf/Darwin.mk @@ -83,6 +83,26 @@ endif OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK $(DARWIN_SDK_CFLAGS) +ifeq (clang,$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')) +NSS_HAS_GCC48 = true +endif +ifndef NSS_HAS_GCC48 +NSS_HAS_GCC48 := $(shell \ + [ `$(CC) -dumpversion | cut -f 1 -d . -` -gt 4 -a \ + `$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \ + `$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \ + echo true || echo false) +export NSS_HAS_GCC48 +endif +ifeq (true,$(NSS_HAS_GCC48)) +OS_CFLAGS += -Werror +else +# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. +# Use this to disable use of that #pragma and the warnings it suppresses. +OS_CFLAGS += -DNSS_NO_GCC48 -Wno-unused-variable -Wno-strict-aliasing +$(warning Unable to find gcc >= 4.8 disabling -Werror) +endif + ifdef BUILD_OPT ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE)) OPTIMIZER = -Oz diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index 414aef538..cbd5e05c0 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -134,7 +134,7 @@ ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc ifeq ($(COMPILER_TAG),_clang) @@ -152,29 +152,21 @@ endif NSS_HAS_GCC48 = true endif -# Check for the existence of gcc 4.8 ifndef NSS_HAS_GCC48 -define GCC48_TEST = -int main() {\n -#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)\n - return 1;\n -#else\n - return 0;\n -#endif\n -}\n -endef -TEST_GCC48 := /tmp/test_gcc48_$(shell echo $$$$) -NSS_HAS_GCC48 := (,$(shell echo -e "$(GCC48_TEST)" > $(TEST_GCC48).c && \ - $(CC) -o $(TEST_GCC48) $(TEST_GCC48).c && \ - $(TEST_GCC48) && echo true || echo false; \ - rm -f $(TEST_GCC48) $(TEST_GCC48).c)) +NSS_HAS_GCC48 := $(shell \ + [ `$(CC) -dumpversion | cut -f 1 -d . -` -gt 4 -a \ + `$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \ + `$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \ + echo true || echo false) export NSS_HAS_GCC48 endif - ifeq (true,$(NSS_HAS_GCC48)) +OS_CFLAGS += -Werror +else # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. -# Here, we disable use of that #pragma and the warnings it suppresses. -OS_CFLAGS += -DNSS_NO_GCC48 -Wno-unused-variable +# Use this to disable use of that #pragma and the warnings it suppresses. +OS_CFLAGS += -DNSS_NO_GCC48 +$(warning Unable to find gcc >= 4.8 disabling -Werror) endif ifdef USE_PTHREADS diff --git a/security/nss/coreconf/rules.mk b/security/nss/coreconf/rules.mk index 0a891ebc7..34b742a7f 100644 --- a/security/nss/coreconf/rules.mk +++ b/security/nss/coreconf/rules.mk @@ -424,12 +424,12 @@ $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.S $(OBJDIR)/$(PROG_PREFIX)%: %.cpp @$(MAKE_OBJDIR) ifdef USE_NT_C_SYNTAX - $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else ifdef NEED_ABSOLUTE_PATH - $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else - $(CCC) -o $@ -c $(CFLAGS) $< + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $< endif endif @@ -440,16 +440,16 @@ $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cc $(MAKE_OBJDIR) ifdef STRICT_CPLUSPLUS_SUFFIX echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc - $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(OBJDIR)/t_$*.cc rm -f $(OBJDIR)/t_$*.cc else ifdef USE_NT_C_SYNTAX - $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else ifdef NEED_ABSOLUTE_PATH - $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else - $(CCC) -o $@ -c $(CFLAGS) $< + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $< endif endif endif #STRICT_CPLUSPLUS_SUFFIX @@ -458,22 +458,22 @@ $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cpp @$(MAKE_OBJDIR) ifdef STRICT_CPLUSPLUS_SUFFIX echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc - $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(OBJDIR)/t_$*.cc rm -f $(OBJDIR)/t_$*.cc else ifdef USE_NT_C_SYNTAX - $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else ifdef NEED_ABSOLUTE_PATH - $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else - $(CCC) -o $@ -c $(CFLAGS) $< + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $< endif endif endif #STRICT_CPLUSPLUS_SUFFIX %.i: %.cpp - $(CCC) -C -E $(CFLAGS) $< > $@ + $(CCC) -C -E $(CFLAGS) $(CXXFLAGS) $< > $@ %.i: %.c ifeq (,$(filter-out WIN%,$(OS_TARGET))) diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c index cc0249473..669f3b32a 100644 --- a/security/nss/lib/dbm/src/h_page.c +++ b/security/nss/lib/dbm/src/h_page.c @@ -158,10 +158,11 @@ long new_lseek(int fd, long offset, int origin) { char buffer[1024]; long len = seek_pos-end_pos; - memset(&buffer, 0, 1024); + memset(buffer, 0, 1024); while(len > 0) { - write(fd, (char*)&buffer, (size_t)(1024 > len ? len : 1024)); + if(write(fd, buffer, (size_t)(1024 > len ? len : 1024)) < 0) + return(-1); len -= 1024; } return(lseek(fd, seek_pos, SEEK_SET)); @@ -981,7 +982,7 @@ overflow_page(HTAB *hashp) if (offset > SPLITMASK) { if (++splitnum >= NCACHED) { #ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); + (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr); #endif return (0); } @@ -996,7 +997,7 @@ overflow_page(HTAB *hashp) free_page++; if (free_page >= NCACHED) { #ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); + (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr); #endif return (0); } @@ -1022,8 +1023,7 @@ overflow_page(HTAB *hashp) if (offset > SPLITMASK) { if (++splitnum >= NCACHED) { #ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, - sizeof(OVMSG) - 1); + (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr); #endif return (0); } diff --git a/security/nss/lib/dbm/src/hash.c b/security/nss/lib/dbm/src/hash.c index 3f9a516e0..b3a904a83 100644 --- a/security/nss/lib/dbm/src/hash.c +++ b/security/nss/lib/dbm/src/hash.c @@ -911,7 +911,7 @@ hash_seq( uint flag) { register uint32 bucket; - register BUFHEAD *bufp; + register BUFHEAD *bufp = NULL; HTAB *hashp; uint16 *bp, ndx; diff --git a/security/nss/lib/freebl/drbg.c b/security/nss/lib/freebl/drbg.c index e20db2e6f..391d45604 100644 --- a/security/nss/lib/freebl/drbg.c +++ b/security/nss/lib/freebl/drbg.c @@ -24,7 +24,7 @@ * for SHA-1, SHA-224, and SHA-256 it's 440 bits. * for SHA-384 and SHA-512 it's 888 bits */ #define PRNG_SEEDLEN (440/PR_BITS_PER_BYTE) -static const PRInt64 PRNG_MAX_ADDITIONAL_BYTES = LL_INIT(0x1, 0x0); +#define PRNG_MAX_ADDITIONAL_BYTES PR_INT64(0x100000000) /* 2^35 bits or 2^32 bytes */ #define PRNG_MAX_REQUEST_SIZE 0x10000 /* 2^19 bits or 2^16 bytes */ #define PRNG_ADDITONAL_DATA_CACHE_SIZE (8*1024) /* must be less than diff --git a/security/nss/lib/freebl/ecl/ecp_192.c b/security/nss/lib/freebl/ecl/ecp_192.c index ef11cef99..0bfd95e1d 100644 --- a/security/nss/lib/freebl/ecl/ecp_192.c +++ b/security/nss/lib/freebl/ecl/ecp_192.c @@ -120,8 +120,8 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) if (((r2b == 0xffffffff) && (r2a == 0xffffffff) && (r1b == 0xffffffff) ) && ((r1a == 0xffffffff) || - (r1a == 0xfffffffe) && (r0a == 0xffffffff) && - (r0b == 0xffffffff)) ) { + ((r1a == 0xfffffffe) && (r0a == 0xffffffff) && + (r0b == 0xffffffff))) ) { /* do a quick subtract */ carry = 0; MP_ADD_CARRY(r0a, 1, r0a, carry); diff --git a/security/nss/lib/freebl/ecl/ecp_224.c b/security/nss/lib/freebl/ecl/ecp_224.c index 4faab215b..142f255d3 100644 --- a/security/nss/lib/freebl/ecl/ecp_224.c +++ b/security/nss/lib/freebl/ecl/ecp_224.c @@ -22,7 +22,7 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) mp_digit carry; #ifdef ECL_THIRTY_TWO_BIT mp_digit a6a = 0, a6b = 0, - a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3a = 0, a3b = 0; + a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3b = 0; mp_digit r0a, r0b, r1a, r1b, r2a, r2b, r3a; #else mp_digit a6 = 0, a5 = 0, a4 = 0, a3b = 0, a5a = 0; diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c index 43ce83ae6..84f9b97b6 100644 --- a/security/nss/lib/freebl/mpi/mpi.c +++ b/security/nss/lib/freebl/mpi/mpi.c @@ -4190,6 +4190,7 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ MP_SIGN(rem) = ZPOS; MP_SIGN(div) = ZPOS; + MP_SIGN(&part) = ZPOS; /* A working temporary for division */ MP_CHECKOK( mp_init_size(&t, MP_ALLOC(rem))); @@ -4197,8 +4198,6 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ /* Normalize to optimize guessing */ MP_CHECKOK( s_mp_norm(rem, div, &d) ); - part = *rem; - /* Perform the division itself...woo! */ MP_USED(quot) = MP_ALLOC(quot); @@ -4207,11 +4206,15 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ while (MP_USED(rem) > MP_USED(div) || s_mp_cmp(rem, div) >= 0) { int i; int unusedRem; + int partExtended = 0; /* set to true if we need to extend part */ unusedRem = MP_USED(rem) - MP_USED(div); MP_DIGITS(&part) = MP_DIGITS(rem) + unusedRem; MP_ALLOC(&part) = MP_ALLOC(rem) - unusedRem; MP_USED(&part) = MP_USED(div); + + /* We have now truncated the part of the remainder to the same length as + * the divisor. If part is smaller than div, extend part by one digit. */ if (s_mp_cmp(&part, div) < 0) { -- unusedRem; #if MP_ARGCHK == 2 @@ -4220,26 +4223,34 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ -- MP_DIGITS(&part); ++ MP_USED(&part); ++ MP_ALLOC(&part); + partExtended = 1; } /* Compute a guess for the next quotient digit */ q_msd = MP_DIGIT(&part, MP_USED(&part) - 1); div_msd = MP_DIGIT(div, MP_USED(div) - 1); - if (q_msd >= div_msd) { + if (!partExtended) { + /* In this case, q_msd /= div_msd is always 1. First, since div_msd is + * normalized to have the high bit set, 2*div_msd > MP_DIGIT_MAX. Since + * we didn't extend part, q_msd >= div_msd. Therefore we know that + * div_msd <= q_msd <= MP_DIGIT_MAX < 2*div_msd. Dividing by div_msd we + * get 1 <= q_msd/div_msd < 2. So q_msd /= div_msd must be 1. */ q_msd = 1; - } else if (MP_USED(&part) > 1) { + } else { #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2); q_msd /= div_msd; if (q_msd == RADIX) --q_msd; #else - mp_digit r; - MP_CHECKOK( s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2), - div_msd, &q_msd, &r) ); + if (q_msd == div_msd) { + q_msd = MP_DIGIT_MAX; + } else { + mp_digit r; + MP_CHECKOK( s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2), + div_msd, &q_msd, &r) ); + } #endif - } else { - q_msd = 0; } #if MP_ARGCHK == 2 assert(q_msd > 0); /* This case should never occur any more. */ diff --git a/security/nss/lib/freebl/pqg.c b/security/nss/lib/freebl/pqg.c index f79715572..fd1351ed2 100644 --- a/security/nss/lib/freebl/pqg.c +++ b/security/nss/lib/freebl/pqg.c @@ -1143,7 +1143,7 @@ makeGfromIndex(HASH_HashType hashtype, unsigned int len; mp_err err = MP_OKAY; SECStatus rv = SECSuccess; - const SECHashObject *hashobj; + const SECHashObject *hashobj = NULL; void *hashcx = NULL; MP_DIGITS(&e) = 0; diff --git a/security/nss/lib/freebl/sha512.c b/security/nss/lib/freebl/sha512.c index 0e6baa87f..3298e39f9 100644 --- a/security/nss/lib/freebl/sha512.c +++ b/security/nss/lib/freebl/sha512.c @@ -67,11 +67,11 @@ static const PRUint32 H256[8] = { 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 }; +#if defined(IS_LITTLE_ENDIAN) #if (_MSC_VER >= 1300) #include #pragma intrinsic(_byteswap_ulong) #define SHA_HTONL(x) _byteswap_ulong(x) -#define BYTESWAP4(x) x = SHA_HTONL(x) #elif defined(_MSC_VER) && defined(NSS_X86_OR_X64) #ifndef FORCEINLINE #if (_MSC_VER >= 1200) @@ -92,7 +92,6 @@ swap4b(PRUint32 dwd) } #define SHA_HTONL(x) swap4b(x) -#define BYTESWAP4(x) x = SHA_HTONL(x) #elif defined(__GNUC__) && defined(NSS_X86_OR_X64) static __inline__ PRUint32 swap4b(PRUint32 value) @@ -101,7 +100,6 @@ static __inline__ PRUint32 swap4b(PRUint32 value) return (value); } #define SHA_HTONL(x) swap4b(x) -#define BYTESWAP4(x) x = SHA_HTONL(x) #elif defined(__GNUC__) && (defined(__thumb2__) || \ (!defined(__thumb__) && \ @@ -121,14 +119,14 @@ static __inline__ PRUint32 swap4b(PRUint32 value) return ret; } #define SHA_HTONL(x) swap4b(x) -#define BYTESWAP4(x) x = SHA_HTONL(x) #else #define SWAP4MASK 0x00FF00FF #define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) | (t1 >> 16), \ ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK)) -#define BYTESWAP4(x) x = SHA_HTONL(x) #endif +#define BYTESWAP4(x) x = SHA_HTONL(x) +#endif /* defined(IS_LITTLE_ENDIAN) */ #if defined(_MSC_VER) #pragma intrinsic (_lrotr, _lrotl) @@ -665,6 +663,7 @@ void SHA224_Clone(SHA224Context *dest, SHA224Context *src) #define ULLC(hi,lo) 0x ## hi ## lo ## ULL #endif +#if defined(IS_LITTLE_ENDIAN) #if defined(_MSC_VER) #pragma intrinsic(_byteswap_uint64) #define SHA_HTONLL(x) _byteswap_uint64(x) @@ -686,19 +685,20 @@ static __inline__ PRUint64 swap8b(PRUint64 value) (t1 >> 32) | (t1 << 32)) #endif #define BYTESWAP8(x) x = SHA_HTONLL(x) +#endif /* defined(IS_LITTLE_ENDIAN) */ #else /* no long long */ #if defined(IS_LITTLE_ENDIAN) #define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U } -#else -#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U } -#endif - #define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \ x.hi ^= x.lo ^= x.hi ^= x.lo, x) #define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \ tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0) +#else +#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U } +#endif + #endif /* SHA-384 and SHA-512 constants, K512. */ diff --git a/security/nss/lib/jar/jarfile.c b/security/nss/lib/jar/jarfile.c index 3346dbec0..96da4d793 100644 --- a/security/nss/lib/jar/jarfile.c +++ b/security/nss/lib/jar/jarfile.c @@ -76,7 +76,7 @@ dostime(char *time, const char *s); #ifdef NSS_X86_OR_X64 /* The following macros throw up warnings. */ -#ifdef __GNUC__ +#if defined(__GNUC__) && !defined(NSS_NO_GCC48) #pragma GCC diagnostic ignored "-Wstrict-aliasing" #endif #define x86ShortToUint32(ii) ((const PRUint32)*((const PRUint16 *)(ii))) diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c index a191ad65d..3dc06be9a 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c @@ -359,7 +359,7 @@ pkix_pl_LdapDefaultClient_VerifyBindResponse( "pkix_pl_LdapDefaultClient_VerifyBindResponse"); PKIX_NULLCHECK_TWO(client, client->rcvBuf); - decode.data = (void *)(client->rcvBuf); + decode.data = (unsigned char *)(client->rcvBuf); decode.len = bufLen; PKIX_CHECK(pkix_pl_LdapDefaultClient_DecodeBindResponse diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c index 9d37f58f8..cd2543f3b 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c @@ -730,7 +730,7 @@ pkix_pl_LdapResponse_GetResultCode( resultMsg = &response->decoded.protocolOp.op.searchResponseResultMsg; - *pResultCode = *(char *)(resultMsg->resultCode.data); + *pResultCode = *(resultMsg->resultCode.data); cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c index 9a33fd5e5..7dafa0b20 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c @@ -600,7 +600,7 @@ PKIX_PL_Object_Alloc( object = NULL; /* Atomically increment object counter */ - PR_ATOMIC_INCREMENT(&ctEntry->objCounter); + PR_ATOMIC_INCREMENT((PRInt32*)&ctEntry->objCounter); cleanup: @@ -897,7 +897,7 @@ PKIX_PL_Object_DecRef( } /* Atomically decrement object counter */ - PR_ATOMIC_DECREMENT(&ctEntry->objCounter); + PR_ATOMIC_DECREMENT((PRInt32*)&ctEntry->objCounter); /* pkix_pl_Object_Destroy assumes the lock is held */ /* It will call unlock and destroy the object */ diff --git a/security/nss/lib/pk11wrap/pk11mech.c b/security/nss/lib/pk11wrap/pk11mech.c index d8b822779..f70c30940 100644 --- a/security/nss/lib/pk11wrap/pk11mech.c +++ b/security/nss/lib/pk11wrap/pk11mech.c @@ -380,6 +380,8 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len) case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: case CKM_TLS_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE: + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: case CKM_SHA_1_HMAC: case CKM_SHA_1_HMAC_GENERAL: case CKM_SHA224_HMAC: @@ -575,6 +577,8 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size) case CKM_TLS_MASTER_KEY_DERIVE: case CKM_TLS_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE: + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: return CKM_SSL3_PRE_MASTER_KEY_GEN; case CKM_SHA_1_HMAC: case CKM_SHA_1_HMAC_GENERAL: diff --git a/security/nss/lib/pk11wrap/pk11merge.c b/security/nss/lib/pk11wrap/pk11merge.c index 187e2e1f6..8fadc7caf 100644 --- a/security/nss/lib/pk11wrap/pk11merge.c +++ b/security/nss/lib/pk11wrap/pk11merge.c @@ -1261,7 +1261,8 @@ pk11_mergeByObjectIDs(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, PK11MergeLog *log, void *targetPwArg, void *sourcePwArg) { SECStatus rv = SECSuccess; - int error, i; + int error = SEC_ERROR_LIBRARY_FAILURE; + int i; for (i=0; i < count; i++) { /* try to update the entire database. On failure, keep going, @@ -1325,7 +1326,8 @@ PK11_MergeTokens(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, PK11MergeLog *log, void *targetPwArg, void *sourcePwArg) { SECStatus rv = SECSuccess, lrv = SECSuccess; - int error, count = 0; + int error = SEC_ERROR_LIBRARY_FAILURE; + int count = 0; CK_ATTRIBUTE search[2]; CK_OBJECT_HANDLE *objectIDs = NULL; CK_BBOOL ck_true = CK_TRUE; diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index e09d22768..848b45a01 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -1577,7 +1577,7 @@ PK11_WriteRawAttribute(PK11ObjectType objType, void *objSpec, CK_ATTRIBUTE_TYPE attrType, SECItem *item) { PK11SlotInfo *slot = NULL; - CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE handle = 0; CK_ATTRIBUTE setTemplate; CK_RV crv; CK_SESSION_HANDLE rwsession; @@ -1630,7 +1630,7 @@ PK11_ReadRawAttribute(PK11ObjectType objType, void *objSpec, CK_ATTRIBUTE_TYPE attrType, SECItem *item) { PK11SlotInfo *slot = NULL; - CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE handle = 0; switch (objType) { case PK11_TypeGeneric: diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c index 2152a41e7..e5a0a21cf 100644 --- a/security/nss/lib/pk11wrap/pk11pk12.c +++ b/security/nss/lib/pk11wrap/pk11pk12.c @@ -234,13 +234,17 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI, rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate, derPKI); if( rv != SECSuccess ) { - goto finish; + /* If SEC_ASN1DecodeItem fails, we cannot assume anything about the + * validity of the data in pki. The best we can do is free the arena + * and return. + */ + PORT_FreeArena(temparena, PR_TRUE); + return rv; } rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, publicValue, isPerm, isPrivate, keyUsage, privk, wincx); -finish: /* this zeroes the key and frees the arena */ SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/); return rv; diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c index c3dd887b0..d54f10c03 100644 --- a/security/nss/lib/softoken/legacydb/keydb.c +++ b/security/nss/lib/softoken/legacydb/keydb.c @@ -1378,7 +1378,7 @@ nsslowkey_PutPWCheckEntry(NSSLOWKEYDBHandle *handle,NSSLOWKEYPasswordEntry *entr NSSLOWKEYDBKey *dbkey = NULL; SECItem *item = NULL; SECItem salt; - SECOidTag algid; + SECOidTag algid = SEC_OID_UNKNOWN; SECStatus rv = SECFailure; PLArenaPool *arena; int ret; diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c index 47da8f042..b2ff521a5 100644 --- a/security/nss/lib/softoken/legacydb/lginit.c +++ b/security/nss/lib/softoken/legacydb/lginit.c @@ -601,7 +601,7 @@ legacy_Open(const char *configdir, const char *certPrefix, if (certDB) *certDB = NULL; if (certDB) { - NSSLOWCERTCertDBHandle *certdbPtr; + NSSLOWCERTCertDBHandle *certdbPtr = NULL; crv = lg_OpenCertDB(configdir, certPrefix, readOnly, &certdbPtr); if (crv != CKR_OK) { diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 1a8352388..adf981152 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -475,6 +475,10 @@ static const struct mechanismList mechanisms[] = { {CKM_TLS12_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, {48, 48, CKF_DERIVE}, PR_FALSE}, + {CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, + {48,128, CKF_DERIVE}, PR_FALSE}, + {CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, + {48,128, CKF_DERIVE}, PR_FALSE}, /* ---------------------- PBE Key Derivations ------------------------ */ {CKM_PBE_MD2_DES_CBC, {8, 8, CKF_DERIVE}, PR_TRUE}, {CKM_PBE_MD5_DES_CBC, {8, 8, CKF_DERIVE}, PR_TRUE}, @@ -2603,7 +2607,7 @@ CK_RV sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout) --slot->sessionCount; SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock)); if (session->info.flags & CKF_RW_SESSION) { - PR_ATOMIC_DECREMENT(&slot->rwSessionCount); + (void)PR_ATOMIC_DECREMENT(&slot->rwSessionCount); } } else { SKIP_AFTER_FORK(PZ_Unlock(lock)); @@ -3720,7 +3724,7 @@ CK_RV NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, ++slot->sessionCount; PZ_Unlock(slot->slotLock); if (session->info.flags & CKF_RW_SESSION) { - PR_ATOMIC_INCREMENT(&slot->rwSessionCount); + (void)PR_ATOMIC_INCREMENT(&slot->rwSessionCount); } do { @@ -3788,7 +3792,7 @@ CK_RV NSC_CloseSession(CK_SESSION_HANDLE hSession) sftk_freeDB(handle); } if (session->info.flags & CKF_RW_SESSION) { - PR_ATOMIC_DECREMENT(&slot->rwSessionCount); + (void)PR_ATOMIC_DECREMENT(&slot->rwSessionCount); } } diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 0a2c5dc89..a1aec5993 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -3840,7 +3840,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, * produce them any more. The affected algorithm was 3DES. */ PRBool faultyPBE3DES = PR_FALSE; - HASH_HashType hashType; + HASH_HashType hashType = HASH_AlgNULL; CHECK_FORK(); @@ -4081,7 +4081,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, */ CK_MECHANISM mech = {0, NULL, 0}; - CK_ULONG modulusLen; + CK_ULONG modulusLen = 0; CK_ULONG subPrimeLen = 0; PRBool isEncryptable = PR_FALSE; PRBool canSignVerify = PR_FALSE; @@ -6007,7 +6007,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, isDH = PR_TRUE; } - /* first do the consistancy checks */ + /* first do the consistency checks */ if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -6136,6 +6136,101 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, break; } + /* Extended master key derivation [draft-ietf-tls-session-hash] */ + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE: + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: + { + CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS *ems_params; + SSL3RSAPreMasterSecret *rsa_pms; + SECStatus status; + SECItem pms = { siBuffer, NULL, 0 }; + SECItem seed = { siBuffer, NULL, 0 }; + SECItem master = { siBuffer, NULL, 0 }; + + ems_params = (CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS*) + pMechanism->pParameter; + + /* First do the consistency checks */ + if ((mechanism == CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE) && + (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { + crv = CKR_KEY_TYPE_INCONSISTENT; + break; + } + att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); + if ((att2 == NULL) || + (*(CK_KEY_TYPE *)att2->attrib.pValue != CKK_GENERIC_SECRET)) { + if (att2) sftk_FreeAttribute(att2); + crv = CKR_KEY_FUNCTION_NOT_PERMITTED; + break; + } + sftk_FreeAttribute(att2); + if (keyType != CKK_GENERIC_SECRET) { + crv = CKR_KEY_FUNCTION_NOT_PERMITTED; + break; + } + if ((keySize != 0) && (keySize != SSL3_MASTER_SECRET_LENGTH)) { + crv = CKR_KEY_FUNCTION_NOT_PERMITTED; + break; + } + + /* Do the key derivation */ + pms.data = (unsigned char*) att->attrib.pValue; + pms.len = att->attrib.ulValueLen; + seed.data = ems_params->pSessionHash; + seed.len = ems_params->ulSessionHashLen; + master.data = key_block; + master.len = SSL3_MASTER_SECRET_LENGTH; + if (ems_params-> prfHashMechanism == CKM_TLS_PRF) { + /* + * In this case, the session hash is the concatenation of SHA-1 + * and MD5, so it should be 36 bytes long. + */ + if (seed.len != MD5_LENGTH + SHA1_LENGTH) { + crv = CKR_TEMPLATE_INCONSISTENT; + break; + } + + status = TLS_PRF(&pms, "extended master secret", + &seed, &master, isFIPS); + } else { + const SECHashObject *hashObj; + + tlsPrfHash = GetHashTypeFromMechanism(ems_params->prfHashMechanism); + if (tlsPrfHash == HASH_AlgNULL) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + + hashObj = HASH_GetRawHashObject(tlsPrfHash); + if (seed.len != hashObj->length) { + crv = CKR_TEMPLATE_INCONSISTENT; + break; + } + + status = TLS_P_hash(tlsPrfHash, &pms, "extended master secret", + &seed, &master, isFIPS); + } + + /* Reflect the version if required */ + if (ems_params->pVersion) { + SFTKSessionObject *sessKey = sftk_narrowToSessionObject(key); + rsa_pms = (SSL3RSAPreMasterSecret *) att->attrib.pValue; + /* don't leak more key material than necessary for SSL to work */ + if ((sessKey == NULL) || sessKey->wasDerived) { + ems_params->pVersion->major = 0xff; + ems_params->pVersion->minor = 0xff; + } else { + ems_params->pVersion->major = rsa_pms->client_version[0]; + ems_params->pVersion->minor = rsa_pms->client_version[1]; + } + } + + /* Store the results */ + crv = sftk_forceAttribute(key, CKA_VALUE, key_block, + SSL3_MASTER_SECRET_LENGTH); + break; + } + case CKM_TLS12_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: case CKM_TLS_KEY_AND_MAC_DERIVE: diff --git a/security/nss/lib/softoken/sftkdb.c b/security/nss/lib/softoken/sftkdb.c index b686e8e10..61f1e9e4f 100644 --- a/security/nss/lib/softoken/sftkdb.c +++ b/security/nss/lib/softoken/sftkdb.c @@ -2408,7 +2408,7 @@ sftk_getCertDB(SFTKSlot *slot) PZ_Lock(slot->slotLock); dbHandle = slot->certDB; if (dbHandle) { - PR_ATOMIC_INCREMENT(&dbHandle->ref); + (void)PR_ATOMIC_INCREMENT(&dbHandle->ref); } PZ_Unlock(slot->slotLock); return dbHandle; @@ -2426,7 +2426,7 @@ sftk_getKeyDB(SFTKSlot *slot) SKIP_AFTER_FORK(PZ_Lock(slot->slotLock)); dbHandle = slot->keyDB; if (dbHandle) { - PR_ATOMIC_INCREMENT(&dbHandle->ref); + (void)PR_ATOMIC_INCREMENT(&dbHandle->ref); } SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock)); return dbHandle; @@ -2444,7 +2444,7 @@ sftk_getDBForTokenObject(SFTKSlot *slot, CK_OBJECT_HANDLE objectID) PZ_Lock(slot->slotLock); dbHandle = objectID & SFTK_KEYDB_TYPE ? slot->keyDB : slot->certDB; if (dbHandle) { - PR_ATOMIC_INCREMENT(&dbHandle->ref); + (void)PR_ATOMIC_INCREMENT(&dbHandle->ref); } PZ_Unlock(slot->slotLock); return dbHandle; diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h index da5616441..602839680 100644 --- a/security/nss/lib/ssl/SSLerrs.h +++ b/security/nss/lib/ssl/SSLerrs.h @@ -434,3 +434,9 @@ ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134), ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135), "The peer used an unsupported combination of signature and hash algorithm.") + +ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136), +"The peer tried to resume without a correct extended_master_secret extension") + +ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137), +"The peer tried to resume with an unexpected extended_master_secret extension") diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c index b7c38c30b..8b58b800d 100644 --- a/security/nss/lib/ssl/derive.c +++ b/security/nss/lib/ssl/derive.c @@ -431,7 +431,7 @@ ssl3_KeyAndMacDeriveBypass( * so isRSA is always true. */ SECStatus -ssl3_MasterKeyDeriveBypass( +ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec, const unsigned char * cr, const unsigned char * sr, diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index 40f8476d5..2a527693b 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -196,6 +196,14 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); */ #define SSL_ENABLE_SERVER_DHE 29 +/* Use draft-ietf-tls-session-hash. Controls whether we offer the + * extended_master_secret extension which, when accepted, hashes + * the handshake transcript into the master secret. This option is + * disabled by default. + */ +#define SSL_ENABLE_EXTENDED_MASTER_SECRET 30 + + #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index b22bc0042..5d7734f87 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -62,6 +62,10 @@ static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, const unsigned char *b, unsigned int l); static SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); +static SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss, + ssl3CipherSpec *spec, + SSL3Hashes *hashes, + PRUint32 sender); static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, @@ -2221,7 +2225,11 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss) * Sets error code, but caller probably should override to disambiguate. * NULL pms means re-use old master_secret. * - * This code is common to the bypass and PKCS11 execution paths. + * This code is common to the bypass and PKCS11 execution paths. For + * the bypass case, pms is NULL. If the old master secret is reused, + * pms is NULL and the master secret is already in either + * pwSpec->msItem.len (the bypass case) or pwSpec->master_secret. + * * For the bypass case, pms is NULL. */ SECStatus @@ -3627,13 +3635,70 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) return SECSuccess; } -/* This method uses PKCS11 to derive the MS from the PMS, where PMS -** is a PKCS11 symkey. This is used in all cases except the -** "triple bypass" with RSA key exchange. -** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec. +/* This method completes the derivation of the MS from the PMS. +** +** 1. Derive the MS, if possible, else return an error. +** +** 2. Check the version if |pms_version| is non-zero and if wrong, +** return an error. +** +** 3. If |msp| is nonzero, return MS in |*msp|. + +** Called from: +** ssl3_ComputeMasterSecretInt +** tls_ComputeExtendedMasterSecretInt */ static SECStatus -ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) +ssl3_ComputeMasterSecretFinish(sslSocket *ss, + CK_MECHANISM_TYPE master_derive, + CK_MECHANISM_TYPE key_derive, + CK_VERSION *pms_version, + SECItem *params, CK_FLAGS keyFlags, + PK11SymKey *pms, PK11SymKey **msp) +{ + PK11SymKey *ms = NULL; + + ms = PK11_DeriveWithFlags(pms, master_derive, + params, key_derive, + CKA_DERIVE, 0, keyFlags); + if (!ms) { + ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); + return SECFailure; + } + + if (pms_version && ss->opt.detectRollBack) { + SSL3ProtocolVersion client_version; + client_version = pms_version->major << 8 | pms_version->minor; + + if (IS_DTLS(ss)) { + client_version = dtls_DTLSVersionToTLSVersion(client_version); + } + + if (client_version != ss->clientHelloVersion) { + /* Destroy MS. Version roll-back detected. */ + PK11_FreeSymKey(ms); + ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); + return SECFailure; + } + } + + if (msp) { + *msp = ms; + } else { + PK11_FreeSymKey(ms); + } + + return SECSuccess; +} + +/* Compute the ordinary (pre draft-ietf-tls-session-hash) master + ** secret and return it in |*msp|. + ** + ** Called from: ssl3_ComputeMasterSecret + */ +static SECStatus +ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, + PK11SymKey **msp) { ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec; const ssl3KEADef *kea_def= ss->ssl3.hs.kea_def; @@ -3643,26 +3708,23 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) (pwSpec->version > SSL_LIBRARY_VERSION_3_0)); PRBool isTLS12= (PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - /* + /* * Whenever isDH is true, we need to use CKM_TLS_MASTER_KEY_DERIVE_DH * which, unlike CKM_TLS_MASTER_KEY_DERIVE, converts arbitrary size - * data into a 48-byte value. + * data into a 48-byte value, and does not expect to return the version. */ PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) || (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh)); - SECStatus rv = SECFailure; CK_MECHANISM_TYPE master_derive; CK_MECHANISM_TYPE key_derive; SECItem params; CK_FLAGS keyFlags; CK_VERSION pms_version; + CK_VERSION *pms_version_ptr = NULL; /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; unsigned int master_params_len; - PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); - PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); - PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); if (isTLS12) { if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; else master_derive = CKM_TLS12_MASTER_KEY_DERIVE; @@ -3680,93 +3742,142 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) keyFlags = 0; } - if (pms || !pwSpec->master_secret) { - if (isDH) { - master_params.pVersion = NULL; - } else { - master_params.pVersion = &pms_version; - } - master_params.RandomInfo.pClientRandom = cr; - master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; - master_params.RandomInfo.pServerRandom = sr; - master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; - if (isTLS12) { - master_params.prfHashMechanism = CKM_SHA256; - master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); - } else { - master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); - } + if (!isDH) { + pms_version_ptr = &pms_version; + } - params.data = (unsigned char *) &master_params; - params.len = master_params_len; + master_params.pVersion = pms_version_ptr; + master_params.RandomInfo.pClientRandom = cr; + master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; + master_params.RandomInfo.pServerRandom = sr; + master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; + if (isTLS12) { + master_params.prfHashMechanism = CKM_SHA256; + master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); + } else { + /* prfHashMechanism is not relevant with this PRF */ + master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); } - if (pms != NULL) { -#if defined(TRACE) - if (ssl_trace >= 100) { - SECStatus extractRV = PK11_ExtractKeyValue(pms); - if (extractRV == SECSuccess) { - SECItem * keyData = PK11_GetKeyData(pms); - if (keyData && keyData->data && keyData->len) { - ssl_PrintBuf(ss, "Pre-Master Secret", - keyData->data, keyData->len); - } - } - } -#endif - pwSpec->master_secret = PK11_DeriveWithFlags(pms, master_derive, - ¶ms, key_derive, CKA_DERIVE, 0, keyFlags); - if (!isDH && pwSpec->master_secret && ss->opt.detectRollBack) { - SSL3ProtocolVersion client_version; - client_version = pms_version.major << 8 | pms_version.minor; + params.data = (unsigned char *) &master_params; + params.len = master_params_len; - if (IS_DTLS(ss)) { - client_version = dtls_DTLSVersionToTLSVersion(client_version); - } + return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive, + pms_version_ptr, ¶ms, + keyFlags, pms, msp); +} - if (client_version != ss->clientHelloVersion) { - /* Destroy it. Version roll-back detected. */ - PK11_FreeSymKey(pwSpec->master_secret); - pwSpec->master_secret = NULL; - } - } - if (pwSpec->master_secret == NULL) { - /* Generate a faux master secret in the same slot as the old one. */ - PK11SlotInfo * slot = PK11_GetSlotFromKey((PK11SymKey *)pms); - PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot); +/* Compute the draft-ietf-tls-session-hash master +** secret and return it in |*msp|. +** +** Called from: ssl3_ComputeMasterSecret +*/ +static SECStatus +tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms, + PK11SymKey **msp) +{ + ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec; + CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS extended_master_params; + SSL3Hashes hashes; + /* + * Determine whether to use the DH/ECDH or RSA derivation modes. + */ + /* + * TODO(ekr@rtfm.com): Verify that the slot can handle this key expansion + * mode. Bug 1198298 */ + PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) || + (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh)); + CK_MECHANISM_TYPE master_derive; + CK_MECHANISM_TYPE key_derive; + SECItem params; + const CK_FLAGS keyFlags = CKF_SIGN | CKF_VERIFY; + CK_VERSION pms_version; + CK_VERSION *pms_version_ptr = NULL; + SECStatus rv; - PK11_FreeSlot(slot); - if (fpms != NULL) { - pwSpec->master_secret = PK11_DeriveWithFlags(fpms, - master_derive, ¶ms, key_derive, - CKA_DERIVE, 0, keyFlags); - PK11_FreeSymKey(fpms); - } - } + rv = ssl3_ComputeHandshakeHashes(ss, pwSpec, &hashes, 0); + if (rv != SECSuccess) { + PORT_Assert(0); /* Should never fail */ + ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); + return SECFailure; } - if (pwSpec->master_secret == NULL) { - /* Generate a faux master secret from the internal slot. */ - PK11SlotInfo * slot = PK11_GetInternalSlot(); - PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot); - PK11_FreeSlot(slot); - if (fpms != NULL) { - pwSpec->master_secret = PK11_DeriveWithFlags(fpms, - master_derive, ¶ms, key_derive, - CKA_DERIVE, 0, keyFlags); - if (pwSpec->master_secret == NULL) { - pwSpec->master_secret = fpms; /* use the fpms as the master. */ - fpms = NULL; - } - } - if (fpms) { - PK11_FreeSymKey(fpms); - } + if (isDH) { + master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH; + } else { + master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE; + pms_version_ptr = &pms_version; } - if (pwSpec->master_secret == NULL) { - ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); - return rv; + + if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { + /* TLS 1.2 */ + extended_master_params.prfHashMechanism = CKM_SHA256; + key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; + } else { + /* TLS < 1.2 */ + extended_master_params.prfHashMechanism = CKM_TLS_PRF; + key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; } + + extended_master_params.pVersion = pms_version_ptr; + extended_master_params.pSessionHash = hashes.u.raw; + extended_master_params.ulSessionHashLen = hashes.len; + + params.data = (unsigned char *) &extended_master_params; + params.len = sizeof extended_master_params; + + return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive, + pms_version_ptr, ¶ms, + keyFlags, pms, msp); +} + + +/* Wrapper method to compute the master secret and return it in |*msp|. +** +** Called from ssl3_ComputeMasterSecret +*/ +static SECStatus +ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms, + PK11SymKey **msp) +{ + PORT_Assert(pms != NULL); + PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); + PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); + + if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { + return tls_ComputeExtendedMasterSecretInt(ss, pms, msp); + } else { + return ssl3_ComputeMasterSecretInt(ss, pms, msp); + } +} + +/* This method uses PKCS11 to derive the MS from the PMS, where PMS +** is a PKCS11 symkey. We call ssl3_ComputeMasterSecret to do the +** computations and then modify the pwSpec->state as a side effect. +** +** This is used in all cases except the "triple bypass" with RSA key +** exchange. +** +** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec. +*/ +static SECStatus +ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) +{ + SECStatus rv; + PK11SymKey* ms = NULL; + ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec; + + PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); + PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); + PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); + + if (pms) { + rv = ssl3_ComputeMasterSecret(ss, pms, &ms); + pwSpec->master_secret = ms; + if (rv != SECSuccess) + return rv; + } + #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { SECItem * keydata; @@ -3777,7 +3888,7 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) rv = PK11_ExtractKeyValue(pwSpec->master_secret); if (rv != SECSuccess) { return rv; - } + } /* This returns the address of the secItem inside the key struct, * not a copy or a reference. So, there's no need to free it. */ @@ -3792,10 +3903,10 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) } } #endif + return SECSuccess; } - /* * Derive encryption and MAC Keys (and IVs) from master secret * Sets a useful error code when returning SECFailure. @@ -4628,11 +4739,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* compute them without PKCS11 */ PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; - if (!spec->msItem.data) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); - return SECFailure; - } - ss->ssl3.hs.sha_clone(sha_cx, ss->ssl3.hs.sha_cx); ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len, sizeof(hashes->u.raw)); @@ -4651,11 +4757,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, #define md5cx ((MD5Context *)md5_cx) #define shacx ((SHA1Context *)sha_cx) - if (!spec->msItem.data) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); - return SECFailure; - } - MD5_Clone (md5cx, (MD5Context *)ss->ssl3.hs.md5_cx); SHA1_Clone(shacx, (SHA1Context *)ss->ssl3.hs.sha_cx); @@ -4663,6 +4764,12 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* compute hashes for SSL3. */ unsigned char s[4]; + if (!spec->msItem.data) { + PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); + return SECFailure; + } + + s[0] = (unsigned char)(sender >> 24); s[1] = (unsigned char)(sender >> 16); s[2] = (unsigned char)(sender >> 8); @@ -4735,11 +4842,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, unsigned char stackBuf[1024]; unsigned char *stateBuf = NULL; - if (!spec->master_secret) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); - return SECFailure; - } - h = ss->ssl3.hs.sha; stateBuf = PK11_SaveContextAlloc(h, stackBuf, sizeof(stackBuf), &stateLen); @@ -4779,11 +4881,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, unsigned char md5StackBuf[256]; unsigned char shaStackBuf[512]; - if (!spec->master_secret) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); - return SECFailure; - } - md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf, sizeof md5StackBuf, &md5StateLen); if (md5StateBuf == NULL) { @@ -4804,6 +4901,12 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* compute hashes for SSL3. */ unsigned char s[4]; + if (!spec->master_secret) { + PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); + return SECFailure; + } + + s[0] = (unsigned char)(sender >> 24); s[1] = (unsigned char)(sender >> 16); s[2] = (unsigned char)(sender >> 8); @@ -6049,14 +6152,6 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) } } - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); pms = NULL; - - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; - } - rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, isTLS ? enc_pms.len + 2 : enc_pms.len); if (rv != SECSuccess) { @@ -6071,6 +6166,15 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) goto loser; /* err set by ssl3_AppendHandshake* */ } + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); + pms = NULL; + + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + rv = SECSuccess; loser: @@ -6140,14 +6244,6 @@ sendDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) SECKEY_DestroyPrivateKey(privKey); privKey = NULL; - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); pms = NULL; - - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; - } - rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, pubKey->u.dh.publicValue.len + 2); if (rv != SECSuccess) { @@ -6163,8 +6259,16 @@ sendDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) goto loser; /* err set by ssl3_AppendHandshake* */ } - rv = SECSuccess; + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); + pms = NULL; + + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + rv = SECSuccess; loser: @@ -6561,6 +6665,32 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem wrappedMS; /* wrapped master secret. */ + /* [draft-ietf-tls-session-hash-06; Section 5.3] + * + * o If the original session did not use the "extended_master_secret" + * extension but the new ServerHello contains the extension, the + * client MUST abort the handshake. + */ + if (!sid->u.ssl3.keys.extendedMasterSecretUsed && + ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { + errCode = SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET; + goto alert_loser; + } + + /* + * o If the original session used an extended master secret but the new + * ServerHello does not contain the "extended_master_secret" + * extension, the client SHOULD abort the handshake. + * + * TODO(ekr@rtfm.com): Add option to refuse to resume when EMS is not + * used at all (bug 1176526). + */ + if (sid->u.ssl3.keys.extendedMasterSecretUsed && + !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { + errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET; + goto alert_loser; + } + ss->sec.authAlgorithm = sid->authAlgorithm; ss->sec.authKeyBits = sid->authKeyBits; ss->sec.keaType = sid->keaType; @@ -6662,7 +6792,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); } - /* NULL value for PMS signifies re-use of the old MS */ + /* NULL value for PMS because we are reusing the old MS */ rv = ssl3_InitPendingCipherSpec(ss, NULL); if (rv != SECSuccess) { goto alert_loser; /* err code was set */ @@ -6691,6 +6821,9 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) sid->u.ssl3.sessionIDLength = sidBytes.len; PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); + sid->u.ssl3.keys.extendedMasterSecretUsed = + ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn); + ss->ssl3.hs.isResuming = PR_FALSE; if (ss->ssl3.hs.kea_def->signKeyType != sign_null) { /* All current cipher suites other than those with sign_null (i.e., @@ -7628,6 +7761,7 @@ ssl3_NewSessionID(sslSocket *ss, PRBool is_server) sid->u.ssl3.policy = SSL_ALLOWED; sid->u.ssl3.clientWriteKey = NULL; sid->u.ssl3.serverWriteKey = NULL; + sid->u.ssl3.keys.extendedMasterSecretUsed = PR_FALSE; if (is_server) { SECStatus rv; @@ -8188,6 +8322,8 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* If there are any failures while processing the old sid, * we don't consider them to be errors. Instead, We just behave * as if the client had sent us no sid to begin with, and make a new one. + * The exception here is attempts to resume extended_master_secret + * sessions without the extension, which causes an alert. */ if (sid != NULL) do { ssl3CipherSpec *pwSpec; @@ -8199,6 +8335,30 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) break; /* not an error */ } + /* [draft-ietf-tls-session-hash-06; Section 5.3] + * o If the original session did not use the "extended_master_secret" + * extension but the new ClientHello contains the extension, then the + * server MUST NOT perform the abbreviated handshake. Instead, it + * SHOULD continue with a full handshake (as described in + * Section 5.2) to negotiate a new session. + * + * o If the original session used the "extended_master_secret" + * extension but the new ClientHello does not contain the extension, + * the server MUST abort the abbreviated handshake. + */ + if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { + if (!sid->u.ssl3.keys.extendedMasterSecretUsed) { + break; /* not an error */ + } + } else { + if (sid->u.ssl3.keys.extendedMasterSecretUsed) { + /* Note: we do not destroy the session */ + desc = handshake_failure; + errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET; + goto alert_loser; + } + } + if (ss->sec.ci.sid) { if (ss->sec.uncache) ss->sec.uncache(ss->sec.ci.sid); @@ -8339,7 +8499,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) haveSpecWriteLock = PR_FALSE; } - /* NULL value for PMS signifies re-use of the old MS */ + /* NULL value for PMS because we are re-using the old MS */ rv = ssl3_InitPendingCipherSpec(ss, NULL); if (rv != SECSuccess) { errCode = PORT_GetError(); @@ -8530,6 +8690,8 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } ss->sec.ci.sid = sid; + sid->u.ssl3.keys.extendedMasterSecretUsed = + ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn); ss->ssl3.hs.isResuming = PR_FALSE; ssl_GetXmitBufLock(ss); rv = ssl3_SendServerHelloSequence(ss); @@ -9276,7 +9438,7 @@ ssl3_SendCertificateRequest(sslSocket *ss) int nnames = 0; int certTypesLength; PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2]; - unsigned int sigAlgsLength; + unsigned int sigAlgsLength = 0; SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", SSL_GETPID(), ss->fd)); @@ -9540,18 +9702,17 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, PRUint32 length, SECKEYPrivateKey *serverKey) { - PK11SymKey * pms; #ifndef NO_PKCS11_BYPASS unsigned char * cr = (unsigned char *)&ss->ssl3.hs.client_random; unsigned char * sr = (unsigned char *)&ss->ssl3.hs.server_random; ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec; unsigned int outLen = 0; -#endif PRBool isTLS = PR_FALSE; + SECItem pmsItem = {siBuffer, NULL, 0}; + unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; +#endif SECStatus rv; SECItem enc_pms; - unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; - SECItem pmsItem = {siBuffer, NULL, 0}; PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); @@ -9559,8 +9720,10 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, enc_pms.data = b; enc_pms.len = length; +#ifndef NO_PKCS11_BYPASS pmsItem.data = rsaPmsBuf; pmsItem.len = sizeof rsaPmsBuf; +#endif if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */ PRInt32 kLen; @@ -9572,13 +9735,24 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, if ((unsigned)kLen < enc_pms.len) { enc_pms.len = kLen; } +#ifndef NO_PKCS11_BYPASS isTLS = PR_TRUE; +#endif } else { +#ifndef NO_PKCS11_BYPASS isTLS = (PRBool)(ss->ssl3.hs.kea_def->tls_keygen != 0); +#endif } #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { + /* We have not implemented a tls_ExtendedMasterKeyDeriveBypass + * and will not negotiate this extension in bypass mode. This + * assert just double-checks that. + */ + PORT_Assert( + !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)); + /* TRIPLE BYPASS, get PMS directly from RSA decryption. * Use PK11_PrivDecryptPKCS1 to decrypt the PMS to a buffer, * then, check for version rollback attack, then @@ -9606,8 +9780,8 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, } } /* have PMS, build MS without PKCS11 */ - rv = ssl3_MasterKeyDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, - PR_TRUE); + rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, + PR_TRUE); if (rv != SECSuccess) { pwSpec->msItem.data = pwSpec->raw_master_secret; pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH; @@ -9617,46 +9791,107 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, } else #endif { + PK11SymKey *tmpPms[2] = {NULL, NULL}; + PK11SlotInfo *slot; + int useFauxPms = 0; +#define currentPms tmpPms[!useFauxPms] +#define unusedPms tmpPms[useFauxPms] +#define realPms tmpPms[1] +#define fauxPms tmpPms[0] + #ifndef NO_PKCS11_BYPASS double_bypass: #endif - /* - * unwrap pms out of the incoming buffer - * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do - * the unwrap. Rather, it is the mechanism with which the - * unwrapped pms will be used. - */ - pms = PK11_PubUnwrapSymKey(serverKey, &enc_pms, - CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0); - if (pms != NULL) { - PRINT_BUF(60, (ss, "decrypted premaster secret:", - PK11_GetKeyData(pms)->data, - PK11_GetKeyData(pms)->len)); - } else { - /* unwrap failed. Generate a bogus PMS and carry on. */ - PK11SlotInfo * slot = PK11_GetSlotFromPrivateKey(serverKey); - ssl_GetSpecWriteLock(ss); - pms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot); - ssl_ReleaseSpecWriteLock(ss); - PK11_FreeSlot(slot); - } + /* + * Get as close to algorithm 2 from RFC 5246; Section 7.4.7.1 + * as we can within the constraints of the PKCS#11 interface. + * + * 1. Unconditionally generate a bogus PMS (what RFC 5246 + * calls R). + * 2. Attempt the RSA decryption to recover the PMS (what + * RFC 5246 calls M). + * 3. Set PMS = (M == NULL) ? R : M + * 4. Use ssl3_ComputeMasterSecret(PMS) to attempt to derive + * the MS from PMS. This includes performing the version + * check and length check. + * 5. If either the initial RSA decryption failed or + * ssl3_ComputeMasterSecret(PMS) failed, then discard + * M and set PMS = R. Else, discard R and set PMS = M. + * + * We do two derivations here because we can't rely on having + * a function that only performs the PMS version and length + * check. The only redundant cost is that this runs the PRF, + * which isn't necessary here. + */ + + /* Generate the bogus PMS (R) */ + slot = PK11_GetSlotFromPrivateKey(serverKey); + if (!slot) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } - if (pms == NULL) { - /* last gasp. */ + if (!PK11_DoesMechanism(slot, CKM_SSL3_MASTER_KEY_DERIVE)) { + PK11_FreeSlot(slot); + slot = PK11_GetBestSlot(CKM_SSL3_MASTER_KEY_DERIVE, NULL); + if (!slot) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + } + + ssl_GetSpecWriteLock(ss); + fauxPms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot); + ssl_ReleaseSpecWriteLock(ss); + PK11_FreeSlot(slot); + + if (fauxPms == NULL) { ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); return SECFailure; } + /* + * unwrap pms out of the incoming buffer + * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do + * the unwrap. Rather, it is the mechanism with which the + * unwrapped pms will be used. + */ + realPms = PK11_PubUnwrapSymKey(serverKey, &enc_pms, + CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0); + /* Temporarily use the PMS if unwrapping the real PMS fails. */ + useFauxPms |= (realPms == NULL); + + /* Attempt to derive the MS from the PMS. This is the only way to + * check the version field in the RSA PMS. If this fails, we + * then use the faux PMS in place of the PMS. Note that this + * operation should never fail if we are using the faux PMS + * since it is correctly formatted. */ + rv = ssl3_ComputeMasterSecret(ss, currentPms, NULL); + + /* If we succeeded, then select the true PMS and discard the + * FPMS. Else, select the FPMS and select the true PMS */ + useFauxPms |= (rv != SECSuccess); + + if (unusedPms) { + PK11_FreeSymKey(unusedPms); + } + /* This step will derive the MS from the PMS, among other things. */ - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); + rv = ssl3_InitPendingCipherSpec(ss, currentPms); + PK11_FreeSymKey(currentPms); } if (rv != SECSuccess) { SEND_ALERT return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ } + +#undef currentPms +#undef unusedPms +#undef realPms +#undef fauxPms + return SECSuccess; } diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 43af52945..dac217443 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -319,14 +319,6 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) SECKEY_DestroyPrivateKey(privKey); privKey = NULL; - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); pms = NULL; - - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; - } - rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, pubKey->u.ec.publicValue.len + 1); if (rv != SECSuccess) { @@ -343,6 +335,14 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) goto loser; /* err set by ssl3_AppendHandshake* */ } + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); pms = NULL; + + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + rv = SECSuccess; loser: diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index c45f29542..07d792944 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -91,6 +91,12 @@ static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); +static PRInt32 ssl3_SendExtendedMasterSecretXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static SECStatus ssl3_HandleExtendedMasterSecretXtn(sslSocket *ss, + PRUint16 ex_type, + SECItem *data); + /* * Write bytes. Using this function means the SECItem structure @@ -256,6 +262,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn }, + { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn }, { -1, NULL } }; @@ -270,6 +277,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, + { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn }, { -1, NULL } }; @@ -299,6 +307,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, + { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn}, /* any extra entries will appear as { 0, NULL } */ }; @@ -1182,6 +1191,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) + cert_length /* cert */ + 1 /* server name type */ + srvNameLen /* name len + length field */ + + 1 /* extendedMasterSecretUsed */ + sizeof(ticket.ticket_lifetime_hint); padding_length = AES_BLOCK_SIZE - (ciphertext_length % AES_BLOCK_SIZE); @@ -1280,6 +1290,11 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (rv != SECSuccess) goto loser; } + /* extendedMasterSecretUsed */ + rv = ssl3_AppendNumberToItem( + &plaintext, ss->sec.ci.sid->u.ssl3.keys.extendedMasterSecretUsed, 1); + if (rv != SECSuccess) goto loser; + PORT_Assert(plaintext.len == padding_length); for (i = 0; i < padding_length; i++) plaintext.data[i] = (unsigned char)padding_length; @@ -1637,9 +1652,10 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, goto loser; } - /* Read ticket_version (which is ignored for now.) */ + /* Read ticket_version and reject if the version is wrong */ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; + if (temp != TLS_EX_SESS_TICKET_VERSION) goto no_ticket; + parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp; /* Read SSLVersion. */ @@ -1740,6 +1756,13 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, parsed_session_ticket->srvName.type = nameType; } + /* Read extendedMasterSecretUsed */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) + goto no_ticket; + PORT_Assert(temp == PR_TRUE || temp == PR_FALSE); + parsed_session_ticket->extendedMasterSecretUsed = (PRBool)temp; + /* Done parsing. Check that all bytes have been consumed. */ if (buffer_len != padding_length) goto no_ticket; @@ -1786,6 +1809,8 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, parsed_session_ticket->ms_is_wrapped; sid->u.ssl3.masterValid = PR_TRUE; sid->u.ssl3.keys.resumable = PR_TRUE; + sid->u.ssl3.keys.extendedMasterSecretUsed = parsed_session_ticket-> + extendedMasterSecretUsed; /* Copy over client cert from session ticket if there is one. */ if (parsed_session_ticket->peer_cert.data != NULL) { @@ -2559,3 +2584,90 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type, return SECSuccess; } + +static PRInt32 +ssl3_SendExtendedMasterSecretXtn(sslSocket * ss, PRBool append, + PRUint32 maxBytes) +{ + PRInt32 extension_length; + + if (!ss->opt.enableExtendedMS) { + return 0; + } + +#ifndef NO_PKCS11_BYPASS + /* Extended MS can only be used w/o bypass mode */ + if (ss->opt.bypassPKCS11) { + PORT_Assert(0); + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); + return -1; + } +#endif + + /* Always send the extension in this function, since the + * client always sends it and this function is only called on + * the server if we negotiated the extension. */ + extension_length = 4; /* Type + length (0) */ + if (maxBytes < extension_length) { + PORT_Assert(0); + return 0; + } + + if (append) { + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_extended_master_secret_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_extended_master_secret_xtn; + } + + return extension_length; + +loser: + return -1; +} + + +static SECStatus +ssl3_HandleExtendedMasterSecretXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data) +{ + if (ss->version < SSL_LIBRARY_VERSION_TLS_1_0) { + return SECSuccess; + } + + if (!ss->opt.enableExtendedMS) { + return SECSuccess; + } + +#ifndef NO_PKCS11_BYPASS + /* Extended MS can only be used w/o bypass mode */ + if (ss->opt.bypassPKCS11) { + PORT_Assert(0); + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); + return SECFailure; + } +#endif + + if (data->len != 0) { + SSL_TRC(30, ("%d: SSL3[%d]: Bogus extended master secret extension", + SSL_GETPID(), ss->fd)); + return SECFailure; + } + + SSL_DBG(("%d: SSL[%d]: Negotiated extended master secret extension.", + SSL_GETPID(), ss->fd)); + + /* Keep track of negotiated extensions. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; + + if (ss->sec.isServer) { + return ssl3_RegisterServerHelloExtensionSender( + ss, ex_type, ssl3_SendExtendedMasterSecretXtn); + } + return SECSuccess; +} diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h index 4e905438e..192a10758 100644 --- a/security/nss/lib/ssl/sslerr.h +++ b/security/nss/lib/ssl/sslerr.h @@ -205,6 +205,9 @@ SSL_ERROR_RX_SHORT_DTLS_READ = (SSL_ERROR_BASE + 133), SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 134), SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135), +SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 136), +SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 137), + SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index dc3c73eeb..43daa9d6b 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -347,6 +347,7 @@ typedef struct sslOptionsStr { unsigned int reuseServerECDHEKey : 1; /* 28 */ unsigned int enableFallbackSCSV : 1; /* 29 */ unsigned int enableServerDhe : 1; /* 30 */ + unsigned int enableExtendedMS : 1; /* 31 */ } sslOptions; typedef enum { sslHandshakingUndetermined = 0, @@ -520,6 +521,7 @@ typedef struct { PRUint16 wrapped_master_secret_len; PRUint8 msIsWrapped; PRUint8 resumable; + PRUint8 extendedMasterSecretUsed; } ssl3SidKeys; /* 52 bytes */ typedef struct { @@ -1073,6 +1075,7 @@ typedef struct SessionTicketStr { CK_MECHANISM_TYPE msWrapMech; PRUint16 ms_length; SSL3Opaque master_secret[48]; + PRBool extendedMasterSecretUsed; ClientIdentity client_identity; SECItem peer_cert; PRUint32 timestamp; @@ -1598,7 +1601,7 @@ extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, const unsigned char * cr, const unsigned char * sr, PRBool isTLS, PRBool isExport); -extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, +extern SECStatus ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec, const unsigned char * cr, const unsigned char * sr, const SECItem * pms, PRBool isTLS, PRBool isRSA); @@ -1849,7 +1852,7 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, /* Tell clients to consider tickets valid for this long. */ #define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ -#define TLS_EX_SESS_TICKET_VERSION (0x0100) +#define TLS_EX_SESS_TICKET_VERSION (0x0101) extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length); diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 48b77b011..f631ec408 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -67,6 +67,8 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) inf.creationTime = sid->creationTime; inf.lastAccessTime = sid->lastAccessTime; inf.expirationTime = sid->expirationTime; + inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecretUsed; + if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ inf.sessionIDLength = SSL2_SESSIONID_BYTES; memcpy(inf.sessionID, sid->u.ssl2.sessionID, diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index 3a80d060f..f31b2e9c2 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -120,14 +120,14 @@ struct sidCacheEntryStr { /* 2 */ ssl3CipherSuite cipherSuite; /* 2 */ PRUint16 compression; /* SSLCompressionMethod */ -/* 52 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ +/* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ /* 4 */ PRUint32 masterWrapMech; /* 4 */ SSL3KEAType exchKeyType; /* 4 */ PRInt32 certIndex; /* 4 */ PRInt32 srvNameIndex; /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ -/*104 */} ssl3; +/*108 */} ssl3; /* force sizeof(sidCacheEntry) to be a multiple of cache line size */ struct { /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */ @@ -507,7 +507,6 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from) to->sessionIDLength = from->u.ssl3.sessionIDLength; to->u.ssl3.certIndex = -1; to->u.ssl3.srvNameIndex = -1; - PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID, to->sessionIDLength); @@ -637,7 +636,7 @@ ConvertToSID(sidCacheEntry * from, to->authKeyBits = from->authKeyBits; to->keaType = from->keaType; to->keaKeyBits = from->keaKeyBits; - + return to; loser: @@ -1027,10 +1026,6 @@ CloseCache(cacheDesc *cache) memset(cache, 0, sizeof *cache); } -#ifdef __GNUC__ -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wstrict-aliasing" -#endif static SECStatus InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, int maxSrvNameCacheEntries, PRUint32 ssl2_timeout, @@ -1232,20 +1227,32 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, /* Fix pointers in our private copy of cache descriptor to point to ** spaces in shared memory */ - ptr = (ptrdiff_t)cache->cacheMem; - *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; - *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; - *(ptrdiff_t *)(&cache->certCacheLock) += ptr; - *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; - *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; - *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; - *(ptrdiff_t *)(&cache->certCacheData) += ptr; - *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; - *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; - *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; - *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; - *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; - *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; + cache->sidCacheLocks = (sidCacheLock *) + (cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks); + cache->keyCacheLock = (sidCacheLock *) + (cache->cacheMem + (ptrdiff_t)cache->keyCacheLock); + cache->certCacheLock = (sidCacheLock *) + (cache->cacheMem + (ptrdiff_t)cache->certCacheLock); + cache->srvNameCacheLock = (sidCacheLock *) + (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock); + cache->sidCacheSets = (sidCacheSet *) + (cache->cacheMem + (ptrdiff_t)cache->sidCacheSets); + cache->sidCacheData = (sidCacheEntry *) + (cache->cacheMem + (ptrdiff_t)cache->sidCacheData); + cache->certCacheData = (certCacheEntry *) + (cache->cacheMem + (ptrdiff_t)cache->certCacheData); + cache->keyCacheData = (SSLWrappedSymWrappingKey *) + (cache->cacheMem + (ptrdiff_t)cache->keyCacheData); + cache->ticketKeyNameSuffix = (PRUint8 *) + (cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); + cache->ticketEncKey = (encKeyCacheEntry *) + (cache->cacheMem + (ptrdiff_t)cache->ticketEncKey); + cache->ticketMacKey = (encKeyCacheEntry *) + (cache->cacheMem + (ptrdiff_t)cache->ticketMacKey); + cache->ticketKeysValid = (PRUint32 *) + (cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid); + cache->srvNameCacheData = (srvNameCacheEntry *) + (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData); /* initialize the locks */ init_time = ssl_Time(); @@ -1270,9 +1277,6 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, CloseCache(cache); return SECFailure; } -#ifdef __GNUC__ -#pragma GCC diagnostic pop -#endif PRUint32 SSL_GetMaxServerCacheLocks(void) @@ -1491,7 +1495,6 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) char * fmString = NULL; char * myEnvString = NULL; unsigned int decoLen; - ptrdiff_t ptr; inheritance inherit; cacheDesc my; #ifdef WINNT @@ -1587,20 +1590,32 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) /* Fix pointers in our private copy of cache descriptor to point to ** spaces in shared memory, whose address is now in "my". */ - ptr = (ptrdiff_t)my.cacheMem; - *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; - *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; - *(ptrdiff_t *)(&cache->certCacheLock) += ptr; - *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; - *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; - *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; - *(ptrdiff_t *)(&cache->certCacheData) += ptr; - *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; - *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; - *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; - *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; - *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; - *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; + cache->sidCacheLocks = (sidCacheLock *) + (my.cacheMem + (ptrdiff_t)cache->sidCacheLocks); + cache->keyCacheLock = (sidCacheLock *) + (my.cacheMem + (ptrdiff_t)cache->keyCacheLock); + cache->certCacheLock = (sidCacheLock *) + (my.cacheMem + (ptrdiff_t)cache->certCacheLock); + cache->srvNameCacheLock = (sidCacheLock *) + (my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock); + cache->sidCacheSets = (sidCacheSet *) + (my.cacheMem + (ptrdiff_t)cache->sidCacheSets); + cache->sidCacheData = (sidCacheEntry *) + (my.cacheMem + (ptrdiff_t)cache->sidCacheData); + cache->certCacheData = (certCacheEntry *) + (my.cacheMem + (ptrdiff_t)cache->certCacheData); + cache->keyCacheData = (SSLWrappedSymWrappingKey *) + (my.cacheMem + (ptrdiff_t)cache->keyCacheData); + cache->ticketKeyNameSuffix = (PRUint8 *) + (my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); + cache->ticketEncKey = (encKeyCacheEntry *) + (my.cacheMem + (ptrdiff_t)cache->ticketEncKey); + cache->ticketMacKey = (encKeyCacheEntry *) + (my.cacheMem + (ptrdiff_t)cache->ticketMacKey); + cache->ticketKeysValid = (PRUint32 *) + (my.cacheMem + (ptrdiff_t)cache->ticketKeysValid); + cache->srvNameCacheData = (srvNameCacheEntry *) + (my.cacheMem + (ptrdiff_t)cache->srvNameCacheData); cache->cacheMemMap = my.cacheMemMap; cache->cacheMem = my.cacheMem; diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index e35215169..81c3eec2e 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -85,6 +85,7 @@ static sslOptions ssl_defaults = { PR_TRUE, /* reuseServerECDHEKey */ PR_FALSE, /* enableFallbackSCSV */ PR_TRUE, /* enableServerDhe */ + PR_FALSE /* enableExtendedMS */ }; /* @@ -825,6 +826,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) ss->opt.enableServerDhe = on; break; + case SSL_ENABLE_EXTENDED_MASTER_SECRET: + ss->opt.enableExtendedMS = on; + break; + default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; @@ -901,6 +906,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) on = ss->opt.reuseServerECDHEKey; break; case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break; + case SSL_ENABLE_EXTENDED_MASTER_SECRET: + on = ss->opt.enableExtendedMS; break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -973,6 +980,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_ENABLE_SERVER_DHE: on = ssl_defaults.enableServerDhe; break; + case SSL_ENABLE_EXTENDED_MASTER_SECRET: + on = ssl_defaults.enableExtendedMS; + break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -1160,6 +1170,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) ssl_defaults.enableServerDhe = on; break; + case SSL_ENABLE_EXTENDED_MASTER_SECRET: + ssl_defaults.enableExtendedMS = on; + break; + default: PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index 7aaa1604b..6f5d609eb 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -146,6 +146,12 @@ typedef struct SSLChannelInfoStr { /* compression method info */ const char * compressionMethodName; SSLCompressionMethod compressionMethod; + + /* The following fields are added in NSS 3.21. + * This field only has meaning in TLS < 1.3 and will be set to + * PR_FALSE in TLS 1.3. + */ + PRBool extendedMasterSecretUsed; } SSLChannelInfo; /* Preliminary channel info */ @@ -230,13 +236,14 @@ typedef enum { ssl_use_srtp_xtn = 14, ssl_app_layer_protocol_xtn = 16, ssl_padding_xtn = 21, + ssl_extended_master_secret_xtn = 23, ssl_session_ticket_xtn = 35, ssl_next_proto_nego_xtn = 13172, ssl_renegotiation_info_xtn = 0xff01, ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */ } SSLExtensionType; -#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */ +#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */ typedef enum { ssl_dhe_group_none = 0, diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index 097ff9c5a..22e86b1ed 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -28,7 +28,7 @@ /* * NSS-defined object classes - * + * */ #define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS) @@ -166,7 +166,7 @@ #define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10) /* J-PAKE round 2 key derivation mechanisms. - * + * * Required template attributes: CKA_NSS_JPAKE_PEERID * Input key type: CKK_NSS_JPAKE_ROUND1 * Output key type: CKK_NSS_JPAKE_ROUND2 @@ -178,14 +178,14 @@ #define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13) #define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14) -/* J-PAKE final key material derivation mechanisms +/* J-PAKE final key material derivation mechanisms * * Input key type: CKK_NSS_JPAKE_ROUND2 * Output key type: CKK_GENERIC_SECRET * Output key class: CKO_SECRET_KEY * Parameter type: CK_NSS_JPAKEFinalParams * - * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material + * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material * to get a key with uniformly distributed bits. */ #define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15) @@ -216,6 +216,10 @@ #define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) +/* TLS extended master secret derivation */ +#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25) +#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26) + /* * HISTORICAL: * Do not attempt to use these. They are only used by NETSCAPE's internal @@ -294,7 +298,7 @@ typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms. See RFC 5869. - + bExtract: If set, HKDF-Extract will be applied to the input key. If the optional salt is given, it is used; otherwise, the salt is set to a sequence of zeros equal in length to the HMAC output. @@ -319,6 +323,31 @@ typedef struct CK_NSS_HKDFParams { CK_ULONG ulInfoLen; } CK_NSS_HKDFParams; +/* + * Parameter for the TLS extended master secret key derivation mechanisms: + * + * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE + * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH + * + * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash + * function used. For earlier versions of the PRF, set the prfHashMechanism + * value to CKM_TLS_PRF. + * + * The session hash input is expected to be the output of the same hash + * function as the PRF uses (as required by draft-ietf-tls-session-hash). So + * the ulSessionHashLen member must be equal the output length of the hash + * function specified by the prfHashMechanism member (or, for pre-TLS 1.2 PRF, + * the length of concatenated MD5 and SHA-1 digests). + * + */ +typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfHashMechanism; + CK_BYTE_PTR pSessionHash; + CK_ULONG ulSessionHashLen; + CK_VERSION_PTR pVersion; +} CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS; + + /* * Trust info * @@ -343,7 +372,7 @@ typedef CK_ULONG CK_TRUST; #define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10) #define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */ -/* +/* * These may well remain NSS-specific; I'm only using them * to cache resolution data. */ @@ -454,7 +483,7 @@ typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated #define SECMOD_MODULE_DB_FUNCTION_FIND 0 #define SECMOD_MODULE_DB_FUNCTION_ADD 1 #define SECMOD_MODULE_DB_FUNCTION_DEL 2 -#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 +#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function, char *parameters, void *moduleSpec); diff --git a/security/nss/lib/util/secport.h b/security/nss/lib/util/secport.h index 1b8f4616c..7d2f5e07c 100644 --- a/security/nss/lib/util/secport.h +++ b/security/nss/lib/util/secport.h @@ -87,8 +87,14 @@ extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str); SEC_END_PROTOS #define PORT_Assert PR_ASSERT -/* This runs a function that should return SECSuccess. */ -/* The value is asserted in a debug build, otherwise it is ignored. */ +/* This runs a function that should return SECSuccess. + * Intended for NSS internal use only. + * The return value is asserted in a debug build, otherwise it is ignored. + * This is no substitute for proper error handling. It is OK only if you + * have ensured that the function cannot fail by other means such as checking + * prerequisites. In that case this can be used as a safeguard against + * unexpected changes in a function. + */ #ifdef DEBUG #define PORT_CheckSuccess(f) PR_ASSERT((f) == SECSuccess) #else diff --git a/security/nss/lib/util/utilmod.c b/security/nss/lib/util/utilmod.c index 50e6c8390..4be99ade2 100644 --- a/security/nss/lib/util/utilmod.c +++ b/security/nss/lib/util/utilmod.c @@ -75,14 +75,15 @@ /* * Smart string cat functions. Automatically manage the memory. - * The first parameter is the source string. If it's null, we + * The first parameter is the destination string. If it's null, we * allocate memory for it. If it's not, we reallocate memory * so the the concanenated string fits. */ static char * nssutil_DupnCat(char *baseString, const char *str, int str_len) { - int len = (baseString ? PORT_Strlen(baseString) : 0) + 1; + int baseStringLen = baseString ? PORT_Strlen(baseString) : 0; + int len = baseStringLen + 1; char *newString; len += str_len; @@ -91,8 +92,9 @@ nssutil_DupnCat(char *baseString, const char *str, int str_len) PORT_Free(baseString); return NULL; } - if (baseString == NULL) *newString = 0; - return PORT_Strncat(newString,str, str_len); + PORT_Memcpy(&newString[baseStringLen], str, str_len); + newString[len - 1] = 0; + return newString; } /* Same as nssutil_DupnCat except it concatenates the full string, not a @@ -480,7 +482,7 @@ nssutil_DeleteSecmodDBEntry(const char *appName, char *block = NULL; char *name = NULL; char *lib = NULL; - int name_len, lib_len = 0; + int name_len = 0, lib_len = 0; PRBool skip = PR_FALSE; PRBool found = PR_FALSE; diff --git a/security/nss/tests/common/cleanup.sh b/security/nss/tests/common/cleanup.sh index 17a62bbcb..8030045d4 100644 --- a/security/nss/tests/common/cleanup.sh +++ b/security/nss/tests/common/cleanup.sh @@ -32,10 +32,10 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then echo "--------------" LINES_CNT=$(cat ${RESULTS} | grep ">Passed<" | wc -l | sed s/\ *//) echo "Passed: ${LINES_CNT}" - LINES_CNT=$(cat ${RESULTS} | grep ">Failed<" | wc -l | sed s/\ *//) - echo "Failed: ${LINES_CNT}" - LINES_CNT=$(cat ${RESULTS} | grep ">Failed Core<" | wc -l | sed s/\ *//) - echo "Failed with core: ${LINES_CNT}" + FAILED_CNT=$(cat ${RESULTS} | grep ">Failed<" | wc -l | sed s/\ *//) + echo "Failed: ${FAILED_CNT}" + CORE_CNT=$(cat ${RESULTS} | grep ">Failed Core<" | wc -l | sed s/\ *//) + echo "Failed with core: ${CORE_CNT}" LINES_CNT=$(cat ${RESULTS} | grep ">Unknown<" | wc -l | sed s/\ *//) echo "Unknown status: ${LINES_CNT}" if [ ${LINES_CNT} -gt 0 ]; then @@ -46,4 +46,8 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then html "END_OF_TEST
" html "" rm -f ${TEMPFILES} 2>/dev/null + if [ ${FAILED_CNT} -gt 0 ]; then + exit 1 + fi + fi From 5c0160b5fbdc8c6bcef7f8a3f1b4557b413376b1 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 17:30:06 +0800 Subject: [PATCH 04/15] cherry-picked mozilla NSS upstream changes (to rev a245a4cc): bug1201704, bug1171631, bug572412, bug1119618, bug1177770, bug1148374, bug1208243(part-of), bug1117022, bug1205688, bug1209443, bug1208508, bug1208503, bug1209435, bug1209451, bug1209456, bug1209541, bug1208503, bug1209546 --- security/nss/cmd/fipstest/fipstest.c | 4033 ++++++++++------- security/nss/cmd/lib/derprint.c | 5 +- security/nss/cmd/pk11mode/pk11mode.c | 6 +- security/nss/lib/certhigh/certvfypkix.c | 4 - security/nss/lib/freebl/Makefile | 2 +- security/nss/lib/freebl/nsslowhash.h | 5 + .../nss/lib/libpkix/include/pkix_revchecker.h | 6 +- security/nss/lib/pk11wrap/pk11cert.c | 1 + security/nss/lib/pk11wrap/pk11slot.c | 1 + security/nss/lib/pkcs7/p7common.c | 5 +- security/nss/lib/smime/cmscinfo.c | 2 +- security/nss/lib/smime/cmssiginfo.c | 1 + security/nss/lib/softoken/legacydb/Makefile | 14 +- security/nss/lib/softoken/legacydb/lginit.c | 10 +- security/nss/lib/softoken/legacydb/lgutil.c | 6 +- security/nss/lib/softoken/legacydb/pcertdb.c | 7 +- security/nss/lib/softoken/pkcs11c.c | 2 + security/nss/lib/ssl/ssl3con.c | 59 +- security/nss/lib/ssl/ssl3ecc.c | 9 +- security/nss/tests/all.sh | 6 +- security/nss/tests/common/init.sh | 2 +- security/nss/tests/ssl/ssl.sh | 4 +- security/nss/tests/ssl/sslauth.txt | 12 +- 23 files changed, 2500 insertions(+), 1702 deletions(-) diff --git a/security/nss/cmd/fipstest/fipstest.c b/security/nss/cmd/fipstest/fipstest.c index 1561e7377..6a2cf2cc6 100644 --- a/security/nss/cmd/fipstest/fipstest.c +++ b/security/nss/cmd/fipstest/fipstest.c @@ -17,6 +17,21 @@ #include "hasht.h" #include "lowkeyi.h" #include "softoken.h" +#include "pkcs11t.h" +#define __PASTE(x,y) x##y +#undef CK_PKCS11_FUNCTION_INFO +#undef CK_NEED_ARG_LIST +#define CK_EXTERN extern +#define CK_PKCS11_FUNCTION_INFO(func) \ + CK_RV __PASTE(NS,func) +#define CK_NEED_ARG_LIST 1 +#include "pkcs11f.h" +#undef CK_PKCS11_FUNCTION_INFO +#undef CK_NEED_ARG_LIST +#undef __PASTE +#define SSL3_RANDOM_LENGTH 32 + + #if 0 #include "../../lib/freebl/mpi/mpi.h" @@ -46,18 +61,18 @@ hex_to_byteval(const char *c2, unsigned char *byteval) unsigned char offset; *byteval = 0; for (i=0; i<2; i++) { - if (c2[i] >= '0' && c2[i] <= '9') { - offset = c2[i] - '0'; - *byteval |= offset << 4*(1-i); - } else if (c2[i] >= 'a' && c2[i] <= 'f') { - offset = c2[i] - 'a'; - *byteval |= (offset + 10) << 4*(1-i); - } else if (c2[i] >= 'A' && c2[i] <= 'F') { - offset = c2[i] - 'A'; - *byteval |= (offset + 10) << 4*(1-i); - } else { - return SECFailure; - } + if (c2[i] >= '0' && c2[i] <= '9') { + offset = c2[i] - '0'; + *byteval |= offset << 4*(1-i); + } else if (c2[i] >= 'a' && c2[i] <= 'f') { + offset = c2[i] - 'a'; + *byteval |= (offset + 10) << 4*(1-i); + } else if (c2[i] >= 'A' && c2[i] <= 'F') { + offset = c2[i] - 'A'; + *byteval |= (offset + 10) << 4*(1-i); + } else { + return SECFailure; + } } return SECSuccess; } @@ -68,12 +83,12 @@ byteval_to_hex(unsigned char byteval, char *c2, char a) int i; unsigned char offset; for (i=0; i<2; i++) { - offset = (byteval >> 4*(1-i)) & 0x0f; - if (offset < 10) { - c2[i] = '0' + offset; - } else { - c2[i] = a + offset - 10; - } + offset = (byteval >> 4*(1-i)) & 0x0f; + if (offset < 10) { + c2[i] = '0' + offset; + } else { + c2[i] = a + offset - 10; + } } return SECSuccess; } @@ -83,7 +98,7 @@ to_hex_str(char *str, const unsigned char *buf, unsigned int len) { unsigned int i; for (i=0; i 2*len) { - /* - * The input hex string is too long, but we allow it if the - * extra digits are leading 0's. - */ - for (j = 0; j < nxdigit-2*len; j++) { - if (str[j] != '0') { - return PR_FALSE; - } - } - /* skip leading 0's */ - str += nxdigit-2*len; - nxdigit = 2*len; + /* + * The input hex string is too long, but we allow it if the + * extra digits are leading 0's. + */ + for (j = 0; j < nxdigit-2*len; j++) { + if (str[j] != '0') { + return PR_FALSE; + } + } + /* skip leading 0's */ + str += nxdigit-2*len; + nxdigit = 2*len; } for (i=0, j=0; i< len; i++) { - if (2*i < 2*len-nxdigit) { - /* Handle a short input as if we padded it with leading 0's. */ - if (2*i+1 < 2*len-nxdigit) { - buf[i] = 0; - } else { - char tmp[2]; - tmp[0] = '0'; - tmp[1] = str[j]; - hex_to_byteval(tmp, &buf[i]); - j++; - } - } else { - hex_to_byteval(&str[j], &buf[i]); - j += 2; - } + if (2*i < 2*len-nxdigit) { + /* Handle a short input as if we padded it with leading 0's. */ + if (2*i+1 < 2*len-nxdigit) { + buf[i] = 0; + } else { + char tmp[2]; + tmp[0] = '0'; + tmp[1] = str[j]; + hex_to_byteval(tmp, &buf[i]); + j++; + } + } else { + hex_to_byteval(&str[j], &buf[i]); + j += 2; + } } return PR_TRUE; } @@ -288,11 +303,11 @@ tdea_kat_mmt(char *reqfn) FILE *req; /* input stream from the REQUEST file */ FILE *resp; /* output stream to the RESPONSE file */ int i, j; - int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ + int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */ unsigned char key[24]; /* TDEA 3 key bundle */ unsigned int numKeys = 0; - unsigned char iv[8]; /* for all modes except ECB */ + unsigned char iv[8]; /* for all modes except ECB */ unsigned char plaintext[8*20]; /* 1 to 20 blocks */ unsigned int plaintextlen; unsigned char ciphertext[8*20]; /* 1 to 20 blocks */ @@ -876,14 +891,14 @@ aes_encrypt_buf( cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Encrypt(cx, output, outputlen, maxoutputlen, input, inputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (*outputlen != inputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; @@ -894,26 +909,26 @@ aes_encrypt_buf( */ cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Decrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck, - output, *outputlen); + output, *outputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (doublechecklen != *outputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; if (memcmp(doublecheck, input, inputlen) != 0) { - goto loser; + goto loser; } rv = SECSuccess; loser: if (cx != NULL) { - AES_DestroyContext(cx, PR_TRUE); + AES_DestroyContext(cx, PR_TRUE); } return rv; } @@ -933,15 +948,15 @@ aes_decrypt_buf( cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Decrypt(cx, output, outputlen, maxoutputlen, - input, inputlen); + input, inputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (*outputlen != inputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; @@ -952,43 +967,38 @@ aes_decrypt_buf( */ cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Encrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck, - output, *outputlen); + output, *outputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (doublechecklen != *outputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; if (memcmp(doublecheck, input, inputlen) != 0) { - goto loser; + goto loser; } rv = SECSuccess; loser: if (cx != NULL) { - AES_DestroyContext(cx, PR_TRUE); + AES_DestroyContext(cx, PR_TRUE); } return rv; } - /* - * Perform the AES Known Answer Test (KAT) or Multi-block Message - * Test (MMT) in ECB or CBC mode. The KAT (there are four types) - * and MMT have the same structure: given the key and IV (CBC mode - * only), encrypt the given plaintext or decrypt the given ciphertext. - * So we can handle them the same way. + * Perform the AES GCM tests. * * reqfn is the pathname of the REQUEST file. * * The output RESPONSE file is written to stdout. */ void -aes_kat_mmt(char *reqfn) +aes_gcm(char *reqfn, int encrypt) { char buf[512]; /* holds one line from the input REQUEST file. * needs to be large enough to hold the longest @@ -997,214 +1007,435 @@ aes_kat_mmt(char *reqfn) FILE *aesreq; /* input stream from the REQUEST file */ FILE *aesresp; /* output stream to the RESPONSE file */ int i, j; - int mode = NSS_AES; /* NSS_AES (ECB) or NSS_AES_CBC */ - int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ unsigned int keysize = 0; - unsigned char iv[16]; /* for all modes except ECB */ + unsigned char iv[128]; /* handle large gcm IV's */ unsigned char plaintext[10*16]; /* 1 to 10 blocks */ unsigned int plaintextlen; - unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ + unsigned char ciphertext[11*16]; /* 1 to 10 blocks + tag */ unsigned int ciphertextlen; + unsigned char aad[11*16]; /* 1 to 10 blocks + tag */ + unsigned int aadlen = 0; + unsigned int tagbits; + unsigned int taglen = 0; + unsigned int ivlen; + CK_GCM_PARAMS params; SECStatus rv; aesreq = fopen(reqfn, "r"); aesresp = stdout; while (fgets(buf, sizeof buf, aesreq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, aesresp); - continue; - } - /* [ENCRYPT] or [DECRYPT] */ - if (buf[0] == '[') { - if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { - encrypt = 1; - } else { - encrypt = 0; - } - fputs(buf, aesresp); - continue; - } - /* "COUNT = x" begins a new data set */ - if (strncmp(buf, "COUNT", 5) == 0) { - mode = NSS_AES; - /* zeroize the variables for the test with this data set */ - memset(key, 0, sizeof key); - keysize = 0; - memset(iv, 0, sizeof iv); - memset(plaintext, 0, sizeof plaintext); - plaintextlen = 0; - memset(ciphertext, 0, sizeof ciphertext); - ciphertextlen = 0; - fputs(buf, aesresp); - continue; - } - /* KEY = ... */ - if (strncmp(buf, "KEY", 3) == 0) { - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &key[j]); - } - keysize = j; - fputs(buf, aesresp); - continue; - } - /* IV = ... */ - if (strncmp(buf, "IV", 2) == 0) { - mode = NSS_AES_CBC; - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j\n". + * line "CIPHERTEXT = <320 hex digits>\n". */ FILE *aesreq; /* input stream from the REQUEST file */ FILE *aesresp; /* output stream to the RESPONSE file */ int i, j; + int mode = NSS_AES; /* NSS_AES (ECB) or NSS_AES_CBC */ int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ unsigned int keysize = 0; - unsigned char plaintext[16]; /* PT[j] */ - unsigned char plaintext_1[16]; /* PT[j-1] */ - unsigned char ciphertext[16]; /* CT[j] */ - unsigned char ciphertext_1[16]; /* CT[j-1] */ - unsigned char doublecheck[16]; - unsigned int outputlen; - AESContext *cx = NULL; /* the operation being tested */ + unsigned char iv[16]; /* for all modes except ECB */ + unsigned char plaintext[10*16]; /* 1 to 10 blocks */ + unsigned int plaintextlen; + unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ + unsigned int ciphertextlen; + SECStatus rv; + + aesreq = fopen(reqfn, "r"); + aesresp = stdout; + while (fgets(buf, sizeof buf, aesreq) != NULL) { + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, aesresp); + continue; + } + /* [ENCRYPT] or [DECRYPT] */ + if (buf[0] == '[') { + if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { + encrypt = 1; + } else { + encrypt = 0; + } + fputs(buf, aesresp); + continue; + } + /* "COUNT = x" begins a new data set */ + if (strncmp(buf, "COUNT", 5) == 0) { + mode = NSS_AES; + /* zeroize the variables for the test with this data set */ + memset(key, 0, sizeof key); + keysize = 0; + memset(iv, 0, sizeof iv); + memset(plaintext, 0, sizeof plaintext); + plaintextlen = 0; + memset(ciphertext, 0, sizeof ciphertext); + ciphertextlen = 0; + fputs(buf, aesresp); + continue; + } + /* KEY = ... */ + if (strncmp(buf, "KEY", 3) == 0) { + i = 3; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; isxdigit(buf[i]); i+=2,j++) { + hex_to_byteval(&buf[i], &key[j]); + } + keysize = j; + fputs(buf, aesresp); + continue; + } + /* IV = ... */ + if (strncmp(buf, "IV", 2) == 0) { + mode = NSS_AES_CBC; + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; j\n". + */ + FILE *aesreq; /* input stream from the REQUEST file */ + FILE *aesresp; /* output stream to the RESPONSE file */ + int i, j; + int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ + unsigned char key[32]; /* 128, 192, or 256 bits */ + unsigned int keysize = 0; + unsigned char plaintext[16]; /* PT[j] */ + unsigned char plaintext_1[16]; /* PT[j-1] */ + unsigned char ciphertext[16]; /* CT[j] */ + unsigned char ciphertext_1[16]; /* CT[j-1] */ + unsigned char doublecheck[16]; + unsigned int outputlen; + AESContext *cx = NULL; /* the operation being tested */ AESContext *cx2 = NULL; /* the inverse operation done in parallel * to doublecheck our result. */ @@ -1213,246 +1444,246 @@ aes_ecb_mct(char *reqfn) aesreq = fopen(reqfn, "r"); aesresp = stdout; while (fgets(buf, sizeof buf, aesreq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, aesresp); - continue; - } - /* [ENCRYPT] or [DECRYPT] */ - if (buf[0] == '[') { - if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { - encrypt = 1; - } else { - encrypt = 0; - } - fputs(buf, aesresp); - continue; - } - /* "COUNT = x" begins a new data set */ - if (strncmp(buf, "COUNT", 5) == 0) { - /* zeroize the variables for the test with this data set */ - memset(key, 0, sizeof key); - keysize = 0; - memset(plaintext, 0, sizeof plaintext); - memset(ciphertext, 0, sizeof ciphertext); - continue; - } - /* KEY = ... */ - if (strncmp(buf, "KEY", 3) == 0) { - /* Key[0] = Key */ - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &key[j]); - } - keysize = j; - continue; - } - /* PLAINTEXT = ... */ - if (strncmp(buf, "PLAINTEXT", 9) == 0) { - /* sanity check */ - if (!encrypt) { - goto loser; - } - /* PT[0] = PT */ - i = 9; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j=0; j--) { + if (last < 0) { + last = (hash[i] & (1 << j)) ? 1 : 0; + fprintf(out, "%d ", last); + count = 1; + } else if (hash[i] & (1 << j)) { + if (last) { + count++; + } else { + last = 0; + fprintf(out, "%d ", count); + count = 1; + z++; + } + } else { + if (!last) { + count++; + } else { + last = 1; + fprintf(out, "%d ", count); + count = 1; + z++; + } + } + } } fprintf(out, "^\n"); fseek(out, start, SEEK_SET); @@ -1827,23 +2058,23 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp) int w = 0; int c; while ((c = fgetc(req)) != EOF) { - if (ignore) { - fprintf(rsp, "%c", c); - if (c == '\n') return ignore; - } else if (c == '\n') { - break; - } else if (c == '#') { - ignore = 1; - fprintf(rsp, "%c", c); - } else if (c == '=') { - writeto[w] = '\0'; - w = 0; - writeto = val; - } else if (c == ' ' || c == '[' || c == ']') { - continue; - } else { - writeto[w++] = c; - } + if (ignore) { + fprintf(rsp, "%c", c); + if (c == '\n') return ignore; + } else if (c == '\n') { + break; + } else if (c == '#') { + ignore = 1; + fprintf(rsp, "%c", c); + } else if (c == '=') { + writeto[w] = '\0'; + w = 0; + writeto = val; + } else if (c == ' ' || c == '[' || c == ']') { + continue; + } else { + writeto[w++] = c; + } } writeto[w] = '\0'; return (c == EOF) ? -1 : ignore; @@ -1950,18 +2181,18 @@ getECParams(const char *curve) if (curve != NULL) { numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); - for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); - i++) { - if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) - curveOidTag = nameTagPair[i].curveOidTag; - } + for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); + i++) { + if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) + curveOidTag = nameTagPair[i].curveOidTag; + } } /* Return NULL if curve name is not recognized */ if ((curveOidTag == SEC_OID_UNKNOWN) || - (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { + (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); - return NULL; + return NULL; } ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); @@ -1978,6 +2209,121 @@ getECParams(const char *curve) return ecparams; } +/* + * HASH_ functions are available to full NSS apps and internally inside + * freebl, but not exported to users of freebl. Create short stubs to + * replace the functionality for fipstest. + */ +SECStatus +fips_hashBuf(HASH_HashType type, unsigned char *hashBuf, + unsigned char *msg, int len) +{ + SECStatus rv = SECFailure; + + switch (type) { + case HASH_AlgSHA1: + rv = SHA1_HashBuf(hashBuf, msg, len); + break; + case HASH_AlgSHA224: + rv = SHA224_HashBuf(hashBuf, msg, len); + break; + case HASH_AlgSHA256: + rv = SHA256_HashBuf(hashBuf, msg, len); + break; + case HASH_AlgSHA384: + rv = SHA384_HashBuf(hashBuf, msg, len); + break; + case HASH_AlgSHA512: + rv = SHA512_HashBuf(hashBuf, msg, len); + break; + default: + break; + } + return rv; +} + +int +fips_hashLen(HASH_HashType type) +{ + int len = 0; + + switch (type) { + case HASH_AlgSHA1: + len = SHA1_LENGTH; + break; + case HASH_AlgSHA224: + len = SHA224_LENGTH; + break; + case HASH_AlgSHA256: + len = SHA256_LENGTH; + break; + case HASH_AlgSHA384: + len = SHA384_LENGTH; + break; + case HASH_AlgSHA512: + len = SHA512_LENGTH; + break; + default: + break; + } + return len; +} + +SECOidTag +fips_hashOid(HASH_HashType type) +{ + SECOidTag oid = SEC_OID_UNKNOWN; + + switch (type) { + case HASH_AlgSHA1: + oid = SEC_OID_SHA1; + break; + case HASH_AlgSHA224: + oid = SEC_OID_SHA224; + break; + case HASH_AlgSHA256: + oid = SEC_OID_SHA256; + break; + case HASH_AlgSHA384: + oid = SEC_OID_SHA384; + break; + case HASH_AlgSHA512: + oid = SEC_OID_SHA512; + break; + default: + break; + } + return oid; +} + +HASH_HashType +sha_get_hashType(int hashbits) +{ + HASH_HashType hashType = HASH_AlgNULL; + + switch (hashbits) { + case 1: + case (SHA1_LENGTH*PR_BITS_PER_BYTE): + hashType = HASH_AlgSHA1; + break; + case (SHA224_LENGTH*PR_BITS_PER_BYTE): + hashType = HASH_AlgSHA224; + break; + case (SHA256_LENGTH*PR_BITS_PER_BYTE): + hashType = HASH_AlgSHA256; + break; + case (SHA384_LENGTH*PR_BITS_PER_BYTE): + hashType = HASH_AlgSHA384; + break; + case (SHA512_LENGTH*PR_BITS_PER_BYTE): + hashType = HASH_AlgSHA512; + break; + default: + break; + } + return hashType; +} + /* * Perform the ECDSA Key Pair Generation Test. * @@ -1996,7 +2342,7 @@ ecdsa_keypair_test(char *reqfn) FILE *ecdsareq; /* input stream from the REQUEST file */ FILE *ecdsaresp; /* output stream to the RESPONSE file */ char curve[16]; /* "nistxddd" */ - ECParams *ecparams; + ECParams *ecparams = NULL; int N; int i; unsigned int len; @@ -2005,81 +2351,95 @@ ecdsa_keypair_test(char *reqfn) ecdsaresp = stdout; strcpy(curve, "nist"); while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; - - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - fputs(buf, ecdsaresp); - continue; - } - /* N = x */ - if (buf[0] == 'N') { - if (sscanf(buf, "N = %d", &N) != 1) { - goto loser; - } - for (i = 0; i < N; i++) { - ECPrivateKey *ecpriv; + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; - if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { - goto loser; - } - fputs("d = ", ecdsaresp); - to_hex_str(buf, ecpriv->privateValue.data, - ecpriv->privateValue.len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) - != SECSuccess) { - goto loser; - } - len = ecpriv->publicValue.len; - if (len%2 == 0) { - goto loser; - } - len = (len-1)/2; - if (ecpriv->publicValue.data[0] - != EC_POINT_FORM_UNCOMPRESSED) { - goto loser; - } - fputs("Qx = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("Qy = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputc('\n', ecdsaresp); - PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); - } - PORT_FreeArena(ecparams->arena, PR_FALSE); - continue; - } + if (buf[1] == 'B') { + fputs(buf, ecdsaresp); + continue; + } + if (ecparams) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + ecparams = NULL; + } + + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + fprintf(stderr, "Unknown curve %s.", curve); + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + fprintf(stderr, "Curve %s not supported.\n", curve); + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + fputs(buf, ecdsaresp); + continue; + } + /* N = x */ + if (buf[0] == 'N') { + if (sscanf(buf, "N = %d", &N) != 1) { + goto loser; + } + for (i = 0; i < N; i++) { + ECPrivateKey *ecpriv; + + if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { + goto loser; + } + fputs("d = ", ecdsaresp); + to_hex_str(buf, ecpriv->privateValue.data, + ecpriv->privateValue.len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) + != SECSuccess) { + goto loser; + } + len = ecpriv->publicValue.len; + if (len%2 == 0) { + goto loser; + } + len = (len-1)/2; + if (ecpriv->publicValue.data[0] + != EC_POINT_FORM_UNCOMPRESSED) { + goto loser; + } + fputs("Qx = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputs("Qy = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputc('\n', ecdsaresp); + PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); + } + continue; + } } loser: + if (ecparams) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + ecparams = NULL; + } fclose(ecdsareq); } @@ -2111,92 +2471,94 @@ ecdsa_pkv_test(char *reqfn) strcpy(curve, "nist"); pubkey.data = NULL; while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; - - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); - ecparams = NULL; - } - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - len = (ecparams->fieldID.size + 7) >> 3; - if (pubkey.data != NULL) { - PORT_Free(pubkey.data); - pubkey.data = NULL; - } - SECITEM_AllocItem(NULL, &pubkey, 2*len+1); - if (pubkey.data == NULL) { - goto loser; - } - pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED; - fputs(buf, ecdsaresp); - continue; - } - /* Qx = ... */ - if (strncmp(buf, "Qx", 2) == 0) { - fputs(buf, ecdsaresp); - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]); - continue; - } - /* Qy = ... */ - if (strncmp(buf, "Qy", 2) == 0) { - fputs(buf, ecdsaresp); - if (!keyvalid) { - fputs("Result = F\n", ecdsaresp); - continue; - } - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&pubkey.data[1+len], len, &buf[i]); - if (!keyvalid) { - fputs("Result = F\n", ecdsaresp); - continue; - } - if (EC_ValidatePublicKey(ecparams, &pubkey) == SECSuccess) { - fputs("Result = P\n", ecdsaresp); - } else if (PORT_GetError() == SEC_ERROR_BAD_KEY) { - fputs("Result = F\n", ecdsaresp); - } else { - goto loser; - } - continue; - } + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; + + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + if (ecparams != NULL) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + ecparams = NULL; + } + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + fprintf(stderr, "Unknown curve %s.", curve); + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + fprintf(stderr, "Curve %s not supported.\n", curve); + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + len = (ecparams->fieldID.size + 7) >> 3; + if (pubkey.data != NULL) { + PORT_Free(pubkey.data); + pubkey.data = NULL; + } + SECITEM_AllocItem(NULL, &pubkey, 2*len+1); + if (pubkey.data == NULL) { + goto loser; + } + pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED; + fputs(buf, ecdsaresp); + continue; + } + /* Qx = ... */ + if (strncmp(buf, "Qx", 2) == 0) { + fputs(buf, ecdsaresp); + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]); + continue; + } + /* Qy = ... */ + if (strncmp(buf, "Qy", 2) == 0) { + fputs(buf, ecdsaresp); + if (!keyvalid) { + fputs("Result = F\n", ecdsaresp); + continue; + } + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&pubkey.data[1+len], len, &buf[i]); + if (!keyvalid) { + fputs("Result = F\n", ecdsaresp); + continue; + } + if (EC_ValidatePublicKey(ecparams, &pubkey) == SECSuccess) { + fputs("Result = P\n", ecdsaresp); + } else if (PORT_GetError() == SEC_ERROR_BAD_KEY) { + fputs("Result = F\n", ecdsaresp); + } else { + goto loser; + } + continue; + } } loser: if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); + PORT_FreeArena(ecparams->arena, PR_FALSE); } if (pubkey.data != NULL) { - PORT_Free(pubkey.data); + PORT_Free(pubkey.data); } fclose(ecdsareq); } @@ -2224,7 +2586,9 @@ ecdsa_siggen_test(char *reqfn) unsigned int len; unsigned char msg[512]; /* message to be signed (<= 128 bytes) */ unsigned int msglen; - unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ + unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ + unsigned int shaLength = 0; /* length of SHA */ + HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */ unsigned char sig[2*MAX_ECKEY_LEN]; SECItem signature, digest; @@ -2232,111 +2596,135 @@ ecdsa_siggen_test(char *reqfn) ecdsaresp = stdout; strcpy(curve, "nist"); while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; - - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); - ecparams = NULL; - } - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - fputs(buf, ecdsaresp); - continue; - } - /* Msg = ... */ - if (strncmp(buf, "Msg", 3) == 0) { - ECPrivateKey *ecpriv; + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; + + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + src++; /* skip the comma */ + /* set the SHA Algorithm */ + if (strncmp(src, "SHA-1", 5) == 0) { + shaAlg = HASH_AlgSHA1; + } else if (strncmp(src, "SHA-224", 7) == 0) { + shaAlg = HASH_AlgSHA224; + } else if (strncmp(src, "SHA-256", 7) == 0) { + shaAlg = HASH_AlgSHA256; + } else if (strncmp(src, "SHA-384", 7)== 0) { + shaAlg = HASH_AlgSHA384; + } else if (strncmp(src, "SHA-512", 7) == 0) { + shaAlg = HASH_AlgSHA512; + } else { + fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type"); + goto loser; + } + if (ecparams != NULL) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + ecparams = NULL; + } + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + fprintf(stderr, "Unknown curve %s.", curve); + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + fprintf(stderr, "Curve %s not supported.\n", curve); + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + fputs(buf, ecdsaresp); + continue; + } + /* Msg = ... */ + if (strncmp(buf, "Msg", 3) == 0) { + ECPrivateKey *ecpriv; - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &msg[j]); - } - msglen = j; - if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) { - goto loser; - } - fputs(buf, ecdsaresp); + i = 3; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; isxdigit(buf[i]); i+=2,j++) { + hex_to_byteval(&buf[i], &msg[j]); + } + msglen = j; + shaLength = fips_hashLen(shaAlg); + if (fips_hashBuf(shaAlg,sha,msg,msglen) != SECSuccess) { + if (shaLength == 0) { + fprintf(ecdsaresp, "ERROR: SHAAlg not defined."); + } + fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x", + shaLength == 160 ? 1 : shaLength); + goto loser; + } + fputs(buf, ecdsaresp); - if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { - goto loser; - } - if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) - != SECSuccess) { - goto loser; - } - len = ecpriv->publicValue.len; - if (len%2 == 0) { - goto loser; - } - len = (len-1)/2; - if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) { - goto loser; - } - fputs("Qx = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("Qy = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - - digest.type = siBuffer; - digest.data = sha1; - digest.len = sizeof sha1; - signature.type = siBuffer; - signature.data = sig; - signature.len = sizeof sig; - if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) { - goto loser; - } - len = signature.len; - if (len%2 != 0) { - goto loser; - } - len = len/2; - fputs("R = ", ecdsaresp); - to_hex_str(buf, &signature.data[0], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("S = ", ecdsaresp); - to_hex_str(buf, &signature.data[len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - - PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); - continue; - } + if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { + goto loser; + } + if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) + != SECSuccess) { + goto loser; + } + len = ecpriv->publicValue.len; + if (len%2 == 0) { + goto loser; + } + len = (len-1)/2; + if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) { + goto loser; + } + fputs("Qx = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputs("Qy = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + + digest.type = siBuffer; + digest.data = sha; + digest.len = shaLength; + signature.type = siBuffer; + signature.data = sig; + signature.len = sizeof sig; + if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) { + goto loser; + } + len = signature.len; + if (len%2 != 0) { + goto loser; + } + len = len/2; + fputs("R = ", ecdsaresp); + to_hex_str(buf, &signature.data[0], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputs("S = ", ecdsaresp); + to_hex_str(buf, &signature.data[len], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + + PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); + continue; + } } loser: if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); + PORT_FreeArena(ecparams->arena, PR_FALSE); } fclose(ecdsareq); } @@ -2360,11 +2748,13 @@ ecdsa_sigver_test(char *reqfn) char curve[16]; /* "nistxddd" */ ECPublicKey ecpub; unsigned int i, j; - unsigned int flen = 0; /* length in bytes of the field size */ - unsigned int olen = 0; /* length in bytes of the base point order */ + unsigned int flen = 0; /* length in bytes of the field size */ + unsigned int olen = 0; /* length in bytes of the base point order */ unsigned char msg[512]; /* message that was signed (<= 128 bytes) */ unsigned int msglen = 0; - unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ + unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ + unsigned int shaLength = 0; /* length of SHA */ + HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */ unsigned char sig[2*MAX_ECKEY_LEN]; SECItem signature, digest; PRBool keyvalid = PR_TRUE; @@ -2375,158 +2765,182 @@ ecdsa_sigver_test(char *reqfn) ecpub.ecParams.arena = NULL; strcpy(curve, "nist"); while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; - ECParams *ecparams; - - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - if (ecpub.ecParams.arena != NULL) { - PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); - } - ecpub.ecParams.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (ecpub.ecParams.arena == NULL) { - goto loser; - } - if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) - != SECSuccess) { - goto loser; - } - PORT_FreeArena(ecparams->arena, PR_FALSE); - flen = (ecpub.ecParams.fieldID.size + 7) >> 3; - olen = ecpub.ecParams.order.len; - if (2*olen > sizeof sig) { - goto loser; - } - ecpub.publicValue.type = siBuffer; - ecpub.publicValue.data = NULL; - ecpub.publicValue.len = 0; - SECITEM_AllocItem(ecpub.ecParams.arena, - &ecpub.publicValue, 2*flen+1); - if (ecpub.publicValue.data == NULL) { - goto loser; - } - ecpub.publicValue.data[0] = EC_POINT_FORM_UNCOMPRESSED; - fputs(buf, ecdsaresp); - continue; - } - /* Msg = ... */ - if (strncmp(buf, "Msg", 3) == 0) { - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &msg[j]); - } - msglen = j; - if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) { - goto loser; - } - fputs(buf, ecdsaresp); + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; + ECParams *ecparams; + + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + src++; /* skip the comma */ + /* set the SHA Algorithm */ + if (strncmp(src, "SHA-1", 5) == 0) { + shaAlg = HASH_AlgSHA1; + } else if (strncmp(src, "SHA-224", 7) == 0) { + shaAlg = HASH_AlgSHA224; + } else if (strncmp(src, "SHA-256", 7) == 0) { + shaAlg = HASH_AlgSHA256; + } else if (strncmp(src, "SHA-384", 7)== 0) { + shaAlg = HASH_AlgSHA384; + } else if (strncmp(src, "SHA-512", 7) == 0) { + shaAlg = HASH_AlgSHA512; + } else { + fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type"); + goto loser; + } + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + fprintf(stderr, "Unknown curve %s.", curve); + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + fprintf(stderr, "Curve %s not supported.\n", curve); + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + if (ecpub.ecParams.arena != NULL) { + PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); + } + ecpub.ecParams.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (ecpub.ecParams.arena == NULL) { + goto loser; + } + if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) + != SECSuccess) { + goto loser; + } + PORT_FreeArena(ecparams->arena, PR_FALSE); + flen = (ecpub.ecParams.fieldID.size + 7) >> 3; + olen = ecpub.ecParams.order.len; + if (2*olen > sizeof sig) { + goto loser; + } + ecpub.publicValue.type = siBuffer; + ecpub.publicValue.data = NULL; + ecpub.publicValue.len = 0; + SECITEM_AllocItem(ecpub.ecParams.arena, + &ecpub.publicValue, 2*flen+1); + if (ecpub.publicValue.data == NULL) { + goto loser; + } + ecpub.publicValue.data[0] = EC_POINT_FORM_UNCOMPRESSED; + fputs(buf, ecdsaresp); + continue; + } + /* Msg = ... */ + if (strncmp(buf, "Msg", 3) == 0) { + i = 3; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; isxdigit(buf[i]); i+=2,j++) { + hex_to_byteval(&buf[i], &msg[j]); + } + msglen = j; + shaLength = fips_hashLen(shaAlg); + if (fips_hashBuf(shaAlg,sha,msg,msglen) != SECSuccess) { + if (shaLength == 0) { + fprintf(ecdsaresp, "ERROR: SHAAlg not defined."); + } + fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x", + shaLength == 160 ? 1 : shaLength); + goto loser; + } + fputs(buf, ecdsaresp); - digest.type = siBuffer; - digest.data = sha1; - digest.len = sizeof sha1; + digest.type = siBuffer; + digest.data = sha; + digest.len = shaLength; - continue; - } - /* Qx = ... */ - if (strncmp(buf, "Qx", 2) == 0) { - fputs(buf, ecdsaresp); - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen, - &buf[i]); - continue; - } - /* Qy = ... */ - if (strncmp(buf, "Qy", 2) == 0) { - fputs(buf, ecdsaresp); - if (!keyvalid) { - continue; - } - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&ecpub.publicValue.data[1+flen], flen, - &buf[i]); - if (!keyvalid) { - continue; - } - if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue) - != SECSuccess) { - if (PORT_GetError() == SEC_ERROR_BAD_KEY) { - keyvalid = PR_FALSE; - } else { - goto loser; - } - } - continue; - } - /* R = ... */ - if (buf[0] == 'R') { - fputs(buf, ecdsaresp); - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - sigvalid = from_hex_str(sig, olen, &buf[i]); - continue; - } - /* S = ... */ - if (buf[0] == 'S') { - fputs(buf, ecdsaresp); - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - if (sigvalid) { - sigvalid = from_hex_str(&sig[olen], olen, &buf[i]); - } - signature.type = siBuffer; - signature.data = sig; - signature.len = 2*olen; - - if (!keyvalid || !sigvalid) { - fputs("Result = F\n", ecdsaresp); - } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) - == SECSuccess) { - fputs("Result = P\n", ecdsaresp); - } else { - fputs("Result = F\n", ecdsaresp); - } - continue; - } + continue; + } + /* Qx = ... */ + if (strncmp(buf, "Qx", 2) == 0) { + fputs(buf, ecdsaresp); + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen, + &buf[i]); + continue; + } + /* Qy = ... */ + if (strncmp(buf, "Qy", 2) == 0) { + fputs(buf, ecdsaresp); + if (!keyvalid) { + continue; + } + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&ecpub.publicValue.data[1+flen], flen, + &buf[i]); + if (!keyvalid) { + continue; + } + if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue) + != SECSuccess) { + if (PORT_GetError() == SEC_ERROR_BAD_KEY) { + keyvalid = PR_FALSE; + } else { + goto loser; + } + } + continue; + } + /* R = ... */ + if (buf[0] == 'R') { + fputs(buf, ecdsaresp); + i = 1; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + sigvalid = from_hex_str(sig, olen, &buf[i]); + continue; + } + /* S = ... */ + if (buf[0] == 'S') { + fputs(buf, ecdsaresp); + i = 1; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + if (sigvalid) { + sigvalid = from_hex_str(&sig[olen], olen, &buf[i]); + } + signature.type = siBuffer; + signature.data = sig; + signature.len = 2*olen; + + if (!keyvalid || !sigvalid) { + fputs("Result = F\n", ecdsaresp); + } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) + == SECSuccess) { + fputs("Result = P\n", ecdsaresp); + } else { + fputs("Result = F\n", ecdsaresp); + } + continue; + } } loser: if (ecpub.ecParams.arena != NULL) { - PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); + PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); } fclose(ecdsareq); } @@ -2537,7 +2951,7 @@ isblankline(char *b) { while (isspace(*b)) b++; if ((*b == '\n') || (*b == 0)) { - return PR_TRUE; + return PR_TRUE; } return PR_FALSE; } @@ -2562,7 +2976,7 @@ drbg(char *reqfn) FILE *rngresp; /* output stream to the RESPONSE file */ unsigned int i, j; -#if 0 +#ifdef HANDLE_PREDICTION_RESISTANCE PRBool predictionResistance = PR_FALSE; #endif unsigned char *nonce = NULL; @@ -2573,9 +2987,9 @@ drbg(char *reqfn) int additionalInputLen = 0; unsigned char *entropyInput = NULL; int entropyInputLen = 0; - unsigned char predictedreturn_bytes[SHA256_LENGTH]; - unsigned char return_bytes[SHA256_LENGTH]; - int return_bytes_len = SHA256_LENGTH; + unsigned char *predictedreturn_bytes = NULL; + unsigned char *return_bytes = NULL; + int return_bytes_len = 0; enum { NONE, INSTANTIATE, GENERATE, RESEED, RESULT } command = NONE; PRBool genResult = PR_FALSE; @@ -2586,23 +3000,23 @@ drbg(char *reqfn) while (fgets(buf, sizeof buf, rngreq) != NULL) { switch (command) { case INSTANTIATE: - if (debug) { - fputs("# PRNGTEST_Instantiate(",rngresp); - to_hex_str(buf2,entropyInput, entropyInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d,",entropyInputLen); - to_hex_str(buf2,nonce, nonceLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d,",nonceLen); - to_hex_str(buf2,personalizationString, - personalizationStringLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d)\n", personalizationStringLen); - } + if (debug) { + fputs("# PRNGTEST_Instantiate(",rngresp); + to_hex_str(buf2,entropyInput, entropyInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d,",entropyInputLen); + to_hex_str(buf2,nonce, nonceLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d,",nonceLen); + to_hex_str(buf2,personalizationString, + personalizationStringLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d)\n", personalizationStringLen); + } rv = PRNGTEST_Instantiate(entropyInput, entropyInputLen, nonce, nonceLen, personalizationString, - personalizationStringLen); + personalizationStringLen); if (rv != SECSuccess) { goto loser; } @@ -2611,17 +3025,17 @@ drbg(char *reqfn) case GENERATE: case RESULT: memset(return_bytes, 0, return_bytes_len); - if (debug) { - fputs("# PRNGTEST_Generate(returnbytes",rngresp); - fprintf(rngresp,",%d,", return_bytes_len); - to_hex_str(buf2,additionalInput, additionalInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d)\n",additionalInputLen); - } + if (debug) { + fputs("# PRNGTEST_Generate(returnbytes",rngresp); + fprintf(rngresp,",%d,", return_bytes_len); + to_hex_str(buf2,additionalInput, additionalInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d)\n",additionalInputLen); + } rv = PRNGTEST_Generate((PRUint8 *) return_bytes, - return_bytes_len, + return_bytes_len, (PRUint8 *) additionalInput, - additionalInputLen); + additionalInputLen); if (rv != SECSuccess) { goto loser; } @@ -2631,9 +3045,9 @@ drbg(char *reqfn) to_hex_str(buf2, return_bytes, return_bytes_len); fputs(buf2, rngresp); fputc('\n', rngresp); - if (debug) { - fputs("# PRNGTEST_Uninstantiate()\n",rngresp); - } + if (debug) { + fputs("# PRNGTEST_Uninstantiate()\n",rngresp); + } rv = PRNGTEST_Uninstantiate(); if (rv != SECSuccess) { goto loser; @@ -2643,23 +3057,23 @@ drbg(char *reqfn) to_hex_str(buf2, return_bytes, return_bytes_len); fputs(buf2, rngresp); fputc('\n', rngresp); - } + } memset(additionalInput, 0, additionalInputLen); break; case RESEED: if (entropyInput || additionalInput) { - if (debug) { - fputs("# PRNGTEST_Reseed(",rngresp); - fprintf(rngresp,",%d,", return_bytes_len); - to_hex_str(buf2,entropyInput, entropyInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d,", entropyInputLen); - to_hex_str(buf2,additionalInput, additionalInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d)\n",additionalInputLen); - } + if (debug) { + fputs("# PRNGTEST_Reseed(",rngresp); + fprintf(rngresp,",%d,", return_bytes_len); + to_hex_str(buf2,entropyInput, entropyInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d,", entropyInputLen); + to_hex_str(buf2,additionalInput, additionalInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d)\n",additionalInputLen); + } rv = PRNGTEST_Reseed(entropyInput, entropyInputLen, additionalInput, additionalInputLen); if (rv != SECSuccess) { @@ -2687,22 +3101,44 @@ drbg(char *reqfn) continue; } -#if 0 /* currently unsupported */ if (strncmp(buf, "[PredictionResistance", 21) == 0) { +#ifdef HANDLE_PREDICTION_RESISTANCE i = 21; while (isspace(buf[i]) || buf[i] == '=') { i++; - } + } if (strncmp(buf, "False", 5) == 0) { predictionResistance = PR_FALSE; } else { predictionResistance = PR_TRUE; } +#endif fputs(buf, rngresp); continue; } -#endif + + if (strncmp(buf, "[ReturnedBitsLen", 16) == 0) { + if (return_bytes) { + PORT_ZFree(return_bytes, return_bytes_len); + return_bytes = NULL; + } + if (predictedreturn_bytes) { + PORT_ZFree(predictedreturn_bytes, return_bytes_len); + predictedreturn_bytes = NULL; + } + return_bytes_len = 0; + if (sscanf(buf, "[ReturnedBitsLen = %d]", &return_bytes_len) != 1) { + goto loser; + } + return_bytes_len = return_bytes_len/8; + if (return_bytes_len > 0) { + return_bytes = PORT_Alloc(return_bytes_len); + predictedreturn_bytes = PORT_Alloc(return_bytes_len); + } + fputs(buf, rngresp); + continue; + } if (strncmp(buf, "[EntropyInputLen", 16) == 0) { if (entropyInput) { @@ -2713,7 +3149,7 @@ drbg(char *reqfn) if (sscanf(buf, "[EntropyInputLen = %d]", &entropyInputLen) != 1) { goto loser; } - entropyInputLen = entropyInputLen/8; + entropyInputLen = entropyInputLen/8; if (entropyInputLen > 0) { entropyInput = PORT_Alloc(entropyInputLen); } @@ -2731,7 +3167,7 @@ drbg(char *reqfn) if (sscanf(buf, "[NonceLen = %d]", &nonceLen) != 1) { goto loser; } - nonceLen = nonceLen/8; + nonceLen = nonceLen/8; if (nonceLen > 0) { nonce = PORT_Alloc(nonceLen); } @@ -2749,7 +3185,7 @@ drbg(char *reqfn) if (sscanf(buf, "[PersonalizationStringLen = %d]", &personalizationStringLen) != 1) { goto loser; } - personalizationStringLen = personalizationStringLen / 8; + personalizationStringLen = personalizationStringLen / 8; if (personalizationStringLen > 0) { personalizationString = PORT_Alloc(personalizationStringLen); } @@ -2768,7 +3204,7 @@ drbg(char *reqfn) if (sscanf(buf, "[AdditionalInputLen = %d]", &additionalInputLen) != 1) { goto loser; } - additionalInputLen = additionalInputLen/8; + additionalInputLen = additionalInputLen/8; if (additionalInputLen > 0) { additionalInput = PORT_Alloc(additionalInputLen); } @@ -2905,7 +3341,7 @@ drbg(char *reqfn) if (memcmp(return_bytes, predictedreturn_bytes, return_bytes_len) != 0) { - if (debug) { + if (debug) { fprintf(rngresp, "# Generate failed:\n"); fputs( "# predicted=", rngresp); to_hex_str(buf, predictedreturn_bytes, @@ -2915,7 +3351,7 @@ drbg(char *reqfn) fputs(buf2, rngresp); fputc('\n', rngresp); - } else { + } else { fprintf(stderr, "Generate failed:\n"); fputs( " predicted=", stderr); to_hex_str(buf, predictedreturn_bytes, @@ -2924,9 +3360,9 @@ drbg(char *reqfn) fputs("\n actual = ", stderr); fputs(buf2, stderr); fputc('\n', stderr); - } + } } - memset(predictedreturn_bytes, 0 , sizeof predictedreturn_bytes); + memset(predictedreturn_bytes, 0 , return_bytes_len); continue; } @@ -2957,7 +3393,7 @@ rng_vst(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[DSA1_SIGNATURE_LEN]; @@ -2967,92 +3403,92 @@ rng_vst(char *reqfn) rngreq = fopen(reqfn, "r"); rngresp = stdout; while (fgets(buf, sizeof buf, rngreq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, rngresp); - continue; - } - /* [Xchange - SHA1] */ - if (buf[0] == '[') { - fputs(buf, rngresp); - continue; - } - /* Q = ... */ - if (buf[0] == 'Q') { - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j1024) { @@ -3783,13 +4104,13 @@ dsa_keypair_test(char *reqfn) if (PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES, &pqg, &vfy) != SECSuccess) { fprintf(dsaresp, - "ERROR: Unable to generate PQG parameters"); + "ERROR: Unable to generate PQG parameters"); goto loser; } - } else { + } else { if (PQG_ParamGenV2(L, N, N, &pqg, &vfy) != SECSuccess) { fprintf(dsaresp, - "ERROR: Unable to generate PQG parameters"); + "ERROR: Unable to generate PQG parameters"); goto loser; } } @@ -3838,7 +4159,7 @@ dsa_keypair_test(char *reqfn) */ typedef enum { FIPS186_1,/* Generate/Verify P,Q & G according to FIPS 186-1 */ - A_1_1_2, /* Generate Probable P & Q */ + A_1_2_1, /* Generate Provable P & Q */ A_1_1_3, /* Verify Probable P & Q */ A_1_2_2, /* Verify Provable P & Q */ A_2_1, /* Generate Unverifiable G */ @@ -3868,7 +4189,7 @@ dsa_pqgver_test(char *reqfn) unsigned int i, j; PQGParams pqg; PQGVerify vfy; - unsigned int pghSize = 0; /* size for p, g, and h */ + unsigned int pghSize = 0; /* size for p, g, and h */ dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); @@ -3886,37 +4207,37 @@ dsa_pqgver_test(char *reqfn) /* [A.xxxxx ] */ if (buf[0] == '[' && buf[1] == 'A') { - if (strncmp(&buf[1],"A.1.1.3",7) == 0) { - type = A_1_1_3; - } else if (strncmp(&buf[1],"A.2.2",5) == 0) { - type = A_2_2; - } else if (strncmp(&buf[1],"A.2.4",5) == 0) { - type = A_2_4; - } else if (strncmp(&buf[1],"A.1.2.2",7) == 0) { - type = A_1_2_2; - /* validate our output from PQGGEN */ - } else if (strncmp(&buf[1],"A.1.1.2",7) == 0) { - type = A_2_4; /* validate PQ and G together */ - } else { - fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); - exit(1); - } - + if (strncmp(&buf[1],"A.1.1.3",7) == 0) { + type = A_1_1_3; + } else if (strncmp(&buf[1],"A.2.2",5) == 0) { + type = A_2_2; + } else if (strncmp(&buf[1],"A.2.4",5) == 0) { + type = A_2_4; + } else if (strncmp(&buf[1],"A.1.2.2",7) == 0) { + type = A_1_2_2; + /* validate our output from PQGGEN */ + } else if (strncmp(&buf[1],"A.1.1.2",7) == 0) { + type = A_2_4; /* validate PQ and G together */ + } else { + fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); + exit(1); + } + fputs(buf, dsaresp); continue; } - + /* [Mod = x] */ if (buf[0] == '[') { - if (type == FIPS186_1) { + if (type == FIPS186_1) { N=160; if (sscanf(buf, "[mod = %d]", &L) != 1) { goto loser; - } - } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { - goto loser; + } + } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { + goto loser; } if (pqg.prime.data) { /* P */ @@ -3940,17 +4261,17 @@ dsa_pqgver_test(char *reqfn) /*calculate the size of p, g, and h then allocate items */ pghSize = L/8; - pqg.base.data = vfy.h.data = NULL; - vfy.seed.len = pqg.base.len = vfy.h.len = 0; + pqg.base.data = vfy.h.data = NULL; + vfy.seed.len = pqg.base.len = vfy.h.len = 0; SECITEM_AllocItem(NULL, &pqg.prime, pghSize); SECITEM_AllocItem(NULL, &vfy.seed, pghSize*3); - if (type == A_2_2) { - SECITEM_AllocItem(NULL, &vfy.h, pghSize); - vfy.h.len = pghSize; - } else if (type == A_2_4) { - SECITEM_AllocItem(NULL, &vfy.h, 1); - vfy.h.len = 1; - } + if (type == A_2_2) { + SECITEM_AllocItem(NULL, &vfy.h, pghSize); + vfy.h.len = pghSize; + } else if (type == A_2_4) { + SECITEM_AllocItem(NULL, &vfy.h, 1); + vfy.h.len = 1; + } pqg.prime.len = pghSize; /* q is always N bits */ SECITEM_AllocItem(NULL, &pqg.subPrime, N/8); @@ -4009,24 +4330,24 @@ dsa_pqgver_test(char *reqfn) if (strncmp(buf, "Seed", 4) == 0) { i = 4; } else if (strncmp(buf, "domain_parameter_seed", 21) == 0) { - i = 21; - } else if (strncmp(buf,"firstseed",9) == 0) { - i = 9; - } else { - i = 0; - } - if (i) { + i = 21; + } else if (strncmp(buf,"firstseed",9) == 0) { + i = 9; + } else { + i = 0; + } + if (i) { while (isspace(buf[i]) || buf[i] == '=') { i++; } for (j=0; isxdigit(buf[i]); i+=2,j++) { hex_to_byteval(&buf[i], &vfy.seed.data[j]); } - vfy.seed.len = j; + vfy.seed.len = j; fputs(buf, dsaresp); - if (type == A_2_4) { - SECStatus result; + if (type == A_2_4) { + SECStatus result; /* Verify the Parameters */ SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); @@ -4038,49 +4359,49 @@ dsa_pqgver_test(char *reqfn) } else { fprintf(dsaresp, "Result = F\n"); } - } + } continue; } - if ((strncmp(buf,"pseed",5) == 0) || - (strncmp(buf,"qseed",5) == 0)) - { - i = 5; + if ((strncmp(buf,"pseed",5) == 0) || + (strncmp(buf,"qseed",5) == 0)) + { + i = 5; while (isspace(buf[i]) || buf[i] == '=') { i++; } for (j=vfy.seed.len; isxdigit(buf[i]); i+=2,j++) { hex_to_byteval(&buf[i], &vfy.seed.data[j]); } - vfy.seed.len = j; + vfy.seed.len = j; fputs(buf, dsaresp); continue; - } + } if (strncmp(buf, "index", 4) == 0) { - i=5; + i=5; while (isspace(buf[i]) || buf[i] == '=') { i++; } - hex_to_byteval(&buf[i], &vfy.h.data[0]); - vfy.h.len = 1; + hex_to_byteval(&buf[i], &vfy.h.data[0]); + vfy.h.len = 1; fputs(buf, dsaresp); - } + } /* c = ... or counter=*/ if (buf[0] == 'c') { - if (strncmp(buf,"counter", 7) == 0) { + if (strncmp(buf,"counter", 7) == 0) { if (sscanf(buf, "counter = %u", &vfy.counter) != 1) { goto loser; - } - } else { + } + } else { if (sscanf(buf, "c = %u", &vfy.counter) != 1) { goto loser; - } + } } fputs(buf, dsaresp); if (type == A_1_1_3) { - SECStatus result; + SECStatus result; /* only verify P and Q, we have everything now. do it */ SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); if (rv != SECSuccess) { @@ -4095,17 +4416,17 @@ dsa_pqgver_test(char *reqfn) } continue; } - if (strncmp(buf,"pgen_counter", 12) == 0) { + if (strncmp(buf,"pgen_counter", 12) == 0) { if (sscanf(buf, "pgen_counter = %u", &vfy.counter) != 1) { goto loser; - } + } fputs(buf, dsaresp); - continue; - } - if (strncmp(buf,"qgen_counter", 12) == 0) { + continue; + } + if (strncmp(buf,"qgen_counter", 12) == 0) { fputs(buf, dsaresp); if (type == A_1_2_2) { - SECStatus result; + SECStatus result; /* only verify P and Q, we have everything now. do it */ SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); if (rv != SECSuccess) { @@ -4118,8 +4439,8 @@ dsa_pqgver_test(char *reqfn) } fprintf(dsaresp, "\n"); } - continue; - } + continue; + } /* H = ... */ if (buf[0] == 'H') { SECStatus rv, result = SECFailure; @@ -4131,18 +4452,18 @@ dsa_pqgver_test(char *reqfn) for (j=0; isxdigit(buf[i]); i+=2,j++) { hex_to_byteval(&buf[i], &vfy.h.data[j]); } - vfy.h.len = j; + vfy.h.len = j; fputs(buf, dsaresp); - /* this should be a byte value. Remove the leading zeros. If - * it doesn't reduce to a byte, PQG_VerifyParams will catch it - if (type == A_2_2) { - data_save = vfy.h.data; - while(vfy.h.data[0] && (vfy.h.len > 1)) { - vfy.h.data++; - vfy.h.len--; - } - } */ + /* this should be a byte value. Remove the leading zeros. If + * it doesn't reduce to a byte, PQG_VerifyParams will catch it + if (type == A_2_2) { + data_save = vfy.h.data; + while(vfy.h.data[0] && (vfy.h.len > 1)) { + vfy.h.data++; + vfy.h.len--; + } + } */ /* Verify the Parameters */ rv = PQG_VerifyParams(&pqg, &vfy, &result); @@ -4199,6 +4520,7 @@ dsa_pqggen_test(char *reqfn) int L; int i; unsigned int j; + int output_g = 1; PQGParams *pqg = NULL; PQGVerify *vfy = NULL; unsigned int keySizeIndex = 0; @@ -4215,21 +4537,23 @@ dsa_pqggen_test(char *reqfn) /* [A.xxxxx ] */ if (buf[0] == '[' && buf[1] == 'A') { - if (strncmp(&buf[1],"A.1.1.2",7) == 0) { - type = A_1_1_2; - } else if (strncmp(&buf[1],"A.2.1",5) == 0) { - fprintf(stderr, "NSS only Generates G with P&Q\n"); - exit(1); - } else if (strncmp(&buf[1],"A.2.3",5) == 0) { - fprintf(stderr, "NSS only Generates G with P&Q\n"); - exit(1); - } else if (strncmp(&buf[1],"A.1.2.1",7) == 0) { - fprintf(stderr, "NSS does not support Shawe-Taylor Primes\n"); - exit(1); - } else { - fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); + if (strncmp(&buf[1],"A.1.1.2",7) == 0) { + fprintf(stderr, "NSS does Generate Probablistic Primes\n"); exit(1); - } + } else if (strncmp(&buf[1],"A.2.1",5) == 0) { + type = A_1_2_1; + output_g = 1; + exit(1); + } else if (strncmp(&buf[1],"A.2.3",5) == 0) { + fprintf(stderr, "NSS only Generates G with P&Q\n"); + exit(1); + } else if (strncmp(&buf[1],"A.1.2.1",7) == 0) { + type = A_1_2_1; + output_g = 0; + } else { + fprintf(stderr, "Unknown dsa pqggen test %s\n", &buf[1]); + exit(1); + } fputs(buf, dsaresp); continue; } @@ -4237,19 +4561,19 @@ dsa_pqggen_test(char *reqfn) /* [Mod = ... ] */ if (buf[0] == '[') { - if (type == FIPS186_1) { + if (type == FIPS186_1) { N=160; if (sscanf(buf, "[mod = %d]", &L) != 1) { goto loser; - } - } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { - goto loser; + } + } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { + goto loser; } fputs(buf, dsaresp); fputc('\n', dsaresp); - if (type == FIPS186_1) { + if (type == FIPS186_1) { /************************************************************ * PQG_ParamGenSeedLen doesn't take a key size, it takes an * index that points to a valid key size. @@ -4266,7 +4590,11 @@ dsa_pqggen_test(char *reqfn) } /* N = ... */ if (buf[0] == 'N') { - if (sscanf(buf, "N = %d", &count) != 1) { + if (strncmp(buf, "Num", 3) == 0) { + if (sscanf(buf, "Num = %d", &count) != 1) { + goto loser; + } + } else if (sscanf(buf, "N = %d", &count) != 1) { goto loser; } for (i = 0; i < count; i++) { @@ -4287,24 +4615,38 @@ dsa_pqggen_test(char *reqfn) fprintf(dsaresp, "P = %s\n", buf); to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len); fprintf(dsaresp, "Q = %s\n", buf); - to_hex_str(buf, pqg->base.data, pqg->base.len); - fprintf(dsaresp, "G = %s\n", buf); - if (type == FIPS186_1) { + if (output_g) { + to_hex_str(buf, pqg->base.data, pqg->base.len); + fprintf(dsaresp, "G = %s\n", buf); + } + if (type == FIPS186_1) { to_hex_str(buf, vfy->seed.data, vfy->seed.len); fprintf(dsaresp, "Seed = %s\n", buf); fprintf(dsaresp, "c = %d\n", vfy->counter); to_hex_str(buf, vfy->h.data, vfy->h.len); fputs("H = ", dsaresp); for (j=vfy->h.len; j< pqg->prime.len; j++) { - fprintf(dsaresp, "00"); + fprintf(dsaresp, "00"); } fprintf(dsaresp, "%s\n", buf); - } else { - fprintf(dsaresp, "counter = %d\n", vfy->counter); - fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); - to_hex_str(buf, vfy->seed.data, vfy->seed.len); - fprintf(dsaresp, "domain_parameter_seed = %s\n", buf); - } + } else { + unsigned int seedlen = vfy->seed.len/2; + unsigned int pgen_counter = vfy->counter >> 16; + unsigned int qgen_counter = vfy->counter & 0xffff; + /*fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); */ + to_hex_str(buf, vfy->seed.data, seedlen); + fprintf(dsaresp, "pseed = %s\n", buf); + to_hex_str(buf, vfy->seed.data+seedlen, seedlen); + fprintf(dsaresp, "qseed = %s\n", buf); + fprintf(dsaresp, "pgen_counter = %d\n", pgen_counter); + fprintf(dsaresp, "qgen_counter = %d\n", qgen_counter); + if (output_g) { + to_hex_str(buf, vfy->seed.data, vfy->seed.len); + fprintf(dsaresp, "domain_parameter_seed = %s\n", buf); + fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); + } + + } fputc('\n', dsaresp); if(pqg!=NULL) { PQG_DestroyParams(pqg); @@ -4390,7 +4732,7 @@ dsa_siggen_test(char *reqfn) if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N, &hashNum) != 3) { use_dsa1 = PR_TRUE; - hashNum = 1; + hashNum = 1; if (sscanf(buf, "[mod = %d]", &modulus) != 1) { goto loser; } @@ -4437,11 +4779,11 @@ dsa_siggen_test(char *reqfn) goto loser; } - hashType = sha_get_hashType(hashNum); - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); - goto loser; - } + hashType = sha_get_hashType(hashNum); + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); + goto loser; + } continue; } @@ -4450,10 +4792,10 @@ dsa_siggen_test(char *reqfn) unsigned char msg[128]; /* MAX msg 128 */ unsigned int len = 0; - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: Hash Alg not set"); - goto loser; - } + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: Hash Alg not set"); + goto loser; + } memset(hashBuf, 0, sizeof hashBuf); memset(sig, 0, sizeof sig); @@ -4467,7 +4809,7 @@ dsa_siggen_test(char *reqfn) } if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) { fprintf(dsaresp, "ERROR: Unable to generate SHA% digest", - hashNum); + hashNum); goto loser; } @@ -4562,8 +4904,8 @@ dsa_sigver_test(char *reqfn) if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N, &hashNum) != 3) { - N=160; - hashNum = 1; + N=160; + hashNum = 1; if (sscanf(buf, "[mod = %d]", &L) != 1) { goto loser; } @@ -4595,11 +4937,11 @@ dsa_sigver_test(char *reqfn) SECITEM_AllocItem(NULL, &pubkey.params.subPrime, N/8); pubkey.params.subPrime.len = N/8; - hashType = sha_get_hashType(hashNum); - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); - goto loser; - } + hashType = sha_get_hashType(hashNum); + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); + goto loser; + } continue; } @@ -4653,10 +4995,10 @@ dsa_sigver_test(char *reqfn) unsigned char msg[128]; /* MAX msg 128 */ memset(hashBuf, 0, sizeof hashBuf); - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: Hash Alg not set"); - goto loser; - } + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: Hash Alg not set"); + goto loser; + } i = 3; while (isspace(buf[i]) || buf[i] == '=') { @@ -4667,7 +5009,7 @@ dsa_sigver_test(char *reqfn) } if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) { fprintf(dsaresp, "ERROR: Unable to generate SHA-%d digest", - hashNum); + hashNum); goto loser; } @@ -4707,17 +5049,17 @@ dsa_sigver_test(char *reqfn) /* S = ... */ if (buf[0] == 'S') { - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: Hash Alg not set"); - goto loser; - } + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: Hash Alg not set"); + goto loser; + } i = 1; while (isspace(buf[i]) || buf[i] == '=') { i++; } for (j=pubkey.params.subPrime.len; - j< pubkey.params.subPrime.len*2; i+=2,j++) { + j< pubkey.params.subPrime.len*2; i+=2,j++) { hex_to_byteval(&buf[i], &sig[j]); } fputs(buf, dsaresp); @@ -4734,7 +5076,7 @@ dsa_sigver_test(char *reqfn) } else { fprintf(dsaresp, "Result = F\n"); } - fprintf(dsaresp, "\n"); + fprintf(dsaresp, "\n"); continue; } } @@ -4754,6 +5096,118 @@ dsa_sigver_test(char *reqfn) } } +static void +pad(unsigned char *buf, int pad_len, unsigned char *src, int src_len) +{ + int offset = 0; + /* this shouldn't happen, fail right away rather than produce bad output */ + if (pad_len < src_len) { + fprintf(stderr, "data bigger than expected! %d > %d\n", src_len, pad_len); + exit(1); + } + + offset = pad_len - src_len; + memset(buf, 0, offset); + memcpy(buf+offset, src, src_len); + return; +} + + +/* + * Perform the DSA Key Pair Generation Test. + * + * reqfn is the pathname of the REQUEST file. + * + * The output RESPONSE file is written to stdout. + */ +void +rsa_keypair_test(char *reqfn) +{ + char buf[800]; /* holds one line from the input REQUEST file + * or to the output RESPONSE file. + * 800 to hold (384 public key (x2 for HEX) + 1'\n' + */ + unsigned char buf2[400]; /* can't need more then 1/2 buf length */ + FILE *rsareq; /* input stream from the REQUEST file */ + FILE *rsaresp; /* output stream to the RESPONSE file */ + int count; + int i; + int keySize; /* key size in bits*/ + int len = 0; /* key size in bytes */ + int len2 = 0; /* key size in bytes/2 (prime size) */ + SECItem e; + unsigned char default_e[] = { 0x1, 0x0, 0x1 }; + + e.data = default_e; + e.len = sizeof (default_e); + + rsareq = fopen(reqfn, "r"); + rsaresp = stdout; + while (fgets(buf, sizeof buf, rsareq) != NULL) { + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, rsaresp); + continue; + } + + /* [Mod = x] */ + if (buf[0] == '[') { + if (buf[1] == 'm') { + if (sscanf(buf, "[mod = %d]", &keySize) != 1) { + goto loser; + } + len = keySize/8; + len2 = keySize/16; + } + fputs(buf, rsaresp); + continue; + } + /* N = ...*/ + if (buf[0] == 'N') { + + if (sscanf(buf, "N = %d", &count) != 1) { + goto loser; + } + + /* Generate a DSA key, and output the key pair for N times */ + for (i = 0; i < count; i++) { + RSAPrivateKey *rsakey = NULL; + if ((rsakey = RSA_NewKey(keySize, &e)) == NULL) { + fprintf(rsaresp, "ERROR: Unable to generate RSA key"); + goto loser; + } + pad(buf2,len,rsakey->publicExponent.data, + rsakey->publicExponent.len); + to_hex_str(buf, buf2, len); + fprintf(rsaresp, "e = %s\n", buf); + pad(buf2,len2,rsakey->prime1.data, + rsakey->prime1.len); + to_hex_str(buf, buf2, len2); + fprintf(rsaresp, "p = %s\n", buf); + pad(buf2,len2,rsakey->prime2.data, + rsakey->prime2.len); + to_hex_str(buf, buf2, len2); + fprintf(rsaresp, "q = %s\n", buf); + pad(buf2,len,rsakey->modulus.data, + rsakey->modulus.len); + to_hex_str(buf, buf2, len); + fprintf(rsaresp, "n = %s\n", buf); + pad(buf2,len,rsakey->privateExponent.data, + rsakey->privateExponent.len); + to_hex_str(buf, buf2, len); + fprintf(rsaresp, "d = %s\n", buf); + fprintf(rsaresp, "\n"); + PORT_FreeArena(rsakey->arena, PR_TRUE); + rsakey = NULL; + } + continue; + } + + } +loser: + fclose(rsareq); +} + /* * Perform the RSA Signature Generation Test. * @@ -4912,16 +5366,16 @@ rsa_siggen_test(char *reqfn) for (j=0; isxdigit(buf[i]) && j < sizeof(msg); i+=2,j++) { hex_to_byteval(&buf[i], &msg[j]); } - shaLength = fips_hashLen(shaAlg); - if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { - if (shaLength == 0) { - fprintf(rsaresp, "ERROR: SHAAlg not defined."); - } + shaLength = fips_hashLen(shaAlg); + if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { + if (shaLength == 0) { + fprintf(rsaresp, "ERROR: SHAAlg not defined."); + } fprintf(rsaresp, "ERROR: Unable to generate SHA%x", - shaLength == 160 ? 1 : shaLength); + shaLength == 160 ? 1 : shaLength); goto loser; } - shaOid = fips_hashOid(shaAlg); + shaOid = fips_hashOid(shaAlg); /* Perform RSA signature with the RSA private key. */ rv = RSA_HashSign( shaOid, @@ -5136,13 +5590,13 @@ rsa_sigver_test(char *reqfn) hex_to_byteval(&buf[i], &msg[j]); } - shaLength = fips_hashLen(shaAlg); - if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { - if (shaLength == 0) { - fprintf(rsaresp, "ERROR: SHAAlg not defined."); - } + shaLength = fips_hashLen(shaAlg); + if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { + if (shaLength == 0) { + fprintf(rsaresp, "ERROR: SHAAlg not defined."); + } fprintf(rsaresp, "ERROR: Unable to generate SHA%x", - shaLength == 160 ? 1 : shaLength); + shaLength == 160 ? 1 : shaLength); goto loser; } @@ -5175,6 +5629,8 @@ rsa_sigver_test(char *reqfn) signatureLength = j; fputs(buf, rsaresp); + shaOid = fips_hashOid(shaAlg); + /* Perform RSA verification with the RSA public key. */ rv = RSA_HashCheckSign( shaOid, rsa_public_key, @@ -5200,6 +5656,302 @@ rsa_sigver_test(char *reqfn) } } +void +tls(char *reqfn) +{ + char buf[256]; /* holds one line from the input REQUEST file. + * needs to be large enough to hold the longest + * line "XSeed = <128 hex digits>\n". + */ + unsigned char *pms = NULL; + int pms_len; + unsigned char *master_secret = NULL; + unsigned char *key_block = NULL; + int key_block_len; + unsigned char serverHello_random[SSL3_RANDOM_LENGTH]; + unsigned char clientHello_random[SSL3_RANDOM_LENGTH]; + unsigned char server_random[SSL3_RANDOM_LENGTH]; + unsigned char client_random[SSL3_RANDOM_LENGTH]; + FILE *tlsreq = NULL; /* input stream from the REQUEST file */ + FILE *tlsresp; /* output stream to the RESPONSE file */ + unsigned int i, j; + CK_SLOT_ID slotList[10]; + CK_SLOT_ID slotID; + CK_ULONG slotListCount = sizeof(slotList)/sizeof(slotList[0]); + CK_ULONG count; + static const CK_C_INITIALIZE_ARGS pk11args= { + NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS , + (void *)"flags=readOnly,noCertDB,noModDB", NULL }; + static CK_OBJECT_CLASS ck_secret = CKO_SECRET_KEY; + static CK_KEY_TYPE ck_generic = CKK_GENERIC_SECRET; + static CK_BBOOL ck_true = CK_TRUE; + static CK_ULONG one = 1; + CK_ATTRIBUTE create_template[] = { + { CKA_VALUE, NULL, 0 }, + { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, + { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, + { CKA_DERIVE, &ck_true, sizeof (ck_true) }, + }; + CK_ULONG create_template_count = + sizeof(create_template)/sizeof(create_template[0]); + CK_ATTRIBUTE derive_template[] = { + { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, + { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, + { CKA_DERIVE, &ck_true, sizeof(ck_true) }, + { CKA_VALUE_LEN, &one, sizeof(one) }, + }; + CK_ULONG derive_template_count = + sizeof(derive_template)/sizeof(derive_template[0]); + CK_ATTRIBUTE master_template = + { CKA_VALUE, NULL, 0 }; + CK_ATTRIBUTE kb1_template = + { CKA_VALUE, NULL, 0 }; + CK_ATTRIBUTE kb2_template = + { CKA_VALUE, NULL, 0 }; + + + CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE , NULL, 0 }; + CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE , NULL, 0}; + CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; + CK_SSL3_KEY_MAT_PARAMS key_block_params; + CK_SSL3_KEY_MAT_OUT key_material; + CK_RV crv; + + /* set up PKCS #11 parameters */ + master_params.pVersion = NULL; + master_params.RandomInfo.pClientRandom = clientHello_random; + master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random); + master_params.RandomInfo.pServerRandom = serverHello_random; + master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random); + master_mech.pParameter = (void *) &master_params; + master_mech.ulParameterLen = sizeof(master_params); + key_block_params.ulMacSizeInBits = 0; + key_block_params.ulKeySizeInBits = 0; + key_block_params.ulIVSizeInBits = 0; + key_block_params.bIsExport = PR_FALSE; /* ignored anyway for TLS mech */ + key_block_params.RandomInfo.pClientRandom = client_random; + key_block_params.RandomInfo.ulClientRandomLen = sizeof(client_random); + key_block_params.RandomInfo.pServerRandom = server_random; + key_block_params.RandomInfo.ulServerRandomLen = sizeof(server_random); + key_block_params.pReturnedKeyMaterial = &key_material; + key_block_mech.pParameter = (void *) &key_block_params; + key_block_mech.ulParameterLen = sizeof(key_block_params); + + + crv = NSC_Initialize((CK_VOID_PTR)&pk11args); + if (crv != CKR_OK) { + fprintf(stderr,"NSC_Initialize failed crv=0x%x\n",(unsigned int)crv); + goto loser; + } + count = slotListCount; + crv = NSC_GetSlotList(PR_TRUE,slotList, &count); + if (crv != CKR_OK) { + fprintf(stderr,"NSC_GetSlotList failed crv=0x%x\n",(unsigned int)crv); + goto loser; + } + if ((count > slotListCount) || count < 1) { + fprintf(stderr, +"NSC_GetSlotList returned too many or too few slots: %d slots max=%d min=1\n", + (int) count, (int) slotListCount); + goto loser; + } + slotID = slotList[0]; + tlsreq = fopen(reqfn, "r"); + tlsresp = stdout; + while (fgets(buf, sizeof buf, tlsreq) != NULL) { + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, tlsresp); + continue; + } + /* [Xchange - SHA1] */ + if (buf[0] == '[') { + if (strncmp(buf, "[TLS", 4) == 0) { + if (buf[7] == '0') { + master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE; + key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE; + } else if (buf[7] == '2') { + master_mech.mechanism = + CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; + key_block_mech.mechanism = + CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; + } else { + fprintf(stderr, "Unknown TLS type %x\n", + (unsigned int)buf[0]); + goto loser; + } + } + if (strncmp(buf, "[pre-master", 11) == 0) { + if (sscanf(buf, "[pre-master secret length = %d]", + &pms_len) != 1) { + goto loser; + } + pms_len = pms_len/8; + pms = malloc(pms_len); + master_secret = malloc(pms_len); + create_template[0].pValue = pms; + create_template[0].ulValueLen = pms_len; + master_template.pValue = master_secret; + master_template.ulValueLen = pms_len; + } + if (strncmp(buf, "[key", 4) == 0) { + if (sscanf(buf, "[key block length = %d]", &key_block_len) != 1) { + goto loser; + } + key_block_params.ulKeySizeInBits = 8; + key_block_params.ulIVSizeInBits = key_block_len/2-8; + key_block_len=key_block_len/8; + key_block = malloc(key_block_len); + kb1_template.pValue = &key_block[0]; + kb1_template.ulValueLen = 1; + kb2_template.pValue = &key_block[1]; + kb2_template.ulValueLen = 1; + key_material.pIVClient = &key_block[2]; + key_material.pIVServer = &key_block[2+key_block_len/2-1]; + } + fputs(buf, tlsresp); + continue; + } + /* "COUNT = x" begins a new data set */ + if (strncmp(buf, "COUNT", 5) == 0) { + /* zeroize the variables for the test with this data set */ + memset(pms, 0, pms_len); + memset(master_secret, 0, pms_len); + memset(key_block, 0, key_block_len); + fputs(buf, tlsresp); + continue; + } + /* pre_master_secret = ... */ + if (strncmp(buf, "pre_master_secret", 17) == 0) { + i = 17; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; j.req */ - if ( strcmp(argv[2], "kat") == 0) { - /* Known Answer Test (KAT) */ - aes_kat_mmt(argv[4]); - } else if (strcmp(argv[2], "mmt") == 0) { - /* Multi-block Message Test (MMT) */ - aes_kat_mmt(argv[4]); - } else if (strcmp(argv[2], "mct") == 0) { - /* Monte Carlo Test (MCT) */ - if ( strcmp(argv[3], "ecb") == 0) { - /* ECB mode */ - aes_ecb_mct(argv[4]); - } else if (strcmp(argv[3], "cbc") == 0) { - /* CBC mode */ - aes_cbc_mct(argv[4]); - } - } + /* argv[2]=kat|mmt|mct argv[3]=ecb|cbc argv[4]=.req */ + if ( strcmp(argv[2], "kat") == 0) { + /* Known Answer Test (KAT) */ + aes_kat_mmt(argv[4]); + } else if (strcmp(argv[2], "mmt") == 0) { + /* Multi-block Message Test (MMT) */ + aes_kat_mmt(argv[4]); + } else if (strcmp(argv[2], "gcm") == 0) { + if ( strcmp(argv[3], "decrypt") == 0) { + aes_gcm(argv[4],0); + } else if (strcmp(argv[3], "encrypt_extiv") == 0) { + aes_gcm(argv[4],1); + } else if (strcmp(argv[3], "encrypt_intiv") == 0) { + aes_gcm(argv[4],2); + } + } else if (strcmp(argv[2], "mct") == 0) { + /* Monte Carlo Test (MCT) */ + if ( strcmp(argv[3], "ecb") == 0) { + /* ECB mode */ + aes_ecb_mct(argv[4]); + } else if (strcmp(argv[3], "cbc") == 0) { + /* CBC mode */ + aes_cbc_mct(argv[4]); + } + } /*************/ /* SHA */ /*************/ @@ -5266,7 +6026,10 @@ int main(int argc, char **argv) } else if (strcmp(argv[2], "sigver") == 0) { /* Signature Verification Test */ rsa_sigver_test(argv[3]); - } + } else if (strcmp(argv[2], "keypair") == 0) { + /* Key Pair Generation Test */ + rsa_keypair_test(argv[3]); + } /*************/ /* HMAC */ /*************/ diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c index 75811df3f..285eb036b 100644 --- a/security/nss/cmd/lib/derprint.c +++ b/security/nss/cmd/lib/derprint.c @@ -503,9 +503,10 @@ prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end, data += lenLen; /* - * Just quit now if slen more bytes puts us off the end. + * Just quit now if slen more bytes puts us off the end, + * or if there's no more data to process. */ - if ((data + slen) > end) { + if ((data + slen) >= end) { PORT_SetError(SEC_ERROR_BAD_DER); return -1; } diff --git a/security/nss/cmd/pk11mode/pk11mode.c b/security/nss/cmd/pk11mode/pk11mode.c index ce89945a8..901323abe 100644 --- a/security/nss/cmd/pk11mode/pk11mode.c +++ b/security/nss/cmd/pk11mode/pk11mode.c @@ -2090,8 +2090,8 @@ CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList, } PKM_LogIt("C_GetMechanismList returned the mechanism types:\n"); if (verbose) { - for (i = 1; i <= mechanismCount; i++) { - mechName = getName(pMechanismList[(i-1)], ConstMechanism); + for (i = 0; i < mechanismCount; i++) { + mechName = getName(pMechanismList[(i)], ConstMechanism); /* output two mechanism name on each line */ /* currently the longest known mechansim name length is 37 */ @@ -2100,7 +2100,7 @@ CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList, } else { printf("Unknown mechanism: 0x%08lX ", pMechanismList[i]); } - if ((i != 0) && ((i % 2) == 0 )) printf("\n"); + if ((i % 2) == 1 ) printf("\n"); } printf("\n\n"); } diff --git a/security/nss/lib/certhigh/certvfypkix.c b/security/nss/lib/certhigh/certvfypkix.c index 35f841e58..b89fe215f 100644 --- a/security/nss/lib/certhigh/certvfypkix.c +++ b/security/nss/lib/certhigh/certvfypkix.c @@ -1454,7 +1454,6 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams, CERTCertListNode *node; PKIX_PL_Cert *certPkix = NULL; PKIX_TrustAnchor *trustAnchor = NULL; - PKIX_PL_Date *revDate = NULL; PKIX_RevocationChecker *revChecker = NULL; PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext *)plContext; @@ -1664,9 +1663,6 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams, if (date != NULL) PKIX_PL_Object_DecRef((PKIX_PL_Object *)date, plContext); - if (revDate != NULL) - PKIX_PL_Object_DecRef((PKIX_PL_Object *)revDate, plContext); - if (revChecker != NULL) PKIX_PL_Object_DecRef((PKIX_PL_Object *)revChecker, plContext); diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index 68fcddfe9..ab0b1e571 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -559,7 +559,7 @@ SINGLE_SHLIB_DIR = $(OBJDIR)/$(OS_TARGET)_SINGLE_SHLIB ALL_TRASH += $(SINGLE_SHLIB_DIR) $(SINGLE_SHLIB_DIR): - -mkdir $(SINGLE_SHLIB_DIR) + -mkdir -p $(SINGLE_SHLIB_DIR) release_md libs:: $(SINGLE_SHLIB_DIR) $(MAKE) FREEBL_CHILD_BUILD=1 \ diff --git a/security/nss/lib/freebl/nsslowhash.h b/security/nss/lib/freebl/nsslowhash.h index bbd537b5c..bfce42be2 100644 --- a/security/nss/lib/freebl/nsslowhash.h +++ b/security/nss/lib/freebl/nsslowhash.h @@ -8,6 +8,9 @@ * Also NOTE: this only works with Hashing. Only the FIPS interface is enabled. */ +#ifndef _NSSLOWHASH_H_ +#define _NSSLOWHASH_H_ + typedef struct NSSLOWInitContextStr NSSLOWInitContext; typedef struct NSSLOWHASHContextStr NSSLOWHASHContext; @@ -26,3 +29,5 @@ void NSSLOWHASH_End(NSSLOWHASHContext *context, unsigned int *ret, unsigned int len); void NSSLOWHASH_Destroy(NSSLOWHASHContext *context); unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context); + +#endif diff --git a/security/nss/lib/libpkix/include/pkix_revchecker.h b/security/nss/lib/libpkix/include/pkix_revchecker.h index 18a10cd23..a16d23a93 100644 --- a/security/nss/lib/libpkix/include/pkix_revchecker.h +++ b/security/nss/lib/libpkix/include/pkix_revchecker.h @@ -65,12 +65,10 @@ extern "C" { * FUNCTION: PKIX_RevocationChecker_Create * DESCRIPTION: * - * Creates revocation checker object with a given flags. + * Creates a revocation checker object with the given flags. Revocation will + * be checked at the current date. * * PARAMETERS: - * "revDate" - * Revocation will be checked at this date. Current date is taken if the - * parameter is not specified. * "leafMethodListFlags" * Defines a set of method independent flags that will be used to check * revocation of the leaf cert in the chain. diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index dbf6b9614..8d361ecf8 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1381,6 +1381,7 @@ pk11_keyIDHash_populate(void *wincx) } moduleLock = SECMOD_GetDefaultModuleListLock(); if (!moduleLock) { + SECITEM_FreeItem(slotid, PR_TRUE); PORT_SetError(SEC_ERROR_NOT_INITIALIZED); return PR_FAILURE; } diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 07a8c8857..79bebe448 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -400,6 +400,7 @@ PK11_NewSlotInfo(SECMODModule *mod) slot->minPassword = 0; slot->maxPassword = 0; slot->hasRootCerts = PR_FALSE; + slot->hasRootTrust = PR_FALSE; slot->nssToken = NULL; return slot; } diff --git a/security/nss/lib/pkcs7/p7common.c b/security/nss/lib/pkcs7/p7common.c index 9a44f20b3..17fadec6c 100644 --- a/security/nss/lib/pkcs7/p7common.c +++ b/security/nss/lib/pkcs7/p7common.c @@ -566,7 +566,7 @@ SEC_PKCS7DecryptContents(PLArenaPool *poolp, { SECAlgorithmID *algid = NULL; SECStatus rv = SECFailure; - SECItem *result = NULL, *dest, *src; + SECItem *dest, *src; void *mark; PK11SymKey *eKey = NULL; @@ -645,9 +645,6 @@ SEC_PKCS7DecryptContents(PLArenaPool *poolp, loser: /* let success fall through */ - if(result != NULL) - SECITEM_ZfreeItem(result, PR_TRUE); - if(rv == SECFailure) PORT_ArenaRelease(poolp, mark); else diff --git a/security/nss/lib/smime/cmscinfo.c b/security/nss/lib/smime/cmscinfo.c index 56ca0f20e..b6f1d0a6a 100644 --- a/security/nss/lib/smime/cmscinfo.c +++ b/security/nss/lib/smime/cmscinfo.c @@ -227,7 +227,7 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn void * NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo) { - SECOidTag tag = (cinfo && cinfo->contentTypeTag) + SECOidTag tag = cinfo->contentTypeTag ? cinfo->contentTypeTag->offset : SEC_OID_UNKNOWN; switch (tag) { diff --git a/security/nss/lib/smime/cmssiginfo.c b/security/nss/lib/smime/cmssiginfo.c index ae35f0538..f3635c2da 100644 --- a/security/nss/lib/smime/cmssiginfo.c +++ b/security/nss/lib/smime/cmssiginfo.c @@ -404,6 +404,7 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, if (NSS_CMSAttributeArray_Encode(poolp, &(signerinfo->authAttr), &encoded_attrs) == NULL || encoded_attrs.data == NULL || encoded_attrs.len == 0) { + PORT_FreeArena(poolp, PR_FALSE); vs = NSSCMSVS_ProcessingError; goto loser; } diff --git a/security/nss/lib/softoken/legacydb/Makefile b/security/nss/lib/softoken/legacydb/Makefile index 616c65fbd..b7e94cae3 100644 --- a/security/nss/lib/softoken/legacydb/Makefile +++ b/security/nss/lib/softoken/legacydb/Makefile @@ -20,7 +20,19 @@ include $(CORE_DEPTH)/coreconf/config.mk # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### - +ifdef NSS_NO_INIT_SUPPORT + DEFINES += -DNSS_NO_INIT_SUPPORT +endif +ifeq ($(OS_TARGET),Linux) +ifeq ($(CPU_ARCH),ppc) +ifdef USE_64 + DEFINES += -DNSS_NO_INIT_SUPPORT +endif # USE_64 +endif # ppc +else # !Linux + # turn off no init support everywhere for now + DEFINES += -DNSS_NO_INIT_SUPPORT +endif # Linux ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c index b2ff521a5..b49f3fea6 100644 --- a/security/nss/lib/softoken/legacydb/lginit.c +++ b/security/nss/lib/softoken/legacydb/lginit.c @@ -479,14 +479,6 @@ lg_HashNumber(const void *key) return (PLHashNumber)((char *)key - (char *)NULL); } -PRIntn -lg_CompareValues(const void *v1, const void *v2) -{ - PLHashNumber value1 = lg_HashNumber(v1); - PLHashNumber value2 = lg_HashNumber(v2); - return (value1 == value2); -} - /* * helper function to wrap a NSSLOWCERTCertDBHandle or a NSSLOWKEYDBHandle * with and sdb structure. @@ -515,7 +507,7 @@ lg_init(SDB **pSdb, int flags, NSSLOWCERTCertDBHandle *certdbPtr, if (lgdb_p->dbLock == NULL) { goto loser; } - lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, lg_CompareValues, + lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, PL_CompareValues, SECITEM_HashCompare, NULL, 0); if (lgdb_p->hashTable == NULL) { goto loser; diff --git a/security/nss/lib/softoken/legacydb/lgutil.c b/security/nss/lib/softoken/legacydb/lgutil.c index 88e46d6e4..1b45bb011 100644 --- a/security/nss/lib/softoken/legacydb/lgutil.c +++ b/security/nss/lib/softoken/legacydb/lgutil.c @@ -303,8 +303,10 @@ lg_mkHandle(SDB *sdb, SECItem *dbKey, CK_OBJECT_HANDLE class) /* there is only one KRL, use a fixed handle for it */ if (handle != LG_TOKEN_KRL_HANDLE) { lg_XORHash(hashBuf,dbKey->data,dbKey->len); - handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) | - (hashBuf[2] << 8) | hashBuf[3]; + handle = ((CK_OBJECT_HANDLE)hashBuf[0] << 24) | + ((CK_OBJECT_HANDLE)hashBuf[1] << 16) | + ((CK_OBJECT_HANDLE)hashBuf[2] << 8) | + (CK_OBJECT_HANDLE)hashBuf[3]; handle = class | (handle & ~(LG_TOKEN_TYPE_MASK|LG_TOKEN_MASK)); /* we have a CRL who's handle has randomly matched the reserved KRL * handle, increment it */ diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c index 4eda4f0f4..418de0b83 100644 --- a/security/nss/lib/softoken/legacydb/pcertdb.c +++ b/security/nss/lib/softoken/legacydb/pcertdb.c @@ -3381,13 +3381,10 @@ AddCertToPermDB(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, loser: /* don't leave partial entry in the database */ if ( state > 0 ) { - rv = DeleteDBCertEntry(handle, &cert->certKey); + DeleteDBCertEntry(handle, &cert->certKey); } if ( ( state > 1 ) && donnentry ) { - rv = DeleteDBNicknameEntry(handle, nickname); - } - if ( state > 2 ) { - rv = DeleteDBSubjectEntry(handle, &cert->derSubject); + DeleteDBNicknameEntry(handle, nickname); } if ( certEntry ) { DestroyDBEntry((certDBEntry *)certEntry); diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index a1aec5993..434e7bdb2 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -2577,6 +2577,7 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSession, } intpointer = PORT_New(CK_ULONG); if (intpointer == NULL) { + PORT_Free(ctx); crv = CKR_HOST_MEMORY; break; } @@ -2606,6 +2607,7 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSession, } intpointer = PORT_New(CK_ULONG); if (intpointer == NULL) { + PORT_Free(ctx); crv = CKR_HOST_MEMORY; break; } diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 5d7734f87..1bd35a019 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -94,19 +94,19 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { /* cipher_suite policy enabled isPresent */ #ifndef NSS_DISABLE_ECC - { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around * bug 946147. */ - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, @@ -4731,6 +4731,11 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, SSL3Opaque sha_inner[MAX_MAC_LENGTH]; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); + if (ss->ssl3.hs.hashType == handshake_hash_unknown) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + hashes->hashAlg = ssl_hash_none; #ifndef NO_PKCS11_BYPASS @@ -4769,7 +4774,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, return SECFailure; } - s[0] = (unsigned char)(sender >> 24); s[1] = (unsigned char)(sender >> 16); s[2] = (unsigned char)(sender >> 8); @@ -4906,7 +4910,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, return SECFailure; } - s[0] = (unsigned char)(sender >> 24); s[1] = (unsigned char)(sender >> 16); s[2] = (unsigned char)(sender >> 8); @@ -6958,7 +6961,6 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { - PORT_FreeArena(arena, PR_FALSE); goto no_memory; } @@ -6969,7 +6971,6 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (SECITEM_CopyItem(arena, &peerKey->u.rsa.modulus, &modulus) || SECITEM_CopyItem(arena, &peerKey->u.rsa.publicExponent, &exponent)) { - PORT_FreeArena(arena, PR_FALSE); goto no_memory; } ss->sec.peerKey = peerKey; @@ -7069,7 +7070,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto no_memory; } - ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); + peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { goto no_memory; } @@ -7083,7 +7084,6 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECITEM_CopyItem(arena, &peerKey->u.dh.base, &dh_g) || SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys)) { - PORT_FreeArena(arena, PR_FALSE); goto no_memory; } ss->sec.peerKey = peerKey; @@ -7106,10 +7106,16 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); loser: + if (arena) { + PORT_FreeArena(arena, PR_FALSE); + } PORT_SetError( errCode ); return SECFailure; no_memory: /* no-memory error has already been set. */ + if (arena) { + PORT_FreeArena(arena, PR_FALSE); + } ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); return SECFailure; } @@ -9555,6 +9561,13 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, goto alert_loser; } + if (!hashes) { + PORT_Assert(0); + desc = internal_error; + errCode = SEC_ERROR_LIBRARY_FAILURE; + goto alert_loser; + } + if (isTLS12) { rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, &sigAndHash); @@ -11215,6 +11228,13 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, return SECFailure; } + if (!hashes) { + PORT_Assert(0); + SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0); if (isTLS) { TLSFinished tlsFinished; @@ -11440,6 +11460,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECStatus rv = SECSuccess; SSL3HandshakeType type = ss->ssl3.hs.msg_type; SSL3Hashes hashes; /* computed hashes are put here. */ + SSL3Hashes *hashesPtr = NULL; /* Set when hashes are computed */ PRUint8 hdr[4]; PRUint8 dtlsData[8]; @@ -11450,7 +11471,8 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * current message. */ ssl_GetSpecReadLock(ss); /************************************/ - if((type == finished) || (type == certificate_verify)) { + if(((type == finished) && (ss->ssl3.hs.ws == wait_finished)) || + ((type == certificate_verify) && (ss->ssl3.hs.ws == wait_cert_verify))) { SSL3Sender sender = (SSL3Sender)0; ssl3CipherSpec *rSpec = ss->ssl3.prSpec; @@ -11459,6 +11481,9 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) rSpec = ss->ssl3.crSpec; } rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); + if (rv == SECSuccess) { + hashesPtr = &hashes; + } } ssl_ReleaseSpecReadLock(ss); /************************************/ if (rv != SECSuccess) { @@ -11609,7 +11634,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY); return SECFailure; } - rv = ssl3_HandleCertificateVerify(ss, b, length, &hashes); + rv = ssl3_HandleCertificateVerify(ss, b, length, hashesPtr); break; case client_key_exchange: if (!ss->sec.isServer) { @@ -11628,7 +11653,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) rv = ssl3_HandleNewSessionTicket(ss, b, length); break; case finished: - rv = ssl3_HandleFinished(ss, b, length, &hashes); + rv = ssl3_HandleFinished(ss, b, length, hashesPtr); break; default: (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index dac217443..4aac635ce 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -704,7 +704,7 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto no_memory; } - ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); + peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { goto no_memory; } @@ -725,7 +725,6 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* copy publicValue in peerKey */ if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point)) { - PORT_FreeArena(arena, PR_FALSE); goto no_memory; } peerKey->pkcs11Slot = NULL; @@ -739,10 +738,16 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); loser: + if (arena) { + PORT_FreeArena(arena, PR_FALSE); + } PORT_SetError( errCode ); return SECFailure; no_memory: /* no-memory error has already been set. */ + if (arena) { + PORT_FreeArena(arena, PR_FALSE); + } ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); return SECFailure; } diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index a92ac9389..b9aea5805 100644 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -201,7 +201,7 @@ run_cycle_upgrade_db() # run the subset of tests with the upgraded database TESTS="${ALL_TESTS}" - TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains" + TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains ssl_gtests" echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null RET=$? @@ -232,7 +232,7 @@ run_cycle_shared_db() # run the tests for native sharedb support TESTS="${ALL_TESTS}" - TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits" + TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits ssl_gtests" echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null RET=$? @@ -273,7 +273,7 @@ run_cycles() cycles="standard pkix upgradedb sharedb" CYCLES=${NSS_CYCLES:-$cycles} -tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains" +tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ssl_gtests" TESTS=${NSS_TESTS:-$tests} ALL_TESTS=${TESTS} diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh index 08ac583b9..49fbdf16a 100644 --- a/security/nss/tests/common/init.sh +++ b/security/nss/tests/common/init.sh @@ -234,7 +234,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then HTML_FAILED='Failed' HTML_FAILED_CORE='Failed Core' HTML_PASSED='Passed' - HTML_UNKNOWN='Unknown/TD>' + HTML_UNKNOWN='Unknown' TABLE_ARGS= diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index 6b8d0830f..1bfb4b74e 100644 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -437,10 +437,10 @@ ssl_stapling_sub() start_selfserv echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} -v ${CLIENT_OPTIONS} \\" - echo " -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}" + echo " -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}" rm ${TMP}/$HOST.tmp.$$ 2>/dev/null ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ - -d ${P_R_CLIENTDIR} -v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \ + -d ${P_R_CLIENTDIR} -v -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \ >${TMP}/$HOST.tmp.$$ 2>&1 ret=$? cat ${TMP}/$HOST.tmp.$$ diff --git a/security/nss/tests/ssl/sslauth.txt b/security/nss/tests/ssl/sslauth.txt index 9178cb876..aa8196c5f 100644 --- a/security/nss/tests/ssl/sslauth.txt +++ b/security/nss/tests/ssl/sslauth.txt @@ -65,12 +65,12 @@ # SNI Tests # SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI - SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI - SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert + SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI + SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI - SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions + SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI - SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI + SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS - SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS - SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert + SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS + SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert From 0310c45fa3b28ec71f74862a5aaebfab6a39ce1d Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 20:22:09 +0800 Subject: [PATCH 05/15] cherry-picked mozilla NSS upstream changes (to rev 46bd290c): bug1061701, bug1210361, bug1210364, bug1210380, bug1210389, bug1009429, bug1211444, bug1180096, bug1210484, bug1211915, bug1211725, bug1213931, bug1214806, bug1214762, bug1214777, bug1214841, bug1214834, bug1213948, bug1213980, bug1192028, bug1202868, bug1214829, bug1026688, bug1214825, bug1216318 --- security/nss/Makefile | 10 +- security/nss/cmd/certutil/certext.c | 1 + security/nss/cmd/modutil/install-ds.c | 3 + security/nss/cmd/modutil/install.c | 5 +- security/nss/cmd/shlibsign/shlibsign.c | 2 +- security/nss/coreconf/Linux.mk | 5 +- security/nss/coreconf/WIN32.mk | 3 +- security/nss/coreconf/arch.mk | 9 + security/nss/coreconf/mkdepend/parse.c | 4 +- security/nss/lib/certhigh/certvfy.c | 99 ++++++++- security/nss/lib/cryptohi/keyhi.h | 8 + security/nss/lib/cryptohi/seckey.c | 19 ++ security/nss/lib/dev/devutil.c | 1 + security/nss/lib/freebl/des.c | 19 +- security/nss/lib/jar/jarsign.c | 15 +- security/nss/lib/manifest.mn | 2 +- security/nss/lib/nss/manifest.mn | 2 + security/nss/lib/nss/nss.def | 8 + security/nss/lib/nss/nss.h | 13 ++ security/nss/lib/nss/nssoptions.c | 73 +++++++ security/nss/lib/nss/nssoptions.h | 21 ++ security/nss/lib/pk11wrap/pk11akey.c | 13 +- security/nss/lib/pk11wrap/pk11cert.c | 1 + security/nss/lib/pk11wrap/pk11nobj.c | 1 - security/nss/lib/pk11wrap/pk11pars.c | 23 +- security/nss/lib/pk11wrap/secmod.h | 3 + security/nss/lib/pkcs12/p12e.c | 15 +- security/nss/lib/pkcs7/p7common.c | 4 - security/nss/lib/pkcs7/p7local.c | 3 +- security/nss/lib/pki/pki3hack.c | 1 + security/nss/lib/pki/pkibase.c | 6 + security/nss/lib/smime/cmscipher.c | 6 +- security/nss/lib/softoken/pkcs11.c | 8 +- security/nss/lib/ssl/ssl3con.c | 46 +++- security/nss/lib/ssl/ssl3ext.c | 21 +- security/nss/lib/ssl/sslimpl.h | 9 - security/nss/lib/util/nssutil.def | 6 + security/nss/lib/util/secasn1d.c | 199 ++++++++++++++++-- security/nss/lib/util/utilpars.c | 49 ++++- security/nss/lib/util/utilpars.h | 4 + security/nss/tests/dbupgrade/dbupgrade.sh | 2 +- .../suites/security/pkcs11/pk11test.c | 2 +- 42 files changed, 654 insertions(+), 90 deletions(-) create mode 100644 security/nss/lib/nss/nssoptions.c create mode 100644 security/nss/lib/nss/nssoptions.h diff --git a/security/nss/Makefile b/security/nss/Makefile index 655c4d31b..41f864d6f 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -26,7 +26,9 @@ include $(CORE_DEPTH)/coreconf/config.mk # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### - +ifdef NSS_DISABLE_GTESTS +DIRS := $(filter-out external_tests,$(DIRS)) +endif ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # @@ -56,7 +58,11 @@ NSPR_CONFIGURE = $(CORE_DEPTH)/../nspr/configure # ifeq ($(OS_TARGET),Android) -NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) --target=arm-linux-androideabi --with-android-version=$(OS_TARGET_RELEASE) +NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \ + --target=$(ANDROID_PREFIX) \ + --with-android-version=$(OS_TARGET_RELEASE) \ + --with-android-toolchain=$(ANDROID_TOOLCHAIN) \ + --with-android-platform=$(ANDROID_SYSROOT) endif ifdef BUILD_OPT NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c index c36bc2d25..8796747d8 100644 --- a/security/nss/cmd/certutil/certext.c +++ b/security/nss/cmd/certutil/certext.c @@ -970,6 +970,7 @@ AddNameConstraints(void *extHandle) if (!arena || ! constraints) { SECU_PrintError(progName, "out of memory"); + PORT_FreeArena(arena, PR_FALSE); return SECFailure; } diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c index 9d3777a57..efa3c1687 100644 --- a/security/nss/cmd/modutil/install-ds.c +++ b/security/nss/cmd/modutil/install-ds.c @@ -471,6 +471,9 @@ Pk11Install_PlatformName_Generate(Pk11Install_PlatformName* _this, PR_Free(_this->arch); _this->arch = NULL; } + if(copy) { + PR_Free(copy); + } return errStr; } diff --git a/security/nss/cmd/modutil/install.c b/security/nss/cmd/modutil/install.c index 283fc790e..bcc7c7e24 100644 --- a/security/nss/cmd/modutil/install.c +++ b/security/nss/cmd/modutil/install.c @@ -833,7 +833,10 @@ rm_dash_r (char *path) /* Recursively delete all entries in the directory */ while((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { sprintf(filename, "%s/%s", path, entry->name); - if(rm_dash_r(filename)) return -1; + if(rm_dash_r(filename)) { + PR_CloseDir(dir); + return -1; + } } if(PR_CloseDir(dir) != PR_SUCCESS) { diff --git a/security/nss/cmd/shlibsign/shlibsign.c b/security/nss/cmd/shlibsign/shlibsign.c index 0a4edc113..7ddbf343d 100644 --- a/security/nss/cmd/shlibsign/shlibsign.c +++ b/security/nss/cmd/shlibsign/shlibsign.c @@ -522,7 +522,7 @@ CK_RVtoStr(CK_RV errNum) { /* Do binary search of table. */ while (low + 1 < high) { - i = (low + high) / 2; + i = low + (high - low) / 2; num = errStrings[i].errNum; if (errNum == num) return errStrings[i].errString; diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index cbd5e05c0..0e083f14e 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -25,9 +25,12 @@ DEFAULT_COMPILER = gcc ifeq ($(OS_TARGET),Android) ifndef ANDROID_NDK $(error Must set ANDROID_NDK to the path to the android NDK first) +endif +ifndef ANDROID_TOOLCHAIN_VERSION + $(error Must set ANDROID_TOOLCHAIN_VERSION to the requested version number) endif ANDROID_PREFIX=$(OS_TEST)-linux-androideabi - ANDROID_TARGET=$(ANDROID_PREFIX)-4.4.3 + ANDROID_TARGET=$(ANDROID_PREFIX)-$(ANDROID_TOOLCHAIN_VERSION) # should autodetect which linux we are on, currently android only # supports linux-x86 prebuilts ANDROID_TOOLCHAIN=$(ANDROID_NDK)/toolchains/$(ANDROID_TARGET)/prebuilt/linux-x86 diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index 7fe950a3a..b73e815c1 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -197,7 +197,8 @@ ifneq ($(_MSC_VER),$(_MSC_VER_6)) # Disable C4267: conversion from 'size_t' to 'type', possible loss of data # Disable C4244: conversion from 'type1' to 'type2', possible loss of data # Disable C4018: 'expression' : signed/unsigned mismatch - OS_CFLAGS += -w44267 -w44244 -w44018 + # Disable C4312: 'type cast': conversion from 'type1' to 'type2' of greater size + OS_CFLAGS += -w44267 -w44244 -w44018 -w44312 ifeq ($(_MSC_VER_GE_12),1) OS_CFLAGS += -FS endif diff --git a/security/nss/coreconf/arch.mk b/security/nss/coreconf/arch.mk index 782e6c035..62ba8d5dd 100644 --- a/security/nss/coreconf/arch.mk +++ b/security/nss/coreconf/arch.mk @@ -280,7 +280,12 @@ endif # IMPL_STRATEGY may be defined too. # +ifdef CROSS_COMPILE +OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJ +else OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(COMPILER_TAG)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJ +endif + ifeq (,$(filter-out WIN%,$(OS_TARGET))) ifndef BUILD_OPT @@ -289,7 +294,11 @@ ifndef BUILD_OPT # (RTL) in the debug build # ifdef USE_DEBUG_RTL + ifdef CROSS_COMPILE + OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJD + else OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(COMPILER_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJD + endif endif endif endif diff --git a/security/nss/coreconf/mkdepend/parse.c b/security/nss/coreconf/mkdepend/parse.c index 968d2c4ea..763ea0031 100644 --- a/security/nss/coreconf/mkdepend/parse.c +++ b/security/nss/coreconf/mkdepend/parse.c @@ -350,7 +350,7 @@ define2(char *name, char *val, struct inclist *file) /* Fast inline binary search */ register char *s1; register char *s2; - register int middle = (first + last) / 2; + register int middle = first + (last - first) / 2; /* Fast inline strchr() */ s1 = name; @@ -436,7 +436,7 @@ slookup(char *symbol, struct inclist *file) /* Fast inline binary search */ register char *s1; register char *s2; - register int middle = (first + last) / 2; + register int middle = first + (last - first) / 2; /* Fast inline strchr() */ s1 = symbol; diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index 3141163de..d5dcbe8a1 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -6,7 +6,6 @@ #include "secport.h" #include "seccomon.h" #include "secoid.h" -#include "sslerr.h" #include "genname.h" #include "keyhi.h" #include "cert.h" @@ -23,6 +22,7 @@ #include "pkim.h" #include "pki3hack.h" #include "base.h" +#include "keyhi.h" /* * Check the validity times of a certificate @@ -34,6 +34,94 @@ CERT_CertTimesValid(CERTCertificate *c) return (valid == secCertTimeValid) ? SECSuccess : SECFailure; } +SECStatus checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key) +{ + SECStatus rv; + SECOidTag sigAlg; + SECOidTag curve; + PRUint32 policyFlags = 0; + PRInt32 minLen, len; + + sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm); + + switch(sigAlg) { + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + if (key->keyType != ecKey) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; + } + + curve = SECKEY_GetECCOid(&key->u.ec.DEREncodedParams); + if (curve != 0) { + if (NSS_GetAlgorithmPolicy(curve, &policyFlags) == SECFailure || + !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) { + PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + return SECFailure; + } else { + return SECSuccess; + } + } else { + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + return SECFailure; + } + return SECSuccess; + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: + case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: + case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: + if (key->keyType != rsaKey && key->keyType != rsaPssKey) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; + } + + len = 8 * key->u.rsa.modulus.len; + + rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minLen); + if (rv != SECSuccess) { + return SECFailure; + } + + if (len < minLen) { + return SECFailure; + } + + return SECSuccess; + case SEC_OID_ANSIX9_DSA_SIGNATURE: + case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_SDN702_DSA_SIGNATURE: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: + if (key->keyType != dsaKey) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; + } + + len = 8 * key->u.dsa.params.prime.len; + + rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minLen); + if (rv != SECSuccess) { + return SECFailure; + } + + if (len < minLen) { + return SECFailure; + } + + return SECSuccess; + default: + return SECSuccess; + } +} + /* * verify the signature of a signed data object with the given DER publickey */ @@ -50,7 +138,6 @@ CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd, PORT_SetError(PR_INVALID_ARGUMENT_ERROR); return SECFailure; } - /* check the signature */ sig = sd->signature; /* convert sig->len from bit counts to byte count. */ @@ -61,11 +148,17 @@ CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd, if (rv == SECSuccess) { /* Are we honoring signatures for this algorithm? */ PRUint32 policyFlags = 0; + rv = checkKeyParams(&sd->signatureAlgorithm, pubKey); + if (rv != SECSuccess) { + PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + return SECFailure; + } + rv = NSS_GetAlgorithmPolicy(hashAlg, &policyFlags); if (rv == SECSuccess && !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) { PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); - rv = SECFailure; + return SECFailure; } } return rv; diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h index 411ea00e3..0ed3698eb 100644 --- a/security/nss/lib/cryptohi/keyhi.h +++ b/security/nss/lib/cryptohi/keyhi.h @@ -260,6 +260,14 @@ extern int SECKEY_ECParamsToKeySize(const SECItem *params); */ extern int SECKEY_ECParamsToBasePointOrderLen(const SECItem *params); +/* + * Returns the object identifier of the curve, of the provided + * elliptic curve parameters structures. + * + * Return 0 on failure (unknown EC domain parameters). + */ +SECOidTag SECKEY_GetECCOid(const SECKEYECParams * params); + SEC_END_PROTOS #endif /* _KEYHI_H_ */ diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index db72b7451..1fcd4087f 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -1904,3 +1904,22 @@ SECKEY_CacheStaticFlags(SECKEYPrivateKey* key) } return rv; } + +SECOidTag +SECKEY_GetECCOid(const SECKEYECParams * params) +{ + SECItem oid = { siBuffer, NULL, 0}; + SECOidData *oidData = NULL; + + /* + * params->data needs to contain the ASN encoding of an object ID (OID) + * representing a named curve. Here, we strip away everything + * before the actual OID and use the OID to look up a named curve. + */ + if (params->data[0] != SEC_ASN1_OBJECT_ID) return 0; + oid.len = params->len - 2; + oid.data = params->data + 2; + if ((oidData = SECOID_FindOID(&oid)) == NULL) return 0; + + return oidData->offset; +} diff --git a/security/nss/lib/dev/devutil.c b/security/nss/lib/dev/devutil.c index 9d1aaf658..400b69d7c 100644 --- a/security/nss/lib/dev/devutil.c +++ b/security/nss/lib/dev/devutil.c @@ -579,6 +579,7 @@ get_token_objects_for_cache ( &numObjects, &status); if (status != PR_SUCCESS) { + nss_ZFreeIf(objects); return status; } for (i=0; i /* for ptrdiff_t */ /* #define USE_INDEXING 1 */ +/* Some processors automatically fix up unaligned memory access, so they can + * read or write a HALF (4 bytes) at a time whether the address is 4-byte + * aligned or not. */ +#if defined(NSS_X86_OR_X64) +#define HAVE_UNALIGNED_ACCESS 1 +#endif + /* * The tables below are the 8 sbox functions, with the 6-bit input permutation * and the 32-bit output permutation pre-computed. @@ -421,11 +428,13 @@ DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction) int delta; unsigned int ls; -#if defined(NSS_X86_OR_X64) +#if defined(HAVE_UNALIGNED_ACCESS) left = HALFPTR(key)[0]; right = HALFPTR(key)[1]; +#if defined(IS_LITTLE_ENDIAN) BYTESWAP(left, temp); BYTESWAP(right, temp); +#endif #else if (((ptrdiff_t)key & 0x03) == 0) { left = HALFPTR(key)[0]; @@ -572,11 +581,13 @@ DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf) register HALF left, right; register HALF temp; -#if defined(NSS_X86_OR_X64) +#if defined(HAVE_UNALIGNED_ACCESS) left = HALFPTR(inbuf)[0]; right = HALFPTR(inbuf)[1]; +#if defined(IS_LITTLE_ENDIAN) BYTESWAP(left, temp); BYTESWAP(right, temp); +#endif #else if (((ptrdiff_t)inbuf & 0x03) == 0) { left = HALFPTR(inbuf)[0]; @@ -643,9 +654,11 @@ DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf) FP(left, right, temp); -#if defined(NSS_X86_OR_X64) +#if defined(HAVE_UNALIGNED_ACCESS) +#if defined(IS_LITTLE_ENDIAN) BYTESWAP(left, temp); BYTESWAP(right, temp); +#endif HALFPTR(outbuf)[0] = left; HALFPTR(outbuf)[1] = right; #else diff --git a/security/nss/lib/jar/jarsign.c b/security/nss/lib/jar/jarsign.c index f0299b1ce..9beaa3bfb 100644 --- a/security/nss/lib/jar/jarsign.c +++ b/security/nss/lib/jar/jarsign.c @@ -49,8 +49,15 @@ JAR_calculate_digest(void *data, long length) return NULL; } - md5 = PK11_CreateDigestContext(SEC_OID_MD5); + md5 = PK11_CreateDigestContext(SEC_OID_MD5); + if (md5 == NULL) { + return NULL; + } sha1 = PK11_CreateDigestContext(SEC_OID_SHA1); + if (sha1 == NULL) { + PK11_DestroyContext(md5, PR_TRUE); + return NULL; + } if (length >= 0) { PK11_DigestBegin (md5); @@ -107,6 +114,12 @@ JAR_digest_file (char *filename, JAR_Digest *dig) sha1 = PK11_CreateDigestContext (SEC_OID_SHA1); if (md5 == NULL || sha1 == NULL) { + if (md5) { + PK11_DestroyContext(md5, PR_TRUE); + } + if (sha1) { + PK11_DestroyContext(sha1, PR_TRUE); + } /* can't generate digest contexts */ PORT_Free (buf); JAR_FCLOSE (fp); diff --git a/security/nss/lib/manifest.mn b/security/nss/lib/manifest.mn index a04068a94..dd4b54292 100644 --- a/security/nss/lib/manifest.mn +++ b/security/nss/lib/manifest.mn @@ -26,7 +26,7 @@ DIRS = \ libpkix \ certdb certhigh pk11wrap cryptohi nss \ $(ZLIB_SRCDIR) ssl \ - pkcs12 pkcs7 smime \ + pkcs7 pkcs12 smime \ crmf jar \ ckfw $(SYSINIT_SRCDIR) \ $(NULL) diff --git a/security/nss/lib/nss/manifest.mn b/security/nss/lib/nss/manifest.mn index 9e812e52c..54bed49e6 100644 --- a/security/nss/lib/nss/manifest.mn +++ b/security/nss/lib/nss/manifest.mn @@ -6,6 +6,7 @@ CORE_DEPTH = ../.. PRIVATE_EXPORTS = \ nssrenam.h \ + nssoptions.h \ $(NULL) EXPORTS = \ @@ -16,6 +17,7 @@ MODULE = nss CSRCS = \ nssinit.c \ + nssoptions.c \ nssver.c \ utilwrap.c \ $(NULL) diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index fbabaa09a..cd2920c05 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1082,3 +1082,11 @@ SECKEY_BigIntegerBitLength; ;+ local: ;+ *; ;+}; +;+NSS_3.21 { # NSS 3.21 release +;+ global: +NSS_OptionGet; +NSS_OptionSet; +SECMOD_CreateModuleEx; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 8caafa53d..2ca262e7a 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -294,6 +294,19 @@ SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData); */ SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); +/* Available options for NSS_OptionSet() and NSS_OptionGet(). + */ +#define NSS_RSA_MIN_KEY_SIZE (1<<0) +#define NSS_DH_MIN_KEY_SIZE (1<<1) +#define NSS_DSA_MIN_KEY_SIZE (1<<2) + +/* + * Set and get global options for the NSS library. + */ +SECStatus NSS_OptionSet(PRInt32 which, PRInt32 value); +SECStatus NSS_OptionGet(PRInt32 which, PRInt32 *value); + + /* * Close the Cert, Key databases. */ diff --git a/security/nss/lib/nss/nssoptions.c b/security/nss/lib/nss/nssoptions.c new file mode 100644 index 000000000..10b0138df --- /dev/null +++ b/security/nss/lib/nss/nssoptions.c @@ -0,0 +1,73 @@ +/* + * NSS utility functions + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include +#include +#include + +#include "seccomon.h" +#include "secoidt.h" +#include "secoid.h" +#include "nss.h" +#include "nssoptions.h" + +struct nssOps { + PRInt32 rsaMinKeySize; + PRInt32 dhMinKeySize; + PRInt32 dsaMinKeySize; +}; + +static struct nssOps nss_ops = { + SSL_RSA_MIN_MODULUS_BITS, + SSL_DH_MIN_P_BITS, + SSL_DSA_MIN_P_BITS +}; + +SECStatus +NSS_OptionSet(PRInt32 which, PRInt32 value) +{ +SECStatus rv = SECSuccess; + + switch (which) { + case NSS_RSA_MIN_KEY_SIZE: + nss_ops.rsaMinKeySize = value; + break; + case NSS_DH_MIN_KEY_SIZE: + nss_ops.dhMinKeySize = value; + break; + case NSS_DSA_MIN_KEY_SIZE: + nss_ops.dsaMinKeySize = value; + break; + default: + rv = SECFailure; + } + + return rv; +} + +SECStatus +NSS_OptionGet(PRInt32 which, PRInt32 *value) +{ +SECStatus rv = SECSuccess; + + switch (which) { + case NSS_RSA_MIN_KEY_SIZE: + *value = nss_ops.rsaMinKeySize; + break; + case NSS_DH_MIN_KEY_SIZE: + *value = nss_ops.dhMinKeySize; + break; + case NSS_DSA_MIN_KEY_SIZE: + *value = nss_ops.dsaMinKeySize; + break; + default: + rv = SECFailure; + } + + return rv; +} + diff --git a/security/nss/lib/nss/nssoptions.h b/security/nss/lib/nss/nssoptions.h new file mode 100644 index 000000000..daa0944c3 --- /dev/null +++ b/security/nss/lib/nss/nssoptions.h @@ -0,0 +1,21 @@ +/* + * NSS utility functions + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * Include the default limits here + */ +/* SSL default limits are here so we don't have to import a private SSL header + * file into NSS proper */ + +/* The minimum server key sizes accepted by the clients. + * Not 1024 to be conservative. */ +#define SSL_RSA_MIN_MODULUS_BITS 1023 +/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be + * only 1023 bits and similar. We don't have good data on whether this + * happens because NSS used to count bit lengths incorrectly. */ +#define SSL_DH_MIN_P_BITS 1023 +#define SSL_DSA_MIN_P_BITS 1023 + diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index 5ad45a590..1361bc1fb 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -18,7 +18,6 @@ #include "secasn1.h" #include "secoid.h" #include "secerr.h" -#include "sslerr.h" #include "sechash.h" #include "secpkcs5.h" @@ -74,7 +73,7 @@ PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, SECItem *ckaId = NULL; SECItem *pubValue = NULL; int signedcount = 0; - int templateCount = 0; + unsigned int templateCount = 0; SECStatus rv; /* if we already have an object in the desired slot, use it */ @@ -403,7 +402,7 @@ pk11_get_Decoded_ECPoint(PLArenaPool *arena, const SECItem *ecParams, /* If the point is uncompressed and the lengths match, it * must be an unencoded point */ if ((*((char *)ecPoint->pValue) == EC_POINT_FORM_UNCOMPRESSED) - && (ecPoint->ulValueLen == keyLen)) { + && (ecPoint->ulValueLen == (unsigned int)keyLen)) { return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue); } @@ -417,7 +416,7 @@ pk11_get_Decoded_ECPoint(PLArenaPool *arena, const SECItem *ecParams, /* it coded correctly & we know the key length (and they match) * then we are done, return the results. */ - if (keyLen && rv == SECSuccess && publicKeyValue->len == keyLen) { + if (keyLen && rv == SECSuccess && publicKeyValue->len == (unsigned int)keyLen) { return CKR_OK; } @@ -549,7 +548,7 @@ PK11_ExtractPublicKey(PK11SlotInfo *slot,KeyType keyType,CK_OBJECT_HANDLE id) PLArenaPool *arena; PLArenaPool *tmp_arena; SECKEYPublicKey *pubKey; - int templateCount = 0; + unsigned int templateCount = 0; CK_KEY_TYPE pk11KeyType; CK_RV crv; CK_ATTRIBUTE template[8]; @@ -2308,7 +2307,7 @@ PK11_ListPublicKeysInSlot(PK11SlotInfo *slot, char *nickname) CK_ATTRIBUTE *attrs; CK_BBOOL ckTrue = CK_TRUE; CK_OBJECT_CLASS keyclass = CKO_PUBLIC_KEY; - int tsize = 0; + unsigned int tsize = 0; int objCount = 0; CK_OBJECT_HANDLE *key_ids; SECKEYPublicKeyList *keys; @@ -2354,7 +2353,7 @@ PK11_ListPrivKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx) CK_ATTRIBUTE *attrs; CK_BBOOL ckTrue = CK_TRUE; CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; - int tsize = 0; + unsigned int tsize = 0; int objCount = 0; CK_OBJECT_HANDLE *key_ids; SECKEYPrivateKeyList *keys; diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 8d361ecf8..e29b4e212 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1441,6 +1441,7 @@ pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipien sizeof(CK_SLOT_ID) + sizeof(SECMODModuleID)); if (!slotid) { PORT_SetError(SEC_ERROR_NO_MEMORY); + PK11_FreeSlotList(sl); return NULL; } for (le = sl->head; le; le = le->next) { diff --git a/security/nss/lib/pk11wrap/pk11nobj.c b/security/nss/lib/pk11wrap/pk11nobj.c index 427b09eac..dcca43426 100644 --- a/security/nss/lib/pk11wrap/pk11nobj.c +++ b/security/nss/lib/pk11wrap/pk11nobj.c @@ -21,7 +21,6 @@ #include "certdb.h" #include "secerr.h" -#include "sslerr.h" #include "pki3hack.h" #include "dev3hack.h" diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c index 314062bda..40ac79085 100644 --- a/security/nss/lib/pk11wrap/pk11pars.c +++ b/security/nss/lib/pk11wrap/pk11pars.c @@ -133,6 +133,17 @@ secmod_NewModule(void) SECMODModule * SECMOD_CreateModule(const char *library, const char *moduleName, const char *parameters, const char *nss) +{ + return SECMOD_CreateModuleEx(library, moduleName, parameters, nss, NULL); +} + +/* + * for 3.4 we continue to use the old SECMODModule structure + */ +SECMODModule * +SECMOD_CreateModuleEx(const char *library, const char *moduleName, + const char *parameters, const char *nss, + const char *config) { SECMODModule *mod = secmod_NewModule(); char *slotParams,*ciphers; @@ -148,6 +159,9 @@ SECMOD_CreateModule(const char *library, const char *moduleName, if (parameters) { mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters); } + if (config) { + /* XXX: Apply configuration */ + } mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc); mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc); mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc); @@ -977,6 +991,7 @@ SECMODModule * SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) { char *library = NULL, *moduleName = NULL, *parameters = NULL, *nss= NULL; + char *config = NULL; SECStatus status; SECMODModule *module = NULL; SECMODModule *oldModule = NULL; @@ -985,17 +1000,19 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) /* initialize the underlying module structures */ SECMOD_Init(); - status = NSSUTIL_ArgParseModuleSpec(modulespec, &library, &moduleName, - ¶meters, &nss); + status = NSSUTIL_ArgParseModuleSpecEx(modulespec, &library, &moduleName, + ¶meters, &nss, + &config); if (status != SECSuccess) { goto loser; } - module = SECMOD_CreateModule(library, moduleName, parameters, nss); + module = SECMOD_CreateModuleEx(library, moduleName, parameters, nss, config); if (library) PORT_Free(library); if (moduleName) PORT_Free(moduleName); if (parameters) PORT_Free(parameters); if (nss) PORT_Free(nss); + if (config) PORT_Free(config); if (!module) { goto loser; } diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h index 9cc4cfb52..c194d9a7a 100644 --- a/security/nss/lib/pk11wrap/secmod.h +++ b/security/nss/lib/pk11wrap/secmod.h @@ -64,6 +64,9 @@ SECStatus SECMOD_UnloadUserModule(SECMODModule *mod); SECMODModule * SECMOD_CreateModule(const char *lib, const char *name, const char *param, const char *nss); +SECMODModule * SECMOD_CreateModuleEx(const char *lib, const char *name, + const char *param, const char *nss, + const char *config); /* * After a fork(), PKCS #11 says we need to call C_Initialize again in * the child before we can use the module. This function causes this diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c index 766938490..ff8315684 100644 --- a/security/nss/lib/pkcs12/p12e.c +++ b/security/nss/lib/pkcs12/p12e.c @@ -1487,6 +1487,8 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) SECStatus rv; SECItem ignore = {0}; void *mark; + SECItem *salt = NULL; + SECItem *params = NULL; if(!p12exp || !p12exp->safeInfos) { return NULL; @@ -1552,11 +1554,10 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) /* init password pased integrity mode */ if(p12exp->integrityEnabled) { SECItem pwd = {siBuffer,NULL, 0}; - SECItem *salt = sec_pkcs12_generate_salt(); PK11SymKey *symKey; - SECItem *params; CK_MECHANISM_TYPE integrityMechType; CK_MECHANISM_TYPE hmacMechType; + salt = sec_pkcs12_generate_salt(); /* zero out macData and set values */ PORT_Memset(&p12enc->mac, 0, sizeof(sec_PKCS12MacData)); @@ -1567,13 +1568,11 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) } if(SECITEM_CopyItem(p12exp->arena, &(p12enc->mac.macSalt), salt) != SECSuccess) { - /* XXX salt is leaked */ PORT_SetError(SEC_ERROR_NO_MEMORY); goto loser; } if (!SEC_ASN1EncodeInteger(p12exp->arena, &(p12enc->mac.iter), NSS_PBE_DEFAULT_ITERATION_COUNT)) { - /* XXX salt is leaked */ goto loser; } @@ -1581,7 +1580,6 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) if(!sec_pkcs12_convert_item_to_unicode(NULL, &pwd, p12exp->integrityInfo.pwdInfo.password, PR_TRUE, PR_TRUE, PR_TRUE)) { - /* XXX salt is leaked */ goto loser; } /* @@ -1603,7 +1601,6 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) case SEC_OID_MD2: integrityMechType = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN; break; default: - /* XXX params is leaked */ goto loser; } @@ -1645,6 +1642,12 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) sec_pkcs12_encoder_destroy_context(p12enc); if (p12exp->arena != NULL) PORT_ArenaRelease(p12exp->arena, mark); + if (salt) { + SECITEM_ZfreeItem(salt, PR_TRUE); + } + if (params) { + PK11_DestroyPBEParams(params); + } return NULL; } diff --git a/security/nss/lib/pkcs7/p7common.c b/security/nss/lib/pkcs7/p7common.c index 17fadec6c..10015ce25 100644 --- a/security/nss/lib/pkcs7/p7common.c +++ b/security/nss/lib/pkcs7/p7common.c @@ -408,7 +408,6 @@ SEC_PKCS7EncryptContents(PLArenaPool *poolp, void *wincx) { SECAlgorithmID *algid = NULL; - SECItem * result = NULL; SECItem * src; SECItem * dest; SECItem * blocked_data = NULL; @@ -524,9 +523,6 @@ SEC_PKCS7EncryptContents(PLArenaPool *poolp, if(blocked_data != NULL) SECITEM_ZfreeItem(blocked_data, PR_TRUE); - if(result != NULL) - SECITEM_ZfreeItem(result, PR_TRUE); - if(rv == SECFailure) PORT_ArenaRelease(poolp, mark); else diff --git a/security/nss/lib/pkcs7/p7local.c b/security/nss/lib/pkcs7/p7local.c index 8c5e0bfa5..5e67a0eba 100644 --- a/security/nss/lib/pkcs7/p7local.c +++ b/security/nss/lib/pkcs7/p7local.c @@ -203,7 +203,8 @@ sec_PKCS7CreateEncryptObject (PLArenaPool *poolp, PK11SymKey *key, rv = PK11_ParamToAlgid(algtag,param,poolp,algid); if(rv != SECSuccess) { PORT_Free (result); - SECITEM_FreeItem(param,PR_TRUE); + SECITEM_FreeItem(param,PR_TRUE); + PK11_DestroyContext(ciphercx, PR_TRUE); return NULL; } } diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index a415ace4c..b14509285 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -239,6 +239,7 @@ STAN_GetCertIdentifierFromDER(NSSArena *arenaOpt, NSSDER *der) } secrv = CERT_KeyFromDERCert(arena, &secDER, &secKey); if (secrv != SECSuccess) { + PORT_FreeArena(arena, PR_FALSE); return NULL; } rvKey = nssItem_Create(arenaOpt, NULL, secKey.len, (void *)secKey.data); diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c index c86e5bb42..0e39e8ba6 100644 --- a/security/nss/lib/pki/pkibase.c +++ b/security/nss/lib/pki/pkibase.c @@ -1058,6 +1058,9 @@ nssCertificateCollection_Create ( { nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor); + if (!collection) { + return NULL; + } collection->objectType = pkiObjectType_Certificate; collection->destroyObject = cert_destroyObject; collection->getUIDFromObject = cert_getUIDFromObject; @@ -1164,6 +1167,9 @@ nssCRLCollection_Create ( { nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock); + if (!collection) { + return NULL; + } collection->objectType = pkiObjectType_CRL; collection->destroyObject = crl_destroyObject; collection->getUIDFromObject = crl_getUIDFromObject; diff --git a/security/nss/lib/smime/cmscipher.c b/security/nss/lib/smime/cmscipher.c index 958d4e473..998ad16a7 100644 --- a/security/nss/lib/smime/cmscipher.c +++ b/security/nss/lib/smime/cmscipher.c @@ -120,7 +120,7 @@ NSSCMSCipherContext * NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid) { NSSCMSCipherContext *cc; - void *ciphercx; + void *ciphercx = NULL; SECStatus rv; CK_MECHANISM_TYPE cryptoMechType; PK11SlotInfo *slot; @@ -186,6 +186,7 @@ NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgori } cc->cx = ciphercx; + ciphercx = NULL; cc->doit = (nss_cms_cipher_function)PK11_CipherOp; cc->destroy = (nss_cms_cipher_destroy)PK11_DestroyContext; cc->encrypt = PR_TRUE; @@ -193,6 +194,9 @@ NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgori loser: SECITEM_FreeItem(param, PR_TRUE); + if (ciphercx) { + PK11_DestroyContext(ciphercx, PR_TRUE); + } return cc; } diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index adf981152..4fd7aecc6 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -2762,7 +2762,7 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) case SECMOD_MODULE_DB_FUNCTION_FIND: if (secmod == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; + goto loser; } if (rw && (dbType != NSS_DB_TYPE_LEGACY) && (dbType != NSS_DB_TYPE_MULTIACCESS)) { @@ -2805,7 +2805,7 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) case SECMOD_MODULE_DB_FUNCTION_ADD: if (secmod == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; + goto loser; } rvstr = (sftkdbCall_AddSecmodDB(appName,filename,secmod, (char *)args,rw) == SECSuccess) ? &success: NULL; @@ -2813,7 +2813,7 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) case SECMOD_MODULE_DB_FUNCTION_DEL: if (secmod == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; + goto loser; } rvstr = (sftkdbCall_DeleteSecmodDB(appName,filename,secmod, (char *)args,rw) == SECSuccess) ? &success: NULL; @@ -2823,6 +2823,8 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) (char **)args,rw) == SECSuccess) ? &success: NULL; break; } + +loser: if (secmod) PR_smprintf_free(secmod); if (appName) PORT_Free(appName); if (filename) PORT_Free(filename); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 1bd35a019..f6b57dee7 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -24,6 +24,8 @@ #include "prerror.h" #include "pratom.h" #include "prthread.h" +#include "nss.h" +#include "nssoptions.h" #include "pk11func.h" #include "secmod.h" @@ -4518,6 +4520,7 @@ ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes, PORT_Assert(bytes <= 3); i->len = 0; i->data = NULL; + i->type = siBuffer; count = ssl3_ConsumeHandshakeNumber(ss, bytes, b, length); if (count < 0) { /* Can't test for SECSuccess here. */ return SECFailure; @@ -6985,13 +6988,19 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) unsigned dh_p_bits; unsigned dh_g_bits; unsigned dh_Ys_bits; + PRInt32 minDH; rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ } + + rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH); + if (rv != SECSuccess) { + minDH = SSL_DH_MIN_P_BITS; + } dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p); - if (dh_p_bits < SSL_DH_MIN_P_BITS) { + if (dh_p_bits < minDH) { errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; goto alert_loser; } @@ -10710,19 +10719,40 @@ ssl3_AuthCertificate(sslSocket *ss) ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType; if (pubKey) { KeyType pubKeyType; + PRInt32 minKey; ss->sec.keaKeyBits = ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey); pubKeyType = SECKEY_GetPublicKeyType(pubKey); + minKey = ss->sec.authKeyBits; + switch (pubKeyType) { + case rsaKey: + case rsaPssKey: + case rsaOaepKey: + rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minKey); + if (rv != SECSuccess) { + minKey = SSL_RSA_MIN_MODULUS_BITS; + } + break; + case dsaKey: + rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minKey); + if (rv != SECSuccess) { + minKey = SSL_DSA_MIN_P_BITS; + } + break; + case dhKey: + rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minKey); + if (rv != SECSuccess) { + minKey = SSL_DH_MIN_P_BITS; + } + break; + default: + break; + } + /* Too small: not good enough. Send a fatal alert. */ /* We aren't checking EC here on the understanding that we only * support curves we like, a decision that might need revisiting. */ - if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey || - pubKeyType == rsaOaepKey) && - ss->sec.authKeyBits < SSL_RSA_MIN_MODULUS_BITS) || - (pubKeyType == dsaKey && - ss->sec.authKeyBits < SSL_DSA_MIN_P_BITS) || - (pubKeyType == dhKey && - ss->sec.authKeyBits < SSL_DH_MIN_P_BITS)) { + if ( ss->sec.authKeyBits < minKey) { PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY); (void)SSL3_SendAlert(ss, alert_fatal, ss->version >= SSL_LIBRARY_VERSION_TLS_1_0 diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 07d792944..e86834a3a 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -422,12 +422,12 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* length of server_name_list */ listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (listLenBytes < 0 || listLenBytes != data->len) { - (void)ssl3_DecodeError(ss); + if (listLenBytes < 0) { return SECFailure; } - if (listLenBytes == 0) { - return SECSuccess; /* ignore an empty extension */ + if (listLenBytes == 0 || listLenBytes != data->len) { + (void)ssl3_DecodeError(ss); + return SECFailure; } ldata = *data; /* Calculate the size of the array.*/ @@ -452,9 +452,6 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } listCount += 1; } - if (!listCount) { - return SECFailure; /* nothing we can act on */ - } names = PORT_ZNewArray(SECItem, listCount); if (!names) { return SECFailure; @@ -1099,7 +1096,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; PK11Context *aes_ctx_pkcs11; CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; - PK11Context *hmac_ctx_pkcs11; + PK11Context *hmac_ctx_pkcs11 = NULL; unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; unsigned int computed_mac_length; unsigned char iv[AES_BLOCK_SIZE]; @@ -1364,14 +1361,18 @@ ssl3_SendNewSessionTicket(sslSocket *ss) goto loser; rv = PK11_DigestBegin(hmac_ctx_pkcs11); + if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name, SESS_TICKET_KEY_NAME_LEN); + if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv)); + if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2); + if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len); + if (rv != SECSuccess) goto loser; rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, &computed_mac_length, sizeof(computed_mac)); - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); if (rv != SECSuccess) goto loser; } @@ -1400,6 +1401,8 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (rv != SECSuccess) goto loser; loser: + if (hmac_ctx_pkcs11) + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); if (plaintext_item.data) SECITEM_FreeItem(&plaintext_item, PR_FALSE); if (ciphertext.data) diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 43daa9d6b..aac223f79 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -155,15 +155,6 @@ typedef enum { SSLAppOpRead = 0, #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ -/* The minimum server key sizes accepted by the clients. - * Not 1024 to be conservative. */ -#define SSL_RSA_MIN_MODULUS_BITS 1023 -/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be - * only 1023 bits and similar. We don't have good data on whether this - * happens because NSS used to count bit lengths incorrectly. */ -#define SSL_DH_MIN_P_BITS 1023 -#define SSL_DSA_MIN_P_BITS 1023 - #define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ #define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ #define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ diff --git a/security/nss/lib/util/nssutil.def b/security/nss/lib/util/nssutil.def index 9d98df222..631a49911 100644 --- a/security/nss/lib/util/nssutil.def +++ b/security/nss/lib/util/nssutil.def @@ -277,3 +277,9 @@ _SGN_VerifyPKCS1DigestInfo; ;+ local: ;+ *; ;+}; +;+NSSUTIL_3.21 { # NSS Utilities 3.21 release +;+ global: +NSSUTIL_ArgParseModuleSpecEx; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c index d404b72df..7a5bcfd03 100644 --- a/security/nss/lib/util/secasn1d.c +++ b/security/nss/lib/util/secasn1d.c @@ -951,6 +951,33 @@ sec_asn1d_parse_more_length (sec_asn1d_state *state, return count; } +/* + * Helper function for sec_asn1d_prepare_for_contents. + * Checks that a value representing a number of bytes consumed can be + * subtracted from a remaining length. If so, returns PR_TRUE. + * Otherwise, sets the error SEC_ERROR_BAD_DER, indicates that there was a + * decoding error in the given SEC_ASN1DecoderContext, and returns PR_FALSE. + */ +static PRBool +sec_asn1d_check_and_subtract_length (unsigned long *remaining, + unsigned long consumed, + SEC_ASN1DecoderContext *cx) +{ + PORT_Assert(remaining); + PORT_Assert(cx); + if (!remaining || !cx) { + PORT_SetError (SEC_ERROR_INVALID_ARGS); + cx->status = decodeError; + return PR_FALSE; + } + if (*remaining < consumed) { + PORT_SetError (SEC_ERROR_BAD_DER); + cx->status = decodeError; + return PR_FALSE; + } + *remaining -= consumed; + return PR_TRUE; +} static void sec_asn1d_prepare_for_contents (sec_asn1d_state *state) @@ -958,6 +985,7 @@ sec_asn1d_prepare_for_contents (sec_asn1d_state *state) SECItem *item; PLArenaPool *poolp; unsigned long alloc_len; + sec_asn1d_state *parent; #ifdef DEBUG_ASN1D_STATES { @@ -966,6 +994,63 @@ sec_asn1d_prepare_for_contents (sec_asn1d_state *state) } #endif + /** + * The maximum length for a child element should be constrained to the + * length remaining in the first definite length element in the ancestor + * stack. If there is no definite length element in the ancestor stack, + * there's nothing to constrain the length of the child, so there's no + * further processing necessary. + * + * It's necessary to walk the ancestor stack, because it's possible to have + * definite length children that are part of an indefinite length element, + * which is itself part of an indefinite length element, and which is + * ultimately part of a definite length element. A simple example of this + * would be the handling of constructed OCTET STRINGs in BER encoding. + * + * This algorithm finds the first definite length element in the ancestor + * stack, if any, and if so, ensures that the length of the child element + * is consistent with the number of bytes remaining in the constraining + * ancestor element (that is, after accounting for any other sibling + * elements that may have been read). + * + * It's slightly complicated by the need to account both for integer + * underflow and overflow, as well as ensure that for indefinite length + * encodings, there's also enough space for the End-of-Contents (EOC) + * octets (Tag = 0x00, Length = 0x00, or two bytes). + */ + + /* Determine the maximum length available for this element by finding the + * first definite length ancestor, if any. */ + parent = sec_asn1d_get_enclosing_construct(state); + while (parent && parent->indefinite) { + parent = sec_asn1d_get_enclosing_construct(parent); + } + /* If parent is null, state is either the outermost state / at the top of + * the stack, or the outermost state uses indefinite length encoding. In + * these cases, there's nothing external to constrain this element, so + * there's nothing to check. */ + if (parent) { + unsigned long remaining = parent->pending; + parent = state; + do { + if (!sec_asn1d_check_and_subtract_length( + &remaining, parent->consumed, state->top) || + /* If parent->indefinite is true, parent->contents_length is + * zero and this is a no-op. */ + !sec_asn1d_check_and_subtract_length( + &remaining, parent->contents_length, state->top) || + /* If parent->indefinite is true, then ensure there is enough + * space for an EOC tag of 2 bytes. */ + (parent->indefinite && !sec_asn1d_check_and_subtract_length( + &remaining, 2, state->top))) { + /* This element is larger than its enclosing element, which is + * invalid. */ + return; + } + } while ((parent = sec_asn1d_get_enclosing_construct(parent)) && + parent->indefinite); + } + /* * XXX I cannot decide if this allocation should exclude the case * where state->endofcontents is true -- figure it out! @@ -1007,21 +1092,6 @@ sec_asn1d_prepare_for_contents (sec_asn1d_state *state) */ state->pending = state->contents_length; - /* If this item has definite length encoding, and - ** is enclosed by a definite length constructed type, - ** make sure it isn't longer than the remaining space in that - ** constructed type. - */ - if (state->contents_length > 0) { - sec_asn1d_state *parent = sec_asn1d_get_enclosing_construct(state); - if (parent && !parent->indefinite && - state->consumed + state->contents_length > parent->pending) { - PORT_SetError (SEC_ERROR_BAD_DER); - state->top->status = decodeError; - return; - } - } - /* * An EXPLICIT is nothing but an outer header, which we have * already parsed and accepted. Now we need to do the inner @@ -1720,10 +1790,107 @@ sec_asn1d_next_substring (sec_asn1d_state *state) if (state->pending == 0) done = PR_TRUE; } else { + PRBool preallocatedString; + sec_asn1d_state *temp_state; PORT_Assert (state->indefinite); item = (SECItem *)(child->dest); - if (item != NULL && item->data != NULL) { + + /** + * At this point, there's three states at play: + * child: The element that was just parsed + * state: The currently processed element + * 'parent' (aka state->parent): The enclosing construct + * of state, or NULL if this is the top-most element. + * + * This state handles both substrings of a constructed string AND + * child elements of items whose template type was that of + * SEC_ASN1_ANY, SEC_ASN1_SAVE, SEC_ASN1_ANY_CONTENTS, SEC_ASN1_SKIP + * template, as described in sec_asn1d_prepare_for_contents. For + * brevity, these will be referred to as 'string' and 'any' types. + * + * This leads to the following possibilities: + * 1: This element is an indefinite length string, part of a + * definite length string. + * 2: This element is an indefinite length string, part of an + * indefinite length string. + * 3: This element is an indefinite length any, part of a + * definite length any. + * 4: This element is an indefinite length any, part of an + * indefinite length any. + * 5: This element is an indefinite length any and does not + * meet any of the above criteria. Note that this would include + * an indefinite length string type matching an indefinite + * length any template. + * + * In Cases #1 and #3, the definite length 'parent' element will + * have allocated state->dest based on the parent elements definite + * size. During the processing of 'child', sec_asn1d_parse_leaf will + * have copied the (string, any) data directly into the offset of + * dest, as appropriate, so there's no need for this class to still + * store the child - it's already been processed. + * + * In Cases #2 and #4, dest will be set to the parent element's dest, + * but dest->data will not have been allocated yet, due to the + * indefinite length encoding. In this situation, it's necessary to + * hold onto child (and all other children) until the EOC, at which + * point, it becomes possible to compute 'state's overall length. Once + * 'state' has a computed length, this can then be fed to 'parent' (via + * this state), and then 'parent' can similarly compute the length of + * all of its children up to the EOC, which will ultimately transit to + * sec_asn1d_concat_substrings, determine the overall size needed, + * allocate, and copy the contents (of all of parent's children, which + * would include 'state', just as 'state' will have copied all of its + * children via sec_asn1d_concat_substrings) + * + * The final case, Case #5, will manifest in that item->data and + * item->len will be NULL/0, respectively, since this element was + * indefinite-length encoded. In that case, both the tag and length will + * already exist in state's subitems, via sec_asn1d_record_any_header, + * and so the contents (aka 'child') should be added to that list of + * items to concatenate in sec_asn1d_concat_substrings once the EOC + * is encountered. + * + * To distinguish #2/#4 from #1/#3, it's sufficient to walk the ancestor + * tree. If the current type is a string type, then the enclosing + * construct will be that same type (#1/#2). If the current type is an + * any type, then the enclosing construct is either an any type (#3/#4) + * or some other type (#5). Since this is BER, this nesting relationship + * between 'state' and 'parent' may go through several levels of + * constructed encoding, so continue walking the ancestor chain until a + * clear determination can be made. + * + * The variable preallocatedString is used to indicate Case #1/#3, + * indicating an in-place copy has already occurred, and Cases #2, #4, + * and #5 all have the same behaviour of adding a new substring. + */ + preallocatedString = PR_FALSE; + temp_state = state; + while (temp_state && item == temp_state->dest && temp_state->indefinite) { + sec_asn1d_state *parent = sec_asn1d_get_enclosing_construct(temp_state); + if (!parent || parent->underlying_kind != temp_state->underlying_kind) { + /* Case #5 - Either this is a top-level construct or it is part + * of some other element (e.g. a SEQUENCE), in which case, a + * new item should be allocated. */ + break; + } + if (!parent->indefinite) { + /* Cases #1 / #3 - A definite length ancestor exists, for which + * this is a substring that has already copied into dest. */ + preallocatedString = PR_TRUE; + break; + } + if (!parent->substring) { + /* Cases #2 / #4 - If the parent is not a substring, but is + * indefinite, then there's nothing further up that may have + * preallocated dest, thus child will not have already + * been copied in place, therefore it's necessary to save child + * as a subitem. */ + break; + } + temp_state = parent; + } + if (item != NULL && item->data != NULL && !preallocatedString) { /* * Save the string away for later concatenation. */ diff --git a/security/nss/lib/util/utilpars.c b/security/nss/lib/util/utilpars.c index d2cd3e04a..278f9c426 100644 --- a/security/nss/lib/util/utilpars.c +++ b/security/nss/lib/util/utilpars.c @@ -762,6 +762,31 @@ NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags, } +/************************************************************************ + * Parse Full module specs into: library, commonName, module parameters, + * and NSS specifi parameters. + */ +SECStatus +NSSUTIL_ArgParseModuleSpecEx(char *modulespec, char **lib, char **mod, + char **parameters, char **nss, + char **config) +{ + int next; + modulespec = NSSUTIL_ArgStrip(modulespec); + + *lib = *mod = *parameters = *nss = *config = 0; + + while (*modulespec) { + NSSUTIL_HANDLE_STRING_ARG(modulespec,*lib,"library=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*mod,"name=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*parameters,"parameters=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*nss,"nss=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*config,"config=",;) + NSSUTIL_HANDLE_FINAL_ARG(modulespec) + } + return SECSuccess; +} + /************************************************************************ * Parse Full module specs into: library, commonName, module parameters, * and NSS specifi parameters. @@ -788,11 +813,12 @@ NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod, /************************************************************************ * make a new module spec from it's components */ char * -NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, - char *NSS) +NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, char *parameters, + char *NSS, + char *config) { char *moduleSpec; - char *lib,*name,*param,*nss; + char *lib,*name,*param,*nss,*conf; /* * now the final spec @@ -801,7 +827,13 @@ NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, name = nssutil_formatPair("name",commonName,'\"'); param = nssutil_formatPair("parameters",parameters,'\"'); nss = nssutil_formatPair("NSS",NSS,'\"'); - moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss); + if (config) { + conf = nssutil_formatPair("config",config,'\"'); + moduleSpec = PR_smprintf("%s %s %s %s %s", lib,name,param,nss,conf); + nssutil_freePair(conf); + } else { + moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss); + } nssutil_freePair(lib); nssutil_freePair(name); nssutil_freePair(param); @@ -809,6 +841,15 @@ NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, return (moduleSpec); } +/************************************************************************ + * make a new module spec from it's components */ +char * +NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, + char *NSS) +{ + return NSSUTIL_MkModuleSpecEx(dllName, commonName, parameters, NSS, NULL); +} + #define NSSUTIL_ARG_FORTEZZA_FLAG "FORTEZZA" /****************************************************************************** diff --git a/security/nss/lib/util/utilpars.h b/security/nss/lib/util/utilpars.h index e01ba14c9..7562bb65b 100644 --- a/security/nss/lib/util/utilpars.h +++ b/security/nss/lib/util/utilpars.h @@ -39,8 +39,12 @@ char * NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags, PRBool hasRootCerts, PRBool hasRootTrust); SECStatus NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod, char **parameters, char **nss); +SECStatus NSSUTIL_ArgParseModuleSpecEx(char *modulespec, char **lib, char **mod, + char **parameters, char **nss, char **config); char *NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, char *NSS); +char *NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, + char *parameters, char *NSS, char *config); void NSSUTIL_ArgParseCipherFlags(unsigned long *newCiphers,char *cipherList); char * NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly, diff --git a/security/nss/tests/dbupgrade/dbupgrade.sh b/security/nss/tests/dbupgrade/dbupgrade.sh index b43ac14fc..6fc4cb3c6 100644 --- a/security/nss/tests/dbupgrade/dbupgrade.sh +++ b/security/nss/tests/dbupgrade/dbupgrade.sh @@ -79,7 +79,7 @@ dbupgrade_main() if [ -d fips ]; then echo "upgrading db fips" - ${BINDIR}/certutil -S -g 512 -n tmprsa -t "u,u,u" -s "CN=tmprsa, C=US" -x -d sql:fips -f ${FIPSPWFILE} -z ${NOISE_FILE} 2>&1 + ${BINDIR}/certutil -S -g 1024 -n tmprsa -t "u,u,u" -s "CN=tmprsa, C=US" -x -d sql:fips -f ${FIPSPWFILE} -z ${NOISE_FILE} 2>&1 html_msg $? 0 "Upgrading fips" # remove our temp certificate we created in the fist token ${BINDIR}/certutil -F -n tmprsa -d sql:fips -f ${FIPSPWFILE} 2>&1 diff --git a/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c b/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c index 57c431199..62826f1ee 100644 --- a/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c +++ b/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c @@ -1316,7 +1316,7 @@ GetMechInfo(CK_MECHANISM_TYPE type) l = 0; r = numMechs-1; while(l <= r) { - mid = (l+r)/2; + mid = l+(r-l)/2; if(mechInfo[mid].type == type) { return &(mechInfo[mid]); } else if(mechInfo[mid].type < type) { From fa0b14bb0ce5f889a230b23c80064653ae177af1 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 22:06:51 +0800 Subject: [PATCH 06/15] cherry-picked mozilla NSS upstream changes (to rev 50769413, which is on par with 3.21): bug1009429, bug1216505, bug1208405, bug1216501, bug1216993, bug1216318, bug1218254, bug1219165, bug1211568, bug1220016 --- security/nss/cmd/lib/derprint.c | 5 +- security/nss/cmd/modutil/install-ds.c | 1 - security/nss/cmd/modutil/pk11.c | 11 ++-- security/nss/coreconf/Darwin.mk | 23 +------ security/nss/coreconf/Linux.mk | 41 ++---------- security/nss/coreconf/WIN32.mk | 14 +++-- security/nss/coreconf/Werror.mk | 70 +++++++++++++++++++++ security/nss/lib/certhigh/ocspsig.c | 2 +- security/nss/lib/ckfw/builtins/nssckbi.h | 4 +- security/nss/lib/ckfw/hash.c | 2 +- security/nss/lib/ckfw/object.c | 1 + security/nss/lib/cryptohi/secsign.c | 1 + security/nss/lib/freebl/desblapi.c | 22 +------ security/nss/lib/freebl/intel-gcm.h | 12 ++-- security/nss/lib/nss/nss.h | 9 ++- security/nss/lib/pk11wrap/pk11akey.c | 1 + security/nss/lib/pkcs12/p12d.c | 1 + security/nss/lib/softoken/legacydb/lgattr.c | 1 + security/nss/lib/softoken/pkcs11c.c | 1 + security/nss/lib/softoken/softkver.h | 6 +- security/nss/lib/ssl/ssl3con.c | 11 +++- security/nss/lib/ssl/ssl3ext.c | 18 ++++-- security/nss/lib/ssl/sslimpl.h | 2 + security/nss/lib/util/nssutil.h | 6 +- security/nss/lib/util/secoid.c | 4 +- security/nss/lib/util/secoidt.h | 1 + 26 files changed, 151 insertions(+), 119 deletions(-) create mode 100644 security/nss/coreconf/Werror.mk diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c index 285eb036b..75811df3f 100644 --- a/security/nss/cmd/lib/derprint.c +++ b/security/nss/cmd/lib/derprint.c @@ -503,10 +503,9 @@ prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end, data += lenLen; /* - * Just quit now if slen more bytes puts us off the end, - * or if there's no more data to process. + * Just quit now if slen more bytes puts us off the end. */ - if ((data + slen) >= end) { + if ((data + slen) > end) { PORT_SetError(SEC_ERROR_BAD_DER); return -1; } diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c index efa3c1687..2ae376dd6 100644 --- a/security/nss/cmd/modutil/install-ds.c +++ b/security/nss/cmd/modutil/install-ds.c @@ -1470,7 +1470,6 @@ Pk11Install_Pair_delete(Pk11Install_Pair* _this) { PR_Free(_this->key); Pk11Install_ValueList_delete(_this->list); - PR_Free(_this->list); } /*************************************************************************/ diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c index d630e4eee..c0a6ccb71 100644 --- a/security/nss/cmd/modutil/pk11.c +++ b/security/nss/cmd/modutil/pk11.c @@ -712,6 +712,8 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile) newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: "); if(strcmp(newpw, newpw2)) { PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]); + PORT_ZFree(newpw, strlen(newpw)); + PORT_ZFree(newpw2, strlen(newpw2)); } else { matching = PR_TRUE; } @@ -738,16 +740,13 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile) loser: if(oldpw) { - memset(oldpw, 0, strlen(oldpw)); - PORT_Free(oldpw); + PORT_ZFree(oldpw, strlen(oldpw)); } if(newpw) { - memset(newpw, 0, strlen(newpw)); - PORT_Free(newpw); + PORT_ZFree(newpw, strlen(newpw)); } if(newpw2) { - memset(newpw2, 0, strlen(newpw2)); - PORT_Free(newpw2); + PORT_ZFree(newpw2, strlen(newpw2)); } PK11_FreeSlot(slot); diff --git a/security/nss/coreconf/Darwin.mk b/security/nss/coreconf/Darwin.mk index 786825c76..9c992289f 100644 --- a/security/nss/coreconf/Darwin.mk +++ b/security/nss/coreconf/Darwin.mk @@ -4,6 +4,7 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. include $(CORE_DEPTH)/coreconf/UNIX.mk +include $(CORE_DEPTH)/coreconf/Werror.mk DEFAULT_COMPILER = gcc @@ -81,27 +82,7 @@ endif # definitions so that the linker can catch multiply-defined symbols. # Also, common symbols are not allowed with Darwin dynamic libraries. -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK $(DARWIN_SDK_CFLAGS) - -ifeq (clang,$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')) -NSS_HAS_GCC48 = true -endif -ifndef NSS_HAS_GCC48 -NSS_HAS_GCC48 := $(shell \ - [ `$(CC) -dumpversion | cut -f 1 -d . -` -gt 4 -a \ - `$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \ - `$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \ - echo true || echo false) -export NSS_HAS_GCC48 -endif -ifeq (true,$(NSS_HAS_GCC48)) -OS_CFLAGS += -Werror -else -# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. -# Use this to disable use of that #pragma and the warnings it suppresses. -OS_CFLAGS += -DNSS_NO_GCC48 -Wno-unused-variable -Wno-strict-aliasing -$(warning Unable to find gcc >= 4.8 disabling -Werror) -endif +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(WARNING_CFLAGS) -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK $(DARWIN_SDK_CFLAGS) ifdef BUILD_OPT ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE)) diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index 0e083f14e..dfe29ae92 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -4,6 +4,7 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. include $(CORE_DEPTH)/coreconf/UNIX.mk +include $(CORE_DEPTH)/coreconf/Werror.mk # # The default implementation strategy for Linux is now pthreads @@ -36,9 +37,12 @@ endif ANDROID_TOOLCHAIN=$(ANDROID_NDK)/toolchains/$(ANDROID_TARGET)/prebuilt/linux-x86 ANDROID_SYSROOT=$(ANDROID_NDK)/platforms/android-$(OS_TARGET_RELEASE)/arch-$(OS_TEST) ANDROID_CC=$(ANDROID_TOOLCHAIN)/bin/$(ANDROID_PREFIX)-gcc + ANDROID_CCC=$(ANDROID_TOOLCHAIN)/bin/$(ANDROID_PREFIX)-g++ + NSS_DISABLE_GTESTS=1 # internal tools need to be built with the native compiler ifndef INTERNAL_TOOLS CC = $(ANDROID_CC) --sysroot=$(ANDROID_SYSROOT) + CCC = $(ANDROID_CCC) --sysroot=$(ANDROID_SYSROOT) DEFAULT_COMPILER=$(ANDROID_PREFIX)-gcc ARCHFLAG = --sysroot=$(ANDROID_SYSROOT) DEFINES += -DNO_SYSINFO -DNO_FORK_CHECK -DANDROID @@ -129,49 +133,16 @@ endif endif ifndef COMPILER_TAG -COMPILER_TAG = _$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') -CCC_COMPILER_TAG = _$(shell $(CCC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') +COMPILER_TAG := _$(CC_NAME) endif ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) $(WARNING_CFLAGS) -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc -ifeq ($(COMPILER_TAG),_clang) -# -Qunused-arguments : clang objects to arguments that it doesn't understand -# and fixing this would require rearchitecture -# -Wno-parentheses-equality : because clang warns about macro expansions -OS_CFLAGS += -Qunused-arguments -Wno-parentheses-equality -ifdef BUILD_OPT -# clang is unable to handle glib's expansion of strcmp and similar for optimized -# builds, so ignore the resulting errors. -# See https://llvm.org/bugs/show_bug.cgi?id=20144 -OS_CFLAGS += -Wno-array-bounds -Wno-unevaluated-expression -endif -# Clang reports its version as an older gcc, but it's OK -NSS_HAS_GCC48 = true -endif - -ifndef NSS_HAS_GCC48 -NSS_HAS_GCC48 := $(shell \ - [ `$(CC) -dumpversion | cut -f 1 -d . -` -gt 4 -a \ - `$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \ - `$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \ - echo true || echo false) -export NSS_HAS_GCC48 -endif -ifeq (true,$(NSS_HAS_GCC48)) -OS_CFLAGS += -Werror -else -# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. -# Use this to disable use of that #pragma and the warnings it suppresses. -OS_CFLAGS += -DNSS_NO_GCC48 -$(warning Unable to find gcc >= 4.8 disabling -Werror) -endif - ifdef USE_PTHREADS DEFINES += -D_REENTRANT endif diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index b73e815c1..7f810fd30 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -113,19 +113,25 @@ ifdef NS_USE_GCC else OPTIMIZER += -O2 endif - DEFINES += -UDEBUG -U_DEBUG -DNDEBUG + DEFINES += -UDEBUG -DNDEBUG else OPTIMIZER += -g NULLSTRING := SPACE := $(NULLSTRING) # end of the line USERNAME := $(subst $(SPACE),_,$(USERNAME)) USERNAME := $(subst -,_,$(USERNAME)) - DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME) + DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME) endif else # !NS_USE_GCC OS_CFLAGS += -W3 -nologo -D_CRT_SECURE_NO_WARNINGS \ -D_CRT_NONSTDC_NO_WARNINGS OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS + ifndef NSS_ENABLE_WERROR + NSS_ENABLE_WERROR = 1 + endif + ifeq ($(NSS_ENABLE_WERROR),1) + OS_CFLAGS += -WX + endif ifeq ($(_MSC_VER),$(_MSC_VER_6)) ifndef MOZ_DEBUG_SYMBOLS OS_DLLFLAGS += -PDB:NONE @@ -159,7 +165,7 @@ else # !NS_USE_GCC else OPTIMIZER += -O2 endif - DEFINES += -UDEBUG -U_DEBUG -DNDEBUG + DEFINES += -UDEBUG -DNDEBUG DLLFLAGS += -OUT:$@ ifdef MOZ_DEBUG_SYMBOLS ifdef MOZ_DEBUG_FLAGS @@ -176,7 +182,7 @@ else # !NS_USE_GCC SPACE := $(NULLSTRING) # end of the line USERNAME := $(subst $(SPACE),_,$(USERNAME)) USERNAME := $(subst -,_,$(USERNAME)) - DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME) + DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME) DLLFLAGS += -DEBUG -OUT:$@ LDFLAGS += -DEBUG ifeq ($(_MSC_VER),$(_MSC_VER_6)) diff --git a/security/nss/coreconf/Werror.mk b/security/nss/coreconf/Werror.mk new file mode 100644 index 000000000..6e2588ceb --- /dev/null +++ b/security/nss/coreconf/Werror.mk @@ -0,0 +1,70 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# This sets warning flags for unix-like operating systems. + +ifndef CC_NAME + CC_NAME := $(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') + export CC_NAME +endif + +ifndef WARNING_CFLAGS + # This tests to see if enabling the warning is possible before + # setting an option to disable it. + disable_warning = $(shell $(CC) -x c -E -Werror -W$(1) /dev/null >/dev/null 2>&1 && echo -Wno-$(1)) + + WARNING_CFLAGS = -Wall + ifeq ($(CC_NAME),clang) + # -Qunused-arguments : clang objects to arguments that it doesn't understand + # and fixing this would require rearchitecture + WARNING_CFLAGS += -Qunused-arguments + # -Wno-parentheses-equality : because clang warns about macro expansions + OS_CFLAGS += $(call disable_warning,parentheses-equality) + ifdef BUILD_OPT + # clang is unable to handle glib's expansion of strcmp and similar for optimized + # builds, so ignore the resulting errors. + # See https://llvm.org/bugs/show_bug.cgi?id=20144 + WARNING_CFLAGS += $(call disable_warning,array-bounds) + WARNING_CFLAGS += $(call disable_warning,unevaluated-expression) + endif + endif # if clang + + ifndef NSS_ENABLE_WERROR + ifeq ($(OS_TARGET),Android) + # Android lollipop generates the following warning: + # error: call to 'sprintf' declared with attribute warning: + # sprintf is often misused; please use snprintf [-Werror] + # So, just suppress -Werror entirely on Android + NSS_ENABLE_WERROR = 0 + $(warning OS_TARGET is Android, disabling -Werror) + else + ifeq ($(CC_NAME),clang) + # Clang reports its version as an older gcc, but it's OK + NSS_ENABLE_WERROR = 1 + else + CC_VERSION := $(subst ., ,$(shell $(CC) -dumpversion)) + ifneq (,$(filter 4.8 4.9,$(word 1,$(CC_VERSION)).$(word 2,$(CC_VERSION)))) + NSS_ENABLE_WERROR = 1 + endif + ifeq (,$(filter 0 1 2 3 4,$(word 1,$(CC_VERSION)))) + NSS_ENABLE_WERROR = 1 + endif + ifndef NSS_ENABLE_WERROR + $(warning Unable to find gcc 4.8 or greater, disabling -Werror) + NSS_ENABLE_WERROR = 0 + endif + endif + endif + endif #ndef NSS_ENABLE_WERROR + + ifeq ($(NSS_ENABLE_WERROR),1) + WARNING_CFLAGS += -Werror + else + # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. + # Use this to disable use of that #pragma and the warnings it suppresses. + WARNING_CFLAGS += -DNSS_NO_GCC48 + endif + export WARNING_CFLAGS +endif # ndef WARNING_CFLAGS diff --git a/security/nss/lib/certhigh/ocspsig.c b/security/nss/lib/certhigh/ocspsig.c index 16cd1e0ea..0c4c20195 100644 --- a/security/nss/lib/certhigh/ocspsig.c +++ b/security/nss/lib/certhigh/ocspsig.c @@ -543,7 +543,7 @@ CERT_CreateEncodedOCSPSuccessResponse( done: if (privKey) SECKEY_DestroyPrivateKey(privKey); - if (br->responseSignature.signature.data) + if (br && br->responseSignature.signature.data) SECITEM_FreeItem(&br->responseSignature.signature, PR_FALSE); PORT_FreeArena(tmpArena, PR_FALSE); diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index 1d261dff7..5ef3a49fb 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 5 -#define NSS_BUILTINS_LIBRARY_VERSION "2.5" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 6 +#define NSS_BUILTINS_LIBRARY_VERSION "2.6" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/ckfw/hash.c b/security/nss/lib/ckfw/hash.c index e4f6ce2bd..7d21084bd 100644 --- a/security/nss/lib/ckfw/hash.c +++ b/security/nss/lib/ckfw/hash.c @@ -85,9 +85,9 @@ nssCKFWHash_Create rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); if (!rv->mutex) { if( CKR_OK == *pError ) { - (void)nss_ZFreeIf(rv); *pError = CKR_GENERAL_ERROR; } + (void)nss_ZFreeIf(rv); return (nssCKFWHash *)NULL; } diff --git a/security/nss/lib/ckfw/object.c b/security/nss/lib/ckfw/object.c index bc8291794..661977e6d 100644 --- a/security/nss/lib/ckfw/object.c +++ b/security/nss/lib/ckfw/object.c @@ -171,6 +171,7 @@ nssCKFWObject_Create if( CKR_OK == *pError ) { *pError = CKR_GENERAL_ERROR; } + nss_ZFreeIf(fwObject); return (NSSCKFWObject *)NULL; } diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c index f2bd229f8..fa4bf5fff 100644 --- a/security/nss/lib/cryptohi/secsign.c +++ b/security/nss/lib/cryptohi/secsign.c @@ -413,6 +413,7 @@ SGN_Digest(SECKEYPrivateKey *privKey, } result->len = modulusLen; result->data = (unsigned char*) PORT_Alloc(modulusLen); + result->type = siBuffer; if (result->data == NULL) { rv = SECFailure; diff --git a/security/nss/lib/freebl/desblapi.c b/security/nss/lib/freebl/desblapi.c index 6a547af67..04a07cae7 100644 --- a/security/nss/lib/freebl/desblapi.c +++ b/security/nss/lib/freebl/desblapi.c @@ -22,28 +22,8 @@ #define COPY8B(to, from, ptr) \ HALFPTR(to)[0] = HALFPTR(from)[0]; \ HALFPTR(to)[1] = HALFPTR(from)[1]; -#elif defined(USE_MEMCPY) -#define COPY8B(to, from, ptr) memcpy(to, from, 8) #else -#define COPY8B(to, from, ptr) \ - if (((ptrdiff_t)(ptr) & 0x3) == 0) { \ - HALFPTR(to)[0] = HALFPTR(from)[0]; \ - HALFPTR(to)[1] = HALFPTR(from)[1]; \ - } else if (((ptrdiff_t)(ptr) & 0x1) == 0) { \ - SHORTPTR(to)[0] = SHORTPTR(from)[0]; \ - SHORTPTR(to)[1] = SHORTPTR(from)[1]; \ - SHORTPTR(to)[2] = SHORTPTR(from)[2]; \ - SHORTPTR(to)[3] = SHORTPTR(from)[3]; \ - } else { \ - BYTEPTR(to)[0] = BYTEPTR(from)[0]; \ - BYTEPTR(to)[1] = BYTEPTR(from)[1]; \ - BYTEPTR(to)[2] = BYTEPTR(from)[2]; \ - BYTEPTR(to)[3] = BYTEPTR(from)[3]; \ - BYTEPTR(to)[4] = BYTEPTR(from)[4]; \ - BYTEPTR(to)[5] = BYTEPTR(from)[5]; \ - BYTEPTR(to)[6] = BYTEPTR(from)[6]; \ - BYTEPTR(to)[7] = BYTEPTR(from)[7]; \ - } +#define COPY8B(to, from, ptr) memcpy(to, from, 8) #endif #define COPY8BTOHALF(to, from) COPY8B(to, from, from) #define COPY8BFROMHALF(to, from) COPY8B(to, from, to) diff --git a/security/nss/lib/freebl/intel-gcm.h b/security/nss/lib/freebl/intel-gcm.h index 22f364db2..6dfbc3c43 100644 --- a/security/nss/lib/freebl/intel-gcm.h +++ b/security/nss/lib/freebl/intel-gcm.h @@ -7,15 +7,15 @@ /* Copyright(c) 2013, Intel Corp. */ /******************************************************************************/ /* Reference: */ -/* [1] Shay Gueron, Michael E. Kounavis: Intel® Carry-Less Multiplication */ +/* [1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication */ /* Instruction and its Usage for Computing the GCM Mode (Rev. 2.01) */ /* http://software.intel.com/sites/default/files/article/165685/clmul-wp-r*/ /*ev-2.01-2012-09-21.pdf */ /* [2] S. Gueron, M. E. Kounavis: Efficient Implementation of the Galois */ /* Counter Mode Using a Carry-less Multiplier and a Fast Reduction */ -/* Algorithm. Information Processing Letters 110: 549–553 (2010). */ -/* [3] S. Gueron: AES Performance on the 2nd Generation Intel® Coreâ„¢ Processor*/ -/* Family (to be posted) (2012). */ +/* Algorithm. Information Processing Letters 110: 549-553 (2010). */ +/* [3] S. Gueron: AES Performance on the 2nd Generation Intel(R) Core(TM) */ +/* Processor Family (to be posted) (2012). */ /* [4] S. Gueron: Fast GHASH computations for speeding up AES-GCM (to be */ /* published) (2012). */ @@ -41,9 +41,9 @@ SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, unsigned char * const unsigned char *inbuf, unsigned int inlen, unsigned int blocksize); -/* Prorotypes of functions in the assembler file for fast AES-GCM, using +/* Prototypes of functions in the assembler file for fast AES-GCM, using Intel AES-NI and CLMUL-NI, as described in [1] - [1] Shay Gueron, Michael E. Kounavis: Intel® Carry-Less Multiplication + [1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode */ /* Prepares the constants used in the aggregated reduction method */ diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 2ca262e7a..70951fa61 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -26,6 +26,9 @@ #define _NSS_CUSTOMIZED #endif +#undef _NSS_CUSTOMIZED +#define _NSS_CUSTOMIZED " (RetroZilla)" + /* * NSS's major version, minor version, patch level, build number, and whether * this is a beta release. @@ -33,11 +36,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.20.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.21" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 20 +#define NSS_VMINOR 21 #define NSS_VPATCH 0 -#define NSS_VBUILD 1 +#define NSS_VBUILD 0 #define NSS_BETA PR_FALSE #ifndef RC_INVOKED diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index 1361bc1fb..b0604de3a 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -1515,6 +1515,7 @@ PK11_MakeKEAPubKey(unsigned char *keyData,int length) pkData.data = keyData; pkData.len = length; + pkData.type = siBuffer; arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE); if (arena == NULL) diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c index 51bf0f7f5..ac678271f 100644 --- a/security/nss/lib/pkcs12/p12d.c +++ b/security/nss/lib/pkcs12/p12d.c @@ -1983,6 +1983,7 @@ gatherNicknames(CERTCertificate *cert, void *arg) tempNick.data = (unsigned char *)cert->nickname; tempNick.len = PORT_Strlen(cert->nickname) + 1; + tempNick.type = siAsciiString; /* do we already have the nickname in the list? */ if(nickArg->nNicks > 0) { diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index 7c80c568e..429ef8726 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -1776,6 +1776,7 @@ lg_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle, if (rv != SECSuccess) { crv = CKR_DEVICE_ERROR; } + PORT_Free(label); } lg_DestroyObjectCache(obj); diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 434e7bdb2..b0e9a6e60 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -3698,6 +3698,7 @@ nsc_SetupHMACKeyGen(CK_MECHANISM_PTR pMechanism, NSSPKCS5PBEParameter **pbe) salt.data = (unsigned char *)pbe_params->pSalt; salt.len = (unsigned int)pbe_params->ulSaltLen; + salt.type = siBuffer; rv = SECITEM_CopyItem(arena,¶ms->salt,&salt); if (rv != SECSuccess) { PORT_FreeArena(arena,PR_TRUE); diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index c7adc4bb4..c7e25e1be 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,11 +25,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.20.0.1" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.21" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 20 +#define SOFTOKEN_VMINOR 21 #define SOFTOKEN_VPATCH 0 -#define SOFTOKEN_VBUILD 1 +#define SOFTOKEN_VBUILD 0 #define SOFTOKEN_BETA PR_FALSE #endif /* _SOFTKVER_H_ */ diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index f6b57dee7..ead786cfe 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -63,7 +63,6 @@ static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, const unsigned char *b, unsigned int l); -static SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); static SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss, ssl3CipherSpec *spec, SSL3Hashes *hashes, @@ -4553,7 +4552,7 @@ static const struct { * If the hash is not recognised, SEC_OID_UNKNOWN is returned. * * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ -static SECOidTag +SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc) { unsigned int i; @@ -9220,6 +9219,7 @@ ssl3_PickSignatureHashAlgorithm(sslSocket *ss, SSLSignatureAndHashAlg* out) { SSLSignType sigAlg; + PRUint32 policy; unsigned int i, j; switch (ss->ssl3.hs.kea_def->kea) { @@ -9271,9 +9271,16 @@ ssl3_PickSignatureHashAlgorithm(sslSocket *ss, for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { const SSLSignatureAndHashAlg *serverPref = &ss->ssl3.signatureAlgorithms[i]; + SECOidTag hashOID; if (serverPref->sigAlg != sigAlg) { continue; } + hashOID = ssl3_TLSHashAlgorithmToOID(serverPref->hashAlg); + if ((NSS_GetAlgorithmPolicy(hashOID, &policy) != SECSuccess) + || !(policy & NSS_USE_ALG_IN_SSL_KX)) { + /* we ignore hashes we don't support */ + continue; + } for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) { const SSLSignatureAndHashAlg *clientPref = &ss->ssl3.hs.clientSigAndHash[j]; diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index e86834a3a..cf04abaed 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -2410,17 +2410,29 @@ ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) { PRInt32 extension_length; unsigned int i; + PRInt32 pos=0; + PRUint32 policy; PRUint8 buf[MAX_SIGNATURE_ALGORITHMS * 2]; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { return 0; } + for (i=0; i < ss->ssl3.signatureAlgorithmCount; i++) { + SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID( + ss->ssl3.signatureAlgorithms[i].hashAlg); + if ((NSS_GetAlgorithmPolicy(hashOID, & policy) != SECSuccess) || + (policy & NSS_USE_ALG_IN_SSL_KX)) { + buf[pos++] = ss->ssl3.signatureAlgorithms[i].hashAlg; + buf[pos++] = ss->ssl3.signatureAlgorithms[i].sigAlg; + } + } + extension_length = 2 /* extension type */ + 2 /* extension length */ + 2 /* supported_signature_algorithms length */ + - ss->ssl3.signatureAlgorithmCount * 2; + pos; if (maxBytes < extension_length) { PORT_Assert(0); @@ -2438,10 +2450,6 @@ ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) return -1; } - for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { - buf[i * 2] = ss->ssl3.signatureAlgorithms[i].hashAlg; - buf[i * 2 + 1] = ss->ssl3.signatureAlgorithms[i].sigAlg; - } rv = ssl3_AppendHandshakeVariable(ss, buf, extension_length - 6, 2); if (rv != SECSuccess) { return -1; diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index aac223f79..de4f64dbe 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -1954,6 +1954,8 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, unsigned int labelLen, const unsigned char *val, unsigned int valLen, unsigned char *out, unsigned int outLen); +extern SECOidTag +ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); #ifdef TRACE #define SSL_TRACE(msg) ssl_Trace msg diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index df4769201..0c8b480f5 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,11 +19,11 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.20.0.1" +#define NSSUTIL_VERSION "3.21" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 20 +#define NSSUTIL_VMINOR 21 #define NSSUTIL_VPATCH 0 -#define NSSUTIL_VBUILD 1 +#define NSSUTIL_VBUILD 0 #define NSSUTIL_BETA PR_FALSE SEC_BEGIN_PROTOS diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index 5068b2387..942abab93 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -1887,14 +1887,14 @@ handleHashAlgSupport(char * envVal) *nextArg++ = '\0'; } } - notEnable = (*arg == '-') ? NSS_USE_ALG_IN_CERT_SIGNATURE : 0; + notEnable = (*arg == '-') ? (NSS_USE_ALG_IN_CERT_SIGNATURE|NSS_USE_ALG_IN_SSL_KX) : 0; if ((*arg == '+' || *arg == '-') && *++arg) { int i; for (i = 1; i < SEC_OID_TOTAL; i++) { if (oids[i].desc && strstr(arg, oids[i].desc)) { xOids[i].notPolicyFlags = notEnable | - (xOids[i].notPolicyFlags & ~NSS_USE_ALG_IN_CERT_SIGNATURE); + (xOids[i].notPolicyFlags & ~(NSS_USE_ALG_IN_CERT_SIGNATURE|NSS_USE_ALG_IN_SSL_KX)); } } } diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h index ff0f52765..747450ed0 100644 --- a/security/nss/lib/util/secoidt.h +++ b/security/nss/lib/util/secoidt.h @@ -476,6 +476,7 @@ struct SECOidDataStr { */ #define NSS_USE_ALG_IN_CERT_SIGNATURE 0x00000001 /* CRLs and OCSP, too */ #define NSS_USE_ALG_IN_CMS_SIGNATURE 0x00000002 /* used in S/MIME */ +#define NSS_USE_ALG_IN_SSL_KX 0x00000004 /* used in SSL key exchange */ #define NSS_USE_ALG_RESERVED 0xfffffffc /* may be used in future */ /* Code MUST NOT SET or CLEAR reserved bits, and must NOT depend on them From efa3c9c4af30e35fd4e97141da82ac63061da2a6 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 22:10:08 +0800 Subject: [PATCH 07/15] [NSS] disable Werror in MSVC --- security/nss/coreconf/WIN32.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index 7f810fd30..3bc283494 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -127,7 +127,7 @@ else # !NS_USE_GCC -D_CRT_NONSTDC_NO_WARNINGS OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS ifndef NSS_ENABLE_WERROR - NSS_ENABLE_WERROR = 1 + NSS_ENABLE_WERROR = 0 endif ifeq ($(NSS_ENABLE_WERROR),1) OS_CFLAGS += -WX From 9b2e59866bd562caccfb5c431c754566a536eab6 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 22:10:37 +0800 Subject: [PATCH 08/15] [NSS] update certdata from 3.48, with new defines --- security/nss/lib/ckfw/builtins/certdata.txt | 15535 +++++++++--------- security/nss/lib/util/pkcs11n.h | 2 + 2 files changed, 7812 insertions(+), 7725 deletions(-) diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt index 5d2baf3a5..5b9d679d1 100644 --- a/security/nss/lib/ckfw/builtins/certdata.txt +++ b/security/nss/lib/ckfw/builtins/certdata.txt @@ -13,19 +13,21 @@ # # Certificates # -# -- Attribute -- -- type -- -- value -- -# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -# CKA_TOKEN CK_BBOOL CK_TRUE -# CKA_PRIVATE CK_BBOOL CK_FALSE -# CKA_MODIFIABLE CK_BBOOL CK_FALSE -# CKA_LABEL UTF8 (varies) -# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -# CKA_SUBJECT DER+base64 (varies) -# CKA_ID byte array (varies) -# CKA_ISSUER DER+base64 (varies) -# CKA_SERIAL_NUMBER DER+base64 (varies) -# CKA_VALUE DER+base64 (varies) -# CKA_NSS_EMAIL ASCII7 (unused here) +# -- Attribute -- -- type -- -- value -- +# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +# CKA_TOKEN CK_BBOOL CK_TRUE +# CKA_PRIVATE CK_BBOOL CK_FALSE +# CKA_MODIFIABLE CK_BBOOL CK_FALSE +# CKA_LABEL UTF8 (varies) +# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +# CKA_SUBJECT DER+base64 (varies) +# CKA_ID byte array (varies) +# CKA_ISSUER DER+base64 (varies) +# CKA_SERIAL_NUMBER DER+base64 (varies) +# CKA_VALUE DER+base64 (varies) +# CKA_NSS_EMAIL ASCII7 (unused here) +# CKA_NSS_SERVER_DISTRUST_AFTER DER+base64 (varies) +# CKA_NSS_EMAIL_DISTRUST_AFTER DER+base64 (varies) # # Trust # @@ -164,6 +166,8 @@ CKA_VALUE MULTILINE_OCTAL \125\342\374\110\311\051\046\151\340 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GlobalSign Root CA" # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE @@ -298,6 +302,8 @@ CKA_VALUE MULTILINE_OCTAL \152\374\176\102\070\100\144\022\367\236\201\341\223\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GlobalSign Root CA - R2" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 @@ -454,6 +460,8 @@ CKA_VALUE MULTILINE_OCTAL \113\336\006\226\161\054\362\333\266\037\244\357\077\356 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -619,6 +627,8 @@ CKA_VALUE MULTILINE_OCTAL \311\130\020\371\252\357\132\266\317\113\113\337\052 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -784,6 +794,8 @@ CKA_VALUE MULTILINE_OCTAL \153\271\012\172\116\117\113\204\356\113\361\175\335\021 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -1059,6 +1071,8 @@ CKA_VALUE MULTILINE_OCTAL \174\136\232\166\351\131\220\305\174\203\065\021\145\121 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Entrust.net Premium 2048 Secure Server CA" # Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net @@ -1197,6 +1211,8 @@ CKA_VALUE MULTILINE_OCTAL \347\201\035\031\303\044\102\352\143\071\251 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Baltimore CyberTrust Root" # Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE @@ -1341,6 +1357,8 @@ CKA_VALUE MULTILINE_OCTAL \065\341\035\026\034\320\274\053\216\326\161\331 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AddTrust Low-Value Services Root" # Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE @@ -1490,6 +1508,8 @@ CKA_VALUE MULTILINE_OCTAL \027\132\173\320\274\307\217\116\206\004 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AddTrust External Root" # Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE @@ -1654,6 +1674,8 @@ CKA_VALUE MULTILINE_OCTAL \036\177\132\264\074 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Entrust Root Certification Authority" # Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US @@ -1788,6 +1810,8 @@ CKA_VALUE MULTILINE_OCTAL \302\005\146\200\241\313\346\063 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Global CA" # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US @@ -1948,6 +1972,8 @@ CKA_VALUE MULTILINE_OCTAL \244\346\216\330\371\051\110\212\316\163\376\054 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Universal CA" # Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US @@ -2108,6 +2134,8 @@ CKA_VALUE MULTILINE_OCTAL \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Universal CA 2" # Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US @@ -2144,146 +2172,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Visa eCommerce Root" -# -# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62 -# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Not Valid Before: Wed Jun 26 02:18:36 2002 -# Not Valid After : Fri Jun 24 00:16:12 2022 -# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02 -# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Visa eCommerce Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220 -\034\142 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\242\060\202\002\212\240\003\002\001\002\002\020\023 -\206\065\115\035\077\006\362\301\371\145\005\325\220\034\142\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\153 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\015\060 -\013\006\003\125\004\012\023\004\126\111\123\101\061\057\060\055 -\006\003\125\004\013\023\046\126\151\163\141\040\111\156\164\145 -\162\156\141\164\151\157\156\141\154\040\123\145\162\166\151\143 -\145\040\101\163\163\157\143\151\141\164\151\157\156\061\034\060 -\032\006\003\125\004\003\023\023\126\151\163\141\040\145\103\157 -\155\155\145\162\143\145\040\122\157\157\164\060\036\027\015\060 -\062\060\066\062\066\060\062\061\070\063\066\132\027\015\062\062 -\060\066\062\064\060\060\061\066\061\062\132\060\153\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\015\060\013\006\003 -\125\004\012\023\004\126\111\123\101\061\057\060\055\006\003\125 -\004\013\023\046\126\151\163\141\040\111\156\164\145\162\156\141 -\164\151\157\156\141\154\040\123\145\162\166\151\143\145\040\101 -\163\163\157\143\151\141\164\151\157\156\061\034\060\032\006\003 -\125\004\003\023\023\126\151\163\141\040\145\103\157\155\155\145 -\162\143\145\040\122\157\157\164\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\257\127\336\126\036\156\241 -\332\140\261\224\047\313\027\333\007\077\200\205\117\310\234\266 -\320\364\157\117\317\231\330\341\333\302\110\134\072\254\071\063 -\307\037\152\213\046\075\053\065\365\110\261\221\301\002\116\004 -\226\221\173\260\063\360\261\024\116\021\157\265\100\257\033\105 -\245\112\357\176\266\254\362\240\037\130\077\022\106\140\074\215 -\241\340\175\317\127\076\063\036\373\107\361\252\025\227\007\125 -\146\245\265\055\056\330\200\131\262\247\015\267\106\354\041\143 -\377\065\253\245\002\317\052\364\114\376\173\365\224\135\204\115 -\250\362\140\217\333\016\045\074\237\163\161\317\224\337\112\352 -\333\337\162\070\214\363\226\275\361\027\274\322\272\073\105\132 -\306\247\366\306\027\213\001\235\374\031\250\052\203\026\270\072 -\110\376\116\076\240\253\006\031\351\123\363\200\023\007\355\055 -\277\077\012\074\125\040\071\054\054\000\151\164\225\112\274\040 -\262\251\171\345\030\211\221\250\334\034\115\357\273\176\067\013 -\135\376\071\245\210\122\214\000\154\354\030\174\101\275\366\213 -\165\167\272\140\235\204\347\376\055\002\003\001\000\001\243\102 -\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\035\006\003\125\035\016\004\026\004\024\025\070 -\203\017\077\054\077\160\063\036\315\106\376\007\214\040\340\327 -\303\267\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\137\361\101\175\174\134\010\271\053\340 -\325\222\107\372\147\134\245\023\303\003\041\233\053\114\211\106 -\317\131\115\311\376\245\100\266\143\315\335\161\050\225\147\021 -\314\044\254\323\104\154\161\256\001\040\153\003\242\217\030\267 -\051\072\175\345\026\140\123\170\074\300\257\025\203\367\217\122 -\063\044\275\144\223\227\356\213\367\333\030\250\155\161\263\367 -\054\027\320\164\045\151\367\376\153\074\224\276\115\113\101\214 -\116\342\163\320\343\220\042\163\103\315\363\357\352\163\316\105 -\212\260\246\111\377\114\175\235\161\210\304\166\035\220\133\035 -\356\375\314\367\356\375\140\245\261\172\026\161\321\026\320\174 -\022\074\154\151\227\333\256\137\071\232\160\057\005\074\031\106 -\004\231\040\066\320\140\156\141\006\273\026\102\214\160\367\060 -\373\340\333\146\243\000\001\275\346\054\332\221\137\240\106\213 -\115\152\234\075\075\335\005\106\376\166\277\240\012\074\344\000 -\346\047\267\377\204\055\336\272\042\047\226\020\161\353\042\355 -\337\337\063\234\317\343\255\256\216\324\216\346\117\121\257\026 -\222\340\134\366\007\017 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Visa eCommerce Root" -# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62 -# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Not Valid Before: Wed Jun 26 02:18:36 2002 -# Not Valid After : Fri Jun 24 00:16:12 2022 -# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02 -# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Visa eCommerce Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\160\027\233\206\214\000\244\372\140\221\122\042\077\237\076\062 -\275\340\005\142 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\374\021\270\330\010\223\060\000\155\043\371\176\353\122\036\002 -END -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220 -\034\142 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Certum Root CA" # @@ -2368,6 +2256,8 @@ CKA_VALUE MULTILINE_OCTAL \350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Certum Root CA" # Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL @@ -2514,6 +2404,8 @@ CKA_VALUE MULTILINE_OCTAL \225\351\066\226\230\156 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Comodo AAA Services root" # Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -2692,6 +2584,8 @@ CKA_VALUE MULTILINE_OCTAL \112\164\066\371 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "QuoVadis Root CA" # Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM @@ -2861,6 +2755,8 @@ CKA_VALUE MULTILINE_OCTAL \020\005\145\325\202\020\352\302\061\315\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "QuoVadis Root CA 2" # Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM @@ -3041,6 +2937,8 @@ CKA_VALUE MULTILINE_OCTAL \332 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "QuoVadis Root CA 3" # Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM @@ -3170,6 +3068,8 @@ CKA_VALUE MULTILINE_OCTAL \057\317\246\356\311\160\042\024\275\375\276\154\013\003 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Security Communication Root CA" # Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP @@ -3293,6 +3193,8 @@ CKA_VALUE MULTILINE_OCTAL \160\254\337\114 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Sonera Class 2 Root CA" # Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI @@ -3328,177 +3230,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "UTN USERFirst Email Root CA" -# -# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 -# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Not Valid Before: Fri Jul 09 17:28:50 1999 -# Not Valid After : Tue Jul 09 17:36:58 2019 -# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7 -# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UTN USERFirst Email Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147 -\311\211 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\242\060\202\003\212\240\003\002\001\002\002\020\104 -\276\014\213\120\000\044\264\021\323\066\045\045\147\311\211\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013 -\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006 -\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040 -\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124 -\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164 -\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150 -\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162 -\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004\003 -\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164\055 -\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151\143 -\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154\060 -\036\027\015\071\071\060\067\060\071\061\067\062\070\065\060\132 -\027\015\061\071\060\067\060\071\061\067\063\066\065\070\132\060 -\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025 -\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145 -\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025 -\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145 -\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030 -\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164 -\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004 -\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164 -\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151 -\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\262\071\205\244\362\175\253\101\073\142\106\067\256\315\301 -\140\165\274\071\145\371\112\032\107\242\271\314\110\314\152\230 -\325\115\065\031\271\244\102\345\316\111\342\212\057\036\174\322 -\061\007\307\116\264\203\144\235\056\051\325\242\144\304\205\275 -\205\121\065\171\244\116\150\220\173\034\172\244\222\250\027\362 -\230\025\362\223\314\311\244\062\225\273\014\117\060\275\230\240 -\013\213\345\156\033\242\106\372\170\274\242\157\253\131\136\245 -\057\317\312\332\155\252\057\353\254\241\263\152\252\267\056\147 -\065\213\171\341\036\151\210\342\346\106\315\240\245\352\276\013 -\316\166\072\172\016\233\352\374\332\047\133\075\163\037\042\346 -\110\141\306\114\363\151\261\250\056\033\266\324\061\040\054\274 -\202\212\216\244\016\245\327\211\103\374\026\132\257\035\161\327 -\021\131\332\272\207\015\257\372\363\341\302\360\244\305\147\214 -\326\326\124\072\336\012\244\272\003\167\263\145\310\375\036\323 -\164\142\252\030\312\150\223\036\241\205\176\365\107\145\313\370 -\115\127\050\164\322\064\377\060\266\356\366\142\060\024\214\054 -\353\002\003\001\000\001\243\201\271\060\201\266\060\013\006\003 -\125\035\017\004\004\003\002\001\306\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\211\202\147\175\304\235\046\160\000\113\264 -\120\110\174\336\075\256\004\156\175\060\130\006\003\125\035\037 -\004\121\060\117\060\115\240\113\240\111\206\107\150\164\164\160 -\072\057\057\143\162\154\056\165\163\145\162\164\162\165\163\164 -\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151\162 -\163\164\055\103\154\151\145\156\164\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\141\156\144\105\155\141\151\154\056 -\143\162\154\060\035\006\003\125\035\045\004\026\060\024\006\010 -\053\006\001\005\005\007\003\002\006\010\053\006\001\005\005\007 -\003\004\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\261\155\141\135\246\032\177\174\253\112 -\344\060\374\123\157\045\044\306\312\355\342\061\134\053\016\356 -\356\141\125\157\004\076\317\071\336\305\033\111\224\344\353\040 -\114\264\346\236\120\056\162\331\215\365\252\243\263\112\332\126 -\034\140\227\200\334\202\242\255\112\275\212\053\377\013\011\264 -\306\327\040\004\105\344\315\200\001\272\272\053\156\316\252\327 -\222\376\344\257\353\364\046\035\026\052\177\154\060\225\067\057 -\063\022\254\177\335\307\321\021\214\121\230\262\320\243\221\320 -\255\366\237\236\203\223\036\035\102\270\106\257\153\146\360\233 -\177\352\343\003\002\345\002\121\301\252\325\065\235\162\100\003 -\211\272\061\035\305\020\150\122\236\337\242\205\305\134\010\246 -\170\346\123\117\261\350\267\323\024\236\223\246\303\144\343\254 -\176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174 -\025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044 -\121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266 -\370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303 -\005\323\312\003\112\124 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "UTN USERFirst Email Root CA" -# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 -# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Not Valid Before: Fri Jul 09 17:28:50 1999 -# Not Valid After : Tue Jul 09 17:36:58 2019 -# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7 -# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UTN USERFirst Email Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152 -\104\143\166\212 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\327\064\075\357\035\047\011\050\341\061\002\133\023\053\335\367 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147 -\311\211 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Camerfirma Chambers of Commerce Root" # @@ -3621,6 +3352,8 @@ CKA_VALUE MULTILINE_OCTAL \334 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Camerfirma Chambers of Commerce Root" # Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU @@ -3781,6 +3514,8 @@ CKA_VALUE MULTILINE_OCTAL \166\135\165\220\032\365\046\217\360 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Camerfirma Global Chambersign Root" # Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU @@ -3934,6 +3669,8 @@ CKA_VALUE MULTILINE_OCTAL \264\003\045\274 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "XRamp Global CA Root" # Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US @@ -4081,6 +3818,8 @@ CKA_VALUE MULTILINE_OCTAL \177\333\275\237 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Go Daddy Class 2 CA" # Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US @@ -4226,6 +3965,8 @@ CKA_VALUE MULTILINE_OCTAL \037\027\224 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Starfield Class 2 CA" # Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US @@ -4390,6 +4131,8 @@ CKA_VALUE MULTILINE_OCTAL \245\206\054\174\364\022 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Taiwan GRCA" # Issuer: O=Government Root Certification Authority,C=TW @@ -4529,6 +4272,8 @@ CKA_VALUE MULTILINE_OCTAL \346\120\262\247\372\012\105\057\242\360\362 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DigiCert Assured ID Root CA" # Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4670,6 +4415,8 @@ CKA_VALUE MULTILINE_OCTAL \225\155\336 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DigiCert Global Root CA" # Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4812,6 +4559,8 @@ CKA_VALUE MULTILINE_OCTAL \370\351\056\023\243\167\350\037\112 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DigiCert High Assurance EV Root CA" # Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4851,136 +4600,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Certplus Class 2 Primary CA" -# -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR -# Not Valid Before: Wed Jul 07 17:05:00 1999 -# Not Valid After : Sat Jul 06 23:59:59 2019 -# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Class 2 Primary CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 -\245\104\043 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\222\060\202\002\172\240\003\002\001\002\002\021\000 -\205\275\113\363\330\332\343\151\366\224\327\137\303\245\104\043 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021 -\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165 -\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163 -\163\040\062\040\120\162\151\155\141\162\171\040\103\101\060\036 -\027\015\071\071\060\067\060\067\061\067\060\065\060\060\132\027 -\015\061\071\060\067\060\066\062\063\065\071\065\071\132\060\075 -\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060 -\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165\163 -\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163\163 -\040\062\040\120\162\151\155\141\162\171\040\103\101\060\202\001 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334\120 -\226\320\022\370\065\322\010\170\172\266\122\160\375\157\356\317 -\271\021\313\135\167\341\354\351\176\004\215\326\314\157\163\103 -\127\140\254\063\012\104\354\003\137\034\200\044\221\345\250\221 -\126\022\202\367\340\053\364\333\256\141\056\211\020\215\153\154 -\272\263\002\275\325\066\305\110\067\043\342\360\132\067\122\063 -\027\022\342\321\140\115\276\057\101\021\343\366\027\045\014\213 -\221\300\033\231\173\231\126\015\257\356\322\274\107\127\343\171 -\111\173\064\211\047\044\204\336\261\354\351\130\116\376\116\337 -\132\276\101\255\254\010\305\030\016\357\322\123\356\154\320\235 -\022\001\023\215\334\200\142\367\225\251\104\210\112\161\116\140 -\125\236\333\043\031\171\126\007\014\077\143\013\134\260\342\276 -\176\025\374\224\063\130\101\070\164\304\341\217\213\337\046\254 -\037\265\213\073\267\103\131\153\260\044\246\155\220\213\304\162 -\352\135\063\230\267\313\336\136\173\357\224\361\033\076\312\311 -\041\301\305\230\002\252\242\366\133\167\233\365\176\226\125\064 -\034\147\151\300\361\102\343\107\254\374\050\034\146\125\002\003 -\001\000\001\243\201\214\060\201\211\060\017\006\003\125\035\023 -\004\010\060\006\001\001\377\002\001\012\060\013\006\003\125\035 -\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026 -\004\024\343\163\055\337\313\016\050\014\336\335\263\244\312\171 -\270\216\273\350\060\211\060\021\006\011\140\206\110\001\206\370 -\102\001\001\004\004\003\002\001\006\060\067\006\003\125\035\037 -\004\060\060\056\060\054\240\052\240\050\206\046\150\164\164\160 -\072\057\057\167\167\167\056\143\145\162\164\160\154\165\163\056 -\143\157\155\057\103\122\114\057\143\154\141\163\163\062\056\143 -\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\247\124\317\210\104\031\313\337\324\177 -\000\337\126\063\142\265\367\121\001\220\353\303\077\321\210\104 -\351\044\135\357\347\024\275\040\267\232\074\000\376\155\237\333 -\220\334\327\364\142\326\213\160\135\347\345\004\110\251\150\174 -\311\361\102\363\154\177\305\172\174\035\121\210\272\322\012\076 -\047\135\336\055\121\116\323\023\144\151\344\056\343\323\347\233 -\011\231\246\340\225\233\316\032\327\177\276\074\316\122\263\021 -\025\301\017\027\315\003\273\234\045\025\272\242\166\211\374\006 -\361\030\320\223\113\016\174\202\267\245\364\366\137\376\355\100 -\246\235\204\164\071\271\334\036\205\026\332\051\033\206\043\000 -\311\273\211\176\156\200\210\036\057\024\264\003\044\250\062\157 -\003\232\107\054\060\276\126\306\247\102\002\160\033\352\100\330 -\272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201 -\220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366 -\215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056 -\010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273 -\227\277\242\216\264\124 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Certplus Class 2 Primary CA" -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR -# Not Valid Before: Wed Jul 07 17:05:00 1999 -# Not Valid After : Sat Jul 06 23:59:59 2019 -# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Class 2 Primary CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302 -\201\222\342\273 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\210\054\214\122\270\242\074\363\367\273\003\352\256\254\102\013 -END -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 -\245\104\043 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "DST Root CA X3" # @@ -5072,6 +4691,8 @@ CKA_VALUE MULTILINE_OCTAL \013\004\216\007\333\051\266\012\356\235\202\065\065\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DST Root CA X3" # Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. @@ -5239,6 +4860,8 @@ CKA_VALUE MULTILINE_OCTAL \205\206\171\145\322 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SwissSign Platinum CA - G2" # Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH @@ -5404,6 +5027,8 @@ CKA_VALUE MULTILINE_OCTAL \111\044\133\311\260\320\127\301\372\076\172\341\227\311 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SwissSign Gold CA - G2" # Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH @@ -5570,6 +5195,8 @@ CKA_VALUE MULTILINE_OCTAL \156 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SwissSign Silver CA - G2" # Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH @@ -5702,6 +5329,8 @@ CKA_VALUE MULTILINE_OCTAL \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Primary Certification Authority" # Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US @@ -5857,6 +5486,8 @@ CKA_VALUE MULTILINE_OCTAL \215\126\214\150 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "thawte Primary Root CA" # Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US @@ -6032,6 +5663,8 @@ CKA_VALUE MULTILINE_OCTAL \254\021\326\250\355\143\152 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -6175,6 +5808,8 @@ CKA_VALUE MULTILINE_OCTAL \113\035\236\054\302\270\150\274\355\002\356\061 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SecureTrust CA" # Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US @@ -6310,6 +5945,8 @@ CKA_VALUE MULTILINE_OCTAL \117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Secure Global CA" # Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US @@ -6460,6 +6097,8 @@ CKA_VALUE MULTILINE_OCTAL \145 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "COMODO Certification Authority" # Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -6606,6 +6245,8 @@ CKA_VALUE MULTILINE_OCTAL \244\140\114\260\125\240\240\173\127\262 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Network Solutions Certificate Authority" # Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US @@ -6732,6 +6373,8 @@ CKA_VALUE MULTILINE_OCTAL \334\335\363\377\035\054\072\026\127\331\222\071\326 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "COMODO ECC Certification Authority" # Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -6883,6 +6526,8 @@ CKA_VALUE MULTILINE_OCTAL \374\276\337\012\015 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "OISTE WISeKey Global Root GA CA" # Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH @@ -7018,6 +6663,8 @@ CKA_VALUE MULTILINE_OCTAL \300\226\130\057\352\273\106\327\273\344\331\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Certigna" # Issuer: CN=Certigna,O=Dhimyotis,C=FR @@ -7054,484 +6701,426 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "AC Raiz Certicamara S.A." +# Certificate "Cybertrust Global Root" # -# Issuer: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Serial Number:07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c -# Subject: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Not Valid Before: Mon Nov 27 20:46:29 2006 -# Not Valid After : Tue Apr 02 21:42:02 2030 -# Fingerprint (MD5): 93:2A:3E:F6:FD:23:69:0D:71:20:D4:2B:47:99:2B:A6 -# Fingerprint (SHA1): CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36 +# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" +# Serial Number:04:00:00:00:00:01:0f:85:aa:2d:48 +# Subject: CN=Cybertrust Global Root,O="Cybertrust, Inc" +# Not Valid Before: Fri Dec 15 08:00:00 2006 +# Not Valid After : Wed Dec 15 08:00:00 2021 +# Fingerprint (MD5): 72:E4:4A:87:E3:69:40:80:77:EA:BC:E3:F4:FF:F0:E1 +# Fingerprint (SHA1): 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A." +CKA_LABEL UTF8 "Cybertrust Global Root" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061 -\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144 -\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145 -\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147 -\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155 -\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004 -\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164 -\151\143\303\241\155\141\162\141\040\123\056\101\056 +\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 +\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 +\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 +\164\040\107\154\157\142\141\154\040\122\157\157\164 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061 -\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144 -\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145 -\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147 -\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155 -\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004 -\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164 -\151\143\303\241\155\141\162\141\040\123\056\101\056 +\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 +\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 +\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 +\164\040\107\154\157\142\141\154\040\122\157\157\164 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\007\176\122\223\173\340\025\343\127\360\151\214\313\354 -\014 +\002\013\004\000\000\000\000\001\017\205\252\055\110 END CKA_VALUE MULTILINE_OCTAL -\060\202\006\146\060\202\004\116\240\003\002\001\002\002\017\007 -\176\122\223\173\340\025\343\127\360\151\214\313\354\014\060\015 -\006\011\052\206\110\206\367\015\001\001\005\005\000\060\173\061 -\013\060\011\006\003\125\004\006\023\002\103\117\061\107\060\105 -\006\003\125\004\012\014\076\123\157\143\151\145\144\141\144\040 -\103\141\155\145\162\141\154\040\144\145\040\103\145\162\164\151 -\146\151\143\141\143\151\303\263\156\040\104\151\147\151\164\141 -\154\040\055\040\103\145\162\164\151\143\303\241\155\141\162\141 -\040\123\056\101\056\061\043\060\041\006\003\125\004\003\014\032 -\101\103\040\122\141\303\255\172\040\103\145\162\164\151\143\303 -\241\155\141\162\141\040\123\056\101\056\060\036\027\015\060\066 -\061\061\062\067\062\060\064\066\062\071\132\027\015\063\060\060 -\064\060\062\062\061\064\062\060\062\132\060\173\061\013\060\011 -\006\003\125\004\006\023\002\103\117\061\107\060\105\006\003\125 -\004\012\014\076\123\157\143\151\145\144\141\144\040\103\141\155 -\145\162\141\154\040\144\145\040\103\145\162\164\151\146\151\143 -\141\143\151\303\263\156\040\104\151\147\151\164\141\154\040\055 -\040\103\145\162\164\151\143\303\241\155\141\162\141\040\123\056 -\101\056\061\043\060\041\006\003\125\004\003\014\032\101\103\040 -\122\141\303\255\172\040\103\145\162\164\151\143\303\241\155\141 -\162\141\040\123\056\101\056\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\253\153\211\243\123\314\110\043 -\010\373\303\317\121\226\010\056\270\010\172\155\074\220\027\206 -\251\351\355\056\023\064\107\262\320\160\334\311\074\320\215\312 -\356\113\027\253\320\205\260\247\043\004\313\250\242\374\345\165 -\333\100\312\142\211\217\120\236\001\075\046\133\030\204\034\313 -\174\067\267\175\354\323\177\163\031\260\152\262\330\210\212\055 -\105\164\250\367\263\270\300\324\332\315\042\211\164\115\132\025 -\071\163\030\164\117\265\353\231\247\301\036\210\264\302\223\220 -\143\227\363\247\247\022\262\011\042\007\063\331\221\315\016\234 -\037\016\040\307\356\273\063\215\217\302\322\130\247\137\375\145 -\067\342\210\302\330\217\206\165\136\371\055\247\207\063\362\170 -\067\057\213\274\035\206\067\071\261\224\362\330\274\112\234\203 -\030\132\006\374\363\324\324\272\214\025\011\045\360\371\266\215 -\004\176\027\022\063\153\127\110\114\117\333\046\036\353\314\220 -\347\213\371\150\174\160\017\243\052\320\072\070\337\067\227\342 -\133\336\200\141\323\200\330\221\203\102\132\114\004\211\150\021 -\074\254\137\150\200\101\314\140\102\316\015\132\052\014\017\233 -\060\300\246\360\206\333\253\111\327\227\155\110\213\371\003\300 -\122\147\233\022\367\302\362\056\230\145\102\331\326\232\343\320 -\031\061\014\255\207\325\127\002\172\060\350\206\046\373\217\043 -\212\124\207\344\277\074\356\353\303\165\110\137\036\071\157\201 -\142\154\305\055\304\027\124\031\267\067\215\234\067\221\310\366 -\013\325\352\143\157\203\254\070\302\363\077\336\232\373\341\043 -\141\360\310\046\313\066\310\241\363\060\217\244\243\242\241\335 -\123\263\336\360\232\062\037\203\221\171\060\301\251\037\123\233 -\123\242\025\123\077\335\235\263\020\073\110\175\211\017\374\355 -\003\365\373\045\144\165\016\027\031\015\217\000\026\147\171\172 -\100\374\055\131\007\331\220\372\232\255\075\334\200\212\346\134 -\065\242\147\114\021\153\261\370\200\144\000\055\157\042\141\305 -\254\113\046\345\132\020\202\233\244\203\173\064\367\236\211\221 -\040\227\216\267\102\307\146\303\320\351\244\326\365\040\215\304 -\303\225\254\104\012\235\133\163\074\046\075\057\112\276\247\311 -\247\020\036\373\237\120\151\363\002\003\001\000\001\243\201\346 -\060\201\343\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\321 -\011\320\351\327\316\171\164\124\371\072\060\263\364\155\054\003 -\003\033\150\060\201\240\006\003\125\035\040\004\201\230\060\201 -\225\060\201\222\006\004\125\035\040\000\060\201\211\060\053\006 -\010\053\006\001\005\005\007\002\001\026\037\150\164\164\160\072 -\057\057\167\167\167\056\143\145\162\164\151\143\141\155\141\162 -\141\056\143\157\155\057\144\160\143\057\060\132\006\010\053\006 -\001\005\005\007\002\002\060\116\032\114\114\151\155\151\164\141 -\143\151\157\156\145\163\040\144\145\040\147\141\162\141\156\164 -\355\141\163\040\144\145\040\145\163\164\145\040\143\145\162\164 -\151\146\151\143\141\144\157\040\163\145\040\160\165\145\144\145 -\156\040\145\156\143\157\156\164\162\141\162\040\145\156\040\154 -\141\040\104\120\103\056\060\015\006\011\052\206\110\206\367\015 -\001\001\005\005\000\003\202\002\001\000\134\224\265\270\105\221 -\115\216\141\037\003\050\017\123\174\346\244\131\251\263\212\172 -\305\260\377\010\174\054\243\161\034\041\023\147\241\225\022\100 -\065\203\203\217\164\333\063\134\360\111\166\012\201\122\335\111 -\324\232\062\063\357\233\247\313\165\345\172\313\227\022\220\134 -\272\173\305\233\337\273\071\043\310\377\230\316\012\115\042\001 -\110\007\176\212\300\325\040\102\224\104\357\277\167\242\211\147 -\110\033\100\003\005\241\211\354\317\142\343\075\045\166\146\277 -\046\267\273\042\276\157\377\071\127\164\272\172\311\001\225\301 -\225\121\350\253\054\370\261\206\040\351\077\313\065\133\322\027 -\351\052\376\203\023\027\100\356\210\142\145\133\325\073\140\351 -\173\074\270\311\325\177\066\002\045\252\150\302\061\025\267\060 -\145\353\177\035\110\171\261\317\071\342\102\200\026\323\365\223 -\043\374\114\227\311\132\067\154\174\042\330\112\315\322\216\066 -\203\071\221\220\020\310\361\311\065\176\077\270\323\201\306\040 -\144\032\266\120\302\041\244\170\334\320\057\073\144\223\164\360 -\226\220\361\357\373\011\132\064\100\226\360\066\022\301\243\164 -\214\223\176\101\336\167\213\354\206\331\322\017\077\055\321\314 -\100\242\211\146\110\036\040\263\234\043\131\163\251\104\163\274 -\044\171\220\126\067\263\306\051\176\243\017\361\051\071\357\176 -\134\050\062\160\065\254\332\270\310\165\146\374\233\114\071\107 -\216\033\157\233\115\002\124\042\063\357\141\272\236\051\204\357 -\116\113\063\107\166\227\152\313\176\137\375\025\246\236\102\103 -\133\146\132\212\210\015\367\026\271\077\121\145\053\146\152\213 -\321\070\122\242\326\106\021\372\374\232\034\164\236\217\227\013 -\002\117\144\306\365\150\323\113\055\377\244\067\036\213\077\277 -\104\276\141\106\241\204\075\010\047\114\201\040\167\211\010\352 -\147\100\136\154\010\121\137\064\132\214\226\150\315\327\367\211 -\302\034\323\062\000\257\122\313\323\140\133\052\072\107\176\153 -\060\063\241\142\051\177\112\271\341\055\347\024\043\016\016\030 -\107\341\171\374\025\125\320\261\374\045\161\143\165\063\034\043 -\053\257\134\331\355\107\167\140\016\073\017\036\322\300\334\144 -\005\211\374\170\326\134\054\046\103\251 +\060\202\003\241\060\202\002\211\240\003\002\001\002\002\013\004 +\000\000\000\000\001\017\205\252\055\110\060\015\006\011\052\206 +\110\206\367\015\001\001\005\005\000\060\073\061\030\060\026\006 +\003\125\004\012\023\017\103\171\142\145\162\164\162\165\163\164 +\054\040\111\156\143\061\037\060\035\006\003\125\004\003\023\026 +\103\171\142\145\162\164\162\165\163\164\040\107\154\157\142\141 +\154\040\122\157\157\164\060\036\027\015\060\066\061\062\061\065 +\060\070\060\060\060\060\132\027\015\062\061\061\062\061\065\060 +\070\060\060\060\060\132\060\073\061\030\060\026\006\003\125\004 +\012\023\017\103\171\142\145\162\164\162\165\163\164\054\040\111 +\156\143\061\037\060\035\006\003\125\004\003\023\026\103\171\142 +\145\162\164\162\165\163\164\040\107\154\157\142\141\154\040\122 +\157\157\164\060\202\001\042\060\015\006\011\052\206\110\206\367 +\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 +\202\001\001\000\370\310\274\275\024\120\146\023\377\360\323\171 +\354\043\362\267\032\307\216\205\361\022\163\246\031\252\020\333 +\234\242\145\164\132\167\076\121\175\126\366\334\043\266\324\355 +\137\130\261\067\115\325\111\016\156\365\152\207\326\322\214\322 +\047\306\342\377\066\237\230\145\240\023\116\306\052\144\233\325 +\220\022\317\024\006\364\073\343\324\050\276\350\016\370\253\116 +\110\224\155\216\225\061\020\134\355\242\055\275\325\072\155\262 +\034\273\140\300\106\113\001\365\111\256\176\106\212\320\164\215 +\241\014\002\316\356\374\347\217\270\153\146\363\177\104\000\277 +\146\045\024\053\335\020\060\035\007\226\077\115\366\153\270\217 +\267\173\014\245\070\353\336\107\333\325\135\071\374\210\247\363 +\327\052\164\361\350\132\242\073\237\120\272\246\214\105\065\302 +\120\145\225\334\143\202\357\335\277\167\115\234\142\311\143\163 +\026\320\051\017\111\251\110\360\263\252\267\154\305\247\060\071 +\100\135\256\304\342\135\046\123\360\316\034\043\010\141\250\224 +\031\272\004\142\100\354\037\070\160\167\022\006\161\247\060\030 +\135\045\047\245\002\003\001\000\001\243\201\245\060\201\242\060 +\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 +\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 +\060\035\006\003\125\035\016\004\026\004\024\266\010\173\015\172 +\314\254\040\114\206\126\062\136\317\253\156\205\055\160\127\060 +\077\006\003\125\035\037\004\070\060\066\060\064\240\062\240\060 +\206\056\150\164\164\160\072\057\057\167\167\167\062\056\160\165 +\142\154\151\143\055\164\162\165\163\164\056\143\157\155\057\143 +\162\154\057\143\164\057\143\164\162\157\157\164\056\143\162\154 +\060\037\006\003\125\035\043\004\030\060\026\200\024\266\010\173 +\015\172\314\254\040\114\206\126\062\136\317\253\156\205\055\160 +\127\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 +\003\202\001\001\000\126\357\012\043\240\124\116\225\227\311\370 +\211\332\105\301\324\243\000\045\364\037\023\253\267\243\205\130 +\151\302\060\255\330\025\212\055\343\311\315\201\132\370\163\043 +\132\247\174\005\363\375\042\073\016\321\006\304\333\066\114\163 +\004\216\345\260\042\344\305\363\056\245\331\043\343\270\116\112 +\040\247\156\002\044\237\042\140\147\173\213\035\162\011\305\061 +\134\351\171\237\200\107\075\255\241\013\007\024\075\107\377\003 +\151\032\014\013\104\347\143\045\247\177\262\311\270\166\204\355 +\043\366\175\007\253\105\176\323\337\263\277\351\212\266\315\250 +\242\147\053\122\325\267\145\360\071\114\143\240\221\171\223\122 +\017\124\335\203\273\237\321\217\247\123\163\303\313\377\060\354 +\174\004\270\330\104\037\223\137\161\011\042\267\156\076\352\034 +\003\116\235\032\040\141\373\201\067\354\136\374\012\105\253\327 +\347\027\125\320\240\352\140\233\246\366\343\214\133\051\302\006 +\140\024\235\055\227\114\251\223\025\235\141\304\001\137\110\326 +\130\275\126\061\022\116\021\310\041\340\263\021\221\145\333\264 +\246\210\070\316\125 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "AC Raiz Certicamara S.A." -# Issuer: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Serial Number:07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c -# Subject: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Not Valid Before: Mon Nov 27 20:46:29 2006 -# Not Valid After : Tue Apr 02 21:42:02 2030 -# Fingerprint (MD5): 93:2A:3E:F6:FD:23:69:0D:71:20:D4:2B:47:99:2B:A6 -# Fingerprint (SHA1): CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36 +# Trust for Certificate "Cybertrust Global Root" +# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" +# Serial Number:04:00:00:00:00:01:0f:85:aa:2d:48 +# Subject: CN=Cybertrust Global Root,O="Cybertrust, Inc" +# Not Valid Before: Fri Dec 15 08:00:00 2006 +# Not Valid After : Wed Dec 15 08:00:00 2021 +# Fingerprint (MD5): 72:E4:4A:87:E3:69:40:80:77:EA:BC:E3:F4:FF:F0:E1 +# Fingerprint (SHA1): 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A." +CKA_LABEL UTF8 "Cybertrust Global Root" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\313\241\305\370\260\343\136\270\271\105\022\323\371\064\242\351 -\006\020\323\066 +\137\103\345\261\277\370\170\214\254\034\307\312\112\232\306\042 +\053\314\064\306 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\223\052\076\366\375\043\151\015\161\040\324\053\107\231\053\246 +\162\344\112\207\343\151\100\200\167\352\274\343\364\377\360\341 END CKA_ISSUER MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061 -\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144 -\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145 -\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147 -\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155 -\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004 -\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164 -\151\143\303\241\155\141\162\141\040\123\056\101\056 +\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 +\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 +\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 +\164\040\107\154\157\142\141\154\040\122\157\157\164 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\007\176\122\223\173\340\025\343\127\360\151\214\313\354 -\014 +\002\013\004\000\000\000\000\001\017\205\252\055\110 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TC TrustCenter Class 3 CA II" +# Certificate "ePKI Root Certification Authority" # -# Issuer: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Serial Number:4a:47:00:01:00:02:e5:a0:5d:d6:3f:00:51:bf -# Subject: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Not Valid Before: Thu Jan 12 14:41:57 2006 -# Not Valid After : Wed Dec 31 22:59:59 2025 -# Fingerprint (MD5): 56:5F:AA:80:61:12:17:F6:67:21:E6:2B:6D:61:56:8E -# Fingerprint (SHA1): 80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5 +# Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW +# Serial Number:15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d +# Subject: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW +# Not Valid Before: Mon Dec 20 02:31:27 2004 +# Not Valid After : Wed Dec 20 02:31:27 2034 +# Fingerprint (MD5): 1B:2E:00:CA:26:06:90:3D:AD:FE:6F:15:68:D3:6B:B3 +# Fingerprint (SHA1): 67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TC TrustCenter Class 3 CA II" +CKA_LABEL UTF8 "ePKI Root Certification Authority" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060 -\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\040\111\111 +\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150 +\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040 +\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145 +\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060 -\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\040\111\111 +\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150 +\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040 +\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145 +\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\016\112\107\000\001\000\002\345\240\135\326\077\000\121\277 +\002\020\025\310\275\145\107\134\257\270\227\000\136\344\006\322 +\274\235 END CKA_VALUE MULTILINE_OCTAL -\060\202\004\252\060\202\003\222\240\003\002\001\002\002\016\112 -\107\000\001\000\002\345\240\135\326\077\000\121\277\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\060\166\061\013 -\060\011\006\003\125\004\006\023\002\104\105\061\034\060\032\006 -\003\125\004\012\023\023\124\103\040\124\162\165\163\164\103\145 -\156\164\145\162\040\107\155\142\110\061\042\060\040\006\003\125 -\004\013\023\031\124\103\040\124\162\165\163\164\103\145\156\164 -\145\162\040\103\154\141\163\163\040\063\040\103\101\061\045\060 -\043\006\003\125\004\003\023\034\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\040\111\111\060\036\027\015\060\066\060\061\061\062\061\064 -\064\061\065\067\132\027\015\062\065\061\062\063\061\062\062\065 -\071\065\071\132\060\166\061\013\060\011\006\003\125\004\006\023 -\002\104\105\061\034\060\032\006\003\125\004\012\023\023\124\103 -\040\124\162\165\163\164\103\145\156\164\145\162\040\107\155\142 -\110\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\061\045\060\043\006\003\125\004\003\023\034 -\124\103\040\124\162\165\163\164\103\145\156\164\145\162\040\103 -\154\141\163\163\040\063\040\103\101\040\111\111\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\264\340\273 -\121\273\071\134\213\004\305\114\171\034\043\206\061\020\143\103 -\125\047\077\306\105\307\244\075\354\011\015\032\036\040\302\126 -\036\336\033\067\007\060\042\057\157\361\006\361\253\255\326\310 -\253\141\243\057\103\304\260\262\055\374\303\226\151\173\176\212 -\344\314\300\071\022\220\102\140\311\314\065\150\356\332\137\220 -\126\137\315\034\115\133\130\111\353\016\001\117\144\372\054\074 -\211\130\330\057\056\342\260\150\351\042\073\165\211\326\104\032 -\145\362\033\227\046\035\050\155\254\350\275\131\035\053\044\366 -\326\204\003\146\210\044\000\170\140\361\370\253\376\002\262\153 -\373\042\373\065\346\026\321\255\366\056\022\344\372\065\152\345 -\031\271\135\333\073\036\032\373\323\377\025\024\010\330\011\152 -\272\105\235\024\171\140\175\257\100\212\007\163\263\223\226\323 -\164\064\215\072\067\051\336\134\354\365\356\056\061\302\040\334 -\276\361\117\177\043\122\331\133\342\144\331\234\252\007\010\265 -\105\275\321\320\061\301\253\124\237\251\322\303\142\140\003\361 -\273\071\112\222\112\075\012\271\235\305\240\376\067\002\003\001 -\000\001\243\202\001\064\060\202\001\060\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\324\242\374\237\263\303\330\003\323\127 -\134\007\244\320\044\247\300\362\000\324\060\201\355\006\003\125 -\035\037\004\201\345\060\201\342\060\201\337\240\201\334\240\201 -\331\206\065\150\164\164\160\072\057\057\167\167\167\056\164\162 -\165\163\164\143\145\156\164\145\162\056\144\145\057\143\162\154 -\057\166\062\057\164\143\137\143\154\141\163\163\137\063\137\143 -\141\137\111\111\056\143\162\154\206\201\237\154\144\141\160\072 -\057\057\167\167\167\056\164\162\165\163\164\143\145\156\164\145 -\162\056\144\145\057\103\116\075\124\103\045\062\060\124\162\165 -\163\164\103\145\156\164\145\162\045\062\060\103\154\141\163\163 -\045\062\060\063\045\062\060\103\101\045\062\060\111\111\054\117 -\075\124\103\045\062\060\124\162\165\163\164\103\145\156\164\145 -\162\045\062\060\107\155\142\110\054\117\125\075\162\157\157\164 -\143\145\162\164\163\054\104\103\075\164\162\165\163\164\143\145 -\156\164\145\162\054\104\103\075\144\145\077\143\145\162\164\151 -\146\151\143\141\164\145\122\145\166\157\143\141\164\151\157\156 -\114\151\163\164\077\142\141\163\145\077\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\066\140 -\344\160\367\006\040\103\331\043\032\102\362\370\243\262\271\115 -\212\264\363\302\232\125\061\174\304\073\147\232\264\337\115\016 -\212\223\112\027\213\033\215\312\211\341\317\072\036\254\035\361 -\234\062\264\216\131\166\242\101\205\045\067\240\023\320\365\174 -\116\325\352\226\342\156\162\301\273\052\376\154\156\370\221\230 -\106\374\311\033\127\133\352\310\032\073\077\260\121\230\074\007 -\332\054\131\001\332\213\104\350\341\164\375\247\150\335\124\272 -\203\106\354\310\106\265\370\257\227\300\073\011\034\217\316\162 -\226\075\063\126\160\274\226\313\330\325\175\040\232\203\237\032 -\334\071\361\305\162\243\021\003\375\073\102\122\051\333\350\001 -\367\233\136\214\326\215\206\116\031\372\274\034\276\305\041\245 -\207\236\170\056\066\333\011\161\243\162\064\370\154\343\006\011 -\362\136\126\245\323\335\230\372\324\346\006\364\360\266\040\143 -\113\352\051\275\252\202\146\036\373\201\252\247\067\255\023\030 -\346\222\303\201\301\063\273\210\036\241\347\342\264\275\061\154 -\016\121\075\157\373\226\126\200\342\066\027\321\334\344 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "TC TrustCenter Class 3 CA II" -# Issuer: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Serial Number:4a:47:00:01:00:02:e5:a0:5d:d6:3f:00:51:bf -# Subject: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Not Valid Before: Thu Jan 12 14:41:57 2006 -# Not Valid After : Wed Dec 31 22:59:59 2025 -# Fingerprint (MD5): 56:5F:AA:80:61:12:17:F6:67:21:E6:2B:6D:61:56:8E -# Fingerprint (SHA1): 80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5 +\060\202\005\260\060\202\003\230\240\003\002\001\002\002\020\025 +\310\275\145\107\134\257\270\227\000\136\344\006\322\274\235\060 +\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\136 +\061\013\060\011\006\003\125\004\006\023\002\124\127\061\043\060 +\041\006\003\125\004\012\014\032\103\150\165\156\147\150\167\141 +\040\124\145\154\145\143\157\155\040\103\157\056\054\040\114\164 +\144\056\061\052\060\050\006\003\125\004\013\014\041\145\120\113 +\111\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 +\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036 +\027\015\060\064\061\062\062\060\060\062\063\061\062\067\132\027 +\015\063\064\061\062\062\060\060\062\063\061\062\067\132\060\136 +\061\013\060\011\006\003\125\004\006\023\002\124\127\061\043\060 +\041\006\003\125\004\012\014\032\103\150\165\156\147\150\167\141 +\040\124\145\154\145\143\157\155\040\103\157\056\054\040\114\164 +\144\056\061\052\060\050\006\003\125\004\013\014\041\145\120\113 +\111\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 +\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202 +\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 +\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\341 +\045\017\356\215\333\210\063\165\147\315\255\037\175\072\116\155 +\235\323\057\024\363\143\164\313\001\041\152\067\352\204\120\007 +\113\046\133\011\103\154\041\236\152\310\325\003\365\140\151\217 +\314\360\042\344\037\347\367\152\042\061\267\054\025\362\340\376 +\000\152\103\377\207\145\306\265\032\301\247\114\155\042\160\041 +\212\061\362\227\164\211\011\022\046\034\236\312\331\022\242\225 +\074\332\351\147\277\010\240\144\343\326\102\267\105\357\227\364 +\366\365\327\265\112\025\002\130\175\230\130\113\140\274\315\327 +\015\232\023\063\123\321\141\371\172\325\327\170\263\232\063\367 +\000\206\316\035\115\224\070\257\250\354\170\121\160\212\134\020 +\203\121\041\367\021\075\064\206\136\345\110\315\227\201\202\065 +\114\031\354\145\366\153\305\005\241\356\107\023\326\263\041\047 +\224\020\012\331\044\073\272\276\104\023\106\060\077\227\074\330 +\327\327\152\356\073\070\343\053\324\227\016\271\033\347\007\111 +\177\067\052\371\167\170\317\124\355\133\106\235\243\200\016\221 +\103\301\326\133\137\024\272\237\246\215\044\107\100\131\277\162 +\070\262\066\154\067\377\231\321\135\016\131\012\253\151\367\300 +\262\004\105\172\124\000\256\276\123\366\265\347\341\370\074\243 +\061\322\251\376\041\122\144\305\246\147\360\165\007\006\224\024 +\201\125\306\047\344\001\217\027\301\152\161\327\276\113\373\224 +\130\175\176\021\063\261\102\367\142\154\030\326\317\011\150\076 +\177\154\366\036\217\142\255\245\143\333\011\247\037\042\102\101 +\036\157\231\212\076\327\371\077\100\172\171\260\245\001\222\322 +\235\075\010\025\245\020\001\055\263\062\166\250\225\015\263\172 +\232\373\007\020\170\021\157\341\217\307\272\017\045\032\164\052 +\345\034\230\101\231\337\041\207\350\225\006\152\012\263\152\107 +\166\145\366\072\317\217\142\027\031\173\012\050\315\032\322\203 +\036\041\307\054\277\276\377\141\150\267\147\033\273\170\115\215 +\316\147\345\344\301\216\267\043\146\342\235\220\165\064\230\251 +\066\053\212\232\224\271\235\354\314\212\261\370\045\211\134\132 +\266\057\214\037\155\171\044\247\122\150\303\204\065\342\146\215 +\143\016\045\115\325\031\262\346\171\067\247\042\235\124\061\002 +\003\001\000\001\243\152\060\150\060\035\006\003\125\035\016\004 +\026\004\024\036\014\367\266\147\362\341\222\046\011\105\300\125 +\071\056\167\077\102\112\242\060\014\006\003\125\035\023\004\005 +\060\003\001\001\377\060\071\006\004\147\052\007\000\004\061\060 +\057\060\055\002\001\000\060\011\006\005\053\016\003\002\032\005 +\000\060\007\006\005\147\052\003\000\000\004\024\105\260\302\307 +\012\126\174\356\133\170\014\225\371\030\123\301\246\034\330\020 +\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 +\202\002\001\000\011\263\203\123\131\001\076\225\111\271\361\201 +\272\371\166\040\043\265\047\140\164\324\152\231\064\136\154\000 +\123\331\237\362\246\261\044\007\104\152\052\306\245\216\170\022 +\350\107\331\130\033\023\052\136\171\233\237\012\052\147\246\045 +\077\006\151\126\163\303\212\146\110\373\051\201\127\164\006\312 +\234\352\050\350\070\147\046\053\361\325\265\077\145\223\370\066 +\135\216\215\215\100\040\207\031\352\357\047\300\075\264\071\017 +\045\173\150\120\164\125\234\014\131\175\132\075\101\224\045\122 +\010\340\107\054\025\061\031\325\277\007\125\306\273\022\265\227 +\364\137\203\205\272\161\301\331\154\201\021\166\012\012\260\277 +\202\227\367\352\075\372\372\354\055\251\050\224\073\126\335\322 +\121\056\256\300\275\010\025\214\167\122\064\226\326\233\254\323 +\035\216\141\017\065\173\233\256\071\151\013\142\140\100\040\066 +\217\257\373\066\356\055\010\112\035\270\277\233\134\370\352\245 +\033\240\163\246\330\370\156\340\063\004\137\150\252\047\207\355 +\331\301\220\234\355\275\343\152\065\257\143\337\253\030\331\272 +\346\351\112\352\120\212\017\141\223\036\342\055\031\342\060\224 +\065\222\135\016\266\007\257\031\200\217\107\220\121\113\056\115 +\335\205\342\322\012\122\012\027\232\374\032\260\120\002\345\001 +\243\143\067\041\114\104\304\233\121\231\021\016\163\234\006\217 +\124\056\247\050\136\104\071\207\126\055\067\275\205\104\224\341 +\014\113\054\234\303\222\205\064\141\313\017\270\233\112\103\122 +\376\064\072\175\270\351\051\334\166\251\310\060\370\024\161\200 +\306\036\066\110\164\042\101\134\207\202\350\030\161\213\101\211 +\104\347\176\130\133\250\270\215\023\351\247\154\303\107\355\263 +\032\235\142\256\215\202\352\224\236\335\131\020\303\255\335\342 +\115\343\061\325\307\354\350\362\260\376\222\036\026\012\032\374 +\331\363\370\047\266\311\276\035\264\154\144\220\177\364\344\304 +\133\327\067\256\102\016\335\244\032\157\174\210\124\305\026\156 +\341\172\150\056\370\072\277\015\244\074\211\073\170\247\116\143 +\203\004\041\010\147\215\362\202\111\320\133\375\261\315\017\203 +\204\324\076\040\205\367\112\075\053\234\375\052\012\011\115\352 +\201\370\021\234 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for Certificate "ePKI Root Certification Authority" +# Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW +# Serial Number:15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d +# Subject: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW +# Not Valid Before: Mon Dec 20 02:31:27 2004 +# Not Valid After : Wed Dec 20 02:31:27 2034 +# Fingerprint (MD5): 1B:2E:00:CA:26:06:90:3D:AD:FE:6F:15:68:D3:6B:B3 +# Fingerprint (SHA1): 67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TC TrustCenter Class 3 CA II" +CKA_LABEL UTF8 "ePKI Root Certification Authority" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\200\045\357\364\156\160\310\324\162\044\145\204\376\100\073\212 -\215\152\333\365 +\147\145\015\361\176\216\176\133\202\100\244\364\126\113\317\342 +\075\151\306\360 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\126\137\252\200\141\022\027\366\147\041\346\053\155\141\126\216 +\033\056\000\312\046\006\220\075\255\376\157\025\150\323\153\263 END CKA_ISSUER MULTILINE_OCTAL -\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060 -\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\040\111\111 +\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150 +\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040 +\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145 +\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\016\112\107\000\001\000\002\345\240\135\326\077\000\121\277 +\002\020\025\310\275\145\107\134\257\270\227\000\136\344\006\322 +\274\235 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Deutsche Telekom Root CA 2" +# Certificate "certSIGN ROOT CA" # -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Serial Number: 38 (0x26) -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Not Valid Before: Fri Jul 09 12:11:00 1999 -# Not Valid After : Tue Jul 09 23:59:00 2019 -# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08 -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF +# Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO +# Serial Number:20:06:05:16:70:02 +# Subject: OU=certSIGN ROOT CA,O=certSIGN,C=RO +# Not Valid Before: Tue Jul 04 17:20:04 2006 +# Not Valid After : Fri Jul 04 17:20:04 2031 +# Fingerprint (MD5): 18:98:C0:D6:E9:3A:FC:F9:B0:F5:0C:F7:4B:01:44:17 +# Fingerprint (SHA1): FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" +CKA_LABEL UTF8 "certSIGN ROOT CA" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 +\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061 +\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111 +\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162 +\164\123\111\107\116\040\122\117\117\124\040\103\101 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 +\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061 +\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111 +\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162 +\164\123\111\107\116\040\122\117\117\124\040\103\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\046 +\002\006\040\006\005\026\160\002 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\237\060\202\002\207\240\003\002\001\002\002\001\046 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061\034 -\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060\035 -\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145\143 -\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043\060 -\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150\145 -\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103\101 -\040\062\060\036\027\015\071\071\060\067\060\071\061\062\061\061 -\060\060\132\027\015\061\071\060\067\060\071\062\063\065\071\060 -\060\132\060\161\061\013\060\011\006\003\125\004\006\023\002\104 -\105\061\034\060\032\006\003\125\004\012\023\023\104\145\165\164 -\163\143\150\145\040\124\145\154\145\153\157\155\040\101\107\061 -\037\060\035\006\003\125\004\013\023\026\124\055\124\145\154\145 -\123\145\143\040\124\162\165\163\164\040\103\145\156\164\145\162 -\061\043\060\041\006\003\125\004\003\023\032\104\145\165\164\163 -\143\150\145\040\124\145\154\145\153\157\155\040\122\157\157\164 -\040\103\101\040\062\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\253\013\243\065\340\213\051\024\261\024 -\205\257\074\020\344\071\157\065\135\112\256\335\352\141\215\225 -\111\364\157\144\243\032\140\146\244\251\100\042\204\331\324\245 -\345\170\223\016\150\001\255\271\115\134\072\316\323\270\250\102 -\100\337\317\243\272\202\131\152\222\033\254\034\232\332\010\053 -\045\047\371\151\043\107\361\340\353\054\172\233\365\023\002\320 -\176\064\174\302\236\074\000\131\253\365\332\014\365\062\074\053 -\254\120\332\326\303\336\203\224\312\250\014\231\062\016\010\110 -\126\133\152\373\332\341\130\130\001\111\137\162\101\074\025\006 -\001\216\135\255\252\270\223\264\315\236\353\247\350\152\055\122 -\064\333\072\357\134\165\121\332\333\363\061\371\356\161\230\062 -\304\124\025\104\014\371\233\125\355\255\337\030\010\240\243\206 -\212\111\356\123\005\217\031\114\325\336\130\171\233\322\152\034 -\102\253\305\325\247\317\150\017\226\344\341\141\230\166\141\310 -\221\174\326\076\000\342\221\120\207\341\235\012\346\255\227\322 -\035\306\072\175\313\274\332\003\064\325\216\133\001\365\152\007 -\267\026\266\156\112\177\002\003\001\000\001\243\102\060\100\060 -\035\006\003\125\035\016\004\026\004\024\061\303\171\033\272\365 -\123\327\027\340\211\172\055\027\154\012\263\053\235\063\060\017 -\006\003\125\035\023\004\010\060\006\001\001\377\002\001\005\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\001\001\000\224\144\131\255\071\144\347\051\353\023\376\132\303 -\213\023\127\310\004\044\360\164\167\300\140\343\147\373\351\211 -\246\203\277\226\202\174\156\324\303\075\357\236\200\156\273\051 -\264\230\172\261\073\124\353\071\027\107\176\032\216\013\374\037 -\061\131\061\004\262\316\027\363\054\307\142\066\125\342\042\330 -\211\125\264\230\110\252\144\372\326\034\066\330\104\170\132\132 -\043\072\127\227\365\172\060\117\256\237\152\114\113\053\216\240 -\003\343\076\340\251\324\322\173\322\263\250\342\162\074\255\236 -\377\200\131\344\233\105\264\366\073\260\315\071\031\230\062\345 -\352\041\141\220\344\061\041\216\064\261\367\057\065\112\205\020 -\332\347\212\067\041\276\131\143\340\362\205\210\061\123\324\124 -\024\205\160\171\364\056\006\167\047\165\057\037\270\212\371\376 -\305\272\330\066\344\203\354\347\145\267\277\143\132\363\106\257 -\201\224\067\324\101\214\326\043\326\036\317\365\150\033\104\143 -\242\132\272\247\065\131\241\345\160\005\233\016\043\127\231\224 -\012\155\272\071\143\050\206\222\363\030\204\330\373\321\317\005 -\126\144\127 +\060\202\003\070\060\202\002\040\240\003\002\001\002\002\006\040 +\006\005\026\160\002\060\015\006\011\052\206\110\206\367\015\001 +\001\005\005\000\060\073\061\013\060\011\006\003\125\004\006\023 +\002\122\117\061\021\060\017\006\003\125\004\012\023\010\143\145 +\162\164\123\111\107\116\061\031\060\027\006\003\125\004\013\023 +\020\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103 +\101\060\036\027\015\060\066\060\067\060\064\061\067\062\060\060 +\064\132\027\015\063\061\060\067\060\064\061\067\062\060\060\064 +\132\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117 +\061\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123 +\111\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145 +\162\164\123\111\107\116\040\122\117\117\124\040\103\101\060\202 +\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 +\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\267 +\063\271\176\310\045\112\216\265\333\264\050\033\252\127\220\350 +\321\042\323\144\272\323\223\350\324\254\206\141\100\152\140\127 +\150\124\204\115\274\152\124\002\005\377\337\233\232\052\256\135 +\007\217\112\303\050\177\357\373\053\372\171\361\307\255\360\020 +\123\044\220\213\146\311\250\210\253\257\132\243\000\351\276\272 +\106\356\133\163\173\054\027\202\201\136\142\054\241\002\145\263 +\275\305\053\000\176\304\374\003\063\127\015\355\342\372\316\135 +\105\326\070\315\065\266\262\301\320\234\201\112\252\344\262\001 +\134\035\217\137\231\304\261\255\333\210\041\353\220\010\202\200 +\363\060\243\103\346\220\202\256\125\050\111\355\133\327\251\020 +\070\016\376\217\114\133\233\106\352\101\365\260\010\164\303\320 +\210\063\266\174\327\164\337\334\204\321\103\016\165\071\241\045 +\100\050\352\170\313\016\054\056\071\235\214\213\156\026\034\057 +\046\202\020\342\343\145\224\012\004\300\136\367\135\133\370\020 +\342\320\272\172\113\373\336\067\000\000\032\133\050\343\322\234 +\163\076\062\207\230\241\311\121\057\327\336\254\063\263\117\002 +\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023\001 +\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\001\306\060\035\006\003\125\035\016 +\004\026\004\024\340\214\233\333\045\111\263\361\174\206\326\262 +\102\207\013\320\153\240\331\344\060\015\006\011\052\206\110\206 +\367\015\001\001\005\005\000\003\202\001\001\000\076\322\034\211 +\056\065\374\370\165\335\346\177\145\210\364\162\114\311\054\327 +\062\116\363\335\031\171\107\275\216\073\133\223\017\120\111\044 +\023\153\024\006\162\357\011\323\241\241\343\100\204\311\347\030 +\062\164\074\110\156\017\237\113\324\367\036\323\223\206\144\124 +\227\143\162\120\325\125\317\372\040\223\002\242\233\303\043\223 +\116\026\125\166\240\160\171\155\315\041\037\317\057\055\274\031 +\343\210\061\370\131\032\201\011\310\227\246\164\307\140\304\133 +\314\127\216\262\165\375\033\002\011\333\131\157\162\223\151\367 +\061\101\326\210\070\277\207\262\275\026\171\371\252\344\276\210 +\045\335\141\047\043\034\265\061\007\004\066\264\032\220\275\240 +\164\161\120\211\155\274\024\343\017\206\256\361\253\076\307\240 +\011\314\243\110\321\340\333\144\347\222\265\317\257\162\103\160 +\213\371\303\204\074\023\252\176\222\233\127\123\223\372\160\302 +\221\016\061\371\233\147\135\351\226\070\136\137\263\163\116\210 +\025\147\336\236\166\020\142\040\276\125\151\225\103\000\071\115 +\366\356\260\132\116\111\104\124\130\137\102\203 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "Deutsche Telekom Root CA 2" -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Serial Number: 38 (0x26) -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Not Valid Before: Fri Jul 09 12:11:00 1999 -# Not Valid After : Tue Jul 09 23:59:00 2019 -# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08 -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF +# Trust for Certificate "certSIGN ROOT CA" +# Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO +# Serial Number:20:06:05:16:70:02 +# Subject: OU=certSIGN ROOT CA,O=certSIGN,C=RO +# Not Valid Before: Tue Jul 04 17:20:04 2006 +# Not Valid After : Fri Jul 04 17:20:04 2031 +# Fingerprint (MD5): 18:98:C0:D6:E9:3A:FC:F9:B0:F5:0C:F7:4B:01:44:17 +# Fingerprint (SHA1): FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" +CKA_LABEL UTF8 "certSIGN ROOT CA" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\205\244\010\300\234\031\076\135\121\130\175\315\326\023\060\375 -\214\336\067\277 +\372\267\356\066\227\046\142\373\055\260\052\366\277\003\375\350 +\174\113\057\233 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\164\001\112\221\261\010\304\130\316\107\315\360\335\021\123\010 +\030\230\300\326\351\072\374\371\260\365\014\367\113\001\104\027 END CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 +\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061 +\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111 +\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162 +\164\123\111\107\116\040\122\117\117\124\040\103\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\046 +\002\006\040\006\005\026\160\002 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -7539,705 +7128,587 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "ComSign CA" +# Certificate "GeoTrust Primary Certification Authority - G3" # -# Issuer: C=IL,O=ComSign,CN=ComSign CA -# Serial Number:14:13:96:83:14:55:8c:ea:7b:63:e5:fc:34:87:77:44 -# Subject: C=IL,O=ComSign,CN=ComSign CA -# Not Valid Before: Wed Mar 24 11:32:18 2004 -# Not Valid After : Mon Mar 19 15:02:18 2029 -# Fingerprint (MD5): CD:F4:39:F3:B5:18:50:D7:3E:A4:C5:91:A0:3E:21:4B -# Fingerprint (SHA1): E1:A4:5B:14:1A:21:DA:1A:79:F4:1A:42:A9:61:D6:69:CD:06:34:C1 +# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US +# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f +# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US +# Not Valid Before: Wed Apr 02 00:00:00 2008 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (MD5): B5:E8:34:36:C9:10:44:58:48:70:6D:2E:83:D4:B8:05 +# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ComSign CA" +CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155 -\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012 -\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125 -\004\006\023\002\111\114 +\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 +\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 +\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 +\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 +\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 +\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 +\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 +\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 +\150\157\162\151\164\171\040\055\040\107\063 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155 -\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012 -\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125 -\004\006\023\002\111\114 +\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 +\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 +\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 +\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 +\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 +\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 +\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 +\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 +\150\157\162\151\164\171\040\055\040\107\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\024\023\226\203\024\125\214\352\173\143\345\374\064\207 -\167\104 +\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030 +\017\037 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\223\060\202\002\173\240\003\002\001\002\002\020\024 -\023\226\203\024\125\214\352\173\143\345\374\064\207\167\104\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\064 -\061\023\060\021\006\003\125\004\003\023\012\103\157\155\123\151 -\147\156\040\103\101\061\020\060\016\006\003\125\004\012\023\007 -\103\157\155\123\151\147\156\061\013\060\011\006\003\125\004\006 -\023\002\111\114\060\036\027\015\060\064\060\063\062\064\061\061 -\063\062\061\070\132\027\015\062\071\060\063\061\071\061\065\060 -\062\061\070\132\060\064\061\023\060\021\006\003\125\004\003\023 -\012\103\157\155\123\151\147\156\040\103\101\061\020\060\016\006 -\003\125\004\012\023\007\103\157\155\123\151\147\156\061\013\060 -\011\006\003\125\004\006\023\002\111\114\060\202\001\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 -\017\000\060\202\001\012\002\202\001\001\000\360\344\124\151\053 -\323\307\217\152\104\344\176\130\047\370\013\320\344\224\022\212 -\361\033\070\070\057\037\061\234\006\324\054\247\336\013\052\256 -\032\240\343\236\152\277\237\074\307\156\242\371\213\144\154\072 -\255\205\125\121\124\245\070\125\270\253\203\004\362\077\144\066 -\367\300\215\103\103\152\146\321\367\027\052\325\357\066\372\060 -\020\102\327\123\315\371\372\063\163\114\263\351\204\040\212\326 -\101\047\065\344\070\372\224\233\270\172\344\171\037\063\373\033 -\330\041\011\050\174\115\030\151\136\144\212\172\031\223\312\176 -\354\363\162\347\067\007\130\131\050\254\102\371\305\377\315\077 -\347\245\372\070\261\320\014\307\331\122\032\123\326\201\314\102 -\172\065\133\355\113\072\172\366\265\216\314\377\017\174\344\140 -\066\207\057\255\360\241\045\175\377\322\113\021\210\160\124\246 -\101\250\147\123\122\102\136\344\064\236\344\276\243\354\252\142 -\135\335\303\114\246\202\101\344\063\013\254\311\063\017\144\202 -\127\052\375\014\255\066\341\014\256\113\305\357\073\231\331\043 -\263\133\135\264\127\354\164\160\014\052\117\002\003\001\000\001 -\243\201\240\060\201\235\060\014\006\003\125\035\023\004\005\060 -\003\001\001\377\060\075\006\003\125\035\037\004\066\060\064\060 -\062\240\060\240\056\206\054\150\164\164\160\072\057\057\146\145 -\144\151\162\056\143\157\155\163\151\147\156\056\143\157\056\151 -\154\057\143\162\154\057\103\157\155\123\151\147\156\103\101\056 -\143\162\154\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\206\060\037\006\003\125\035\043\004\030\060\026\200\024 -\113\001\233\076\126\032\145\066\166\313\173\227\252\222\005\356 -\062\347\050\061\060\035\006\003\125\035\016\004\026\004\024\113 -\001\233\076\126\032\145\066\166\313\173\227\252\222\005\356\062 -\347\050\061\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\003\202\001\001\000\320\331\245\176\376\051\140\105\235 -\176\203\317\156\274\107\156\365\032\236\124\166\102\161\264\074 -\130\077\055\100\045\102\366\201\234\361\211\020\310\016\252\170 -\117\070\011\127\260\074\300\010\374\065\216\361\110\121\215\014 -\161\164\272\204\304\327\162\233\204\174\070\116\144\006\047\052 -\341\247\265\354\010\231\264\012\015\324\205\163\310\022\341\065 -\355\361\005\061\035\163\231\014\353\226\312\335\323\346\205\252 -\360\212\373\165\301\362\011\074\145\145\144\363\114\330\255\313 -\210\151\363\344\203\267\014\275\027\132\226\027\312\133\377\255 -\273\034\351\055\204\200\330\041\276\205\122\331\324\164\271\151 -\205\272\115\355\050\062\353\371\141\112\344\304\066\036\031\334 -\157\204\021\037\225\365\203\050\030\250\063\222\103\047\335\135 -\023\004\105\117\207\325\106\315\075\250\272\360\363\270\126\044 -\105\353\067\307\341\166\117\162\071\030\337\176\164\162\307\163 -\055\071\352\140\346\255\021\242\126\207\173\303\150\232\376\370 -\214\160\250\337\145\062\364\244\100\214\241\302\104\003\016\224 -\000\147\240\161\000\202\110 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "ComSign CA" -# Issuer: C=IL,O=ComSign,CN=ComSign CA -# Serial Number:14:13:96:83:14:55:8c:ea:7b:63:e5:fc:34:87:77:44 -# Subject: C=IL,O=ComSign,CN=ComSign CA -# Not Valid Before: Wed Mar 24 11:32:18 2004 -# Not Valid After : Mon Mar 19 15:02:18 2029 -# Fingerprint (MD5): CD:F4:39:F3:B5:18:50:D7:3E:A4:C5:91:A0:3E:21:4B -# Fingerprint (SHA1): E1:A4:5B:14:1A:21:DA:1A:79:F4:1A:42:A9:61:D6:69:CD:06:34:C1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ComSign CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\341\244\133\024\032\041\332\032\171\364\032\102\251\141\326\151 -\315\006\064\301 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\315\364\071\363\265\030\120\327\076\244\305\221\240\076\041\113 -END -CKA_ISSUER MULTILINE_OCTAL -\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155 -\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012 -\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125 -\004\006\023\002\111\114 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\024\023\226\203\024\125\214\352\173\143\345\374\064\207 -\167\104 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Cybertrust Global Root" -# -# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Serial Number:04:00:00:00:00:01:0f:85:aa:2d:48 -# Subject: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Not Valid Before: Fri Dec 15 08:00:00 2006 -# Not Valid After : Wed Dec 15 08:00:00 2021 -# Fingerprint (MD5): 72:E4:4A:87:E3:69:40:80:77:EA:BC:E3:F4:FF:F0:E1 -# Fingerprint (SHA1): 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Cybertrust Global Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 -\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 -\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 -\164\040\107\154\157\142\141\154\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 -\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 -\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 -\164\040\107\154\157\142\141\154\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\017\205\252\055\110 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\241\060\202\002\211\240\003\002\001\002\002\013\004 -\000\000\000\000\001\017\205\252\055\110\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\073\061\030\060\026\006 -\003\125\004\012\023\017\103\171\142\145\162\164\162\165\163\164 -\054\040\111\156\143\061\037\060\035\006\003\125\004\003\023\026 -\103\171\142\145\162\164\162\165\163\164\040\107\154\157\142\141 -\154\040\122\157\157\164\060\036\027\015\060\066\061\062\061\065 -\060\070\060\060\060\060\132\027\015\062\061\061\062\061\065\060 -\070\060\060\060\060\132\060\073\061\030\060\026\006\003\125\004 -\012\023\017\103\171\142\145\162\164\162\165\163\164\054\040\111 -\156\143\061\037\060\035\006\003\125\004\003\023\026\103\171\142 -\145\162\164\162\165\163\164\040\107\154\157\142\141\154\040\122 -\157\157\164\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\370\310\274\275\024\120\146\023\377\360\323\171 -\354\043\362\267\032\307\216\205\361\022\163\246\031\252\020\333 -\234\242\145\164\132\167\076\121\175\126\366\334\043\266\324\355 -\137\130\261\067\115\325\111\016\156\365\152\207\326\322\214\322 -\047\306\342\377\066\237\230\145\240\023\116\306\052\144\233\325 -\220\022\317\024\006\364\073\343\324\050\276\350\016\370\253\116 -\110\224\155\216\225\061\020\134\355\242\055\275\325\072\155\262 -\034\273\140\300\106\113\001\365\111\256\176\106\212\320\164\215 -\241\014\002\316\356\374\347\217\270\153\146\363\177\104\000\277 -\146\045\024\053\335\020\060\035\007\226\077\115\366\153\270\217 -\267\173\014\245\070\353\336\107\333\325\135\071\374\210\247\363 -\327\052\164\361\350\132\242\073\237\120\272\246\214\105\065\302 -\120\145\225\334\143\202\357\335\277\167\115\234\142\311\143\163 -\026\320\051\017\111\251\110\360\263\252\267\154\305\247\060\071 -\100\135\256\304\342\135\046\123\360\316\034\043\010\141\250\224 -\031\272\004\142\100\354\037\070\160\167\022\006\161\247\060\030 -\135\045\047\245\002\003\001\000\001\243\201\245\060\201\242\060 +\060\202\003\376\060\202\002\346\240\003\002\001\002\002\020\025 +\254\156\224\031\262\171\113\101\366\047\251\303\030\017\037\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 +\230\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026 +\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163 +\164\040\111\156\143\056\061\071\060\067\006\003\125\004\013\023 +\060\050\143\051\040\062\060\060\070\040\107\145\157\124\162\165 +\163\164\040\111\156\143\056\040\055\040\106\157\162\040\141\165 +\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 +\171\061\066\060\064\006\003\125\004\003\023\055\107\145\157\124 +\162\165\163\164\040\120\162\151\155\141\162\171\040\103\145\162 +\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 +\162\151\164\171\040\055\040\107\063\060\036\027\015\060\070\060 +\064\060\062\060\060\060\060\060\060\132\027\015\063\067\061\062 +\060\061\062\063\065\071\065\071\132\060\201\230\061\013\060\011 +\006\003\125\004\006\023\002\125\123\061\026\060\024\006\003\125 +\004\012\023\015\107\145\157\124\162\165\163\164\040\111\156\143 +\056\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040 +\062\060\060\070\040\107\145\157\124\162\165\163\164\040\111\156 +\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 +\172\145\144\040\165\163\145\040\157\156\154\171\061\066\060\064 +\006\003\125\004\003\023\055\107\145\157\124\162\165\163\164\040 +\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143 +\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 +\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206 +\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 +\002\202\001\001\000\334\342\136\142\130\035\063\127\071\062\063 +\372\353\313\207\214\247\324\112\335\006\210\352\144\216\061\230 +\245\070\220\036\230\317\056\143\053\360\106\274\104\262\211\241 +\300\050\014\111\160\041\225\237\144\300\246\223\022\002\145\046 +\206\306\245\211\360\372\327\204\240\160\257\117\032\227\077\006 +\104\325\311\353\162\020\175\344\061\050\373\034\141\346\050\007 +\104\163\222\042\151\247\003\210\154\235\143\310\122\332\230\047 +\347\010\114\160\076\264\311\022\301\305\147\203\135\063\363\003 +\021\354\152\320\123\342\321\272\066\140\224\200\273\141\143\154 +\133\027\176\337\100\224\036\253\015\302\041\050\160\210\377\326 +\046\154\154\140\004\045\116\125\176\175\357\277\224\110\336\267 +\035\335\160\215\005\137\210\245\233\362\302\356\352\321\100\101 +\155\142\070\035\126\006\305\003\107\121\040\031\374\173\020\013 +\016\142\256\166\125\277\137\167\276\076\111\001\123\075\230\045 +\003\166\044\132\035\264\333\211\352\171\345\266\263\073\077\272 +\114\050\101\177\006\254\152\216\301\320\366\005\035\175\346\102 +\206\343\245\325\107\002\003\001\000\001\243\102\060\100\060\017 +\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 \016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\035\006\003\125\035\016\004\026\004\024\266\010\173\015\172 -\314\254\040\114\206\126\062\136\317\253\156\205\055\160\127\060 -\077\006\003\125\035\037\004\070\060\066\060\064\240\062\240\060 -\206\056\150\164\164\160\072\057\057\167\167\167\062\056\160\165 -\142\154\151\143\055\164\162\165\163\164\056\143\157\155\057\143 -\162\154\057\143\164\057\143\164\162\157\157\164\056\143\162\154 -\060\037\006\003\125\035\043\004\030\060\026\200\024\266\010\173 -\015\172\314\254\040\114\206\126\062\136\317\253\156\205\055\160 -\127\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\001\001\000\126\357\012\043\240\124\116\225\227\311\370 -\211\332\105\301\324\243\000\045\364\037\023\253\267\243\205\130 -\151\302\060\255\330\025\212\055\343\311\315\201\132\370\163\043 -\132\247\174\005\363\375\042\073\016\321\006\304\333\066\114\163 -\004\216\345\260\042\344\305\363\056\245\331\043\343\270\116\112 -\040\247\156\002\044\237\042\140\147\173\213\035\162\011\305\061 -\134\351\171\237\200\107\075\255\241\013\007\024\075\107\377\003 -\151\032\014\013\104\347\143\045\247\177\262\311\270\166\204\355 -\043\366\175\007\253\105\176\323\337\263\277\351\212\266\315\250 -\242\147\053\122\325\267\145\360\071\114\143\240\221\171\223\122 -\017\124\335\203\273\237\321\217\247\123\163\303\313\377\060\354 -\174\004\270\330\104\037\223\137\161\011\042\267\156\076\352\034 -\003\116\235\032\040\141\373\201\067\354\136\374\012\105\253\327 -\347\027\125\320\240\352\140\233\246\366\343\214\133\051\302\006 -\140\024\235\055\227\114\251\223\025\235\141\304\001\137\110\326 -\130\275\126\061\022\116\021\310\041\340\263\021\221\145\333\264 -\246\210\070\316\125 +\035\006\003\125\035\016\004\026\004\024\304\171\312\216\241\116 +\003\035\034\334\153\333\061\133\224\076\077\060\177\055\060\015 +\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001 +\001\000\055\305\023\317\126\200\173\172\170\275\237\256\054\231 +\347\357\332\337\224\136\011\151\247\347\156\150\214\275\162\276 +\107\251\016\227\022\270\112\361\144\323\071\337\045\064\324\301 +\315\116\201\360\017\004\304\044\263\064\226\306\246\252\060\337 +\150\141\163\327\371\216\205\211\357\016\136\225\050\112\052\047 +\217\020\216\056\174\206\304\002\236\332\014\167\145\016\104\015 +\222\375\375\263\026\066\372\021\015\035\214\016\007\211\152\051 +\126\367\162\364\335\025\234\167\065\146\127\253\023\123\330\216 +\301\100\305\327\023\026\132\162\307\267\151\001\304\172\261\203 +\001\150\175\215\101\241\224\030\301\045\134\374\360\376\203\002 +\207\174\015\015\317\056\010\134\112\100\015\076\354\201\141\346 +\044\333\312\340\016\055\007\262\076\126\334\215\365\101\205\007 +\110\233\014\013\313\111\077\175\354\267\375\313\215\147\211\032 +\253\355\273\036\243\000\010\010\027\052\202\134\061\135\106\212 +\055\017\206\233\164\331\105\373\324\100\261\172\252\150\055\206 +\262\231\042\341\301\053\307\234\370\363\137\250\202\022\353\031 +\021\055 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "Cybertrust Global Root" -# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Serial Number:04:00:00:00:00:01:0f:85:aa:2d:48 -# Subject: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Not Valid Before: Fri Dec 15 08:00:00 2006 -# Not Valid After : Wed Dec 15 08:00:00 2021 -# Fingerprint (MD5): 72:E4:4A:87:E3:69:40:80:77:EA:BC:E3:F4:FF:F0:E1 -# Fingerprint (SHA1): 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 +# Trust for Certificate "GeoTrust Primary Certification Authority - G3" +# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US +# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f +# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US +# Not Valid Before: Wed Apr 02 00:00:00 2008 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (MD5): B5:E8:34:36:C9:10:44:58:48:70:6D:2E:83:D4:B8:05 +# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Cybertrust Global Root" +CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\137\103\345\261\277\370\170\214\254\034\307\312\112\232\306\042 -\053\314\064\306 +\003\236\355\270\013\347\240\074\151\123\211\073\040\322\331\062 +\072\114\052\375 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\162\344\112\207\343\151\100\200\167\352\274\343\364\377\360\341 +\265\350\064\066\311\020\104\130\110\160\155\056\203\324\270\005 END CKA_ISSUER MULTILINE_OCTAL -\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 -\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 -\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 -\164\040\107\154\157\142\141\154\040\122\157\157\164 +\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 +\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 +\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 +\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 +\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 +\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 +\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 +\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 +\150\157\162\151\164\171\040\055\040\107\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\017\205\252\055\110 +\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030 +\017\037 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "ePKI Root Certification Authority" +# Certificate "thawte Primary Root CA - G2" # -# Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW -# Serial Number:15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d -# Subject: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW -# Not Valid Before: Mon Dec 20 02:31:27 2004 -# Not Valid After : Wed Dec 20 02:31:27 2034 -# Fingerprint (MD5): 1B:2E:00:CA:26:06:90:3D:AD:FE:6F:15:68:D3:6B:B3 -# Fingerprint (SHA1): 67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 +# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US +# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56 +# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US +# Not Valid Before: Mon Nov 05 00:00:00 2007 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (MD5): 74:9D:EA:60:24:C4:FD:22:53:3E:CC:3A:72:D9:29:4F +# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ePKI Root Certification Authority" +CKA_LABEL UTF8 "thawte Primary Root CA - G2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150 -\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040 -\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145 -\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 +\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 +\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 +\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 +\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 +\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 +\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 +\103\101\040\055\040\107\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150 -\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040 -\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145 -\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 +\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 +\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 +\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 +\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 +\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 +\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 +\103\101\040\055\040\107\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\025\310\275\145\107\134\257\270\227\000\136\344\006\322 -\274\235 -END +\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256 +\327\126 +END CKA_VALUE MULTILINE_OCTAL -\060\202\005\260\060\202\003\230\240\003\002\001\002\002\020\025 -\310\275\145\107\134\257\270\227\000\136\344\006\322\274\235\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\136 -\061\013\060\011\006\003\125\004\006\023\002\124\127\061\043\060 -\041\006\003\125\004\012\014\032\103\150\165\156\147\150\167\141 -\040\124\145\154\145\143\157\155\040\103\157\056\054\040\114\164 -\144\056\061\052\060\050\006\003\125\004\013\014\041\145\120\113 -\111\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036 -\027\015\060\064\061\062\062\060\060\062\063\061\062\067\132\027 -\015\063\064\061\062\062\060\060\062\063\061\062\067\132\060\136 -\061\013\060\011\006\003\125\004\006\023\002\124\127\061\043\060 -\041\006\003\125\004\012\014\032\103\150\165\156\147\150\167\141 -\040\124\145\154\145\143\157\155\040\103\157\056\054\040\114\164 -\144\056\061\052\060\050\006\003\125\004\013\014\041\145\120\113 -\111\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202 -\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\341 -\045\017\356\215\333\210\063\165\147\315\255\037\175\072\116\155 -\235\323\057\024\363\143\164\313\001\041\152\067\352\204\120\007 -\113\046\133\011\103\154\041\236\152\310\325\003\365\140\151\217 -\314\360\042\344\037\347\367\152\042\061\267\054\025\362\340\376 -\000\152\103\377\207\145\306\265\032\301\247\114\155\042\160\041 -\212\061\362\227\164\211\011\022\046\034\236\312\331\022\242\225 -\074\332\351\147\277\010\240\144\343\326\102\267\105\357\227\364 -\366\365\327\265\112\025\002\130\175\230\130\113\140\274\315\327 -\015\232\023\063\123\321\141\371\172\325\327\170\263\232\063\367 -\000\206\316\035\115\224\070\257\250\354\170\121\160\212\134\020 -\203\121\041\367\021\075\064\206\136\345\110\315\227\201\202\065 -\114\031\354\145\366\153\305\005\241\356\107\023\326\263\041\047 -\224\020\012\331\044\073\272\276\104\023\106\060\077\227\074\330 -\327\327\152\356\073\070\343\053\324\227\016\271\033\347\007\111 -\177\067\052\371\167\170\317\124\355\133\106\235\243\200\016\221 -\103\301\326\133\137\024\272\237\246\215\044\107\100\131\277\162 -\070\262\066\154\067\377\231\321\135\016\131\012\253\151\367\300 -\262\004\105\172\124\000\256\276\123\366\265\347\341\370\074\243 -\061\322\251\376\041\122\144\305\246\147\360\165\007\006\224\024 -\201\125\306\047\344\001\217\027\301\152\161\327\276\113\373\224 -\130\175\176\021\063\261\102\367\142\154\030\326\317\011\150\076 -\177\154\366\036\217\142\255\245\143\333\011\247\037\042\102\101 -\036\157\231\212\076\327\371\077\100\172\171\260\245\001\222\322 -\235\075\010\025\245\020\001\055\263\062\166\250\225\015\263\172 -\232\373\007\020\170\021\157\341\217\307\272\017\045\032\164\052 -\345\034\230\101\231\337\041\207\350\225\006\152\012\263\152\107 -\166\145\366\072\317\217\142\027\031\173\012\050\315\032\322\203 -\036\041\307\054\277\276\377\141\150\267\147\033\273\170\115\215 -\316\147\345\344\301\216\267\043\146\342\235\220\165\064\230\251 -\066\053\212\232\224\271\235\354\314\212\261\370\045\211\134\132 -\266\057\214\037\155\171\044\247\122\150\303\204\065\342\146\215 -\143\016\045\115\325\031\262\346\171\067\247\042\235\124\061\002 -\003\001\000\001\243\152\060\150\060\035\006\003\125\035\016\004 -\026\004\024\036\014\367\266\147\362\341\222\046\011\105\300\125 -\071\056\167\077\102\112\242\060\014\006\003\125\035\023\004\005 -\060\003\001\001\377\060\071\006\004\147\052\007\000\004\061\060 -\057\060\055\002\001\000\060\011\006\005\053\016\003\002\032\005 -\000\060\007\006\005\147\052\003\000\000\004\024\105\260\302\307 -\012\126\174\356\133\170\014\225\371\030\123\301\246\034\330\020 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\002\001\000\011\263\203\123\131\001\076\225\111\271\361\201 -\272\371\166\040\043\265\047\140\164\324\152\231\064\136\154\000 -\123\331\237\362\246\261\044\007\104\152\052\306\245\216\170\022 -\350\107\331\130\033\023\052\136\171\233\237\012\052\147\246\045 -\077\006\151\126\163\303\212\146\110\373\051\201\127\164\006\312 -\234\352\050\350\070\147\046\053\361\325\265\077\145\223\370\066 -\135\216\215\215\100\040\207\031\352\357\047\300\075\264\071\017 -\045\173\150\120\164\125\234\014\131\175\132\075\101\224\045\122 -\010\340\107\054\025\061\031\325\277\007\125\306\273\022\265\227 -\364\137\203\205\272\161\301\331\154\201\021\166\012\012\260\277 -\202\227\367\352\075\372\372\354\055\251\050\224\073\126\335\322 -\121\056\256\300\275\010\025\214\167\122\064\226\326\233\254\323 -\035\216\141\017\065\173\233\256\071\151\013\142\140\100\040\066 -\217\257\373\066\356\055\010\112\035\270\277\233\134\370\352\245 -\033\240\163\246\330\370\156\340\063\004\137\150\252\047\207\355 -\331\301\220\234\355\275\343\152\065\257\143\337\253\030\331\272 -\346\351\112\352\120\212\017\141\223\036\342\055\031\342\060\224 -\065\222\135\016\266\007\257\031\200\217\107\220\121\113\056\115 -\335\205\342\322\012\122\012\027\232\374\032\260\120\002\345\001 -\243\143\067\041\114\104\304\233\121\231\021\016\163\234\006\217 -\124\056\247\050\136\104\071\207\126\055\067\275\205\104\224\341 -\014\113\054\234\303\222\205\064\141\313\017\270\233\112\103\122 -\376\064\072\175\270\351\051\334\166\251\310\060\370\024\161\200 -\306\036\066\110\164\042\101\134\207\202\350\030\161\213\101\211 -\104\347\176\130\133\250\270\215\023\351\247\154\303\107\355\263 -\032\235\142\256\215\202\352\224\236\335\131\020\303\255\335\342 -\115\343\061\325\307\354\350\362\260\376\222\036\026\012\032\374 -\331\363\370\047\266\311\276\035\264\154\144\220\177\364\344\304 -\133\327\067\256\102\016\335\244\032\157\174\210\124\305\026\156 -\341\172\150\056\370\072\277\015\244\074\211\073\170\247\116\143 -\203\004\041\010\147\215\362\202\111\320\133\375\261\315\017\203 -\204\324\076\040\205\367\112\075\053\234\375\052\012\011\115\352 -\201\370\021\234 +\060\202\002\210\060\202\002\015\240\003\002\001\002\002\020\065 +\374\046\134\331\204\117\311\075\046\075\127\233\256\327\126\060 +\012\006\010\052\206\110\316\075\004\003\003\060\201\204\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006 +\003\125\004\012\023\014\164\150\141\167\164\145\054\040\111\156 +\143\056\061\070\060\066\006\003\125\004\013\023\057\050\143\051 +\040\062\060\060\067\040\164\150\141\167\164\145\054\040\111\156 +\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 +\172\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042 +\006\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162 +\151\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040 +\107\062\060\036\027\015\060\067\061\061\060\065\060\060\060\060 +\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 +\071\132\060\201\204\061\013\060\011\006\003\125\004\006\023\002 +\125\123\061\025\060\023\006\003\125\004\012\023\014\164\150\141 +\167\164\145\054\040\111\156\143\056\061\070\060\066\006\003\125 +\004\013\023\057\050\143\051\040\062\060\060\067\040\164\150\141 +\167\164\145\054\040\111\156\143\056\040\055\040\106\157\162\040 +\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 +\156\154\171\061\044\060\042\006\003\125\004\003\023\033\164\150 +\141\167\164\145\040\120\162\151\155\141\162\171\040\122\157\157 +\164\040\103\101\040\055\040\107\062\060\166\060\020\006\007\052 +\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 +\004\242\325\234\202\173\225\235\361\122\170\207\376\212\026\277 +\005\346\337\243\002\117\015\007\306\000\121\272\014\002\122\055 +\042\244\102\071\304\376\217\352\311\301\276\324\115\377\237\172 +\236\342\261\174\232\255\247\206\011\163\207\321\347\232\343\172 +\245\252\156\373\272\263\160\300\147\210\242\065\324\243\232\261 +\375\255\302\357\061\372\250\271\363\373\010\306\221\321\373\051 +\225\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 +\024\232\330\000\060\000\347\153\177\205\030\356\213\266\316\212 +\014\370\021\341\273\060\012\006\010\052\206\110\316\075\004\003 +\003\003\151\000\060\146\002\061\000\335\370\340\127\107\133\247 +\346\012\303\275\365\200\212\227\065\015\033\211\074\124\206\167 +\050\312\241\364\171\336\265\346\070\260\360\145\160\214\177\002 +\124\302\277\377\330\241\076\331\317\002\061\000\304\215\224\374 +\334\123\322\334\235\170\026\037\025\063\043\123\122\343\132\061 +\135\235\312\256\275\023\051\104\015\047\133\250\347\150\234\022 +\367\130\077\056\162\002\127\243\217\241\024\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "ePKI Root Certification Authority" -# Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW -# Serial Number:15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d -# Subject: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW -# Not Valid Before: Mon Dec 20 02:31:27 2004 -# Not Valid After : Wed Dec 20 02:31:27 2034 -# Fingerprint (MD5): 1B:2E:00:CA:26:06:90:3D:AD:FE:6F:15:68:D3:6B:B3 -# Fingerprint (SHA1): 67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 +# Trust for Certificate "thawte Primary Root CA - G2" +# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US +# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56 +# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US +# Not Valid Before: Mon Nov 05 00:00:00 2007 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (MD5): 74:9D:EA:60:24:C4:FD:22:53:3E:CC:3A:72:D9:29:4F +# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ePKI Root Certification Authority" +CKA_LABEL UTF8 "thawte Primary Root CA - G2" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\147\145\015\361\176\216\176\133\202\100\244\364\126\113\317\342 -\075\151\306\360 +\252\333\274\042\043\217\304\001\241\047\273\070\335\364\035\333 +\010\236\360\022 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\033\056\000\312\046\006\220\075\255\376\157\025\150\323\153\263 +\164\235\352\140\044\304\375\042\123\076\314\072\162\331\051\117 END CKA_ISSUER MULTILINE_OCTAL -\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150 -\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040 -\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145 -\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 +\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 +\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 +\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 +\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 +\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 +\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 +\103\101\040\055\040\107\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\025\310\275\145\107\134\257\270\227\000\136\344\006\322 -\274\235 +\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256 +\327\126 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "certSIGN ROOT CA" +# Certificate "thawte Primary Root CA - G3" # -# Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO -# Serial Number:20:06:05:16:70:02 -# Subject: OU=certSIGN ROOT CA,O=certSIGN,C=RO -# Not Valid Before: Tue Jul 04 17:20:04 2006 -# Not Valid After : Fri Jul 04 17:20:04 2031 -# Fingerprint (MD5): 18:98:C0:D6:E9:3A:FC:F9:B0:F5:0C:F7:4B:01:44:17 -# Fingerprint (SHA1): FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B +# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US +# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb +# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US +# Not Valid Before: Wed Apr 02 00:00:00 2008 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (MD5): FB:1B:5D:43:8A:94:CD:44:C6:76:F2:43:4B:47:E7:31 +# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "certSIGN ROOT CA" +CKA_LABEL UTF8 "thawte Primary Root CA - G3" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061 -\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111 -\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162 -\164\123\111\107\116\040\122\117\117\124\040\103\101 +\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 +\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 +\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 +\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 +\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 +\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 +\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 +\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 +\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 +\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 +\063 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061 -\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111 -\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162 -\164\123\111\107\116\040\122\117\117\124\040\103\101 +\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 +\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 +\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 +\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 +\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 +\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 +\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 +\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 +\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 +\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 +\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\006\040\006\005\026\160\002 +\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367 +\220\373 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\070\060\202\002\040\240\003\002\001\002\002\006\040 -\006\005\026\160\002\060\015\006\011\052\206\110\206\367\015\001 -\001\005\005\000\060\073\061\013\060\011\006\003\125\004\006\023 -\002\122\117\061\021\060\017\006\003\125\004\012\023\010\143\145 -\162\164\123\111\107\116\061\031\060\027\006\003\125\004\013\023 -\020\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103 -\101\060\036\027\015\060\066\060\067\060\064\061\067\062\060\060 -\064\132\027\015\063\061\060\067\060\064\061\067\062\060\060\064 -\132\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117 -\061\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123 -\111\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145 -\162\164\123\111\107\116\040\122\117\117\124\040\103\101\060\202 -\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\267 -\063\271\176\310\045\112\216\265\333\264\050\033\252\127\220\350 -\321\042\323\144\272\323\223\350\324\254\206\141\100\152\140\127 -\150\124\204\115\274\152\124\002\005\377\337\233\232\052\256\135 -\007\217\112\303\050\177\357\373\053\372\171\361\307\255\360\020 -\123\044\220\213\146\311\250\210\253\257\132\243\000\351\276\272 -\106\356\133\163\173\054\027\202\201\136\142\054\241\002\145\263 -\275\305\053\000\176\304\374\003\063\127\015\355\342\372\316\135 -\105\326\070\315\065\266\262\301\320\234\201\112\252\344\262\001 -\134\035\217\137\231\304\261\255\333\210\041\353\220\010\202\200 -\363\060\243\103\346\220\202\256\125\050\111\355\133\327\251\020 -\070\016\376\217\114\133\233\106\352\101\365\260\010\164\303\320 -\210\063\266\174\327\164\337\334\204\321\103\016\165\071\241\045 -\100\050\352\170\313\016\054\056\071\235\214\213\156\026\034\057 -\046\202\020\342\343\145\224\012\004\300\136\367\135\133\370\020 -\342\320\272\172\113\373\336\067\000\000\032\133\050\343\322\234 -\163\076\062\207\230\241\311\121\057\327\336\254\063\263\117\002 -\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023\001 -\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\306\060\035\006\003\125\035\016 -\004\026\004\024\340\214\233\333\045\111\263\361\174\206\326\262 -\102\207\013\320\153\240\331\344\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\003\202\001\001\000\076\322\034\211 -\056\065\374\370\165\335\346\177\145\210\364\162\114\311\054\327 -\062\116\363\335\031\171\107\275\216\073\133\223\017\120\111\044 -\023\153\024\006\162\357\011\323\241\241\343\100\204\311\347\030 -\062\164\074\110\156\017\237\113\324\367\036\323\223\206\144\124 -\227\143\162\120\325\125\317\372\040\223\002\242\233\303\043\223 -\116\026\125\166\240\160\171\155\315\041\037\317\057\055\274\031 -\343\210\061\370\131\032\201\011\310\227\246\164\307\140\304\133 -\314\127\216\262\165\375\033\002\011\333\131\157\162\223\151\367 -\061\101\326\210\070\277\207\262\275\026\171\371\252\344\276\210 -\045\335\141\047\043\034\265\061\007\004\066\264\032\220\275\240 -\164\161\120\211\155\274\024\343\017\206\256\361\253\076\307\240 -\011\314\243\110\321\340\333\144\347\222\265\317\257\162\103\160 -\213\371\303\204\074\023\252\176\222\233\127\123\223\372\160\302 -\221\016\061\371\233\147\135\351\226\070\136\137\263\163\116\210 -\025\147\336\236\166\020\142\040\276\125\151\225\103\000\071\115 -\366\356\260\132\116\111\104\124\130\137\102\203 +\060\202\004\052\060\202\003\022\240\003\002\001\002\002\020\140 +\001\227\267\106\247\352\264\264\232\326\113\057\367\220\373\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 +\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025 +\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145\054 +\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023\037 +\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 +\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156\061 +\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062\060 +\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056\040 +\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144 +\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003\125 +\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155\141 +\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063\060 +\036\027\015\060\070\060\064\060\062\060\060\060\060\060\060\132 +\027\015\063\067\061\062\060\061\062\063\065\071\065\071\132\060 +\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145 +\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023 +\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123 +\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156 +\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062 +\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056 +\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145 +\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003 +\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155 +\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063 +\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 +\000\262\277\047\054\373\333\330\133\335\170\173\033\236\167\146 +\201\313\076\274\174\256\363\246\047\232\064\243\150\061\161\070 +\063\142\344\363\161\146\171\261\251\145\243\245\213\325\217\140 +\055\077\102\314\252\153\062\300\043\313\054\101\335\344\337\374 +\141\234\342\163\262\042\225\021\103\030\137\304\266\037\127\154 +\012\005\130\042\310\066\114\072\174\245\321\317\206\257\210\247 +\104\002\023\164\161\163\012\102\131\002\370\033\024\153\102\337 +\157\137\272\153\202\242\235\133\347\112\275\036\001\162\333\113 +\164\350\073\177\177\175\037\004\264\046\233\340\264\132\254\107 +\075\125\270\327\260\046\122\050\001\061\100\146\330\331\044\275 +\366\052\330\354\041\111\134\233\366\172\351\177\125\065\176\226 +\153\215\223\223\047\313\222\273\352\254\100\300\237\302\370\200 +\317\135\364\132\334\316\164\206\246\076\154\013\123\312\275\222 +\316\031\006\162\346\014\134\070\151\307\004\326\274\154\316\133 +\366\367\150\234\334\045\025\110\210\241\351\251\370\230\234\340 +\363\325\061\050\141\021\154\147\226\215\071\231\313\302\105\044 +\071\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 +\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 +\035\016\004\026\004\024\255\154\252\224\140\234\355\344\377\372 +\076\012\164\053\143\003\367\266\131\277\060\015\006\011\052\206 +\110\206\367\015\001\001\013\005\000\003\202\001\001\000\032\100 +\330\225\145\254\011\222\211\306\071\364\020\345\251\016\146\123 +\135\170\336\372\044\221\273\347\104\121\337\306\026\064\012\357 +\152\104\121\352\053\007\212\003\172\303\353\077\012\054\122\026 +\240\053\103\271\045\220\077\160\251\063\045\155\105\032\050\073 +\047\317\252\303\051\102\033\337\073\114\300\063\064\133\101\210 +\277\153\053\145\257\050\357\262\365\303\252\146\316\173\126\356 +\267\310\313\147\301\311\234\032\030\270\304\303\111\003\361\140 +\016\120\315\106\305\363\167\171\367\266\025\340\070\333\307\057 +\050\240\014\077\167\046\164\331\045\022\332\061\332\032\036\334 +\051\101\221\042\074\151\247\273\002\362\266\134\047\003\211\364 +\006\352\233\344\162\202\343\241\011\301\351\000\031\323\076\324 +\160\153\272\161\246\252\130\256\364\273\351\154\266\357\207\314 +\233\273\377\071\346\126\141\323\012\247\304\134\114\140\173\005 +\167\046\172\277\330\007\122\054\142\367\160\143\331\071\274\157 +\034\302\171\334\166\051\257\316\305\054\144\004\136\210\066\156 +\061\324\100\032\142\064\066\077\065\001\256\254\143\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "certSIGN ROOT CA" -# Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO -# Serial Number:20:06:05:16:70:02 -# Subject: OU=certSIGN ROOT CA,O=certSIGN,C=RO -# Not Valid Before: Tue Jul 04 17:20:04 2006 -# Not Valid After : Fri Jul 04 17:20:04 2031 -# Fingerprint (MD5): 18:98:C0:D6:E9:3A:FC:F9:B0:F5:0C:F7:4B:01:44:17 -# Fingerprint (SHA1): FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B +# Trust for Certificate "thawte Primary Root CA - G3" +# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US +# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb +# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US +# Not Valid Before: Wed Apr 02 00:00:00 2008 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (MD5): FB:1B:5D:43:8A:94:CD:44:C6:76:F2:43:4B:47:E7:31 +# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "certSIGN ROOT CA" +CKA_LABEL UTF8 "thawte Primary Root CA - G3" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\372\267\356\066\227\046\142\373\055\260\052\366\277\003\375\350 -\174\113\057\233 +\361\213\123\215\033\351\003\266\246\360\126\103\133\027\025\211 +\312\363\153\362 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\030\230\300\326\351\072\374\371\260\365\014\367\113\001\104\027 +\373\033\135\103\212\224\315\104\306\166\362\103\113\107\347\061 END CKA_ISSUER MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061 -\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111 -\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162 -\164\123\111\107\116\040\122\117\117\124\040\103\101 +\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 +\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 +\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 +\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 +\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 +\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 +\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 +\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 +\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 +\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 +\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\006\040\006\005\026\160\002 +\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367 +\220\373 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "GeoTrust Primary Certification Authority - G3" +# Certificate "GeoTrust Primary Certification Authority - G2" # -# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f -# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): B5:E8:34:36:C9:10:44:58:48:70:6D:2E:83:D4:B8:05 -# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD +# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US +# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b +# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US +# Not Valid Before: Mon Nov 05 00:00:00 2007 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (MD5): 01:5E:D8:6B:BD:6F:3D:8E:A1:31:F8:12:E0:98:73:6A +# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3" +CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL \060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 \061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 \165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 +\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 \162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 \141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 \156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 \157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 \145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\063 +\150\157\162\151\164\171\040\055\040\107\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL \060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 \061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 \165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 +\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 \162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 \141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 \156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 \157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 \145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\063 +\150\157\162\151\164\171\040\055\040\107\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030 -\017\037 +\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076 +\303\153 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\376\060\202\002\346\240\003\002\001\002\002\020\025 -\254\156\224\031\262\171\113\101\366\047\251\303\030\017\037\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\230\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026 -\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163 -\164\040\111\156\143\056\061\071\060\067\006\003\125\004\013\023 -\060\050\143\051\040\062\060\060\070\040\107\145\157\124\162\165 -\163\164\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\066\060\064\006\003\125\004\003\023\055\107\145\157\124 -\162\165\163\164\040\120\162\151\155\141\162\171\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\055\040\107\063\060\036\027\015\060\070\060 -\064\060\062\060\060\060\060\060\060\132\027\015\063\067\061\062 -\060\061\062\063\065\071\065\071\132\060\201\230\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\026\060\024\006\003\125 -\004\012\023\015\107\145\157\124\162\165\163\164\040\111\156\143 -\056\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040 -\062\060\060\070\040\107\145\157\124\162\165\163\164\040\111\156 -\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\066\060\064 -\006\003\125\004\003\023\055\107\145\157\124\162\165\163\164\040 -\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 -\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\334\342\136\142\130\035\063\127\071\062\063 -\372\353\313\207\214\247\324\112\335\006\210\352\144\216\061\230 -\245\070\220\036\230\317\056\143\053\360\106\274\104\262\211\241 -\300\050\014\111\160\041\225\237\144\300\246\223\022\002\145\046 -\206\306\245\211\360\372\327\204\240\160\257\117\032\227\077\006 -\104\325\311\353\162\020\175\344\061\050\373\034\141\346\050\007 -\104\163\222\042\151\247\003\210\154\235\143\310\122\332\230\047 -\347\010\114\160\076\264\311\022\301\305\147\203\135\063\363\003 -\021\354\152\320\123\342\321\272\066\140\224\200\273\141\143\154 -\133\027\176\337\100\224\036\253\015\302\041\050\160\210\377\326 -\046\154\154\140\004\045\116\125\176\175\357\277\224\110\336\267 -\035\335\160\215\005\137\210\245\233\362\302\356\352\321\100\101 -\155\142\070\035\126\006\305\003\107\121\040\031\374\173\020\013 -\016\142\256\166\125\277\137\167\276\076\111\001\123\075\230\045 -\003\166\044\132\035\264\333\211\352\171\345\266\263\073\077\272 -\114\050\101\177\006\254\152\216\301\320\366\005\035\175\346\102 -\206\343\245\325\107\002\003\001\000\001\243\102\060\100\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\035\006\003\125\035\016\004\026\004\024\304\171\312\216\241\116 -\003\035\034\334\153\333\061\133\224\076\077\060\177\055\060\015 -\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001 -\001\000\055\305\023\317\126\200\173\172\170\275\237\256\054\231 -\347\357\332\337\224\136\011\151\247\347\156\150\214\275\162\276 -\107\251\016\227\022\270\112\361\144\323\071\337\045\064\324\301 -\315\116\201\360\017\004\304\044\263\064\226\306\246\252\060\337 -\150\141\163\327\371\216\205\211\357\016\136\225\050\112\052\047 -\217\020\216\056\174\206\304\002\236\332\014\167\145\016\104\015 -\222\375\375\263\026\066\372\021\015\035\214\016\007\211\152\051 -\126\367\162\364\335\025\234\167\065\146\127\253\023\123\330\216 -\301\100\305\327\023\026\132\162\307\267\151\001\304\172\261\203 -\001\150\175\215\101\241\224\030\301\045\134\374\360\376\203\002 -\207\174\015\015\317\056\010\134\112\100\015\076\354\201\141\346 -\044\333\312\340\016\055\007\262\076\126\334\215\365\101\205\007 -\110\233\014\013\313\111\077\175\354\267\375\313\215\147\211\032 -\253\355\273\036\243\000\010\010\027\052\202\134\061\135\106\212 -\055\017\206\233\164\331\105\373\324\100\261\172\252\150\055\206 -\262\231\042\341\301\053\307\234\370\363\137\250\202\022\353\031 -\021\055 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "GeoTrust Primary Certification Authority - G3" -# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f -# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): B5:E8:34:36:C9:10:44:58:48:70:6D:2E:83:D4:B8:05 -# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\003\236\355\270\013\347\240\074\151\123\211\073\040\322\331\062 -\072\114\052\375 +\060\202\002\256\060\202\002\065\240\003\002\001\002\002\020\074 +\262\364\110\012\000\342\376\353\044\073\136\140\076\303\153\060 +\012\006\010\052\206\110\316\075\004\003\003\060\201\230\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\026\060\024\006 +\003\125\004\012\023\015\107\145\157\124\162\165\163\164\040\111 +\156\143\056\061\071\060\067\006\003\125\004\013\023\060\050\143 +\051\040\062\060\060\067\040\107\145\157\124\162\165\163\164\040 +\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157 +\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\066 +\060\064\006\003\125\004\003\023\055\107\145\157\124\162\165\163 +\164\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 +\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 +\171\040\055\040\107\062\060\036\027\015\060\067\061\061\060\065 +\060\060\060\060\060\060\132\027\015\063\070\060\061\061\070\062 +\063\065\071\065\071\132\060\201\230\061\013\060\011\006\003\125 +\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023 +\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061\071 +\060\067\006\003\125\004\013\023\060\050\143\051\040\062\060\060 +\067\040\107\145\157\124\162\165\163\164\040\111\156\143\056\040 +\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144 +\040\165\163\145\040\157\156\154\171\061\066\060\064\006\003\125 +\004\003\023\055\107\145\157\124\162\165\163\164\040\120\162\151 +\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\062\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 +\053\201\004\000\042\003\142\000\004\025\261\350\375\003\025\103 +\345\254\353\207\067\021\142\357\322\203\066\122\175\105\127\013 +\112\215\173\124\073\072\156\137\025\002\300\120\246\317\045\057 +\175\312\110\270\307\120\143\034\052\041\010\174\232\066\330\013 +\376\321\046\305\130\061\060\050\045\363\135\135\243\270\266\245 +\264\222\355\154\054\237\353\335\103\211\242\074\113\110\221\035 +\120\354\046\337\326\140\056\275\041\243\102\060\100\060\017\006 +\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016 +\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035 +\006\003\125\035\016\004\026\004\024\025\137\065\127\121\125\373 +\045\262\255\003\151\374\001\243\372\276\021\125\325\060\012\006 +\010\052\206\110\316\075\004\003\003\003\147\000\060\144\002\060 +\144\226\131\246\350\011\336\213\272\372\132\210\210\360\037\221 +\323\106\250\362\112\114\002\143\373\154\137\070\333\056\101\223 +\251\016\346\235\334\061\034\262\240\247\030\034\171\341\307\066 +\002\060\072\126\257\232\164\154\366\373\203\340\063\323\010\137 +\241\234\302\133\237\106\326\266\313\221\006\143\242\006\347\063 +\254\076\250\201\022\320\313\272\320\222\013\266\236\226\252\004 +\017\212 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for Certificate "GeoTrust Primary Certification Authority - G2" +# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US +# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b +# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US +# Not Valid Before: Mon Nov 05 00:00:00 2007 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (MD5): 01:5E:D8:6B:BD:6F:3D:8E:A1:31:F8:12:E0:98:73:6A +# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\215\027\204\325\067\363\003\175\354\160\376\127\213\121\232\231 +\346\020\327\260 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\265\350\064\066\311\020\104\130\110\160\155\056\203\324\270\005 +\001\136\330\153\275\157\075\216\241\061\370\022\340\230\163\152 END CKA_ISSUER MULTILINE_OCTAL \060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 \061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 \165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 +\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 \162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 \141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 \156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 \157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 \145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\063 +\150\157\162\151\164\171\040\055\040\107\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030 -\017\037 +\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076 +\303\153 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -8245,424 +7716,490 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "thawte Primary Root CA - G2" +# Certificate "VeriSign Universal Root Certification Authority" # -# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56 -# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 74:9D:EA:60:24:C4:FD:22:53:3E:CC:3A:72:D9:29:4F -# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12 +# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Serial Number:40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d +# Subject: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Not Valid Before: Wed Apr 02 00:00:00 2008 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (MD5): 8E:AD:B5:01:AA:4D:81:E4:8C:1D:D1:E1:14:00:95:19 +# Fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G2" +CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 -\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 -\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 -\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 -\103\101\040\055\040\107\062 +\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 +\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 +\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 -\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 -\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 -\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 -\103\101\040\055\040\107\062 +\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 +\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 +\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256 -\327\126 +\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032 +\305\035 END CKA_VALUE MULTILINE_OCTAL -\060\202\002\210\060\202\002\015\240\003\002\001\002\002\020\065 -\374\046\134\331\204\117\311\075\046\075\127\233\256\327\126\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\204\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006 -\003\125\004\012\023\014\164\150\141\167\164\145\054\040\111\156 -\143\056\061\070\060\066\006\003\125\004\013\023\057\050\143\051 -\040\062\060\060\067\040\164\150\141\167\164\145\054\040\111\156 -\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042 -\006\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162 -\151\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040 -\107\062\060\036\027\015\060\067\061\061\060\065\060\060\060\060 -\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 -\071\132\060\201\204\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\025\060\023\006\003\125\004\012\023\014\164\150\141 -\167\164\145\054\040\111\156\143\056\061\070\060\066\006\003\125 -\004\013\023\057\050\143\051\040\062\060\060\067\040\164\150\141 -\167\164\145\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\044\060\042\006\003\125\004\003\023\033\164\150 -\141\167\164\145\040\120\162\151\155\141\162\171\040\122\157\157 -\164\040\103\101\040\055\040\107\062\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\242\325\234\202\173\225\235\361\122\170\207\376\212\026\277 -\005\346\337\243\002\117\015\007\306\000\121\272\014\002\122\055 -\042\244\102\071\304\376\217\352\311\301\276\324\115\377\237\172 -\236\342\261\174\232\255\247\206\011\163\207\321\347\232\343\172 -\245\252\156\373\272\263\160\300\147\210\242\065\324\243\232\261 -\375\255\302\357\061\372\250\271\363\373\010\306\221\321\373\051 -\225\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 -\024\232\330\000\060\000\347\153\177\205\030\356\213\266\316\212 -\014\370\021\341\273\060\012\006\010\052\206\110\316\075\004\003 -\003\003\151\000\060\146\002\061\000\335\370\340\127\107\133\247 -\346\012\303\275\365\200\212\227\065\015\033\211\074\124\206\167 -\050\312\241\364\171\336\265\346\070\260\360\145\160\214\177\002 -\124\302\277\377\330\241\076\331\317\002\061\000\304\215\224\374 -\334\123\322\334\235\170\026\037\025\063\043\123\122\343\132\061 -\135\235\312\256\275\023\051\104\015\047\133\250\347\150\234\022 -\367\130\077\056\162\002\127\243\217\241\024\056 +\060\202\004\271\060\202\003\241\240\003\002\001\002\002\020\100 +\032\304\144\041\263\023\041\003\016\273\344\022\032\305\035\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 +\275\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027 +\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147 +\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013 +\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164 +\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004 +\013\023\061\050\143\051\040\062\060\060\070\040\126\145\162\151 +\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162 +\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040 +\157\156\154\171\061\070\060\066\006\003\125\004\003\023\057\126 +\145\162\151\123\151\147\156\040\125\156\151\166\145\162\163\141 +\154\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 +\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036 +\027\015\060\070\060\064\060\062\060\060\060\060\060\060\132\027 +\015\063\067\061\062\060\061\062\063\065\071\065\071\132\060\201 +\275\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027 +\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147 +\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013 +\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164 +\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004 +\013\023\061\050\143\051\040\062\060\060\070\040\126\145\162\151 +\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162 +\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040 +\157\156\154\171\061\070\060\066\006\003\125\004\003\023\057\126 +\145\162\151\123\151\147\156\040\125\156\151\166\145\162\163\141 +\154\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 +\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202 +\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 +\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\307 +\141\067\136\261\001\064\333\142\327\025\233\377\130\132\214\043 +\043\326\140\216\221\327\220\230\203\172\346\130\031\070\214\305 +\366\345\144\205\264\242\161\373\355\275\271\332\315\115\000\264 +\310\055\163\245\307\151\161\225\037\071\074\262\104\007\234\350 +\016\372\115\112\304\041\337\051\141\217\062\042\141\202\305\207 +\037\156\214\174\137\026\040\121\104\321\160\117\127\352\343\034 +\343\314\171\356\130\330\016\302\263\105\223\300\054\347\232\027 +\053\173\000\067\172\101\063\170\341\063\342\363\020\032\177\207 +\054\276\366\365\367\102\342\345\277\207\142\211\137\000\113\337 +\305\335\344\165\104\062\101\072\036\161\156\151\313\013\165\106 +\010\321\312\322\053\225\320\317\373\271\100\153\144\214\127\115 +\374\023\021\171\204\355\136\124\366\064\237\010\001\363\020\045 +\006\027\112\332\361\035\172\146\153\230\140\146\244\331\357\322 +\056\202\361\360\357\011\352\104\311\025\152\342\003\156\063\323 +\254\237\125\000\307\366\010\152\224\271\137\334\340\063\361\204 +\140\371\133\047\021\264\374\026\362\273\126\152\200\045\215\002 +\003\001\000\001\243\201\262\060\201\257\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 +\035\017\001\001\377\004\004\003\002\001\006\060\155\006\010\053 +\006\001\005\005\007\001\014\004\141\060\137\241\135\240\133\060 +\131\060\127\060\125\026\011\151\155\141\147\145\057\147\151\146 +\060\041\060\037\060\007\006\005\053\016\003\002\032\004\024\217 +\345\323\032\206\254\215\216\153\303\317\200\152\324\110\030\054 +\173\031\056\060\045\026\043\150\164\164\160\072\057\057\154\157 +\147\157\056\166\145\162\151\163\151\147\156\056\143\157\155\057 +\166\163\154\157\147\157\056\147\151\146\060\035\006\003\125\035 +\016\004\026\004\024\266\167\372\151\110\107\237\123\022\325\302 +\352\007\062\166\007\321\227\007\031\060\015\006\011\052\206\110 +\206\367\015\001\001\013\005\000\003\202\001\001\000\112\370\370 +\260\003\346\054\147\173\344\224\167\143\314\156\114\371\175\016 +\015\334\310\271\065\271\160\117\143\372\044\372\154\203\214\107 +\235\073\143\363\232\371\166\062\225\221\261\167\274\254\232\276 +\261\344\061\041\306\201\225\126\132\016\261\302\324\261\246\131 +\254\361\143\313\270\114\035\131\220\112\357\220\026\050\037\132 +\256\020\373\201\120\070\014\154\314\361\075\303\365\143\343\263 +\343\041\311\044\071\351\375\025\146\106\364\033\021\320\115\163 +\243\175\106\371\075\355\250\137\142\324\361\077\370\340\164\127 +\053\030\235\201\264\304\050\332\224\227\245\160\353\254\035\276 +\007\021\360\325\333\335\345\214\360\325\062\260\203\346\127\342 +\217\277\276\241\252\277\075\035\265\324\070\352\327\260\134\072 +\117\152\077\217\300\146\154\143\252\351\331\244\026\364\201\321 +\225\024\016\175\315\225\064\331\322\217\160\163\201\173\234\176 +\275\230\141\330\105\207\230\220\305\353\206\060\306\065\277\360 +\377\303\125\210\203\113\357\005\222\006\161\362\270\230\223\267 +\354\315\202\141\361\070\346\117\227\230\052\132\215 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "thawte Primary Root CA - G2" -# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56 -# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 74:9D:EA:60:24:C4:FD:22:53:3E:CC:3A:72:D9:29:4F -# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12 +# Trust for Certificate "VeriSign Universal Root Certification Authority" +# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Serial Number:40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d +# Subject: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Not Valid Before: Wed Apr 02 00:00:00 2008 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (MD5): 8E:AD:B5:01:AA:4D:81:E4:8C:1D:D1:E1:14:00:95:19 +# Fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G2" +CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\252\333\274\042\043\217\304\001\241\047\273\070\335\364\035\333 -\010\236\360\022 +\066\171\312\065\146\207\162\060\115\060\245\373\207\073\017\247 +\173\267\015\124 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\164\235\352\140\044\304\375\042\123\076\314\072\162\331\051\117 +\216\255\265\001\252\115\201\344\214\035\321\341\024\000\225\031 END CKA_ISSUER MULTILINE_OCTAL -\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 -\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 -\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 -\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 -\103\101\040\055\040\107\062 +\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 +\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 +\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256 -\327\126 +\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032 +\305\035 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "thawte Primary Root CA - G3" +# Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # -# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb -# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): FB:1B:5D:43:8A:94:CD:44:C6:76:F2:43:4B:47:E7:31 -# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 +# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Serial Number:2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3 +# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Not Valid Before: Mon Nov 05 00:00:00 2007 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (MD5): 3A:52:E1:E7:FD:6F:3A:E3:6F:F3:6F:99:1B:F9:22:41 +# Fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G3" +CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 -\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 -\063 +\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 +\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 +\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171\040\055\040\107\064 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 -\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 -\063 +\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 +\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 +\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171\040\055\040\107\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367 -\220\373 +\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207 +\254\263 END CKA_VALUE MULTILINE_OCTAL -\060\202\004\052\060\202\003\022\240\003\002\001\002\002\020\140 -\001\227\267\106\247\352\264\264\232\326\113\057\367\220\373\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025 -\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145\054 -\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023\037 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156\061 -\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062\060 -\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056\040 -\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144 -\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003\125 -\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155\141 -\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063\060 -\036\027\015\060\070\060\064\060\062\060\060\060\060\060\060\132 -\027\015\063\067\061\062\060\061\062\063\065\071\065\071\132\060 -\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145 -\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023 -\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123 -\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156 -\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062 -\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056 -\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145 -\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003 -\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155 -\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\262\277\047\054\373\333\330\133\335\170\173\033\236\167\146 -\201\313\076\274\174\256\363\246\047\232\064\243\150\061\161\070 -\063\142\344\363\161\146\171\261\251\145\243\245\213\325\217\140 -\055\077\102\314\252\153\062\300\043\313\054\101\335\344\337\374 -\141\234\342\163\262\042\225\021\103\030\137\304\266\037\127\154 -\012\005\130\042\310\066\114\072\174\245\321\317\206\257\210\247 -\104\002\023\164\161\163\012\102\131\002\370\033\024\153\102\337 -\157\137\272\153\202\242\235\133\347\112\275\036\001\162\333\113 -\164\350\073\177\177\175\037\004\264\046\233\340\264\132\254\107 -\075\125\270\327\260\046\122\050\001\061\100\146\330\331\044\275 -\366\052\330\354\041\111\134\233\366\172\351\177\125\065\176\226 -\153\215\223\223\047\313\222\273\352\254\100\300\237\302\370\200 -\317\135\364\132\334\316\164\206\246\076\154\013\123\312\275\222 -\316\031\006\162\346\014\134\070\151\307\004\326\274\154\316\133 -\366\367\150\234\334\045\025\110\210\241\351\251\370\230\234\340 -\363\325\061\050\141\021\154\147\226\215\071\231\313\302\105\044 -\071\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\255\154\252\224\140\234\355\344\377\372 -\076\012\164\053\143\003\367\266\131\277\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\003\202\001\001\000\032\100 -\330\225\145\254\011\222\211\306\071\364\020\345\251\016\146\123 -\135\170\336\372\044\221\273\347\104\121\337\306\026\064\012\357 -\152\104\121\352\053\007\212\003\172\303\353\077\012\054\122\026 -\240\053\103\271\045\220\077\160\251\063\045\155\105\032\050\073 -\047\317\252\303\051\102\033\337\073\114\300\063\064\133\101\210 -\277\153\053\145\257\050\357\262\365\303\252\146\316\173\126\356 -\267\310\313\147\301\311\234\032\030\270\304\303\111\003\361\140 -\016\120\315\106\305\363\167\171\367\266\025\340\070\333\307\057 -\050\240\014\077\167\046\164\331\045\022\332\061\332\032\036\334 -\051\101\221\042\074\151\247\273\002\362\266\134\047\003\211\364 -\006\352\233\344\162\202\343\241\011\301\351\000\031\323\076\324 -\160\153\272\161\246\252\130\256\364\273\351\154\266\357\207\314 -\233\273\377\071\346\126\141\323\012\247\304\134\114\140\173\005 -\167\046\172\277\330\007\122\054\142\367\160\143\331\071\274\157 -\034\302\171\334\166\051\257\316\305\054\144\004\136\210\066\156 -\061\324\100\032\142\064\066\077\065\001\256\254\143\240 +\060\202\003\204\060\202\003\012\240\003\002\001\002\002\020\057 +\200\376\043\214\016\042\017\110\147\022\050\221\207\254\263\060 +\012\006\010\052\206\110\316\075\004\003\003\060\201\312\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006 +\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040 +\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126 +\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145 +\164\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061 +\050\143\051\040\062\060\060\067\040\126\145\162\151\123\151\147 +\156\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 +\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 +\171\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151 +\123\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142 +\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164 +\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 +\151\164\171\040\055\040\107\064\060\036\027\015\060\067\061\061 +\060\065\060\060\060\060\060\060\132\027\015\063\070\060\061\061 +\070\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006 +\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004 +\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143 +\056\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151 +\123\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157 +\162\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051 +\040\062\060\060\067\040\126\145\162\151\123\151\147\156\054\040 +\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157 +\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105 +\060\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147 +\156\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143 +\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\040\055\040\107\064\060\166\060\020\006\007\052\206\110\316\075 +\002\001\006\005\053\201\004\000\042\003\142\000\004\247\126\172 +\174\122\332\144\233\016\055\134\330\136\254\222\075\376\001\346 +\031\112\075\024\003\113\372\140\047\040\331\203\211\151\372\124 +\306\232\030\136\125\052\144\336\006\366\215\112\073\255\020\074 +\145\075\220\210\004\211\340\060\141\263\256\135\001\247\173\336 +\174\262\276\312\145\141\000\206\256\332\217\173\320\211\255\115 +\035\131\232\101\261\274\107\200\334\236\142\303\371\243\201\262 +\060\201\257\060\017\006\003\125\035\023\001\001\377\004\005\060 +\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 +\003\002\001\006\060\155\006\010\053\006\001\005\005\007\001\014 +\004\141\060\137\241\135\240\133\060\131\060\127\060\125\026\011 +\151\155\141\147\145\057\147\151\146\060\041\060\037\060\007\006 +\005\053\016\003\002\032\004\024\217\345\323\032\206\254\215\216 +\153\303\317\200\152\324\110\030\054\173\031\056\060\045\026\043 +\150\164\164\160\072\057\057\154\157\147\157\056\166\145\162\151 +\163\151\147\156\056\143\157\155\057\166\163\154\157\147\157\056 +\147\151\146\060\035\006\003\125\035\016\004\026\004\024\263\026 +\221\375\356\246\156\344\265\056\111\217\207\170\201\200\354\345 +\261\265\060\012\006\010\052\206\110\316\075\004\003\003\003\150 +\000\060\145\002\060\146\041\014\030\046\140\132\070\173\126\102 +\340\247\374\066\204\121\221\040\054\166\115\103\075\304\035\204 +\043\320\254\326\174\065\006\316\315\151\275\220\015\333\154\110 +\102\035\016\252\102\002\061\000\234\075\110\071\043\071\130\032 +\025\022\131\152\236\357\325\131\262\035\122\054\231\161\315\307 +\051\337\033\052\141\173\161\321\336\363\300\345\015\072\112\252 +\055\247\330\206\052\335\056\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "thawte Primary Root CA - G3" -# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb -# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): FB:1B:5D:43:8A:94:CD:44:C6:76:F2:43:4B:47:E7:31 -# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE +# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" +# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Serial Number:2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3 +# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Not Valid Before: Mon Nov 05 00:00:00 2007 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (MD5): 3A:52:E1:E7:FD:6F:3A:E3:6F:F3:6F:99:1B:F9:22:41 +# Fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G3" +CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\361\213\123\215\033\351\003\266\246\360\126\103\133\027\025\211 -\312\363\153\362 +\042\325\330\337\217\002\061\321\215\367\235\267\317\212\055\144 +\311\077\154\072 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\373\033\135\103\212\224\315\104\306\166\362\103\113\107\347\061 +\072\122\341\347\375\157\072\343\157\363\157\231\033\371\042\101 END CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 -\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 -\063 +\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 +\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 +\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171\040\055\040\107\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367 -\220\373 +\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207 +\254\263 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "GeoTrust Primary Certification Authority - G2" +# Certificate "NetLock Arany (Class Gold) FÅ‘tanúsítvány" # -# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b -# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 01:5E:D8:6B:BD:6F:3D:8E:A1:31:F8:12:E0:98:73:6A -# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0 +# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU +# Serial Number:49:41:2c:e4:00:10 +# Subject: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU +# Not Valid Before: Thu Dec 11 15:08:21 2008 +# Not Valid After : Wed Dec 06 15:08:21 2028 +# Fingerprint (MD5): C5:A1:B7:FF:73:DD:D6:D7:34:32:18:DF:FC:3C:AD:88 +# Fingerprint (SHA1): 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2" +CKA_LABEL UTF8 "NetLock Arany (Class Gold) FÅ‘tanúsítvány" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 +\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 +\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 +\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 +\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 +\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 +\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 +\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 +\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 +\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 +\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 +\272\163\303\255\164\166\303\241\156\171 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 +\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 +\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 +\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 +\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 +\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 +\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 +\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 +\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 +\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 +\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 +\272\163\303\255\164\166\303\241\156\171 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076 -\303\153 +\002\006\111\101\054\344\000\020 END CKA_VALUE MULTILINE_OCTAL -\060\202\002\256\060\202\002\065\240\003\002\001\002\002\020\074 -\262\364\110\012\000\342\376\353\044\073\136\140\076\303\153\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\230\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\026\060\024\006 -\003\125\004\012\023\015\107\145\157\124\162\165\163\164\040\111 -\156\143\056\061\071\060\067\006\003\125\004\013\023\060\050\143 -\051\040\062\060\060\067\040\107\145\157\124\162\165\163\164\040 -\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157 -\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\066 -\060\064\006\003\125\004\003\023\055\107\145\157\124\162\165\163 -\164\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\040\055\040\107\062\060\036\027\015\060\067\061\061\060\065 -\060\060\060\060\060\060\132\027\015\063\070\060\061\061\070\062 -\063\065\071\065\071\132\060\201\230\061\013\060\011\006\003\125 -\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023 -\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061\071 -\060\067\006\003\125\004\013\023\060\050\143\051\040\062\060\060 -\067\040\107\145\157\124\162\165\163\164\040\111\156\143\056\040 -\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144 -\040\165\163\145\040\157\156\154\171\061\066\060\064\006\003\125 -\004\003\023\055\107\145\157\124\162\165\163\164\040\120\162\151 -\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\062\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 -\053\201\004\000\042\003\142\000\004\025\261\350\375\003\025\103 -\345\254\353\207\067\021\142\357\322\203\066\122\175\105\127\013 -\112\215\173\124\073\072\156\137\025\002\300\120\246\317\045\057 -\175\312\110\270\307\120\143\034\052\041\010\174\232\066\330\013 -\376\321\046\305\130\061\060\050\045\363\135\135\243\270\266\245 -\264\222\355\154\054\237\353\335\103\211\242\074\113\110\221\035 -\120\354\046\337\326\140\056\275\041\243\102\060\100\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035 -\006\003\125\035\016\004\026\004\024\025\137\065\127\121\125\373 -\045\262\255\003\151\374\001\243\372\276\021\125\325\060\012\006 -\010\052\206\110\316\075\004\003\003\003\147\000\060\144\002\060 -\144\226\131\246\350\011\336\213\272\372\132\210\210\360\037\221 -\323\106\250\362\112\114\002\143\373\154\137\070\333\056\101\223 -\251\016\346\235\334\061\034\262\240\247\030\034\171\341\307\066 -\002\060\072\126\257\232\164\154\366\373\203\340\063\323\010\137 -\241\234\302\133\237\106\326\266\313\221\006\143\242\006\347\063 -\254\076\250\201\022\320\313\272\320\222\013\266\236\226\252\004 -\017\212 +\060\202\004\025\060\202\002\375\240\003\002\001\002\002\006\111 +\101\054\344\000\020\060\015\006\011\052\206\110\206\367\015\001 +\001\013\005\000\060\201\247\061\013\060\011\006\003\125\004\006 +\023\002\110\125\061\021\060\017\006\003\125\004\007\014\010\102 +\165\144\141\160\145\163\164\061\025\060\023\006\003\125\004\012 +\014\014\116\145\164\114\157\143\153\040\113\146\164\056\061\067 +\060\065\006\003\125\004\013\014\056\124\141\156\303\272\163\303 +\255\164\166\303\241\156\171\153\151\141\144\303\263\153\040\050 +\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 +\162\166\151\143\145\163\051\061\065\060\063\006\003\125\004\003 +\014\054\116\145\164\114\157\143\153\040\101\162\141\156\171\040 +\050\103\154\141\163\163\040\107\157\154\144\051\040\106\305\221 +\164\141\156\303\272\163\303\255\164\166\303\241\156\171\060\036 +\027\015\060\070\061\062\061\061\061\065\060\070\062\061\132\027 +\015\062\070\061\062\060\066\061\065\060\070\062\061\132\060\201 +\247\061\013\060\011\006\003\125\004\006\023\002\110\125\061\021 +\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145\163 +\164\061\025\060\023\006\003\125\004\012\014\014\116\145\164\114 +\157\143\153\040\113\146\164\056\061\067\060\065\006\003\125\004 +\013\014\056\124\141\156\303\272\163\303\255\164\166\303\241\156 +\171\153\151\141\144\303\263\153\040\050\103\145\162\164\151\146 +\151\143\141\164\151\157\156\040\123\145\162\166\151\143\145\163 +\051\061\065\060\063\006\003\125\004\003\014\054\116\145\164\114 +\157\143\153\040\101\162\141\156\171\040\050\103\154\141\163\163 +\040\107\157\154\144\051\040\106\305\221\164\141\156\303\272\163 +\303\255\164\166\303\241\156\171\060\202\001\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 +\060\202\001\012\002\202\001\001\000\304\044\136\163\276\113\155 +\024\303\241\364\343\227\220\156\322\060\105\036\074\356\147\331 +\144\340\032\212\177\312\060\312\203\343\040\301\343\364\072\323 +\224\137\032\174\133\155\277\060\117\204\047\366\237\037\111\274 +\306\231\012\220\362\017\365\177\103\204\067\143\121\213\172\245 +\160\374\172\130\315\216\233\355\303\106\154\204\160\135\332\363 +\001\220\043\374\116\060\251\176\341\047\143\347\355\144\074\240 +\270\311\063\143\376\026\220\377\260\270\375\327\250\300\300\224 +\103\013\266\325\131\246\236\126\320\044\037\160\171\257\333\071 +\124\015\145\165\331\025\101\224\001\257\136\354\366\215\361\377 +\255\144\376\040\232\327\134\353\376\246\037\010\144\243\213\166 +\125\255\036\073\050\140\056\207\045\350\252\257\037\306\144\106 +\040\267\160\177\074\336\110\333\226\123\267\071\167\344\032\342 +\307\026\204\166\227\133\057\273\031\025\205\370\151\205\365\231 +\247\251\362\064\247\251\266\246\003\374\157\206\075\124\174\166 +\004\233\153\371\100\135\000\064\307\056\231\165\235\345\210\003 +\252\115\370\003\322\102\166\300\033\002\003\000\250\213\243\105 +\060\103\060\022\006\003\125\035\023\001\001\377\004\010\060\006 +\001\001\377\002\001\004\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 +\024\314\372\147\223\360\266\270\320\245\300\036\363\123\375\214 +\123\337\203\327\226\060\015\006\011\052\206\110\206\367\015\001 +\001\013\005\000\003\202\001\001\000\253\177\356\034\026\251\234 +\074\121\000\240\300\021\010\005\247\231\346\157\001\210\124\141 +\156\361\271\030\255\112\255\376\201\100\043\224\057\373\165\174 +\057\050\113\142\044\201\202\013\365\141\361\034\156\270\141\070 +\353\201\372\142\241\073\132\142\323\224\145\304\341\346\155\202 +\370\057\045\160\262\041\046\301\162\121\037\214\054\303\204\220 +\303\132\217\272\317\364\247\145\245\353\230\321\373\005\262\106 +\165\025\043\152\157\205\143\060\200\360\325\236\037\051\034\302 +\154\260\120\131\135\220\133\073\250\015\060\317\277\175\177\316 +\361\235\203\275\311\106\156\040\246\371\141\121\272\041\057\173 +\276\245\025\143\241\324\225\207\361\236\271\363\211\363\075\205 +\270\270\333\276\265\271\051\371\332\067\005\000\111\224\003\204 +\104\347\277\103\061\317\165\213\045\321\364\246\144\365\222\366 +\253\005\353\075\351\245\013\066\142\332\314\006\137\066\213\266 +\136\061\270\052\373\136\366\161\337\104\046\236\304\346\015\221 +\264\056\165\225\200\121\152\113\060\246\260\142\241\223\361\233 +\330\316\304\143\165\077\131\107\261 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "GeoTrust Primary Certification Authority - G2" -# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b -# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 01:5E:D8:6B:BD:6F:3D:8E:A1:31:F8:12:E0:98:73:6A -# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0 +# Trust for Certificate "NetLock Arany (Class Gold) FÅ‘tanúsítvány" +# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU +# Serial Number:49:41:2c:e4:00:10 +# Subject: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU +# Not Valid Before: Thu Dec 11 15:08:21 2008 +# Not Valid After : Wed Dec 06 15:08:21 2028 +# Fingerprint (MD5): C5:A1:B7:FF:73:DD:D6:D7:34:32:18:DF:FC:3C:AD:88 +# Fingerprint (SHA1): 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2" +CKA_LABEL UTF8 "NetLock Arany (Class Gold) FÅ‘tanúsítvány" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\215\027\204\325\067\363\003\175\354\160\376\127\213\121\232\231 -\346\020\327\260 +\006\010\077\131\077\025\241\004\240\151\244\153\251\003\320\006 +\267\227\011\221 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\001\136\330\153\275\157\075\216\241\061\370\022\340\230\163\152 +\305\241\267\377\163\335\326\327\064\062\030\337\374\074\255\210 END CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 +\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 +\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 +\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 +\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 +\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 +\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 +\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 +\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 +\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 +\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 +\272\163\303\255\164\166\303\241\156\171 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076 -\303\153 +\002\006\111\101\054\344\000\020 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -8670,171 +8207,170 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "VeriSign Universal Root Certification Authority" +# Certificate "Staat der Nederlanden Root CA - G2" # -# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d -# Subject: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): 8E:AD:B5:01:AA:4D:81:E4:8C:1D:D1:E1:14:00:95:19 -# Fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54 +# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL +# Serial Number: 10000012 (0x98968c) +# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL +# Not Valid Before: Wed Mar 26 11:18:17 2008 +# Not Valid After : Wed Mar 25 11:03:10 2020 +# Fingerprint (MD5): 7C:A5:0F:F8:5B:9A:7D:6D:30:AE:54:5A:E3:42:A2:8A +# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority" +CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 -\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 -\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 +\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 +\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 +\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 +\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 +\122\157\157\164\040\103\101\040\055\040\107\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 -\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 -\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 +\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 +\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 +\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 +\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 +\122\157\157\164\040\103\101\040\055\040\107\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032 -\305\035 +\002\004\000\230\226\214 END CKA_VALUE MULTILINE_OCTAL -\060\202\004\271\060\202\003\241\240\003\002\001\002\002\020\100 -\032\304\144\041\263\023\041\003\016\273\344\022\032\305\035\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\275\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027 -\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013 -\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164 -\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004 -\013\023\061\050\143\051\040\062\060\060\070\040\126\145\162\151 -\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162 -\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040 -\157\156\154\171\061\070\060\066\006\003\125\004\003\023\057\126 -\145\162\151\123\151\147\156\040\125\156\151\166\145\162\163\141 -\154\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036 -\027\015\060\070\060\064\060\062\060\060\060\060\060\060\132\027 -\015\063\067\061\062\060\061\062\063\065\071\065\071\132\060\201 -\275\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027 -\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013 -\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164 -\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004 -\013\023\061\050\143\051\040\062\060\060\070\040\126\145\162\151 -\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162 -\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040 -\157\156\154\171\061\070\060\066\006\003\125\004\003\023\057\126 -\145\162\151\123\151\147\156\040\125\156\151\166\145\162\163\141 -\154\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202 -\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\307 -\141\067\136\261\001\064\333\142\327\025\233\377\130\132\214\043 -\043\326\140\216\221\327\220\230\203\172\346\130\031\070\214\305 -\366\345\144\205\264\242\161\373\355\275\271\332\315\115\000\264 -\310\055\163\245\307\151\161\225\037\071\074\262\104\007\234\350 -\016\372\115\112\304\041\337\051\141\217\062\042\141\202\305\207 -\037\156\214\174\137\026\040\121\104\321\160\117\127\352\343\034 -\343\314\171\356\130\330\016\302\263\105\223\300\054\347\232\027 -\053\173\000\067\172\101\063\170\341\063\342\363\020\032\177\207 -\054\276\366\365\367\102\342\345\277\207\142\211\137\000\113\337 -\305\335\344\165\104\062\101\072\036\161\156\151\313\013\165\106 -\010\321\312\322\053\225\320\317\373\271\100\153\144\214\127\115 -\374\023\021\171\204\355\136\124\366\064\237\010\001\363\020\045 -\006\027\112\332\361\035\172\146\153\230\140\146\244\331\357\322 -\056\202\361\360\357\011\352\104\311\025\152\342\003\156\063\323 -\254\237\125\000\307\366\010\152\224\271\137\334\340\063\361\204 -\140\371\133\047\021\264\374\026\362\273\126\152\200\045\215\002 -\003\001\000\001\243\201\262\060\201\257\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\155\006\010\053 -\006\001\005\005\007\001\014\004\141\060\137\241\135\240\133\060 -\131\060\127\060\125\026\011\151\155\141\147\145\057\147\151\146 -\060\041\060\037\060\007\006\005\053\016\003\002\032\004\024\217 -\345\323\032\206\254\215\216\153\303\317\200\152\324\110\030\054 -\173\031\056\060\045\026\043\150\164\164\160\072\057\057\154\157 -\147\157\056\166\145\162\151\163\151\147\156\056\143\157\155\057 -\166\163\154\157\147\157\056\147\151\146\060\035\006\003\125\035 -\016\004\026\004\024\266\167\372\151\110\107\237\123\022\325\302 -\352\007\062\166\007\321\227\007\031\060\015\006\011\052\206\110 -\206\367\015\001\001\013\005\000\003\202\001\001\000\112\370\370 -\260\003\346\054\147\173\344\224\167\143\314\156\114\371\175\016 -\015\334\310\271\065\271\160\117\143\372\044\372\154\203\214\107 -\235\073\143\363\232\371\166\062\225\221\261\167\274\254\232\276 -\261\344\061\041\306\201\225\126\132\016\261\302\324\261\246\131 -\254\361\143\313\270\114\035\131\220\112\357\220\026\050\037\132 -\256\020\373\201\120\070\014\154\314\361\075\303\365\143\343\263 -\343\041\311\044\071\351\375\025\146\106\364\033\021\320\115\163 -\243\175\106\371\075\355\250\137\142\324\361\077\370\340\164\127 -\053\030\235\201\264\304\050\332\224\227\245\160\353\254\035\276 -\007\021\360\325\333\335\345\214\360\325\062\260\203\346\127\342 -\217\277\276\241\252\277\075\035\265\324\070\352\327\260\134\072 -\117\152\077\217\300\146\154\143\252\351\331\244\026\364\201\321 -\225\024\016\175\315\225\064\331\322\217\160\163\201\173\234\176 -\275\230\141\330\105\207\230\220\305\353\206\060\306\065\277\360 -\377\303\125\210\203\113\357\005\222\006\161\362\270\230\223\267 -\354\315\202\141\361\070\346\117\227\230\052\132\215 +\060\202\005\312\060\202\003\262\240\003\002\001\002\002\004\000 +\230\226\214\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116 +\114\061\036\060\034\006\003\125\004\012\014\025\123\164\141\141 +\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 +\156\061\053\060\051\006\003\125\004\003\014\042\123\164\141\141 +\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 +\156\040\122\157\157\164\040\103\101\040\055\040\107\062\060\036 +\027\015\060\070\060\063\062\066\061\061\061\070\061\067\132\027 +\015\062\060\060\063\062\065\061\061\060\063\061\060\132\060\132 +\061\013\060\011\006\003\125\004\006\023\002\116\114\061\036\060 +\034\006\003\125\004\012\014\025\123\164\141\141\164\040\144\145 +\162\040\116\145\144\145\162\154\141\156\144\145\156\061\053\060 +\051\006\003\125\004\003\014\042\123\164\141\141\164\040\144\145 +\162\040\116\145\144\145\162\154\141\156\144\145\156\040\122\157 +\157\164\040\103\101\040\055\040\107\062\060\202\002\042\060\015 +\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 +\017\000\060\202\002\012\002\202\002\001\000\305\131\347\157\165 +\252\076\113\234\265\270\254\236\013\344\371\331\312\253\135\217 +\265\071\020\202\327\257\121\340\073\341\000\110\152\317\332\341 +\006\103\021\231\252\024\045\022\255\042\350\000\155\103\304\251 +\270\345\037\211\113\147\275\141\110\357\375\322\340\140\210\345 +\271\030\140\050\303\167\053\255\260\067\252\067\336\144\131\052 +\106\127\344\113\271\370\067\174\325\066\347\200\301\266\363\324 +\147\233\226\350\316\327\306\012\123\320\153\111\226\363\243\013 +\005\167\110\367\045\345\160\254\060\024\040\045\343\177\165\132 +\345\110\370\116\173\003\007\004\372\202\141\207\156\360\073\304 +\244\307\320\365\164\076\245\135\032\010\362\233\045\322\366\254 +\004\046\076\125\072\142\050\245\173\262\060\257\370\067\302\321 +\272\326\070\375\364\357\111\060\067\231\046\041\110\205\001\251 +\345\026\347\334\220\125\337\017\350\070\315\231\067\041\117\135 +\365\042\157\152\305\022\026\140\027\125\362\145\146\246\247\060 +\221\070\301\070\035\206\004\204\272\032\045\170\136\235\257\314 +\120\140\326\023\207\122\355\143\037\155\145\175\302\025\030\164 +\312\341\176\144\051\214\162\330\026\023\175\013\111\112\361\050 +\033\040\164\153\305\075\335\260\252\110\011\075\056\202\224\315 +\032\145\331\053\210\232\231\274\030\176\237\356\175\146\174\076 +\275\224\270\201\316\315\230\060\170\301\157\147\320\276\137\340 +\150\355\336\342\261\311\054\131\170\222\252\337\053\140\143\362 +\345\136\271\343\312\372\177\120\206\076\242\064\030\014\011\150 +\050\021\034\344\341\271\134\076\107\272\062\077\030\314\133\204 +\365\363\153\164\304\162\164\341\343\213\240\112\275\215\146\057 +\352\255\065\332\040\323\210\202\141\360\022\042\266\274\320\325 +\244\354\257\124\210\045\044\074\247\155\261\162\051\077\076\127 +\246\177\125\257\156\046\306\376\347\314\100\134\121\104\201\012 +\170\336\112\316\125\277\035\325\331\267\126\357\360\166\377\013 +\171\265\257\275\373\251\151\221\106\227\150\200\024\066\035\263 +\177\273\051\230\066\245\040\372\202\140\142\063\244\354\326\272 +\007\247\156\305\317\024\246\347\326\222\064\330\201\365\374\035 +\135\252\134\036\366\243\115\073\270\367\071\002\003\001\000\001 +\243\201\227\060\201\224\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\122\006\003\125\035\040\004\113 +\060\111\060\107\006\004\125\035\040\000\060\077\060\075\006\010 +\053\006\001\005\005\007\002\001\026\061\150\164\164\160\072\057 +\057\167\167\167\056\160\153\151\157\166\145\162\150\145\151\144 +\056\156\154\057\160\157\154\151\143\151\145\163\057\162\157\157 +\164\055\160\157\154\151\143\171\055\107\062\060\016\006\003\125 +\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 +\035\016\004\026\004\024\221\150\062\207\025\035\211\342\265\361 +\254\066\050\064\215\013\174\142\210\353\060\015\006\011\052\206 +\110\206\367\015\001\001\013\005\000\003\202\002\001\000\250\101 +\112\147\052\222\201\202\120\156\341\327\330\263\071\073\363\002 +\025\011\120\121\357\055\275\044\173\210\206\073\371\264\274\222 +\011\226\271\366\300\253\043\140\006\171\214\021\116\121\322\171 +\200\063\373\235\110\276\354\101\103\201\037\176\107\100\034\345 +\172\010\312\252\213\165\255\024\304\302\350\146\074\202\007\247 +\346\047\202\133\030\346\017\156\331\120\076\212\102\030\051\306 +\264\126\374\126\020\240\005\027\275\014\043\177\364\223\355\234 +\032\121\276\335\105\101\277\221\044\264\037\214\351\137\317\173 +\041\231\237\225\237\071\072\106\034\154\371\315\173\234\220\315 +\050\251\307\251\125\273\254\142\064\142\065\023\113\024\072\125 +\203\271\206\215\222\246\306\364\007\045\124\314\026\127\022\112 +\202\170\310\024\331\027\202\046\055\135\040\037\171\256\376\324 +\160\026\026\225\203\330\065\071\377\122\135\165\034\026\305\023 +\125\317\107\314\165\145\122\112\336\360\260\247\344\012\226\013 +\373\255\302\342\045\204\262\335\344\275\176\131\154\233\360\360 +\330\347\312\362\351\227\070\176\211\276\314\373\071\027\141\077 +\162\333\072\221\330\145\001\031\035\255\120\244\127\012\174\113 +\274\234\161\163\052\105\121\031\205\314\216\375\107\247\164\225 +\035\250\321\257\116\027\261\151\046\302\252\170\127\133\305\115 +\247\345\236\005\027\224\312\262\137\240\111\030\215\064\351\046 +\154\110\036\252\150\222\005\341\202\163\132\233\334\007\133\010 +\155\175\235\327\215\041\331\374\024\040\252\302\105\337\077\347 +\000\262\121\344\302\370\005\271\171\032\214\064\363\236\133\344 +\067\133\153\112\337\054\127\212\100\132\066\272\335\165\104\010 +\067\102\160\014\376\334\136\041\240\243\212\300\220\234\150\332 +\120\346\105\020\107\170\266\116\322\145\311\303\067\337\341\102 +\143\260\127\067\105\055\173\212\234\277\005\352\145\125\063\367 +\071\020\305\050\052\041\172\033\212\304\044\371\077\025\310\232 +\025\040\365\125\142\226\355\155\223\120\274\344\252\170\255\331 +\313\012\145\207\246\146\301\304\201\243\167\072\130\036\013\356 +\203\213\235\036\322\122\244\314\035\157\260\230\155\224\061\265 +\370\161\012\334\271\374\175\062\140\346\353\257\212\001 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "VeriSign Universal Root Certification Authority" -# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d -# Subject: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): 8E:AD:B5:01:AA:4D:81:E4:8C:1D:D1:E1:14:00:95:19 -# Fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\066\171\312\065\146\207\162\060\115\060\245\373\207\073\017\247 -\173\267\015\124 +# Trust for Certificate "Staat der Nederlanden Root CA - G2" +# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL +# Serial Number: 10000012 (0x98968c) +# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL +# Not Valid Before: Wed Mar 26 11:18:17 2008 +# Not Valid After : Wed Mar 25 11:03:10 2020 +# Fingerprint (MD5): 7C:A5:0F:F8:5B:9A:7D:6D:30:AE:54:5A:E3:42:A2:8A +# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\131\257\202\171\221\206\307\264\165\007\313\317\003\127\106\353 +\004\335\267\026 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\216\255\265\001\252\115\201\344\214\035\321\341\024\000\225\031 +\174\245\017\370\133\232\175\155\060\256\124\132\343\102\242\212 END CKA_ISSUER MULTILINE_OCTAL -\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 -\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 -\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 +\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 +\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 +\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 +\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 +\122\157\157\164\040\103\101\040\055\040\107\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032 -\305\035 +\002\004\000\230\226\214 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -8842,481 +8378,412 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" +# Certificate "Hongkong Post Root CA 1" # -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3 -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 3A:52:E1:E7:FD:6F:3A:E3:6F:F3:6F:99:1B:F9:22:41 -# Fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A +# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK +# Serial Number: 1000 (0x3e8) +# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK +# Not Valid Before: Thu May 15 05:13:14 2003 +# Not Valid After : Mon May 15 04:52:29 2023 +# Fingerprint (MD5): A8:0D:6F:39:78:B9:43:6D:77:42:6D:98:5A:CC:23:CA +# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4" +CKA_LABEL UTF8 "Hongkong Post Root CA 1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\064 +\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 +\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 +\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 +\122\157\157\164\040\103\101\040\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\064 +\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 +\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 +\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 +\122\157\157\164\040\103\101\040\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207 -\254\263 +\002\002\003\350 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\204\060\202\003\012\240\003\002\001\002\002\020\057 -\200\376\043\214\016\042\017\110\147\022\050\221\207\254\263\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\312\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006 -\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040 -\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126 -\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145 -\164\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061 -\050\143\051\040\062\060\060\067\040\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151 -\123\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142 -\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\040\055\040\107\064\060\036\027\015\060\067\061\061 -\060\065\060\060\060\060\060\060\132\027\015\063\070\060\061\061 -\070\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004 -\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143 -\056\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151 -\123\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157 -\162\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051 -\040\062\060\060\067\040\126\145\162\151\123\151\147\156\054\040 -\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157 -\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105 -\060\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147 -\156\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143 -\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\064\060\166\060\020\006\007\052\206\110\316\075 -\002\001\006\005\053\201\004\000\042\003\142\000\004\247\126\172 -\174\122\332\144\233\016\055\134\330\136\254\222\075\376\001\346 -\031\112\075\024\003\113\372\140\047\040\331\203\211\151\372\124 -\306\232\030\136\125\052\144\336\006\366\215\112\073\255\020\074 -\145\075\220\210\004\211\340\060\141\263\256\135\001\247\173\336 -\174\262\276\312\145\141\000\206\256\332\217\173\320\211\255\115 -\035\131\232\101\261\274\107\200\334\236\142\303\371\243\201\262 -\060\201\257\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\155\006\010\053\006\001\005\005\007\001\014 -\004\141\060\137\241\135\240\133\060\131\060\127\060\125\026\011 -\151\155\141\147\145\057\147\151\146\060\041\060\037\060\007\006 -\005\053\016\003\002\032\004\024\217\345\323\032\206\254\215\216 -\153\303\317\200\152\324\110\030\054\173\031\056\060\045\026\043 -\150\164\164\160\072\057\057\154\157\147\157\056\166\145\162\151 -\163\151\147\156\056\143\157\155\057\166\163\154\157\147\157\056 -\147\151\146\060\035\006\003\125\035\016\004\026\004\024\263\026 -\221\375\356\246\156\344\265\056\111\217\207\170\201\200\354\345 -\261\265\060\012\006\010\052\206\110\316\075\004\003\003\003\150 -\000\060\145\002\060\146\041\014\030\046\140\132\070\173\126\102 -\340\247\374\066\204\121\221\040\054\166\115\103\075\304\035\204 -\043\320\254\326\174\065\006\316\315\151\275\220\015\333\154\110 -\102\035\016\252\102\002\061\000\234\075\110\071\043\071\130\032 -\025\022\131\152\236\357\325\131\262\035\122\054\231\161\315\307 -\051\337\033\052\141\173\161\321\336\363\300\345\015\072\112\252 -\055\247\330\206\052\335\056\020 +\060\202\003\060\060\202\002\030\240\003\002\001\002\002\002\003 +\350\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 +\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 +\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 +\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 +\122\157\157\164\040\103\101\040\061\060\036\027\015\060\063\060 +\065\061\065\060\065\061\063\061\064\132\027\015\062\063\060\065 +\061\065\060\064\065\062\062\071\132\060\107\061\013\060\011\006 +\003\125\004\006\023\002\110\113\061\026\060\024\006\003\125\004 +\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164 +\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153 +\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101 +\040\061\060\202\001\042\060\015\006\011\052\206\110\206\367\015 +\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 +\001\001\000\254\377\070\266\351\146\002\111\343\242\264\341\220 +\371\100\217\171\371\342\275\171\376\002\275\356\044\222\035\042 +\366\332\205\162\151\376\327\077\011\324\335\221\265\002\234\320 +\215\132\341\125\303\120\206\271\051\046\302\343\331\240\361\151 +\003\050\040\200\105\042\055\126\247\073\124\225\126\042\131\037 +\050\337\037\040\075\155\242\066\276\043\240\261\156\265\261\047 +\077\071\123\011\352\253\152\350\164\262\302\145\134\216\277\174 +\303\170\204\315\236\026\374\365\056\117\040\052\010\237\167\363 +\305\036\304\232\122\146\036\110\136\343\020\006\217\042\230\341 +\145\216\033\135\043\146\073\270\245\062\121\310\206\252\241\251 +\236\177\166\224\302\246\154\267\101\360\325\310\006\070\346\324 +\014\342\363\073\114\155\120\214\304\203\047\301\023\204\131\075 +\236\165\164\266\330\002\136\072\220\172\300\102\066\162\354\152 +\115\334\357\304\000\337\023\030\127\137\046\170\310\326\012\171 +\167\277\367\257\267\166\271\245\013\204\027\135\020\352\157\341 +\253\225\021\137\155\074\243\134\115\203\133\362\263\031\212\200 +\213\013\207\002\003\001\000\001\243\046\060\044\060\022\006\003 +\125\035\023\001\001\377\004\010\060\006\001\001\377\002\001\003 +\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\306 +\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 +\202\001\001\000\016\106\325\074\256\342\207\331\136\201\213\002 +\230\101\010\214\114\274\332\333\356\047\033\202\347\152\105\354 +\026\213\117\205\240\363\262\160\275\132\226\272\312\156\155\356 +\106\213\156\347\052\056\226\263\031\063\353\264\237\250\262\067 +\356\230\250\227\266\056\266\147\047\324\246\111\375\034\223\145 +\166\236\102\057\334\042\154\232\117\362\132\025\071\261\161\327 +\053\121\350\155\034\230\300\331\052\364\241\202\173\325\311\101 +\242\043\001\164\070\125\213\017\271\056\147\242\040\004\067\332 +\234\013\323\027\041\340\217\227\171\064\157\204\110\002\040\063 +\033\346\064\104\237\221\160\364\200\136\204\103\302\051\322\154 +\022\024\344\141\215\254\020\220\236\204\120\273\360\226\157\105 +\237\212\363\312\154\117\372\021\072\025\025\106\303\315\037\203 +\133\055\101\022\355\120\147\101\023\075\041\253\224\212\252\116 +\174\301\261\373\247\326\265\047\057\227\253\156\340\035\342\321 +\034\054\037\104\342\374\276\221\241\234\373\326\051\123\163\206 +\237\123\330\103\016\135\326\143\202\161\035\200\164\312\366\342 +\002\153\331\132 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3 -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 3A:52:E1:E7:FD:6F:3A:E3:6F:F3:6F:99:1B:F9:22:41 -# Fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A +# Trust for Certificate "Hongkong Post Root CA 1" +# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK +# Serial Number: 1000 (0x3e8) +# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK +# Not Valid Before: Thu May 15 05:13:14 2003 +# Not Valid After : Mon May 15 04:52:29 2023 +# Fingerprint (MD5): A8:0D:6F:39:78:B9:43:6D:77:42:6D:98:5A:CC:23:CA +# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4" +CKA_LABEL UTF8 "Hongkong Post Root CA 1" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\042\325\330\337\217\002\061\321\215\367\235\267\317\212\055\144 -\311\077\154\072 +\326\332\250\040\215\011\322\025\115\044\265\057\313\064\156\262 +\130\262\212\130 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\072\122\341\347\375\157\072\343\157\363\157\231\033\371\042\101 +\250\015\157\071\170\271\103\155\167\102\155\230\132\314\043\312 END CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\064 +\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 +\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 +\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 +\122\157\157\164\040\103\101\040\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207 -\254\263 +\002\002\003\350 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "NetLock Arany (Class Gold) FÅ‘tanúsítvány" +# Certificate "SecureSign RootCA11" # -# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -# Serial Number:49:41:2c:e4:00:10 -# Subject: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -# Not Valid Before: Thu Dec 11 15:08:21 2008 -# Not Valid After : Wed Dec 06 15:08:21 2028 -# Fingerprint (MD5): C5:A1:B7:FF:73:DD:D6:D7:34:32:18:DF:FC:3C:AD:88 -# Fingerprint (SHA1): 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 +# Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP +# Serial Number: 1 (0x1) +# Subject: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP +# Not Valid Before: Wed Apr 08 04:56:47 2009 +# Not Valid After : Sun Apr 08 04:56:47 2029 +# Fingerprint (MD5): B7:52:74:E2:92:B4:80:93:F2:75:E4:CC:D7:F2:EA:26 +# Fingerprint (SHA1): 3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Arany (Class Gold) FÅ‘tanúsítvány" +CKA_LABEL UTF8 "SecureSign RootCA11" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 -\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 -\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 -\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 -\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 -\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 -\272\163\303\255\164\166\303\241\156\171 +\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040 +\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 +\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032 +\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147 +\156\040\122\157\157\164\103\101\061\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 -\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 -\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 -\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 -\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 -\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 -\272\163\303\255\164\166\303\241\156\171 +\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040 +\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 +\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032 +\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147 +\156\040\122\157\157\164\103\101\061\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\006\111\101\054\344\000\020 +\002\001\001 END CKA_VALUE MULTILINE_OCTAL -\060\202\004\025\060\202\002\375\240\003\002\001\002\002\006\111 -\101\054\344\000\020\060\015\006\011\052\206\110\206\367\015\001 -\001\013\005\000\060\201\247\061\013\060\011\006\003\125\004\006 -\023\002\110\125\061\021\060\017\006\003\125\004\007\014\010\102 -\165\144\141\160\145\163\164\061\025\060\023\006\003\125\004\012 -\014\014\116\145\164\114\157\143\153\040\113\146\164\056\061\067 -\060\065\006\003\125\004\013\014\056\124\141\156\303\272\163\303 -\255\164\166\303\241\156\171\153\151\141\144\303\263\153\040\050 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\051\061\065\060\063\006\003\125\004\003 -\014\054\116\145\164\114\157\143\153\040\101\162\141\156\171\040 -\050\103\154\141\163\163\040\107\157\154\144\051\040\106\305\221 -\164\141\156\303\272\163\303\255\164\166\303\241\156\171\060\036 -\027\015\060\070\061\062\061\061\061\065\060\070\062\061\132\027 -\015\062\070\061\062\060\066\061\065\060\070\062\061\132\060\201 -\247\061\013\060\011\006\003\125\004\006\023\002\110\125\061\021 -\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145\163 -\164\061\025\060\023\006\003\125\004\012\014\014\116\145\164\114 -\157\143\153\040\113\146\164\056\061\067\060\065\006\003\125\004 -\013\014\056\124\141\156\303\272\163\303\255\164\166\303\241\156 -\171\153\151\141\144\303\263\153\040\050\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\123\145\162\166\151\143\145\163 -\051\061\065\060\063\006\003\125\004\003\014\054\116\145\164\114 -\157\143\153\040\101\162\141\156\171\040\050\103\154\141\163\163 -\040\107\157\154\144\051\040\106\305\221\164\141\156\303\272\163 -\303\255\164\166\303\241\156\171\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\304\044\136\163\276\113\155 -\024\303\241\364\343\227\220\156\322\060\105\036\074\356\147\331 -\144\340\032\212\177\312\060\312\203\343\040\301\343\364\072\323 -\224\137\032\174\133\155\277\060\117\204\047\366\237\037\111\274 -\306\231\012\220\362\017\365\177\103\204\067\143\121\213\172\245 -\160\374\172\130\315\216\233\355\303\106\154\204\160\135\332\363 -\001\220\043\374\116\060\251\176\341\047\143\347\355\144\074\240 -\270\311\063\143\376\026\220\377\260\270\375\327\250\300\300\224 -\103\013\266\325\131\246\236\126\320\044\037\160\171\257\333\071 -\124\015\145\165\331\025\101\224\001\257\136\354\366\215\361\377 -\255\144\376\040\232\327\134\353\376\246\037\010\144\243\213\166 -\125\255\036\073\050\140\056\207\045\350\252\257\037\306\144\106 -\040\267\160\177\074\336\110\333\226\123\267\071\167\344\032\342 -\307\026\204\166\227\133\057\273\031\025\205\370\151\205\365\231 -\247\251\362\064\247\251\266\246\003\374\157\206\075\124\174\166 -\004\233\153\371\100\135\000\064\307\056\231\165\235\345\210\003 -\252\115\370\003\322\102\166\300\033\002\003\000\250\213\243\105 -\060\103\060\022\006\003\125\035\023\001\001\377\004\010\060\006 -\001\001\377\002\001\004\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 -\024\314\372\147\223\360\266\270\320\245\300\036\363\123\375\214 -\123\337\203\327\226\060\015\006\011\052\206\110\206\367\015\001 -\001\013\005\000\003\202\001\001\000\253\177\356\034\026\251\234 -\074\121\000\240\300\021\010\005\247\231\346\157\001\210\124\141 -\156\361\271\030\255\112\255\376\201\100\043\224\057\373\165\174 -\057\050\113\142\044\201\202\013\365\141\361\034\156\270\141\070 -\353\201\372\142\241\073\132\142\323\224\145\304\341\346\155\202 -\370\057\045\160\262\041\046\301\162\121\037\214\054\303\204\220 -\303\132\217\272\317\364\247\145\245\353\230\321\373\005\262\106 -\165\025\043\152\157\205\143\060\200\360\325\236\037\051\034\302 -\154\260\120\131\135\220\133\073\250\015\060\317\277\175\177\316 -\361\235\203\275\311\106\156\040\246\371\141\121\272\041\057\173 -\276\245\025\143\241\324\225\207\361\236\271\363\211\363\075\205 -\270\270\333\276\265\271\051\371\332\067\005\000\111\224\003\204 -\104\347\277\103\061\317\165\213\045\321\364\246\144\365\222\366 -\253\005\353\075\351\245\013\066\142\332\314\006\137\066\213\266 -\136\061\270\052\373\136\366\161\337\104\046\236\304\346\015\221 -\264\056\165\225\200\121\152\113\060\246\260\142\241\223\361\233 -\330\316\304\143\165\077\131\107\261 +\060\202\003\155\060\202\002\125\240\003\002\001\002\002\001\001 +\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 +\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061\053 +\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040\103 +\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162 +\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032\006 +\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147\156 +\040\122\157\157\164\103\101\061\061\060\036\027\015\060\071\060 +\064\060\070\060\064\065\066\064\067\132\027\015\062\071\060\064 +\060\070\060\064\065\066\064\067\132\060\130\061\013\060\011\006 +\003\125\004\006\023\002\112\120\061\053\060\051\006\003\125\004 +\012\023\042\112\141\160\141\156\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\123\145\162\166\151\143\145\163\054 +\040\111\156\143\056\061\034\060\032\006\003\125\004\003\023\023 +\123\145\143\165\162\145\123\151\147\156\040\122\157\157\164\103 +\101\061\061\060\202\001\042\060\015\006\011\052\206\110\206\367 +\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 +\202\001\001\000\375\167\252\245\034\220\005\073\313\114\233\063 +\213\132\024\105\244\347\220\026\321\337\127\322\041\020\244\027 +\375\337\254\326\037\247\344\333\174\367\354\337\270\003\332\224 +\130\375\135\162\174\214\077\137\001\147\164\025\226\343\002\074 +\207\333\256\313\001\216\302\363\146\306\205\105\364\002\306\072 +\265\142\262\257\372\234\277\244\346\324\200\060\230\363\015\266 +\223\217\251\324\330\066\362\260\374\212\312\054\241\025\063\225 +\061\332\300\033\362\356\142\231\206\143\077\277\335\223\052\203 +\250\166\271\023\037\267\316\116\102\205\217\042\347\056\032\362 +\225\011\262\005\265\104\116\167\241\040\275\251\362\116\012\175 +\120\255\365\005\015\105\117\106\161\375\050\076\123\373\004\330 +\055\327\145\035\112\033\372\317\073\260\061\232\065\156\310\213 +\006\323\000\221\362\224\010\145\114\261\064\006\000\172\211\342 +\360\307\003\131\317\325\326\350\247\062\263\346\230\100\206\305 +\315\047\022\213\314\173\316\267\021\074\142\140\007\043\076\053 +\100\156\224\200\011\155\266\263\157\167\157\065\010\120\373\002 +\207\305\076\211\002\003\001\000\001\243\102\060\100\060\035\006 +\003\125\035\016\004\026\004\024\133\370\115\117\262\245\206\324 +\072\322\361\143\232\240\276\011\366\127\267\336\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003 +\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006 +\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001 +\000\240\241\070\026\146\056\247\126\037\041\234\006\372\035\355 +\271\042\305\070\046\330\116\117\354\243\177\171\336\106\041\241 +\207\167\217\007\010\232\262\244\305\257\017\062\230\013\174\146 +\051\266\233\175\045\122\111\103\253\114\056\053\156\172\160\257 +\026\016\343\002\154\373\102\346\030\235\105\330\125\310\350\073 +\335\347\341\364\056\013\034\064\134\154\130\112\373\214\210\120 +\137\225\034\277\355\253\042\265\145\263\205\272\236\017\270\255 +\345\172\033\212\120\072\035\275\015\274\173\124\120\013\271\102 +\257\125\240\030\201\255\145\231\357\276\344\234\277\304\205\253 +\101\262\124\157\334\045\315\355\170\342\216\014\215\011\111\335 +\143\173\132\151\226\002\041\250\275\122\131\351\175\065\313\310 +\122\312\177\201\376\331\153\323\367\021\355\045\337\370\347\371 +\244\372\162\227\204\123\015\245\320\062\030\121\166\131\024\154 +\017\353\354\137\200\214\165\103\203\303\205\230\377\114\236\055 +\015\344\167\203\223\116\265\226\007\213\050\023\233\214\031\215 +\101\047\111\100\356\336\346\043\104\071\334\241\042\326\272\003 +\362 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "NetLock Arany (Class Gold) FÅ‘tanúsítvány" -# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -# Serial Number:49:41:2c:e4:00:10 -# Subject: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -# Not Valid Before: Thu Dec 11 15:08:21 2008 -# Not Valid After : Wed Dec 06 15:08:21 2028 -# Fingerprint (MD5): C5:A1:B7:FF:73:DD:D6:D7:34:32:18:DF:FC:3C:AD:88 -# Fingerprint (SHA1): 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 +# Trust for Certificate "SecureSign RootCA11" +# Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP +# Serial Number: 1 (0x1) +# Subject: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP +# Not Valid Before: Wed Apr 08 04:56:47 2009 +# Not Valid After : Sun Apr 08 04:56:47 2029 +# Fingerprint (MD5): B7:52:74:E2:92:B4:80:93:F2:75:E4:CC:D7:F2:EA:26 +# Fingerprint (SHA1): 3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Arany (Class Gold) FÅ‘tanúsítvány" +CKA_LABEL UTF8 "SecureSign RootCA11" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\006\010\077\131\077\025\241\004\240\151\244\153\251\003\320\006 -\267\227\011\221 +\073\304\237\110\370\363\163\240\234\036\275\370\133\261\303\145 +\307\330\021\263 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\305\241\267\377\163\335\326\327\064\062\030\337\374\074\255\210 +\267\122\164\342\222\264\200\223\362\165\344\314\327\362\352\046 END CKA_ISSUER MULTILINE_OCTAL -\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 -\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 -\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 -\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 -\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 -\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 -\272\163\303\255\164\166\303\241\156\171 +\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040 +\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 +\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032 +\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147 +\156\040\122\157\157\164\103\101\061\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\006\111\101\054\344\000\020 +\002\001\001 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Staat der Nederlanden Root CA - G2" +# Certificate "Microsec e-Szigno Root CA 2009" # -# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Serial Number: 10000012 (0x98968c) -# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Not Valid Before: Wed Mar 26 11:18:17 2008 -# Not Valid After : Wed Mar 25 11:03:10 2020 -# Fingerprint (MD5): 7C:A5:0F:F8:5B:9A:7D:6D:30:AE:54:5A:E3:42:A2:8A -# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16 +# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU +# Serial Number:00:c2:7e:43:04:4e:47:3f:19 +# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU +# Not Valid Before: Tue Jun 16 11:30:18 2009 +# Not Valid After : Sun Dec 30 11:30:18 2029 +# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1 +# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2" +CKA_LABEL UTF8 "Microsec e-Szigno Root CA 2009" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\062 +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125 +\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 +\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151 +\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006 +\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145 +\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040 +\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015 +\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147 +\156\157\056\150\165 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\062 +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125 +\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 +\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151 +\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006 +\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145 +\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040 +\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015 +\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147 +\156\157\056\150\165 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\226\214 +\002\011\000\302\176\103\004\116\107\077\031 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\312\060\202\003\262\240\003\002\001\002\002\004\000 -\230\226\214\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116 -\114\061\036\060\034\006\003\125\004\012\014\025\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\061\053\060\051\006\003\125\004\003\014\042\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\040\122\157\157\164\040\103\101\040\055\040\107\062\060\036 -\027\015\060\070\060\063\062\066\061\061\061\070\061\067\132\027 -\015\062\060\060\063\062\065\061\061\060\063\061\060\132\060\132 -\061\013\060\011\006\003\125\004\006\023\002\116\114\061\036\060 -\034\006\003\125\004\012\014\025\123\164\141\141\164\040\144\145 -\162\040\116\145\144\145\162\154\141\156\144\145\156\061\053\060 -\051\006\003\125\004\003\014\042\123\164\141\141\164\040\144\145 -\162\040\116\145\144\145\162\154\141\156\144\145\156\040\122\157 -\157\164\040\103\101\040\055\040\107\062\060\202\002\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 -\017\000\060\202\002\012\002\202\002\001\000\305\131\347\157\165 -\252\076\113\234\265\270\254\236\013\344\371\331\312\253\135\217 -\265\071\020\202\327\257\121\340\073\341\000\110\152\317\332\341 -\006\103\021\231\252\024\045\022\255\042\350\000\155\103\304\251 -\270\345\037\211\113\147\275\141\110\357\375\322\340\140\210\345 -\271\030\140\050\303\167\053\255\260\067\252\067\336\144\131\052 -\106\127\344\113\271\370\067\174\325\066\347\200\301\266\363\324 -\147\233\226\350\316\327\306\012\123\320\153\111\226\363\243\013 -\005\167\110\367\045\345\160\254\060\024\040\045\343\177\165\132 -\345\110\370\116\173\003\007\004\372\202\141\207\156\360\073\304 -\244\307\320\365\164\076\245\135\032\010\362\233\045\322\366\254 -\004\046\076\125\072\142\050\245\173\262\060\257\370\067\302\321 -\272\326\070\375\364\357\111\060\067\231\046\041\110\205\001\251 -\345\026\347\334\220\125\337\017\350\070\315\231\067\041\117\135 -\365\042\157\152\305\022\026\140\027\125\362\145\146\246\247\060 -\221\070\301\070\035\206\004\204\272\032\045\170\136\235\257\314 -\120\140\326\023\207\122\355\143\037\155\145\175\302\025\030\164 -\312\341\176\144\051\214\162\330\026\023\175\013\111\112\361\050 -\033\040\164\153\305\075\335\260\252\110\011\075\056\202\224\315 -\032\145\331\053\210\232\231\274\030\176\237\356\175\146\174\076 -\275\224\270\201\316\315\230\060\170\301\157\147\320\276\137\340 -\150\355\336\342\261\311\054\131\170\222\252\337\053\140\143\362 -\345\136\271\343\312\372\177\120\206\076\242\064\030\014\011\150 -\050\021\034\344\341\271\134\076\107\272\062\077\030\314\133\204 -\365\363\153\164\304\162\164\341\343\213\240\112\275\215\146\057 -\352\255\065\332\040\323\210\202\141\360\022\042\266\274\320\325 -\244\354\257\124\210\045\044\074\247\155\261\162\051\077\076\127 -\246\177\125\257\156\046\306\376\347\314\100\134\121\104\201\012 -\170\336\112\316\125\277\035\325\331\267\126\357\360\166\377\013 -\171\265\257\275\373\251\151\221\106\227\150\200\024\066\035\263 -\177\273\051\230\066\245\040\372\202\140\142\063\244\354\326\272 -\007\247\156\305\317\024\246\347\326\222\064\330\201\365\374\035 -\135\252\134\036\366\243\115\073\270\367\071\002\003\001\000\001 -\243\201\227\060\201\224\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\122\006\003\125\035\040\004\113 -\060\111\060\107\006\004\125\035\040\000\060\077\060\075\006\010 -\053\006\001\005\005\007\002\001\026\061\150\164\164\160\072\057 -\057\167\167\167\056\160\153\151\157\166\145\162\150\145\151\144 -\056\156\154\057\160\157\154\151\143\151\145\163\057\162\157\157 -\164\055\160\157\154\151\143\171\055\107\062\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\221\150\062\207\025\035\211\342\265\361 -\254\066\050\064\215\013\174\142\210\353\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\003\202\002\001\000\250\101 -\112\147\052\222\201\202\120\156\341\327\330\263\071\073\363\002 -\025\011\120\121\357\055\275\044\173\210\206\073\371\264\274\222 -\011\226\271\366\300\253\043\140\006\171\214\021\116\121\322\171 -\200\063\373\235\110\276\354\101\103\201\037\176\107\100\034\345 -\172\010\312\252\213\165\255\024\304\302\350\146\074\202\007\247 -\346\047\202\133\030\346\017\156\331\120\076\212\102\030\051\306 -\264\126\374\126\020\240\005\027\275\014\043\177\364\223\355\234 -\032\121\276\335\105\101\277\221\044\264\037\214\351\137\317\173 -\041\231\237\225\237\071\072\106\034\154\371\315\173\234\220\315 -\050\251\307\251\125\273\254\142\064\142\065\023\113\024\072\125 -\203\271\206\215\222\246\306\364\007\045\124\314\026\127\022\112 -\202\170\310\024\331\027\202\046\055\135\040\037\171\256\376\324 -\160\026\026\225\203\330\065\071\377\122\135\165\034\026\305\023 -\125\317\107\314\165\145\122\112\336\360\260\247\344\012\226\013 -\373\255\302\342\045\204\262\335\344\275\176\131\154\233\360\360 -\330\347\312\362\351\227\070\176\211\276\314\373\071\027\141\077 -\162\333\072\221\330\145\001\031\035\255\120\244\127\012\174\113 -\274\234\161\163\052\105\121\031\205\314\216\375\107\247\164\225 -\035\250\321\257\116\027\261\151\046\302\252\170\127\133\305\115 -\247\345\236\005\027\224\312\262\137\240\111\030\215\064\351\046 -\154\110\036\252\150\222\005\341\202\163\132\233\334\007\133\010 -\155\175\235\327\215\041\331\374\024\040\252\302\105\337\077\347 -\000\262\121\344\302\370\005\271\171\032\214\064\363\236\133\344 -\067\133\153\112\337\054\127\212\100\132\066\272\335\165\104\010 -\067\102\160\014\376\334\136\041\240\243\212\300\220\234\150\332 -\120\346\105\020\107\170\266\116\322\145\311\303\067\337\341\102 -\143\260\127\067\105\055\173\212\234\277\005\352\145\125\063\367 -\071\020\305\050\052\041\172\033\212\304\044\371\077\025\310\232 -\025\040\365\125\142\226\355\155\223\120\274\344\252\170\255\331 -\313\012\145\207\246\146\301\304\201\243\167\072\130\036\013\356 -\203\213\235\036\322\122\244\314\035\157\260\230\155\224\061\265 -\370\161\012\334\271\374\175\062\140\346\353\257\212\001 +\060\202\004\012\060\202\002\362\240\003\002\001\002\002\011\000 +\302\176\103\004\116\107\077\031\060\015\006\011\052\206\110\206 +\367\015\001\001\013\005\000\060\201\202\061\013\060\011\006\003 +\125\004\006\023\002\110\125\061\021\060\017\006\003\125\004\007 +\014\010\102\165\144\141\160\145\163\164\061\026\060\024\006\003 +\125\004\012\014\015\115\151\143\162\157\163\145\143\040\114\164 +\144\056\061\047\060\045\006\003\125\004\003\014\036\115\151\143 +\162\157\163\145\143\040\145\055\123\172\151\147\156\157\040\122 +\157\157\164\040\103\101\040\062\060\060\071\061\037\060\035\006 +\011\052\206\110\206\367\015\001\011\001\026\020\151\156\146\157 +\100\145\055\163\172\151\147\156\157\056\150\165\060\036\027\015 +\060\071\060\066\061\066\061\061\063\060\061\070\132\027\015\062 +\071\061\062\063\060\061\061\063\060\061\070\132\060\201\202\061 +\013\060\011\006\003\125\004\006\023\002\110\125\061\021\060\017 +\006\003\125\004\007\014\010\102\165\144\141\160\145\163\164\061 +\026\060\024\006\003\125\004\012\014\015\115\151\143\162\157\163 +\145\143\040\114\164\144\056\061\047\060\045\006\003\125\004\003 +\014\036\115\151\143\162\157\163\145\143\040\145\055\123\172\151 +\147\156\157\040\122\157\157\164\040\103\101\040\062\060\060\071 +\061\037\060\035\006\011\052\206\110\206\367\015\001\011\001\026 +\020\151\156\146\157\100\145\055\163\172\151\147\156\157\056\150 +\165\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001 +\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001 +\001\000\351\370\217\363\143\255\332\206\330\247\340\102\373\317 +\221\336\246\046\370\231\245\143\160\255\233\256\312\063\100\175 +\155\226\156\241\016\104\356\341\023\235\224\102\122\232\275\165 +\205\164\054\250\016\035\223\266\030\267\214\054\250\317\373\134 +\161\271\332\354\376\350\176\217\344\057\035\262\250\165\207\330 +\267\241\345\073\317\231\112\106\320\203\031\175\300\241\022\034 +\225\155\112\364\330\307\245\115\063\056\205\071\100\165\176\024 +\174\200\022\230\120\307\101\147\270\240\200\141\124\246\154\116 +\037\340\235\016\007\351\311\272\063\347\376\300\125\050\054\002 +\200\247\031\365\236\334\125\123\003\227\173\007\110\377\231\373 +\067\212\044\304\131\314\120\020\143\216\252\251\032\260\204\032 +\206\371\137\273\261\120\156\244\321\012\314\325\161\176\037\247 +\033\174\365\123\156\042\137\313\053\346\324\174\135\256\326\302 +\306\114\345\005\001\331\355\127\374\301\043\171\374\372\310\044 +\203\225\363\265\152\121\001\320\167\326\351\022\241\371\032\203 +\373\202\033\271\260\227\364\166\006\063\103\111\240\377\013\265 +\372\265\002\003\001\000\001\243\201\200\060\176\060\017\006\003 +\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006 +\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006 +\003\125\035\016\004\026\004\024\313\017\306\337\102\103\314\075 +\313\265\110\043\241\032\172\246\052\273\064\150\060\037\006\003 +\125\035\043\004\030\060\026\200\024\313\017\306\337\102\103\314 +\075\313\265\110\043\241\032\172\246\052\273\064\150\060\033\006 +\003\125\035\021\004\024\060\022\201\020\151\156\146\157\100\145 +\055\163\172\151\147\156\157\056\150\165\060\015\006\011\052\206 +\110\206\367\015\001\001\013\005\000\003\202\001\001\000\311\321 +\016\136\056\325\314\263\174\076\313\374\075\377\015\050\225\223 +\004\310\277\332\315\171\270\103\220\360\244\276\357\362\357\041 +\230\274\324\324\135\006\366\356\102\354\060\154\240\252\251\312 +\361\257\212\372\077\013\163\152\076\352\056\100\176\037\256\124 +\141\171\353\056\010\067\327\043\363\214\237\276\035\261\341\244 +\165\333\240\342\124\024\261\272\034\051\244\030\366\022\272\242 +\024\024\343\061\065\310\100\377\267\340\005\166\127\301\034\131 +\362\370\277\344\355\045\142\134\204\360\176\176\037\263\276\371 +\267\041\021\314\003\001\126\160\247\020\222\036\033\064\201\036 +\255\234\032\303\004\074\355\002\141\326\036\006\363\137\072\207 +\362\053\361\105\207\345\075\254\321\307\127\204\275\153\256\334 +\330\371\266\033\142\160\013\075\066\311\102\362\062\327\172\141 +\346\322\333\075\317\310\251\311\233\334\333\130\104\327\157\070 +\257\177\170\323\243\255\032\165\272\034\301\066\174\217\036\155 +\034\303\165\106\256\065\005\246\366\134\075\041\356\126\360\311 +\202\042\055\172\124\253\160\303\175\042\145\202\160\226 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "Staat der Nederlanden Root CA - G2" -# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Serial Number: 10000012 (0x98968c) -# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Not Valid Before: Wed Mar 26 11:18:17 2008 -# Not Valid After : Wed Mar 25 11:03:10 2020 -# Fingerprint (MD5): 7C:A5:0F:F8:5B:9A:7D:6D:30:AE:54:5A:E3:42:A2:8A -# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16 +# Trust for Certificate "Microsec e-Szigno Root CA 2009" +# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU +# Serial Number:00:c2:7e:43:04:4e:47:3f:19 +# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU +# Not Valid Before: Tue Jun 16 11:30:18 2009 +# Not Valid After : Sun Dec 30 11:30:18 2029 +# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1 +# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2" +CKA_LABEL UTF8 "Microsec e-Szigno Root CA 2009" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\131\257\202\171\221\206\307\264\165\007\313\317\003\127\106\353 -\004\335\267\026 +\211\337\164\376\134\364\017\112\200\371\343\067\175\124\332\221 +\341\001\061\216 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\174\245\017\370\133\232\175\155\060\256\124\132\343\102\242\212 +\370\111\364\003\274\104\055\203\276\110\151\175\051\144\374\261 END CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\062 +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125 +\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 +\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151 +\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006 +\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145 +\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040 +\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015 +\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147 +\156\157\056\150\165 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\226\214 +\002\011\000\302\176\103\004\116\107\077\031 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -9324,534 +8791,689 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Hongkong Post Root CA 1" +# Certificate "GlobalSign Root CA - R3" # -# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Serial Number: 1000 (0x3e8) -# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Not Valid Before: Thu May 15 05:13:14 2003 -# Not Valid After : Mon May 15 04:52:29 2023 -# Fingerprint (MD5): A8:0D:6F:39:78:B9:43:6D:77:42:6D:98:5A:CC:23:CA -# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 +# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 +# Serial Number:04:00:00:00:00:01:21:58:53:08:a2 +# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 +# Not Valid Before: Wed Mar 18 10:00:00 2009 +# Not Valid After : Sun Mar 18 10:00:00 2029 +# Fingerprint (MD5): C5:DF:B8:49:CA:05:13:55:EE:2D:BA:1A:C3:3E:B0:28 +# Fingerprint (SHA1): D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hongkong Post Root CA 1" +CKA_LABEL UTF8 "GlobalSign Root CA - R3" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061 +\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 +\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 +\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107 +\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 +\004\003\023\012\107\154\157\142\141\154\123\151\147\156 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061 +\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 +\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 +\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107 +\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 +\004\003\023\012\107\154\157\142\141\154\123\151\147\156 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\003\350 +\002\013\004\000\000\000\000\001\041\130\123\010\242 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\060\060\202\002\030\240\003\002\001\002\002\002\003 -\350\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061\060\036\027\015\060\063\060 -\065\061\065\060\065\061\063\061\064\132\027\015\062\063\060\065 -\061\065\060\064\065\062\062\071\132\060\107\061\013\060\011\006 -\003\125\004\006\023\002\110\113\061\026\060\024\006\003\125\004 -\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164 -\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153 -\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101 -\040\061\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\254\377\070\266\351\146\002\111\343\242\264\341\220 -\371\100\217\171\371\342\275\171\376\002\275\356\044\222\035\042 -\366\332\205\162\151\376\327\077\011\324\335\221\265\002\234\320 -\215\132\341\125\303\120\206\271\051\046\302\343\331\240\361\151 -\003\050\040\200\105\042\055\126\247\073\124\225\126\042\131\037 -\050\337\037\040\075\155\242\066\276\043\240\261\156\265\261\047 -\077\071\123\011\352\253\152\350\164\262\302\145\134\216\277\174 -\303\170\204\315\236\026\374\365\056\117\040\052\010\237\167\363 -\305\036\304\232\122\146\036\110\136\343\020\006\217\042\230\341 -\145\216\033\135\043\146\073\270\245\062\121\310\206\252\241\251 -\236\177\166\224\302\246\154\267\101\360\325\310\006\070\346\324 -\014\342\363\073\114\155\120\214\304\203\047\301\023\204\131\075 -\236\165\164\266\330\002\136\072\220\172\300\102\066\162\354\152 -\115\334\357\304\000\337\023\030\127\137\046\170\310\326\012\171 -\167\277\367\257\267\166\271\245\013\204\027\135\020\352\157\341 -\253\225\021\137\155\074\243\134\115\203\133\362\263\031\212\200 -\213\013\207\002\003\001\000\001\243\046\060\044\060\022\006\003 -\125\035\023\001\001\377\004\010\060\006\001\001\377\002\001\003 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\306 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\016\106\325\074\256\342\207\331\136\201\213\002 -\230\101\010\214\114\274\332\333\356\047\033\202\347\152\105\354 -\026\213\117\205\240\363\262\160\275\132\226\272\312\156\155\356 -\106\213\156\347\052\056\226\263\031\063\353\264\237\250\262\067 -\356\230\250\227\266\056\266\147\047\324\246\111\375\034\223\145 -\166\236\102\057\334\042\154\232\117\362\132\025\071\261\161\327 -\053\121\350\155\034\230\300\331\052\364\241\202\173\325\311\101 -\242\043\001\164\070\125\213\017\271\056\147\242\040\004\067\332 -\234\013\323\027\041\340\217\227\171\064\157\204\110\002\040\063 -\033\346\064\104\237\221\160\364\200\136\204\103\302\051\322\154 -\022\024\344\141\215\254\020\220\236\204\120\273\360\226\157\105 -\237\212\363\312\154\117\372\021\072\025\025\106\303\315\037\203 -\133\055\101\022\355\120\147\101\023\075\041\253\224\212\252\116 -\174\301\261\373\247\326\265\047\057\227\253\156\340\035\342\321 -\034\054\037\104\342\374\276\221\241\234\373\326\051\123\163\206 -\237\123\330\103\016\135\326\143\202\161\035\200\164\312\366\342 -\002\153\331\132 +\060\202\003\137\060\202\002\107\240\003\002\001\002\002\013\004 +\000\000\000\000\001\041\130\123\010\242\060\015\006\011\052\206 +\110\206\367\015\001\001\013\005\000\060\114\061\040\060\036\006 +\003\125\004\013\023\027\107\154\157\142\141\154\123\151\147\156 +\040\122\157\157\164\040\103\101\040\055\040\122\063\061\023\060 +\021\006\003\125\004\012\023\012\107\154\157\142\141\154\123\151 +\147\156\061\023\060\021\006\003\125\004\003\023\012\107\154\157 +\142\141\154\123\151\147\156\060\036\027\015\060\071\060\063\061 +\070\061\060\060\060\060\060\132\027\015\062\071\060\063\061\070 +\061\060\060\060\060\060\132\060\114\061\040\060\036\006\003\125 +\004\013\023\027\107\154\157\142\141\154\123\151\147\156\040\122 +\157\157\164\040\103\101\040\055\040\122\063\061\023\060\021\006 +\003\125\004\012\023\012\107\154\157\142\141\154\123\151\147\156 +\061\023\060\021\006\003\125\004\003\023\012\107\154\157\142\141 +\154\123\151\147\156\060\202\001\042\060\015\006\011\052\206\110 +\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 +\012\002\202\001\001\000\314\045\166\220\171\006\170\042\026\365 +\300\203\266\204\312\050\236\375\005\166\021\305\255\210\162\374 +\106\002\103\307\262\212\235\004\137\044\313\056\113\341\140\202 +\106\341\122\253\014\201\107\160\154\335\144\321\353\365\054\243 +\017\202\075\014\053\256\227\327\266\024\206\020\171\273\073\023 +\200\167\214\010\341\111\322\152\142\057\037\136\372\226\150\337 +\211\047\225\070\237\006\327\076\311\313\046\131\015\163\336\260 +\310\351\046\016\203\025\306\357\133\213\322\004\140\312\111\246 +\050\366\151\073\366\313\310\050\221\345\235\212\141\127\067\254 +\164\024\334\164\340\072\356\162\057\056\234\373\320\273\277\365 +\075\000\341\006\063\350\202\053\256\123\246\072\026\163\214\335 +\101\016\040\072\300\264\247\241\351\262\117\220\056\062\140\351 +\127\313\271\004\222\150\150\345\070\046\140\165\262\237\167\377 +\221\024\357\256\040\111\374\255\100\025\110\321\002\061\141\031 +\136\270\227\357\255\167\267\144\232\172\277\137\301\023\357\233 +\142\373\015\154\340\124\151\026\251\003\332\156\351\203\223\161 +\166\306\151\205\202\027\002\003\001\000\001\243\102\060\100\060 +\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 +\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 +\060\035\006\003\125\035\016\004\026\004\024\217\360\113\177\250 +\056\105\044\256\115\120\372\143\232\213\336\342\335\033\274\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 +\001\001\000\113\100\333\300\120\252\376\310\014\357\367\226\124 +\105\111\273\226\000\011\101\254\263\023\206\206\050\007\063\312 +\153\346\164\271\272\000\055\256\244\012\323\365\361\361\017\212 +\277\163\147\112\203\307\104\173\170\340\257\156\154\157\003\051 +\216\063\071\105\303\216\344\271\127\154\252\374\022\226\354\123 +\306\055\344\044\154\271\224\143\373\334\123\150\147\126\076\203 +\270\317\065\041\303\311\150\376\316\332\302\123\252\314\220\212 +\351\360\135\106\214\225\335\172\130\050\032\057\035\336\315\000 +\067\101\217\355\104\155\327\123\050\227\176\363\147\004\036\025 +\327\212\226\264\323\336\114\047\244\114\033\163\163\166\364\027 +\231\302\037\172\016\343\055\010\255\012\034\054\377\074\253\125 +\016\017\221\176\066\353\303\127\111\276\341\056\055\174\140\213 +\303\101\121\023\043\235\316\367\062\153\224\001\250\231\347\054 +\063\037\072\073\045\322\206\100\316\073\054\206\170\311\141\057 +\024\272\356\333\125\157\337\204\356\005\011\115\275\050\330\162 +\316\323\142\120\145\036\353\222\227\203\061\331\263\265\312\107 +\130\077\137 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "Hongkong Post Root CA 1" -# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Serial Number: 1000 (0x3e8) -# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Not Valid Before: Thu May 15 05:13:14 2003 -# Not Valid After : Mon May 15 04:52:29 2023 -# Fingerprint (MD5): A8:0D:6F:39:78:B9:43:6D:77:42:6D:98:5A:CC:23:CA -# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 +# Trust for Certificate "GlobalSign Root CA - R3" +# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 +# Serial Number:04:00:00:00:00:01:21:58:53:08:a2 +# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 +# Not Valid Before: Wed Mar 18 10:00:00 2009 +# Not Valid After : Sun Mar 18 10:00:00 2029 +# Fingerprint (MD5): C5:DF:B8:49:CA:05:13:55:EE:2D:BA:1A:C3:3E:B0:28 +# Fingerprint (SHA1): D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hongkong Post Root CA 1" +CKA_LABEL UTF8 "GlobalSign Root CA - R3" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\326\332\250\040\215\011\322\025\115\044\265\057\313\064\156\262 -\130\262\212\130 +\326\233\126\021\110\360\034\167\305\105\170\301\011\046\337\133 +\205\151\166\255 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\250\015\157\071\170\271\103\155\167\102\155\230\132\314\043\312 +\305\337\270\111\312\005\023\125\356\055\272\032\303\076\260\050 END CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061 +\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 +\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 +\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107 +\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 +\004\003\023\012\107\154\157\142\141\154\123\151\147\156 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\003\350 +\002\013\004\000\000\000\000\001\041\130\123\010\242 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "SecureSign RootCA11" +# Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # -# Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP -# Serial Number: 1 (0x1) -# Subject: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP -# Not Valid Before: Wed Apr 08 04:56:47 2009 -# Not Valid After : Sun Apr 08 04:56:47 2029 -# Fingerprint (MD5): B7:52:74:E2:92:B4:80:93:F2:75:E4:CC:D7:F2:EA:26 -# Fingerprint (SHA1): 3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3 +# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES +# Serial Number:53:ec:3b:ee:fb:b2:48:5f +# Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES +# Not Valid Before: Wed May 20 08:38:15 2009 +# Not Valid After : Tue Dec 31 08:38:15 2030 +# Fingerprint (MD5): 73:3A:74:7A:EC:BB:A3:96:A6:C2:E4:E2:C8:9B:C0:C3 +# Fingerprint (SHA1): AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SecureSign RootCA11" +CKA_LABEL UTF8 "Autoridad de Certificacion Firmaprofesional CIF A62634068" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032 -\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147 -\156\040\122\157\157\164\103\101\061\061 +\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 +\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 +\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 +\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 +\060\066\070 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032 -\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147 -\156\040\122\157\157\164\103\101\061\061 +\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 +\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 +\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 +\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 +\060\066\070 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 +\002\010\123\354\073\356\373\262\110\137 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\155\060\202\002\125\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061\053 -\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162 -\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032\006 -\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147\156 -\040\122\157\157\164\103\101\061\061\060\036\027\015\060\071\060 -\064\060\070\060\064\065\066\064\067\132\027\015\062\071\060\064 -\060\070\060\064\065\066\064\067\132\060\130\061\013\060\011\006 -\003\125\004\006\023\002\112\120\061\053\060\051\006\003\125\004 -\012\023\042\112\141\160\141\156\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\123\145\162\166\151\143\145\163\054 -\040\111\156\143\056\061\034\060\032\006\003\125\004\003\023\023 -\123\145\143\165\162\145\123\151\147\156\040\122\157\157\164\103 -\101\061\061\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\375\167\252\245\034\220\005\073\313\114\233\063 -\213\132\024\105\244\347\220\026\321\337\127\322\041\020\244\027 -\375\337\254\326\037\247\344\333\174\367\354\337\270\003\332\224 -\130\375\135\162\174\214\077\137\001\147\164\025\226\343\002\074 -\207\333\256\313\001\216\302\363\146\306\205\105\364\002\306\072 -\265\142\262\257\372\234\277\244\346\324\200\060\230\363\015\266 -\223\217\251\324\330\066\362\260\374\212\312\054\241\025\063\225 -\061\332\300\033\362\356\142\231\206\143\077\277\335\223\052\203 -\250\166\271\023\037\267\316\116\102\205\217\042\347\056\032\362 -\225\011\262\005\265\104\116\167\241\040\275\251\362\116\012\175 -\120\255\365\005\015\105\117\106\161\375\050\076\123\373\004\330 -\055\327\145\035\112\033\372\317\073\260\061\232\065\156\310\213 -\006\323\000\221\362\224\010\145\114\261\064\006\000\172\211\342 -\360\307\003\131\317\325\326\350\247\062\263\346\230\100\206\305 -\315\047\022\213\314\173\316\267\021\074\142\140\007\043\076\053 -\100\156\224\200\011\155\266\263\157\167\157\065\010\120\373\002 -\207\305\076\211\002\003\001\000\001\243\102\060\100\060\035\006 -\003\125\035\016\004\026\004\024\133\370\115\117\262\245\206\324 -\072\322\361\143\232\240\276\011\366\127\267\336\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001 -\000\240\241\070\026\146\056\247\126\037\041\234\006\372\035\355 -\271\042\305\070\046\330\116\117\354\243\177\171\336\106\041\241 -\207\167\217\007\010\232\262\244\305\257\017\062\230\013\174\146 -\051\266\233\175\045\122\111\103\253\114\056\053\156\172\160\257 -\026\016\343\002\154\373\102\346\030\235\105\330\125\310\350\073 -\335\347\341\364\056\013\034\064\134\154\130\112\373\214\210\120 -\137\225\034\277\355\253\042\265\145\263\205\272\236\017\270\255 -\345\172\033\212\120\072\035\275\015\274\173\124\120\013\271\102 -\257\125\240\030\201\255\145\231\357\276\344\234\277\304\205\253 -\101\262\124\157\334\045\315\355\170\342\216\014\215\011\111\335 -\143\173\132\151\226\002\041\250\275\122\131\351\175\065\313\310 -\122\312\177\201\376\331\153\323\367\021\355\045\337\370\347\371 -\244\372\162\227\204\123\015\245\320\062\030\121\166\131\024\154 -\017\353\354\137\200\214\165\103\203\303\205\230\377\114\236\055 -\015\344\167\203\223\116\265\226\007\213\050\023\233\214\031\215 -\101\047\111\100\356\336\346\043\104\071\334\241\042\326\272\003 -\362 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "SecureSign RootCA11" -# Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP -# Serial Number: 1 (0x1) -# Subject: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP -# Not Valid Before: Wed Apr 08 04:56:47 2009 -# Not Valid After : Sun Apr 08 04:56:47 2029 -# Fingerprint (MD5): B7:52:74:E2:92:B4:80:93:F2:75:E4:CC:D7:F2:EA:26 -# Fingerprint (SHA1): 3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SecureSign RootCA11" +\060\202\006\024\060\202\003\374\240\003\002\001\002\002\010\123 +\354\073\356\373\262\110\137\060\015\006\011\052\206\110\206\367 +\015\001\001\005\005\000\060\121\061\013\060\011\006\003\125\004 +\006\023\002\105\123\061\102\060\100\006\003\125\004\003\014\071 +\101\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162 +\164\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141 +\160\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040 +\101\066\062\066\063\064\060\066\070\060\036\027\015\060\071\060 +\065\062\060\060\070\063\070\061\065\132\027\015\063\060\061\062 +\063\061\060\070\063\070\061\065\132\060\121\061\013\060\011\006 +\003\125\004\006\023\002\105\123\061\102\060\100\006\003\125\004 +\003\014\071\101\165\164\157\162\151\144\141\144\040\144\145\040 +\103\145\162\164\151\146\151\143\141\143\151\157\156\040\106\151 +\162\155\141\160\162\157\146\145\163\151\157\156\141\154\040\103 +\111\106\040\101\066\062\066\063\064\060\066\070\060\202\002\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\002\017\000\060\202\002\012\002\202\002\001\000\312\226\153 +\216\352\370\373\361\242\065\340\177\114\332\340\303\122\327\175 +\266\020\310\002\136\263\103\052\304\117\152\262\312\034\135\050 +\232\170\021\032\151\131\127\257\265\040\102\344\213\017\346\337 +\133\246\003\222\057\365\021\344\142\327\062\161\070\331\004\014 +\161\253\075\121\176\017\007\337\143\005\134\351\277\224\157\301 +\051\202\300\264\332\121\260\301\074\273\255\067\112\134\312\361 +\113\066\016\044\253\277\303\204\167\375\250\120\364\261\347\306 +\057\322\055\131\215\172\012\116\226\151\122\002\252\066\230\354 +\374\372\024\203\014\067\037\311\222\067\177\327\201\055\345\304 +\271\340\076\064\376\147\364\076\146\321\323\364\100\317\136\142 +\064\017\160\006\076\040\030\132\316\367\162\033\045\154\223\164 +\024\223\243\163\261\016\252\207\020\043\131\137\040\005\031\107 +\355\150\216\222\022\312\135\374\326\053\262\222\074\040\317\341 +\137\257\040\276\240\166\177\166\345\354\032\206\141\063\076\347 +\173\264\077\240\017\216\242\271\152\157\271\207\046\157\101\154 +\210\246\120\375\152\143\013\365\223\026\033\031\217\262\355\233 +\233\311\220\365\001\014\337\031\075\017\076\070\043\311\057\217 +\014\321\002\376\033\125\326\116\320\215\074\257\117\244\363\376 +\257\052\323\005\235\171\010\241\313\127\061\264\234\310\220\262 +\147\364\030\026\223\072\374\107\330\321\170\226\061\037\272\053 +\014\137\135\231\255\143\211\132\044\040\166\330\337\375\253\116 +\246\042\252\235\136\346\047\212\175\150\051\243\347\212\270\332 +\021\273\027\055\231\235\023\044\106\367\305\342\330\237\216\177 +\307\217\164\155\132\262\350\162\365\254\356\044\020\255\057\024 +\332\377\055\232\106\161\107\276\102\337\273\001\333\364\177\323 +\050\217\061\131\133\323\311\002\246\264\122\312\156\227\373\103 +\305\010\046\157\212\364\273\375\237\050\252\015\325\105\363\023 +\072\035\330\300\170\217\101\147\074\036\224\144\256\173\013\305 +\350\331\001\210\071\032\227\206\144\101\325\073\207\014\156\372 +\017\306\275\110\024\277\071\115\324\236\101\266\217\226\035\143 +\226\223\331\225\006\170\061\150\236\067\006\073\200\211\105\141 +\071\043\307\033\104\243\025\345\034\370\222\060\273\002\003\001 +\000\001\243\201\357\060\201\354\060\022\006\003\125\035\023\001 +\001\377\004\010\060\006\001\001\377\002\001\001\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 +\125\035\016\004\026\004\024\145\315\353\253\065\036\000\076\176 +\325\164\300\034\264\163\107\016\032\144\057\060\201\246\006\003 +\125\035\040\004\201\236\060\201\233\060\201\230\006\004\125\035 +\040\000\060\201\217\060\057\006\010\053\006\001\005\005\007\002 +\001\026\043\150\164\164\160\072\057\057\167\167\167\056\146\151 +\162\155\141\160\162\157\146\145\163\151\157\156\141\154\056\143 +\157\155\057\143\160\163\060\134\006\010\053\006\001\005\005\007 +\002\002\060\120\036\116\000\120\000\141\000\163\000\145\000\157 +\000\040\000\144\000\145\000\040\000\154\000\141\000\040\000\102 +\000\157\000\156\000\141\000\156\000\157\000\166\000\141\000\040 +\000\064\000\067\000\040\000\102\000\141\000\162\000\143\000\145 +\000\154\000\157\000\156\000\141\000\040\000\060\000\070\000\060 +\000\061\000\067\060\015\006\011\052\206\110\206\367\015\001\001 +\005\005\000\003\202\002\001\000\027\175\240\371\264\335\305\305 +\353\255\113\044\265\241\002\253\335\245\210\112\262\017\125\113 +\053\127\214\073\345\061\335\376\304\062\361\347\133\144\226\066 +\062\030\354\245\062\167\327\343\104\266\300\021\052\200\271\075 +\152\156\174\233\323\255\374\303\326\243\346\144\051\174\321\341 +\070\036\202\053\377\047\145\257\373\026\025\304\056\161\204\345 +\265\377\372\244\107\275\144\062\273\366\045\204\242\047\102\365 +\040\260\302\023\020\021\315\020\025\272\102\220\052\322\104\341 +\226\046\353\061\110\022\375\052\332\311\006\317\164\036\251\113 +\325\207\050\371\171\064\222\076\056\104\350\366\217\117\217\065 +\077\045\263\071\334\143\052\220\153\040\137\304\122\022\116\227 +\054\052\254\235\227\336\110\362\243\146\333\302\322\203\225\246 +\146\247\236\045\017\351\013\063\221\145\012\132\303\331\124\022 +\335\257\303\116\016\037\046\136\015\334\263\215\354\325\201\160 +\336\322\117\044\005\363\154\116\365\114\111\146\215\321\377\322 +\013\045\101\110\376\121\204\306\102\257\200\004\317\320\176\144 +\111\344\362\337\242\354\261\114\300\052\035\347\264\261\145\242 +\304\274\361\230\364\252\160\007\143\264\270\332\073\114\372\100 +\042\060\133\021\246\360\005\016\306\002\003\110\253\206\233\205 +\335\333\335\352\242\166\200\163\175\365\234\004\304\105\215\347 +\271\034\213\236\352\327\165\321\162\261\336\165\104\347\102\175 +\342\127\153\175\334\231\274\075\203\050\352\200\223\215\305\114 +\145\301\160\201\270\070\374\103\061\262\366\003\064\107\262\254 +\373\042\006\313\036\335\027\107\034\137\146\271\323\032\242\332 +\021\261\244\274\043\311\344\276\207\377\271\224\266\370\135\040 +\112\324\137\347\275\150\173\145\362\025\036\322\072\251\055\351 +\330\153\044\254\227\130\104\107\255\131\030\361\041\145\160\336 +\316\064\140\250\100\361\363\074\244\303\050\043\214\376\047\063 +\103\100\240\027\074\353\352\073\260\162\246\243\271\112\113\136 +\026\110\364\262\274\310\214\222\305\235\237\254\162\066\274\064 +\200\064\153\251\213\222\300\270\027\355\354\166\123\365\044\001 +\214\263\042\350\113\174\125\306\235\372\243\024\273\145\205\156 +\156\117\022\176\012\074\235\225 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" +# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES +# Serial Number:53:ec:3b:ee:fb:b2:48:5f +# Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES +# Not Valid Before: Wed May 20 08:38:15 2009 +# Not Valid After : Tue Dec 31 08:38:15 2030 +# Fingerprint (MD5): 73:3A:74:7A:EC:BB:A3:96:A6:C2:E4:E2:C8:9B:C0:C3 +# Fingerprint (SHA1): AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Autoridad de Certificacion Firmaprofesional CIF A62634068" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\073\304\237\110\370\363\163\240\234\036\275\370\133\261\303\145 -\307\330\021\263 +\256\305\373\077\310\341\277\304\345\117\003\007\132\232\350\000 +\267\367\266\372 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\267\122\164\342\222\264\200\223\362\165\344\314\327\362\352\046 +\163\072\164\172\354\273\243\226\246\302\344\342\310\233\300\303 END CKA_ISSUER MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032 -\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147 -\156\040\122\157\157\164\103\101\061\061 +\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 +\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 +\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 +\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 +\060\066\070 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 +\002\010\123\354\073\356\373\262\110\137 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Microsec e-Szigno Root CA 2009" +# Certificate "Izenpe.com" # -# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -# Serial Number:00:c2:7e:43:04:4e:47:3f:19 -# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -# Not Valid Before: Tue Jun 16 11:30:18 2009 -# Not Valid After : Sun Dec 30 11:30:18 2029 -# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1 -# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E +# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES +# Serial Number:00:b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d +# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES +# Not Valid Before: Thu Dec 13 13:08:28 2007 +# Not Valid After : Sun Dec 13 08:27:25 2037 +# Fingerprint (MD5): A6:B0:CD:85:80:DA:5C:50:34:A3:39:90:2F:55:67:73 +# Fingerprint (SHA1): 2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Microsec e-Szigno Root CA 2009" +CKA_LABEL UTF8 "Izenpe.com" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151 -\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006 -\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145 -\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040 -\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015 -\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147 -\156\157\056\150\165 +\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 +\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 +\111\172\145\156\160\145\056\143\157\155 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151 -\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006 -\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145 -\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040 -\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015 -\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147 -\156\157\056\150\165 +\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 +\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 +\111\172\145\156\160\145\056\143\157\155 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\302\176\103\004\116\107\077\031 +\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031 +\346\175 END CKA_VALUE MULTILINE_OCTAL -\060\202\004\012\060\202\002\362\240\003\002\001\002\002\011\000 -\302\176\103\004\116\107\077\031\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\060\201\202\061\013\060\011\006\003 -\125\004\006\023\002\110\125\061\021\060\017\006\003\125\004\007 -\014\010\102\165\144\141\160\145\163\164\061\026\060\024\006\003 -\125\004\012\014\015\115\151\143\162\157\163\145\143\040\114\164 -\144\056\061\047\060\045\006\003\125\004\003\014\036\115\151\143 -\162\157\163\145\143\040\145\055\123\172\151\147\156\157\040\122 -\157\157\164\040\103\101\040\062\060\060\071\061\037\060\035\006 -\011\052\206\110\206\367\015\001\011\001\026\020\151\156\146\157 -\100\145\055\163\172\151\147\156\157\056\150\165\060\036\027\015 -\060\071\060\066\061\066\061\061\063\060\061\070\132\027\015\062 -\071\061\062\063\060\061\061\063\060\061\070\132\060\201\202\061 -\013\060\011\006\003\125\004\006\023\002\110\125\061\021\060\017 -\006\003\125\004\007\014\010\102\165\144\141\160\145\163\164\061 -\026\060\024\006\003\125\004\012\014\015\115\151\143\162\157\163 -\145\143\040\114\164\144\056\061\047\060\045\006\003\125\004\003 -\014\036\115\151\143\162\157\163\145\143\040\145\055\123\172\151 -\147\156\157\040\122\157\157\164\040\103\101\040\062\060\060\071 -\061\037\060\035\006\011\052\206\110\206\367\015\001\011\001\026 -\020\151\156\146\157\100\145\055\163\172\151\147\156\157\056\150 -\165\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001 -\001\000\351\370\217\363\143\255\332\206\330\247\340\102\373\317 -\221\336\246\046\370\231\245\143\160\255\233\256\312\063\100\175 -\155\226\156\241\016\104\356\341\023\235\224\102\122\232\275\165 -\205\164\054\250\016\035\223\266\030\267\214\054\250\317\373\134 -\161\271\332\354\376\350\176\217\344\057\035\262\250\165\207\330 -\267\241\345\073\317\231\112\106\320\203\031\175\300\241\022\034 -\225\155\112\364\330\307\245\115\063\056\205\071\100\165\176\024 -\174\200\022\230\120\307\101\147\270\240\200\141\124\246\154\116 -\037\340\235\016\007\351\311\272\063\347\376\300\125\050\054\002 -\200\247\031\365\236\334\125\123\003\227\173\007\110\377\231\373 -\067\212\044\304\131\314\120\020\143\216\252\251\032\260\204\032 -\206\371\137\273\261\120\156\244\321\012\314\325\161\176\037\247 -\033\174\365\123\156\042\137\313\053\346\324\174\135\256\326\302 -\306\114\345\005\001\331\355\127\374\301\043\171\374\372\310\044 -\203\225\363\265\152\121\001\320\167\326\351\022\241\371\032\203 -\373\202\033\271\260\227\364\166\006\063\103\111\240\377\013\265 -\372\265\002\003\001\000\001\243\201\200\060\176\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006 -\003\125\035\016\004\026\004\024\313\017\306\337\102\103\314\075 -\313\265\110\043\241\032\172\246\052\273\064\150\060\037\006\003 -\125\035\043\004\030\060\026\200\024\313\017\306\337\102\103\314 -\075\313\265\110\043\241\032\172\246\052\273\064\150\060\033\006 -\003\125\035\021\004\024\060\022\201\020\151\156\146\157\100\145 -\055\163\172\151\147\156\157\056\150\165\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\003\202\001\001\000\311\321 -\016\136\056\325\314\263\174\076\313\374\075\377\015\050\225\223 -\004\310\277\332\315\171\270\103\220\360\244\276\357\362\357\041 -\230\274\324\324\135\006\366\356\102\354\060\154\240\252\251\312 -\361\257\212\372\077\013\163\152\076\352\056\100\176\037\256\124 -\141\171\353\056\010\067\327\043\363\214\237\276\035\261\341\244 -\165\333\240\342\124\024\261\272\034\051\244\030\366\022\272\242 -\024\024\343\061\065\310\100\377\267\340\005\166\127\301\034\131 -\362\370\277\344\355\045\142\134\204\360\176\176\037\263\276\371 -\267\041\021\314\003\001\126\160\247\020\222\036\033\064\201\036 -\255\234\032\303\004\074\355\002\141\326\036\006\363\137\072\207 -\362\053\361\105\207\345\075\254\321\307\127\204\275\153\256\334 -\330\371\266\033\142\160\013\075\066\311\102\362\062\327\172\141 -\346\322\333\075\317\310\251\311\233\334\333\130\104\327\157\070 -\257\177\170\323\243\255\032\165\272\034\301\066\174\217\036\155 -\034\303\165\106\256\065\005\246\366\134\075\041\356\126\360\311 -\202\042\055\172\124\253\160\303\175\042\145\202\160\226 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Microsec e-Szigno Root CA 2009" -# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -# Serial Number:00:c2:7e:43:04:4e:47:3f:19 -# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -# Not Valid Before: Tue Jun 16 11:30:18 2009 -# Not Valid After : Sun Dec 30 11:30:18 2029 -# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1 -# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E +\060\202\005\361\060\202\003\331\240\003\002\001\002\002\020\000 +\260\267\132\026\110\137\277\341\313\365\213\327\031\346\175\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\070 +\061\013\060\011\006\003\125\004\006\023\002\105\123\061\024\060 +\022\006\003\125\004\012\014\013\111\132\105\116\120\105\040\123 +\056\101\056\061\023\060\021\006\003\125\004\003\014\012\111\172 +\145\156\160\145\056\143\157\155\060\036\027\015\060\067\061\062 +\061\063\061\063\060\070\062\070\132\027\015\063\067\061\062\061 +\063\060\070\062\067\062\065\132\060\070\061\013\060\011\006\003 +\125\004\006\023\002\105\123\061\024\060\022\006\003\125\004\012 +\014\013\111\132\105\116\120\105\040\123\056\101\056\061\023\060 +\021\006\003\125\004\003\014\012\111\172\145\156\160\145\056\143 +\157\155\060\202\002\042\060\015\006\011\052\206\110\206\367\015 +\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 +\002\001\000\311\323\172\312\017\036\254\247\206\350\026\145\152 +\261\302\033\105\062\161\225\331\376\020\133\314\257\347\245\171 +\001\217\211\303\312\362\125\161\367\167\276\167\224\363\162\244 +\054\104\330\236\222\233\024\072\241\347\044\220\012\012\126\216 +\305\330\046\224\341\331\110\341\055\076\332\012\162\335\243\231 +\025\332\201\242\207\364\173\156\046\167\211\130\255\326\353\014 +\262\101\172\163\156\155\333\172\170\101\351\010\210\022\176\207 +\056\146\021\143\154\124\373\074\235\162\300\274\056\377\302\267 +\335\015\166\343\072\327\367\264\150\276\242\365\343\201\156\301 +\106\157\135\215\340\115\306\124\125\211\032\063\061\012\261\127 +\271\243\212\230\303\354\073\064\305\225\101\151\176\165\302\074 +\040\305\141\272\121\107\240\040\220\223\241\220\113\363\116\174 +\205\105\124\232\321\005\046\101\260\265\115\035\063\276\304\003 +\310\045\174\301\160\333\073\364\011\055\124\047\110\254\057\341 +\304\254\076\310\313\222\114\123\071\067\043\354\323\001\371\340 +\011\104\115\115\144\300\341\015\132\207\042\274\255\033\243\376 +\046\265\025\363\247\374\204\031\351\354\241\210\264\104\151\204 +\203\363\211\321\164\006\251\314\013\326\302\336\047\205\120\046 +\312\027\270\311\172\207\126\054\032\001\036\154\276\023\255\020 +\254\265\044\365\070\221\241\326\113\332\361\273\322\336\107\265 +\361\274\201\366\131\153\317\031\123\351\215\025\313\112\313\251 +\157\104\345\033\101\317\341\206\247\312\320\152\237\274\114\215 +\006\063\132\242\205\345\220\065\240\142\134\026\116\360\343\242 +\372\003\032\264\054\161\263\130\054\336\173\013\333\032\017\353 +\336\041\037\006\167\006\003\260\311\357\231\374\300\271\117\013 +\206\050\376\322\271\352\343\332\245\303\107\151\022\340\333\360 +\366\031\213\355\173\160\327\002\326\355\207\030\050\054\004\044 +\114\167\344\110\212\032\306\073\232\324\017\312\372\165\322\001 +\100\132\215\171\277\213\317\113\317\252\026\301\225\344\255\114 +\212\076\027\221\324\261\142\345\202\345\200\004\244\003\176\215 +\277\332\177\242\017\227\117\014\323\015\373\327\321\345\162\176 +\034\310\167\377\133\232\017\267\256\005\106\345\361\250\026\354 +\107\244\027\002\003\001\000\001\243\201\366\060\201\363\060\201 +\260\006\003\125\035\021\004\201\250\060\201\245\201\017\151\156 +\146\157\100\151\172\145\156\160\145\056\143\157\155\244\201\221 +\060\201\216\061\107\060\105\006\003\125\004\012\014\076\111\132 +\105\116\120\105\040\123\056\101\056\040\055\040\103\111\106\040 +\101\060\061\063\063\067\062\066\060\055\122\115\145\162\143\056 +\126\151\164\157\162\151\141\055\107\141\163\164\145\151\172\040 +\124\061\060\065\065\040\106\066\062\040\123\070\061\103\060\101 +\006\003\125\004\011\014\072\101\166\144\141\040\144\145\154\040 +\115\145\144\151\164\145\162\162\141\156\145\157\040\105\164\157 +\162\142\151\144\145\141\040\061\064\040\055\040\060\061\060\061 +\060\040\126\151\164\157\162\151\141\055\107\141\163\164\145\151 +\172\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\035\006\003\125\035\016\004\026\004\024\035\034\145 +\016\250\362\045\173\264\221\317\344\261\261\346\275\125\164\154 +\005\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 +\003\202\002\001\000\170\246\014\026\112\237\114\210\072\300\313 +\016\245\026\175\237\271\110\137\030\217\015\142\066\366\315\031 +\153\254\253\325\366\221\175\256\161\363\077\263\016\170\205\233 +\225\244\047\041\107\102\112\174\110\072\365\105\174\263\014\216 +\121\170\254\225\023\336\306\375\175\270\032\220\114\253\222\003 +\307\355\102\001\316\017\330\261\372\242\222\341\140\155\256\172 +\153\011\252\306\051\356\150\111\147\060\200\044\172\061\026\071 +\133\176\361\034\056\335\154\011\255\362\061\301\202\116\271\273 +\371\276\277\052\205\077\300\100\243\072\131\374\131\113\074\050 +\044\333\264\025\165\256\015\210\272\056\163\300\275\130\207\345 +\102\362\353\136\356\036\060\042\231\313\067\321\304\041\154\201 +\354\276\155\046\346\034\344\102\040\236\107\260\254\203\131\160 +\054\065\326\257\066\064\264\315\073\370\062\250\357\343\170\211 +\373\215\105\054\332\234\270\176\100\034\141\347\076\242\222\054 +\113\362\315\372\230\266\051\377\363\362\173\251\037\056\240\223 +\127\053\336\205\003\371\151\067\313\236\170\152\005\264\305\061 +\170\211\354\172\247\205\341\271\173\074\336\276\036\171\204\316 +\237\160\016\131\302\065\056\220\052\061\331\344\105\172\101\244 +\056\023\233\064\016\146\173\111\253\144\227\320\106\303\171\235 +\162\120\143\246\230\133\006\275\110\155\330\071\203\160\350\065 +\360\005\321\252\274\343\333\310\002\352\174\375\202\332\302\133 +\122\065\256\230\072\255\272\065\223\043\247\037\110\335\065\106 +\230\262\020\150\344\245\061\302\012\130\056\031\201\020\311\120 +\165\374\352\132\026\316\021\327\356\357\120\210\055\141\377\077 +\102\163\005\224\103\325\216\074\116\001\072\031\245\037\106\116 +\167\320\135\345\201\042\041\207\376\224\175\204\330\223\255\326 +\150\103\110\262\333\353\163\044\347\221\177\124\244\266\200\076 +\235\243\074\114\162\302\127\304\240\324\314\070\047\316\325\006 +\236\242\110\331\351\237\316\202\160\066\223\232\073\337\226\041 +\343\131\267\014\332\221\067\360\375\131\132\263\231\310\151\154 +\103\046\001\065\143\140\125\211\003\072\165\330\272\112\331\124 +\377\356\336\200\330\055\321\070\325\136\055\013\230\175\076\154 +\333\374\046\210\307 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for Certificate "Izenpe.com" +# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES +# Serial Number:00:b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d +# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES +# Not Valid Before: Thu Dec 13 13:08:28 2007 +# Not Valid After : Sun Dec 13 08:27:25 2037 +# Fingerprint (MD5): A6:B0:CD:85:80:DA:5C:50:34:A3:39:90:2F:55:67:73 +# Fingerprint (SHA1): 2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Microsec e-Szigno Root CA 2009" +CKA_LABEL UTF8 "Izenpe.com" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\211\337\164\376\134\364\017\112\200\371\343\067\175\124\332\221 -\341\001\061\216 +\057\170\075\045\122\030\247\112\145\071\161\265\054\242\234\105 +\025\157\351\031 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\370\111\364\003\274\104\055\203\276\110\151\175\051\144\374\261 +\246\260\315\205\200\332\134\120\064\243\071\220\057\125\147\163 END CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151 -\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006 -\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145 -\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040 -\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015 -\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147 -\156\157\056\150\165 +\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 +\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 +\111\172\145\156\160\145\056\143\157\155 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\302\176\103\004\116\107\077\031 +\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031 +\346\175 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "GlobalSign Root CA - R3" +# Certificate "Chambers of Commerce Root - 2008" # -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 -# Serial Number:04:00:00:00:00:01:21:58:53:08:a2 -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 -# Not Valid Before: Wed Mar 18 10:00:00 2009 -# Not Valid After : Sun Mar 18 10:00:00 2029 -# Fingerprint (MD5): C5:DF:B8:49:CA:05:13:55:EE:2D:BA:1A:C3:3E:B0:28 -# Fingerprint (SHA1): D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD +# Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU +# Serial Number:00:a3:da:42:7e:a4:b1:ae:da +# Subject: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU +# Not Valid Before: Fri Aug 01 12:29:50 2008 +# Not Valid After : Sat Jul 31 12:29:50 2038 +# Fingerprint (MD5): 5E:80:9E:84:5A:0E:65:0B:17:02:F3:55:18:2A:3E:D7 +# Fingerprint (SHA1): 78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign Root CA - R3" +CKA_LABEL UTF8 "Chambers of Commerce Root - 2008" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 +\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 +\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 +\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 +\070 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 +\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 +\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 +\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 +\070 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\041\130\123\010\242 +\002\011\000\243\332\102\176\244\261\256\332 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\137\060\202\002\107\240\003\002\001\002\002\013\004 -\000\000\000\000\001\041\130\123\010\242\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\060\114\061\040\060\036\006 -\003\125\004\013\023\027\107\154\157\142\141\154\123\151\147\156 -\040\122\157\157\164\040\103\101\040\055\040\122\063\061\023\060 -\021\006\003\125\004\012\023\012\107\154\157\142\141\154\123\151 -\147\156\061\023\060\021\006\003\125\004\003\023\012\107\154\157 -\142\141\154\123\151\147\156\060\036\027\015\060\071\060\063\061 -\070\061\060\060\060\060\060\132\027\015\062\071\060\063\061\070 -\061\060\060\060\060\060\132\060\114\061\040\060\036\006\003\125 -\004\013\023\027\107\154\157\142\141\154\123\151\147\156\040\122 -\157\157\164\040\103\101\040\055\040\122\063\061\023\060\021\006 -\003\125\004\012\023\012\107\154\157\142\141\154\123\151\147\156 -\061\023\060\021\006\003\125\004\003\023\012\107\154\157\142\141 -\154\123\151\147\156\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\314\045\166\220\171\006\170\042\026\365 -\300\203\266\204\312\050\236\375\005\166\021\305\255\210\162\374 -\106\002\103\307\262\212\235\004\137\044\313\056\113\341\140\202 -\106\341\122\253\014\201\107\160\154\335\144\321\353\365\054\243 -\017\202\075\014\053\256\227\327\266\024\206\020\171\273\073\023 -\200\167\214\010\341\111\322\152\142\057\037\136\372\226\150\337 -\211\047\225\070\237\006\327\076\311\313\046\131\015\163\336\260 -\310\351\046\016\203\025\306\357\133\213\322\004\140\312\111\246 -\050\366\151\073\366\313\310\050\221\345\235\212\141\127\067\254 -\164\024\334\164\340\072\356\162\057\056\234\373\320\273\277\365 -\075\000\341\006\063\350\202\053\256\123\246\072\026\163\214\335 -\101\016\040\072\300\264\247\241\351\262\117\220\056\062\140\351 -\127\313\271\004\222\150\150\345\070\046\140\165\262\237\167\377 -\221\024\357\256\040\111\374\255\100\025\110\321\002\061\141\031 -\136\270\227\357\255\167\267\144\232\172\277\137\301\023\357\233 -\142\373\015\154\340\124\151\026\251\003\332\156\351\203\223\161 -\166\306\151\205\202\027\002\003\001\000\001\243\102\060\100\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\035\006\003\125\035\016\004\026\004\024\217\360\113\177\250 -\056\105\044\256\115\120\372\143\232\213\336\342\335\033\274\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 -\001\001\000\113\100\333\300\120\252\376\310\014\357\367\226\124 -\105\111\273\226\000\011\101\254\263\023\206\206\050\007\063\312 -\153\346\164\271\272\000\055\256\244\012\323\365\361\361\017\212 -\277\163\147\112\203\307\104\173\170\340\257\156\154\157\003\051 -\216\063\071\105\303\216\344\271\127\154\252\374\022\226\354\123 -\306\055\344\044\154\271\224\143\373\334\123\150\147\126\076\203 -\270\317\065\041\303\311\150\376\316\332\302\123\252\314\220\212 -\351\360\135\106\214\225\335\172\130\050\032\057\035\336\315\000 -\067\101\217\355\104\155\327\123\050\227\176\363\147\004\036\025 -\327\212\226\264\323\336\114\047\244\114\033\163\163\166\364\027 -\231\302\037\172\016\343\055\010\255\012\034\054\377\074\253\125 -\016\017\221\176\066\353\303\127\111\276\341\056\055\174\140\213 -\303\101\121\023\043\235\316\367\062\153\224\001\250\231\347\054 -\063\037\072\073\045\322\206\100\316\073\054\206\170\311\141\057 -\024\272\356\333\125\157\337\204\356\005\011\115\275\050\330\162 -\316\323\142\120\145\036\353\222\227\203\061\331\263\265\312\107 -\130\077\137 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "GlobalSign Root CA - R3" -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 -# Serial Number:04:00:00:00:00:01:21:58:53:08:a2 -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 -# Not Valid Before: Wed Mar 18 10:00:00 2009 -# Not Valid After : Sun Mar 18 10:00:00 2029 -# Fingerprint (MD5): C5:DF:B8:49:CA:05:13:55:EE:2D:BA:1A:C3:3E:B0:28 -# Fingerprint (SHA1): D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD +\060\202\007\117\060\202\005\067\240\003\002\001\002\002\011\000 +\243\332\102\176\244\261\256\332\060\015\006\011\052\206\110\206 +\367\015\001\001\005\005\000\060\201\256\061\013\060\011\006\003 +\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007 +\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165 +\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164 +\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056 +\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020 +\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067 +\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141 +\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051\060 +\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162\163 +\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157 +\164\040\055\040\062\060\060\070\060\036\027\015\060\070\060\070 +\060\061\061\062\062\071\065\060\132\027\015\063\070\060\067\063 +\061\061\062\062\071\065\060\132\060\201\256\061\013\060\011\006 +\003\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004 +\007\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143 +\165\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141 +\164\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141 +\056\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060 +\020\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070 +\067\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103 +\141\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051 +\060\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162 +\163\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157 +\157\164\040\055\040\062\060\060\070\060\202\002\042\060\015\006 +\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017 +\000\060\202\002\012\002\202\002\001\000\257\000\313\160\067\053 +\200\132\112\072\154\170\224\175\243\177\032\037\366\065\325\275 +\333\313\015\104\162\076\046\262\220\122\272\143\073\050\130\157 +\245\263\155\224\246\363\335\144\014\125\366\366\347\362\042\042 +\200\136\341\142\306\266\051\341\201\154\362\277\345\175\062\152 +\124\240\062\031\131\376\037\213\327\075\140\206\205\044\157\343 +\021\263\167\076\040\226\065\041\153\263\010\331\160\056\144\367 +\204\222\123\326\016\260\220\212\212\343\207\215\006\323\275\220 +\016\342\231\241\033\206\016\332\232\012\273\013\141\120\006\122 +\361\236\177\166\354\313\017\320\036\015\317\231\060\075\034\304 +\105\020\130\254\326\323\350\327\345\352\305\001\007\167\326\121 +\346\003\177\212\110\245\115\150\165\271\351\274\236\116\031\161 +\365\062\113\234\155\140\031\013\373\314\235\165\334\277\046\315 +\217\223\170\071\171\163\136\045\016\312\134\353\167\022\007\313 +\144\101\107\162\223\253\120\303\353\011\166\144\064\322\071\267 +\166\021\011\015\166\105\304\251\256\075\152\257\265\175\145\057 +\224\130\020\354\134\174\257\176\342\266\030\331\320\233\116\132 +\111\337\251\146\013\314\074\306\170\174\247\234\035\343\316\216 +\123\276\005\336\140\017\153\345\032\333\077\343\341\041\311\051 +\301\361\353\007\234\122\033\001\104\121\074\173\045\327\304\345 +\122\124\135\045\007\312\026\040\270\255\344\101\356\172\010\376 +\231\157\203\246\221\002\260\154\066\125\152\347\175\365\226\346 +\312\201\326\227\361\224\203\351\355\260\261\153\022\151\036\254 +\373\135\251\305\230\351\264\133\130\172\276\075\242\104\072\143 +\131\324\013\045\336\033\117\275\345\001\236\315\322\051\325\237 +\027\031\012\157\277\014\220\323\011\137\331\343\212\065\314\171 +\132\115\031\067\222\267\304\301\255\257\364\171\044\232\262\001 +\013\261\257\134\226\363\200\062\373\134\075\230\361\240\077\112 +\336\276\257\224\056\331\125\232\027\156\140\235\143\154\270\143 +\311\256\201\134\030\065\340\220\273\276\074\117\067\042\271\176 +\353\317\236\167\041\246\075\070\201\373\110\332\061\075\053\343 +\211\365\320\265\275\176\340\120\304\022\211\263\043\232\020\061 +\205\333\256\157\357\070\063\030\166\021\002\003\001\000\001\243 +\202\001\154\060\202\001\150\060\022\006\003\125\035\023\001\001 +\377\004\010\060\006\001\001\377\002\001\014\060\035\006\003\125 +\035\016\004\026\004\024\371\044\254\017\262\265\370\171\300\372 +\140\210\033\304\331\115\002\236\027\031\060\201\343\006\003\125 +\035\043\004\201\333\060\201\330\200\024\371\044\254\017\262\265 +\370\171\300\372\140\210\033\304\331\115\002\236\027\031\241\201 +\264\244\201\261\060\201\256\061\013\060\011\006\003\125\004\006 +\023\002\105\125\061\103\060\101\006\003\125\004\007\023\072\115 +\141\144\162\151\144\040\050\163\145\145\040\143\165\162\162\145 +\156\164\040\141\144\144\162\145\163\163\040\141\164\040\167\167 +\167\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155 +\057\141\144\144\162\145\163\163\051\061\022\060\020\006\003\125 +\004\005\023\011\101\070\062\067\064\063\062\070\067\061\033\060 +\031\006\003\125\004\012\023\022\101\103\040\103\141\155\145\162 +\146\151\162\155\141\040\123\056\101\056\061\051\060\047\006\003 +\125\004\003\023\040\103\150\141\155\142\145\162\163\040\157\146 +\040\103\157\155\155\145\162\143\145\040\122\157\157\164\040\055 +\040\062\060\060\070\202\011\000\243\332\102\176\244\261\256\332 +\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 +\060\075\006\003\125\035\040\004\066\060\064\060\062\006\004\125 +\035\040\000\060\052\060\050\006\010\053\006\001\005\005\007\002 +\001\026\034\150\164\164\160\072\057\057\160\157\154\151\143\171 +\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155\060 +\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 +\002\001\000\220\022\257\042\065\302\243\071\360\056\336\351\265 +\351\170\174\110\276\077\175\105\222\136\351\332\261\031\374\026 +\074\237\264\133\146\236\152\347\303\271\135\210\350\017\255\317 +\043\017\336\045\072\136\314\117\245\301\265\055\254\044\322\130 +\007\336\242\317\151\204\140\063\350\020\015\023\251\043\320\205 +\345\216\173\246\236\075\162\023\162\063\365\252\175\306\143\037 +\010\364\376\001\177\044\317\053\054\124\011\336\342\053\155\222 +\306\071\117\026\352\074\176\172\106\324\105\152\106\250\353\165 +\202\126\247\253\240\174\150\023\063\366\235\060\360\157\047\071 +\044\043\052\220\375\220\051\065\362\223\337\064\245\306\367\370 +\357\214\017\142\112\174\256\323\365\124\370\215\266\232\126\207 +\026\202\072\063\253\132\042\010\367\202\272\352\056\340\107\232 +\264\265\105\243\005\073\331\334\056\105\100\073\352\334\177\350 +\073\353\321\354\046\330\065\244\060\305\072\254\127\236\263\166 +\245\040\173\371\036\112\005\142\001\246\050\165\140\227\222\015 +\156\076\115\067\103\015\222\025\234\030\042\315\121\231\240\051 +\032\074\137\212\062\063\133\060\307\211\057\107\230\017\243\003 +\306\366\361\254\337\062\360\331\201\032\344\234\275\366\200\024 +\360\321\054\271\205\365\330\243\261\310\245\041\345\034\023\227 +\356\016\275\337\051\251\357\064\123\133\323\344\152\023\204\006 +\266\062\002\304\122\256\042\322\334\262\041\102\032\332\100\360 +\051\311\354\012\014\134\342\320\272\314\110\323\067\012\314\022 +\012\212\171\260\075\003\177\151\113\364\064\040\175\263\064\352 +\216\113\144\365\076\375\263\043\147\025\015\004\270\360\055\301 +\011\121\074\262\154\025\360\245\043\327\203\164\344\345\056\311 +\376\230\047\102\306\253\306\236\260\320\133\070\245\233\120\336 +\176\030\230\265\105\073\366\171\264\350\367\032\173\006\203\373 +\320\213\332\273\307\275\030\253\010\157\074\200\153\100\077\031 +\031\272\145\212\346\276\325\134\323\066\327\357\100\122\044\140 +\070\147\004\061\354\217\363\202\306\336\271\125\363\073\061\221 +\132\334\265\010\025\255\166\045\012\015\173\056\207\342\014\246 +\006\274\046\020\155\067\235\354\335\170\214\174\200\305\360\331 +\167\110\320 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for Certificate "Chambers of Commerce Root - 2008" +# Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU +# Serial Number:00:a3:da:42:7e:a4:b1:ae:da +# Subject: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU +# Not Valid Before: Fri Aug 01 12:29:50 2008 +# Not Valid After : Sat Jul 31 12:29:50 2038 +# Fingerprint (MD5): 5E:80:9E:84:5A:0E:65:0B:17:02:F3:55:18:2A:3E:D7 +# Fingerprint (SHA1): 78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign Root CA - R3" +CKA_LABEL UTF8 "Chambers of Commerce Root - 2008" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\326\233\126\021\110\360\034\167\305\105\170\301\011\046\337\133 -\205\151\166\255 +\170\152\164\254\166\253\024\177\234\152\060\120\272\236\250\176 +\376\232\316\074 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\305\337\270\111\312\005\023\125\356\055\272\032\303\076\260\050 +\136\200\236\204\132\016\145\013\027\002\363\125\030\052\076\327 END CKA_ISSUER MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 +\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 +\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 +\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 +\070 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\041\130\123\010\242 +\002\011\000\243\332\102\176\244\261\256\332 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -9859,173 +9481,209 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" +# Certificate "Global Chambersign Root - 2008" # -# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES -# Serial Number:53:ec:3b:ee:fb:b2:48:5f -# Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES -# Not Valid Before: Wed May 20 08:38:15 2009 -# Not Valid After : Tue Dec 31 08:38:15 2030 -# Fingerprint (MD5): 73:3A:74:7A:EC:BB:A3:96:A6:C2:E4:E2:C8:9B:C0:C3 -# Fingerprint (SHA1): AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA +# Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU +# Serial Number:00:c9:cd:d3:e9:d5:7d:23:ce +# Subject: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU +# Not Valid Before: Fri Aug 01 12:31:40 2008 +# Not Valid After : Sat Jul 31 12:31:40 2038 +# Fingerprint (MD5): 9E:80:FF:78:01:0C:2E:C1:36:BD:FE:96:90:6E:08:F3 +# Fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Autoridad de Certificacion Firmaprofesional CIF A62634068" +CKA_LABEL UTF8 "Global Chambersign Root - 2008" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 -\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 -\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 -\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 -\060\066\070 +\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 +\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 +\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 -\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 -\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 -\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 -\060\066\070 +\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 +\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 +\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\123\354\073\356\373\262\110\137 +\002\011\000\311\315\323\351\325\175\043\316 END CKA_VALUE MULTILINE_OCTAL -\060\202\006\024\060\202\003\374\240\003\002\001\002\002\010\123 -\354\073\356\373\262\110\137\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\060\121\061\013\060\011\006\003\125\004 -\006\023\002\105\123\061\102\060\100\006\003\125\004\003\014\071 -\101\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162 -\164\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141 -\160\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040 -\101\066\062\066\063\064\060\066\070\060\036\027\015\060\071\060 -\065\062\060\060\070\063\070\061\065\132\027\015\063\060\061\062 -\063\061\060\070\063\070\061\065\132\060\121\061\013\060\011\006 -\003\125\004\006\023\002\105\123\061\102\060\100\006\003\125\004 -\003\014\071\101\165\164\157\162\151\144\141\144\040\144\145\040 -\103\145\162\164\151\146\151\143\141\143\151\157\156\040\106\151 -\162\155\141\160\162\157\146\145\163\151\157\156\141\154\040\103 -\111\106\040\101\066\062\066\063\064\060\066\070\060\202\002\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\002\017\000\060\202\002\012\002\202\002\001\000\312\226\153 -\216\352\370\373\361\242\065\340\177\114\332\340\303\122\327\175 -\266\020\310\002\136\263\103\052\304\117\152\262\312\034\135\050 -\232\170\021\032\151\131\127\257\265\040\102\344\213\017\346\337 -\133\246\003\222\057\365\021\344\142\327\062\161\070\331\004\014 -\161\253\075\121\176\017\007\337\143\005\134\351\277\224\157\301 -\051\202\300\264\332\121\260\301\074\273\255\067\112\134\312\361 -\113\066\016\044\253\277\303\204\167\375\250\120\364\261\347\306 -\057\322\055\131\215\172\012\116\226\151\122\002\252\066\230\354 -\374\372\024\203\014\067\037\311\222\067\177\327\201\055\345\304 -\271\340\076\064\376\147\364\076\146\321\323\364\100\317\136\142 -\064\017\160\006\076\040\030\132\316\367\162\033\045\154\223\164 -\024\223\243\163\261\016\252\207\020\043\131\137\040\005\031\107 -\355\150\216\222\022\312\135\374\326\053\262\222\074\040\317\341 -\137\257\040\276\240\166\177\166\345\354\032\206\141\063\076\347 -\173\264\077\240\017\216\242\271\152\157\271\207\046\157\101\154 -\210\246\120\375\152\143\013\365\223\026\033\031\217\262\355\233 -\233\311\220\365\001\014\337\031\075\017\076\070\043\311\057\217 -\014\321\002\376\033\125\326\116\320\215\074\257\117\244\363\376 -\257\052\323\005\235\171\010\241\313\127\061\264\234\310\220\262 -\147\364\030\026\223\072\374\107\330\321\170\226\061\037\272\053 -\014\137\135\231\255\143\211\132\044\040\166\330\337\375\253\116 -\246\042\252\235\136\346\047\212\175\150\051\243\347\212\270\332 -\021\273\027\055\231\235\023\044\106\367\305\342\330\237\216\177 -\307\217\164\155\132\262\350\162\365\254\356\044\020\255\057\024 -\332\377\055\232\106\161\107\276\102\337\273\001\333\364\177\323 -\050\217\061\131\133\323\311\002\246\264\122\312\156\227\373\103 -\305\010\046\157\212\364\273\375\237\050\252\015\325\105\363\023 -\072\035\330\300\170\217\101\147\074\036\224\144\256\173\013\305 -\350\331\001\210\071\032\227\206\144\101\325\073\207\014\156\372 -\017\306\275\110\024\277\071\115\324\236\101\266\217\226\035\143 -\226\223\331\225\006\170\061\150\236\067\006\073\200\211\105\141 -\071\043\307\033\104\243\025\345\034\370\222\060\273\002\003\001 -\000\001\243\201\357\060\201\354\060\022\006\003\125\035\023\001 -\001\377\004\010\060\006\001\001\377\002\001\001\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 -\125\035\016\004\026\004\024\145\315\353\253\065\036\000\076\176 -\325\164\300\034\264\163\107\016\032\144\057\060\201\246\006\003 -\125\035\040\004\201\236\060\201\233\060\201\230\006\004\125\035 -\040\000\060\201\217\060\057\006\010\053\006\001\005\005\007\002 -\001\026\043\150\164\164\160\072\057\057\167\167\167\056\146\151 -\162\155\141\160\162\157\146\145\163\151\157\156\141\154\056\143 -\157\155\057\143\160\163\060\134\006\010\053\006\001\005\005\007 -\002\002\060\120\036\116\000\120\000\141\000\163\000\145\000\157 -\000\040\000\144\000\145\000\040\000\154\000\141\000\040\000\102 -\000\157\000\156\000\141\000\156\000\157\000\166\000\141\000\040 -\000\064\000\067\000\040\000\102\000\141\000\162\000\143\000\145 -\000\154\000\157\000\156\000\141\000\040\000\060\000\070\000\060 -\000\061\000\067\060\015\006\011\052\206\110\206\367\015\001\001 -\005\005\000\003\202\002\001\000\027\175\240\371\264\335\305\305 -\353\255\113\044\265\241\002\253\335\245\210\112\262\017\125\113 -\053\127\214\073\345\061\335\376\304\062\361\347\133\144\226\066 -\062\030\354\245\062\167\327\343\104\266\300\021\052\200\271\075 -\152\156\174\233\323\255\374\303\326\243\346\144\051\174\321\341 -\070\036\202\053\377\047\145\257\373\026\025\304\056\161\204\345 -\265\377\372\244\107\275\144\062\273\366\045\204\242\047\102\365 -\040\260\302\023\020\021\315\020\025\272\102\220\052\322\104\341 -\226\046\353\061\110\022\375\052\332\311\006\317\164\036\251\113 -\325\207\050\371\171\064\222\076\056\104\350\366\217\117\217\065 -\077\045\263\071\334\143\052\220\153\040\137\304\122\022\116\227 -\054\052\254\235\227\336\110\362\243\146\333\302\322\203\225\246 -\146\247\236\045\017\351\013\063\221\145\012\132\303\331\124\022 -\335\257\303\116\016\037\046\136\015\334\263\215\354\325\201\160 -\336\322\117\044\005\363\154\116\365\114\111\146\215\321\377\322 -\013\045\101\110\376\121\204\306\102\257\200\004\317\320\176\144 -\111\344\362\337\242\354\261\114\300\052\035\347\264\261\145\242 -\304\274\361\230\364\252\160\007\143\264\270\332\073\114\372\100 -\042\060\133\021\246\360\005\016\306\002\003\110\253\206\233\205 -\335\333\335\352\242\166\200\163\175\365\234\004\304\105\215\347 -\271\034\213\236\352\327\165\321\162\261\336\165\104\347\102\175 -\342\127\153\175\334\231\274\075\203\050\352\200\223\215\305\114 -\145\301\160\201\270\070\374\103\061\262\366\003\064\107\262\254 -\373\042\006\313\036\335\027\107\034\137\146\271\323\032\242\332 -\021\261\244\274\043\311\344\276\207\377\271\224\266\370\135\040 -\112\324\137\347\275\150\173\145\362\025\036\322\072\251\055\351 -\330\153\044\254\227\130\104\107\255\131\030\361\041\145\160\336 -\316\064\140\250\100\361\363\074\244\303\050\043\214\376\047\063 -\103\100\240\027\074\353\352\073\260\162\246\243\271\112\113\136 -\026\110\364\262\274\310\214\222\305\235\237\254\162\066\274\064 -\200\064\153\251\213\222\300\270\027\355\354\166\123\365\044\001 -\214\263\042\350\113\174\125\306\235\372\243\024\273\145\205\156 -\156\117\022\176\012\074\235\225 +\060\202\007\111\060\202\005\061\240\003\002\001\002\002\011\000 +\311\315\323\351\325\175\043\316\060\015\006\011\052\206\110\206 +\367\015\001\001\005\005\000\060\201\254\061\013\060\011\006\003 +\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007 +\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165 +\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164 +\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056 +\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020 +\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067 +\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141 +\155\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060 +\045\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103 +\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040 +\055\040\062\060\060\070\060\036\027\015\060\070\060\070\060\061 +\061\062\063\061\064\060\132\027\015\063\070\060\067\063\061\061 +\062\063\061\064\060\132\060\201\254\061\013\060\011\006\003\125 +\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007\023 +\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165\162 +\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164\040 +\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056\143 +\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020\006 +\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067\061 +\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141\155 +\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060\045 +\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103\150 +\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040\055 +\040\062\060\060\070\060\202\002\042\060\015\006\011\052\206\110 +\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002 +\012\002\202\002\001\000\300\337\126\323\344\072\233\166\105\264 +\023\333\377\301\266\031\213\067\101\030\225\122\107\353\027\235 +\051\210\216\065\154\006\062\056\107\142\363\111\004\277\175\104 +\066\261\161\314\275\132\011\163\325\331\205\104\377\221\127\045 +\337\136\066\216\160\321\134\161\103\035\331\332\357\134\322\373 +\033\275\072\265\313\255\243\314\104\247\015\256\041\025\077\271 +\172\133\222\165\330\244\022\070\211\031\212\267\200\322\342\062 +\157\126\234\221\326\210\020\013\263\164\144\222\164\140\363\366 +\317\030\117\140\262\043\320\307\073\316\141\113\231\217\302\014 +\320\100\262\230\334\015\250\116\243\271\012\256\140\240\255\105 +\122\143\272\146\275\150\340\371\276\032\250\201\273\036\101\170 +\165\323\301\376\000\125\260\207\124\350\047\220\065\035\114\063 +\255\227\374\227\056\230\204\277\054\311\243\277\321\230\021\024 +\355\143\370\312\230\210\130\027\231\355\105\003\227\176\074\206 +\036\210\214\276\362\221\204\217\145\064\330\000\114\175\267\061 +\027\132\051\172\012\030\044\060\243\067\265\172\251\001\175\046 +\326\371\016\216\131\361\375\033\063\265\051\073\027\073\101\266 +\041\335\324\300\075\245\237\237\037\103\120\311\273\274\154\172 +\227\230\356\315\214\037\373\234\121\256\213\160\275\047\237\161 +\300\153\254\175\220\146\350\327\135\072\015\260\325\302\215\325 +\310\235\235\301\155\320\320\277\121\344\343\370\303\070\066\256 +\326\247\165\346\257\204\103\135\223\222\014\152\007\336\073\035 +\230\042\326\254\301\065\333\243\240\045\377\162\265\166\035\336 +\155\351\054\146\054\122\204\320\105\222\316\034\345\345\063\035 +\334\007\123\124\243\252\202\073\232\067\057\334\335\240\144\351 +\346\335\275\256\374\144\205\035\074\247\311\006\336\204\377\153 +\350\153\032\074\305\242\263\102\373\213\011\076\137\010\122\307 +\142\304\324\005\161\277\304\144\344\370\241\203\350\076\022\233 +\250\036\324\066\115\057\161\366\215\050\366\203\251\023\322\141 +\301\221\273\110\300\064\217\101\214\113\114\333\151\022\377\120 +\224\234\040\203\131\163\355\174\241\362\361\375\335\367\111\323 +\103\130\240\126\143\312\075\075\345\065\126\131\351\016\312\040 +\314\053\113\223\051\017\002\003\001\000\001\243\202\001\152\060 +\202\001\146\060\022\006\003\125\035\023\001\001\377\004\010\060 +\006\001\001\377\002\001\014\060\035\006\003\125\035\016\004\026 +\004\024\271\011\312\234\036\333\323\154\072\153\256\355\124\361 +\133\223\006\065\056\136\060\201\341\006\003\125\035\043\004\201 +\331\060\201\326\200\024\271\011\312\234\036\333\323\154\072\153 +\256\355\124\361\133\223\006\065\056\136\241\201\262\244\201\257 +\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 +\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 +\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070\202 +\011\000\311\315\323\351\325\175\043\316\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\075\006\003\125\035 +\040\004\066\060\064\060\062\006\004\125\035\040\000\060\052\060 +\050\006\010\053\006\001\005\005\007\002\001\026\034\150\164\164 +\160\072\057\057\160\157\154\151\143\171\056\143\141\155\145\162 +\146\151\162\155\141\056\143\157\155\060\015\006\011\052\206\110 +\206\367\015\001\001\005\005\000\003\202\002\001\000\200\210\177 +\160\336\222\050\331\005\224\106\377\220\127\251\361\057\337\032 +\015\153\372\174\016\034\111\044\171\047\330\106\252\157\051\131 +\122\210\160\022\352\335\075\365\233\123\124\157\341\140\242\250 +\011\271\354\353\131\174\306\065\361\334\030\351\361\147\345\257 +\272\105\340\011\336\312\104\017\302\027\016\167\221\105\172\063 +\137\137\226\054\150\213\301\107\217\230\233\075\300\354\313\365 +\325\202\222\204\065\321\276\066\070\126\162\061\133\107\055\252 +\027\244\143\121\353\012\001\255\177\354\165\236\313\241\037\361 +\177\022\261\271\344\144\177\147\326\043\052\364\270\071\135\230 +\350\041\247\341\275\075\102\032\164\232\160\257\150\154\120\135 +\111\317\377\373\016\135\346\054\107\327\201\072\131\000\265\163 +\153\143\040\366\061\105\010\071\016\364\160\176\100\160\132\077 +\320\153\102\251\164\075\050\057\002\155\165\162\225\011\215\110 +\143\306\306\043\127\222\223\136\065\301\215\371\012\367\054\235 +\142\034\366\255\174\335\246\061\036\266\261\307\176\205\046\372 +\244\152\265\332\143\060\321\357\223\067\262\146\057\175\005\367 +\347\267\113\230\224\065\300\331\072\051\301\235\262\120\063\035 +\112\251\132\246\311\003\357\355\364\347\250\156\212\264\127\204 +\353\244\077\320\356\252\252\207\133\143\350\223\342\153\250\324 +\270\162\170\153\033\355\071\344\135\313\233\252\207\325\117\116 +\000\376\331\152\237\074\061\017\050\002\001\175\230\350\247\260 +\242\144\236\171\370\110\362\025\251\314\346\310\104\353\077\170 +\231\362\173\161\076\074\361\230\247\305\030\022\077\346\273\050 +\063\102\351\105\012\174\155\362\206\171\057\305\202\031\175\011 +\211\174\262\124\166\210\256\336\301\363\314\341\156\333\061\326 +\223\256\231\240\357\045\152\163\230\211\133\072\056\023\210\036 +\277\300\222\224\064\033\343\047\267\213\036\157\102\377\347\351 +\067\233\120\035\055\242\371\002\356\313\130\130\072\161\274\150 +\343\252\301\257\034\050\037\242\334\043\145\077\201\352\256\231 +\323\330\060\317\023\015\117\025\311\204\274\247\110\055\370\060 +\043\167\330\106\113\171\155\366\214\355\072\177\140\021\170\364 +\351\233\256\325\124\300\164\200\321\013\102\237\301 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" -# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES -# Serial Number:53:ec:3b:ee:fb:b2:48:5f -# Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES -# Not Valid Before: Wed May 20 08:38:15 2009 -# Not Valid After : Tue Dec 31 08:38:15 2030 -# Fingerprint (MD5): 73:3A:74:7A:EC:BB:A3:96:A6:C2:E4:E2:C8:9B:C0:C3 -# Fingerprint (SHA1): AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA +# Trust for Certificate "Global Chambersign Root - 2008" +# Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU +# Serial Number:00:c9:cd:d3:e9:d5:7d:23:ce +# Subject: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU +# Not Valid Before: Fri Aug 01 12:31:40 2008 +# Not Valid After : Sat Jul 31 12:31:40 2038 +# Fingerprint (MD5): 9E:80:FF:78:01:0C:2E:C1:36:BD:FE:96:90:6E:08:F3 +# Fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Autoridad de Certificacion Firmaprofesional CIF A62634068" +CKA_LABEL UTF8 "Global Chambersign Root - 2008" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\256\305\373\077\310\341\277\304\345\117\003\007\132\232\350\000 -\267\367\266\372 +\112\275\356\354\225\015\065\234\211\256\307\122\241\054\133\051 +\366\326\252\014 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\163\072\164\172\354\273\243\226\246\302\344\342\310\233\300\303 +\236\200\377\170\001\014\056\301\066\275\376\226\220\156\010\363 END CKA_ISSUER MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 -\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 -\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 -\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 -\060\066\070 +\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 +\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 +\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\123\354\073\356\373\262\110\137 +\002\011\000\311\315\323\351\325\175\043\316 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -10033,167 +9691,147 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Izenpe.com" +# Certificate "Go Daddy Root Certificate Authority - G2" # -# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Serial Number:00:b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d -# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Not Valid Before: Thu Dec 13 13:08:28 2007 -# Not Valid After : Sun Dec 13 08:27:25 2037 -# Fingerprint (MD5): A6:B0:CD:85:80:DA:5C:50:34:A3:39:90:2F:55:67:73 -# Fingerprint (SHA1): 2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 +# Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US +# Serial Number: 0 (0x0) +# Subject: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US +# Not Valid Before: Tue Sep 01 00:00:00 2009 +# Not Valid After : Thu Dec 31 23:59:59 2037 +# Fingerprint (MD5): 80:3A:BC:22:C1:E6:FB:8D:9B:3B:27:4A:32:1B:9A:01 +# Fingerprint (SHA1): 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Izenpe.com" +CKA_LABEL UTF8 "Go Daddy Root Certificate Authority - G2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 -\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 -\111\172\145\156\160\145\056\143\157\155 +\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 +\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 +\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012 +\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111 +\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157 +\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164 +\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164 +\171\040\055\040\107\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 -\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 -\111\172\145\156\160\145\056\143\157\155 +\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 +\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 +\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012 +\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111 +\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157 +\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164 +\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164 +\171\040\055\040\107\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031 -\346\175 +\002\001\000 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\361\060\202\003\331\240\003\002\001\002\002\020\000 -\260\267\132\026\110\137\277\341\313\365\213\327\031\346\175\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\070 -\061\013\060\011\006\003\125\004\006\023\002\105\123\061\024\060 -\022\006\003\125\004\012\014\013\111\132\105\116\120\105\040\123 -\056\101\056\061\023\060\021\006\003\125\004\003\014\012\111\172 -\145\156\160\145\056\143\157\155\060\036\027\015\060\067\061\062 -\061\063\061\063\060\070\062\070\132\027\015\063\067\061\062\061 -\063\060\070\062\067\062\065\132\060\070\061\013\060\011\006\003 -\125\004\006\023\002\105\123\061\024\060\022\006\003\125\004\012 -\014\013\111\132\105\116\120\105\040\123\056\101\056\061\023\060 -\021\006\003\125\004\003\014\012\111\172\145\156\160\145\056\143 -\157\155\060\202\002\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 -\002\001\000\311\323\172\312\017\036\254\247\206\350\026\145\152 -\261\302\033\105\062\161\225\331\376\020\133\314\257\347\245\171 -\001\217\211\303\312\362\125\161\367\167\276\167\224\363\162\244 -\054\104\330\236\222\233\024\072\241\347\044\220\012\012\126\216 -\305\330\046\224\341\331\110\341\055\076\332\012\162\335\243\231 -\025\332\201\242\207\364\173\156\046\167\211\130\255\326\353\014 -\262\101\172\163\156\155\333\172\170\101\351\010\210\022\176\207 -\056\146\021\143\154\124\373\074\235\162\300\274\056\377\302\267 -\335\015\166\343\072\327\367\264\150\276\242\365\343\201\156\301 -\106\157\135\215\340\115\306\124\125\211\032\063\061\012\261\127 -\271\243\212\230\303\354\073\064\305\225\101\151\176\165\302\074 -\040\305\141\272\121\107\240\040\220\223\241\220\113\363\116\174 -\205\105\124\232\321\005\046\101\260\265\115\035\063\276\304\003 -\310\045\174\301\160\333\073\364\011\055\124\047\110\254\057\341 -\304\254\076\310\313\222\114\123\071\067\043\354\323\001\371\340 -\011\104\115\115\144\300\341\015\132\207\042\274\255\033\243\376 -\046\265\025\363\247\374\204\031\351\354\241\210\264\104\151\204 -\203\363\211\321\164\006\251\314\013\326\302\336\047\205\120\046 -\312\027\270\311\172\207\126\054\032\001\036\154\276\023\255\020 -\254\265\044\365\070\221\241\326\113\332\361\273\322\336\107\265 -\361\274\201\366\131\153\317\031\123\351\215\025\313\112\313\251 -\157\104\345\033\101\317\341\206\247\312\320\152\237\274\114\215 -\006\063\132\242\205\345\220\065\240\142\134\026\116\360\343\242 -\372\003\032\264\054\161\263\130\054\336\173\013\333\032\017\353 -\336\041\037\006\167\006\003\260\311\357\231\374\300\271\117\013 -\206\050\376\322\271\352\343\332\245\303\107\151\022\340\333\360 -\366\031\213\355\173\160\327\002\326\355\207\030\050\054\004\044 -\114\167\344\110\212\032\306\073\232\324\017\312\372\165\322\001 -\100\132\215\171\277\213\317\113\317\252\026\301\225\344\255\114 -\212\076\027\221\324\261\142\345\202\345\200\004\244\003\176\215 -\277\332\177\242\017\227\117\014\323\015\373\327\321\345\162\176 -\034\310\167\377\133\232\017\267\256\005\106\345\361\250\026\354 -\107\244\027\002\003\001\000\001\243\201\366\060\201\363\060\201 -\260\006\003\125\035\021\004\201\250\060\201\245\201\017\151\156 -\146\157\100\151\172\145\156\160\145\056\143\157\155\244\201\221 -\060\201\216\061\107\060\105\006\003\125\004\012\014\076\111\132 -\105\116\120\105\040\123\056\101\056\040\055\040\103\111\106\040 -\101\060\061\063\063\067\062\066\060\055\122\115\145\162\143\056 -\126\151\164\157\162\151\141\055\107\141\163\164\145\151\172\040 -\124\061\060\065\065\040\106\066\062\040\123\070\061\103\060\101 -\006\003\125\004\011\014\072\101\166\144\141\040\144\145\154\040 -\115\145\144\151\164\145\162\162\141\156\145\157\040\105\164\157 -\162\142\151\144\145\141\040\061\064\040\055\040\060\061\060\061 -\060\040\126\151\164\157\162\151\141\055\107\141\163\164\145\151 -\172\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\006\060\035\006\003\125\035\016\004\026\004\024\035\034\145 -\016\250\362\045\173\264\221\317\344\261\261\346\275\125\164\154 -\005\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 -\003\202\002\001\000\170\246\014\026\112\237\114\210\072\300\313 -\016\245\026\175\237\271\110\137\030\217\015\142\066\366\315\031 -\153\254\253\325\366\221\175\256\161\363\077\263\016\170\205\233 -\225\244\047\041\107\102\112\174\110\072\365\105\174\263\014\216 -\121\170\254\225\023\336\306\375\175\270\032\220\114\253\222\003 -\307\355\102\001\316\017\330\261\372\242\222\341\140\155\256\172 -\153\011\252\306\051\356\150\111\147\060\200\044\172\061\026\071 -\133\176\361\034\056\335\154\011\255\362\061\301\202\116\271\273 -\371\276\277\052\205\077\300\100\243\072\131\374\131\113\074\050 -\044\333\264\025\165\256\015\210\272\056\163\300\275\130\207\345 -\102\362\353\136\356\036\060\042\231\313\067\321\304\041\154\201 -\354\276\155\046\346\034\344\102\040\236\107\260\254\203\131\160 -\054\065\326\257\066\064\264\315\073\370\062\250\357\343\170\211 -\373\215\105\054\332\234\270\176\100\034\141\347\076\242\222\054 -\113\362\315\372\230\266\051\377\363\362\173\251\037\056\240\223 -\127\053\336\205\003\371\151\067\313\236\170\152\005\264\305\061 -\170\211\354\172\247\205\341\271\173\074\336\276\036\171\204\316 -\237\160\016\131\302\065\056\220\052\061\331\344\105\172\101\244 -\056\023\233\064\016\146\173\111\253\144\227\320\106\303\171\235 -\162\120\143\246\230\133\006\275\110\155\330\071\203\160\350\065 -\360\005\321\252\274\343\333\310\002\352\174\375\202\332\302\133 -\122\065\256\230\072\255\272\065\223\043\247\037\110\335\065\106 -\230\262\020\150\344\245\061\302\012\130\056\031\201\020\311\120 -\165\374\352\132\026\316\021\327\356\357\120\210\055\141\377\077 -\102\163\005\224\103\325\216\074\116\001\072\031\245\037\106\116 -\167\320\135\345\201\042\041\207\376\224\175\204\330\223\255\326 -\150\103\110\262\333\353\163\044\347\221\177\124\244\266\200\076 -\235\243\074\114\162\302\127\304\240\324\314\070\047\316\325\006 -\236\242\110\331\351\237\316\202\160\066\223\232\073\337\226\041 -\343\131\267\014\332\221\067\360\375\131\132\263\231\310\151\154 -\103\046\001\065\143\140\125\211\003\072\165\330\272\112\331\124 -\377\356\336\200\330\055\321\070\325\136\055\013\230\175\076\154 -\333\374\046\210\307 +\060\202\003\305\060\202\002\255\240\003\002\001\002\002\001\000 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157\156 +\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157\164 +\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012\023 +\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111\156 +\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157\040 +\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164\151 +\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171 +\040\055\040\107\062\060\036\027\015\060\071\060\071\060\061\060 +\060\060\060\060\060\132\027\015\063\067\061\062\063\061\062\063 +\065\071\065\071\132\060\201\203\061\013\060\011\006\003\125\004 +\006\023\002\125\123\061\020\060\016\006\003\125\004\010\023\007 +\101\162\151\172\157\156\141\061\023\060\021\006\003\125\004\007 +\023\012\123\143\157\164\164\163\144\141\154\145\061\032\060\030 +\006\003\125\004\012\023\021\107\157\104\141\144\144\171\056\143 +\157\155\054\040\111\156\143\056\061\061\060\057\006\003\125\004 +\003\023\050\107\157\040\104\141\144\144\171\040\122\157\157\164 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\040\055\040\107\062\060\202\001\042\060 +\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202 +\001\017\000\060\202\001\012\002\202\001\001\000\277\161\142\010 +\361\372\131\064\367\033\311\030\243\367\200\111\130\351\042\203 +\023\246\305\040\103\001\073\204\361\346\205\111\237\047\352\366 +\204\033\116\240\264\333\160\230\307\062\001\261\005\076\007\116 +\356\364\372\117\057\131\060\042\347\253\031\126\153\342\200\007 +\374\363\026\165\200\071\121\173\345\371\065\266\164\116\251\215 +\202\023\344\266\077\251\003\203\372\242\276\212\025\152\177\336 +\013\303\266\031\024\005\312\352\303\250\004\224\073\106\174\062 +\015\363\000\146\042\310\215\151\155\066\214\021\030\267\323\262 +\034\140\264\070\372\002\214\316\323\335\106\007\336\012\076\353 +\135\174\310\174\373\260\053\123\244\222\142\151\121\045\005\141 +\032\104\201\214\054\251\103\226\043\337\254\072\201\232\016\051 +\305\034\251\351\135\036\266\236\236\060\012\071\316\361\210\200 +\373\113\135\314\062\354\205\142\103\045\064\002\126\047\001\221 +\264\073\160\052\077\156\261\350\234\210\001\175\237\324\371\333 +\123\155\140\235\277\054\347\130\253\270\137\106\374\316\304\033 +\003\074\011\353\111\061\134\151\106\263\340\107\002\003\001\000 +\001\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 +\024\072\232\205\007\020\147\050\266\357\366\275\005\101\156\040 +\301\224\332\017\336\060\015\006\011\052\206\110\206\367\015\001 +\001\013\005\000\003\202\001\001\000\231\333\135\171\325\371\227 +\131\147\003\141\361\176\073\006\061\165\055\241\040\216\117\145 +\207\264\367\246\234\274\330\351\057\320\333\132\356\317\164\214 +\163\264\070\102\332\005\173\370\002\165\270\375\245\261\327\256 +\366\327\336\023\313\123\020\176\212\106\321\227\372\267\056\053 +\021\253\220\260\047\200\371\350\237\132\351\067\237\253\344\337 +\154\263\205\027\235\075\331\044\117\171\221\065\326\137\004\353 +\200\203\253\232\002\055\265\020\364\330\220\307\004\163\100\355 +\162\045\240\251\237\354\236\253\150\022\231\127\306\217\022\072 +\011\244\275\104\375\006\025\067\301\233\344\062\243\355\070\350 +\330\144\363\054\176\024\374\002\352\237\315\377\007\150\027\333 +\042\220\070\055\172\215\321\124\361\151\343\137\063\312\172\075 +\173\012\343\312\177\137\071\345\342\165\272\305\166\030\063\316 +\054\360\057\114\255\367\261\347\316\117\250\304\233\112\124\006 +\305\177\175\325\010\017\342\034\376\176\027\270\254\136\366\324 +\026\262\103\011\014\115\366\247\153\264\231\204\145\312\172\210 +\342\342\104\276\134\367\352\034\365 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for Certificate "Izenpe.com" -# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Serial Number:00:b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d -# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Not Valid Before: Thu Dec 13 13:08:28 2007 -# Not Valid After : Sun Dec 13 08:27:25 2037 -# Fingerprint (MD5): A6:B0:CD:85:80:DA:5C:50:34:A3:39:90:2F:55:67:73 -# Fingerprint (SHA1): 2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 +# Trust for Certificate "Go Daddy Root Certificate Authority - G2" +# Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US +# Serial Number: 0 (0x0) +# Subject: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US +# Not Valid Before: Tue Sep 01 00:00:00 2009 +# Not Valid After : Thu Dec 31 23:59:59 2037 +# Fingerprint (MD5): 80:3A:BC:22:C1:E6:FB:8D:9B:3B:27:4A:32:1B:9A:01 +# Fingerprint (SHA1): 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Izenpe.com" +CKA_LABEL UTF8 "Go Daddy Root Certificate Authority - G2" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\057\170\075\045\122\030\247\112\145\071\161\265\054\242\234\105 -\025\157\351\031 +\107\276\253\311\042\352\350\016\170\170\064\142\247\237\105\302 +\124\375\346\213 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\246\260\315\205\200\332\134\120\064\243\071\220\057\125\147\163 +\200\072\274\042\301\346\373\215\233\073\047\112\062\033\232\001 END CKA_ISSUER MULTILINE_OCTAL -\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 -\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 -\111\172\145\156\160\145\056\143\157\155 +\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 +\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 +\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012 +\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111 +\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157 +\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164 +\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164 +\171\040\055\040\107\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031 -\346\175 +\002\001\000 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST @@ -10201,598 +9839,32 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Chambers of Commerce Root - 2008" +# Certificate "Starfield Root Certificate Authority - G2" # -# Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Serial Number:00:a3:da:42:7e:a4:b1:ae:da -# Subject: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Not Valid Before: Fri Aug 01 12:29:50 2008 -# Not Valid After : Sat Jul 31 12:29:50 2038 -# Fingerprint (MD5): 5E:80:9E:84:5A:0E:65:0B:17:02:F3:55:18:2A:3E:D7 -# Fingerprint (SHA1): 78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C +# Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US +# Serial Number: 0 (0x0) +# Subject: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US +# Not Valid Before: Tue Sep 01 00:00:00 2009 +# Not Valid After : Thu Dec 31 23:59:59 2037 +# Fingerprint (MD5): D6:39:81:C6:52:7E:96:69:FC:FC:CA:66:ED:05:F2:96 +# Fingerprint (SHA1): B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Chambers of Commerce Root - 2008" +CKA_LABEL UTF8 "Starfield Root Certificate Authority - G2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 -\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 -\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 -\070 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 -\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 -\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 -\070 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\243\332\102\176\244\261\256\332 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\007\117\060\202\005\067\240\003\002\001\002\002\011\000 -\243\332\102\176\244\261\256\332\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\060\201\256\061\013\060\011\006\003 -\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007 -\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165 -\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164 -\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056 -\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020 -\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067 -\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141 -\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051\060 -\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162\163 -\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157 -\164\040\055\040\062\060\060\070\060\036\027\015\060\070\060\070 -\060\061\061\062\062\071\065\060\132\027\015\063\070\060\067\063 -\061\061\062\062\071\065\060\132\060\201\256\061\013\060\011\006 -\003\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004 -\007\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143 -\165\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141 -\164\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141 -\056\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060 -\020\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070 -\067\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103 -\141\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051 -\060\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162 -\163\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157 -\157\164\040\055\040\062\060\060\070\060\202\002\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017 -\000\060\202\002\012\002\202\002\001\000\257\000\313\160\067\053 -\200\132\112\072\154\170\224\175\243\177\032\037\366\065\325\275 -\333\313\015\104\162\076\046\262\220\122\272\143\073\050\130\157 -\245\263\155\224\246\363\335\144\014\125\366\366\347\362\042\042 -\200\136\341\142\306\266\051\341\201\154\362\277\345\175\062\152 -\124\240\062\031\131\376\037\213\327\075\140\206\205\044\157\343 -\021\263\167\076\040\226\065\041\153\263\010\331\160\056\144\367 -\204\222\123\326\016\260\220\212\212\343\207\215\006\323\275\220 -\016\342\231\241\033\206\016\332\232\012\273\013\141\120\006\122 -\361\236\177\166\354\313\017\320\036\015\317\231\060\075\034\304 -\105\020\130\254\326\323\350\327\345\352\305\001\007\167\326\121 -\346\003\177\212\110\245\115\150\165\271\351\274\236\116\031\161 -\365\062\113\234\155\140\031\013\373\314\235\165\334\277\046\315 -\217\223\170\071\171\163\136\045\016\312\134\353\167\022\007\313 -\144\101\107\162\223\253\120\303\353\011\166\144\064\322\071\267 -\166\021\011\015\166\105\304\251\256\075\152\257\265\175\145\057 -\224\130\020\354\134\174\257\176\342\266\030\331\320\233\116\132 -\111\337\251\146\013\314\074\306\170\174\247\234\035\343\316\216 -\123\276\005\336\140\017\153\345\032\333\077\343\341\041\311\051 -\301\361\353\007\234\122\033\001\104\121\074\173\045\327\304\345 -\122\124\135\045\007\312\026\040\270\255\344\101\356\172\010\376 -\231\157\203\246\221\002\260\154\066\125\152\347\175\365\226\346 -\312\201\326\227\361\224\203\351\355\260\261\153\022\151\036\254 -\373\135\251\305\230\351\264\133\130\172\276\075\242\104\072\143 -\131\324\013\045\336\033\117\275\345\001\236\315\322\051\325\237 -\027\031\012\157\277\014\220\323\011\137\331\343\212\065\314\171 -\132\115\031\067\222\267\304\301\255\257\364\171\044\232\262\001 -\013\261\257\134\226\363\200\062\373\134\075\230\361\240\077\112 -\336\276\257\224\056\331\125\232\027\156\140\235\143\154\270\143 -\311\256\201\134\030\065\340\220\273\276\074\117\067\042\271\176 -\353\317\236\167\041\246\075\070\201\373\110\332\061\075\053\343 -\211\365\320\265\275\176\340\120\304\022\211\263\043\232\020\061 -\205\333\256\157\357\070\063\030\166\021\002\003\001\000\001\243 -\202\001\154\060\202\001\150\060\022\006\003\125\035\023\001\001 -\377\004\010\060\006\001\001\377\002\001\014\060\035\006\003\125 -\035\016\004\026\004\024\371\044\254\017\262\265\370\171\300\372 -\140\210\033\304\331\115\002\236\027\031\060\201\343\006\003\125 -\035\043\004\201\333\060\201\330\200\024\371\044\254\017\262\265 -\370\171\300\372\140\210\033\304\331\115\002\236\027\031\241\201 -\264\244\201\261\060\201\256\061\013\060\011\006\003\125\004\006 -\023\002\105\125\061\103\060\101\006\003\125\004\007\023\072\115 -\141\144\162\151\144\040\050\163\145\145\040\143\165\162\162\145 -\156\164\040\141\144\144\162\145\163\163\040\141\164\040\167\167 -\167\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155 -\057\141\144\144\162\145\163\163\051\061\022\060\020\006\003\125 -\004\005\023\011\101\070\062\067\064\063\062\070\067\061\033\060 -\031\006\003\125\004\012\023\022\101\103\040\103\141\155\145\162 -\146\151\162\155\141\040\123\056\101\056\061\051\060\047\006\003 -\125\004\003\023\040\103\150\141\155\142\145\162\163\040\157\146 -\040\103\157\155\155\145\162\143\145\040\122\157\157\164\040\055 -\040\062\060\060\070\202\011\000\243\332\102\176\244\261\256\332 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 -\060\075\006\003\125\035\040\004\066\060\064\060\062\006\004\125 -\035\040\000\060\052\060\050\006\010\053\006\001\005\005\007\002 -\001\026\034\150\164\164\160\072\057\057\160\157\154\151\143\171 -\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\002\001\000\220\022\257\042\065\302\243\071\360\056\336\351\265 -\351\170\174\110\276\077\175\105\222\136\351\332\261\031\374\026 -\074\237\264\133\146\236\152\347\303\271\135\210\350\017\255\317 -\043\017\336\045\072\136\314\117\245\301\265\055\254\044\322\130 -\007\336\242\317\151\204\140\063\350\020\015\023\251\043\320\205 -\345\216\173\246\236\075\162\023\162\063\365\252\175\306\143\037 -\010\364\376\001\177\044\317\053\054\124\011\336\342\053\155\222 -\306\071\117\026\352\074\176\172\106\324\105\152\106\250\353\165 -\202\126\247\253\240\174\150\023\063\366\235\060\360\157\047\071 -\044\043\052\220\375\220\051\065\362\223\337\064\245\306\367\370 -\357\214\017\142\112\174\256\323\365\124\370\215\266\232\126\207 -\026\202\072\063\253\132\042\010\367\202\272\352\056\340\107\232 -\264\265\105\243\005\073\331\334\056\105\100\073\352\334\177\350 -\073\353\321\354\046\330\065\244\060\305\072\254\127\236\263\166 -\245\040\173\371\036\112\005\142\001\246\050\165\140\227\222\015 -\156\076\115\067\103\015\222\025\234\030\042\315\121\231\240\051 -\032\074\137\212\062\063\133\060\307\211\057\107\230\017\243\003 -\306\366\361\254\337\062\360\331\201\032\344\234\275\366\200\024 -\360\321\054\271\205\365\330\243\261\310\245\041\345\034\023\227 -\356\016\275\337\051\251\357\064\123\133\323\344\152\023\204\006 -\266\062\002\304\122\256\042\322\334\262\041\102\032\332\100\360 -\051\311\354\012\014\134\342\320\272\314\110\323\067\012\314\022 -\012\212\171\260\075\003\177\151\113\364\064\040\175\263\064\352 -\216\113\144\365\076\375\263\043\147\025\015\004\270\360\055\301 -\011\121\074\262\154\025\360\245\043\327\203\164\344\345\056\311 -\376\230\047\102\306\253\306\236\260\320\133\070\245\233\120\336 -\176\030\230\265\105\073\366\171\264\350\367\032\173\006\203\373 -\320\213\332\273\307\275\030\253\010\157\074\200\153\100\077\031 -\031\272\145\212\346\276\325\134\323\066\327\357\100\122\044\140 -\070\147\004\061\354\217\363\202\306\336\271\125\363\073\061\221 -\132\334\265\010\025\255\166\045\012\015\173\056\207\342\014\246 -\006\274\046\020\155\067\235\354\335\170\214\174\200\305\360\331 -\167\110\320 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Chambers of Commerce Root - 2008" -# Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Serial Number:00:a3:da:42:7e:a4:b1:ae:da -# Subject: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Not Valid Before: Fri Aug 01 12:29:50 2008 -# Not Valid After : Sat Jul 31 12:29:50 2038 -# Fingerprint (MD5): 5E:80:9E:84:5A:0E:65:0B:17:02:F3:55:18:2A:3E:D7 -# Fingerprint (SHA1): 78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Chambers of Commerce Root - 2008" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\170\152\164\254\166\253\024\177\234\152\060\120\272\236\250\176 -\376\232\316\074 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\136\200\236\204\132\016\145\013\027\002\363\125\030\052\076\327 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 -\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 -\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 -\070 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\243\332\102\176\244\261\256\332 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Global Chambersign Root - 2008" -# -# Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Serial Number:00:c9:cd:d3:e9:d5:7d:23:ce -# Subject: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Not Valid Before: Fri Aug 01 12:31:40 2008 -# Not Valid After : Sat Jul 31 12:31:40 2038 -# Fingerprint (MD5): 9E:80:FF:78:01:0C:2E:C1:36:BD:FE:96:90:6E:08:F3 -# Fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Global Chambersign Root - 2008" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 -\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 -\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 -\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 -\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\311\315\323\351\325\175\043\316 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\007\111\060\202\005\061\240\003\002\001\002\002\011\000 -\311\315\323\351\325\175\043\316\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\060\201\254\061\013\060\011\006\003 -\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007 -\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165 -\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164 -\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056 -\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020 -\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067 -\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141 -\155\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060 -\045\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103 -\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040 -\055\040\062\060\060\070\060\036\027\015\060\070\060\070\060\061 -\061\062\063\061\064\060\132\027\015\063\070\060\067\063\061\061 -\062\063\061\064\060\132\060\201\254\061\013\060\011\006\003\125 -\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007\023 -\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165\162 -\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164\040 -\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056\143 -\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020\006 -\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067\061 -\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141\155 -\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060\045 -\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103\150 -\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040\055 -\040\062\060\060\070\060\202\002\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002 -\012\002\202\002\001\000\300\337\126\323\344\072\233\166\105\264 -\023\333\377\301\266\031\213\067\101\030\225\122\107\353\027\235 -\051\210\216\065\154\006\062\056\107\142\363\111\004\277\175\104 -\066\261\161\314\275\132\011\163\325\331\205\104\377\221\127\045 -\337\136\066\216\160\321\134\161\103\035\331\332\357\134\322\373 -\033\275\072\265\313\255\243\314\104\247\015\256\041\025\077\271 -\172\133\222\165\330\244\022\070\211\031\212\267\200\322\342\062 -\157\126\234\221\326\210\020\013\263\164\144\222\164\140\363\366 -\317\030\117\140\262\043\320\307\073\316\141\113\231\217\302\014 -\320\100\262\230\334\015\250\116\243\271\012\256\140\240\255\105 -\122\143\272\146\275\150\340\371\276\032\250\201\273\036\101\170 -\165\323\301\376\000\125\260\207\124\350\047\220\065\035\114\063 -\255\227\374\227\056\230\204\277\054\311\243\277\321\230\021\024 -\355\143\370\312\230\210\130\027\231\355\105\003\227\176\074\206 -\036\210\214\276\362\221\204\217\145\064\330\000\114\175\267\061 -\027\132\051\172\012\030\044\060\243\067\265\172\251\001\175\046 -\326\371\016\216\131\361\375\033\063\265\051\073\027\073\101\266 -\041\335\324\300\075\245\237\237\037\103\120\311\273\274\154\172 -\227\230\356\315\214\037\373\234\121\256\213\160\275\047\237\161 -\300\153\254\175\220\146\350\327\135\072\015\260\325\302\215\325 -\310\235\235\301\155\320\320\277\121\344\343\370\303\070\066\256 -\326\247\165\346\257\204\103\135\223\222\014\152\007\336\073\035 -\230\042\326\254\301\065\333\243\240\045\377\162\265\166\035\336 -\155\351\054\146\054\122\204\320\105\222\316\034\345\345\063\035 -\334\007\123\124\243\252\202\073\232\067\057\334\335\240\144\351 -\346\335\275\256\374\144\205\035\074\247\311\006\336\204\377\153 -\350\153\032\074\305\242\263\102\373\213\011\076\137\010\122\307 -\142\304\324\005\161\277\304\144\344\370\241\203\350\076\022\233 -\250\036\324\066\115\057\161\366\215\050\366\203\251\023\322\141 -\301\221\273\110\300\064\217\101\214\113\114\333\151\022\377\120 -\224\234\040\203\131\163\355\174\241\362\361\375\335\367\111\323 -\103\130\240\126\143\312\075\075\345\065\126\131\351\016\312\040 -\314\053\113\223\051\017\002\003\001\000\001\243\202\001\152\060 -\202\001\146\060\022\006\003\125\035\023\001\001\377\004\010\060 -\006\001\001\377\002\001\014\060\035\006\003\125\035\016\004\026 -\004\024\271\011\312\234\036\333\323\154\072\153\256\355\124\361 -\133\223\006\065\056\136\060\201\341\006\003\125\035\043\004\201 -\331\060\201\326\200\024\271\011\312\234\036\333\323\154\072\153 -\256\355\124\361\133\223\006\065\056\136\241\201\262\244\201\257 -\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 -\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 -\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070\202 -\011\000\311\315\323\351\325\175\043\316\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\075\006\003\125\035 -\040\004\066\060\064\060\062\006\004\125\035\040\000\060\052\060 -\050\006\010\053\006\001\005\005\007\002\001\026\034\150\164\164 -\160\072\057\057\160\157\154\151\143\171\056\143\141\155\145\162 -\146\151\162\155\141\056\143\157\155\060\015\006\011\052\206\110 -\206\367\015\001\001\005\005\000\003\202\002\001\000\200\210\177 -\160\336\222\050\331\005\224\106\377\220\127\251\361\057\337\032 -\015\153\372\174\016\034\111\044\171\047\330\106\252\157\051\131 -\122\210\160\022\352\335\075\365\233\123\124\157\341\140\242\250 -\011\271\354\353\131\174\306\065\361\334\030\351\361\147\345\257 -\272\105\340\011\336\312\104\017\302\027\016\167\221\105\172\063 -\137\137\226\054\150\213\301\107\217\230\233\075\300\354\313\365 -\325\202\222\204\065\321\276\066\070\126\162\061\133\107\055\252 -\027\244\143\121\353\012\001\255\177\354\165\236\313\241\037\361 -\177\022\261\271\344\144\177\147\326\043\052\364\270\071\135\230 -\350\041\247\341\275\075\102\032\164\232\160\257\150\154\120\135 -\111\317\377\373\016\135\346\054\107\327\201\072\131\000\265\163 -\153\143\040\366\061\105\010\071\016\364\160\176\100\160\132\077 -\320\153\102\251\164\075\050\057\002\155\165\162\225\011\215\110 -\143\306\306\043\127\222\223\136\065\301\215\371\012\367\054\235 -\142\034\366\255\174\335\246\061\036\266\261\307\176\205\046\372 -\244\152\265\332\143\060\321\357\223\067\262\146\057\175\005\367 -\347\267\113\230\224\065\300\331\072\051\301\235\262\120\063\035 -\112\251\132\246\311\003\357\355\364\347\250\156\212\264\127\204 -\353\244\077\320\356\252\252\207\133\143\350\223\342\153\250\324 -\270\162\170\153\033\355\071\344\135\313\233\252\207\325\117\116 -\000\376\331\152\237\074\061\017\050\002\001\175\230\350\247\260 -\242\144\236\171\370\110\362\025\251\314\346\310\104\353\077\170 -\231\362\173\161\076\074\361\230\247\305\030\022\077\346\273\050 -\063\102\351\105\012\174\155\362\206\171\057\305\202\031\175\011 -\211\174\262\124\166\210\256\336\301\363\314\341\156\333\061\326 -\223\256\231\240\357\045\152\163\230\211\133\072\056\023\210\036 -\277\300\222\224\064\033\343\047\267\213\036\157\102\377\347\351 -\067\233\120\035\055\242\371\002\356\313\130\130\072\161\274\150 -\343\252\301\257\034\050\037\242\334\043\145\077\201\352\256\231 -\323\330\060\317\023\015\117\025\311\204\274\247\110\055\370\060 -\043\167\330\106\113\171\155\366\214\355\072\177\140\021\170\364 -\351\233\256\325\124\300\164\200\321\013\102\237\301 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Global Chambersign Root - 2008" -# Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Serial Number:00:c9:cd:d3:e9:d5:7d:23:ce -# Subject: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Not Valid Before: Fri Aug 01 12:31:40 2008 -# Not Valid After : Sat Jul 31 12:31:40 2038 -# Fingerprint (MD5): 9E:80:FF:78:01:0C:2E:C1:36:BD:FE:96:90:6E:08:F3 -# Fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Global Chambersign Root - 2008" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\112\275\356\354\225\015\065\234\211\256\307\122\241\054\133\051 -\366\326\252\014 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\236\200\377\170\001\014\056\301\066\275\376\226\220\156\010\363 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 -\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 -\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\311\315\323\351\325\175\043\316 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Go Daddy Root Certificate Authority - G2" -# -# Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US -# Serial Number: 0 (0x0) -# Subject: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US -# Not Valid Before: Tue Sep 01 00:00:00 2009 -# Not Valid After : Thu Dec 31 23:59:59 2037 -# Fingerprint (MD5): 80:3A:BC:22:C1:E6:FB:8D:9B:3B:27:4A:32:1B:9A:01 -# Fingerprint (SHA1): 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Go Daddy Root Certificate Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012 -\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111 -\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157 -\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164 -\171\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012 -\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111 -\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157 -\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164 -\171\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\305\060\202\002\255\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157\156 -\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157\164 -\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012\023 -\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111\156 -\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157\040 -\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164\151 -\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\062\060\036\027\015\060\071\060\071\060\061\060 -\060\060\060\060\060\132\027\015\063\067\061\062\063\061\062\063 -\065\071\065\071\132\060\201\203\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\020\060\016\006\003\125\004\010\023\007 -\101\162\151\172\157\156\141\061\023\060\021\006\003\125\004\007 -\023\012\123\143\157\164\164\163\144\141\154\145\061\032\060\030 -\006\003\125\004\012\023\021\107\157\104\141\144\144\171\056\143 -\157\155\054\040\111\156\143\056\061\061\060\057\006\003\125\004 -\003\023\050\107\157\040\104\141\144\144\171\040\122\157\157\164 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062\060\202\001\042\060 -\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202 -\001\017\000\060\202\001\012\002\202\001\001\000\277\161\142\010 -\361\372\131\064\367\033\311\030\243\367\200\111\130\351\042\203 -\023\246\305\040\103\001\073\204\361\346\205\111\237\047\352\366 -\204\033\116\240\264\333\160\230\307\062\001\261\005\076\007\116 -\356\364\372\117\057\131\060\042\347\253\031\126\153\342\200\007 -\374\363\026\165\200\071\121\173\345\371\065\266\164\116\251\215 -\202\023\344\266\077\251\003\203\372\242\276\212\025\152\177\336 -\013\303\266\031\024\005\312\352\303\250\004\224\073\106\174\062 -\015\363\000\146\042\310\215\151\155\066\214\021\030\267\323\262 -\034\140\264\070\372\002\214\316\323\335\106\007\336\012\076\353 -\135\174\310\174\373\260\053\123\244\222\142\151\121\045\005\141 -\032\104\201\214\054\251\103\226\043\337\254\072\201\232\016\051 -\305\034\251\351\135\036\266\236\236\060\012\071\316\361\210\200 -\373\113\135\314\062\354\205\142\103\045\064\002\126\047\001\221 -\264\073\160\052\077\156\261\350\234\210\001\175\237\324\371\333 -\123\155\140\235\277\054\347\130\253\270\137\106\374\316\304\033 -\003\074\011\353\111\061\134\151\106\263\340\107\002\003\001\000 -\001\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 -\024\072\232\205\007\020\147\050\266\357\366\275\005\101\156\040 -\301\224\332\017\336\060\015\006\011\052\206\110\206\367\015\001 -\001\013\005\000\003\202\001\001\000\231\333\135\171\325\371\227 -\131\147\003\141\361\176\073\006\061\165\055\241\040\216\117\145 -\207\264\367\246\234\274\330\351\057\320\333\132\356\317\164\214 -\163\264\070\102\332\005\173\370\002\165\270\375\245\261\327\256 -\366\327\336\023\313\123\020\176\212\106\321\227\372\267\056\053 -\021\253\220\260\047\200\371\350\237\132\351\067\237\253\344\337 -\154\263\205\027\235\075\331\044\117\171\221\065\326\137\004\353 -\200\203\253\232\002\055\265\020\364\330\220\307\004\163\100\355 -\162\045\240\251\237\354\236\253\150\022\231\127\306\217\022\072 -\011\244\275\104\375\006\025\067\301\233\344\062\243\355\070\350 -\330\144\363\054\176\024\374\002\352\237\315\377\007\150\027\333 -\042\220\070\055\172\215\321\124\361\151\343\137\063\312\172\075 -\173\012\343\312\177\137\071\345\342\165\272\305\166\030\063\316 -\054\360\057\114\255\367\261\347\316\117\250\304\233\112\124\006 -\305\177\175\325\010\017\342\034\376\176\027\270\254\136\366\324 -\026\262\103\011\014\115\366\247\153\264\231\204\145\312\172\210 -\342\342\104\276\134\367\352\034\365 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Go Daddy Root Certificate Authority - G2" -# Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US -# Serial Number: 0 (0x0) -# Subject: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US -# Not Valid Before: Tue Sep 01 00:00:00 2009 -# Not Valid After : Thu Dec 31 23:59:59 2037 -# Fingerprint (MD5): 80:3A:BC:22:C1:E6:FB:8D:9B:3B:27:4A:32:1B:9A:01 -# Fingerprint (SHA1): 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Go Daddy Root Certificate Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\107\276\253\311\042\352\350\016\170\170\064\142\247\237\105\302 -\124\375\346\213 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\200\072\274\042\301\346\373\215\233\073\047\112\062\033\232\001 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012 -\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111 -\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157 -\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164 -\171\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Starfield Root Certificate Authority - G2" -# -# Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US -# Serial Number: 0 (0x0) -# Subject: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US -# Not Valid Before: Tue Sep 01 00:00:00 2009 -# Not Valid After : Thu Dec 31 23:59:59 2037 -# Fingerprint (MD5): D6:39:81:C6:52:7E:96:69:FC:FC:CA:66:ED:05:F2:96 -# Fingerprint (SHA1): B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Starfield Root Certificate Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\217\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012 -\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150 -\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\062 -\060\060\006\003\125\004\003\023\051\123\164\141\162\146\151\145 -\154\144\040\122\157\157\164\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\040\055\040 -\107\062 +\060\201\217\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 +\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 +\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012 +\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150 +\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\062 +\060\060\006\003\125\004\003\023\051\123\164\141\162\146\151\145 +\154\144\040\122\157\157\164\040\103\145\162\164\151\146\151\143 +\141\164\145\040\101\165\164\150\157\162\151\164\171\040\055\040 +\107\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL @@ -10876,6 +9948,8 @@ CKA_VALUE MULTILINE_OCTAL \364 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Starfield Root Certificate Authority - G2" # Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -11028,6 +10102,8 @@ CKA_VALUE MULTILINE_OCTAL \261\050\272 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Starfield Services Root Certificate Authority - G2" # Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -11159,6 +10235,8 @@ CKA_VALUE MULTILINE_OCTAL \007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Commercial" # Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US @@ -11285,6 +10363,8 @@ CKA_VALUE MULTILINE_OCTAL \355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Networking" # Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US @@ -11443,6 +10523,8 @@ CKA_VALUE MULTILINE_OCTAL \051\340\266\270\011\150\031\034\030\103 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Premium" # Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US @@ -11549,6 +10631,8 @@ CKA_VALUE MULTILINE_OCTAL \214\171 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Premium ECC" # Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US @@ -11688,6 +10772,8 @@ CKA_VALUE MULTILINE_OCTAL \326\267\064\365\176\316\071\232\331\070\361\121\367\117\054 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Certum Trusted Network CA" # Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL @@ -11824,6 +10910,8 @@ CKA_VALUE MULTILINE_OCTAL \274\060\376\173\016\063\220\373\355\322\024\221\037\007\257 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "TWCA Root Certification Authority" # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW @@ -12307,6 +11395,8 @@ CKA_VALUE MULTILINE_OCTAL \201\050\174\247\175\047\353\000\256\215\067 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Security Communication RootCA2" # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP @@ -12490,6 +11580,8 @@ CKA_VALUE MULTILINE_OCTAL \371\210\075\176\270\157\156\003\344\102 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "EC-ACC" # Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES @@ -12653,6 +11745,8 @@ CKA_VALUE MULTILINE_OCTAL \113\321\047\327\270 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011" # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR @@ -12889,6 +11983,8 @@ CKA_VALUE MULTILINE_OCTAL \216\362\024\212\314\351\265\174\373\154\235\014\245\341\226 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Actalis Authentication Root CA" # Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT @@ -13020,6 +12116,8 @@ CKA_VALUE MULTILINE_OCTAL \145\353\127\331\363\127\226\273\110\315\201 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Trustis FPS Root CA" # Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB @@ -13180,6 +12278,8 @@ CKA_VALUE MULTILINE_OCTAL \327\201\011\361\311\307\046\015\254\230\026\126\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Buypass Class 2 Root CA" # Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO @@ -13339,6 +12439,8 @@ CKA_VALUE MULTILINE_OCTAL \061\356\006\274\163\277\023\142\012\237\307\271\227 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Buypass Class 3 Root CA" # Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO @@ -13481,6 +12583,8 @@ CKA_VALUE MULTILINE_OCTAL \116\223\303\244\124\024\133 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "T-TeleSec GlobalRoot Class 3" # Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE @@ -13630,6 +12734,8 @@ CKA_VALUE MULTILINE_OCTAL \307\314\165\301\226\305\235 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "EE Certification Centre Root CA" # Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE @@ -13843,6 +12949,8 @@ CKA_VALUE MULTILINE_OCTAL \164\145\327\134\376\243\342 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "D-TRUST Root Class 3 CA 2 2009" # Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE @@ -13987,6 +13095,8 @@ CKA_VALUE MULTILINE_OCTAL \352\237\026\361\054\124\265 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "D-TRUST Root Class 3 CA 2 EV 2009" # Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE @@ -14024,181 +13134,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Swisscom Root CA 2" -# -# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 -# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Not Valid Before: Fri Jun 24 08:38:14 2011 -# Not Valid After : Wed Jun 25 07:38:14 2031 -# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19 -# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Swisscom Root CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030 -\147\266 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\331\060\202\003\301\240\003\002\001\002\002\020\036 -\236\050\350\110\362\345\357\303\174\112\036\132\030\147\266\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\144 -\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021\060 -\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157\155 -\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151\164 -\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040\123 -\145\162\166\151\143\145\163\061\033\060\031\006\003\125\004\003 -\023\022\123\167\151\163\163\143\157\155\040\122\157\157\164\040 -\103\101\040\062\060\036\027\015\061\061\060\066\062\064\060\070 -\063\070\061\064\132\027\015\063\061\060\066\062\065\060\067\063 -\070\061\064\132\060\144\061\013\060\011\006\003\125\004\006\023 -\002\143\150\061\021\060\017\006\003\125\004\012\023\010\123\167 -\151\163\163\143\157\155\061\045\060\043\006\003\125\004\013\023 -\034\104\151\147\151\164\141\154\040\103\145\162\164\151\146\151 -\143\141\164\145\040\123\145\162\166\151\143\145\163\061\033\060 -\031\006\003\125\004\003\023\022\123\167\151\163\163\143\157\155 -\040\122\157\157\164\040\103\101\040\062\060\202\002\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 -\017\000\060\202\002\012\002\202\002\001\000\225\102\116\204\235 -\121\346\323\011\350\162\132\043\151\333\170\160\216\026\361\053 -\217\015\003\316\223\314\056\000\010\173\253\063\214\364\351\100 -\346\027\114\253\236\270\107\024\062\167\062\335\050\014\336\030 -\113\137\166\237\370\071\073\374\116\211\330\174\305\147\357\253 -\322\271\064\137\153\072\363\144\066\316\302\260\317\023\150\312 -\310\313\353\265\342\075\056\041\337\352\054\324\340\371\160\226 -\114\377\152\130\230\267\027\344\033\122\345\176\007\000\035\137 -\332\346\076\225\004\267\151\210\071\241\101\140\045\141\113\225 -\071\150\142\034\261\013\005\211\300\066\202\024\041\077\256\333 -\241\375\274\157\034\140\206\266\123\224\111\271\053\106\305\117 -\000\053\277\241\273\313\077\340\307\127\034\127\350\326\151\370 -\301\044\122\235\210\125\335\302\207\056\164\043\320\024\375\052 -\107\132\273\246\235\375\224\344\321\212\245\137\206\143\166\205 -\313\257\377\111\050\374\200\355\114\171\322\273\344\300\357\001 -\356\120\101\010\065\043\160\053\251\026\264\214\156\205\351\266 -\021\317\061\335\123\046\033\337\055\132\112\002\100\374\304\300 -\266\351\061\032\010\050\345\140\303\037\304\220\216\020\142\140 -\104\015\354\012\276\125\030\161\054\245\364\262\274\025\142\377 -\034\343\276\035\332\036\127\263\074\176\315\202\035\221\343\113 -\353\054\122\064\260\212\375\022\116\226\260\353\160\177\236\071 -\367\146\102\261\253\254\122\332\166\100\127\173\052\275\350\156 -\003\262\013\200\205\210\235\014\307\302\167\260\232\232\127\364 -\270\372\023\134\150\223\072\147\244\227\320\033\231\267\206\062 -\113\140\330\316\357\320\014\177\225\237\157\207\117\207\212\216 -\137\010\174\252\133\374\132\276\241\221\237\125\175\116\260\013 -\151\314\260\224\250\247\207\362\323\112\120\334\137\162\260\026 -\165\036\313\264\030\142\232\260\247\071\252\233\237\146\330\215 -\246\154\226\025\343\346\362\370\361\203\142\154\273\125\351\141 -\223\243\075\365\261\127\213\117\043\260\233\345\224\152\057\337 -\214\337\225\121\051\140\241\013\051\344\134\125\130\267\250\374 -\231\356\045\115\114\016\263\323\114\217\204\350\051\017\375\020 -\124\002\205\310\371\345\303\213\317\347\017\002\003\001\000\001 -\243\201\206\060\201\203\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\206\060\035\006\003\125\035\041\004\026\060 -\024\060\022\006\007\140\205\164\001\123\002\001\006\007\140\205 -\164\001\123\002\001\060\022\006\003\125\035\023\001\001\377\004 -\010\060\006\001\001\377\002\001\007\060\035\006\003\125\035\016 -\004\026\004\024\115\046\040\042\211\113\323\325\244\012\241\157 -\336\342\022\201\305\361\074\056\060\037\006\003\125\035\043\004 -\030\060\026\200\024\115\046\040\042\211\113\323\325\244\012\241 -\157\336\342\022\201\305\361\074\056\060\015\006\011\052\206\110 -\206\367\015\001\001\013\005\000\003\202\002\001\000\062\012\262 -\244\033\313\175\276\202\127\211\271\152\177\363\364\301\056\021 -\175\270\031\076\171\267\250\250\162\067\146\233\032\355\254\023 -\073\016\277\142\360\234\337\236\173\241\123\110\016\101\172\312 -\040\247\027\033\266\170\354\100\221\363\102\255\020\303\134\357 -\377\140\131\177\315\205\243\213\075\110\034\045\002\074\147\175 -\365\062\351\057\060\345\175\245\172\070\320\363\146\052\146\036 -\215\063\203\212\157\174\156\250\132\165\232\270\327\332\130\110 -\104\107\250\114\372\114\111\012\112\302\022\067\250\100\014\303 -\310\341\320\127\015\227\062\225\307\072\237\227\323\127\370\013 -\336\345\162\363\243\333\377\265\330\131\262\163\335\115\052\161 -\262\272\111\365\313\034\325\365\171\310\231\263\374\301\114\164 -\343\264\275\051\067\025\004\050\036\336\105\106\160\354\257\272 -\170\016\212\052\316\000\171\334\300\137\031\147\054\153\113\357 -\150\150\013\103\343\254\301\142\011\357\246\335\145\141\240\257 -\204\125\110\221\122\034\306\045\221\052\320\301\042\043\141\131 -\257\105\021\205\035\001\044\064\217\317\263\377\027\162\040\023 -\302\200\252\041\054\161\071\016\320\217\134\301\323\321\216\042 -\162\106\114\035\226\256\117\161\261\341\005\051\226\131\364\273 -\236\165\075\317\015\067\015\142\333\046\214\143\251\043\337\147 -\006\074\174\072\332\064\102\341\146\264\106\004\336\306\226\230 -\017\113\110\172\044\062\165\221\237\254\367\150\351\052\271\125 -\145\316\135\141\323\047\160\330\067\376\237\271\257\240\056\126 -\267\243\145\121\355\073\253\024\277\114\121\003\350\137\212\005 -\233\356\212\156\234\357\277\150\372\310\332\013\343\102\311\320 -\027\024\234\267\112\340\257\223\047\041\125\046\265\144\057\215 -\361\377\246\100\005\205\005\134\312\007\031\134\013\023\050\114 -\130\177\302\245\357\105\332\140\323\256\145\141\235\123\203\164 -\302\256\362\134\302\026\355\222\076\204\076\163\140\210\274\166 -\364\054\317\320\175\175\323\270\136\321\221\022\020\351\315\335 -\312\045\343\325\355\231\057\276\165\201\113\044\371\105\106\224 -\311\051\041\123\234\046\105\252\023\027\344\347\315\170\342\071 -\301\053\022\236\246\236\033\305\346\016\331\061\331 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Swisscom Root CA 2" -# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 -# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Not Valid Before: Fri Jun 24 08:38:14 2011 -# Not Valid After : Wed Jun 25 07:38:14 2031 -# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19 -# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Swisscom Root CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\167\107\117\306\060\344\017\114\107\144\077\204\272\270\306\225 -\112\212\101\354 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\133\004\151\354\245\203\224\143\030\247\206\320\344\362\156\031 -END -CKA_ISSUER MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030 -\147\266 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "CA Disig Root R2" # @@ -14325,6 +13260,8 @@ CKA_VALUE MULTILINE_OCTAL \363\154\033\165\106\243\345\112\027\351\244\327\013 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "CA Disig Root R2" # Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK @@ -14525,6 +13462,8 @@ CKA_VALUE MULTILINE_OCTAL \125\064\106\052\213\206\073 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "ACCVRAIZ1" # Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1 @@ -14685,6 +13624,8 @@ CKA_VALUE MULTILINE_OCTAL \053\006\320\004\315 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TWCA Global Root CA" # Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW @@ -14842,6 +13783,8 @@ CKA_VALUE MULTILINE_OCTAL \245\240\314\277\323\366\165\244\165\226\155\126 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TeliaSonera Root CA v1" # Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera @@ -15030,6 +13973,8 @@ CKA_VALUE MULTILINE_OCTAL \243\253\157\134\035\266\176\350\263\202\064\355\006\134\044 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "E-Tugra Certification Authority" # Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR @@ -15179,6 +14124,8 @@ CKA_VALUE MULTILINE_OCTAL \005\047\216\023\241\156\302 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "T-TeleSec GlobalRoot Class 2" # Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE @@ -15310,6 +14257,8 @@ CKA_VALUE MULTILINE_OCTAL \035\362\376\011\021\260\360\207\173\247\235 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Atos TrustedRoot 2011" # Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011 @@ -15470,6 +14419,8 @@ CKA_VALUE MULTILINE_OCTAL \063\140\345\303 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "QuoVadis Root CA 1 G3" # Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM @@ -15632,6 +14583,8 @@ CKA_VALUE MULTILINE_OCTAL \203\336\177\214 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "QuoVadis Root CA 2 G3" # Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM @@ -15794,6 +14747,8 @@ CKA_VALUE MULTILINE_OCTAL \130\371\230\364 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "QuoVadis Root CA 3 G3" # Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM @@ -15931,6 +14886,8 @@ CKA_VALUE MULTILINE_OCTAL \042\023\163\154\317\046\365\212\051\347 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Assured ID Root G2" # Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16049,6 +15006,8 @@ CKA_VALUE MULTILINE_OCTAL \352\226\143\152\145\105\222\225\001\264 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Assured ID Root G3" # Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16188,6 +15147,8 @@ CKA_VALUE MULTILINE_OCTAL \062\266 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Global Root G2" # Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16306,6 +15267,8 @@ CKA_VALUE MULTILINE_OCTAL \263\047\027 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Global Root G3" # Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16477,6 +15440,8 @@ CKA_VALUE MULTILINE_OCTAL \317\363\146\176 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Trusted Root G4" # Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16656,6 +15621,8 @@ CKA_VALUE MULTILINE_OCTAL \065\123\205\006\112\135\237\255\273\033\137\164 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "COMODO RSA Certification Authority" # Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -16838,6 +15805,8 @@ CKA_VALUE MULTILINE_OCTAL \250\375 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "USERTrust RSA Certification Authority" # Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US @@ -16967,6 +15936,8 @@ CKA_VALUE MULTILINE_OCTAL \127\152\030 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "USERTrust ECC Certification Authority" # Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US @@ -17079,6 +16050,8 @@ CKA_VALUE MULTILINE_OCTAL \173\013\370\237\204 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GlobalSign ECC Root CA - R4" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 @@ -17192,6 +16165,8 @@ CKA_VALUE MULTILINE_OCTAL \220\067 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GlobalSign ECC Root CA - R5" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 @@ -17357,6 +16332,8 @@ CKA_VALUE MULTILINE_OCTAL \367\200\173\041\147\047\060\131 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Staat der Nederlanden Root CA - G3" # Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL @@ -17521,6 +16498,8 @@ CKA_VALUE MULTILINE_OCTAL \356\354\327\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Staat der Nederlanden EV Root CA" # Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL @@ -17683,6 +16662,8 @@ CKA_VALUE MULTILINE_OCTAL \272\204\156\207 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "IdenTrust Commercial Root CA 1" # Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US @@ -17845,188 +16826,41 @@ CKA_VALUE MULTILINE_OCTAL \267\254\266\255\267\312\076\001\357\234 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "IdenTrust Public Sector Root CA 1" # Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US # Serial Number:0a:01:42:80:00:00:01:45:23:cf:46:7c:00:00:00:02 # Subject: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US # Not Valid Before: Thu Jan 16 17:53:32 2014 -# Not Valid After : Mon Jan 16 17:53:32 2034 -# Fingerprint (SHA-256): 30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F -# Fingerprint (SHA1): BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "IdenTrust Public Sector Root CA 1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\272\051\101\140\167\230\077\364\363\357\362\061\005\073\056\352 -\155\115\105\375 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\067\006\245\260\374\211\235\272\364\153\214\032\144\315\325\272 -END -CKA_ISSUER MULTILINE_OCTAL -\060\115\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162 -\165\163\164\061\052\060\050\006\003\125\004\003\023\041\111\144 -\145\156\124\162\165\163\164\040\120\165\142\154\151\143\040\123 -\145\143\164\157\162\040\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\012\001\102\200\000\000\001\105\043\317\106\174\000\000 -\000\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "S-TRUST Universal Root CA" -# -# Issuer: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE -# Serial Number:60:56:c5:4b:23:40:5b:64:d4:ed:25:da:d9:d6:1e:1e -# Subject: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE -# Not Valid Before: Tue Oct 22 00:00:00 2013 -# Not Valid After : Thu Oct 21 23:59:59 2038 -# Fingerprint (SHA-256): D8:0F:EF:91:0A:E3:F1:04:72:3B:04:5C:EC:2D:01:9F:44:1C:E6:21:3A:DF:15:67:91:E7:0C:17:90:11:0A:31 -# Fingerprint (SHA1): 1B:3D:11:14:EA:7A:0F:95:58:54:41:95:BF:6B:25:82:AB:40:CE:9A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "S-TRUST Universal Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\051\060\047\006\003\125\004\012\023\040\104\145\165\164\163 -\143\150\145\162\040\123\160\141\162\153\141\163\163\145\156\040 -\126\145\162\154\141\147\040\107\155\142\110\061\047\060\045\006 -\003\125\004\013\023\036\123\055\124\122\125\123\124\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162\166 -\151\143\145\163\061\042\060\040\006\003\125\004\003\023\031\123 -\055\124\122\125\123\124\040\125\156\151\166\145\162\163\141\154 -\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\051\060\047\006\003\125\004\012\023\040\104\145\165\164\163 -\143\150\145\162\040\123\160\141\162\153\141\163\163\145\156\040 -\126\145\162\154\141\147\040\107\155\142\110\061\047\060\045\006 -\003\125\004\013\023\036\123\055\124\122\125\123\124\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162\166 -\151\143\145\163\061\042\060\040\006\003\125\004\003\023\031\123 -\055\124\122\125\123\124\040\125\156\151\166\145\162\163\141\154 -\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\140\126\305\113\043\100\133\144\324\355\045\332\331\326 -\036\036 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\330\060\202\002\300\240\003\002\001\002\002\020\140 -\126\305\113\043\100\133\144\324\355\045\332\331\326\036\036\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\205\061\013\060\011\006\003\125\004\006\023\002\104\105\061\051 -\060\047\006\003\125\004\012\023\040\104\145\165\164\163\143\150 -\145\162\040\123\160\141\162\153\141\163\163\145\156\040\126\145 -\162\154\141\147\040\107\155\142\110\061\047\060\045\006\003\125 -\004\013\023\036\123\055\124\122\125\123\124\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\061\042\060\040\006\003\125\004\003\023\031\123\055\124 -\122\125\123\124\040\125\156\151\166\145\162\163\141\154\040\122 -\157\157\164\040\103\101\060\036\027\015\061\063\061\060\062\062 -\060\060\060\060\060\060\132\027\015\063\070\061\060\062\061\062 -\063\065\071\065\071\132\060\201\205\061\013\060\011\006\003\125 -\004\006\023\002\104\105\061\051\060\047\006\003\125\004\012\023 -\040\104\145\165\164\163\143\150\145\162\040\123\160\141\162\153 -\141\163\163\145\156\040\126\145\162\154\141\147\040\107\155\142 -\110\061\047\060\045\006\003\125\004\013\023\036\123\055\124\122 -\125\123\124\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\123\145\162\166\151\143\145\163\061\042\060\040\006\003 -\125\004\003\023\031\123\055\124\122\125\123\124\040\125\156\151 -\166\145\162\163\141\154\040\122\157\157\164\040\103\101\060\202 -\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\250 -\343\013\337\021\067\205\202\232\265\154\146\174\141\077\300\107 -\032\035\106\343\260\125\144\345\270\202\071\050\007\176\027\377 -\364\233\212\360\221\201\352\070\077\041\170\154\110\354\153\057 -\242\323\212\162\262\247\327\331\352\177\264\300\111\153\060\045 -\211\214\353\267\325\100\141\230\342\334\074\040\222\315\145\112 -\162\237\032\216\214\372\045\025\277\363\041\203\050\015\213\257 -\131\021\202\103\134\233\115\045\121\177\130\030\143\140\073\263 -\265\212\213\130\143\067\110\110\220\104\302\100\335\135\367\103 -\151\051\230\134\022\145\136\253\220\222\113\146\337\325\165\022 -\123\124\030\246\336\212\326\273\127\003\071\131\231\030\005\014 -\371\375\025\306\220\144\106\027\202\327\302\112\101\075\375\000 -\276\127\162\030\224\167\033\123\132\211\001\366\063\162\016\223 -\072\334\350\036\375\005\005\326\274\163\340\210\334\253\117\354 -\265\030\206\117\171\204\016\110\052\146\052\335\062\310\170\145 -\310\013\235\130\001\005\161\355\201\365\150\027\156\313\015\264 -\113\330\241\354\256\070\353\034\130\057\241\145\003\064\057\002 -\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023\001 -\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016 -\004\026\004\024\232\175\327\353\353\177\124\230\105\051\264\040 -\253\155\013\226\043\031\244\302\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\003\202\001\001\000\116\226\022\333 -\176\167\136\222\047\236\041\027\030\202\166\330\077\274\245\011 -\004\146\210\211\255\333\125\263\063\152\306\145\304\217\115\363 -\062\066\334\171\004\226\251\167\062\321\227\365\030\153\214\272 -\355\316\021\320\104\307\222\361\264\104\216\355\210\122\110\236 -\325\375\131\370\243\036\121\373\001\122\345\137\345\172\335\252 -\044\117\042\213\335\166\106\366\245\240\017\065\330\312\017\230 -\271\060\135\040\157\302\201\036\275\275\300\376\025\323\070\052 -\011\223\230\047\033\223\173\320\053\064\136\150\245\025\117\321 -\122\303\240\312\240\203\105\035\365\365\267\131\163\135\131\001 -\217\252\302\107\057\024\161\325\051\343\020\265\107\223\045\314 -\043\051\332\267\162\330\221\324\354\033\110\212\042\344\301\052 -\367\072\150\223\237\105\031\156\103\267\314\376\270\221\232\141 -\032\066\151\143\144\222\050\363\157\141\222\205\023\237\311\007 -\054\213\127\334\353\236\171\325\302\336\010\325\124\262\127\116 -\052\062\215\241\342\072\321\020\040\042\071\175\064\105\157\161 -\073\303\035\374\377\262\117\250\342\366\060\036 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "S-TRUST Universal Root CA" -# Issuer: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE -# Serial Number:60:56:c5:4b:23:40:5b:64:d4:ed:25:da:d9:d6:1e:1e -# Subject: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE -# Not Valid Before: Tue Oct 22 00:00:00 2013 -# Not Valid After : Thu Oct 21 23:59:59 2038 -# Fingerprint (SHA-256): D8:0F:EF:91:0A:E3:F1:04:72:3B:04:5C:EC:2D:01:9F:44:1C:E6:21:3A:DF:15:67:91:E7:0C:17:90:11:0A:31 -# Fingerprint (SHA1): 1B:3D:11:14:EA:7A:0F:95:58:54:41:95:BF:6B:25:82:AB:40:CE:9A +# Not Valid After : Mon Jan 16 17:53:32 2034 +# Fingerprint (SHA-256): 30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F +# Fingerprint (SHA1): BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "S-TRUST Universal Root CA" +CKA_LABEL UTF8 "IdenTrust Public Sector Root CA 1" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\033\075\021\024\352\172\017\225\130\124\101\225\277\153\045\202 -\253\100\316\232 +\272\051\101\140\167\230\077\364\363\357\362\061\005\073\056\352 +\155\115\105\375 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\130\366\101\001\256\365\133\121\231\116\134\041\350\117\324\146 +\067\006\245\260\374\211\235\272\364\153\214\032\144\315\325\272 END CKA_ISSUER MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\051\060\047\006\003\125\004\012\023\040\104\145\165\164\163 -\143\150\145\162\040\123\160\141\162\153\141\163\163\145\156\040 -\126\145\162\154\141\147\040\107\155\142\110\061\047\060\045\006 -\003\125\004\013\023\036\123\055\124\122\125\123\124\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162\166 -\151\143\145\163\061\042\060\040\006\003\125\004\003\023\031\123 -\055\124\122\125\123\124\040\125\156\151\166\145\162\163\141\154 -\040\122\157\157\164\040\103\101 +\060\115\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162 +\165\163\164\061\052\060\050\006\003\125\004\003\023\041\111\144 +\145\156\124\162\165\163\164\040\120\165\142\154\151\143\040\123 +\145\143\164\157\162\040\122\157\157\164\040\103\101\040\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\140\126\305\113\043\100\133\144\324\355\045\332\331\326 -\036\036 +\002\020\012\001\102\200\000\000\001\105\043\317\106\174\000\000 +\000\002 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -18153,6 +16987,8 @@ CKA_VALUE MULTILINE_OCTAL \105\366 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Entrust Root Certification Authority - G2" # Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US @@ -18298,6 +17134,8 @@ CKA_VALUE MULTILINE_OCTAL \231\267\046\101\133\045\140\256\320\110\032\356\006 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Entrust Root Certification Authority - EC1" # Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US @@ -18471,505 +17309,829 @@ CKA_VALUE MULTILINE_OCTAL \056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "CFCA EV ROOT" +# Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN +# Serial Number: 407555286 (0x184accd6) +# Subject: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN +# Not Valid Before: Wed Aug 08 03:07:01 2012 +# Not Valid After : Mon Dec 31 03:07:01 2029 +# Fingerprint (SHA-256): 5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD +# Fingerprint (SHA1): E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "CFCA EV ROOT" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\342\270\051\113\125\204\253\153\130\302\220\106\154\254\077\270 +\071\217\204\203 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\164\341\266\355\046\172\172\104\060\063\224\253\173\047\201\060 +END +CKA_ISSUER MULTILINE_OCTAL +\060\126\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\060\060\056\006\003\125\004\012\014\047\103\150\151\156\141\040 +\106\151\156\141\156\143\151\141\154\040\103\145\162\164\151\146 +\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 +\171\061\025\060\023\006\003\125\004\003\014\014\103\106\103\101 +\040\105\126\040\122\117\117\124 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\004\030\112\314\326 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "OISTE WISeKey Global Root GB CA" +# +# Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Serial Number:76:b1:20:52:74:f0:85:87:46:b3:f8:23:1a:f6:c2:c0 +# Subject: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Not Valid Before: Mon Dec 01 15:00:32 2014 +# Not Valid After : Thu Dec 01 15:10:31 2039 +# Fingerprint (SHA-256): 6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6 +# Fingerprint (SHA1): 0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "OISTE WISeKey Global Root GB CA" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 +\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 +\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 +\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 +\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 +\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 +\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 +\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 +\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 +\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 +\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 +\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 +\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\166\261\040\122\164\360\205\207\106\263\370\043\032\366 +\302\300 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\265\060\202\002\235\240\003\002\001\002\002\020\166 +\261\040\122\164\360\205\207\106\263\370\043\032\366\302\300\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\155 +\061\013\060\011\006\003\125\004\006\023\002\103\110\061\020\060 +\016\006\003\125\004\012\023\007\127\111\123\145\113\145\171\061 +\042\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040 +\106\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162 +\163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111 +\123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142 +\141\154\040\122\157\157\164\040\107\102\040\103\101\060\036\027 +\015\061\064\061\062\060\061\061\065\060\060\063\062\132\027\015 +\063\071\061\062\060\061\061\065\061\060\063\061\132\060\155\061 +\013\060\011\006\003\125\004\006\023\002\103\110\061\020\060\016 +\006\003\125\004\012\023\007\127\111\123\145\113\145\171\061\042 +\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040\106 +\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162\163 +\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111\123 +\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142\141 +\154\040\122\157\157\164\040\107\102\040\103\101\060\202\001\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\001\017\000\060\202\001\012\002\202\001\001\000\330\027\267 +\034\112\044\052\326\227\261\312\342\036\373\175\070\357\230\365 +\262\071\230\116\047\270\021\135\173\322\045\224\210\202\025\046 +\152\033\061\273\250\133\041\041\053\330\017\116\237\132\361\261 +\132\344\171\326\062\043\053\341\123\314\231\105\134\173\117\255 +\274\277\207\112\013\113\227\132\250\366\110\354\175\173\015\315 +\041\006\337\236\025\375\101\212\110\267\040\364\241\172\033\127 +\324\135\120\377\272\147\330\043\231\037\310\077\343\336\377\157 +\133\167\261\153\156\270\311\144\367\341\312\101\106\016\051\161 +\320\271\043\374\311\201\137\116\367\157\337\277\204\255\163\144 +\273\267\102\216\151\366\324\166\035\176\235\247\270\127\212\121 +\147\162\327\324\250\270\225\124\100\163\003\366\352\364\353\376 +\050\102\167\077\235\043\033\262\266\075\200\024\007\114\056\117 +\367\325\012\026\015\275\146\103\067\176\043\103\171\303\100\206 +\365\114\051\332\216\232\255\015\245\004\207\210\036\205\343\351 +\123\325\233\310\213\003\143\170\353\340\031\112\156\273\057\153 +\063\144\130\223\255\151\277\217\033\357\202\110\307\002\003\001 +\000\001\243\121\060\117\060\013\006\003\125\035\017\004\004\003 +\002\001\206\060\017\006\003\125\035\023\001\001\377\004\005\060 +\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\065 +\017\310\066\143\136\342\243\354\371\073\146\025\316\121\122\343 +\221\232\075\060\020\006\011\053\006\001\004\001\202\067\025\001 +\004\003\002\001\000\060\015\006\011\052\206\110\206\367\015\001 +\001\013\005\000\003\202\001\001\000\100\114\373\207\262\231\201 +\220\176\235\305\260\260\046\315\210\173\053\062\215\156\270\041 +\161\130\227\175\256\067\024\257\076\347\367\232\342\175\366\161 +\230\231\004\252\103\164\170\243\343\111\141\076\163\214\115\224 +\340\371\161\304\266\026\016\123\170\037\326\242\207\057\002\071 +\201\051\074\257\025\230\041\060\376\050\220\000\214\321\341\313 +\372\136\310\375\370\020\106\073\242\170\102\221\027\164\125\012 +\336\120\147\115\146\321\247\377\375\331\300\265\250\243\212\316 +\146\365\017\103\315\247\053\127\173\143\106\152\252\056\122\330 +\364\355\341\155\255\051\220\170\110\272\341\043\252\243\211\354 +\265\253\226\300\264\113\242\035\227\236\172\362\156\100\161\337 +\150\361\145\115\316\174\005\337\123\145\251\245\360\261\227\004 +\160\025\106\003\230\324\322\277\124\264\240\130\175\122\157\332 +\126\046\142\324\330\333\211\061\157\034\360\042\302\323\142\034 +\065\315\114\151\025\124\032\220\230\336\353\036\137\312\167\307 +\313\216\075\103\151\234\232\130\320\044\073\337\033\100\226\176 +\065\255\201\307\116\161\272\210\023 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "OISTE WISeKey Global Root GB CA" +# Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Serial Number:76:b1:20:52:74:f0:85:87:46:b3:f8:23:1a:f6:c2:c0 +# Subject: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Not Valid Before: Mon Dec 01 15:00:32 2014 +# Not Valid After : Thu Dec 01 15:10:31 2039 +# Fingerprint (SHA-256): 6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6 +# Fingerprint (SHA1): 0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "OISTE WISeKey Global Root GB CA" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\017\371\100\166\030\323\327\152\113\230\360\250\065\236\014\375 +\047\254\314\355 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\244\353\271\141\050\056\267\057\230\260\065\046\220\231\121\035 +END +CKA_ISSUER MULTILINE_OCTAL +\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 +\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 +\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 +\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 +\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 +\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 +\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\166\261\040\122\164\360\205\207\106\263\370\043\032\366 +\302\300 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "SZAFIR ROOT CA2" +# +# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL +# Serial Number:3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4 +# Subject: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL +# Not Valid Before: Mon Oct 19 07:43:30 2015 +# Not Valid After : Fri Oct 19 07:43:30 2035 +# Fingerprint (SHA-256): A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE +# Fingerprint (SHA1): E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SZAFIR ROOT CA2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 +\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 +\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 +\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 +\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 +\103\101\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 +\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 +\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 +\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 +\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 +\103\101\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001 +\353\055\334\344\326\344 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\162\060\202\002\132\240\003\002\001\002\002\024\076 +\212\135\007\354\125\322\062\325\267\343\266\137\001\353\055\334 +\344\326\344\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\060\121\061\013\060\011\006\003\125\004\006\023\002\120 +\114\061\050\060\046\006\003\125\004\012\014\037\113\162\141\152 +\157\167\141\040\111\172\142\141\040\122\157\172\154\151\143\172 +\145\156\151\157\167\141\040\123\056\101\056\061\030\060\026\006 +\003\125\004\003\014\017\123\132\101\106\111\122\040\122\117\117 +\124\040\103\101\062\060\036\027\015\061\065\061\060\061\071\060 +\067\064\063\063\060\132\027\015\063\065\061\060\061\071\060\067 +\064\063\063\060\132\060\121\061\013\060\011\006\003\125\004\006 +\023\002\120\114\061\050\060\046\006\003\125\004\012\014\037\113 +\162\141\152\157\167\141\040\111\172\142\141\040\122\157\172\154 +\151\143\172\145\156\151\157\167\141\040\123\056\101\056\061\030 +\060\026\006\003\125\004\003\014\017\123\132\101\106\111\122\040 +\122\117\117\124\040\103\101\062\060\202\001\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 +\060\202\001\012\002\202\001\001\000\267\274\076\120\250\113\315 +\100\265\316\141\347\226\312\264\241\332\014\042\260\372\265\173 +\166\000\167\214\013\317\175\250\206\314\046\121\344\040\075\205 +\014\326\130\343\347\364\052\030\235\332\321\256\046\356\353\123 +\334\364\220\326\023\112\014\220\074\303\364\332\322\216\015\222 +\072\334\261\261\377\070\336\303\272\055\137\200\271\002\275\112 +\235\033\017\264\303\302\301\147\003\335\334\033\234\075\263\260 +\336\000\036\250\064\107\273\232\353\376\013\024\275\066\204\332 +\015\040\277\372\133\313\251\026\040\255\071\140\356\057\165\266 +\347\227\234\371\076\375\176\115\157\115\057\357\210\015\152\372 +\335\361\075\156\040\245\240\022\264\115\160\271\316\327\162\073 +\211\223\247\200\204\034\047\111\162\111\265\377\073\225\236\301 +\314\310\001\354\350\016\212\012\226\347\263\246\207\345\326\371 +\005\053\015\227\100\160\074\272\254\165\132\234\325\115\235\002 +\012\322\113\233\146\113\106\007\027\145\255\237\154\210\000\334 +\042\211\340\341\144\324\147\274\061\171\141\074\273\312\101\315 +\134\152\000\310\074\070\216\130\257\002\003\001\000\001\243\102 +\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\035\006\003\125\035\016\004\026\004\024\056\026 +\251\112\030\265\313\314\365\157\120\363\043\137\370\135\347\254 +\360\310\060\015\006\011\052\206\110\206\367\015\001\001\013\005 +\000\003\202\001\001\000\265\163\370\003\334\131\133\035\166\351 +\243\052\173\220\050\262\115\300\063\117\252\232\261\324\270\344 +\047\377\251\226\231\316\106\340\155\174\114\242\070\244\006\160 +\360\364\101\021\354\077\107\215\077\162\207\371\073\375\244\157 +\053\123\000\340\377\071\271\152\007\016\353\035\034\366\242\162 +\220\313\202\075\021\202\213\322\273\237\052\257\041\346\143\206 +\235\171\031\357\367\273\014\065\220\303\212\355\117\017\365\314 +\022\331\244\076\273\240\374\040\225\137\117\046\057\021\043\203 +\116\165\007\017\277\233\321\264\035\351\020\004\376\312\140\217 +\242\114\270\255\317\341\220\017\315\256\012\307\135\173\267\120 +\322\324\141\372\325\025\333\327\237\207\121\124\353\245\343\353 +\311\205\240\045\040\067\373\216\316\014\064\204\341\074\201\262 +\167\116\103\245\210\137\206\147\241\075\346\264\134\141\266\076 +\333\376\267\050\305\242\007\256\265\312\312\215\052\022\357\227 +\355\302\060\244\311\052\172\373\363\115\043\033\231\063\064\240 +\056\365\251\013\077\324\135\341\317\204\237\342\031\302\137\212 +\326\040\036\343\163\267 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "CFCA EV ROOT" -# Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN -# Serial Number: 407555286 (0x184accd6) -# Subject: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN -# Not Valid Before: Wed Aug 08 03:07:01 2012 -# Not Valid After : Mon Dec 31 03:07:01 2029 -# Fingerprint (SHA-256): 5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD -# Fingerprint (SHA1): E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83 +# Trust for "SZAFIR ROOT CA2" +# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL +# Serial Number:3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4 +# Subject: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL +# Not Valid Before: Mon Oct 19 07:43:30 2015 +# Not Valid After : Fri Oct 19 07:43:30 2035 +# Fingerprint (SHA-256): A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE +# Fingerprint (SHA1): E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CFCA EV ROOT" +CKA_LABEL UTF8 "SZAFIR ROOT CA2" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\342\270\051\113\125\204\253\153\130\302\220\106\154\254\077\270 -\071\217\204\203 +\342\122\372\225\077\355\333\044\140\275\156\050\363\234\314\317 +\136\263\077\336 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\164\341\266\355\046\172\172\104\060\063\224\253\173\047\201\060 +\021\144\301\211\260\044\261\214\261\007\176\211\236\121\236\231 END CKA_ISSUER MULTILINE_OCTAL -\060\126\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\060\060\056\006\003\125\004\012\014\047\103\150\151\156\141\040 -\106\151\156\141\156\143\151\141\154\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\061\025\060\023\006\003\125\004\003\014\014\103\106\103\101 -\040\105\126\040\122\117\117\124 +\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 +\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 +\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 +\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 +\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 +\103\101\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\030\112\314\326 +\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001 +\353\055\334\344\326\344 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TÃœRKTRUST Elektronik Sertifika Hizmet SaÄŸlayıcısı H5" +# Certificate "Certum Trusted Network CA 2" # -# Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR -# Serial Number:00:8e:17:fe:24:20:81 -# Subject: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR -# Not Valid Before: Tue Apr 30 08:07:01 2013 -# Not Valid After : Fri Apr 28 08:07:01 2023 -# Fingerprint (SHA-256): 49:35:1B:90:34:44:C1:85:CC:DC:5C:69:3D:24:D8:55:5C:B2:08:D6:A8:14:13:07:69:9F:4A:F0:63:19:9D:78 -# Fingerprint (SHA1): C4:18:F6:4D:46:D1:DF:00:3D:27:30:13:72:43:A9:12:11:C6:75:FB +# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL +# Serial Number:21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9 +# Subject: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL +# Not Valid Before: Thu Oct 06 08:39:56 2011 +# Not Valid After : Sat Oct 06 08:39:56 2046 +# Fingerprint (SHA-256): B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04 +# Fingerprint (SHA1): D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TÃœRKTRUST Elektronik Sertifika Hizmet SaÄŸlayıcısı H5" +CKA_LABEL UTF8 "Certum Trusted Network CA 2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122 -\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154 -\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305 -\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040 -\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056 -\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113 -\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153 -\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145 -\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304 -\261\040\110\065 +\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 +\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 +\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 +\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 +\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 +\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 +\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 +\101\040\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122 -\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154 -\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305 -\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040 -\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056 -\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113 -\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153 -\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145 -\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304 -\261\040\110\065 +\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 +\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 +\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 +\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 +\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 +\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 +\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 +\101\040\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\007\000\216\027\376\044\040\201 +\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022 +\215\351 END CKA_VALUE MULTILINE_OCTAL -\060\202\004\047\060\202\003\017\240\003\002\001\002\002\007\000 -\216\027\376\044\040\201\060\015\006\011\052\206\110\206\367\015 -\001\001\013\005\000\060\201\261\061\013\060\011\006\003\125\004 -\006\023\002\124\122\061\017\060\015\006\003\125\004\007\014\006 -\101\156\153\141\162\141\061\115\060\113\006\003\125\004\012\014 -\104\124\303\234\122\113\124\122\125\123\124\040\102\151\154\147 -\151\040\304\260\154\145\164\151\305\237\151\155\040\166\145\040 -\102\151\154\151\305\237\151\155\040\107\303\274\166\145\156\154 -\151\304\237\151\040\110\151\172\155\145\164\154\145\162\151\040 -\101\056\305\236\056\061\102\060\100\006\003\125\004\003\014\071 -\124\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164 -\162\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040 -\110\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261 -\143\304\261\163\304\261\040\110\065\060\036\027\015\061\063\060 -\064\063\060\060\070\060\067\060\061\132\027\015\062\063\060\064 -\062\070\060\070\060\067\060\061\132\060\201\261\061\013\060\011 -\006\003\125\004\006\023\002\124\122\061\017\060\015\006\003\125 -\004\007\014\006\101\156\153\141\162\141\061\115\060\113\006\003 -\125\004\012\014\104\124\303\234\122\113\124\122\125\123\124\040 -\102\151\154\147\151\040\304\260\154\145\164\151\305\237\151\155 -\040\166\145\040\102\151\154\151\305\237\151\155\040\107\303\274 -\166\145\156\154\151\304\237\151\040\110\151\172\155\145\164\154 -\145\162\151\040\101\056\305\236\056\061\102\060\100\006\003\125 -\004\003\014\071\124\303\234\122\113\124\122\125\123\124\040\105 -\154\145\153\164\162\157\156\151\153\040\123\145\162\164\151\146 -\151\153\141\040\110\151\172\155\145\164\040\123\141\304\237\154 -\141\171\304\261\143\304\261\163\304\261\040\110\065\060\202\001 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\001\017\000\060\202\001\012\002\202\001\001\000\244\045 -\031\341\145\236\353\110\041\120\112\010\345\021\360\132\272\046 -\377\203\131\316\104\052\057\376\341\316\140\003\374\215\003\245 -\355\377\153\250\272\314\064\006\237\131\065\366\354\054\273\235 -\373\215\122\151\343\234\047\020\123\363\244\002\305\247\371\021 -\032\151\165\156\303\035\213\321\230\215\223\207\247\161\227\015 -\041\307\231\371\122\323\054\143\135\125\274\350\037\001\110\271 -\140\376\102\112\366\310\200\256\315\146\172\236\105\212\150\167 -\342\110\150\237\242\332\361\341\301\020\237\353\074\051\201\247 -\341\062\010\324\240\005\261\214\373\215\226\000\016\076\045\337 -\123\206\042\073\374\364\275\363\011\176\167\354\206\353\017\063 -\345\103\117\364\124\165\155\051\231\056\146\132\103\337\313\134 -\312\310\345\070\361\176\073\065\235\017\364\305\132\241\314\363 -\040\200\044\323\127\354\025\272\165\045\233\350\144\113\263\064 -\204\357\004\270\366\311\154\252\002\076\266\125\342\062\067\137 -\374\146\227\137\315\326\236\307\040\277\115\306\254\077\165\137 -\034\355\062\234\174\151\000\151\221\343\043\030\123\351\002\003 -\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026 -\004\024\126\231\007\036\323\254\014\151\144\264\014\120\107\336 -\103\054\276\040\300\373\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\003\202\001\001\000\236\105\166\173\027 -\110\062\362\070\213\051\275\356\226\112\116\201\030\261\121\107 -\040\315\320\144\261\016\311\331\001\331\011\316\310\231\334\150 -\045\023\324\134\362\243\350\004\376\162\011\307\013\252\035\045 -\125\176\226\232\127\267\272\305\021\172\031\346\247\176\075\205 -\016\365\371\056\051\057\347\371\154\130\026\127\120\045\366\076 -\056\076\252\355\167\161\252\252\231\226\106\012\256\216\354\052 -\121\026\260\136\315\352\147\004\034\130\060\365\140\212\275\246 -\275\115\345\226\264\374\102\211\001\153\366\160\310\120\071\014 -\055\325\146\331\310\322\263\062\267\033\031\155\313\063\371\337 -\245\346\025\204\067\360\302\362\145\226\222\220\167\360\255\364 -\220\351\021\170\327\223\211\300\075\013\272\051\364\350\231\235 -\162\216\355\235\057\356\222\175\241\361\377\135\272\063\140\205 -\142\376\007\002\241\204\126\106\276\226\012\232\023\327\041\114 -\267\174\007\237\116\116\077\221\164\373\047\235\021\314\335\346 -\261\312\161\115\023\027\071\046\305\051\041\053\223\051\152\226 -\372\253\101\341\113\266\065\013\300\233\025 +\060\202\005\322\060\202\003\272\240\003\002\001\002\002\020\041 +\326\320\112\117\045\017\311\062\067\374\252\136\022\215\351\060 +\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\201 +\200\061\013\060\011\006\003\125\004\006\023\002\120\114\061\042 +\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164\157 +\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123\056 +\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145\162 +\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151\157 +\156\040\101\165\164\150\157\162\151\164\171\061\044\060\042\006 +\003\125\004\003\023\033\103\145\162\164\165\155\040\124\162\165 +\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101\040 +\062\060\042\030\017\062\060\061\061\061\060\060\066\060\070\063 +\071\065\066\132\030\017\062\060\064\066\061\060\060\066\060\070 +\063\071\065\066\132\060\201\200\061\013\060\011\006\003\125\004 +\006\023\002\120\114\061\042\060\040\006\003\125\004\012\023\031 +\125\156\151\172\145\164\157\040\124\145\143\150\156\157\154\157 +\147\151\145\163\040\123\056\101\056\061\047\060\045\006\003\125 +\004\013\023\036\103\145\162\164\165\155\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\061\044\060\042\006\003\125\004\003\023\033\103\145\162 +\164\165\155\040\124\162\165\163\164\145\144\040\116\145\164\167 +\157\162\153\040\103\101\040\062\060\202\002\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 +\060\202\002\012\002\202\002\001\000\275\371\170\370\346\325\200 +\014\144\235\206\033\226\144\147\077\042\072\036\165\001\175\357 +\373\134\147\214\311\314\134\153\251\221\346\271\102\345\040\113 +\233\332\233\173\271\231\135\331\233\200\113\327\204\100\053\047 +\323\350\272\060\273\076\011\032\247\111\225\357\053\100\044\302 +\227\307\247\356\233\045\357\250\012\000\227\205\132\252\235\334 +\051\311\342\065\007\353\160\115\112\326\301\263\126\270\241\101 +\070\233\321\373\061\177\217\340\137\341\261\077\017\216\026\111 +\140\327\006\215\030\371\252\046\020\253\052\323\320\321\147\215 +\033\106\276\107\060\325\056\162\321\305\143\332\347\143\171\104 +\176\113\143\044\211\206\056\064\077\051\114\122\213\052\247\300 +\342\221\050\211\271\300\133\371\035\331\347\047\255\377\232\002 +\227\301\306\120\222\233\002\054\275\251\271\064\131\012\277\204 +\112\377\337\376\263\237\353\331\236\340\230\043\354\246\153\167 +\026\052\333\314\255\073\034\244\207\334\106\163\136\031\142\150 +\105\127\344\220\202\102\273\102\326\360\141\340\301\243\075\146 +\243\135\364\030\356\210\311\215\027\105\051\231\062\165\002\061 +\356\051\046\310\153\002\346\265\142\105\177\067\025\132\043\150 +\211\324\076\336\116\047\260\360\100\014\274\115\027\313\115\242 +\263\036\320\006\132\335\366\223\317\127\165\231\365\372\206\032 +\147\170\263\277\226\376\064\334\275\347\122\126\345\263\345\165 +\173\327\101\221\005\334\135\151\343\225\015\103\271\374\203\226 +\071\225\173\154\200\132\117\023\162\306\327\175\051\172\104\272 +\122\244\052\325\101\106\011\040\376\042\240\266\133\060\215\274 +\211\014\325\327\160\370\207\122\375\332\357\254\121\056\007\263 +\116\376\320\011\332\160\357\230\372\126\346\155\333\265\127\113 +\334\345\054\045\025\310\236\056\170\116\370\332\234\236\206\054 +\312\127\363\032\345\310\222\213\032\202\226\172\303\274\120\022 +\151\330\016\132\106\213\072\353\046\372\043\311\266\260\201\276 +\102\000\244\370\326\376\060\056\307\322\106\366\345\216\165\375 +\362\314\271\320\207\133\314\006\020\140\273\203\065\267\136\147 +\336\107\354\231\110\361\244\241\025\376\255\214\142\216\071\125 +\117\071\026\271\261\143\235\377\267\002\003\001\000\001\243\102 +\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\035\006\003\125\035\016\004\026\004\024\266\241 +\124\071\002\303\240\077\216\212\274\372\324\370\034\246\321\072 +\016\375\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\015\006\011\052\206\110\206\367\015\001\001\015\005 +\000\003\202\002\001\000\161\245\016\316\344\351\277\077\070\325 +\211\132\304\002\141\373\114\305\024\027\055\213\117\123\153\020 +\027\374\145\204\307\020\111\220\336\333\307\046\223\210\046\157 +\160\326\002\136\071\240\367\217\253\226\265\245\023\134\201\024 +\155\016\201\202\021\033\212\116\306\117\245\335\142\036\104\337 +\011\131\364\133\167\013\067\351\213\040\306\370\012\116\056\130 +\034\353\063\320\317\206\140\311\332\373\200\057\236\114\140\204 +\170\075\041\144\326\373\101\037\030\017\347\311\165\161\275\275 +\134\336\064\207\076\101\260\016\366\271\326\077\011\023\226\024 +\057\336\232\035\132\271\126\316\065\072\260\137\160\115\136\343 +\051\361\043\050\162\131\266\253\302\214\146\046\034\167\054\046 +\166\065\213\050\247\151\240\371\073\365\043\335\205\020\164\311 +\220\003\126\221\347\257\272\107\324\022\227\021\042\343\242\111 +\224\154\347\267\224\113\272\055\244\332\063\213\114\246\104\377 +\132\074\306\035\144\330\265\061\344\246\074\172\250\127\013\333 +\355\141\032\313\361\316\163\167\143\244\207\157\114\121\070\326 +\344\137\307\237\266\201\052\344\205\110\171\130\136\073\370\333 +\002\202\147\301\071\333\303\164\113\075\066\036\371\051\223\210 +\150\133\250\104\031\041\360\247\350\201\015\054\350\223\066\264 +\067\262\312\260\033\046\172\232\045\037\232\232\200\236\113\052 +\077\373\243\232\376\163\062\161\302\236\306\162\341\212\150\047 +\361\344\017\264\304\114\245\141\223\370\227\020\007\052\060\045 +\251\271\310\161\270\357\150\314\055\176\365\340\176\017\202\250 +\157\266\272\154\203\103\167\315\212\222\027\241\236\133\170\026 +\075\105\342\063\162\335\341\146\312\231\323\311\305\046\375\015 +\150\004\106\256\266\331\233\214\276\031\276\261\306\362\031\343 +\134\002\312\054\330\157\112\007\331\311\065\332\100\165\362\304 +\247\031\157\236\102\020\230\165\346\225\213\140\274\355\305\022 +\327\212\316\325\230\134\126\226\003\305\356\167\006\065\377\317 +\344\356\077\023\141\356\333\332\055\205\360\315\256\235\262\030 +\011\105\303\222\241\162\027\374\107\266\240\013\054\361\304\336 +\103\150\010\152\137\073\360\166\143\373\314\006\054\246\306\342 +\016\265\271\276\044\217 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "TÃœRKTRUST Elektronik Sertifika Hizmet SaÄŸlayıcısı H5" -# Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR -# Serial Number:00:8e:17:fe:24:20:81 -# Subject: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR -# Not Valid Before: Tue Apr 30 08:07:01 2013 -# Not Valid After : Fri Apr 28 08:07:01 2023 -# Fingerprint (SHA-256): 49:35:1B:90:34:44:C1:85:CC:DC:5C:69:3D:24:D8:55:5C:B2:08:D6:A8:14:13:07:69:9F:4A:F0:63:19:9D:78 -# Fingerprint (SHA1): C4:18:F6:4D:46:D1:DF:00:3D:27:30:13:72:43:A9:12:11:C6:75:FB +# Trust for "Certum Trusted Network CA 2" +# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL +# Serial Number:21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9 +# Subject: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL +# Not Valid Before: Thu Oct 06 08:39:56 2011 +# Not Valid After : Sat Oct 06 08:39:56 2046 +# Fingerprint (SHA-256): B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04 +# Fingerprint (SHA1): D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TÃœRKTRUST Elektronik Sertifika Hizmet SaÄŸlayıcısı H5" +CKA_LABEL UTF8 "Certum Trusted Network CA 2" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\304\030\366\115\106\321\337\000\075\047\060\023\162\103\251\022 -\021\306\165\373 +\323\335\110\076\053\277\114\005\350\257\020\365\372\166\046\317 +\323\334\060\222 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\332\160\216\360\042\337\223\046\366\137\237\323\025\006\122\116 +\155\106\236\331\045\155\010\043\133\136\164\175\036\047\333\362 END CKA_ISSUER MULTILINE_OCTAL -\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122 -\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154 -\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305 -\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040 -\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056 -\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113 -\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153 -\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145 -\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304 -\261\040\110\065 +\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 +\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 +\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 +\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 +\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 +\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 +\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 +\101\040\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\007\000\216\027\376\044\040\201 +\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022 +\215\351 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Certinomis - Root CA" +# Certificate "Hellenic Academic and Research Institutions RootCA 2015" # -# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Serial Number: 1 (0x1) -# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Not Valid Before: Mon Oct 21 09:17:18 2013 -# Not Valid After : Fri Oct 21 09:17:18 2033 -# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58 -# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8 +# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Serial Number: 0 (0x0) +# Subject: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Not Valid Before: Tue Jul 07 10:11:21 2015 +# Not Valid After : Sat Jun 30 10:11:21 2040 +# Fingerprint (SHA-256): A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 +# Fingerprint (SHA1): 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certinomis - Root CA" +CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2015" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 +\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 +\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 +\157\164\103\101\040\062\060\061\065 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 +\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 +\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 +\157\164\103\101\040\062\060\061\065 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 +\002\001\000 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\222\060\202\003\172\240\003\002\001\002\002\001\001 +\060\202\006\013\060\202\003\363\240\003\002\001\002\002\001\000 \060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\023 -\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156\157 -\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060\060 -\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060\033 -\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155\151 -\163\040\055\040\122\157\157\164\040\103\101\060\036\027\015\061 -\063\061\060\062\061\060\071\061\067\061\070\132\027\015\063\063 -\061\060\062\061\060\071\061\067\061\070\132\060\132\061\013\060 -\011\006\003\125\004\006\023\002\106\122\061\023\060\021\006\003 -\125\004\012\023\012\103\145\162\164\151\156\157\155\151\163\061 -\027\060\025\006\003\125\004\013\023\016\060\060\060\062\040\064 -\063\063\071\071\070\071\060\063\061\035\060\033\006\003\125\004 -\003\023\024\103\145\162\164\151\156\157\155\151\163\040\055\040 -\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\324\314\011\012\054\077\222\366 -\177\024\236\013\234\232\152\035\100\060\144\375\252\337\016\036 -\006\133\237\120\205\352\315\215\253\103\147\336\260\372\176\200 -\226\236\204\170\222\110\326\343\071\356\316\344\131\130\227\345 -\056\047\230\352\223\250\167\233\112\360\357\164\200\055\353\060 -\037\265\331\307\200\234\142\047\221\210\360\112\211\335\334\210 -\346\024\371\325\003\057\377\225\333\275\237\354\054\372\024\025 -\131\225\012\306\107\174\151\030\271\247\003\371\312\166\251\317 -\307\157\264\136\005\376\356\301\122\262\165\062\207\354\355\051 -\146\073\363\112\026\202\366\326\232\333\162\230\351\336\360\305 -\114\245\253\265\352\001\342\214\056\144\177\144\157\375\243\045 -\223\213\310\242\016\111\215\064\360\037\354\130\105\056\064\252 -\204\120\275\347\262\112\023\270\260\017\256\070\135\260\251\033 -\346\163\311\132\241\331\146\100\252\251\115\246\064\002\255\204 -\176\262\043\301\373\052\306\147\364\064\266\260\225\152\063\117 -\161\104\265\255\300\171\063\210\340\277\355\243\240\024\264\234 -\011\260\012\343\140\276\370\370\146\210\315\133\361\167\005\340 -\265\163\156\301\175\106\056\216\113\047\246\315\065\012\375\345 -\115\175\252\052\243\051\307\132\150\004\350\345\326\223\244\142 -\302\305\346\364\117\306\371\237\032\215\202\111\031\212\312\131 -\103\072\350\015\062\301\364\114\023\003\157\156\246\077\221\163 -\313\312\163\157\022\040\213\356\300\202\170\336\113\056\302\111 -\303\035\355\026\366\044\364\047\033\134\127\061\334\125\356\250 -\036\157\154\254\342\105\314\127\127\212\165\127\031\340\265\130 -\231\111\066\061\074\063\001\155\026\112\315\270\052\203\204\206 -\233\371\140\322\037\155\221\003\323\140\246\325\075\232\335\167 -\220\075\065\244\237\017\136\365\122\104\151\271\300\272\334\317 -\175\337\174\331\304\254\206\042\062\274\173\153\221\357\172\370 -\027\150\260\342\123\125\140\055\257\076\302\203\330\331\011\053 -\360\300\144\333\207\213\221\314\221\353\004\375\166\264\225\232 -\346\024\006\033\325\064\035\276\330\377\164\034\123\205\231\340 -\131\122\112\141\355\210\236\153\111\211\106\176\040\132\331\347 -\112\345\152\356\322\145\021\103\002\003\001\000\001\243\143\060 -\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\035\006\003\125\035\016\004\026\004\024\357\221\114 -\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170\164 -\331\060\037\006\003\125\035\043\004\030\060\026\200\024\357\221 -\114\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170 -\164\331\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\003\202\002\001\000\176\075\124\332\042\135\032\130\076\073 -\124\047\272\272\314\310\343\032\152\352\076\371\022\353\126\137 -\075\120\316\340\352\110\046\046\317\171\126\176\221\034\231\077 -\320\241\221\034\054\017\117\230\225\131\123\275\320\042\330\210 -\135\234\067\374\373\144\301\170\214\213\232\140\011\352\325\372 -\041\137\320\164\145\347\120\305\277\056\271\013\013\255\265\260 -\027\246\022\214\324\142\170\352\126\152\354\012\322\100\303\074 -\005\060\076\115\224\267\237\112\003\323\175\047\113\266\376\104 -\316\372\031\063\032\155\244\102\321\335\314\310\310\327\026\122 -\203\117\065\224\263\022\125\175\345\342\102\353\344\234\223\011 -\300\114\133\007\253\307\155\021\240\120\027\224\043\250\265\012 -\222\017\262\172\301\140\054\070\314\032\246\133\377\362\014\343 -\252\037\034\334\270\240\223\047\336\143\343\177\041\237\072\345 -\236\372\340\023\152\165\353\226\134\142\221\224\216\147\123\266 -\211\370\022\011\313\157\122\133\003\162\206\120\225\010\324\215 -\207\206\025\037\225\044\330\244\157\232\316\244\235\233\155\322 -\262\166\006\206\306\126\010\305\353\011\332\066\302\033\133\101 -\276\141\052\343\160\346\270\246\370\266\132\304\275\041\367\377 -\252\137\241\154\166\071\146\326\352\114\125\341\000\063\233\023 -\230\143\311\157\320\001\040\011\067\122\347\014\117\076\315\274 -\365\137\226\047\247\040\002\225\340\056\350\007\101\005\037\025 -\156\326\260\344\031\340\017\002\223\000\047\162\305\213\321\124 -\037\135\112\303\100\227\176\125\246\174\301\063\004\024\001\035 -\111\040\151\013\031\223\235\156\130\042\367\100\014\106\014\043 -\143\363\071\322\177\166\121\247\364\310\241\361\014\166\042\043 -\106\122\051\055\342\243\101\007\126\151\230\322\005\011\274\151 -\307\132\141\315\217\201\140\025\115\200\335\220\342\175\304\120 -\362\214\073\156\112\307\306\346\200\053\074\201\274\021\200\026 -\020\047\327\360\315\077\171\314\163\052\303\176\123\221\326\156 -\370\365\363\307\320\121\115\216\113\245\133\346\031\027\073\326 -\201\011\334\042\334\356\216\271\304\217\123\341\147\273\063\270 -\210\025\106\317\355\151\065\377\165\015\106\363\316\161\341\305 -\153\206\102\006\271\101 +\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122\061 +\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156\163 +\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145 +\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 +\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 +\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164 +\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023 +\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155 +\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040 +\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157 +\164\103\101\040\062\060\061\065\060\036\027\015\061\065\060\067 +\060\067\061\060\061\061\062\061\132\027\015\064\060\060\066\063 +\060\061\060\061\061\062\061\132\060\201\246\061\013\060\011\006 +\003\125\004\006\023\002\107\122\061\017\060\015\006\003\125\004 +\007\023\006\101\164\150\145\156\163\061\104\060\102\006\003\125 +\004\012\023\073\110\145\154\154\145\156\151\143\040\101\143\141 +\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141\162 +\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163\040 +\103\145\162\164\056\040\101\165\164\150\157\162\151\164\171\061 +\100\060\076\006\003\125\004\003\023\067\110\145\154\154\145\156 +\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040 +\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165 +\164\151\157\156\163\040\122\157\157\164\103\101\040\062\060\061 +\065\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 +\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 +\001\000\302\370\251\077\033\211\374\074\074\004\135\075\220\066 +\260\221\072\171\074\146\132\357\155\071\001\111\032\264\267\317 +\177\115\043\123\267\220\000\343\023\052\050\246\061\361\221\000 +\343\050\354\256\041\101\316\037\332\375\175\022\133\001\203\017 +\271\260\137\231\341\362\022\203\200\115\006\076\337\254\257\347 +\241\210\153\061\257\360\213\320\030\063\270\333\105\152\064\364 +\002\200\044\050\012\002\025\225\136\166\052\015\231\072\024\133 +\366\313\313\123\274\023\115\001\210\067\224\045\033\102\274\042 +\330\216\243\226\136\072\331\062\333\076\350\360\020\145\355\164 +\341\057\247\174\257\047\064\273\051\175\233\266\317\011\310\345 +\323\012\374\210\145\145\164\012\334\163\034\134\315\100\261\034 +\324\266\204\214\114\120\317\150\216\250\131\256\302\047\116\202 +\242\065\335\024\364\037\377\262\167\325\207\057\252\156\175\044 +\047\347\306\313\046\346\345\376\147\007\143\330\105\015\335\072 +\131\145\071\130\172\222\231\162\075\234\204\136\210\041\270\325 +\364\054\374\331\160\122\117\170\270\275\074\053\213\225\230\365 +\263\321\150\317\040\024\176\114\134\137\347\213\345\365\065\201 +\031\067\327\021\010\267\146\276\323\112\316\203\127\000\072\303 +\201\370\027\313\222\066\135\321\243\330\165\033\341\213\047\352 +\172\110\101\375\105\031\006\255\047\231\116\301\160\107\335\265 +\237\201\123\022\345\261\214\110\135\061\103\027\343\214\306\172 +\143\226\113\051\060\116\204\116\142\031\136\074\316\227\220\245 +\177\001\353\235\340\370\213\211\335\045\230\075\222\266\176\357 +\331\361\121\121\175\055\046\310\151\131\141\340\254\152\270\052 +\066\021\004\172\120\275\062\204\276\057\334\162\325\327\035\026 +\107\344\107\146\040\077\364\226\305\257\216\001\172\245\017\172 +\144\365\015\030\207\331\256\210\325\372\204\301\072\300\151\050 +\055\362\015\150\121\252\343\245\167\306\244\220\016\241\067\213 +\061\043\107\301\011\010\353\156\367\170\233\327\202\374\204\040 +\231\111\031\266\022\106\261\373\105\125\026\251\243\145\254\234 +\007\017\352\153\334\037\056\006\162\354\206\210\022\344\055\333 +\137\005\057\344\360\003\323\046\063\347\200\302\315\102\241\027 +\064\013\002\003\001\000\001\243\102\060\100\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 +\125\035\016\004\026\004\024\161\025\147\310\310\311\275\165\135 +\162\320\070\030\152\235\363\161\044\124\013\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\165 +\273\155\124\113\252\020\130\106\064\362\142\327\026\066\135\010 +\136\325\154\310\207\275\264\056\106\362\061\370\174\352\102\265 +\223\026\125\334\241\014\022\240\332\141\176\017\130\130\163\144 +\162\307\350\105\216\334\251\362\046\077\306\171\214\261\123\010 +\063\201\260\126\023\276\346\121\134\330\233\012\117\113\234\126 +\123\002\351\117\366\015\140\352\115\102\125\350\174\033\041\041 +\323\033\072\314\167\362\270\220\361\150\307\371\132\376\372\055 +\364\277\311\365\105\033\316\070\020\052\067\212\171\243\264\343 +\011\154\205\206\223\377\211\226\047\170\201\217\147\343\106\164 +\124\216\331\015\151\342\112\364\115\164\003\377\262\167\355\225 +\147\227\344\261\305\253\277\152\043\350\324\224\342\104\050\142 +\304\113\342\360\330\342\051\153\032\160\176\044\141\223\173\117 +\003\062\045\015\105\044\053\226\264\106\152\277\112\013\367\232 +\217\301\254\032\305\147\363\157\064\322\372\163\143\214\357\026 +\260\250\244\106\052\370\353\022\354\162\264\357\370\053\176\214 +\122\300\213\204\124\371\057\076\343\125\250\334\146\261\331\341 +\137\330\263\214\131\064\131\244\253\117\154\273\037\030\333\165 +\253\330\313\222\315\224\070\141\016\007\006\037\113\106\020\361 +\025\276\215\205\134\073\112\053\201\171\017\264\151\237\111\120 +\227\115\367\016\126\135\300\225\152\302\066\303\033\150\311\365 +\052\334\107\232\276\262\316\305\045\350\372\003\271\332\371\026 +\156\221\204\365\034\050\310\374\046\314\327\034\220\126\247\137 +\157\072\004\274\315\170\211\013\216\017\057\243\252\117\242\033 +\022\075\026\010\100\017\361\106\114\327\252\173\010\301\012\365 +\155\047\336\002\217\312\303\265\053\312\351\353\310\041\123\070 +\245\314\073\330\167\067\060\242\117\331\157\321\362\100\255\101 +\172\027\305\326\112\065\211\267\101\325\174\206\177\125\115\203 +\112\245\163\040\300\072\257\220\361\232\044\216\331\216\161\312 +\173\270\206\332\262\217\231\076\035\023\015\022\021\356\324\253 +\360\351\025\166\002\344\340\337\252\040\036\133\141\205\144\100 +\251\220\227\015\255\123\322\132\035\207\152\000\227\145\142\264 +\276\157\152\247\365\054\102\355\062\255\266\041\236\276\274 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Certinomis - Root CA" -# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Serial Number: 1 (0x1) -# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Not Valid Before: Mon Oct 21 09:17:18 2013 -# Not Valid After : Fri Oct 21 09:17:18 2033 -# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58 -# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8 +# Trust for "Hellenic Academic and Research Institutions RootCA 2015" +# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Serial Number: 0 (0x0) +# Subject: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Not Valid Before: Tue Jul 07 10:11:21 2015 +# Not Valid After : Sat Jun 30 10:11:21 2040 +# Fingerprint (SHA-256): A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 +# Fingerprint (SHA1): 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certinomis - Root CA" +CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2015" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\235\160\273\001\245\244\240\030\021\056\367\034\001\271\062\305 -\064\347\210\250 +\001\014\006\225\246\230\031\024\377\277\137\306\260\266\225\352 +\051\351\022\246 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\024\012\375\215\250\050\265\070\151\333\126\176\141\042\003\077 +\312\377\342\333\003\331\313\113\351\017\255\204\375\173\030\316 END CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 +\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 +\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 +\157\164\103\101\040\062\060\061\065 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 +\002\001\000 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "OISTE WISeKey Global Root GB CA" +# Certificate "Hellenic Academic and Research Institutions ECC RootCA 2015" # -# Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Serial Number:76:b1:20:52:74:f0:85:87:46:b3:f8:23:1a:f6:c2:c0 -# Subject: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Not Valid Before: Mon Dec 01 15:00:32 2014 -# Not Valid After : Thu Dec 01 15:10:31 2039 -# Fingerprint (SHA-256): 6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6 -# Fingerprint (SHA1): 0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED +# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Serial Number: 0 (0x0) +# Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Not Valid Before: Tue Jul 07 10:37:12 2015 +# Not Valid After : Sat Jun 30 10:37:12 2040 +# Fingerprint (SHA-256): 44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 +# Fingerprint (SHA1): 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OISTE WISeKey Global Root GB CA" +CKA_LABEL UTF8 "Hellenic Academic and Research Institutions ECC RootCA 2015" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 -\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 -\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 -\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 -\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 -\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101 +\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 +\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 +\103\040\122\157\157\164\103\101\040\062\060\061\065 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 -\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 -\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 -\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 -\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 -\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\166\261\040\122\164\360\205\207\106\263\370\043\032\366 -\302\300 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\265\060\202\002\235\240\003\002\001\002\002\020\166 -\261\040\122\164\360\205\207\106\263\370\043\032\366\302\300\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\155 -\061\013\060\011\006\003\125\004\006\023\002\103\110\061\020\060 -\016\006\003\125\004\012\023\007\127\111\123\145\113\145\171\061 -\042\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040 -\106\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162 -\163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111 -\123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142 -\141\154\040\122\157\157\164\040\107\102\040\103\101\060\036\027 -\015\061\064\061\062\060\061\061\065\060\060\063\062\132\027\015 -\063\071\061\062\060\061\061\065\061\060\063\061\132\060\155\061 -\013\060\011\006\003\125\004\006\023\002\103\110\061\020\060\016 -\006\003\125\004\012\023\007\127\111\123\145\113\145\171\061\042 -\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040\106 -\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162\163 -\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111\123 -\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142\141 -\154\040\122\157\157\164\040\107\102\040\103\101\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\330\027\267 -\034\112\044\052\326\227\261\312\342\036\373\175\070\357\230\365 -\262\071\230\116\047\270\021\135\173\322\045\224\210\202\025\046 -\152\033\061\273\250\133\041\041\053\330\017\116\237\132\361\261 -\132\344\171\326\062\043\053\341\123\314\231\105\134\173\117\255 -\274\277\207\112\013\113\227\132\250\366\110\354\175\173\015\315 -\041\006\337\236\025\375\101\212\110\267\040\364\241\172\033\127 -\324\135\120\377\272\147\330\043\231\037\310\077\343\336\377\157 -\133\167\261\153\156\270\311\144\367\341\312\101\106\016\051\161 -\320\271\043\374\311\201\137\116\367\157\337\277\204\255\163\144 -\273\267\102\216\151\366\324\166\035\176\235\247\270\127\212\121 -\147\162\327\324\250\270\225\124\100\163\003\366\352\364\353\376 -\050\102\167\077\235\043\033\262\266\075\200\024\007\114\056\117 -\367\325\012\026\015\275\146\103\067\176\043\103\171\303\100\206 -\365\114\051\332\216\232\255\015\245\004\207\210\036\205\343\351 -\123\325\233\310\213\003\143\170\353\340\031\112\156\273\057\153 -\063\144\130\223\255\151\277\217\033\357\202\110\307\002\003\001 -\000\001\243\121\060\117\060\013\006\003\125\035\017\004\004\003 -\002\001\206\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\065 -\017\310\066\143\136\342\243\354\371\073\146\025\316\121\122\343 -\221\232\075\060\020\006\011\053\006\001\004\001\202\067\025\001 -\004\003\002\001\000\060\015\006\011\052\206\110\206\367\015\001 -\001\013\005\000\003\202\001\001\000\100\114\373\207\262\231\201 -\220\176\235\305\260\260\046\315\210\173\053\062\215\156\270\041 -\161\130\227\175\256\067\024\257\076\347\367\232\342\175\366\161 -\230\231\004\252\103\164\170\243\343\111\141\076\163\214\115\224 -\340\371\161\304\266\026\016\123\170\037\326\242\207\057\002\071 -\201\051\074\257\025\230\041\060\376\050\220\000\214\321\341\313 -\372\136\310\375\370\020\106\073\242\170\102\221\027\164\125\012 -\336\120\147\115\146\321\247\377\375\331\300\265\250\243\212\316 -\146\365\017\103\315\247\053\127\173\143\106\152\252\056\122\330 -\364\355\341\155\255\051\220\170\110\272\341\043\252\243\211\354 -\265\253\226\300\264\113\242\035\227\236\172\362\156\100\161\337 -\150\361\145\115\316\174\005\337\123\145\251\245\360\261\227\004 -\160\025\106\003\230\324\322\277\124\264\240\130\175\122\157\332 -\126\046\142\324\330\333\211\061\157\034\360\042\302\323\142\034 -\065\315\114\151\025\124\032\220\230\336\353\036\137\312\167\307 -\313\216\075\103\151\234\232\130\320\044\073\337\033\100\226\176 -\065\255\201\307\116\161\272\210\023 +\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 +\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 +\103\040\122\157\157\164\103\101\040\062\060\061\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\000 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\303\060\202\002\112\240\003\002\001\002\002\001\000 +\060\012\006\010\052\206\110\316\075\004\003\002\060\201\252\061 +\013\060\011\006\003\125\004\006\023\002\107\122\061\017\060\015 +\006\003\125\004\007\023\006\101\164\150\145\156\163\061\104\060 +\102\006\003\125\004\012\023\073\110\145\154\154\145\156\151\143 +\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145 +\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151 +\157\156\163\040\103\145\162\164\056\040\101\165\164\150\157\162 +\151\164\171\061\104\060\102\006\003\125\004\003\023\073\110\145 +\154\154\145\156\151\143\040\101\143\141\144\145\155\151\143\040 +\141\156\144\040\122\145\163\145\141\162\143\150\040\111\156\163 +\164\151\164\165\164\151\157\156\163\040\105\103\103\040\122\157 +\157\164\103\101\040\062\060\061\065\060\036\027\015\061\065\060 +\067\060\067\061\060\063\067\061\062\132\027\015\064\060\060\066 +\063\060\061\060\063\067\061\062\132\060\201\252\061\013\060\011 +\006\003\125\004\006\023\002\107\122\061\017\060\015\006\003\125 +\004\007\023\006\101\164\150\145\156\163\061\104\060\102\006\003 +\125\004\012\023\073\110\145\154\154\145\156\151\143\040\101\143 +\141\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141 +\162\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163 +\040\103\145\162\164\056\040\101\165\164\150\157\162\151\164\171 +\061\104\060\102\006\003\125\004\003\023\073\110\145\154\154\145 +\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 +\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 +\165\164\151\157\156\163\040\105\103\103\040\122\157\157\164\103 +\101\040\062\060\061\065\060\166\060\020\006\007\052\206\110\316 +\075\002\001\006\005\053\201\004\000\042\003\142\000\004\222\240 +\101\350\113\202\204\134\342\370\061\021\231\206\144\116\011\045 +\057\235\101\057\012\256\065\117\164\225\262\121\144\153\215\153 +\346\077\160\225\360\005\104\107\246\162\070\120\166\225\002\132 +\216\256\050\236\371\055\116\231\357\054\110\157\114\045\051\350 +\321\161\133\337\035\301\165\067\264\327\372\173\172\102\234\152 +\012\126\132\174\151\013\252\200\011\044\154\176\301\106\243\102 +\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\035\006\003\125\035\016\004\026\004\024\264\042 +\013\202\231\044\001\016\234\273\344\016\375\277\373\227\040\223 +\231\052\060\012\006\010\052\206\110\316\075\004\003\002\003\147 +\000\060\144\002\060\147\316\026\142\070\242\254\142\105\247\251 +\225\044\300\032\047\234\062\073\300\300\325\272\251\347\370\004 +\103\123\205\356\122\041\336\235\365\045\203\076\236\130\113\057 +\327\147\023\016\041\002\060\005\341\165\001\336\150\355\052\037 +\115\114\011\010\015\354\113\255\144\027\050\347\165\316\105\145 +\162\041\027\313\042\101\016\214\023\230\070\232\124\155\233\312 +\342\174\352\002\130\042\221 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "OISTE WISeKey Global Root GB CA" -# Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Serial Number:76:b1:20:52:74:f0:85:87:46:b3:f8:23:1a:f6:c2:c0 -# Subject: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Not Valid Before: Mon Dec 01 15:00:32 2014 -# Not Valid After : Thu Dec 01 15:10:31 2039 -# Fingerprint (SHA-256): 6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6 -# Fingerprint (SHA1): 0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED +# Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015" +# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Serial Number: 0 (0x0) +# Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Not Valid Before: Tue Jul 07 10:37:12 2015 +# Not Valid After : Sat Jun 30 10:37:12 2040 +# Fingerprint (SHA-256): 44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 +# Fingerprint (SHA1): 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OISTE WISeKey Global Root GB CA" +CKA_LABEL UTF8 "Hellenic Academic and Research Institutions ECC RootCA 2015" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\017\371\100\166\030\323\327\152\113\230\360\250\065\236\014\375 -\047\254\314\355 +\237\361\161\215\222\325\232\363\175\164\227\264\274\157\204\150 +\013\272\266\146 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\244\353\271\141\050\056\267\057\230\260\065\046\220\231\121\035 +\201\345\264\027\353\302\365\341\113\015\101\173\111\222\376\357 END CKA_ISSUER MULTILINE_OCTAL -\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 -\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 -\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 -\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 -\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 -\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101 +\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 +\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 +\103\040\122\157\157\164\103\101\040\062\060\061\065 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\166\261\040\122\164\360\205\207\106\263\370\043\032\366 -\302\300 +\002\001\000 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -18977,502 +18139,456 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "SZAFIR ROOT CA2" +# Certificate "ISRG Root X1" # -# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Serial Number:3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4 -# Subject: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Not Valid Before: Mon Oct 19 07:43:30 2015 -# Not Valid After : Fri Oct 19 07:43:30 2035 -# Fingerprint (SHA-256): A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE -# Fingerprint (SHA1): E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE +# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 +# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Not Valid Before: Thu Jun 04 11:04:38 2015 +# Not Valid After : Mon Jun 04 11:04:38 2035 +# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 +# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SZAFIR ROOT CA2" +CKA_LABEL UTF8 "ISRG Root X1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 -\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 -\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 -\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 -\103\101\062 +\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 +\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 +\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 +\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 +\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 -\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 -\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 -\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 -\103\101\062 +\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 +\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 +\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 +\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 +\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001 -\353\055\334\344\326\344 +\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143 +\202\213\000 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\162\060\202\002\132\240\003\002\001\002\002\024\076 -\212\135\007\354\125\322\062\325\267\343\266\137\001\353\055\334 -\344\326\344\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\121\061\013\060\011\006\003\125\004\006\023\002\120 -\114\061\050\060\046\006\003\125\004\012\014\037\113\162\141\152 -\157\167\141\040\111\172\142\141\040\122\157\172\154\151\143\172 -\145\156\151\157\167\141\040\123\056\101\056\061\030\060\026\006 -\003\125\004\003\014\017\123\132\101\106\111\122\040\122\117\117 -\124\040\103\101\062\060\036\027\015\061\065\061\060\061\071\060 -\067\064\063\063\060\132\027\015\063\065\061\060\061\071\060\067 -\064\063\063\060\132\060\121\061\013\060\011\006\003\125\004\006 -\023\002\120\114\061\050\060\046\006\003\125\004\012\014\037\113 -\162\141\152\157\167\141\040\111\172\142\141\040\122\157\172\154 -\151\143\172\145\156\151\157\167\141\040\123\056\101\056\061\030 -\060\026\006\003\125\004\003\014\017\123\132\101\106\111\122\040 -\122\117\117\124\040\103\101\062\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\267\274\076\120\250\113\315 -\100\265\316\141\347\226\312\264\241\332\014\042\260\372\265\173 -\166\000\167\214\013\317\175\250\206\314\046\121\344\040\075\205 -\014\326\130\343\347\364\052\030\235\332\321\256\046\356\353\123 -\334\364\220\326\023\112\014\220\074\303\364\332\322\216\015\222 -\072\334\261\261\377\070\336\303\272\055\137\200\271\002\275\112 -\235\033\017\264\303\302\301\147\003\335\334\033\234\075\263\260 -\336\000\036\250\064\107\273\232\353\376\013\024\275\066\204\332 -\015\040\277\372\133\313\251\026\040\255\071\140\356\057\165\266 -\347\227\234\371\076\375\176\115\157\115\057\357\210\015\152\372 -\335\361\075\156\040\245\240\022\264\115\160\271\316\327\162\073 -\211\223\247\200\204\034\047\111\162\111\265\377\073\225\236\301 -\314\310\001\354\350\016\212\012\226\347\263\246\207\345\326\371 -\005\053\015\227\100\160\074\272\254\165\132\234\325\115\235\002 -\012\322\113\233\146\113\106\007\027\145\255\237\154\210\000\334 -\042\211\340\341\144\324\147\274\061\171\141\074\273\312\101\315 -\134\152\000\310\074\070\216\130\257\002\003\001\000\001\243\102 -\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\035\006\003\125\035\016\004\026\004\024\056\026 -\251\112\030\265\313\314\365\157\120\363\043\137\370\135\347\254 -\360\310\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\003\202\001\001\000\265\163\370\003\334\131\133\035\166\351 -\243\052\173\220\050\262\115\300\063\117\252\232\261\324\270\344 -\047\377\251\226\231\316\106\340\155\174\114\242\070\244\006\160 -\360\364\101\021\354\077\107\215\077\162\207\371\073\375\244\157 -\053\123\000\340\377\071\271\152\007\016\353\035\034\366\242\162 -\220\313\202\075\021\202\213\322\273\237\052\257\041\346\143\206 -\235\171\031\357\367\273\014\065\220\303\212\355\117\017\365\314 -\022\331\244\076\273\240\374\040\225\137\117\046\057\021\043\203 -\116\165\007\017\277\233\321\264\035\351\020\004\376\312\140\217 -\242\114\270\255\317\341\220\017\315\256\012\307\135\173\267\120 -\322\324\141\372\325\025\333\327\237\207\121\124\353\245\343\353 -\311\205\240\045\040\067\373\216\316\014\064\204\341\074\201\262 -\167\116\103\245\210\137\206\147\241\075\346\264\134\141\266\076 -\333\376\267\050\305\242\007\256\265\312\312\215\052\022\357\227 -\355\302\060\244\311\052\172\373\363\115\043\033\231\063\064\240 -\056\365\251\013\077\324\135\341\317\204\237\342\031\302\137\212 -\326\040\036\343\163\267 +\060\202\005\153\060\202\003\123\240\003\002\001\002\002\021\000 +\202\020\317\260\322\100\343\131\104\143\340\273\143\202\213\000 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061\051 +\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156\145 +\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145\141 +\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003\125 +\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130\061 +\060\036\027\015\061\065\060\066\060\064\061\061\060\064\063\070 +\132\027\015\063\065\060\066\060\064\061\061\060\064\063\070\132 +\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 +\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 +\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 +\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 +\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 +\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 +\001\000\255\350\044\163\364\024\067\363\233\236\053\127\050\034 +\207\276\334\267\337\070\220\214\156\074\346\127\240\170\367\165 +\302\242\376\365\152\156\366\000\117\050\333\336\150\206\154\104 +\223\266\261\143\375\024\022\153\277\037\322\352\061\233\041\176 +\321\063\074\272\110\365\335\171\337\263\270\377\022\361\041\232 +\113\301\212\206\161\151\112\146\146\154\217\176\074\160\277\255 +\051\042\006\363\344\300\346\200\256\342\113\217\267\231\176\224 +\003\237\323\107\227\174\231\110\043\123\350\070\256\117\012\157 +\203\056\321\111\127\214\200\164\266\332\057\320\070\215\173\003 +\160\041\033\165\362\060\074\372\217\256\335\332\143\253\353\026 +\117\302\216\021\113\176\317\013\350\377\265\167\056\364\262\173 +\112\340\114\022\045\014\160\215\003\051\240\341\123\044\354\023 +\331\356\031\277\020\263\112\214\077\211\243\141\121\336\254\207 +\007\224\364\143\161\354\056\342\157\133\230\201\341\211\134\064 +\171\154\166\357\073\220\142\171\346\333\244\232\057\046\305\320 +\020\341\016\336\331\020\216\026\373\267\367\250\367\307\345\002 +\007\230\217\066\010\225\347\342\067\226\015\066\165\236\373\016 +\162\261\035\233\274\003\371\111\005\330\201\335\005\264\052\326 +\101\351\254\001\166\225\012\017\330\337\325\275\022\037\065\057 +\050\027\154\322\230\301\250\011\144\167\156\107\067\272\316\254 +\131\136\150\235\177\162\326\211\305\006\101\051\076\131\076\335 +\046\365\044\311\021\247\132\243\114\100\037\106\241\231\265\247 +\072\121\156\206\073\236\175\162\247\022\005\170\131\355\076\121 +\170\025\013\003\217\215\320\057\005\262\076\173\112\034\113\163 +\005\022\374\306\352\340\120\023\174\103\223\164\263\312\164\347 +\216\037\001\010\320\060\324\133\161\066\264\007\272\301\060\060 +\134\110\267\202\073\230\246\175\140\212\242\243\051\202\314\272 +\275\203\004\033\242\203\003\101\241\326\005\361\033\302\266\360 +\250\174\206\073\106\250\110\052\210\334\166\232\166\277\037\152 +\245\075\031\217\353\070\363\144\336\310\053\015\012\050\377\367 +\333\342\025\102\324\042\320\047\135\341\171\376\030\347\160\210 +\255\116\346\331\213\072\306\335\047\121\156\377\274\144\365\063 +\103\117\002\003\001\000\001\243\102\060\100\060\016\006\003\125 +\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003 +\125\035\016\004\026\004\024\171\264\131\346\173\266\345\344\001 +\163\200\010\210\310\032\130\366\351\233\156\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\125 +\037\130\251\274\262\250\120\320\014\261\330\032\151\040\047\051 +\010\254\141\165\134\212\156\370\202\345\151\057\325\366\126\113 +\271\270\163\020\131\323\041\227\176\347\114\161\373\262\322\140 +\255\071\250\013\352\027\041\126\205\361\120\016\131\353\316\340 +\131\351\272\311\025\357\206\235\217\204\200\366\344\351\221\220 +\334\027\233\142\033\105\360\146\225\322\174\157\302\352\073\357 +\037\317\313\326\256\047\361\251\260\310\256\375\175\176\232\372 +\042\004\353\377\331\177\352\221\053\042\261\027\016\217\362\212 +\064\133\130\330\374\001\311\124\271\270\046\314\212\210\063\211 +\114\055\204\074\202\337\356\226\127\005\272\054\273\367\304\267 +\307\116\073\202\276\061\310\042\163\163\222\321\302\200\244\071 +\071\020\063\043\202\114\074\237\206\262\125\230\035\276\051\206 +\214\042\233\236\342\153\073\127\072\202\160\115\334\011\307\211 +\313\012\007\115\154\350\135\216\311\357\316\253\307\273\265\053 +\116\105\326\112\320\046\314\345\162\312\010\152\245\225\343\025 +\241\367\244\355\311\054\137\245\373\377\254\050\002\056\276\327 +\173\273\343\161\173\220\026\323\007\136\106\123\174\067\007\102 +\214\323\304\226\234\325\231\265\052\340\225\032\200\110\256\114 +\071\007\316\314\107\244\122\225\053\272\270\373\255\322\063\123 +\175\345\035\115\155\325\241\261\307\102\157\346\100\047\065\134 +\243\050\267\007\215\347\215\063\220\347\043\237\373\120\234\171 +\154\106\325\264\025\263\226\156\176\233\014\226\072\270\122\055 +\077\326\133\341\373\010\302\204\376\044\250\243\211\332\254\152 +\341\030\052\261\250\103\141\133\323\037\334\073\215\166\362\055 +\350\215\165\337\027\063\154\075\123\373\173\313\101\137\377\334 +\242\320\141\070\341\226\270\254\135\213\067\327\165\325\063\300 +\231\021\256\235\101\301\162\165\204\276\002\101\102\137\147\044 +\110\224\321\233\047\276\007\077\271\270\117\201\164\121\341\172 +\267\355\235\043\342\276\340\325\050\004\023\074\061\003\236\335 +\172\154\217\306\007\030\306\177\336\107\216\077\050\236\004\006 +\317\245\124\064\167\275\354\211\233\351\027\103\337\133\333\137 +\376\216\036\127\242\315\100\235\176\142\042\332\336\030\047 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "SZAFIR ROOT CA2" -# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Serial Number:3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4 -# Subject: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Not Valid Before: Mon Oct 19 07:43:30 2015 -# Not Valid After : Fri Oct 19 07:43:30 2035 -# Fingerprint (SHA-256): A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE -# Fingerprint (SHA1): E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE +# Trust for "ISRG Root X1" +# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 +# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Not Valid Before: Thu Jun 04 11:04:38 2015 +# Not Valid After : Mon Jun 04 11:04:38 2035 +# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 +# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SZAFIR ROOT CA2" +CKA_LABEL UTF8 "ISRG Root X1" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\342\122\372\225\077\355\333\044\140\275\156\050\363\234\314\317 -\136\263\077\336 +\312\275\052\171\241\007\152\061\362\035\045\066\065\313\003\235 +\103\051\245\350 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\021\144\301\211\260\044\261\214\261\007\176\211\236\121\236\231 +\014\322\371\340\332\027\163\351\355\206\115\245\343\160\347\116 END CKA_ISSUER MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 -\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 -\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 -\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 -\103\101\062 +\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 +\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 +\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 +\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 +\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001 -\353\055\334\344\326\344 +\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143 +\202\213\000 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Certum Trusted Network CA 2" +# Certificate "AC RAIZ FNMT-RCM" # -# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Serial Number:21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9 -# Subject: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Not Valid Before: Thu Oct 06 08:39:56 2011 -# Not Valid After : Sat Oct 06 08:39:56 2046 -# Fingerprint (SHA-256): B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04 -# Fingerprint (SHA1): D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92 +# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 +# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Not Valid Before: Wed Oct 29 15:59:56 2008 +# Not Valid After : Tue Jan 01 00:00:00 2030 +# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA +# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certum Trusted Network CA 2" +CKA_LABEL UTF8 "AC RAIZ FNMT-RCM" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 -\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 -\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 -\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 -\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 -\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 -\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 -\101\040\062 +\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 +\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 +\122\101\111\132\040\106\116\115\124\055\122\103\115 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 -\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 -\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 -\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 -\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 -\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 -\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 -\101\040\062 +\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 +\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 +\122\101\111\132\040\106\116\115\124\055\122\103\115 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022 -\215\351 +\002\017\135\223\215\060\147\066\310\006\035\032\307\124\204\151 +\007 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\322\060\202\003\272\240\003\002\001\002\002\020\041 -\326\320\112\117\045\017\311\062\067\374\252\136\022\215\351\060 -\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\201 -\200\061\013\060\011\006\003\125\004\006\023\002\120\114\061\042 -\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164\157 -\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123\056 -\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145\162 -\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\061\044\060\042\006 -\003\125\004\003\023\033\103\145\162\164\165\155\040\124\162\165 -\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101\040 -\062\060\042\030\017\062\060\061\061\061\060\060\066\060\070\063 -\071\065\066\132\030\017\062\060\064\066\061\060\060\066\060\070 -\063\071\065\066\132\060\201\200\061\013\060\011\006\003\125\004 -\006\023\002\120\114\061\042\060\040\006\003\125\004\012\023\031 -\125\156\151\172\145\164\157\040\124\145\143\150\156\157\154\157 -\147\151\145\163\040\123\056\101\056\061\047\060\045\006\003\125 -\004\013\023\036\103\145\162\164\165\155\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\061\044\060\042\006\003\125\004\003\023\033\103\145\162 -\164\165\155\040\124\162\165\163\164\145\144\040\116\145\164\167 -\157\162\153\040\103\101\040\062\060\202\002\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 -\060\202\002\012\002\202\002\001\000\275\371\170\370\346\325\200 -\014\144\235\206\033\226\144\147\077\042\072\036\165\001\175\357 -\373\134\147\214\311\314\134\153\251\221\346\271\102\345\040\113 -\233\332\233\173\271\231\135\331\233\200\113\327\204\100\053\047 -\323\350\272\060\273\076\011\032\247\111\225\357\053\100\044\302 -\227\307\247\356\233\045\357\250\012\000\227\205\132\252\235\334 -\051\311\342\065\007\353\160\115\112\326\301\263\126\270\241\101 -\070\233\321\373\061\177\217\340\137\341\261\077\017\216\026\111 -\140\327\006\215\030\371\252\046\020\253\052\323\320\321\147\215 -\033\106\276\107\060\325\056\162\321\305\143\332\347\143\171\104 -\176\113\143\044\211\206\056\064\077\051\114\122\213\052\247\300 -\342\221\050\211\271\300\133\371\035\331\347\047\255\377\232\002 -\227\301\306\120\222\233\002\054\275\251\271\064\131\012\277\204 -\112\377\337\376\263\237\353\331\236\340\230\043\354\246\153\167 -\026\052\333\314\255\073\034\244\207\334\106\163\136\031\142\150 -\105\127\344\220\202\102\273\102\326\360\141\340\301\243\075\146 -\243\135\364\030\356\210\311\215\027\105\051\231\062\165\002\061 -\356\051\046\310\153\002\346\265\142\105\177\067\025\132\043\150 -\211\324\076\336\116\047\260\360\100\014\274\115\027\313\115\242 -\263\036\320\006\132\335\366\223\317\127\165\231\365\372\206\032 -\147\170\263\277\226\376\064\334\275\347\122\126\345\263\345\165 -\173\327\101\221\005\334\135\151\343\225\015\103\271\374\203\226 -\071\225\173\154\200\132\117\023\162\306\327\175\051\172\104\272 -\122\244\052\325\101\106\011\040\376\042\240\266\133\060\215\274 -\211\014\325\327\160\370\207\122\375\332\357\254\121\056\007\263 -\116\376\320\011\332\160\357\230\372\126\346\155\333\265\127\113 -\334\345\054\045\025\310\236\056\170\116\370\332\234\236\206\054 -\312\127\363\032\345\310\222\213\032\202\226\172\303\274\120\022 -\151\330\016\132\106\213\072\353\046\372\043\311\266\260\201\276 -\102\000\244\370\326\376\060\056\307\322\106\366\345\216\165\375 -\362\314\271\320\207\133\314\006\020\140\273\203\065\267\136\147 -\336\107\354\231\110\361\244\241\025\376\255\214\142\216\071\125 -\117\071\026\271\261\143\235\377\267\002\003\001\000\001\243\102 -\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\035\006\003\125\035\016\004\026\004\024\266\241 -\124\071\002\303\240\077\216\212\274\372\324\370\034\246\321\072 -\016\375\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\006\060\015\006\011\052\206\110\206\367\015\001\001\015\005 -\000\003\202\002\001\000\161\245\016\316\344\351\277\077\070\325 -\211\132\304\002\141\373\114\305\024\027\055\213\117\123\153\020 -\027\374\145\204\307\020\111\220\336\333\307\046\223\210\046\157 -\160\326\002\136\071\240\367\217\253\226\265\245\023\134\201\024 -\155\016\201\202\021\033\212\116\306\117\245\335\142\036\104\337 -\011\131\364\133\167\013\067\351\213\040\306\370\012\116\056\130 -\034\353\063\320\317\206\140\311\332\373\200\057\236\114\140\204 -\170\075\041\144\326\373\101\037\030\017\347\311\165\161\275\275 -\134\336\064\207\076\101\260\016\366\271\326\077\011\023\226\024 -\057\336\232\035\132\271\126\316\065\072\260\137\160\115\136\343 -\051\361\043\050\162\131\266\253\302\214\146\046\034\167\054\046 -\166\065\213\050\247\151\240\371\073\365\043\335\205\020\164\311 -\220\003\126\221\347\257\272\107\324\022\227\021\042\343\242\111 -\224\154\347\267\224\113\272\055\244\332\063\213\114\246\104\377 -\132\074\306\035\144\330\265\061\344\246\074\172\250\127\013\333 -\355\141\032\313\361\316\163\167\143\244\207\157\114\121\070\326 -\344\137\307\237\266\201\052\344\205\110\171\130\136\073\370\333 -\002\202\147\301\071\333\303\164\113\075\066\036\371\051\223\210 -\150\133\250\104\031\041\360\247\350\201\015\054\350\223\066\264 -\067\262\312\260\033\046\172\232\045\037\232\232\200\236\113\052 -\077\373\243\232\376\163\062\161\302\236\306\162\341\212\150\047 -\361\344\017\264\304\114\245\141\223\370\227\020\007\052\060\045 -\251\271\310\161\270\357\150\314\055\176\365\340\176\017\202\250 -\157\266\272\154\203\103\167\315\212\222\027\241\236\133\170\026 -\075\105\342\063\162\335\341\146\312\231\323\311\305\046\375\015 -\150\004\106\256\266\331\233\214\276\031\276\261\306\362\031\343 -\134\002\312\054\330\157\112\007\331\311\065\332\100\165\362\304 -\247\031\157\236\102\020\230\165\346\225\213\140\274\355\305\022 -\327\212\316\325\230\134\126\226\003\305\356\167\006\065\377\317 -\344\356\077\023\141\356\333\332\055\205\360\315\256\235\262\030 -\011\105\303\222\241\162\027\374\107\266\240\013\054\361\304\336 -\103\150\010\152\137\073\360\166\143\373\314\006\054\246\306\342 -\016\265\271\276\044\217 +\060\202\005\203\060\202\003\153\240\003\002\001\002\002\017\135 +\223\215\060\147\066\310\006\035\032\307\124\204\151\007\060\015 +\006\011\052\206\110\206\367\015\001\001\013\005\000\060\073\061 +\013\060\011\006\003\125\004\006\023\002\105\123\061\021\060\017 +\006\003\125\004\012\014\010\106\116\115\124\055\122\103\115\061 +\031\060\027\006\003\125\004\013\014\020\101\103\040\122\101\111 +\132\040\106\116\115\124\055\122\103\115\060\036\027\015\060\070 +\061\060\062\071\061\065\065\071\065\066\132\027\015\063\060\060 +\061\060\061\060\060\060\060\060\060\132\060\073\061\013\060\011 +\006\003\125\004\006\023\002\105\123\061\021\060\017\006\003\125 +\004\012\014\010\106\116\115\124\055\122\103\115\061\031\060\027 +\006\003\125\004\013\014\020\101\103\040\122\101\111\132\040\106 +\116\115\124\055\122\103\115\060\202\002\042\060\015\006\011\052 +\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 +\202\002\012\002\202\002\001\000\272\161\200\172\114\206\156\177 +\310\023\155\300\306\175\034\000\227\217\054\014\043\273\020\232 +\100\251\032\267\207\210\370\233\126\152\373\346\173\216\213\222 +\216\247\045\135\131\021\333\066\056\267\121\027\037\251\010\037 +\004\027\044\130\252\067\112\030\337\345\071\324\127\375\327\301 +\054\221\001\221\342\042\324\003\300\130\374\167\107\354\217\076 +\164\103\272\254\064\215\115\070\166\147\216\260\310\157\060\063 +\130\161\134\264\365\153\156\324\001\120\270\023\176\154\112\243 +\111\321\040\031\356\274\300\051\030\145\247\336\376\357\335\012 +\220\041\347\032\147\222\102\020\230\137\117\060\274\076\034\105 +\264\020\327\150\100\024\300\100\372\347\167\027\172\346\013\217 +\145\133\074\331\232\122\333\265\275\236\106\317\075\353\221\005 +\002\300\226\262\166\114\115\020\226\073\222\372\234\177\017\231 +\337\276\043\065\105\036\002\134\376\265\250\233\231\045\332\136 +\363\042\303\071\365\344\052\056\323\306\037\304\154\252\305\034 +\152\001\005\112\057\322\305\301\250\064\046\135\146\245\322\002 +\041\371\030\267\006\365\116\231\157\250\253\114\121\350\317\120 +\030\305\167\310\071\011\054\111\222\062\231\250\273\027\027\171 +\260\132\305\346\243\304\131\145\107\065\203\136\251\350\065\013 +\231\273\344\315\040\306\233\112\006\071\265\150\374\042\272\356 +\125\214\053\116\352\363\261\343\374\266\231\232\325\102\372\161 +\115\010\317\207\036\152\161\175\371\323\264\351\245\161\201\173 +\302\116\107\226\245\366\166\205\243\050\217\351\200\156\201\123 +\245\155\137\270\110\371\302\371\066\246\056\111\377\270\226\302 +\214\007\263\233\210\130\374\353\033\034\336\055\160\342\227\222 +\060\241\211\343\274\125\250\047\326\113\355\220\255\213\372\143 +\045\131\055\250\065\335\312\227\063\274\345\315\307\235\321\354 +\357\136\016\112\220\006\046\143\255\271\331\065\055\007\272\166 +\145\054\254\127\217\175\364\007\224\327\201\002\226\135\243\007 +\111\325\172\320\127\371\033\347\123\106\165\252\260\171\102\313 +\150\161\010\351\140\275\071\151\316\364\257\303\126\100\307\255 +\122\242\011\344\157\206\107\212\037\353\050\047\135\203\040\257 +\004\311\154\126\232\213\106\365\002\003\001\000\001\243\201\203 +\060\201\200\060\017\006\003\125\035\023\001\001\377\004\005\060 +\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 +\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\367 +\175\305\375\304\350\232\033\167\144\247\365\035\240\314\277\207 +\140\232\155\060\076\006\003\125\035\040\004\067\060\065\060\063 +\006\004\125\035\040\000\060\053\060\051\006\010\053\006\001\005 +\005\007\002\001\026\035\150\164\164\160\072\057\057\167\167\167 +\056\143\145\162\164\056\146\156\155\164\056\145\163\057\144\160 +\143\163\057\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\003\202\002\001\000\007\220\112\337\363\043\116\360\303 +\234\121\145\233\234\042\242\212\014\205\363\163\051\153\115\376 +\001\342\251\014\143\001\277\004\147\245\235\230\137\375\001\023 +\372\354\232\142\351\206\376\266\142\322\156\114\224\373\300\165 +\105\174\145\014\370\262\067\317\254\017\317\215\157\371\031\367 +\217\354\036\362\160\236\360\312\270\357\267\377\166\067\166\133 +\366\156\210\363\257\142\062\042\223\015\072\152\216\024\146\014 +\055\123\164\127\145\036\325\262\335\043\201\073\245\146\043\047 +\147\011\217\341\167\252\103\315\145\121\010\355\121\130\376\346 +\071\371\313\107\204\244\025\361\166\273\244\356\244\073\304\137 +\357\262\063\226\021\030\267\311\145\276\030\341\243\244\334\372 +\030\371\323\274\023\233\071\172\064\272\323\101\373\372\062\212 +\052\267\053\206\013\151\203\070\276\315\212\056\013\160\255\215 +\046\222\356\036\365\001\053\012\331\326\227\233\156\340\250\031 +\034\072\041\213\014\036\100\255\003\347\335\146\176\365\271\040 +\015\003\350\226\371\202\105\324\071\340\240\000\135\327\230\346 +\175\236\147\163\303\232\052\367\253\213\241\072\024\357\064\274 +\122\016\211\230\232\004\100\204\035\176\105\151\223\127\316\353 +\316\370\120\174\117\034\156\004\103\233\371\326\073\043\030\351 +\352\216\321\115\106\215\361\073\344\152\312\272\373\043\267\233 +\372\231\001\051\132\130\132\055\343\371\324\155\016\046\255\301 +\156\064\274\062\370\014\005\372\145\243\333\073\067\203\042\351 +\326\334\162\063\375\135\362\040\275\166\074\043\332\050\367\371 +\033\353\131\144\325\334\137\162\176\040\374\315\211\265\220\147 +\115\142\172\077\116\255\035\303\071\376\172\364\050\026\337\101 +\366\110\200\005\327\017\121\171\254\020\253\324\354\003\146\346 +\152\260\272\061\222\102\100\152\276\072\323\162\341\152\067\125 +\274\254\035\225\267\151\141\362\103\221\164\346\240\323\012\044 +\106\241\010\257\326\332\105\031\226\324\123\035\133\204\171\360 +\300\367\107\357\213\217\305\006\256\235\114\142\235\377\106\004 +\370\323\311\266\020\045\100\165\376\026\252\311\112\140\206\057 +\272\357\060\167\344\124\342\270\204\231\130\200\252\023\213\121 +\072\117\110\366\213\266\263 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Certum Trusted Network CA 2" -# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Serial Number:21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9 -# Subject: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Not Valid Before: Thu Oct 06 08:39:56 2011 -# Not Valid After : Sat Oct 06 08:39:56 2046 -# Fingerprint (SHA-256): B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04 -# Fingerprint (SHA1): D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92 +# Trust for "AC RAIZ FNMT-RCM" +# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 +# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Not Valid Before: Wed Oct 29 15:59:56 2008 +# Not Valid After : Tue Jan 01 00:00:00 2030 +# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA +# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certum Trusted Network CA 2" +CKA_LABEL UTF8 "AC RAIZ FNMT-RCM" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\323\335\110\076\053\277\114\005\350\257\020\365\372\166\046\317 -\323\334\060\222 +\354\120\065\007\262\025\304\225\142\031\342\250\232\133\102\231 +\054\114\054\040 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\155\106\236\331\045\155\010\043\133\136\164\175\036\047\333\362 +\342\011\004\264\323\275\321\240\024\375\032\322\107\304\127\035 END CKA_ISSUER MULTILINE_OCTAL -\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 -\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 -\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 -\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 -\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 -\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 -\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 -\101\040\062 +\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 +\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 +\122\101\111\132\040\106\116\115\124\055\122\103\115 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022 -\215\351 +\002\017\135\223\215\060\147\066\310\006\035\032\307\124\204\151 +\007 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Hellenic Academic and Research Institutions RootCA 2015" +# Certificate "Amazon Root CA 1" # -# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Serial Number: 0 (0x0) -# Subject: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Not Valid Before: Tue Jul 07 10:11:21 2015 -# Not Valid After : Sat Jun 30 10:11:21 2040 -# Fingerprint (SHA-256): A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 -# Fingerprint (SHA1): 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 +# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US +# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca +# Subject: CN=Amazon Root CA 1,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sun Jan 17 00:00:00 2038 +# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E +# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2015" +CKA_LABEL UTF8 "Amazon Root CA 1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 -\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 -\157\164\103\101\040\062\060\061\065 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 -\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 -\157\164\103\101\040\062\060\061\065 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 +\002\023\006\154\237\317\231\277\214\012\071\342\360\170\212\103 +\346\226\066\133\312 END CKA_VALUE MULTILINE_OCTAL -\060\202\006\013\060\202\003\363\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122\061 -\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156\163 -\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145 -\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 -\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 -\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164 -\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023 -\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155 -\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040 -\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157 -\164\103\101\040\062\060\061\065\060\036\027\015\061\065\060\067 -\060\067\061\060\061\061\062\061\132\027\015\064\060\060\066\063 -\060\061\060\061\061\062\061\132\060\201\246\061\013\060\011\006 -\003\125\004\006\023\002\107\122\061\017\060\015\006\003\125\004 -\007\023\006\101\164\150\145\156\163\061\104\060\102\006\003\125 -\004\012\023\073\110\145\154\154\145\156\151\143\040\101\143\141 -\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141\162 -\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163\040 -\103\145\162\164\056\040\101\165\164\150\157\162\151\164\171\061 -\100\060\076\006\003\125\004\003\023\067\110\145\154\154\145\156 -\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040 -\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165 -\164\151\157\156\163\040\122\157\157\164\103\101\040\062\060\061 -\065\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 -\001\000\302\370\251\077\033\211\374\074\074\004\135\075\220\066 -\260\221\072\171\074\146\132\357\155\071\001\111\032\264\267\317 -\177\115\043\123\267\220\000\343\023\052\050\246\061\361\221\000 -\343\050\354\256\041\101\316\037\332\375\175\022\133\001\203\017 -\271\260\137\231\341\362\022\203\200\115\006\076\337\254\257\347 -\241\210\153\061\257\360\213\320\030\063\270\333\105\152\064\364 -\002\200\044\050\012\002\025\225\136\166\052\015\231\072\024\133 -\366\313\313\123\274\023\115\001\210\067\224\045\033\102\274\042 -\330\216\243\226\136\072\331\062\333\076\350\360\020\145\355\164 -\341\057\247\174\257\047\064\273\051\175\233\266\317\011\310\345 -\323\012\374\210\145\145\164\012\334\163\034\134\315\100\261\034 -\324\266\204\214\114\120\317\150\216\250\131\256\302\047\116\202 -\242\065\335\024\364\037\377\262\167\325\207\057\252\156\175\044 -\047\347\306\313\046\346\345\376\147\007\143\330\105\015\335\072 -\131\145\071\130\172\222\231\162\075\234\204\136\210\041\270\325 -\364\054\374\331\160\122\117\170\270\275\074\053\213\225\230\365 -\263\321\150\317\040\024\176\114\134\137\347\213\345\365\065\201 -\031\067\327\021\010\267\146\276\323\112\316\203\127\000\072\303 -\201\370\027\313\222\066\135\321\243\330\165\033\341\213\047\352 -\172\110\101\375\105\031\006\255\047\231\116\301\160\107\335\265 -\237\201\123\022\345\261\214\110\135\061\103\027\343\214\306\172 -\143\226\113\051\060\116\204\116\142\031\136\074\316\227\220\245 -\177\001\353\235\340\370\213\211\335\045\230\075\222\266\176\357 -\331\361\121\121\175\055\046\310\151\131\141\340\254\152\270\052 -\066\021\004\172\120\275\062\204\276\057\334\162\325\327\035\026 -\107\344\107\146\040\077\364\226\305\257\216\001\172\245\017\172 -\144\365\015\030\207\331\256\210\325\372\204\301\072\300\151\050 -\055\362\015\150\121\252\343\245\167\306\244\220\016\241\067\213 -\061\043\107\301\011\010\353\156\367\170\233\327\202\374\204\040 -\231\111\031\266\022\106\261\373\105\125\026\251\243\145\254\234 -\007\017\352\153\334\037\056\006\162\354\206\210\022\344\055\333 -\137\005\057\344\360\003\323\046\063\347\200\302\315\102\241\027 -\064\013\002\003\001\000\001\243\102\060\100\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 -\125\035\016\004\026\004\024\161\025\147\310\310\311\275\165\135 -\162\320\070\030\152\235\363\161\044\124\013\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\165 -\273\155\124\113\252\020\130\106\064\362\142\327\026\066\135\010 -\136\325\154\310\207\275\264\056\106\362\061\370\174\352\102\265 -\223\026\125\334\241\014\022\240\332\141\176\017\130\130\163\144 -\162\307\350\105\216\334\251\362\046\077\306\171\214\261\123\010 -\063\201\260\126\023\276\346\121\134\330\233\012\117\113\234\126 -\123\002\351\117\366\015\140\352\115\102\125\350\174\033\041\041 -\323\033\072\314\167\362\270\220\361\150\307\371\132\376\372\055 -\364\277\311\365\105\033\316\070\020\052\067\212\171\243\264\343 -\011\154\205\206\223\377\211\226\047\170\201\217\147\343\106\164 -\124\216\331\015\151\342\112\364\115\164\003\377\262\167\355\225 -\147\227\344\261\305\253\277\152\043\350\324\224\342\104\050\142 -\304\113\342\360\330\342\051\153\032\160\176\044\141\223\173\117 -\003\062\045\015\105\044\053\226\264\106\152\277\112\013\367\232 -\217\301\254\032\305\147\363\157\064\322\372\163\143\214\357\026 -\260\250\244\106\052\370\353\022\354\162\264\357\370\053\176\214 -\122\300\213\204\124\371\057\076\343\125\250\334\146\261\331\341 -\137\330\263\214\131\064\131\244\253\117\154\273\037\030\333\165 -\253\330\313\222\315\224\070\141\016\007\006\037\113\106\020\361 -\025\276\215\205\134\073\112\053\201\171\017\264\151\237\111\120 -\227\115\367\016\126\135\300\225\152\302\066\303\033\150\311\365 -\052\334\107\232\276\262\316\305\045\350\372\003\271\332\371\026 -\156\221\204\365\034\050\310\374\046\314\327\034\220\126\247\137 -\157\072\004\274\315\170\211\013\216\017\057\243\252\117\242\033 -\022\075\026\010\100\017\361\106\114\327\252\173\010\301\012\365 -\155\047\336\002\217\312\303\265\053\312\351\353\310\041\123\070 -\245\314\073\330\167\067\060\242\117\331\157\321\362\100\255\101 -\172\027\305\326\112\065\211\267\101\325\174\206\177\125\115\203 -\112\245\163\040\300\072\257\220\361\232\044\216\331\216\161\312 -\173\270\206\332\262\217\231\076\035\023\015\022\021\356\324\253 -\360\351\025\166\002\344\340\337\252\040\036\133\141\205\144\100 -\251\220\227\015\255\123\322\132\035\207\152\000\227\145\142\264 -\276\157\152\247\365\054\102\355\062\255\266\041\236\276\274 +\060\202\003\101\060\202\002\051\240\003\002\001\002\002\023\006 +\154\237\317\231\277\214\012\071\342\360\170\212\103\346\226\066 +\133\312\060\015\006\011\052\206\110\206\367\015\001\001\013\005 +\000\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157 +\156\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172 +\157\156\040\122\157\157\164\040\103\101\040\061\060\036\027\015 +\061\065\060\065\062\066\060\060\060\060\060\060\132\027\015\063 +\070\060\061\061\067\060\060\060\060\060\060\132\060\071\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\017\060\015\006 +\003\125\004\012\023\006\101\155\141\172\157\156\061\031\060\027 +\006\003\125\004\003\023\020\101\155\141\172\157\156\040\122\157 +\157\164\040\103\101\040\061\060\202\001\042\060\015\006\011\052 +\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060 +\202\001\012\002\202\001\001\000\262\170\200\161\312\170\325\343 +\161\257\107\200\120\164\175\156\330\327\210\166\364\231\150\367 +\130\041\140\371\164\204\001\057\254\002\055\206\323\240\103\172 +\116\262\244\320\066\272\001\276\215\333\110\310\007\027\066\114 +\364\356\210\043\307\076\353\067\365\265\031\370\111\150\260\336 +\327\271\166\070\035\141\236\244\376\202\066\245\345\112\126\344 +\105\341\371\375\264\026\372\164\332\234\233\065\071\057\372\260 +\040\120\006\154\172\320\200\262\246\371\257\354\107\031\217\120 +\070\007\334\242\207\071\130\370\272\325\251\371\110\147\060\226 +\356\224\170\136\157\211\243\121\300\060\206\146\241\105\146\272 +\124\353\243\303\221\371\110\334\377\321\350\060\055\175\055\164 +\160\065\327\210\044\367\236\304\131\156\273\163\207\027\362\062 +\106\050\270\103\372\267\035\252\312\264\362\237\044\016\055\113 +\367\161\134\136\151\377\352\225\002\313\070\212\256\120\070\157 +\333\373\055\142\033\305\307\036\124\341\167\340\147\310\017\234 +\207\043\326\077\100\040\177\040\200\304\200\114\076\073\044\046 +\216\004\256\154\232\310\252\015\002\003\001\000\001\243\102\060 +\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\206\060\035\006\003\125\035\016\004\026\004\024\204\030\314 +\205\064\354\274\014\224\224\056\010\131\234\307\262\020\116\012 +\010\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 +\003\202\001\001\000\230\362\067\132\101\220\241\032\305\166\121 +\050\040\066\043\016\256\346\050\273\252\370\224\256\110\244\060 +\177\033\374\044\215\113\264\310\241\227\366\266\361\172\160\310 +\123\223\314\010\050\343\230\045\317\043\244\371\336\041\323\174 +\205\011\255\116\232\165\072\302\013\152\211\170\166\104\107\030 +\145\154\215\101\216\073\177\232\313\364\265\247\120\327\005\054 +\067\350\003\113\255\351\141\240\002\156\365\362\360\305\262\355 +\133\267\334\372\224\134\167\236\023\245\177\122\255\225\362\370 +\223\073\336\213\134\133\312\132\122\133\140\257\024\367\113\357 +\243\373\237\100\225\155\061\124\374\102\323\307\106\037\043\255 +\331\017\110\160\232\331\165\170\161\321\162\103\064\165\156\127 +\131\302\002\134\046\140\051\317\043\031\026\216\210\103\245\324 +\344\313\010\373\043\021\103\350\103\051\162\142\241\251\135\136 +\010\324\220\256\270\330\316\024\302\320\125\362\206\366\304\223 +\103\167\146\141\300\271\350\101\327\227\170\140\003\156\112\162 +\256\245\321\175\272\020\236\206\154\033\212\271\131\063\370\353 +\304\220\276\361\271 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Hellenic Academic and Research Institutions RootCA 2015" -# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Serial Number: 0 (0x0) -# Subject: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Not Valid Before: Tue Jul 07 10:11:21 2015 -# Not Valid After : Sat Jun 30 10:11:21 2040 -# Fingerprint (SHA-256): A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 -# Fingerprint (SHA1): 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 +# Trust for "Amazon Root CA 1" +# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US +# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca +# Subject: CN=Amazon Root CA 1,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sun Jan 17 00:00:00 2038 +# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E +# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2015" +CKA_LABEL UTF8 "Amazon Root CA 1" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\001\014\006\225\246\230\031\024\377\277\137\306\260\266\225\352 -\051\351\022\246 +\215\247\371\145\354\136\374\067\221\017\034\156\131\375\301\314 +\152\156\336\026 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\312\377\342\333\003\331\313\113\351\017\255\204\375\173\030\316 +\103\306\277\256\354\376\255\057\030\306\210\150\060\374\310\346 END CKA_ISSUER MULTILINE_OCTAL -\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 -\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 -\157\164\103\101\040\062\060\061\065 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 +\002\023\006\154\237\317\231\277\214\012\071\342\360\170\212\103 +\346\226\066\133\312 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -19480,135 +18596,158 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Hellenic Academic and Research Institutions ECC RootCA 2015" +# Certificate "Amazon Root CA 2" # -# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Serial Number: 0 (0x0) -# Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Not Valid Before: Tue Jul 07 10:37:12 2015 -# Not Valid After : Sat Jun 30 10:37:12 2040 -# Fingerprint (SHA-256): 44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 -# Fingerprint (SHA1): 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 +# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US +# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 +# Subject: CN=Amazon Root CA 2,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 +# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hellenic Academic and Research Institutions ECC RootCA 2015" +CKA_LABEL UTF8 "Amazon Root CA 2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 -\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 -\103\040\122\157\157\164\103\101\040\062\060\061\065 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 -\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 -\103\040\122\157\157\164\103\101\040\062\060\061\065 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 +\002\023\006\154\237\322\226\065\206\237\012\017\345\206\170\370 +\133\046\273\212\067 END CKA_VALUE MULTILINE_OCTAL -\060\202\002\303\060\202\002\112\240\003\002\001\002\002\001\000 -\060\012\006\010\052\206\110\316\075\004\003\002\060\201\252\061 -\013\060\011\006\003\125\004\006\023\002\107\122\061\017\060\015 -\006\003\125\004\007\023\006\101\164\150\145\156\163\061\104\060 -\102\006\003\125\004\012\023\073\110\145\154\154\145\156\151\143 -\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145 -\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151 -\157\156\163\040\103\145\162\164\056\040\101\165\164\150\157\162 -\151\164\171\061\104\060\102\006\003\125\004\003\023\073\110\145 -\154\154\145\156\151\143\040\101\143\141\144\145\155\151\143\040 -\141\156\144\040\122\145\163\145\141\162\143\150\040\111\156\163 -\164\151\164\165\164\151\157\156\163\040\105\103\103\040\122\157 -\157\164\103\101\040\062\060\061\065\060\036\027\015\061\065\060 -\067\060\067\061\060\063\067\061\062\132\027\015\064\060\060\066 -\063\060\061\060\063\067\061\062\132\060\201\252\061\013\060\011 -\006\003\125\004\006\023\002\107\122\061\017\060\015\006\003\125 -\004\007\023\006\101\164\150\145\156\163\061\104\060\102\006\003 -\125\004\012\023\073\110\145\154\154\145\156\151\143\040\101\143 -\141\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141 -\162\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163 -\040\103\145\162\164\056\040\101\165\164\150\157\162\151\164\171 -\061\104\060\102\006\003\125\004\003\023\073\110\145\154\154\145 -\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 -\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 -\165\164\151\157\156\163\040\105\103\103\040\122\157\157\164\103 -\101\040\062\060\061\065\060\166\060\020\006\007\052\206\110\316 -\075\002\001\006\005\053\201\004\000\042\003\142\000\004\222\240 -\101\350\113\202\204\134\342\370\061\021\231\206\144\116\011\045 -\057\235\101\057\012\256\065\117\164\225\262\121\144\153\215\153 -\346\077\160\225\360\005\104\107\246\162\070\120\166\225\002\132 -\216\256\050\236\371\055\116\231\357\054\110\157\114\045\051\350 -\321\161\133\337\035\301\165\067\264\327\372\173\172\102\234\152 -\012\126\132\174\151\013\252\200\011\044\154\176\301\106\243\102 -\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\035\006\003\125\035\016\004\026\004\024\264\042 -\013\202\231\044\001\016\234\273\344\016\375\277\373\227\040\223 -\231\052\060\012\006\010\052\206\110\316\075\004\003\002\003\147 -\000\060\144\002\060\147\316\026\142\070\242\254\142\105\247\251 -\225\044\300\032\047\234\062\073\300\300\325\272\251\347\370\004 -\103\123\205\356\122\041\336\235\365\045\203\076\236\130\113\057 -\327\147\023\016\041\002\060\005\341\165\001\336\150\355\052\037 -\115\114\011\010\015\354\113\255\144\027\050\347\165\316\105\145 -\162\041\027\313\042\101\016\214\023\230\070\232\124\155\233\312 -\342\174\352\002\130\042\221 +\060\202\005\101\060\202\003\051\240\003\002\001\002\002\023\006 +\154\237\322\226\065\206\237\012\017\345\206\170\370\133\046\273 +\212\067\060\015\006\011\052\206\110\206\367\015\001\001\014\005 +\000\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157 +\156\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172 +\157\156\040\122\157\157\164\040\103\101\040\062\060\036\027\015 +\061\065\060\065\062\066\060\060\060\060\060\060\132\027\015\064 +\060\060\065\062\066\060\060\060\060\060\060\132\060\071\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\017\060\015\006 +\003\125\004\012\023\006\101\155\141\172\157\156\061\031\060\027 +\006\003\125\004\003\023\020\101\155\141\172\157\156\040\122\157 +\157\164\040\103\101\040\062\060\202\002\042\060\015\006\011\052 +\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 +\202\002\012\002\202\002\001\000\255\226\237\055\234\112\114\112 +\201\171\121\231\354\212\313\153\140\121\023\274\115\155\006\374 +\260\010\215\335\031\020\152\307\046\014\065\330\300\157\040\204 +\351\224\261\233\205\003\303\133\333\112\350\310\370\220\166\331 +\133\117\343\114\350\006\066\115\314\232\254\075\014\220\053\222 +\324\006\031\140\254\067\104\171\205\201\202\255\132\067\340\015 +\314\235\246\114\122\166\352\103\235\267\004\321\120\366\125\340 +\325\322\246\111\205\351\067\351\312\176\256\134\225\115\110\232 +\077\256\040\132\155\210\225\331\064\270\122\032\103\220\260\277 +\154\005\271\266\170\267\352\320\344\072\074\022\123\142\377\112 +\362\173\276\065\005\251\022\064\343\363\144\164\142\054\075\000 +\111\132\050\376\062\104\273\207\335\145\047\002\161\073\332\112 +\367\037\332\315\367\041\125\220\117\017\354\256\202\341\237\153 +\331\105\323\273\360\137\207\355\074\054\071\206\332\077\336\354 +\162\125\353\171\243\255\333\335\174\260\272\034\316\374\336\117 +\065\166\317\017\370\170\037\152\066\121\106\047\141\133\351\236 +\317\360\242\125\175\174\045\212\157\057\264\305\317\204\056\053 +\375\015\121\020\154\373\137\033\274\033\176\305\256\073\230\001 +\061\222\377\013\127\364\232\262\271\127\351\253\357\015\166\321 +\360\356\364\316\206\247\340\156\351\264\151\241\337\151\366\063 +\306\151\056\227\023\236\245\207\260\127\020\201\067\311\123\263 +\273\177\366\222\321\234\320\030\364\222\156\332\203\117\246\143 +\231\114\245\373\136\357\041\144\172\040\137\154\144\205\025\313 +\067\351\142\014\013\052\026\334\001\056\062\332\076\113\365\236 +\072\366\027\100\224\357\236\221\010\206\372\276\143\250\132\063 +\354\313\164\103\225\371\154\151\122\066\307\051\157\374\125\003 +\134\037\373\237\275\107\353\347\111\107\225\013\116\211\042\011 +\111\340\365\141\036\361\277\056\212\162\156\200\131\377\127\072 +\371\165\062\243\116\137\354\355\050\142\331\115\163\362\314\201 +\027\140\355\315\353\334\333\247\312\305\176\002\275\362\124\010 +\124\375\264\055\011\054\027\124\112\230\321\124\341\121\147\010 +\322\355\156\176\157\077\322\055\201\131\051\146\313\220\071\225 +\021\036\164\047\376\335\353\257\002\003\001\000\001\243\102\060 +\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\206\060\035\006\003\125\035\016\004\026\004\024\260\014\360 +\114\060\364\005\130\002\110\375\063\345\122\257\113\204\343\146 +\122\060\015\006\011\052\206\110\206\367\015\001\001\014\005\000 +\003\202\002\001\000\252\250\200\217\016\170\243\340\242\324\315 +\346\365\230\172\073\352\000\003\260\227\016\223\274\132\250\366 +\054\214\162\207\251\261\374\177\163\375\143\161\170\245\207\131 +\317\060\341\015\020\262\023\132\155\202\365\152\346\200\237\240 +\005\013\150\344\107\153\307\152\337\266\375\167\062\162\345\030 +\372\011\364\240\223\054\135\322\214\165\205\166\145\220\014\003 +\171\267\061\043\143\255\170\203\011\206\150\204\312\377\371\317 +\046\232\222\171\347\315\113\305\347\141\247\027\313\363\251\022 +\223\223\153\247\350\057\123\222\304\140\130\260\314\002\121\030 +\133\205\215\142\131\143\266\255\264\336\232\373\046\367\000\047 +\300\135\125\067\164\231\311\120\177\343\131\056\104\343\054\045 +\356\354\114\062\167\264\237\032\351\113\135\040\305\332\375\034 +\207\026\306\103\350\324\273\046\232\105\160\136\251\013\067\123 +\342\106\173\047\375\340\106\362\211\267\314\102\266\313\050\046 +\156\331\245\311\072\310\101\023\140\367\120\214\025\256\262\155 +\032\025\032\127\170\346\222\052\331\145\220\202\077\154\002\257 +\256\022\072\047\226\066\004\327\035\242\200\143\251\233\361\345 +\272\264\174\024\260\116\311\261\037\164\137\070\366\121\352\233 +\372\054\242\021\324\251\055\047\032\105\261\257\262\116\161\015 +\300\130\106\326\151\006\313\123\313\263\376\153\101\315\101\176 +\175\114\017\174\162\171\172\131\315\136\112\016\254\233\251\230 +\163\171\174\264\364\314\271\270\007\014\262\164\134\270\307\157 +\210\241\220\247\364\252\371\277\147\072\364\032\025\142\036\267 +\237\276\075\261\051\257\147\241\022\362\130\020\031\123\003\060 +\033\270\032\211\366\234\275\227\003\216\243\011\363\035\213\041 +\361\264\337\344\034\321\237\145\002\006\352\134\326\023\263\204 +\357\242\245\134\214\167\051\247\150\300\153\256\100\322\250\264 +\352\315\360\215\113\070\234\031\232\033\050\124\270\211\220\357 +\312\165\201\076\036\362\144\044\307\030\257\116\377\107\236\007 +\366\065\145\244\323\012\126\377\365\027\144\154\357\250\042\045 +\111\223\266\337\000\027\332\130\176\135\356\305\033\260\321\321 +\137\041\020\307\371\363\272\002\012\047\007\305\361\326\307\323 +\340\373\011\140\154 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015" -# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Serial Number: 0 (0x0) -# Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Not Valid Before: Tue Jul 07 10:37:12 2015 -# Not Valid After : Sat Jun 30 10:37:12 2040 -# Fingerprint (SHA-256): 44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 -# Fingerprint (SHA1): 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 +# Trust for "Amazon Root CA 2" +# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US +# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 +# Subject: CN=Amazon Root CA 2,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 +# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hellenic Academic and Research Institutions ECC RootCA 2015" +CKA_LABEL UTF8 "Amazon Root CA 2" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\237\361\161\215\222\325\232\363\175\164\227\264\274\157\204\150 -\013\272\266\146 +\132\214\357\105\327\246\230\131\166\172\214\213\104\226\265\170 +\317\107\113\032 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\201\345\264\027\353\302\365\341\113\015\101\173\111\222\376\357 +\310\345\215\316\250\102\342\172\300\052\134\174\236\046\277\146 END CKA_ISSUER MULTILINE_OCTAL -\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 -\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 -\103\040\122\157\157\164\103\101\040\062\060\061\065 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 +\002\023\006\154\237\322\226\065\206\237\012\017\345\206\170\370 +\133\046\273\212\067 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -19616,158 +18755,101 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Certplus Root CA G1" +# Certificate "Amazon Root CA 3" # -# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR -# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11 -# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E -# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66 +# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US +# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a +# Subject: CN=Amazon Root CA 3,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 +# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G1" +CKA_LABEL UTF8 "Amazon Root CA 3" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\063 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267 -\054\334\106\021 +\002\023\006\154\237\325\164\227\066\146\077\073\013\232\331\350 +\236\166\003\362\112 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\153\060\202\003\123\240\003\002\001\002\002\022\021 -\040\125\203\344\055\076\124\126\205\055\203\067\267\054\334\106 -\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000 -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -\060\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060 -\132\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132 -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\332\120\207\266\332\270\251\076\235\144\372\126\063\232\126 -\075\026\345\003\225\262\064\034\232\155\142\005\324\330\217\347 -\211\144\237\272\333\144\213\144\346\171\052\141\315\257\217\132 -\211\221\145\271\130\374\264\003\137\221\077\055\020\025\340\176 -\317\274\374\177\103\147\250\255\136\066\043\330\230\263\115\363 -\103\236\071\174\052\374\354\210\325\210\356\160\275\205\026\055 -\352\113\211\074\243\161\102\376\034\375\323\034\055\020\270\206 -\124\352\103\270\333\306\207\332\250\256\200\045\317\172\046\035 -\252\221\260\110\157\256\265\336\236\330\327\372\000\375\306\217 -\320\121\273\142\175\244\261\214\262\377\040\021\272\065\143\005 -\206\107\140\103\063\220\366\107\242\003\117\226\115\235\117\301 -\352\352\234\242\376\064\056\336\267\312\033\166\244\267\255\237 -\351\250\324\170\077\170\376\362\070\011\066\035\322\026\002\310 -\354\052\150\257\365\216\224\357\055\023\172\036\102\112\035\025 -\061\256\014\004\127\374\141\163\363\061\126\206\061\200\240\304 -\021\156\060\166\343\224\360\137\004\304\254\207\162\211\230\305 -\235\314\127\010\232\364\014\374\175\172\005\072\372\107\200\071 -\266\317\204\023\167\157\047\352\377\226\147\027\010\155\351\015 -\326\043\120\060\260\025\164\023\076\345\057\377\016\315\304\013 -\112\135\360\330\000\063\111\146\353\241\030\174\131\056\075\050 -\271\141\161\313\265\245\272\270\352\334\342\160\157\010\152\334 -\207\147\064\357\337\060\162\335\363\311\077\043\377\065\341\276 -\041\051\040\060\201\344\031\245\040\351\045\312\163\061\164\051 -\276\342\102\325\363\262\046\146\307\150\375\031\263\347\040\223 -\231\350\135\340\136\207\347\106\350\045\234\012\051\044\324\315 -\130\206\122\100\044\262\173\017\230\022\040\044\366\220\154\107 -\310\015\273\030\040\056\331\375\374\213\362\051\352\207\164\225 -\340\102\120\170\204\004\101\141\260\364\041\043\217\055\313\050 -\041\362\152\154\364\032\246\305\024\264\067\145\117\225\375\200 -\310\370\162\345\045\153\304\140\261\173\155\216\112\212\163\316 -\131\373\160\172\163\006\023\331\323\164\067\044\101\012\021\157 -\227\334\347\344\176\241\275\025\362\272\207\017\075\150\212\026 -\007\002\003\001\000\001\243\143\060\141\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 -\035\016\004\026\004\024\250\301\300\233\221\250\103\025\174\135 -\006\047\264\052\121\330\227\013\201\261\060\037\006\003\125\035 -\043\004\030\060\026\200\024\250\301\300\233\221\250\103\025\174 -\135\006\047\264\052\121\330\227\013\201\261\060\015\006\011\052 -\206\110\206\367\015\001\001\015\005\000\003\202\002\001\000\234 -\126\157\001\176\321\275\114\365\212\306\360\046\037\344\340\070 -\030\314\062\303\051\073\235\101\051\064\141\306\327\360\000\241 -\353\244\162\217\224\027\274\023\054\165\264\127\356\012\174\011 -\172\334\325\312\241\320\064\023\370\167\253\237\345\376\330\036 -\164\212\205\007\217\177\314\171\172\312\226\315\315\375\117\373 -\375\043\015\220\365\364\136\323\306\141\175\236\021\340\002\356 -\011\004\331\007\335\246\212\267\014\203\044\273\203\120\222\376 -\140\165\021\076\330\235\260\212\172\265\340\235\233\313\220\122 -\113\260\223\052\324\076\026\063\345\236\306\145\025\076\144\073 -\004\077\333\014\217\137\134\035\151\037\257\363\351\041\214\363 -\357\227\366\232\267\031\266\204\164\234\243\124\265\160\116\143 -\330\127\135\123\041\233\100\222\103\372\326\167\125\063\117\144 -\325\373\320\054\152\216\155\045\246\357\205\350\002\304\123\076 -\271\236\207\274\314\065\032\336\241\351\212\143\207\145\036\021 -\052\333\143\167\227\024\276\232\024\231\021\262\300\356\260\117 -\370\024\041\062\103\117\237\253\242\313\250\017\252\073\006\125 -\306\022\051\127\010\324\067\327\207\047\255\111\131\247\221\253 -\104\172\136\215\160\333\227\316\110\120\261\163\223\366\360\203 -\140\371\315\361\341\061\375\133\174\161\041\143\024\024\252\257 -\305\336\223\176\150\261\354\042\242\252\220\165\236\265\103\162 -\352\144\243\204\113\375\014\250\046\153\161\227\356\126\143\146 -\350\102\124\371\307\035\337\320\217\133\337\310\060\157\210\376 -\015\304\063\034\123\250\243\375\110\020\362\344\012\116\341\025 -\127\374\156\144\060\302\125\021\334\352\251\315\112\124\254\051 -\143\104\317\112\100\240\326\150\131\033\063\371\357\072\213\333 -\040\222\334\102\204\277\001\253\207\300\325\040\202\333\306\271 -\203\205\102\134\017\103\073\152\111\065\325\230\364\025\277\372 -\141\201\014\011\040\030\322\320\027\014\313\110\000\120\351\166 -\202\214\144\327\072\240\007\125\314\036\061\300\357\072\264\145 -\373\343\277\102\153\236\017\250\275\153\230\334\330\333\313\213 -\244\335\327\131\364\156\335\376\252\303\221\320\056\102\007\300 -\014\115\123\315\044\261\114\133\036\121\364\337\351\222\372 +\060\202\001\266\060\202\001\133\240\003\002\001\002\002\023\006 +\154\237\325\164\227\066\146\077\073\013\232\331\350\236\166\003 +\362\112\060\012\006\010\052\206\110\316\075\004\003\002\060\071 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\017\060 +\015\006\003\125\004\012\023\006\101\155\141\172\157\156\061\031 +\060\027\006\003\125\004\003\023\020\101\155\141\172\157\156\040 +\122\157\157\164\040\103\101\040\063\060\036\027\015\061\065\060 +\065\062\066\060\060\060\060\060\060\132\027\015\064\060\060\065 +\062\066\060\060\060\060\060\060\132\060\071\061\013\060\011\006 +\003\125\004\006\023\002\125\123\061\017\060\015\006\003\125\004 +\012\023\006\101\155\141\172\157\156\061\031\060\027\006\003\125 +\004\003\023\020\101\155\141\172\157\156\040\122\157\157\164\040 +\103\101\040\063\060\131\060\023\006\007\052\206\110\316\075\002 +\001\006\010\052\206\110\316\075\003\001\007\003\102\000\004\051 +\227\247\306\101\177\300\015\233\350\001\033\126\306\362\122\245 +\272\055\262\022\350\322\056\327\372\311\305\330\252\155\037\163 +\201\073\073\230\153\071\174\063\245\305\116\206\216\200\027\150 +\142\105\127\175\104\130\035\263\067\345\147\010\353\146\336\243 +\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060 +\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 +\003\002\001\206\060\035\006\003\125\035\016\004\026\004\024\253 +\266\333\327\006\236\067\254\060\206\007\221\160\307\234\304\031 +\261\170\300\060\012\006\010\052\206\110\316\075\004\003\002\003 +\111\000\060\106\002\041\000\340\205\222\243\027\267\215\371\053 +\006\245\223\254\032\230\150\141\162\372\341\241\320\373\034\170 +\140\246\103\231\305\270\304\002\041\000\234\002\357\361\224\234 +\263\226\371\353\306\052\370\266\054\376\072\220\024\026\327\214 +\143\044\110\034\337\060\175\325\150\073 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Certplus Root CA G1" -# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR -# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11 -# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E -# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66 +# Trust for "Amazon Root CA 3" +# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US +# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a +# Subject: CN=Amazon Root CA 3,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 +# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G1" +CKA_LABEL UTF8 "Amazon Root CA 3" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\042\375\320\267\375\242\116\015\254\111\054\240\254\246\173\152 -\037\343\367\146 +\015\104\335\214\074\214\032\032\130\165\144\201\351\017\056\052 +\377\263\322\156 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\177\011\234\367\331\271\134\151\151\126\325\067\076\024\015\102 +\240\324\357\013\367\265\330\111\225\052\354\365\304\374\201\207 END CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267 -\054\334\106\021 +\002\023\006\154\237\325\164\227\066\146\077\073\013\232\331\350 +\236\166\003\362\112 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -19775,105 +18857,105 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Certplus Root CA G2" +# Certificate "Amazon Root CA 4" # -# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR -# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55 -# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17 -# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A +# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US +# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e +# Subject: CN=Amazon Root CA 4,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 +# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G2" +CKA_LABEL UTF8 "Amazon Root CA 4" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\064 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257 -\317\163\274\125 +\002\023\006\154\237\327\301\273\020\114\051\103\345\161\173\173 +\054\310\032\301\016 END CKA_VALUE MULTILINE_OCTAL -\060\202\002\034\060\202\001\242\240\003\002\001\002\002\022\021 -\040\331\221\316\256\243\350\305\347\377\351\002\257\317\163\274 -\125\060\012\006\010\052\206\110\316\075\004\003\003\060\076\061 -\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017 -\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061 -\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154 -\165\163\040\122\157\157\164\040\103\101\040\107\062\060\036\027 -\015\061\064\060\065\062\066\060\060\060\060\060\060\132\027\015 -\063\070\060\061\061\065\060\060\060\060\060\060\132\060\076\061 -\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017 -\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061 -\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154 -\165\163\040\122\157\157\164\040\103\101\040\107\062\060\166\060 -\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 -\042\003\142\000\004\315\017\133\126\202\337\360\105\032\326\255 -\367\171\360\035\311\254\226\326\236\116\234\037\264\102\021\312 -\206\277\155\373\205\243\305\345\031\134\327\356\246\077\151\147 -\330\170\342\246\311\304\333\055\171\056\347\213\215\002\157\061 -\042\115\006\343\140\162\105\235\016\102\167\236\316\317\345\177 -\205\233\030\344\374\314\056\162\323\026\223\116\312\231\143\134 -\241\005\052\154\006\243\143\060\141\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\332\203\143\002\171\216\332\114\306\074\043 -\024\330\217\303\040\253\050\140\131\060\037\006\003\125\035\043 -\004\030\060\026\200\024\332\203\143\002\171\216\332\114\306\074 -\043\024\330\217\303\040\253\050\140\131\060\012\006\010\052\206 -\110\316\075\004\003\003\003\150\000\060\145\002\060\160\376\260 -\013\331\367\203\227\354\363\125\035\324\334\263\006\016\376\063 -\230\235\213\071\220\153\224\041\355\266\327\135\326\114\327\041 -\247\347\277\041\017\053\315\367\052\334\205\007\235\002\061\000 -\206\024\026\345\334\260\145\302\300\216\024\237\277\044\026\150 -\345\274\371\171\151\334\255\105\053\367\266\061\163\314\006\245 -\123\223\221\032\223\256\160\152\147\272\327\236\345\141\032\137 +\060\202\001\362\060\202\001\170\240\003\002\001\002\002\023\006 +\154\237\327\301\273\020\114\051\103\345\161\173\173\054\310\032 +\301\016\060\012\006\010\052\206\110\316\075\004\003\003\060\071 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\017\060 +\015\006\003\125\004\012\023\006\101\155\141\172\157\156\061\031 +\060\027\006\003\125\004\003\023\020\101\155\141\172\157\156\040 +\122\157\157\164\040\103\101\040\064\060\036\027\015\061\065\060 +\065\062\066\060\060\060\060\060\060\132\027\015\064\060\060\065 +\062\066\060\060\060\060\060\060\132\060\071\061\013\060\011\006 +\003\125\004\006\023\002\125\123\061\017\060\015\006\003\125\004 +\012\023\006\101\155\141\172\157\156\061\031\060\027\006\003\125 +\004\003\023\020\101\155\141\172\157\156\040\122\157\157\164\040 +\103\101\040\064\060\166\060\020\006\007\052\206\110\316\075\002 +\001\006\005\053\201\004\000\042\003\142\000\004\322\253\212\067 +\117\243\123\015\376\301\212\173\113\250\173\106\113\143\260\142 +\366\055\033\333\010\161\041\322\000\350\143\275\232\047\373\360 +\071\156\135\352\075\245\311\201\252\243\133\040\230\105\135\026 +\333\375\350\020\155\343\234\340\343\275\137\204\142\363\160\144 +\063\240\313\044\057\160\272\210\241\052\240\165\370\201\256\142 +\006\304\201\333\071\156\051\260\036\372\056\134\243\102\060\100 +\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 +\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 +\206\060\035\006\003\125\035\016\004\026\004\024\323\354\307\072 +\145\156\314\341\332\166\232\126\373\234\363\206\155\127\345\201 +\060\012\006\010\052\206\110\316\075\004\003\003\003\150\000\060 +\145\002\060\072\213\041\361\275\176\021\255\320\357\130\226\057 +\326\353\235\176\220\215\053\317\146\125\303\054\343\050\251\160 +\012\107\016\360\067\131\022\377\055\231\224\050\116\052\117\065 +\115\063\132\002\061\000\352\165\000\116\073\304\072\224\022\221 +\311\130\106\235\041\023\162\247\210\234\212\344\114\112\333\226 +\324\254\213\153\153\111\022\123\063\255\327\344\276\044\374\265 +\012\166\324\245\274\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Certplus Root CA G2" -# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR -# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55 -# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17 -# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A +# Trust for "Amazon Root CA 4" +# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US +# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e +# Subject: CN=Amazon Root CA 4,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 +# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G2" +CKA_LABEL UTF8 "Amazon Root CA 4" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\117\145\216\037\351\006\330\050\002\351\124\107\101\311\124\045 -\135\151\314\032 +\366\020\204\007\326\370\273\147\230\014\302\342\104\302\353\256 +\034\357\143\276 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\247\356\304\170\055\033\356\055\271\051\316\326\247\226\062\061 +\211\274\047\325\353\027\215\006\152\151\325\375\211\107\264\315 END CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257 -\317\163\274\125 +\002\023\006\154\237\327\301\273\020\114\051\103\345\161\173\173 +\054\310\032\301\016 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -19881,1143 +18963,1396 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "OpenTrust Root CA G1" +# Certificate "LuxTrust Global Root 2" # -# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67 -# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 08:45:50 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4 -# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E +# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 +# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Not Valid Before: Thu Mar 05 13:21:57 2015 +# Not Valid After : Mon Mar 05 13:21:57 2035 +# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 +# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G1" +CKA_LABEL UTF8 "LuxTrust Global Root 2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061 +\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 +\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 +\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 +\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 +\154\040\122\157\157\164\040\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061 +\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 +\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 +\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 +\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 +\154\040\122\157\157\164\040\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237 -\153\143\216\147 +\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270 +\025\323\026\177\273\261 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021 -\040\263\220\125\071\175\177\066\155\144\302\247\237\153\143\216 -\147\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061\060\036\027\015\061\064\060\065\062\066\060\070\064\065 -\065\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060 -\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106 -\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156 -\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024 -\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103 -\101\040\107\061\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\370\171\106\332\226\305\060\136\212\161\003 -\055\160\244\273\260\305\010\334\315\346\065\300\200\244\021\055 -\335\346\207\256\135\075\221\322\207\154\067\267\332\142\236\233 -\302\044\327\217\361\333\246\246\337\106\157\121\246\161\313\076 -\033\061\147\142\367\021\133\064\047\325\171\116\214\233\130\275 -\042\020\015\134\047\014\335\060\345\250\323\135\041\070\164\027 -\376\343\037\266\117\073\153\055\333\175\140\037\214\175\114\005 -\302\353\001\026\025\230\024\216\321\220\167\042\077\354\302\071 -\270\171\072\360\111\044\342\225\221\334\141\064\222\214\124\164 -\357\261\175\214\001\342\070\175\301\137\152\137\044\262\216\142 -\027\255\171\040\255\253\035\267\340\264\226\110\117\146\103\020 -\006\026\044\003\341\340\234\216\306\106\117\216\032\231\341\217 -\271\216\063\154\151\336\130\255\240\016\247\144\124\021\151\104 -\146\117\114\022\247\216\054\175\304\324\133\305\000\064\060\301 -\331\231\376\062\316\007\204\264\116\315\012\377\066\115\142\361 -\247\143\127\344\333\152\247\256\277\053\271\311\346\262\047\211 -\345\176\232\034\115\150\306\301\030\336\063\053\121\106\113\034 -\216\367\075\014\371\212\064\024\304\373\063\065\043\361\314\361 -\052\307\245\273\260\242\316\376\123\153\115\101\033\146\050\262 -\226\372\247\256\012\116\271\071\063\104\234\164\301\223\034\370 -\340\236\044\045\103\361\233\043\202\252\337\054\040\260\334\066 -\116\003\263\174\002\324\346\173\032\252\207\023\277\076\241\164 -\273\233\016\341\300\223\237\327\244\146\312\273\033\073\343\060 -\364\063\131\212\007\162\003\125\347\163\152\003\061\156\157\226 -\033\343\242\237\257\222\307\355\365\102\267\045\114\073\023\004 -\317\034\226\257\034\042\243\320\253\005\262\114\022\043\122\334 -\375\031\133\047\234\036\073\172\375\102\043\333\043\200\023\360 -\274\121\025\124\224\246\167\076\320\164\121\275\121\024\010\071 -\067\313\037\064\251\060\235\122\204\056\125\220\261\272\337\125 -\000\013\330\126\055\261\111\111\162\200\251\142\327\300\366\030 -\021\004\125\315\164\173\317\141\160\171\364\173\054\134\134\222 -\374\345\270\132\253\114\223\225\241\047\356\245\276\317\161\043 -\102\272\233\166\055\002\003\001\000\001\243\143\060\141\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017 +\060\202\005\303\060\202\003\253\240\003\002\001\002\002\024\012 +\176\246\337\113\104\236\332\152\044\205\236\346\270\025\323\026 +\177\273\261\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\060\106\061\013\060\011\006\003\125\004\006\023\002\114 +\125\061\026\060\024\006\003\125\004\012\014\015\114\165\170\124 +\162\165\163\164\040\123\056\101\056\061\037\060\035\006\003\125 +\004\003\014\026\114\165\170\124\162\165\163\164\040\107\154\157 +\142\141\154\040\122\157\157\164\040\062\060\036\027\015\061\065 +\060\063\060\065\061\063\062\061\065\067\132\027\015\063\065\060 +\063\060\065\061\063\062\061\065\067\132\060\106\061\013\060\011 +\006\003\125\004\006\023\002\114\125\061\026\060\024\006\003\125 +\004\012\014\015\114\165\170\124\162\165\163\164\040\123\056\101 +\056\061\037\060\035\006\003\125\004\003\014\026\114\165\170\124 +\162\165\163\164\040\107\154\157\142\141\154\040\122\157\157\164 +\040\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015 +\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 +\002\001\000\327\205\227\277\021\230\351\360\142\203\114\074\207 +\371\123\152\067\013\362\017\074\207\316\157\334\046\051\275\305 +\211\272\311\203\075\367\356\312\133\306\155\111\163\264\311\106 +\243\033\064\023\077\301\211\105\127\364\331\261\373\066\145\113 +\373\010\342\110\161\021\310\156\073\236\235\337\211\145\067\246 +\205\366\073\104\030\266\306\067\060\142\104\222\227\151\175\102 +\060\044\344\015\014\211\153\143\336\305\341\337\116\251\024\154 +\123\340\141\316\366\027\057\035\074\275\346\042\114\035\223\365 +\020\304\241\166\354\152\336\305\154\337\226\264\126\100\102\300 +\142\222\060\241\055\025\224\240\322\040\006\011\156\152\155\345 +\353\267\276\324\360\361\025\174\213\346\116\272\023\314\113\047 +\136\231\074\027\135\217\201\177\063\075\117\323\077\033\354\134 +\077\360\074\114\165\156\362\246\325\235\332\055\007\143\002\306 +\162\351\224\274\114\111\225\117\210\122\310\333\350\151\202\370 +\314\064\133\042\360\206\247\211\275\110\012\155\146\201\155\310 +\310\144\373\001\341\364\341\336\331\236\335\333\133\324\052\231 +\046\025\033\036\114\222\051\202\236\325\222\201\222\101\160\031 +\367\244\345\223\113\274\167\147\061\335\034\375\061\160\015\027 +\231\014\371\014\071\031\052\027\265\060\161\125\325\017\256\130 +\341\075\057\064\233\317\237\366\170\205\302\223\172\162\076\146 +\217\234\026\021\140\217\236\211\157\147\276\340\107\132\073\014 +\232\147\213\317\106\306\256\070\243\362\247\274\346\326\205\153 +\063\044\160\042\113\313\010\233\273\310\370\002\051\035\276\040 +\014\106\277\153\207\233\263\052\146\102\065\106\154\252\272\255 +\371\230\173\351\120\125\024\061\277\261\332\055\355\200\255\150 +\044\373\151\253\330\161\023\060\346\147\263\207\100\375\211\176 +\362\103\321\021\337\057\145\057\144\316\137\024\271\261\277\061 +\275\207\170\132\131\145\210\252\374\131\062\110\206\326\114\271 +\051\113\225\323\166\363\167\045\155\102\034\070\203\115\375\243 +\137\233\177\055\254\171\033\016\102\061\227\143\244\373\212\151 +\325\042\015\064\220\060\056\250\264\340\155\266\224\254\274\213 +\116\327\160\374\305\070\216\144\045\341\115\071\220\316\311\207 +\204\130\161\002\003\001\000\001\243\201\250\060\201\245\060\017 \006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\035\006\003\125\035\016\004\026\004\024\227\106\041\127\041\065 -\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060\037 -\006\003\125\035\043\004\030\060\026\200\024\227\106\041\127\041 -\065\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 -\002\001\000\035\335\002\140\174\340\065\247\346\230\173\352\104 -\316\147\100\117\362\223\156\146\324\071\211\046\254\323\115\004 -\074\273\207\041\077\067\364\161\045\332\113\272\253\226\202\201 -\221\266\355\331\261\244\145\227\342\157\144\131\244\226\356\140 -\312\037\043\373\105\272\377\217\044\360\312\251\061\177\171\037 -\200\263\055\062\272\144\147\140\257\271\131\315\337\232\111\323 -\250\202\261\371\230\224\212\314\340\273\340\004\033\231\140\261 -\106\145\334\010\242\262\106\236\104\210\352\223\176\127\026\322 -\025\162\137\056\113\253\324\235\143\270\343\110\345\376\204\056 -\130\012\237\103\035\376\267\030\222\206\103\113\016\234\062\206 -\054\140\365\351\110\352\225\355\160\051\361\325\057\375\065\264 -\127\317\333\205\110\231\271\302\157\154\217\315\170\225\254\144 -\050\375\126\260\303\157\303\276\131\122\341\137\204\217\200\362 -\364\015\066\255\166\263\243\265\341\144\166\072\130\334\175\117 -\136\126\154\345\125\131\127\245\337\361\212\146\060\214\324\122 -\142\070\167\264\276\050\327\312\066\304\233\005\360\370\025\333 -\333\361\357\064\235\035\170\112\210\126\147\156\140\377\217\310 -\213\341\216\275\102\251\063\012\131\102\022\022\052\372\261\235 -\103\216\005\233\231\332\142\255\127\066\263\035\266\015\171\055 -\226\270\353\362\014\113\014\245\224\306\060\247\046\031\055\355 -\114\006\120\060\361\375\130\075\271\113\027\137\031\264\152\204 -\124\264\070\117\071\242\015\226\150\303\050\224\375\355\055\037 -\112\153\103\226\056\220\001\020\373\070\246\201\013\320\277\165 -\323\324\271\316\361\077\157\016\034\036\067\161\345\030\207\165 -\031\077\120\271\136\244\105\064\255\260\312\346\345\023\166\017 -\061\024\251\216\055\224\326\325\205\115\163\025\117\113\362\262 -\076\355\154\275\375\016\235\146\163\260\075\264\367\277\250\340 -\021\244\304\256\165\011\112\143\000\110\040\246\306\235\013\011 -\212\264\340\346\316\076\307\076\046\070\351\053\336\246\010\111 -\003\004\220\212\351\217\277\350\266\264\052\243\043\215\034\034 -\262\071\222\250\217\002\134\100\071\165\324\163\101\002\167\336 -\315\340\103\207\326\344\272\112\303\154\022\177\376\052\346\043 -\326\214\161 +\102\006\003\125\035\040\004\073\060\071\060\067\006\007\053\201 +\053\001\001\001\012\060\054\060\052\006\010\053\006\001\005\005 +\007\002\001\026\036\150\164\164\160\163\072\057\057\162\145\160 +\157\163\151\164\157\162\171\056\154\165\170\164\162\165\163\164 +\056\154\165\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\037\006\003\125\035\043\004\030\060\026\200\024 +\377\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123 +\370\113\174\263\060\035\006\003\125\035\016\004\026\004\024\377 +\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123\370 +\113\174\263\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\003\202\002\001\000\152\031\024\355\156\171\301\054\207 +\324\015\160\176\327\366\170\311\013\004\116\304\261\316\223\160 +\376\260\124\300\062\315\231\060\144\027\277\017\345\342\063\375 +\007\066\100\162\016\032\266\152\131\326\000\345\150\040\335\056 +\162\015\037\152\144\061\040\204\175\111\246\132\067\353\105\311 +\205\365\324\307\027\231\007\346\233\125\344\014\350\251\264\316 +\214\133\265\021\134\317\212\016\015\326\254\167\201\376\062\234 +\044\236\162\316\124\363\320\157\242\126\326\354\303\067\054\145 +\130\276\127\000\032\362\065\372\353\173\061\135\302\301\022\075 +\226\201\210\226\211\301\131\134\172\346\177\160\064\347\203\342 +\261\341\341\270\130\357\324\225\344\140\234\360\226\227\162\214 +\353\204\002\056\145\217\244\267\322\177\147\335\310\323\236\134 +\252\251\244\240\045\024\006\233\354\117\176\055\013\177\035\165 +\361\063\330\355\316\270\165\155\076\133\271\230\035\061\015\126 +\330\103\017\060\221\262\004\153\335\126\276\225\200\125\147\276 +\330\315\203\331\030\356\056\017\206\055\222\236\160\023\354\336 +\121\311\103\170\002\245\115\310\371\137\304\221\130\106\026\167 +\132\164\252\100\274\007\237\060\271\261\367\022\027\335\343\377 +\044\100\035\172\152\321\117\030\012\252\220\035\353\100\036\337 +\241\036\104\222\020\232\362\215\341\321\113\106\236\350\105\102 +\227\352\105\231\363\354\146\325\002\372\362\246\112\044\252\336 +\316\271\312\371\077\223\157\371\243\272\352\245\076\231\255\375 +\377\173\231\365\145\356\360\131\050\147\327\220\225\244\023\204 +\251\204\301\350\316\316\165\223\143\032\274\074\352\325\144\037 +\055\052\022\071\306\303\132\062\355\107\221\026\016\274\070\301 +\120\336\217\312\052\220\064\034\356\101\224\234\136\031\056\370 +\105\111\231\164\221\260\004\157\343\004\132\261\253\052\253\376 +\307\320\226\266\332\341\112\144\006\156\140\115\275\102\116\377 +\170\332\044\312\033\264\327\226\071\154\256\361\016\252\247\175 +\110\213\040\114\317\144\326\270\227\106\260\116\321\052\126\072 +\240\223\275\257\200\044\340\012\176\347\312\325\312\350\205\125 +\334\066\052\341\224\150\223\307\146\162\104\017\200\041\062\154 +\045\307\043\200\203\012\353 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "OpenTrust Root CA G1" -# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67 -# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 08:45:50 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4 -# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E +# Trust for "LuxTrust Global Root 2" +# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 +# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Not Valid Before: Thu Mar 05 13:21:57 2015 +# Not Valid After : Mon Mar 05 13:21:57 2035 +# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 +# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G1" +CKA_LABEL UTF8 "LuxTrust Global Root 2" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\171\221\350\064\367\342\356\335\010\225\001\122\351\125\055\024 -\351\130\325\176 +\036\016\126\031\012\321\213\045\230\262\004\104\377\146\212\004 +\027\231\137\077 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\166\000\314\201\051\315\125\136\210\152\172\056\367\115\071\332 +\262\341\011\000\141\257\367\361\221\157\304\255\215\136\073\174 END CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061 +\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 +\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 +\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 +\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 +\154\040\122\157\157\164\040\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237 -\153\143\216\147 +\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270 +\025\323\026\177\273\261 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "OpenTrust Root CA G2" +# Certificate "Symantec Class 1 Public Primary Certification Authority - G6" # -# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11 -# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2 -# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9 +# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G2" +CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G6" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350 -\110\277\046\021 +\002\020\044\062\165\362\035\057\322\011\063\367\264\152\312\320 +\363\230 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021 -\040\241\151\033\277\275\271\275\122\226\217\043\350\110\277\046 -\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000 -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062\060\036\027\015\061\064\060\065\062\066\060\060\060\060 -\060\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060 -\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106 -\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156 -\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024 -\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103 -\101\040\107\062\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\314\266\127\245\063\224\020\201\062\123\337 -\141\176\017\166\071\317\134\302\123\165\035\111\172\226\070\335 -\242\163\152\361\157\336\136\242\132\271\161\041\276\066\331\241 -\374\274\356\154\250\174\064\032\161\032\350\032\330\137\016\104 -\006\355\247\340\363\322\141\013\340\062\242\226\321\070\360\302 -\332\001\027\374\344\254\117\350\356\211\036\164\253\117\277\036 -\011\266\066\152\126\363\341\356\226\211\146\044\006\344\315\102 -\072\112\335\340\232\260\304\202\105\263\376\311\253\134\174\076 -\311\353\027\057\014\175\156\256\245\217\310\254\045\012\157\372 -\325\105\230\322\065\011\366\003\103\224\376\331\277\040\225\171 -\200\230\212\331\211\065\273\121\033\244\067\175\374\231\073\253 -\377\277\254\015\217\103\261\231\173\026\020\176\035\157\107\304 -\025\217\004\226\010\006\102\004\370\204\326\035\274\221\246\102 -\276\111\325\152\210\077\274\055\121\321\236\215\340\122\314\127 -\335\065\065\130\333\264\217\044\210\344\213\337\334\153\124\322 -\201\053\262\316\222\113\034\037\106\372\035\330\222\313\166\147 -\265\011\231\011\345\254\027\024\125\160\306\074\240\126\012\003 -\263\334\142\031\337\310\265\060\177\365\074\046\165\021\275\327 -\033\263\207\236\007\257\145\161\345\240\317\032\247\011\020\035 -\223\211\146\133\350\074\142\062\265\265\072\156\351\205\001\213 -\236\103\214\147\163\050\131\133\353\343\334\054\314\245\046\162 -\142\022\264\346\234\203\104\366\121\244\342\300\172\044\127\312 -\016\245\077\072\265\073\213\345\166\356\160\346\222\336\026\134 -\050\133\227\031\047\222\376\172\222\124\316\223\071\012\026\207 -\274\143\263\365\261\223\134\340\156\267\320\352\371\142\062\210 -\104\373\277\047\050\266\060\225\135\022\050\271\225\276\217\123 -\030\345\242\030\026\342\126\244\262\054\020\365\035\067\246\370 -\267\366\320\131\134\211\367\302\325\265\224\164\321\325\376\033 -\266\360\346\326\036\173\322\074\313\250\343\365\030\363\041\037 -\156\357\115\150\006\173\055\135\156\103\211\246\300\371\240\277 -\202\036\317\123\177\264\353\054\333\135\366\152\175\100\044\005 -\162\211\070\001\223\313\161\302\071\135\006\021\366\157\170\370 -\067\015\071\204\047\002\003\001\000\001\243\143\060\141\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\035\006\003\125\035\016\004\026\004\024\152\071\372\102\042\367 -\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060\037 -\006\003\125\035\043\004\030\060\026\200\024\152\071\372\102\042 -\367\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060 -\015\006\011\052\206\110\206\367\015\001\001\015\005\000\003\202 -\002\001\000\230\313\253\100\074\345\063\002\227\177\055\207\246 -\217\324\136\112\257\270\036\347\273\161\373\200\144\045\251\263 -\032\076\150\135\047\046\247\272\052\341\360\127\203\012\144\117 -\036\042\164\033\351\220\137\360\254\317\377\117\150\172\070\244 -\020\154\015\261\307\244\167\200\030\266\242\050\104\166\247\064 -\235\161\204\057\312\131\322\107\210\231\101\042\311\060\230\141 -\156\075\250\250\005\155\321\037\300\121\104\126\177\047\065\002 -\335\136\230\012\102\353\060\277\215\241\233\121\252\073\352\223 -\106\144\305\000\171\336\041\153\366\127\240\206\327\006\162\354 -\160\106\113\213\163\335\240\041\165\076\334\035\300\217\323\117 -\163\034\205\331\376\177\142\310\225\157\266\323\173\214\272\123 -\302\157\233\104\114\171\320\035\160\263\327\237\002\364\262\007 -\260\307\345\370\255\043\016\246\126\311\051\022\167\110\331\057 -\106\375\073\360\374\164\160\222\245\216\070\010\037\144\060\266 -\267\113\373\066\254\020\216\240\122\063\143\235\003\065\126\305 -\151\275\306\043\132\047\224\366\244\022\370\055\063\074\241\126 -\245\137\326\031\351\355\174\010\275\167\315\047\144\314\224\332 -\116\106\120\207\340\371\301\123\200\036\273\255\373\107\122\213 -\033\375\242\371\336\016\042\267\075\063\131\154\324\336\365\225 -\006\062\015\121\031\101\134\076\117\006\367\271\053\200\047\366 -\243\252\172\174\006\341\103\303\023\071\142\032\066\275\340\050 -\056\224\002\344\051\056\140\125\256\100\075\260\164\222\136\360 -\040\144\226\077\137\105\135\210\265\212\332\002\240\133\105\124 -\336\070\075\011\300\250\112\145\106\026\374\252\277\124\116\115 -\133\276\070\103\267\050\312\213\063\252\032\045\272\045\134\051 -\057\133\112\156\214\352\055\234\052\366\005\166\340\167\227\200 -\210\335\147\023\157\035\150\044\213\117\267\164\201\345\364\140 -\237\172\125\327\076\067\332\026\153\076\167\254\256\030\160\225 -\010\171\051\003\212\376\301\073\263\077\032\017\244\073\136\037 -\130\241\225\311\253\057\163\112\320\055\156\232\131\017\125\030 -\170\055\074\121\246\227\213\346\273\262\160\252\114\021\336\377 -\174\053\067\324\172\321\167\064\217\347\371\102\367\074\201\014 -\113\122\012 +\060\202\003\366\060\202\002\336\240\003\002\001\002\002\020\044 +\062\165\362\035\057\322\011\063\367\264\152\312\320\363\230\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 +\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035 +\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145 +\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060 +\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143 +\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105 +\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145 +\143\040\103\154\141\163\163\040\061\040\120\165\142\154\151\143 +\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\040\055\040\107\066\060\036\027\015\061\061\061\060\061\070\060 +\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063 +\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004 +\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024 +\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141 +\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123 +\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145 +\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074 +\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\061 +\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040 +\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165 +\164\150\157\162\151\164\171\040\055\040\107\066\060\202\001\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\001\017\000\060\202\001\012\002\202\001\001\000\307\071\327 +\111\144\251\231\202\042\114\352\105\331\007\026\343\173\364\203 +\350\231\163\372\153\261\066\340\232\167\240\100\302\201\215\001 +\307\314\214\275\217\175\367\171\343\172\114\003\115\331\373\375 +\207\070\050\054\335\232\213\124\010\333\147\373\033\214\376\050 +\222\057\276\267\262\110\247\201\241\330\136\210\303\314\071\100 +\101\132\321\334\345\332\020\237\057\332\001\115\375\056\106\174 +\371\056\047\012\151\067\356\221\243\033\152\314\104\277\033\307 +\303\324\021\262\120\140\227\011\275\056\042\365\101\204\146\237 +\315\100\246\251\000\200\301\037\225\222\237\336\363\110\357\333 +\035\167\141\374\177\337\356\226\244\162\320\266\076\377\170\047 +\257\313\222\025\151\010\333\143\020\342\346\227\254\156\334\254 +\366\242\316\036\107\231\271\211\267\022\346\241\324\315\131\021 +\147\303\157\205\330\102\116\050\276\131\125\131\004\225\253\217 +\067\200\277\015\360\374\037\072\144\061\130\201\170\327\342\065 +\366\040\077\051\270\217\026\156\076\110\334\265\114\007\341\362 +\032\352\176\012\171\326\250\275\353\135\206\053\115\002\003\001 +\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 +\004\024\063\101\350\310\071\022\025\223\110\362\226\062\056\132 +\365\332\224\137\123\140\060\015\006\011\052\206\110\206\367\015 +\001\001\013\005\000\003\202\001\001\000\025\343\163\127\261\027 +\266\137\111\151\104\246\366\136\172\147\254\322\336\165\111\253 +\376\045\125\307\072\311\104\025\020\156\277\061\153\313\331\007 +\223\177\034\205\143\000\343\062\022\340\314\313\373\071\154\217 +\342\123\342\074\100\063\331\244\214\107\346\255\130\373\211\257 +\343\336\206\051\126\064\054\105\270\022\372\104\211\156\055\024 +\045\050\044\001\145\326\352\122\254\005\156\126\022\011\075\320 +\164\364\327\275\006\312\250\072\215\126\102\372\215\162\076\164 +\361\003\162\337\207\033\136\016\172\125\226\054\070\267\230\205 +\315\115\063\104\311\224\217\132\061\060\067\113\243\072\022\263 +\347\066\321\041\150\113\055\070\346\123\256\034\045\126\010\126 +\003\147\204\235\306\303\316\044\142\307\114\066\317\260\006\104 +\267\365\137\002\335\331\124\351\057\220\116\172\310\116\203\100 +\014\232\227\074\067\277\277\354\366\360\264\205\167\050\301\013 +\310\147\202\020\027\070\242\267\006\352\233\277\072\370\351\043 +\007\277\164\340\230\070\025\125\170\356\162\000\134\031\243\364 +\322\063\340\377\275\321\124\071\051\017 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "OpenTrust Root CA G2" -# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11 -# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2 -# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B +# Trust for "Symantec Class 1 Public Primary Certification Authority - G6" +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9 +# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G2" +CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G6" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\171\137\210\140\305\253\174\075\222\346\313\364\215\341\105\315 -\021\357\140\013 +\121\177\141\036\051\221\153\123\202\373\162\347\104\331\215\303 +\314\123\155\144 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\127\044\266\131\044\153\256\310\376\034\014\040\362\300\116\353 +\057\250\264\332\366\144\113\036\202\371\106\075\124\032\174\260 END CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350 -\110\277\046\021 +\002\020\044\062\165\362\035\057\322\011\063\367\264\152\312\320 +\363\230 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "OpenTrust Root CA G3" +# Certificate "Symantec Class 2 Public Primary Certification Authority - G6" # -# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f -# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92 -# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6 +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0 +# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G3" +CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\063 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\063 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203 -\033\064\140\077 +\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261 +\377\101 END CKA_VALUE MULTILINE_OCTAL -\060\202\002\041\060\202\001\246\240\003\002\001\002\002\022\021 -\040\346\370\114\374\044\260\276\005\100\254\332\203\033\064\140 -\077\060\012\006\010\052\206\110\316\075\004\003\003\060\100\061 -\013\060\011\006\003\125\004\006\023\002\106\122\061\022\060\020 -\006\003\125\004\012\014\011\117\160\145\156\124\162\165\163\164 -\061\035\060\033\006\003\125\004\003\014\024\117\160\145\156\124 -\162\165\163\164\040\122\157\157\164\040\103\101\040\107\063\060 -\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060\132 -\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132\060 -\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022 -\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162\165 -\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160\145 -\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040\107 -\063\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 -\053\201\004\000\042\003\142\000\004\112\356\130\256\115\312\146 -\336\006\072\243\021\374\340\030\360\156\034\272\055\060\014\211 -\331\326\356\233\163\203\251\043\025\214\057\131\212\132\335\024 -\352\235\131\053\103\267\006\354\062\266\272\356\101\265\255\135 -\241\205\314\352\035\024\146\243\147\176\106\342\224\363\347\266 -\126\241\025\131\241\117\067\227\271\042\036\275\021\353\364\262 -\037\136\303\024\232\345\331\227\231\243\143\060\141\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035 -\006\003\125\035\016\004\026\004\024\107\167\303\024\213\142\071 -\014\311\157\341\120\115\320\020\130\334\225\210\155\060\037\006 -\003\125\035\043\004\030\060\026\200\024\107\167\303\024\213\142 -\071\014\311\157\341\120\115\320\020\130\334\225\210\155\060\012 -\006\010\052\206\110\316\075\004\003\003\003\151\000\060\146\002 -\061\000\217\250\334\235\272\014\004\027\372\025\351\075\057\051 -\001\227\277\201\026\063\100\223\154\374\371\355\200\160\157\252 -\217\333\204\302\213\365\065\312\006\334\144\157\150\026\341\217 -\221\271\002\061\000\330\113\245\313\302\320\010\154\351\030\373 -\132\335\115\137\044\013\260\000\041\045\357\217\247\004\046\161 -\342\174\151\345\135\232\370\101\037\073\071\223\223\235\125\352 -\315\215\361\373\301 +\060\202\003\366\060\202\002\336\240\003\002\001\002\002\020\144 +\202\236\374\067\036\164\135\374\227\377\227\310\261\377\101\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 +\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035 +\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145 +\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060 +\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143 +\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105 +\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145 +\143\040\103\154\141\163\163\040\062\040\120\165\142\154\151\143 +\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\040\055\040\107\066\060\036\027\015\061\061\061\060\061\070\060 +\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063 +\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004 +\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024 +\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141 +\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123 +\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145 +\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074 +\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\062 +\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040 +\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165 +\164\150\157\162\151\164\171\040\055\040\107\066\060\202\001\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\001\017\000\060\202\001\012\002\202\001\001\000\315\314\351 +\005\310\143\205\313\077\100\143\027\275\030\372\065\346\004\147 +\127\145\230\051\244\117\311\134\217\017\064\322\370\332\250\023 +\142\252\270\036\120\147\170\260\026\114\240\071\251\025\172\256 +\355\322\242\300\360\220\067\051\030\046\134\350\015\074\266\154 +\111\077\301\340\334\331\113\266\024\031\013\246\323\226\341\326 +\011\343\031\046\034\371\037\145\113\371\032\103\034\000\203\326 +\320\252\111\242\324\333\346\142\070\272\120\024\103\155\371\061 +\370\126\026\331\070\002\221\317\353\154\335\273\071\116\231\341 +\060\147\105\361\324\360\215\303\337\376\362\070\007\041\175\000 +\136\126\104\263\344\140\275\221\053\234\253\133\004\162\017\262 +\050\331\162\253\005\040\102\045\251\133\003\152\040\020\314\061 +\360\053\332\065\054\320\373\232\227\116\360\202\113\053\330\137 +\066\243\013\055\257\143\015\035\045\177\241\156\134\142\241\215 +\050\076\241\374\034\040\370\001\057\272\125\232\021\260\031\322 +\310\120\171\153\016\152\005\327\252\004\066\262\243\362\341\137 +\167\247\167\234\345\036\334\351\337\152\301\145\135\002\003\001 +\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 +\004\024\207\214\040\225\310\230\112\321\326\200\006\112\220\064 +\104\337\034\115\277\260\060\015\006\011\052\206\110\206\367\015 +\001\001\013\005\000\003\202\001\001\000\201\216\262\245\146\226 +\267\041\245\266\357\157\043\132\137\333\201\305\102\245\170\301 +\151\375\364\074\327\371\134\153\160\162\032\374\132\227\115\000 +\200\210\210\202\212\303\161\015\216\305\211\233\054\355\215\013 +\322\162\124\365\175\324\134\103\127\351\363\256\245\002\021\366 +\166\053\201\127\335\175\332\164\060\375\124\107\366\340\026\156 +\246\264\012\110\346\347\165\007\017\051\031\071\316\171\364\266 +\154\305\137\231\325\037\113\372\337\155\054\074\015\124\200\160 +\360\210\013\200\317\306\150\242\270\035\160\331\166\214\374\356 +\245\311\317\255\035\317\231\045\127\132\142\105\313\026\153\275 +\111\315\245\243\214\151\171\045\256\270\114\154\213\100\146\113 +\026\077\317\002\032\335\341\154\153\007\141\152\166\025\051\231 +\177\033\335\210\200\301\277\265\217\163\305\246\226\043\204\246 +\050\206\044\063\152\001\056\127\163\045\266\136\277\217\346\035 +\141\250\100\051\147\035\207\233\035\177\233\237\231\315\061\326 +\124\276\142\273\071\254\150\022\110\221\040\245\313\261\335\376 +\157\374\132\344\202\125\131\257\061\251 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "OpenTrust Root CA G3" -# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f -# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92 -# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6 +# Trust for "Symantec Class 2 Public Primary Certification Authority - G6" +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0 +# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G3" +CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\156\046\144\363\126\277\064\125\277\321\223\077\174\001\336\330 -\023\332\212\246 +\100\263\061\240\351\277\350\125\274\071\223\312\160\117\116\302 +\121\324\035\217 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\041\067\264\027\026\222\173\147\106\160\251\226\327\250\023\044 +\175\013\203\345\373\174\255\007\117\040\251\265\337\143\355\171 END CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\063 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203 -\033\064\140\077 +\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261 +\377\101 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "ISRG Root X1" +# Certificate "Symantec Class 1 Public Primary Certification Authority - G4" # -# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US -# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 -# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US -# Not Valid Before: Thu Jun 04 11:04:38 2015 -# Not Valid After : Mon Jun 04 11:04:38 2035 -# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 -# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF +# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ISRG Root X1" +CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 -\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 -\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 -\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 -\061 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 -\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 -\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 -\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 -\061 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143 -\202\213\000 +\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074 +\304\330 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\153\060\202\003\123\240\003\002\001\002\002\021\000 -\202\020\317\260\322\100\343\131\104\143\340\273\143\202\213\000 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061\051 -\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156\145 -\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145\141 -\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003\125 -\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130\061 -\060\036\027\015\061\065\060\066\060\064\061\061\060\064\063\070 -\132\027\015\063\065\060\066\060\064\061\061\060\064\063\070\132 -\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 -\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 -\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 -\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 -\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 -\001\000\255\350\044\163\364\024\067\363\233\236\053\127\050\034 -\207\276\334\267\337\070\220\214\156\074\346\127\240\170\367\165 -\302\242\376\365\152\156\366\000\117\050\333\336\150\206\154\104 -\223\266\261\143\375\024\022\153\277\037\322\352\061\233\041\176 -\321\063\074\272\110\365\335\171\337\263\270\377\022\361\041\232 -\113\301\212\206\161\151\112\146\146\154\217\176\074\160\277\255 -\051\042\006\363\344\300\346\200\256\342\113\217\267\231\176\224 -\003\237\323\107\227\174\231\110\043\123\350\070\256\117\012\157 -\203\056\321\111\127\214\200\164\266\332\057\320\070\215\173\003 -\160\041\033\165\362\060\074\372\217\256\335\332\143\253\353\026 -\117\302\216\021\113\176\317\013\350\377\265\167\056\364\262\173 -\112\340\114\022\045\014\160\215\003\051\240\341\123\044\354\023 -\331\356\031\277\020\263\112\214\077\211\243\141\121\336\254\207 -\007\224\364\143\161\354\056\342\157\133\230\201\341\211\134\064 -\171\154\166\357\073\220\142\171\346\333\244\232\057\046\305\320 -\020\341\016\336\331\020\216\026\373\267\367\250\367\307\345\002 -\007\230\217\066\010\225\347\342\067\226\015\066\165\236\373\016 -\162\261\035\233\274\003\371\111\005\330\201\335\005\264\052\326 -\101\351\254\001\166\225\012\017\330\337\325\275\022\037\065\057 -\050\027\154\322\230\301\250\011\144\167\156\107\067\272\316\254 -\131\136\150\235\177\162\326\211\305\006\101\051\076\131\076\335 -\046\365\044\311\021\247\132\243\114\100\037\106\241\231\265\247 -\072\121\156\206\073\236\175\162\247\022\005\170\131\355\076\121 -\170\025\013\003\217\215\320\057\005\262\076\173\112\034\113\163 -\005\022\374\306\352\340\120\023\174\103\223\164\263\312\164\347 -\216\037\001\010\320\060\324\133\161\066\264\007\272\301\060\060 -\134\110\267\202\073\230\246\175\140\212\242\243\051\202\314\272 -\275\203\004\033\242\203\003\101\241\326\005\361\033\302\266\360 -\250\174\206\073\106\250\110\052\210\334\166\232\166\277\037\152 -\245\075\031\217\353\070\363\144\336\310\053\015\012\050\377\367 -\333\342\025\102\324\042\320\047\135\341\171\376\030\347\160\210 -\255\116\346\331\213\072\306\335\047\121\156\377\274\144\365\063 -\103\117\002\003\001\000\001\243\102\060\100\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003 -\125\035\016\004\026\004\024\171\264\131\346\173\266\345\344\001 -\163\200\010\210\310\032\130\366\351\233\156\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\125 -\037\130\251\274\262\250\120\320\014\261\330\032\151\040\047\051 -\010\254\141\165\134\212\156\370\202\345\151\057\325\366\126\113 -\271\270\163\020\131\323\041\227\176\347\114\161\373\262\322\140 -\255\071\250\013\352\027\041\126\205\361\120\016\131\353\316\340 -\131\351\272\311\025\357\206\235\217\204\200\366\344\351\221\220 -\334\027\233\142\033\105\360\146\225\322\174\157\302\352\073\357 -\037\317\313\326\256\047\361\251\260\310\256\375\175\176\232\372 -\042\004\353\377\331\177\352\221\053\042\261\027\016\217\362\212 -\064\133\130\330\374\001\311\124\271\270\046\314\212\210\063\211 -\114\055\204\074\202\337\356\226\127\005\272\054\273\367\304\267 -\307\116\073\202\276\061\310\042\163\163\222\321\302\200\244\071 -\071\020\063\043\202\114\074\237\206\262\125\230\035\276\051\206 -\214\042\233\236\342\153\073\127\072\202\160\115\334\011\307\211 -\313\012\007\115\154\350\135\216\311\357\316\253\307\273\265\053 -\116\105\326\112\320\046\314\345\162\312\010\152\245\225\343\025 -\241\367\244\355\311\054\137\245\373\377\254\050\002\056\276\327 -\173\273\343\161\173\220\026\323\007\136\106\123\174\067\007\102 -\214\323\304\226\234\325\231\265\052\340\225\032\200\110\256\114 -\071\007\316\314\107\244\122\225\053\272\270\373\255\322\063\123 -\175\345\035\115\155\325\241\261\307\102\157\346\100\047\065\134 -\243\050\267\007\215\347\215\063\220\347\043\237\373\120\234\171 -\154\106\325\264\025\263\226\156\176\233\014\226\072\270\122\055 -\077\326\133\341\373\010\302\204\376\044\250\243\211\332\254\152 -\341\030\052\261\250\103\141\133\323\037\334\073\215\166\362\055 -\350\215\165\337\027\063\154\075\123\373\173\313\101\137\377\334 -\242\320\141\070\341\226\270\254\135\213\067\327\165\325\063\300 -\231\021\256\235\101\301\162\165\204\276\002\101\102\137\147\044 -\110\224\321\233\047\276\007\077\271\270\117\201\164\121\341\172 -\267\355\235\043\342\276\340\325\050\004\023\074\061\003\236\335 -\172\154\217\306\007\030\306\177\336\107\216\077\050\236\004\006 -\317\245\124\064\167\275\354\211\233\351\027\103\337\133\333\137 -\376\216\036\127\242\315\100\235\176\142\042\332\336\030\047 +\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\041 +\156\063\245\313\323\210\244\157\051\007\264\047\074\304\330\060 +\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006 +\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103 +\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003 +\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162 +\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006 +\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103 +\154\141\163\163\040\061\040\120\165\142\154\151\143\040\120\162 +\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040 +\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060 +\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 +\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002 +\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155 +\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157 +\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141 +\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157 +\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155 +\141\156\164\145\143\040\103\154\141\163\163\040\061\040\120\165 +\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162 +\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 +\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052 +\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 +\004\327\146\265\033\333\256\263\140\356\106\352\210\143\165\073 +\052\224\155\363\137\022\366\343\017\236\266\012\024\123\110\122 +\310\334\072\263\313\110\040\046\022\116\372\211\204\324\337\221 +\344\051\175\050\001\331\333\030\103\151\241\037\265\323\206\026 +\334\307\177\147\043\337\337\061\061\203\003\065\160\261\113\267 +\310\027\273\121\313\334\224\027\333\352\011\073\166\022\336\252 +\265\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 +\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 +\024\145\300\215\045\365\014\272\227\167\220\077\236\056\340\132 +\365\316\325\341\344\060\012\006\010\052\206\110\316\075\004\003 +\003\003\151\000\060\146\002\061\000\245\256\343\106\123\370\230 +\066\343\042\372\056\050\111\015\356\060\176\063\363\354\077\161 +\136\314\125\211\170\231\254\262\375\334\034\134\063\216\051\271 +\153\027\310\021\150\265\334\203\007\002\061\000\234\310\104\332 +\151\302\066\303\124\031\020\205\002\332\235\107\357\101\347\154 +\046\235\011\075\367\155\220\321\005\104\057\260\274\203\223\150 +\362\014\105\111\071\277\231\004\034\323\020\240 END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "ISRG Root X1" -# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US -# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 -# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US -# Not Valid Before: Thu Jun 04 11:04:38 2015 -# Not Valid After : Mon Jun 04 11:04:38 2035 -# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 -# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Symantec Class 1 Public Primary Certification Authority - G4" +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF +# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ISRG Root X1" +CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\312\275\052\171\241\007\152\061\362\035\045\066\065\313\003\235 -\103\051\245\350 +\204\362\343\335\203\023\076\251\035\031\122\177\002\327\051\277 +\301\137\346\147 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\014\322\371\340\332\027\163\351\355\206\115\245\343\160\347\116 +\004\345\200\077\125\377\131\207\244\062\322\025\245\345\252\346 END CKA_ISSUER MULTILINE_OCTAL -\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 -\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 -\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 -\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 -\061 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143 -\202\213\000 +\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074 +\304\330 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "AC RAIZ FNMT-RCM" +# Certificate "Symantec Class 2 Public Primary Certification Authority - G4" # -# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES -# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 -# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES -# Not Valid Before: Wed Oct 29 15:59:56 2008 -# Not Valid After : Tue Jan 01 00:00:00 2030 -# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA -# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92 +# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AC RAIZ FNMT-RCM" +CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 -\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 -\122\101\111\132\040\106\116\115\124\055\122\103\115 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 -\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 -\122\101\111\132\040\106\116\115\124\055\122\103\115 +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\135\223\215\060\147\066\310\006\035\032\307\124\204\151 -\007 +\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125 +\246\036 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\203\060\202\003\153\240\003\002\001\002\002\017\135 -\223\215\060\147\066\310\006\035\032\307\124\204\151\007\060\015 -\006\011\052\206\110\206\367\015\001\001\013\005\000\060\073\061 -\013\060\011\006\003\125\004\006\023\002\105\123\061\021\060\017 -\006\003\125\004\012\014\010\106\116\115\124\055\122\103\115\061 -\031\060\027\006\003\125\004\013\014\020\101\103\040\122\101\111 -\132\040\106\116\115\124\055\122\103\115\060\036\027\015\060\070 -\061\060\062\071\061\065\065\071\065\066\132\027\015\063\060\060 -\061\060\061\060\060\060\060\060\060\132\060\073\061\013\060\011 -\006\003\125\004\006\023\002\105\123\061\021\060\017\006\003\125 -\004\012\014\010\106\116\115\124\055\122\103\115\061\031\060\027 -\006\003\125\004\013\014\020\101\103\040\122\101\111\132\040\106 -\116\115\124\055\122\103\115\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\272\161\200\172\114\206\156\177 -\310\023\155\300\306\175\034\000\227\217\054\014\043\273\020\232 -\100\251\032\267\207\210\370\233\126\152\373\346\173\216\213\222 -\216\247\045\135\131\021\333\066\056\267\121\027\037\251\010\037 -\004\027\044\130\252\067\112\030\337\345\071\324\127\375\327\301 -\054\221\001\221\342\042\324\003\300\130\374\167\107\354\217\076 -\164\103\272\254\064\215\115\070\166\147\216\260\310\157\060\063 -\130\161\134\264\365\153\156\324\001\120\270\023\176\154\112\243 -\111\321\040\031\356\274\300\051\030\145\247\336\376\357\335\012 -\220\041\347\032\147\222\102\020\230\137\117\060\274\076\034\105 -\264\020\327\150\100\024\300\100\372\347\167\027\172\346\013\217 -\145\133\074\331\232\122\333\265\275\236\106\317\075\353\221\005 -\002\300\226\262\166\114\115\020\226\073\222\372\234\177\017\231 -\337\276\043\065\105\036\002\134\376\265\250\233\231\045\332\136 -\363\042\303\071\365\344\052\056\323\306\037\304\154\252\305\034 -\152\001\005\112\057\322\305\301\250\064\046\135\146\245\322\002 -\041\371\030\267\006\365\116\231\157\250\253\114\121\350\317\120 -\030\305\167\310\071\011\054\111\222\062\231\250\273\027\027\171 -\260\132\305\346\243\304\131\145\107\065\203\136\251\350\065\013 -\231\273\344\315\040\306\233\112\006\071\265\150\374\042\272\356 -\125\214\053\116\352\363\261\343\374\266\231\232\325\102\372\161 -\115\010\317\207\036\152\161\175\371\323\264\351\245\161\201\173 -\302\116\107\226\245\366\166\205\243\050\217\351\200\156\201\123 -\245\155\137\270\110\371\302\371\066\246\056\111\377\270\226\302 -\214\007\263\233\210\130\374\353\033\034\336\055\160\342\227\222 -\060\241\211\343\274\125\250\047\326\113\355\220\255\213\372\143 -\045\131\055\250\065\335\312\227\063\274\345\315\307\235\321\354 -\357\136\016\112\220\006\046\143\255\271\331\065\055\007\272\166 -\145\054\254\127\217\175\364\007\224\327\201\002\226\135\243\007 -\111\325\172\320\127\371\033\347\123\106\165\252\260\171\102\313 -\150\161\010\351\140\275\071\151\316\364\257\303\126\100\307\255 -\122\242\011\344\157\206\107\212\037\353\050\047\135\203\040\257 -\004\311\154\126\232\213\106\365\002\003\001\000\001\243\201\203 -\060\201\200\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\367 -\175\305\375\304\350\232\033\167\144\247\365\035\240\314\277\207 -\140\232\155\060\076\006\003\125\035\040\004\067\060\065\060\063 -\006\004\125\035\040\000\060\053\060\051\006\010\053\006\001\005 -\005\007\002\001\026\035\150\164\164\160\072\057\057\167\167\167 -\056\143\145\162\164\056\146\156\155\164\056\145\163\057\144\160 -\143\163\057\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\002\001\000\007\220\112\337\363\043\116\360\303 -\234\121\145\233\234\042\242\212\014\205\363\163\051\153\115\376 -\001\342\251\014\143\001\277\004\147\245\235\230\137\375\001\023 -\372\354\232\142\351\206\376\266\142\322\156\114\224\373\300\165 -\105\174\145\014\370\262\067\317\254\017\317\215\157\371\031\367 -\217\354\036\362\160\236\360\312\270\357\267\377\166\067\166\133 -\366\156\210\363\257\142\062\042\223\015\072\152\216\024\146\014 -\055\123\164\127\145\036\325\262\335\043\201\073\245\146\043\047 -\147\011\217\341\167\252\103\315\145\121\010\355\121\130\376\346 -\071\371\313\107\204\244\025\361\166\273\244\356\244\073\304\137 -\357\262\063\226\021\030\267\311\145\276\030\341\243\244\334\372 -\030\371\323\274\023\233\071\172\064\272\323\101\373\372\062\212 -\052\267\053\206\013\151\203\070\276\315\212\056\013\160\255\215 -\046\222\356\036\365\001\053\012\331\326\227\233\156\340\250\031 -\034\072\041\213\014\036\100\255\003\347\335\146\176\365\271\040 -\015\003\350\226\371\202\105\324\071\340\240\000\135\327\230\346 -\175\236\147\163\303\232\052\367\253\213\241\072\024\357\064\274 -\122\016\211\230\232\004\100\204\035\176\105\151\223\127\316\353 -\316\370\120\174\117\034\156\004\103\233\371\326\073\043\030\351 -\352\216\321\115\106\215\361\073\344\152\312\272\373\043\267\233 -\372\231\001\051\132\130\132\055\343\371\324\155\016\046\255\301 -\156\064\274\062\370\014\005\372\145\243\333\073\067\203\042\351 -\326\334\162\063\375\135\362\040\275\166\074\043\332\050\367\371 -\033\353\131\144\325\334\137\162\176\040\374\315\211\265\220\147 -\115\142\172\077\116\255\035\303\071\376\172\364\050\026\337\101 -\366\110\200\005\327\017\121\171\254\020\253\324\354\003\146\346 -\152\260\272\061\222\102\100\152\276\072\323\162\341\152\067\125 -\274\254\035\225\267\151\141\362\103\221\164\346\240\323\012\044 -\106\241\010\257\326\332\105\031\226\324\123\035\133\204\171\360 -\300\367\107\357\213\217\305\006\256\235\114\142\235\377\106\004 -\370\323\311\266\020\045\100\165\376\026\252\311\112\140\206\057 -\272\357\060\167\344\124\342\270\204\231\130\200\252\023\213\121 -\072\117\110\366\213\266\263 +\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\064 +\027\145\022\100\073\267\126\200\055\200\313\171\125\246\036\060 +\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006 +\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103 +\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003 +\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162 +\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006 +\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103 +\154\141\163\163\040\062\040\120\165\142\154\151\143\040\120\162 +\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040 +\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060 +\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 +\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002 +\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155 +\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157 +\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141 +\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157 +\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155 +\141\156\164\145\143\040\103\154\141\163\163\040\062\040\120\165 +\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162 +\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 +\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052 +\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 +\004\321\331\112\216\114\015\204\112\121\272\174\357\323\314\372 +\072\232\265\247\143\023\075\001\340\111\076\372\301\107\311\222 +\263\072\327\376\157\234\367\232\072\017\365\016\012\012\303\077 +\310\347\022\024\216\325\325\155\230\054\263\161\062\012\353\052 +\275\366\327\152\040\013\147\105\234\322\262\277\123\042\146\011 +\135\333\021\363\361\005\063\130\243\342\270\317\174\315\202\233 +\275\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 +\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 +\024\075\062\363\072\251\014\220\204\371\242\214\151\006\141\124 +\057\207\162\376\005\060\012\006\010\052\206\110\316\075\004\003 +\003\003\151\000\060\146\002\061\000\310\246\251\257\101\177\265 +\311\021\102\026\150\151\114\134\270\047\030\266\230\361\300\177 +\220\155\207\323\214\106\027\360\076\117\374\352\260\010\304\172 +\113\274\010\057\307\342\247\157\145\002\061\000\326\131\336\206 +\316\137\016\312\124\325\306\320\025\016\374\213\224\162\324\216 +\000\130\123\317\176\261\113\015\345\120\206\353\236\153\337\377 +\051\246\330\107\331\240\226\030\333\362\105\263 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Symantec Class 2 Public Primary Certification Authority - G4" +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92 +# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\147\044\220\056\110\001\260\042\226\100\020\106\264\261\147\054 +\251\165\375\053 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\160\325\060\361\332\224\227\324\327\164\337\276\355\150\336\226 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125 +\246\036 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "D-TRUST Root CA 3 2013" +# +# Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE +# Serial Number: 1039788 (0xfddac) +# Subject: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE +# Not Valid Before: Fri Sep 20 08:25:51 2013 +# Not Valid After : Wed Sep 20 08:25:51 2028 +# Fingerprint (SHA-256): A1:A8:6D:04:12:1E:B8:7F:02:7C:66:F5:33:03:C2:8E:57:39:F9:43:FC:84:B3:8A:D6:AF:00:90:35:DD:94:57 +# Fingerprint (SHA1): 6C:7C:CC:E7:D4:AE:51:5F:99:08:CD:3F:F6:E8:C3:78:DF:6F:EF:97 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "D-TRUST Root CA 3 2013" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003\014 +\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103\101 +\040\063\040\062\060\061\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003\014 +\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103\101 +\040\063\040\062\060\061\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\003\017\335\254 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\004\016\060\202\002\366\240\003\002\001\002\002\003\017 +\335\254\060\015\006\011\052\206\110\206\367\015\001\001\013\005 +\000\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105 +\061\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165 +\163\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003 +\014\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103 +\101\040\063\040\062\060\061\063\060\036\027\015\061\063\060\071 +\062\060\060\070\062\065\065\061\132\027\015\062\070\060\071\062 +\060\060\070\062\065\065\061\132\060\105\061\013\060\011\006\003 +\125\004\006\023\002\104\105\061\025\060\023\006\003\125\004\012 +\014\014\104\055\124\162\165\163\164\040\107\155\142\110\061\037 +\060\035\006\003\125\004\003\014\026\104\055\124\122\125\123\124 +\040\122\157\157\164\040\103\101\040\063\040\062\060\061\063\060 +\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001 +\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000 +\304\173\102\222\202\037\354\355\124\230\216\022\300\312\011\337 +\223\156\072\223\134\033\344\020\167\236\116\151\210\154\366\341 +\151\362\366\233\242\141\261\275\007\040\164\230\145\361\214\046 +\010\315\250\065\312\200\066\321\143\155\350\104\172\202\303\154 +\136\336\273\350\066\322\304\150\066\214\237\062\275\204\042\340 +\334\302\356\020\106\071\155\257\223\071\256\207\346\303\274\011 +\311\054\153\147\133\331\233\166\165\114\013\340\273\305\327\274 +\076\171\362\137\276\321\220\127\371\256\366\146\137\061\277\323 +\155\217\247\272\112\363\043\145\273\267\357\243\045\327\012\352 +\130\266\357\210\372\372\171\262\122\130\325\360\254\214\241\121 +\164\051\225\252\121\073\220\062\003\237\034\162\164\220\336\075 +\355\141\322\345\343\375\144\107\345\271\267\112\251\367\037\256 +\226\206\004\254\057\343\244\201\167\267\132\026\377\330\017\077 +\366\267\170\314\244\257\372\133\074\022\133\250\122\211\162\357 +\210\363\325\104\201\206\225\043\237\173\335\274\331\064\357\174 +\224\074\252\300\101\302\343\235\120\032\300\344\031\042\374\263 +\002\003\001\000\001\243\202\001\005\060\202\001\001\060\017\006 +\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035 +\006\003\125\035\016\004\026\004\024\077\220\310\175\307\025\157 +\363\044\217\251\303\057\113\242\017\041\262\057\347\060\016\006 +\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\276 +\006\003\125\035\037\004\201\266\060\201\263\060\164\240\162\240 +\160\206\156\154\144\141\160\072\057\057\144\151\162\145\143\164 +\157\162\171\056\144\055\164\162\165\163\164\056\156\145\164\057 +\103\116\075\104\055\124\122\125\123\124\045\062\060\122\157\157 +\164\045\062\060\103\101\045\062\060\063\045\062\060\062\060\061 +\063\054\117\075\104\055\124\162\165\163\164\045\062\060\107\155 +\142\110\054\103\075\104\105\077\143\145\162\164\151\146\151\143 +\141\164\145\162\145\166\157\143\141\164\151\157\156\154\151\163 +\164\060\073\240\071\240\067\206\065\150\164\164\160\072\057\057 +\143\162\154\056\144\055\164\162\165\163\164\056\156\145\164\057 +\143\162\154\057\144\055\164\162\165\163\164\137\162\157\157\164 +\137\143\141\137\063\137\062\060\061\063\056\143\162\154\060\015 +\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001 +\001\000\016\131\016\130\344\164\110\043\104\317\064\041\265\234 +\024\032\255\232\113\267\263\210\155\134\251\027\160\360\052\237 +\215\173\371\173\205\372\307\071\350\020\010\260\065\053\137\317 +\002\322\323\234\310\013\036\356\005\124\256\067\223\004\011\175 +\154\217\302\164\274\370\034\224\276\061\001\100\055\363\044\040 +\267\204\125\054\134\310\365\164\112\020\031\213\243\307\355\065 +\326\011\110\323\016\300\272\071\250\260\106\002\260\333\306\210 +\131\302\276\374\173\261\053\317\176\142\207\125\226\314\001\157 +\233\147\041\225\065\213\370\020\374\161\033\267\113\067\151\246 +\073\326\354\213\356\301\260\363\045\311\217\222\175\241\352\303 +\312\104\277\046\245\164\222\234\343\164\353\235\164\331\313\115 +\207\330\374\264\151\154\213\240\103\007\140\170\227\351\331\223 +\174\302\106\274\233\067\122\243\355\212\074\023\251\173\123\113 +\111\232\021\005\054\013\156\126\254\037\056\202\154\340\151\147 +\265\016\155\055\331\344\300\025\361\077\372\030\162\341\025\155 +\047\133\055\060\050\053\237\110\232\144\053\231\357\362\165\111 +\137\134 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "AC RAIZ FNMT-RCM" -# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES -# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 -# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES -# Not Valid Before: Wed Oct 29 15:59:56 2008 -# Not Valid After : Tue Jan 01 00:00:00 2030 -# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA -# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 +# Trust for "D-TRUST Root CA 3 2013" +# Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE +# Serial Number: 1039788 (0xfddac) +# Subject: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE +# Not Valid Before: Fri Sep 20 08:25:51 2013 +# Not Valid After : Wed Sep 20 08:25:51 2028 +# Fingerprint (SHA-256): A1:A8:6D:04:12:1E:B8:7F:02:7C:66:F5:33:03:C2:8E:57:39:F9:43:FC:84:B3:8A:D6:AF:00:90:35:DD:94:57 +# Fingerprint (SHA1): 6C:7C:CC:E7:D4:AE:51:5F:99:08:CD:3F:F6:E8:C3:78:DF:6F:EF:97 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AC RAIZ FNMT-RCM" +CKA_LABEL UTF8 "D-TRUST Root CA 3 2013" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\354\120\065\007\262\025\304\225\142\031\342\250\232\133\102\231 -\054\114\054\040 +\154\174\314\347\324\256\121\137\231\010\315\077\366\350\303\170 +\337\157\357\227 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\342\011\004\264\323\275\321\240\024\375\032\322\107\304\127\035 +\267\042\146\230\176\326\003\340\301\161\346\165\315\126\105\277 END CKA_ISSUER MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 -\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 -\122\101\111\132\040\106\116\115\124\055\122\103\115 +\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003\014 +\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103\101 +\040\063\040\062\060\061\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\135\223\215\060\147\066\310\006\035\032\307\124\204\151 -\007 +\002\003\017\335\254 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Amazon Root CA 1" +# Certificate "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" # -# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US -# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca -# Subject: CN=Amazon Root CA 1,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sun Jan 17 00:00:00 2038 -# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E -# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 +# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR +# Serial Number: 1 (0x1) +# Subject: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR +# Not Valid Before: Mon Nov 25 08:25:55 2013 +# Not Valid After : Sun Oct 25 08:25:55 2043 +# Fingerprint (SHA-256): 46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16 +# Fingerprint (SHA1): 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 1" +CKA_LABEL UTF8 "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\061 +\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122 +\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145 +\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003 +\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154 +\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157 +\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165 +\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055 +\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145 +\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153 +\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060 +\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040 +\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040 +\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165 +\162\165\155\040\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\317\231\277\214\012\071\342\360\170\212\103 -\346\226\066\133\312 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\101\060\202\002\051\240\003\002\001\002\002\023\006 -\154\237\317\231\277\214\012\071\342\360\170\212\103\346\226\066 -\133\312\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157 -\156\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172 -\157\156\040\122\157\157\164\040\103\101\040\061\060\036\027\015 -\061\065\060\065\062\066\060\060\060\060\060\060\132\027\015\063 -\070\060\061\061\067\060\060\060\060\060\060\132\060\071\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\017\060\015\006 -\003\125\004\012\023\006\101\155\141\172\157\156\061\031\060\027 -\006\003\125\004\003\023\020\101\155\141\172\157\156\040\122\157 -\157\164\040\103\101\040\061\060\202\001\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060 -\202\001\012\002\202\001\001\000\262\170\200\161\312\170\325\343 -\161\257\107\200\120\164\175\156\330\327\210\166\364\231\150\367 -\130\041\140\371\164\204\001\057\254\002\055\206\323\240\103\172 -\116\262\244\320\066\272\001\276\215\333\110\310\007\027\066\114 -\364\356\210\043\307\076\353\067\365\265\031\370\111\150\260\336 -\327\271\166\070\035\141\236\244\376\202\066\245\345\112\126\344 -\105\341\371\375\264\026\372\164\332\234\233\065\071\057\372\260 -\040\120\006\154\172\320\200\262\246\371\257\354\107\031\217\120 -\070\007\334\242\207\071\130\370\272\325\251\371\110\147\060\226 -\356\224\170\136\157\211\243\121\300\060\206\146\241\105\146\272 -\124\353\243\303\221\371\110\334\377\321\350\060\055\175\055\164 -\160\065\327\210\044\367\236\304\131\156\273\163\207\027\362\062 -\106\050\270\103\372\267\035\252\312\264\362\237\044\016\055\113 -\367\161\134\136\151\377\352\225\002\313\070\212\256\120\070\157 -\333\373\055\142\033\305\307\036\124\341\167\340\147\310\017\234 -\207\043\326\077\100\040\177\040\200\304\200\114\076\073\044\046 -\216\004\256\154\232\310\252\015\002\003\001\000\001\243\102\060 -\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\206\060\035\006\003\125\035\016\004\026\004\024\204\030\314 -\205\064\354\274\014\224\224\056\010\131\234\307\262\020\116\012 -\010\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 -\003\202\001\001\000\230\362\067\132\101\220\241\032\305\166\121 -\050\040\066\043\016\256\346\050\273\252\370\224\256\110\244\060 -\177\033\374\044\215\113\264\310\241\227\366\266\361\172\160\310 -\123\223\314\010\050\343\230\045\317\043\244\371\336\041\323\174 -\205\011\255\116\232\165\072\302\013\152\211\170\166\104\107\030 -\145\154\215\101\216\073\177\232\313\364\265\247\120\327\005\054 -\067\350\003\113\255\351\141\240\002\156\365\362\360\305\262\355 -\133\267\334\372\224\134\167\236\023\245\177\122\255\225\362\370 -\223\073\336\213\134\133\312\132\122\133\140\257\024\367\113\357 -\243\373\237\100\225\155\061\124\374\102\323\307\106\037\043\255 -\331\017\110\160\232\331\165\170\161\321\162\103\064\165\156\127 -\131\302\002\134\046\140\051\317\043\031\026\216\210\103\245\324 -\344\313\010\373\043\021\103\350\103\051\162\142\241\251\135\136 -\010\324\220\256\270\330\316\024\302\320\125\362\206\366\304\223 -\103\167\146\141\300\271\350\101\327\227\170\140\003\156\112\162 -\256\245\321\175\272\020\236\206\154\033\212\271\131\063\370\353 -\304\220\276\361\271 +\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122 +\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145 +\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003 +\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154 +\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157 +\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165 +\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055 +\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145 +\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153 +\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060 +\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040 +\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040 +\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165 +\162\165\155\040\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\001 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\004\143\060\202\003\113\240\003\002\001\002\002\001\001 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122\061 +\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145\040 +\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003\125 +\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154\151 +\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157\152 +\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165\162 +\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055\060 +\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145\162 +\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145 +\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060\064 +\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040\113 +\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040\123 +\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165\162 +\165\155\040\061\060\036\027\015\061\063\061\061\062\065\060\070 +\062\065\065\065\132\027\015\064\063\061\060\062\065\060\070\062 +\065\065\065\132\060\201\322\061\013\060\011\006\003\125\004\006 +\023\002\124\122\061\030\060\026\006\003\125\004\007\023\017\107 +\145\142\172\145\040\055\040\113\157\143\141\145\154\151\061\102 +\060\100\006\003\125\004\012\023\071\124\165\162\153\151\171\145 +\040\102\151\154\151\155\163\145\154\040\166\145\040\124\145\153 +\156\157\154\157\152\151\153\040\101\162\141\163\164\151\162\155 +\141\040\113\165\162\165\155\165\040\055\040\124\125\102\111\124 +\101\113\061\055\060\053\006\003\125\004\013\023\044\113\141\155 +\165\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040 +\115\145\162\153\145\172\151\040\055\040\113\141\155\165\040\123 +\115\061\066\060\064\006\003\125\004\003\023\055\124\125\102\111 +\124\101\113\040\113\141\155\165\040\123\115\040\123\123\114\040 +\113\157\153\040\123\145\162\164\151\146\151\153\141\163\151\040 +\055\040\123\165\162\165\155\040\061\060\202\001\042\060\015\006 +\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 +\000\060\202\001\012\002\202\001\001\000\257\165\060\063\252\273 +\153\323\231\054\022\067\204\331\215\173\227\200\323\156\347\377 +\233\120\225\076\220\225\126\102\327\031\174\046\204\215\222\372 +\001\035\072\017\342\144\070\267\214\274\350\210\371\213\044\253 +\056\243\365\067\344\100\216\030\045\171\203\165\037\073\377\154 +\250\305\306\126\370\264\355\212\104\243\253\154\114\374\035\320 +\334\357\150\275\317\344\252\316\360\125\367\242\064\324\203\153 +\067\174\034\302\376\265\003\354\127\316\274\264\265\305\355\000 +\017\123\067\052\115\364\117\014\203\373\206\317\313\376\214\116 +\275\207\371\247\213\041\127\234\172\337\003\147\211\054\235\227 +\141\247\020\270\125\220\177\016\055\047\070\164\337\347\375\332 +\116\022\343\115\025\042\002\310\340\340\374\017\255\212\327\311 +\124\120\314\073\017\312\026\200\204\320\121\126\303\216\126\177 +\211\042\063\057\346\205\012\275\245\250\033\066\336\323\334\054 +\155\073\307\023\275\131\043\054\346\345\244\367\330\013\355\352 +\220\100\104\250\225\273\223\325\320\200\064\266\106\170\016\037 +\000\223\106\341\356\351\371\354\117\027\002\003\001\000\001\243 +\102\060\100\060\035\006\003\125\035\016\004\026\004\024\145\077 +\307\212\206\306\074\335\074\124\134\065\370\072\355\122\014\107 +\127\310\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\003\202\001\001\000\052\077\341\361\062\216\256\341\230 +\134\113\136\317\153\036\152\011\322\042\251\022\307\136\127\175 +\163\126\144\200\204\172\223\344\011\271\020\315\237\052\047\341 +\000\167\276\110\310\065\250\201\237\344\270\054\311\177\016\260 +\322\113\067\135\352\271\325\013\136\064\275\364\163\051\303\355 +\046\025\234\176\010\123\212\130\215\320\113\050\337\301\263\337 +\040\363\371\343\343\072\337\314\234\224\330\116\117\303\153\027 +\267\367\162\350\255\146\063\265\045\123\253\340\370\114\251\235 +\375\362\015\272\256\271\331\252\306\153\371\223\273\256\253\270 +\227\074\003\032\272\103\306\226\271\105\162\070\263\247\241\226 +\075\221\173\176\300\041\123\114\207\355\362\013\124\225\121\223 +\325\042\245\015\212\361\223\016\076\124\016\260\330\311\116\334 +\362\061\062\126\352\144\371\352\265\235\026\146\102\162\363\177 +\323\261\061\103\374\244\216\027\361\155\043\253\224\146\370\255 +\373\017\010\156\046\055\177\027\007\011\262\214\373\120\300\237 +\226\215\317\266\375\000\235\132\024\232\277\002\104\365\301\302 +\237\042\136\242\017\241\343 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Amazon Root CA 1" -# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US -# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca -# Subject: CN=Amazon Root CA 1,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sun Jan 17 00:00:00 2038 -# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E -# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 +# Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" +# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR +# Serial Number: 1 (0x1) +# Subject: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR +# Not Valid Before: Mon Nov 25 08:25:55 2013 +# Not Valid After : Sun Oct 25 08:25:55 2043 +# Fingerprint (SHA-256): 46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16 +# Fingerprint (SHA1): 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 1" +CKA_LABEL UTF8 "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\215\247\371\145\354\136\374\067\221\017\034\156\131\375\301\314 -\152\156\336\026 +\061\103\144\233\354\316\047\354\355\072\077\013\217\015\344\350 +\221\335\356\312 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\103\306\277\256\354\376\255\057\030\306\210\150\060\374\310\346 +\334\000\201\334\151\057\076\057\260\073\366\075\132\221\216\111 END CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\061 +\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122 +\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145 +\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003 +\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154 +\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157 +\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165 +\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055 +\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145 +\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153 +\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060 +\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040 +\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040 +\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165 +\162\165\155\040\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\317\231\277\214\012\071\342\360\170\212\103 -\346\226\066\133\312 +\002\001\001 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Amazon Root CA 2" +# Certificate "GDCA TrustAUTH R5 ROOT" # -# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US -# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 -# Subject: CN=Amazon Root CA 2,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 -# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A +# Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN +# Serial Number:7d:09:97:fe:f0:47:ea:7a +# Subject: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN +# Not Valid Before: Wed Nov 26 05:13:15 2014 +# Not Valid After : Mon Dec 31 15:59:59 2040 +# Fingerprint (SHA-256): BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93 +# Fingerprint (SHA1): 0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 2" +CKA_LABEL UTF8 "GDCA TrustAUTH R5 ROOT" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\322\226\065\206\237\012\017\345\206\170\370 -\133\046\273\212\067 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\101\060\202\003\051\240\003\002\001\002\002\023\006 -\154\237\322\226\065\206\237\012\017\345\206\170\370\133\046\273 -\212\067\060\015\006\011\052\206\110\206\367\015\001\001\014\005 -\000\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157 -\156\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172 -\157\156\040\122\157\157\164\040\103\101\040\062\060\036\027\015 -\061\065\060\065\062\066\060\060\060\060\060\060\132\027\015\064 -\060\060\065\062\066\060\060\060\060\060\060\132\060\071\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\017\060\015\006 -\003\125\004\012\023\006\101\155\141\172\157\156\061\031\060\027 -\006\003\125\004\003\023\020\101\155\141\172\157\156\040\122\157 -\157\164\040\103\101\040\062\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\255\226\237\055\234\112\114\112 -\201\171\121\231\354\212\313\153\140\121\023\274\115\155\006\374 -\260\010\215\335\031\020\152\307\046\014\065\330\300\157\040\204 -\351\224\261\233\205\003\303\133\333\112\350\310\370\220\166\331 -\133\117\343\114\350\006\066\115\314\232\254\075\014\220\053\222 -\324\006\031\140\254\067\104\171\205\201\202\255\132\067\340\015 -\314\235\246\114\122\166\352\103\235\267\004\321\120\366\125\340 -\325\322\246\111\205\351\067\351\312\176\256\134\225\115\110\232 -\077\256\040\132\155\210\225\331\064\270\122\032\103\220\260\277 -\154\005\271\266\170\267\352\320\344\072\074\022\123\142\377\112 -\362\173\276\065\005\251\022\064\343\363\144\164\142\054\075\000 -\111\132\050\376\062\104\273\207\335\145\047\002\161\073\332\112 -\367\037\332\315\367\041\125\220\117\017\354\256\202\341\237\153 -\331\105\323\273\360\137\207\355\074\054\071\206\332\077\336\354 -\162\125\353\171\243\255\333\335\174\260\272\034\316\374\336\117 -\065\166\317\017\370\170\037\152\066\121\106\047\141\133\351\236 -\317\360\242\125\175\174\045\212\157\057\264\305\317\204\056\053 -\375\015\121\020\154\373\137\033\274\033\176\305\256\073\230\001 -\061\222\377\013\127\364\232\262\271\127\351\253\357\015\166\321 -\360\356\364\316\206\247\340\156\351\264\151\241\337\151\366\063 -\306\151\056\227\023\236\245\207\260\127\020\201\067\311\123\263 -\273\177\366\222\321\234\320\030\364\222\156\332\203\117\246\143 -\231\114\245\373\136\357\041\144\172\040\137\154\144\205\025\313 -\067\351\142\014\013\052\026\334\001\056\062\332\076\113\365\236 -\072\366\027\100\224\357\236\221\010\206\372\276\143\250\132\063 -\354\313\164\103\225\371\154\151\122\066\307\051\157\374\125\003 -\134\037\373\237\275\107\353\347\111\107\225\013\116\211\042\011 -\111\340\365\141\036\361\277\056\212\162\156\200\131\377\127\072 -\371\165\062\243\116\137\354\355\050\142\331\115\163\362\314\201 -\027\140\355\315\353\334\333\247\312\305\176\002\275\362\124\010 -\124\375\264\055\011\054\027\124\112\230\321\124\341\121\147\010 -\322\355\156\176\157\077\322\055\201\131\051\146\313\220\071\225 -\021\036\164\047\376\335\353\257\002\003\001\000\001\243\102\060 -\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\206\060\035\006\003\125\035\016\004\026\004\024\260\014\360 -\114\060\364\005\130\002\110\375\063\345\122\257\113\204\343\146 -\122\060\015\006\011\052\206\110\206\367\015\001\001\014\005\000 -\003\202\002\001\000\252\250\200\217\016\170\243\340\242\324\315 -\346\365\230\172\073\352\000\003\260\227\016\223\274\132\250\366 -\054\214\162\207\251\261\374\177\163\375\143\161\170\245\207\131 -\317\060\341\015\020\262\023\132\155\202\365\152\346\200\237\240 -\005\013\150\344\107\153\307\152\337\266\375\167\062\162\345\030 -\372\011\364\240\223\054\135\322\214\165\205\166\145\220\014\003 -\171\267\061\043\143\255\170\203\011\206\150\204\312\377\371\317 -\046\232\222\171\347\315\113\305\347\141\247\027\313\363\251\022 -\223\223\153\247\350\057\123\222\304\140\130\260\314\002\121\030 -\133\205\215\142\131\143\266\255\264\336\232\373\046\367\000\047 -\300\135\125\067\164\231\311\120\177\343\131\056\104\343\054\045 -\356\354\114\062\167\264\237\032\351\113\135\040\305\332\375\034 -\207\026\306\103\350\324\273\046\232\105\160\136\251\013\067\123 -\342\106\173\047\375\340\106\362\211\267\314\102\266\313\050\046 -\156\331\245\311\072\310\101\023\140\367\120\214\025\256\262\155 -\032\025\032\127\170\346\222\052\331\145\220\202\077\154\002\257 -\256\022\072\047\226\066\004\327\035\242\200\143\251\233\361\345 -\272\264\174\024\260\116\311\261\037\164\137\070\366\121\352\233 -\372\054\242\021\324\251\055\047\032\105\261\257\262\116\161\015 -\300\130\106\326\151\006\313\123\313\263\376\153\101\315\101\176 -\175\114\017\174\162\171\172\131\315\136\112\016\254\233\251\230 -\163\171\174\264\364\314\271\270\007\014\262\164\134\270\307\157 -\210\241\220\247\364\252\371\277\147\072\364\032\025\142\036\267 -\237\276\075\261\051\257\147\241\022\362\130\020\031\123\003\060 -\033\270\032\211\366\234\275\227\003\216\243\011\363\035\213\041 -\361\264\337\344\034\321\237\145\002\006\352\134\326\023\263\204 -\357\242\245\134\214\167\051\247\150\300\153\256\100\322\250\264 -\352\315\360\215\113\070\234\031\232\033\050\124\270\211\220\357 -\312\165\201\076\036\362\144\044\307\030\257\116\377\107\236\007 -\366\065\145\244\323\012\126\377\365\027\144\154\357\250\042\045 -\111\223\266\337\000\027\332\130\176\135\356\305\033\260\321\321 -\137\041\020\307\371\363\272\002\012\047\007\305\361\326\307\323 -\340\373\011\140\154 +\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040 +\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105 +\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114 +\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104 +\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040 +\122\117\117\124 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040 +\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105 +\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114 +\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104 +\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040 +\122\117\117\124 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\010\175\011\227\376\360\107\352\172 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\210\060\202\003\160\240\003\002\001\002\002\010\175 +\011\227\376\360\107\352\172\060\015\006\011\052\206\110\206\367 +\015\001\001\013\005\000\060\142\061\013\060\011\006\003\125\004 +\006\023\002\103\116\061\062\060\060\006\003\125\004\012\014\051 +\107\125\101\116\107\040\104\117\116\107\040\103\105\122\124\111 +\106\111\103\101\124\105\040\101\125\124\110\117\122\111\124\131 +\040\103\117\056\054\114\124\104\056\061\037\060\035\006\003\125 +\004\003\014\026\107\104\103\101\040\124\162\165\163\164\101\125 +\124\110\040\122\065\040\122\117\117\124\060\036\027\015\061\064 +\061\061\062\066\060\065\061\063\061\065\132\027\015\064\060\061 +\062\063\061\061\065\065\071\065\071\132\060\142\061\013\060\011 +\006\003\125\004\006\023\002\103\116\061\062\060\060\006\003\125 +\004\012\014\051\107\125\101\116\107\040\104\117\116\107\040\103 +\105\122\124\111\106\111\103\101\124\105\040\101\125\124\110\117 +\122\111\124\131\040\103\117\056\054\114\124\104\056\061\037\060 +\035\006\003\125\004\003\014\026\107\104\103\101\040\124\162\165 +\163\164\101\125\124\110\040\122\065\040\122\117\117\124\060\202 +\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 +\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\331 +\243\026\360\310\164\164\167\233\357\063\015\073\006\176\125\374 +\265\140\217\166\206\022\102\175\126\146\076\210\202\355\162\143 +\016\236\213\335\064\054\002\121\121\303\031\375\131\124\204\311 +\361\153\263\114\260\351\350\106\135\070\306\242\247\056\021\127 +\272\202\025\242\234\217\155\260\231\112\012\362\353\211\160\143 +\116\171\304\267\133\275\242\135\261\362\101\002\053\255\251\072 +\243\354\171\012\354\137\072\343\375\357\200\074\255\064\233\032 +\253\210\046\173\126\242\202\206\037\353\065\211\203\177\137\256 +\051\116\075\266\156\354\256\301\360\047\233\256\343\364\354\357 +\256\177\367\206\075\162\172\353\245\373\131\116\247\353\225\214 +\042\071\171\341\055\010\217\314\274\221\270\101\367\024\301\043 +\251\303\255\232\105\104\263\262\327\054\315\306\051\342\120\020 +\256\134\313\202\216\027\030\066\175\227\346\210\232\260\115\064 +\011\364\054\271\132\146\052\260\027\233\236\036\166\235\112\146 +\061\101\337\077\373\305\006\357\033\266\176\032\106\066\367\144 +\143\073\343\071\030\043\347\147\165\024\325\165\127\222\067\275 +\276\152\033\046\120\362\066\046\006\220\305\160\001\144\155\166 +\146\341\221\333\156\007\300\141\200\056\262\056\057\214\160\247 +\321\073\074\263\221\344\156\266\304\073\160\362\154\222\227\011 +\315\107\175\030\300\363\273\236\017\326\213\256\007\266\132\017 +\316\013\014\107\247\345\076\270\275\175\307\233\065\240\141\227 +\072\101\165\027\314\053\226\167\052\222\041\036\331\225\166\040 +\147\150\317\015\275\337\326\037\011\152\232\342\314\163\161\244 +\057\175\022\200\267\123\060\106\136\113\124\231\017\147\311\245 +\310\362\040\301\202\354\235\021\337\302\002\373\032\073\321\355 +\040\232\357\145\144\222\020\015\052\342\336\160\361\030\147\202 +\214\141\336\270\274\321\057\234\373\017\320\053\355\033\166\271 +\344\071\125\370\370\241\035\270\252\200\000\114\202\347\262\177 +\011\270\274\060\240\057\015\365\122\236\216\367\222\263\012\000 +\035\000\124\227\006\340\261\007\331\307\017\134\145\175\074\155 +\131\127\344\355\245\215\351\100\123\237\025\113\240\161\366\032 +\041\343\332\160\006\041\130\024\207\205\167\171\252\202\171\002 +\003\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004 +\026\004\024\342\311\100\237\115\316\350\232\241\174\317\016\077 +\145\305\051\210\152\031\121\060\017\006\003\125\035\023\001\001 +\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001 +\001\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206 +\367\015\001\001\013\005\000\003\202\002\001\000\321\111\127\340 +\247\314\150\130\272\001\017\053\031\315\215\260\141\105\254\021 +\355\143\120\151\370\037\177\276\026\217\375\235\353\013\252\062 +\107\166\322\147\044\355\275\174\063\062\227\052\307\005\206\146 +\015\027\175\024\025\033\324\353\375\037\232\366\136\227\151\267 +\032\045\244\012\263\221\077\137\066\254\213\354\127\250\076\347 +\201\212\030\127\071\205\164\032\102\307\351\133\023\137\217\371 +\010\351\222\164\215\365\107\322\253\073\326\373\170\146\116\066 +\175\371\351\222\351\004\336\375\111\143\374\155\373\024\161\223 +\147\057\107\112\267\271\377\036\052\163\160\106\060\277\132\362 +\057\171\245\341\215\014\331\371\262\143\067\214\067\145\205\160 +\152\134\133\011\162\271\255\143\074\261\335\370\374\062\277\067 +\206\344\273\216\230\047\176\272\037\026\341\160\021\362\003\337 +\045\142\062\047\046\030\062\204\237\377\000\072\023\272\232\115 +\364\117\270\024\160\042\261\312\053\220\316\051\301\160\364\057 +\235\177\362\220\036\326\132\337\267\106\374\346\206\372\313\340 +\040\166\172\272\246\313\365\174\336\142\245\261\213\356\336\202 +\146\212\116\072\060\037\077\200\313\255\047\272\014\136\327\320 +\261\126\312\167\161\262\265\165\241\120\251\100\103\027\302\050 +\331\317\122\213\133\310\143\324\102\076\240\063\172\106\056\367 +\012\040\106\124\176\152\117\061\361\201\176\102\164\070\145\163 +\047\356\306\174\270\216\327\245\072\327\230\241\234\214\020\125 +\323\333\113\354\100\220\362\315\156\127\322\142\016\174\127\223 +\261\247\155\315\235\203\273\052\347\345\266\073\161\130\255\375 +\321\105\274\132\221\356\123\025\157\323\105\011\165\156\272\220 +\135\036\004\317\067\337\036\250\146\261\214\346\040\152\357\374 +\110\116\164\230\102\257\051\157\056\152\307\373\175\321\146\061 +\042\314\206\000\176\146\203\014\102\364\275\064\222\303\032\352 +\117\312\176\162\115\013\160\214\246\110\273\246\241\024\366\373 +\130\104\231\024\256\252\013\223\151\240\051\045\112\245\313\053 +\335\212\146\007\026\170\025\127\161\033\354\365\107\204\363\236 +\061\067\172\325\177\044\255\344\274\375\375\314\156\203\350\014 +\250\267\101\154\007\335\275\074\206\227\057\322 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Amazon Root CA 2" -# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US -# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 -# Subject: CN=Amazon Root CA 2,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 -# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A +# Trust for "GDCA TrustAUTH R5 ROOT" +# Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN +# Serial Number:7d:09:97:fe:f0:47:ea:7a +# Subject: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN +# Not Valid Before: Wed Nov 26 05:13:15 2014 +# Not Valid After : Mon Dec 31 15:59:59 2040 +# Fingerprint (SHA-256): BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93 +# Fingerprint (SHA1): 0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 2" +CKA_LABEL UTF8 "GDCA TrustAUTH R5 ROOT" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\132\214\357\105\327\246\230\131\166\172\214\213\104\226\265\170 -\317\107\113\032 +\017\066\070\133\201\032\045\303\233\061\116\203\312\351\064\146 +\160\314\164\264 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\310\345\215\316\250\102\342\172\300\052\134\174\236\046\277\146 +\143\314\331\075\064\065\134\157\123\243\342\010\160\110\037\264 END CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\062 +\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040 +\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105 +\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114 +\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104 +\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040 +\122\117\117\124 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\322\226\065\206\237\012\017\345\206\170\370 -\133\046\273\212\067 +\002\010\175\011\227\376\360\107\352\172 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Amazon Root CA 3" +# Certificate "TrustCor RootCert CA-1" # -# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US -# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a -# Subject: CN=Amazon Root CA 3,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 -# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E +# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Serial Number:00:da:9b:ec:71:f3:03:b0:19 +# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Not Valid Before: Thu Feb 04 12:32:16 2016 +# Not Valid After : Mon Dec 31 17:23:16 2029 +# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C +# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 3" +CKA_LABEL UTF8 "TrustCor RootCert CA-1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\063 +\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 +\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 +\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 +\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 +\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 +\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 +\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 +\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 +\162\164\040\103\101\055\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\063 +\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 +\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 +\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 +\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 +\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 +\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 +\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 +\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 +\162\164\040\103\101\055\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\325\164\227\066\146\077\073\013\232\331\350 -\236\166\003\362\112 +\002\011\000\332\233\354\161\363\003\260\031 END CKA_VALUE MULTILINE_OCTAL -\060\202\001\266\060\202\001\133\240\003\002\001\002\002\023\006 -\154\237\325\164\227\066\146\077\073\013\232\331\350\236\166\003 -\362\112\060\012\006\010\052\206\110\316\075\004\003\002\060\071 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\017\060 -\015\006\003\125\004\012\023\006\101\155\141\172\157\156\061\031 -\060\027\006\003\125\004\003\023\020\101\155\141\172\157\156\040 -\122\157\157\164\040\103\101\040\063\060\036\027\015\061\065\060 -\065\062\066\060\060\060\060\060\060\132\027\015\064\060\060\065 -\062\066\060\060\060\060\060\060\132\060\071\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\017\060\015\006\003\125\004 -\012\023\006\101\155\141\172\157\156\061\031\060\027\006\003\125 -\004\003\023\020\101\155\141\172\157\156\040\122\157\157\164\040 -\103\101\040\063\060\131\060\023\006\007\052\206\110\316\075\002 -\001\006\010\052\206\110\316\075\003\001\007\003\102\000\004\051 -\227\247\306\101\177\300\015\233\350\001\033\126\306\362\122\245 -\272\055\262\022\350\322\056\327\372\311\305\330\252\155\037\163 -\201\073\073\230\153\071\174\063\245\305\116\206\216\200\027\150 -\142\105\127\175\104\130\035\263\067\345\147\010\353\146\336\243 -\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\206\060\035\006\003\125\035\016\004\026\004\024\253 -\266\333\327\006\236\067\254\060\206\007\221\160\307\234\304\031 -\261\170\300\060\012\006\010\052\206\110\316\075\004\003\002\003 -\111\000\060\106\002\041\000\340\205\222\243\027\267\215\371\053 -\006\245\223\254\032\230\150\141\162\372\341\241\320\373\034\170 -\140\246\103\231\305\270\304\002\041\000\234\002\357\361\224\234 -\263\226\371\353\306\052\370\266\054\376\072\220\024\026\327\214 -\143\044\110\034\337\060\175\325\150\073 +\060\202\004\060\060\202\003\030\240\003\002\001\002\002\011\000 +\332\233\354\161\363\003\260\031\060\015\006\011\052\206\110\206 +\367\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003 +\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010 +\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004 +\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044 +\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157 +\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040 +\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124 +\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143 +\141\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060 +\035\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162 +\040\122\157\157\164\103\145\162\164\040\103\101\055\061\060\036 +\027\015\061\066\060\062\060\064\061\062\063\062\061\066\132\027 +\015\062\071\061\062\063\061\061\067\062\063\061\066\132\060\201 +\244\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017 +\060\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061 +\024\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141 +\040\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033 +\124\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163 +\040\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006 +\003\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103 +\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 +\162\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124 +\162\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164 +\040\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110 +\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 +\012\002\202\001\001\000\277\216\267\225\342\302\046\022\153\063 +\031\307\100\130\012\253\131\252\215\000\243\374\200\307\120\173 +\216\324\040\046\272\062\022\330\043\124\111\045\020\042\230\235 +\106\322\301\311\236\116\033\056\054\016\070\363\032\045\150\034 +\246\132\005\346\036\213\110\277\230\226\164\076\151\312\351\265 +\170\245\006\274\325\000\136\011\012\362\047\172\122\374\055\325 +\261\352\264\211\141\044\363\032\023\333\251\317\122\355\014\044 +\272\271\236\354\176\000\164\372\223\255\154\051\222\256\121\264 +\273\323\127\277\263\363\250\215\234\364\044\113\052\326\231\236 +\364\236\376\300\176\102\072\347\013\225\123\332\267\150\016\220 +\114\373\160\077\217\112\054\224\363\046\335\143\151\251\224\330 +\020\116\305\107\010\220\231\033\027\115\271\154\156\357\140\225 +\021\216\041\200\265\275\240\163\330\320\262\167\304\105\352\132 +\046\373\146\166\166\370\006\037\141\155\017\125\305\203\267\020 +\126\162\006\007\245\363\261\032\003\005\144\016\235\132\212\326 +\206\160\033\044\336\376\050\212\053\320\152\260\374\172\242\334 +\262\171\016\213\145\017\002\003\001\000\001\243\143\060\141\060 +\035\006\003\125\035\016\004\026\004\024\356\153\111\074\172\077 +\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060\037 +\006\003\125\035\043\004\030\060\026\200\024\356\153\111\074\172 +\077\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060 +\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 +\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 +\202\001\001\000\045\030\324\221\217\023\356\217\036\035\021\123 +\332\055\104\051\031\240\036\153\061\236\115\016\236\255\075\134 +\101\157\225\053\044\241\171\230\072\070\066\373\273\146\236\110 +\377\220\220\357\075\324\270\233\264\207\165\077\040\233\316\162 +\317\241\125\301\115\144\242\031\006\241\007\063\014\013\051\345 +\361\352\253\243\354\265\012\164\220\307\175\162\362\327\134\237 +\221\357\221\213\267\334\355\146\242\317\216\146\073\274\237\072 +\002\340\047\335\026\230\300\225\324\012\244\344\201\232\165\224 +\065\234\220\137\210\067\006\255\131\225\012\260\321\147\323\031 +\312\211\347\062\132\066\034\076\202\250\132\223\276\306\320\144 +\221\266\317\331\266\030\317\333\176\322\145\243\246\304\216\027 +\061\301\373\176\166\333\323\205\343\130\262\167\172\166\073\154 +\057\120\034\347\333\366\147\171\037\365\202\225\232\007\247\024 +\257\217\334\050\041\147\011\322\326\115\132\034\031\034\216\167 +\134\303\224\044\075\062\153\113\176\324\170\224\203\276\067\115 +\316\137\307\036\116\074\340\211\063\225\013\017\245\062\326\074 +\132\171\054\031 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Amazon Root CA 3" -# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US -# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a -# Subject: CN=Amazon Root CA 3,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 -# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E +# Trust for "TrustCor RootCert CA-1" +# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Serial Number:00:da:9b:ec:71:f3:03:b0:19 +# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Not Valid Before: Thu Feb 04 12:32:16 2016 +# Not Valid After : Mon Dec 31 17:23:16 2029 +# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C +# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 3" +CKA_LABEL UTF8 "TrustCor RootCert CA-1" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\015\104\335\214\074\214\032\032\130\165\144\201\351\017\056\052 -\377\263\322\156 +\377\275\315\347\202\310\103\136\074\157\046\206\134\312\250\072 +\105\133\303\012 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\240\324\357\013\367\265\330\111\225\052\354\365\304\374\201\207 +\156\205\361\334\032\000\323\042\325\262\262\254\153\067\005\105 END CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\063 +\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 +\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 +\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 +\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 +\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 +\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 +\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 +\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 +\162\164\040\103\101\055\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\325\164\227\066\146\077\073\013\232\331\350 -\236\166\003\362\112 +\002\011\000\332\233\354\161\363\003\260\031 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -21025,103 +20360,192 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Amazon Root CA 4" +# Certificate "TrustCor RootCert CA-2" # -# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US -# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e -# Subject: CN=Amazon Root CA 4,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 -# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE +# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Serial Number:25:a1:df:ca:33:cb:59:02 +# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Not Valid Before: Thu Feb 04 12:32:23 2016 +# Not Valid After : Sun Dec 31 17:26:39 2034 +# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65 +# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 4" +CKA_LABEL UTF8 "TrustCor RootCert CA-2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\064 +\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 +\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 +\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 +\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 +\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 +\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 +\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 +\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 +\162\164\040\103\101\055\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\064 +\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 +\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 +\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 +\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 +\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 +\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 +\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 +\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 +\162\164\040\103\101\055\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\327\301\273\020\114\051\103\345\161\173\173 -\054\310\032\301\016 +\002\010\045\241\337\312\063\313\131\002 END CKA_VALUE MULTILINE_OCTAL -\060\202\001\362\060\202\001\170\240\003\002\001\002\002\023\006 -\154\237\327\301\273\020\114\051\103\345\161\173\173\054\310\032 -\301\016\060\012\006\010\052\206\110\316\075\004\003\003\060\071 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\017\060 -\015\006\003\125\004\012\023\006\101\155\141\172\157\156\061\031 -\060\027\006\003\125\004\003\023\020\101\155\141\172\157\156\040 -\122\157\157\164\040\103\101\040\064\060\036\027\015\061\065\060 -\065\062\066\060\060\060\060\060\060\132\027\015\064\060\060\065 -\062\066\060\060\060\060\060\060\132\060\071\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\017\060\015\006\003\125\004 -\012\023\006\101\155\141\172\157\156\061\031\060\027\006\003\125 -\004\003\023\020\101\155\141\172\157\156\040\122\157\157\164\040 -\103\101\040\064\060\166\060\020\006\007\052\206\110\316\075\002 -\001\006\005\053\201\004\000\042\003\142\000\004\322\253\212\067 -\117\243\123\015\376\301\212\173\113\250\173\106\113\143\260\142 -\366\055\033\333\010\161\041\322\000\350\143\275\232\047\373\360 -\071\156\135\352\075\245\311\201\252\243\133\040\230\105\135\026 -\333\375\350\020\155\343\234\340\343\275\137\204\142\363\160\144 -\063\240\313\044\057\160\272\210\241\052\240\165\370\201\256\142 -\006\304\201\333\071\156\051\260\036\372\056\134\243\102\060\100 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\206\060\035\006\003\125\035\016\004\026\004\024\323\354\307\072 -\145\156\314\341\332\166\232\126\373\234\363\206\155\127\345\201 -\060\012\006\010\052\206\110\316\075\004\003\003\003\150\000\060 -\145\002\060\072\213\041\361\275\176\021\255\320\357\130\226\057 -\326\353\235\176\220\215\053\317\146\125\303\054\343\050\251\160 -\012\107\016\360\067\131\022\377\055\231\224\050\116\052\117\065 -\115\063\132\002\061\000\352\165\000\116\073\304\072\224\022\221 -\311\130\106\235\041\023\162\247\210\234\212\344\114\112\333\226 -\324\254\213\153\153\111\022\123\063\255\327\344\276\044\374\265 -\012\166\324\245\274\020 +\060\202\006\057\060\202\004\027\240\003\002\001\002\002\010\045 +\241\337\312\063\313\131\002\060\015\006\011\052\206\110\206\367 +\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003\125 +\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014 +\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007 +\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060 +\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162 +\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122 +\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162 +\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141 +\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060\035 +\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162\040 +\122\157\157\164\103\145\162\164\040\103\101\055\062\060\036\027 +\015\061\066\060\062\060\064\061\062\063\062\062\063\132\027\015 +\063\064\061\062\063\061\061\067\062\066\063\071\132\060\201\244 +\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017\060 +\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061\024 +\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141\040 +\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033\124 +\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163\040 +\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006\003 +\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103\145 +\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162 +\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124\162 +\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164\040 +\103\101\055\062\060\202\002\042\060\015\006\011\052\206\110\206 +\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 +\002\202\002\001\000\247\040\156\302\052\242\142\044\225\220\166 +\310\070\176\200\322\253\301\233\145\005\224\364\301\012\020\325 +\002\254\355\237\223\307\207\310\260\047\053\102\014\075\012\076 +\101\132\236\165\335\215\312\340\233\354\150\062\244\151\222\150 +\214\013\201\016\126\240\076\032\335\054\045\024\202\057\227\323 +\144\106\364\124\251\334\072\124\055\061\053\231\202\362\331\052 +\327\357\161\000\270\061\244\276\172\044\007\303\102\040\362\212 +\324\222\004\033\145\126\114\154\324\373\266\141\132\107\043\264 +\330\151\264\267\072\320\164\074\014\165\241\214\116\166\241\351 +\333\052\245\073\372\316\260\377\176\152\050\375\047\034\310\261 +\351\051\361\127\156\144\264\320\301\025\155\016\276\056\016\106 +\310\136\364\121\376\357\016\143\072\073\161\272\317\157\131\312 +\014\343\233\135\111\270\114\342\127\261\230\212\102\127\234\166 +\357\357\275\321\150\250\322\364\011\273\167\065\276\045\202\010 +\304\026\054\104\040\126\251\104\021\167\357\135\264\035\252\136 +\153\076\213\062\366\007\057\127\004\222\312\365\376\235\302\351 +\350\263\216\114\113\002\061\331\344\074\110\202\047\367\030\202 +\166\110\072\161\261\023\241\071\325\056\305\064\302\035\142\205 +\337\003\376\115\364\257\075\337\134\133\215\372\160\341\245\176 +\047\307\206\056\152\217\022\306\204\136\103\121\120\234\031\233 +\170\346\374\366\355\107\176\173\075\146\357\023\023\210\137\074 +\241\143\373\371\254\207\065\237\363\202\236\244\077\012\234\061 +\151\213\231\244\210\112\216\156\146\115\357\026\304\017\171\050 +\041\140\015\205\026\175\327\124\070\361\222\126\375\265\063\114 +\203\334\327\020\237\113\375\306\370\102\275\272\174\163\002\340 +\377\175\315\133\341\324\254\141\173\127\325\112\173\133\324\205 +\130\047\135\277\370\053\140\254\240\046\256\024\041\047\306\167 +\232\063\200\074\136\106\077\367\303\261\243\206\063\306\350\136 +\015\271\065\054\252\106\301\205\002\165\200\240\353\044\373\025 +\252\344\147\177\156\167\077\364\004\212\057\174\173\343\027\141 +\360\335\011\251\040\310\276\011\244\320\176\104\303\262\060\112 +\070\252\251\354\030\232\007\202\053\333\270\234\030\255\332\340 +\106\027\254\317\135\002\003\001\000\001\243\143\060\141\060\035 +\006\003\125\035\016\004\026\004\024\331\376\041\100\156\224\236 +\274\233\075\234\175\230\040\031\345\214\060\142\262\060\037\006 +\003\125\035\043\004\030\060\026\200\024\331\376\041\100\156\224 +\236\274\233\075\234\175\230\040\031\345\214\060\142\262\060\017 +\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 +\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 +\002\001\000\236\105\236\014\073\266\357\341\072\310\174\321\000 +\075\317\342\352\006\265\262\072\273\006\113\150\172\320\043\227 +\164\247\054\360\010\330\171\132\327\132\204\212\330\022\232\033 +\331\175\134\115\160\305\245\371\253\345\243\211\211\335\001\372 +\354\335\371\351\222\227\333\260\106\102\363\323\142\252\225\376 +\061\147\024\151\130\220\012\252\013\356\067\043\307\120\121\264 +\365\176\236\343\173\367\344\314\102\062\055\111\014\313\377\111 +\014\233\036\064\375\156\156\226\212\171\003\266\157\333\011\313 +\375\137\145\024\067\341\070\365\363\141\026\130\344\265\155\015 +\013\004\033\077\120\055\177\263\307\172\032\026\200\140\370\212 +\037\351\033\052\306\371\272\001\032\151\277\322\130\307\124\127 +\010\217\341\071\140\167\113\254\131\204\032\210\361\335\313\117 +\170\327\347\341\063\055\374\356\101\372\040\260\276\313\367\070 +\224\300\341\320\205\017\273\355\054\163\253\355\376\222\166\032 +\144\177\133\015\063\011\007\063\173\006\077\021\244\134\160\074 +\205\300\317\343\220\250\203\167\372\333\346\305\214\150\147\020 +\147\245\122\055\360\304\231\217\177\277\321\153\342\265\107\326 +\331\320\205\231\115\224\233\017\113\215\356\000\132\107\035\021 +\003\254\101\030\257\207\267\157\014\072\217\312\317\334\003\301 +\242\011\310\345\375\200\136\310\140\102\001\033\032\123\132\273 +\067\246\267\274\272\204\351\036\154\032\324\144\332\324\103\376 +\223\213\113\362\054\171\026\020\324\223\013\210\217\241\330\206 +\024\106\221\107\233\050\044\357\127\122\116\134\102\234\252\367 +\111\354\047\350\100\036\263\246\211\042\162\234\365\015\063\264 +\130\243\060\073\335\324\152\124\223\276\032\115\363\223\224\367 +\374\204\013\077\204\040\134\064\003\104\305\332\255\274\012\301 +\002\317\036\345\224\331\363\216\133\330\114\360\235\354\141\027 +\273\024\062\124\014\002\051\223\036\222\206\366\177\357\347\222 +\005\016\131\335\231\010\056\056\372\234\000\122\323\305\146\051 +\344\247\227\104\244\016\050\201\023\065\305\366\157\144\346\101 +\304\325\057\314\064\105\045\317\101\000\226\075\112\056\302\226 +\230\117\116\112\234\227\267\333\037\222\062\310\377\017\121\156 +\326\354\011 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Amazon Root CA 4" -# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US -# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e -# Subject: CN=Amazon Root CA 4,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 -# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE +# Trust for "TrustCor RootCert CA-2" +# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Serial Number:25:a1:df:ca:33:cb:59:02 +# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Not Valid Before: Thu Feb 04 12:32:23 2016 +# Not Valid After : Sun Dec 31 17:26:39 2034 +# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65 +# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 4" +CKA_LABEL UTF8 "TrustCor RootCert CA-2" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\366\020\204\007\326\370\273\147\230\014\302\342\104\302\353\256 -\034\357\143\276 +\270\276\155\313\126\361\125\271\143\324\022\312\116\006\064\307 +\224\262\034\300 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\211\274\047\325\353\027\215\006\152\151\325\375\211\107\264\315 +\242\341\370\030\013\272\105\325\307\101\052\273\067\122\105\144 END CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\064 +\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 +\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 +\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 +\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 +\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 +\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 +\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 +\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 +\162\164\040\103\101\055\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\327\301\273\020\114\051\103\345\161\173\173 -\054\310\032\301\016 +\002\010\045\241\337\312\063\313\131\002 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -21129,1051 +20553,1221 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "LuxTrust Global Root 2" +# Certificate "TrustCor ECA-1" # -# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU -# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 -# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU -# Not Valid Before: Thu Mar 05 13:21:57 2015 -# Not Valid After : Mon Mar 05 13:21:57 2035 -# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 -# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F +# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Serial Number:00:84:82:2c:5f:1c:62:d0:40 +# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Not Valid Before: Thu Feb 04 12:32:33 2016 +# Not Valid After : Mon Dec 31 17:28:07 2029 +# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C +# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "LuxTrust Global Root 2" +CKA_LABEL UTF8 "TrustCor ECA-1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 -\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 -\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 -\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 -\154\040\122\157\157\164\040\062 +\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 +\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 +\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 +\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 +\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 +\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 +\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 +\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 -\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 -\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 -\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 -\154\040\122\157\157\164\040\062 +\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 +\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 +\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 +\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 +\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 +\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 +\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 +\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270 -\025\323\026\177\273\261 +\002\011\000\204\202\054\137\034\142\320\100 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\303\060\202\003\253\240\003\002\001\002\002\024\012 -\176\246\337\113\104\236\332\152\044\205\236\346\270\025\323\026 -\177\273\261\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\106\061\013\060\011\006\003\125\004\006\023\002\114 -\125\061\026\060\024\006\003\125\004\012\014\015\114\165\170\124 -\162\165\163\164\040\123\056\101\056\061\037\060\035\006\003\125 -\004\003\014\026\114\165\170\124\162\165\163\164\040\107\154\157 -\142\141\154\040\122\157\157\164\040\062\060\036\027\015\061\065 -\060\063\060\065\061\063\062\061\065\067\132\027\015\063\065\060 -\063\060\065\061\063\062\061\065\067\132\060\106\061\013\060\011 -\006\003\125\004\006\023\002\114\125\061\026\060\024\006\003\125 -\004\012\014\015\114\165\170\124\162\165\163\164\040\123\056\101 -\056\061\037\060\035\006\003\125\004\003\014\026\114\165\170\124 -\162\165\163\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 -\002\001\000\327\205\227\277\021\230\351\360\142\203\114\074\207 -\371\123\152\067\013\362\017\074\207\316\157\334\046\051\275\305 -\211\272\311\203\075\367\356\312\133\306\155\111\163\264\311\106 -\243\033\064\023\077\301\211\105\127\364\331\261\373\066\145\113 -\373\010\342\110\161\021\310\156\073\236\235\337\211\145\067\246 -\205\366\073\104\030\266\306\067\060\142\104\222\227\151\175\102 -\060\044\344\015\014\211\153\143\336\305\341\337\116\251\024\154 -\123\340\141\316\366\027\057\035\074\275\346\042\114\035\223\365 -\020\304\241\166\354\152\336\305\154\337\226\264\126\100\102\300 -\142\222\060\241\055\025\224\240\322\040\006\011\156\152\155\345 -\353\267\276\324\360\361\025\174\213\346\116\272\023\314\113\047 -\136\231\074\027\135\217\201\177\063\075\117\323\077\033\354\134 -\077\360\074\114\165\156\362\246\325\235\332\055\007\143\002\306 -\162\351\224\274\114\111\225\117\210\122\310\333\350\151\202\370 -\314\064\133\042\360\206\247\211\275\110\012\155\146\201\155\310 -\310\144\373\001\341\364\341\336\331\236\335\333\133\324\052\231 -\046\025\033\036\114\222\051\202\236\325\222\201\222\101\160\031 -\367\244\345\223\113\274\167\147\061\335\034\375\061\160\015\027 -\231\014\371\014\071\031\052\027\265\060\161\125\325\017\256\130 -\341\075\057\064\233\317\237\366\170\205\302\223\172\162\076\146 -\217\234\026\021\140\217\236\211\157\147\276\340\107\132\073\014 -\232\147\213\317\106\306\256\070\243\362\247\274\346\326\205\153 -\063\044\160\042\113\313\010\233\273\310\370\002\051\035\276\040 -\014\106\277\153\207\233\263\052\146\102\065\106\154\252\272\255 -\371\230\173\351\120\125\024\061\277\261\332\055\355\200\255\150 -\044\373\151\253\330\161\023\060\346\147\263\207\100\375\211\176 -\362\103\321\021\337\057\145\057\144\316\137\024\271\261\277\061 -\275\207\170\132\131\145\210\252\374\131\062\110\206\326\114\271 -\051\113\225\323\166\363\167\045\155\102\034\070\203\115\375\243 -\137\233\177\055\254\171\033\016\102\061\227\143\244\373\212\151 -\325\042\015\064\220\060\056\250\264\340\155\266\224\254\274\213 -\116\327\160\374\305\070\216\144\045\341\115\071\220\316\311\207 -\204\130\161\002\003\001\000\001\243\201\250\060\201\245\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\102\006\003\125\035\040\004\073\060\071\060\067\006\007\053\201 -\053\001\001\001\012\060\054\060\052\006\010\053\006\001\005\005 -\007\002\001\026\036\150\164\164\160\163\072\057\057\162\145\160 -\157\163\151\164\157\162\171\056\154\165\170\164\162\165\163\164 -\056\154\165\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\037\006\003\125\035\043\004\030\060\026\200\024 -\377\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123 -\370\113\174\263\060\035\006\003\125\035\016\004\026\004\024\377 -\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123\370 -\113\174\263\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\002\001\000\152\031\024\355\156\171\301\054\207 -\324\015\160\176\327\366\170\311\013\004\116\304\261\316\223\160 -\376\260\124\300\062\315\231\060\144\027\277\017\345\342\063\375 -\007\066\100\162\016\032\266\152\131\326\000\345\150\040\335\056 -\162\015\037\152\144\061\040\204\175\111\246\132\067\353\105\311 -\205\365\324\307\027\231\007\346\233\125\344\014\350\251\264\316 -\214\133\265\021\134\317\212\016\015\326\254\167\201\376\062\234 -\044\236\162\316\124\363\320\157\242\126\326\354\303\067\054\145 -\130\276\127\000\032\362\065\372\353\173\061\135\302\301\022\075 -\226\201\210\226\211\301\131\134\172\346\177\160\064\347\203\342 -\261\341\341\270\130\357\324\225\344\140\234\360\226\227\162\214 -\353\204\002\056\145\217\244\267\322\177\147\335\310\323\236\134 -\252\251\244\240\045\024\006\233\354\117\176\055\013\177\035\165 -\361\063\330\355\316\270\165\155\076\133\271\230\035\061\015\126 -\330\103\017\060\221\262\004\153\335\126\276\225\200\125\147\276 -\330\315\203\331\030\356\056\017\206\055\222\236\160\023\354\336 -\121\311\103\170\002\245\115\310\371\137\304\221\130\106\026\167 -\132\164\252\100\274\007\237\060\271\261\367\022\027\335\343\377 -\044\100\035\172\152\321\117\030\012\252\220\035\353\100\036\337 -\241\036\104\222\020\232\362\215\341\321\113\106\236\350\105\102 -\227\352\105\231\363\354\146\325\002\372\362\246\112\044\252\336 -\316\271\312\371\077\223\157\371\243\272\352\245\076\231\255\375 -\377\173\231\365\145\356\360\131\050\147\327\220\225\244\023\204 -\251\204\301\350\316\316\165\223\143\032\274\074\352\325\144\037 -\055\052\022\071\306\303\132\062\355\107\221\026\016\274\070\301 -\120\336\217\312\052\220\064\034\356\101\224\234\136\031\056\370 -\105\111\231\164\221\260\004\157\343\004\132\261\253\052\253\376 -\307\320\226\266\332\341\112\144\006\156\140\115\275\102\116\377 -\170\332\044\312\033\264\327\226\071\154\256\361\016\252\247\175 -\110\213\040\114\317\144\326\270\227\106\260\116\321\052\126\072 -\240\223\275\257\200\044\340\012\176\347\312\325\312\350\205\125 -\334\066\052\341\224\150\223\307\146\162\104\017\200\041\062\154 -\045\307\043\200\203\012\353 +\060\202\004\040\060\202\003\010\240\003\002\001\002\002\011\000 +\204\202\054\137\034\142\320\100\060\015\006\011\052\206\110\206 +\367\015\001\001\013\005\000\060\201\234\061\013\060\011\006\003 +\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010 +\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004 +\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044 +\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157 +\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040 +\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124 +\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143 +\141\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060 +\025\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162 +\040\105\103\101\055\061\060\036\027\015\061\066\060\062\060\064 +\061\062\063\062\063\063\132\027\015\062\071\061\062\063\061\061 +\067\062\070\060\067\132\060\201\234\061\013\060\011\006\003\125 +\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014 +\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007 +\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060 +\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162 +\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122 +\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162 +\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141 +\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060\025 +\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162\040 +\105\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110 +\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 +\012\002\202\001\001\000\317\217\340\021\265\237\250\166\166\333 +\337\017\124\357\163\143\051\202\255\107\306\243\153\355\376\137 +\063\370\103\121\351\032\063\221\061\027\240\164\304\324\247\001 +\346\262\222\076\152\235\355\016\371\164\230\100\323\077\003\200 +\006\202\100\350\261\342\247\121\247\035\203\046\153\253\336\372 +\027\221\053\330\306\254\036\261\236\031\001\325\227\246\352\015 +\267\304\125\037\047\174\322\010\325\166\037\051\025\207\100\071 +\335\070\105\021\165\320\232\247\064\340\277\315\310\122\035\271 +\107\176\015\270\273\306\014\366\163\127\026\132\176\103\221\037 +\125\072\306\155\104\004\252\234\251\234\247\114\211\027\203\256 +\243\004\136\122\200\213\036\022\045\021\031\327\014\175\175\061 +\104\101\352\333\257\260\034\357\201\320\054\305\232\041\233\075 +\355\102\073\120\046\362\354\316\161\141\006\142\041\124\116\177 +\301\235\076\177\040\214\200\313\052\330\227\142\310\203\063\221 +\175\260\242\132\017\127\350\073\314\362\045\262\324\174\057\354 +\115\306\241\072\025\172\347\266\135\065\365\366\110\112\066\105 +\146\324\272\230\130\301\002\003\001\000\001\243\143\060\141\060 +\035\006\003\125\035\016\004\026\004\024\104\236\110\365\314\155 +\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060\037 +\006\003\125\035\043\004\030\060\026\200\024\104\236\110\365\314 +\155\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060 +\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 +\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 +\202\001\001\000\005\076\065\134\025\160\233\311\307\163\141\157 +\162\053\324\302\217\362\103\135\002\316\304\224\271\224\021\203 +\147\135\342\147\154\165\166\277\273\014\252\066\306\255\107\223 +\143\334\036\176\326\336\056\376\351\031\062\070\003\177\024\366 +\000\163\054\131\261\041\006\341\373\254\030\225\014\243\377\231 +\226\367\053\047\233\325\044\314\035\335\301\072\340\230\104\260 +\304\344\076\167\261\163\251\144\054\366\034\001\174\077\135\105 +\205\300\205\347\045\217\225\334\027\363\074\237\032\156\260\312 +\343\035\052\351\114\143\372\044\141\142\326\332\176\266\034\154 +\365\002\035\324\052\335\125\220\353\052\021\107\074\056\136\164 +\262\202\042\245\175\123\037\105\354\047\221\175\347\042\026\350 +\300\150\066\330\306\361\117\200\104\062\371\341\321\321\035\252 +\336\250\253\234\004\257\255\040\016\144\230\115\245\153\300\110 +\130\226\151\115\334\007\214\121\223\242\337\237\017\075\213\140 +\264\202\215\252\010\116\142\105\340\371\013\322\340\340\074\133 +\336\134\161\047\045\302\346\003\201\213\020\123\343\307\125\242 +\264\237\327\346 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "LuxTrust Global Root 2" -# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU -# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 -# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU -# Not Valid Before: Thu Mar 05 13:21:57 2015 -# Not Valid After : Mon Mar 05 13:21:57 2035 -# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 -# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F +# Trust for "TrustCor ECA-1" +# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Serial Number:00:84:82:2c:5f:1c:62:d0:40 +# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +# Not Valid Before: Thu Feb 04 12:32:33 2016 +# Not Valid After : Mon Dec 31 17:28:07 2029 +# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C +# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "LuxTrust Global Root 2" +CKA_LABEL UTF8 "TrustCor ECA-1" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\036\016\126\031\012\321\213\045\230\262\004\104\377\146\212\004 -\027\231\137\077 +\130\321\337\225\225\147\153\143\300\360\133\034\027\115\213\204 +\013\310\170\275 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\262\341\011\000\141\257\367\361\221\157\304\255\215\136\073\174 +\047\222\043\035\012\365\100\174\351\346\153\235\330\365\347\154 END CKA_ISSUER MULTILINE_OCTAL -\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 -\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 -\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 -\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 -\154\040\122\157\157\164\040\062 +\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 +\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 +\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 +\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 +\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 +\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 +\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 +\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 +\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 +\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270 -\025\323\026\177\273\261 +\002\011\000\204\202\054\137\034\142\320\100 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Symantec Class 1 Public Primary Certification Authority - G6" +# Certificate "SSL.com Root Certification Authority RSA" # -# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 -# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Tue Oct 18 00:00:00 2011 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9 -# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64 +# Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Serial Number:7b:2c:9b:d3:16:80:32:99 +# Subject: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Not Valid Before: Fri Feb 12 17:39:39 2016 +# Not Valid After : Tue Feb 12 17:39:39 2041 +# Fingerprint (SHA-256): 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69 +# Fingerprint (SHA1): B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G6" +CKA_LABEL UTF8 "SSL.com Root Certification Authority RSA" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 +\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 +\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 +\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 +\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 +\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 +\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 +\040\101\165\164\150\157\162\151\164\171\040\122\123\101 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 +\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 +\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 +\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 +\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 +\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 +\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 +\040\101\165\164\150\157\162\151\164\171\040\122\123\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\044\062\165\362\035\057\322\011\063\367\264\152\312\320 -\363\230 +\002\010\173\054\233\323\026\200\062\231 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\366\060\202\002\336\240\003\002\001\002\002\020\044 -\062\165\362\035\057\322\011\063\367\264\152\312\320\363\230\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035 -\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145 -\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060 -\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143 -\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105 -\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145 -\143\040\103\154\141\163\163\040\061\040\120\165\142\154\151\143 -\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 +\060\202\005\335\060\202\003\305\240\003\002\001\002\002\010\173 +\054\233\323\026\200\062\231\060\015\006\011\052\206\110\206\367 +\015\001\001\013\005\000\060\174\061\013\060\011\006\003\125\004 +\006\023\002\125\123\061\016\060\014\006\003\125\004\010\014\005 +\124\145\170\141\163\061\020\060\016\006\003\125\004\007\014\007 +\110\157\165\163\164\157\156\061\030\060\026\006\003\125\004\012 +\014\017\123\123\114\040\103\157\162\160\157\162\141\164\151\157 +\156\061\061\060\057\006\003\125\004\003\014\050\123\123\114\056 +\143\157\155\040\122\157\157\164\040\103\145\162\164\151\146\151 \143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\066\060\036\027\015\061\061\061\060\061\070\060 -\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063 -\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024 -\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141 -\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123 -\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145 -\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074 -\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\061 -\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165 -\164\150\157\162\151\164\171\040\055\040\107\066\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\307\071\327 -\111\144\251\231\202\042\114\352\105\331\007\026\343\173\364\203 -\350\231\163\372\153\261\066\340\232\167\240\100\302\201\215\001 -\307\314\214\275\217\175\367\171\343\172\114\003\115\331\373\375 -\207\070\050\054\335\232\213\124\010\333\147\373\033\214\376\050 -\222\057\276\267\262\110\247\201\241\330\136\210\303\314\071\100 -\101\132\321\334\345\332\020\237\057\332\001\115\375\056\106\174 -\371\056\047\012\151\067\356\221\243\033\152\314\104\277\033\307 -\303\324\021\262\120\140\227\011\275\056\042\365\101\204\146\237 -\315\100\246\251\000\200\301\037\225\222\237\336\363\110\357\333 -\035\167\141\374\177\337\356\226\244\162\320\266\076\377\170\047 -\257\313\222\025\151\010\333\143\020\342\346\227\254\156\334\254 -\366\242\316\036\107\231\271\211\267\022\346\241\324\315\131\021 -\147\303\157\205\330\102\116\050\276\131\125\131\004\225\253\217 -\067\200\277\015\360\374\037\072\144\061\130\201\170\327\342\065 -\366\040\077\051\270\217\026\156\076\110\334\265\114\007\341\362 -\032\352\176\012\171\326\250\275\353\135\206\053\115\002\003\001 -\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 -\004\024\063\101\350\310\071\022\025\223\110\362\226\062\056\132 -\365\332\224\137\123\140\060\015\006\011\052\206\110\206\367\015 -\001\001\013\005\000\003\202\001\001\000\025\343\163\127\261\027 -\266\137\111\151\104\246\366\136\172\147\254\322\336\165\111\253 -\376\045\125\307\072\311\104\025\020\156\277\061\153\313\331\007 -\223\177\034\205\143\000\343\062\022\340\314\313\373\071\154\217 -\342\123\342\074\100\063\331\244\214\107\346\255\130\373\211\257 -\343\336\206\051\126\064\054\105\270\022\372\104\211\156\055\024 -\045\050\044\001\145\326\352\122\254\005\156\126\022\011\075\320 -\164\364\327\275\006\312\250\072\215\126\102\372\215\162\076\164 -\361\003\162\337\207\033\136\016\172\125\226\054\070\267\230\205 -\315\115\063\104\311\224\217\132\061\060\067\113\243\072\022\263 -\347\066\321\041\150\113\055\070\346\123\256\034\045\126\010\126 -\003\147\204\235\306\303\316\044\142\307\114\066\317\260\006\104 -\267\365\137\002\335\331\124\351\057\220\116\172\310\116\203\100 -\014\232\227\074\067\277\277\354\366\360\264\205\167\050\301\013 -\310\147\202\020\027\070\242\267\006\352\233\277\072\370\351\043 -\007\277\164\340\230\070\025\125\170\356\162\000\134\031\243\364 -\322\063\340\377\275\321\124\071\051\017 +\040\122\123\101\060\036\027\015\061\066\060\062\061\062\061\067 +\063\071\063\071\132\027\015\064\061\060\062\061\062\061\067\063 +\071\063\071\132\060\174\061\013\060\011\006\003\125\004\006\023 +\002\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145 +\170\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157 +\165\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017 +\123\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061 +\061\060\057\006\003\125\004\003\014\050\123\123\114\056\143\157 +\155\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 +\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 +\123\101\060\202\002\042\060\015\006\011\052\206\110\206\367\015 +\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 +\002\001\000\371\017\335\243\053\175\313\320\052\376\354\147\205 +\246\347\056\033\272\167\341\343\365\257\244\354\372\112\135\221 +\304\127\107\153\030\167\153\166\362\375\223\344\075\017\302\026 +\236\013\146\303\126\224\236\027\203\205\316\126\357\362\026\375 +\000\142\365\042\011\124\350\145\027\116\101\271\340\117\106\227 +\252\033\310\270\156\142\136\151\261\137\333\052\002\176\374\154 +\312\363\101\330\355\320\350\374\077\141\110\355\260\003\024\035 +\020\016\113\031\340\273\116\354\206\145\377\066\363\136\147\002 +\013\235\206\125\141\375\172\070\355\376\342\031\000\267\157\241 +\120\142\165\164\074\240\372\310\045\222\264\156\172\042\307\370 +\036\241\343\262\335\221\061\253\053\035\004\377\245\112\004\067 +\351\205\244\063\053\375\342\326\125\064\174\031\244\112\150\307 +\262\250\323\267\312\241\223\210\353\301\227\274\214\371\035\331 +\042\204\044\164\307\004\075\152\251\051\223\314\353\270\133\341 +\376\137\045\252\064\130\310\301\043\124\235\033\230\021\303\070 +\234\176\075\206\154\245\017\100\206\174\002\364\134\002\117\050 +\313\256\161\237\017\072\310\063\376\021\045\065\352\374\272\305 +\140\075\331\174\030\325\262\251\323\165\170\003\162\042\312\072 +\303\037\357\054\345\056\251\372\236\054\266\121\106\375\257\003 +\326\352\140\150\352\205\026\066\153\205\351\036\300\263\335\304 +\044\334\200\052\201\101\155\224\076\310\340\311\201\101\000\236 +\136\277\177\305\010\230\242\030\054\102\100\263\371\157\070\047 +\113\116\200\364\075\201\107\340\210\174\352\034\316\265\165\134 +\121\056\034\053\177\032\162\050\347\000\265\321\164\306\327\344 +\237\255\007\223\266\123\065\065\374\067\344\303\366\135\026\276 +\041\163\336\222\012\370\240\143\152\274\226\222\152\076\370\274 +\145\125\233\336\365\015\211\046\004\374\045\032\246\045\151\313 +\302\155\312\174\342\131\137\227\254\353\357\056\310\274\327\033 +\131\074\053\314\362\031\310\223\153\047\143\031\317\374\351\046 +\370\312\161\233\177\223\376\064\147\204\116\231\353\374\263\170 +\011\063\160\272\146\246\166\355\033\163\353\032\245\015\304\042 +\023\040\224\126\012\116\054\154\116\261\375\317\234\011\272\242 +\063\355\207\002\003\001\000\001\243\143\060\141\060\035\006\003 +\125\035\016\004\026\004\024\335\004\011\007\242\365\172\175\122 +\123\022\222\225\356\070\200\045\015\246\131\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003 +\125\035\043\004\030\060\026\200\024\335\004\011\007\242\365\172 +\175\122\123\022\222\225\356\070\200\045\015\246\131\060\016\006 +\003\125\035\017\001\001\377\004\004\003\002\001\206\060\015\006 +\011\052\206\110\206\367\015\001\001\013\005\000\003\202\002\001 +\000\040\030\021\224\051\373\046\235\034\036\036\160\141\361\225 +\162\223\161\044\255\150\223\130\216\062\257\033\263\160\003\374 +\045\053\164\205\220\075\170\152\364\271\213\245\227\073\265\030 +\221\273\036\247\371\100\133\221\371\125\231\257\036\021\320\134 +\035\247\146\343\261\224\007\014\062\071\246\352\033\260\171\330 +\035\234\160\104\343\212\335\304\371\225\037\212\070\103\077\001 +\205\245\107\247\075\106\262\274\345\042\150\367\173\234\330\054 +\076\012\041\310\055\063\254\277\305\201\231\061\164\301\165\161 +\305\276\261\360\043\105\364\235\153\374\031\143\235\243\274\004 +\306\030\013\045\273\123\211\017\263\200\120\336\105\356\104\177 +\253\224\170\144\230\323\366\050\335\207\330\160\145\164\373\016 +\271\023\353\247\017\141\251\062\226\314\336\273\355\143\114\030 +\273\251\100\367\240\124\156\040\210\161\165\030\352\172\264\064 +\162\340\043\047\167\134\266\220\352\206\045\100\253\357\063\017 +\313\237\202\276\242\040\373\366\265\055\032\346\302\205\261\164 +\017\373\310\145\002\244\122\001\107\335\111\042\301\277\330\353 +\153\254\176\336\354\143\063\025\267\043\010\217\306\017\215\101 +\132\335\216\305\271\217\345\105\077\170\333\272\322\033\100\261 +\376\161\115\077\340\201\242\272\136\264\354\025\340\223\335\010 +\037\176\341\125\231\013\041\336\223\236\012\373\346\243\111\275 +\066\060\376\347\167\262\240\165\227\265\055\201\210\027\145\040 +\367\332\220\000\237\311\122\314\062\312\065\174\365\075\017\330 +\053\327\365\046\154\311\006\064\226\026\352\160\131\032\062\171 +\171\013\266\210\177\017\122\110\075\277\154\330\242\104\056\321 +\116\267\162\130\323\211\023\225\376\104\253\370\327\213\033\156 +\234\274\054\240\133\325\152\000\257\137\067\341\325\372\020\013 +\230\234\206\347\046\217\316\360\354\156\212\127\013\200\343\116 +\262\300\240\143\141\220\272\125\150\067\164\152\266\222\333\237 +\241\206\042\266\145\047\016\354\266\237\102\140\344\147\302\265 +\332\101\013\304\323\213\141\033\274\372\037\221\053\327\104\007 +\136\272\051\254\331\305\351\357\123\110\132\353\200\361\050\130 +\041\315\260\006\125\373\047\077\123\220\160\251\004\036\127\047 +\271 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Symantec Class 1 Public Primary Certification Authority - G6" -# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 -# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Tue Oct 18 00:00:00 2011 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9 -# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64 +# Trust for "SSL.com Root Certification Authority RSA" +# Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Serial Number:7b:2c:9b:d3:16:80:32:99 +# Subject: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Not Valid Before: Fri Feb 12 17:39:39 2016 +# Not Valid After : Tue Feb 12 17:39:39 2041 +# Fingerprint (SHA-256): 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69 +# Fingerprint (SHA1): B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G6" +CKA_LABEL UTF8 "SSL.com Root Certification Authority RSA" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\121\177\141\036\051\221\153\123\202\373\162\347\104\331\215\303 -\314\123\155\144 +\267\253\063\010\321\352\104\167\272\024\200\022\132\157\275\251 +\066\111\014\273 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\057\250\264\332\366\144\113\036\202\371\106\075\124\032\174\260 +\206\151\022\300\160\361\354\254\254\302\325\274\245\133\241\051 END CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 +\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 +\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 +\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 +\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 +\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 +\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 +\040\101\165\164\150\157\162\151\164\171\040\122\123\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\044\062\165\362\035\057\322\011\063\367\264\152\312\320 -\363\230 +\002\010\173\054\233\323\026\200\062\231 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Symantec Class 2 Public Primary Certification Authority - G6" +# Certificate "SSL.com Root Certification Authority ECC" # -# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 -# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Tue Oct 18 00:00:00 2011 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0 -# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F +# Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Serial Number:75:e6:df:cb:c1:68:5b:a8 +# Subject: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Not Valid Before: Fri Feb 12 18:14:03 2016 +# Not Valid After : Tue Feb 12 18:14:03 2041 +# Fingerprint (SHA-256): 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65 +# Fingerprint (SHA1): C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6" +CKA_LABEL UTF8 "SSL.com Root Certification Authority ECC" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 +\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 +\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 +\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 +\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 +\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 +\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 +\040\101\165\164\150\157\162\151\164\171\040\105\103\103 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 +\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 +\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 +\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 +\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 +\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 +\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 +\040\101\165\164\150\157\162\151\164\171\040\105\103\103 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261 -\377\101 +\002\010\165\346\337\313\301\150\133\250 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\366\060\202\002\336\240\003\002\001\002\002\020\144 -\202\236\374\067\036\164\135\374\227\377\227\310\261\377\101\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035 -\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145 -\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060 -\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143 -\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105 -\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145 -\143\040\103\154\141\163\163\040\062\040\120\165\142\154\151\143 -\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\066\060\036\027\015\061\061\061\060\061\070\060 -\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063 -\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024 -\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141 -\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123 -\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145 -\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074 -\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\062 -\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165 -\164\150\157\162\151\164\171\040\055\040\107\066\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\315\314\351 -\005\310\143\205\313\077\100\143\027\275\030\372\065\346\004\147 -\127\145\230\051\244\117\311\134\217\017\064\322\370\332\250\023 -\142\252\270\036\120\147\170\260\026\114\240\071\251\025\172\256 -\355\322\242\300\360\220\067\051\030\046\134\350\015\074\266\154 -\111\077\301\340\334\331\113\266\024\031\013\246\323\226\341\326 -\011\343\031\046\034\371\037\145\113\371\032\103\034\000\203\326 -\320\252\111\242\324\333\346\142\070\272\120\024\103\155\371\061 -\370\126\026\331\070\002\221\317\353\154\335\273\071\116\231\341 -\060\147\105\361\324\360\215\303\337\376\362\070\007\041\175\000 -\136\126\104\263\344\140\275\221\053\234\253\133\004\162\017\262 -\050\331\162\253\005\040\102\045\251\133\003\152\040\020\314\061 -\360\053\332\065\054\320\373\232\227\116\360\202\113\053\330\137 -\066\243\013\055\257\143\015\035\045\177\241\156\134\142\241\215 -\050\076\241\374\034\040\370\001\057\272\125\232\021\260\031\322 -\310\120\171\153\016\152\005\327\252\004\066\262\243\362\341\137 -\167\247\167\234\345\036\334\351\337\152\301\145\135\002\003\001 -\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 -\004\024\207\214\040\225\310\230\112\321\326\200\006\112\220\064 -\104\337\034\115\277\260\060\015\006\011\052\206\110\206\367\015 -\001\001\013\005\000\003\202\001\001\000\201\216\262\245\146\226 -\267\041\245\266\357\157\043\132\137\333\201\305\102\245\170\301 -\151\375\364\074\327\371\134\153\160\162\032\374\132\227\115\000 -\200\210\210\202\212\303\161\015\216\305\211\233\054\355\215\013 -\322\162\124\365\175\324\134\103\127\351\363\256\245\002\021\366 -\166\053\201\127\335\175\332\164\060\375\124\107\366\340\026\156 -\246\264\012\110\346\347\165\007\017\051\031\071\316\171\364\266 -\154\305\137\231\325\037\113\372\337\155\054\074\015\124\200\160 -\360\210\013\200\317\306\150\242\270\035\160\331\166\214\374\356 -\245\311\317\255\035\317\231\045\127\132\142\105\313\026\153\275 -\111\315\245\243\214\151\171\045\256\270\114\154\213\100\146\113 -\026\077\317\002\032\335\341\154\153\007\141\152\166\025\051\231 -\177\033\335\210\200\301\277\265\217\163\305\246\226\043\204\246 -\050\206\044\063\152\001\056\127\163\045\266\136\277\217\346\035 -\141\250\100\051\147\035\207\233\035\177\233\237\231\315\061\326 -\124\276\142\273\071\254\150\022\110\221\040\245\313\261\335\376 -\157\374\132\344\202\125\131\257\061\251 +\060\202\002\215\060\202\002\024\240\003\002\001\002\002\010\165 +\346\337\313\301\150\133\250\060\012\006\010\052\206\110\316\075 +\004\003\002\060\174\061\013\060\011\006\003\125\004\006\023\002 +\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145\170 +\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157\165 +\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017\123 +\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061\061 +\060\057\006\003\125\004\003\014\050\123\123\114\056\143\157\155 +\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 +\103\060\036\027\015\061\066\060\062\061\062\061\070\061\064\060 +\063\132\027\015\064\061\060\062\061\062\061\070\061\064\060\063 +\132\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 +\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 +\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 +\040\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057 +\006\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122 +\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157 +\156\040\101\165\164\150\157\162\151\164\171\040\105\103\103\060 +\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201 +\004\000\042\003\142\000\004\105\156\251\120\304\246\043\066\236 +\137\050\215\027\313\226\042\144\077\334\172\216\035\314\010\263 +\242\161\044\272\216\111\271\004\033\107\226\130\253\055\225\310 +\355\236\010\065\310\047\353\211\214\123\130\353\142\212\376\360 +\133\017\153\061\122\143\101\073\211\315\354\354\266\215\031\323 +\064\007\334\273\306\006\177\302\105\225\354\313\177\250\043\340 +\011\351\201\372\363\107\323\243\143\060\141\060\035\006\003\125 +\035\016\004\026\004\024\202\321\205\163\060\347\065\004\323\216 +\002\222\373\345\244\321\304\041\350\315\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125 +\035\043\004\030\060\026\200\024\202\321\205\163\060\347\065\004 +\323\216\002\222\373\345\244\321\304\041\350\315\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\206\060\012\006\010 +\052\206\110\316\075\004\003\002\003\147\000\060\144\002\060\157 +\347\353\131\021\244\140\317\141\260\226\173\355\005\371\057\023 +\221\334\355\345\374\120\153\021\106\106\263\034\041\000\142\273 +\276\303\347\350\315\007\231\371\015\013\135\162\076\304\252\002 +\060\037\274\272\013\342\060\044\373\174\155\200\125\012\231\076 +\200\015\063\345\146\243\263\243\273\245\325\213\217\011\054\246 +\135\176\342\360\007\010\150\155\322\174\151\156\137\337\345\152 +\145 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Symantec Class 2 Public Primary Certification Authority - G6" -# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 -# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Tue Oct 18 00:00:00 2011 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0 -# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F +# Trust for "SSL.com Root Certification Authority ECC" +# Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Serial Number:75:e6:df:cb:c1:68:5b:a8 +# Subject: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Not Valid Before: Fri Feb 12 18:14:03 2016 +# Not Valid After : Tue Feb 12 18:14:03 2041 +# Fingerprint (SHA-256): 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65 +# Fingerprint (SHA1): C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6" +CKA_LABEL UTF8 "SSL.com Root Certification Authority ECC" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\100\263\061\240\351\277\350\125\274\071\223\312\160\117\116\302 -\121\324\035\217 +\303\031\174\071\044\346\124\257\033\304\253\040\225\172\342\303 +\016\023\002\152 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\175\013\203\345\373\174\255\007\117\040\251\265\337\143\355\171 +\056\332\344\071\177\234\217\067\321\160\237\046\027\121\072\216 END CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 +\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 +\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 +\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 +\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 +\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 +\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 +\040\101\165\164\150\157\162\151\164\171\040\105\103\103 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261 -\377\101 +\002\010\165\346\337\313\301\150\133\250 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Symantec Class 1 Public Primary Certification Authority - G4" +# Certificate "SSL.com EV Root Certification Authority RSA R2" # -# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 -# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Wed Oct 05 00:00:00 2011 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF -# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 +# Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Serial Number:56:b6:29:cd:34:bc:78:f6 +# Subject: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Not Valid Before: Wed May 31 18:14:37 2017 +# Not Valid After : Fri May 30 18:14:37 2042 +# Fingerprint (SHA-256): 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C +# Fingerprint (SHA1): 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4" +CKA_LABEL UTF8 "SSL.com EV Root Certification Authority RSA R2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 +\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 +\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 +\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065 +\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105 +\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 +\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 +\123\101\040\122\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 +\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 +\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 +\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065 +\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105 +\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 +\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 +\123\101\040\122\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074 -\304\330 +\002\010\126\266\051\315\064\274\170\366 END CKA_VALUE MULTILINE_OCTAL -\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\041 -\156\063\245\313\323\210\244\157\051\007\264\047\074\304\330\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006 -\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103 -\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003 -\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162 -\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006 -\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103 -\154\141\163\163\040\061\040\120\165\142\154\151\143\040\120\162 -\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040 -\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060 -\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 -\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155 -\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157 -\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141 -\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157 -\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155 -\141\156\164\145\143\040\103\154\141\163\163\040\061\040\120\165 -\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162 +\060\202\005\353\060\202\003\323\240\003\002\001\002\002\010\126 +\266\051\315\064\274\170\366\060\015\006\011\052\206\110\206\367 +\015\001\001\013\005\000\060\201\202\061\013\060\011\006\003\125 +\004\006\023\002\125\123\061\016\060\014\006\003\125\004\010\014 +\005\124\145\170\141\163\061\020\060\016\006\003\125\004\007\014 +\007\110\157\165\163\164\157\156\061\030\060\026\006\003\125\004 +\012\014\017\123\123\114\040\103\157\162\160\157\162\141\164\151 +\157\156\061\067\060\065\006\003\125\004\003\014\056\123\123\114 +\056\143\157\155\040\105\126\040\122\157\157\164\040\103\145\162 \164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\327\146\265\033\333\256\263\140\356\106\352\210\143\165\073 -\052\224\155\363\137\022\366\343\017\236\266\012\024\123\110\122 -\310\334\072\263\313\110\040\046\022\116\372\211\204\324\337\221 -\344\051\175\050\001\331\333\030\103\151\241\037\265\323\206\026 -\334\307\177\147\043\337\337\061\061\203\003\065\160\261\113\267 -\310\027\273\121\313\334\224\027\333\352\011\073\166\022\336\252 -\265\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 -\024\145\300\215\045\365\014\272\227\167\220\077\236\056\340\132 -\365\316\325\341\344\060\012\006\010\052\206\110\316\075\004\003 -\003\003\151\000\060\146\002\061\000\245\256\343\106\123\370\230 -\066\343\042\372\056\050\111\015\356\060\176\063\363\354\077\161 -\136\314\125\211\170\231\254\262\375\334\034\134\063\216\051\271 -\153\027\310\021\150\265\334\203\007\002\061\000\234\310\104\332 -\151\302\066\303\124\031\020\205\002\332\235\107\357\101\347\154 -\046\235\011\075\367\155\220\321\005\104\057\260\274\203\223\150 -\362\014\105\111\071\277\231\004\034\323\020\240 +\162\151\164\171\040\122\123\101\040\122\062\060\036\027\015\061 +\067\060\065\063\061\061\070\061\064\063\067\132\027\015\064\062 +\060\065\063\060\061\070\061\064\063\067\132\060\201\202\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\016\060\014\006 +\003\125\004\010\014\005\124\145\170\141\163\061\020\060\016\006 +\003\125\004\007\014\007\110\157\165\163\164\157\156\061\030\060 +\026\006\003\125\004\012\014\017\123\123\114\040\103\157\162\160 +\157\162\141\164\151\157\156\061\067\060\065\006\003\125\004\003 +\014\056\123\123\114\056\143\157\155\040\105\126\040\122\157\157 +\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040 +\101\165\164\150\157\162\151\164\171\040\122\123\101\040\122\062 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\217\066\145\100\341\326\115\300\327\264\351\106\332\153\352 +\063\107\315\114\371\175\175\276\275\055\075\360\333\170\341\206 +\245\331\272\011\127\150\355\127\076\240\320\010\101\203\347\050 +\101\044\037\343\162\025\320\001\032\373\136\160\043\262\313\237 +\071\343\317\305\116\306\222\155\046\306\173\273\263\332\047\235 +\012\206\351\201\067\005\376\360\161\161\354\303\034\351\143\242 +\027\024\235\357\033\147\323\205\125\002\002\326\111\311\314\132 +\341\261\367\157\062\237\311\324\073\210\101\250\234\275\313\253 +\333\155\173\011\037\242\114\162\220\332\053\010\374\317\074\124 +\316\147\017\250\317\135\226\031\013\304\343\162\353\255\321\175 +\035\047\357\222\353\020\277\133\353\073\257\317\200\335\301\322 +\226\004\133\172\176\244\251\074\070\166\244\142\216\240\071\136 +\352\167\317\135\000\131\217\146\054\076\007\242\243\005\046\021 +\151\227\352\205\267\017\226\013\113\310\100\341\120\272\056\212 +\313\367\017\232\042\347\177\232\067\023\315\362\115\023\153\041 +\321\300\314\042\362\241\106\366\104\151\234\312\141\065\007\000 +\157\326\141\010\021\352\272\270\366\351\263\140\345\115\271\354 +\237\024\146\311\127\130\333\315\207\151\370\212\206\022\003\107 +\277\146\023\166\254\167\175\064\044\205\203\315\327\252\234\220 +\032\237\041\054\177\170\267\144\270\330\350\246\364\170\263\125 +\313\204\322\062\304\170\256\243\217\141\335\316\010\123\255\354 +\210\374\025\344\232\015\346\237\032\167\316\114\217\270\024\025 +\075\142\234\206\070\006\000\146\022\344\131\166\132\123\300\002 +\230\242\020\053\150\104\173\216\171\316\063\112\166\252\133\201 +\026\033\265\212\330\320\000\173\136\142\264\011\326\206\143\016 +\246\005\225\111\272\050\213\210\223\262\064\034\330\244\125\156 +\267\034\320\336\231\125\073\043\364\042\340\371\051\146\046\354 +\040\120\167\333\112\013\217\276\345\002\140\160\101\136\324\256 +\120\071\042\024\046\313\262\073\163\164\125\107\007\171\201\071 +\250\060\023\104\345\004\212\256\226\023\045\102\017\271\123\304 +\233\374\315\344\034\336\074\372\253\326\006\112\037\147\246\230 +\060\034\335\054\333\334\030\225\127\146\306\377\134\213\126\365 +\167\002\003\001\000\001\243\143\060\141\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125 +\035\043\004\030\060\026\200\024\371\140\273\324\343\325\064\366 +\270\365\006\200\045\247\163\333\106\151\250\236\060\035\006\003 +\125\035\016\004\026\004\024\371\140\273\324\343\325\064\366\270 +\365\006\200\045\247\163\333\106\151\250\236\060\016\006\003\125 +\035\017\001\001\377\004\004\003\002\001\206\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\126 +\263\216\313\012\235\111\216\277\244\304\221\273\146\027\005\121 +\230\165\373\345\120\054\172\236\361\024\372\253\323\212\076\377 +\221\051\217\143\213\330\264\251\124\001\015\276\223\206\057\371 +\112\155\307\136\365\127\371\312\125\034\022\276\107\017\066\305 +\337\152\267\333\165\302\107\045\177\271\361\143\370\150\055\125 +\004\321\362\215\260\244\317\274\074\136\037\170\347\245\240\040 +\160\260\004\305\267\367\162\247\336\042\015\275\063\045\106\214 +\144\222\046\343\076\056\143\226\332\233\214\075\370\030\011\327 +\003\314\175\206\202\340\312\004\007\121\120\327\377\222\325\014 +\357\332\206\237\231\327\353\267\257\150\342\071\046\224\272\150 +\267\277\203\323\352\172\147\075\142\147\256\045\345\162\350\342 +\344\354\256\022\366\113\053\074\237\351\260\100\363\070\124\263 +\375\267\150\310\332\306\217\121\074\262\373\221\334\034\347\233 +\235\341\267\015\162\217\342\244\304\251\170\371\353\024\254\306 +\103\005\302\145\071\050\030\002\303\202\262\235\005\276\145\355 +\226\137\145\164\074\373\011\065\056\173\234\023\375\033\017\135 +\307\155\201\072\126\017\314\073\341\257\002\057\042\254\106\312 +\106\074\240\034\114\326\104\264\136\056\134\025\146\011\341\046 +\051\376\306\122\141\272\261\163\377\303\014\234\345\154\152\224 +\077\024\312\100\026\225\204\363\131\251\254\137\114\141\223\155 +\321\073\314\242\225\014\042\246\147\147\104\056\271\331\322\212 +\101\263\146\013\132\373\175\043\245\362\032\260\377\336\233\203 +\224\056\321\077\337\222\267\221\257\005\073\145\307\240\154\261 +\315\142\022\303\220\033\343\045\316\064\274\157\167\166\261\020 +\303\367\005\032\300\326\257\164\142\110\027\167\222\151\220\141 +\034\336\225\200\164\124\217\030\034\303\363\003\320\277\244\103 +\165\206\123\030\172\012\056\011\034\066\237\221\375\202\212\042 +\113\321\016\120\045\335\313\003\014\027\311\203\000\010\116\065 +\115\212\213\355\360\002\224\146\054\104\177\313\225\047\226\027 +\255\011\060\254\266\161\027\156\213\027\366\034\011\324\055\073 +\230\245\161\323\124\023\331\140\363\365\113\146\117\372\361\356 +\040\022\215\264\254\127\261\105\143\241\254\166\251\302\373 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "SSL.com EV Root Certification Authority RSA R2" +# Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Serial Number:56:b6:29:cd:34:bc:78:f6 +# Subject: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Not Valid Before: Wed May 31 18:14:37 2017 +# Not Valid After : Fri May 30 18:14:37 2042 +# Fingerprint (SHA-256): 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C +# Fingerprint (SHA1): 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SSL.com EV Root Certification Authority RSA R2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\164\072\360\122\233\320\062\240\364\112\203\315\324\272\251\173 +\174\056\304\232 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\341\036\061\130\032\256\124\123\002\366\027\152\021\173\115\225 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 +\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 +\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 +\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065 +\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105 +\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 +\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 +\123\101\040\122\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\010\126\266\051\315\064\274\170\366 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "SSL.com EV Root Certification Authority ECC" +# +# Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Serial Number:2c:29:9c:5b:16:ed:05:95 +# Subject: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Not Valid Before: Fri Feb 12 18:15:23 2016 +# Not Valid After : Tue Feb 12 18:15:23 2041 +# Fingerprint (SHA-256): 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8 +# Fingerprint (SHA1): 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SSL.com EV Root Certification Authority ECC" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 +\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 +\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 +\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006 +\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126 +\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 +\103 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 +\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 +\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 +\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006 +\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126 +\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 +\103 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\010\054\051\234\133\026\355\005\225 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\224\060\202\002\032\240\003\002\001\002\002\010\054 +\051\234\133\026\355\005\225\060\012\006\010\052\206\110\316\075 +\004\003\002\060\177\061\013\060\011\006\003\125\004\006\023\002 +\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145\170 +\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157\165 +\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017\123 +\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061\064 +\060\062\006\003\125\004\003\014\053\123\123\114\056\143\157\155 +\040\105\126\040\122\157\157\164\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\040\105\103\103\060\036\027\015\061\066\060\062\061\062\061\070 +\061\065\062\063\132\027\015\064\061\060\062\061\062\061\070\061 +\065\062\063\132\060\177\061\013\060\011\006\003\125\004\006\023 +\002\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145 +\170\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157 +\165\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017 +\123\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061 +\064\060\062\006\003\125\004\003\014\053\123\123\114\056\143\157 +\155\040\105\126\040\122\157\157\164\040\103\145\162\164\151\146 +\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 +\171\040\105\103\103\060\166\060\020\006\007\052\206\110\316\075 +\002\001\006\005\053\201\004\000\042\003\142\000\004\252\022\107 +\220\230\033\373\357\303\100\007\203\040\116\361\060\202\242\006 +\321\362\222\206\141\362\366\041\150\312\000\304\307\352\103\000 +\124\206\334\375\037\337\000\270\101\142\134\334\160\026\062\336 +\037\231\324\314\305\007\310\010\037\141\026\007\121\075\175\134 +\007\123\343\065\070\214\337\315\237\331\056\015\112\266\031\056 +\132\160\132\006\355\276\360\241\260\312\320\011\051\243\143\060 +\141\060\035\006\003\125\035\016\004\026\004\024\133\312\136\345 +\336\322\201\252\315\250\055\144\121\266\331\162\233\227\346\117 +\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 +\377\060\037\006\003\125\035\043\004\030\060\026\200\024\133\312 +\136\345\336\322\201\252\315\250\055\144\121\266\331\162\233\227 +\346\117\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\206\060\012\006\010\052\206\110\316\075\004\003\002\003\150 +\000\060\145\002\061\000\212\346\100\211\067\353\351\325\023\331 +\312\324\153\044\363\260\075\207\106\130\032\354\261\337\157\373 +\126\272\160\153\307\070\314\350\261\214\117\017\367\361\147\166 +\016\203\320\036\121\217\002\060\075\366\043\050\046\114\306\140 +\207\223\046\233\262\065\036\272\326\367\074\321\034\316\372\045 +\074\246\032\201\025\133\363\022\017\154\356\145\212\311\207\250 +\371\007\340\142\232\214\134\112 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Symantec Class 1 Public Primary Certification Authority - G4" -# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 -# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Wed Oct 05 00:00:00 2011 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF -# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 +# Trust for "SSL.com EV Root Certification Authority ECC" +# Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Serial Number:2c:29:9c:5b:16:ed:05:95 +# Subject: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US +# Not Valid Before: Fri Feb 12 18:15:23 2016 +# Not Valid After : Tue Feb 12 18:15:23 2041 +# Fingerprint (SHA-256): 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8 +# Fingerprint (SHA1): 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4" +CKA_LABEL UTF8 "SSL.com EV Root Certification Authority ECC" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\204\362\343\335\203\023\076\251\035\031\122\177\002\327\051\277 -\301\137\346\147 +\114\335\121\243\321\365\040\062\024\260\306\305\062\043\003\221 +\307\106\102\155 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\004\345\200\077\125\377\131\207\244\062\322\025\245\345\252\346 +\131\123\042\145\203\102\001\124\300\316\102\271\132\174\362\220 END CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 +\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 +\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 +\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 +\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006 +\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126 +\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 +\103 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074 -\304\330 +\002\010\054\051\234\133\026\355\005\225 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Symantec Class 2 Public Primary Certification Authority - G4" +# Certificate "GlobalSign Root CA - R6" # -# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e -# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Wed Oct 05 00:00:00 2011 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92 -# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B +# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 +# Serial Number:45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51 +# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 +# Not Valid Before: Wed Dec 10 00:00:00 2014 +# Not Valid After : Sun Dec 10 00:00:00 2034 +# Fingerprint (SHA-256): 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69 +# Fingerprint (SHA1): 80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4" +CKA_LABEL UTF8 "GlobalSign Root CA - R6" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 +\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 +\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 +\055\040\122\066\061\023\060\021\006\003\125\004\012\023\012\107 +\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 +\004\003\023\012\107\154\157\142\141\154\123\151\147\156 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 +\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 +\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 +\055\040\122\066\061\023\060\021\006\003\125\004\012\023\012\107 +\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 +\004\003\023\012\107\154\157\142\141\154\123\151\147\156 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125 -\246\036 +\002\016\105\346\273\003\203\063\303\205\145\110\346\377\105\121 END CKA_VALUE MULTILINE_OCTAL -\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\064 -\027\145\022\100\073\267\126\200\055\200\313\171\125\246\036\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006 -\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103 -\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003 -\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162 -\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006 -\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103 -\154\141\163\163\040\062\040\120\165\142\154\151\143\040\120\162 -\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040 -\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060 -\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 -\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155 -\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157 -\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141 -\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157 -\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155 -\141\156\164\145\143\040\103\154\141\163\163\040\062\040\120\165 -\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\321\331\112\216\114\015\204\112\121\272\174\357\323\314\372 -\072\232\265\247\143\023\075\001\340\111\076\372\301\107\311\222 -\263\072\327\376\157\234\367\232\072\017\365\016\012\012\303\077 -\310\347\022\024\216\325\325\155\230\054\263\161\062\012\353\052 -\275\366\327\152\040\013\147\105\234\322\262\277\123\042\146\011 -\135\333\021\363\361\005\063\130\243\342\270\317\174\315\202\233 -\275\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 -\024\075\062\363\072\251\014\220\204\371\242\214\151\006\141\124 -\057\207\162\376\005\060\012\006\010\052\206\110\316\075\004\003 -\003\003\151\000\060\146\002\061\000\310\246\251\257\101\177\265 -\311\021\102\026\150\151\114\134\270\047\030\266\230\361\300\177 -\220\155\207\323\214\106\027\360\076\117\374\352\260\010\304\172 -\113\274\010\057\307\342\247\157\145\002\061\000\326\131\336\206 -\316\137\016\312\124\325\306\320\025\016\374\213\224\162\324\216 -\000\130\123\317\176\261\113\015\345\120\206\353\236\153\337\377 -\051\246\330\107\331\240\226\030\333\362\105\263 +\060\202\005\203\060\202\003\153\240\003\002\001\002\002\016\105 +\346\273\003\203\063\303\205\145\110\346\377\105\121\060\015\006 +\011\052\206\110\206\367\015\001\001\014\005\000\060\114\061\040 +\060\036\006\003\125\004\013\023\027\107\154\157\142\141\154\123 +\151\147\156\040\122\157\157\164\040\103\101\040\055\040\122\066 +\061\023\060\021\006\003\125\004\012\023\012\107\154\157\142\141 +\154\123\151\147\156\061\023\060\021\006\003\125\004\003\023\012 +\107\154\157\142\141\154\123\151\147\156\060\036\027\015\061\064 +\061\062\061\060\060\060\060\060\060\060\132\027\015\063\064\061 +\062\061\060\060\060\060\060\060\060\132\060\114\061\040\060\036 +\006\003\125\004\013\023\027\107\154\157\142\141\154\123\151\147 +\156\040\122\157\157\164\040\103\101\040\055\040\122\066\061\023 +\060\021\006\003\125\004\012\023\012\107\154\157\142\141\154\123 +\151\147\156\061\023\060\021\006\003\125\004\003\023\012\107\154 +\157\142\141\154\123\151\147\156\060\202\002\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 +\060\202\002\012\002\202\002\001\000\225\007\350\163\312\146\371 +\354\024\312\173\074\367\015\010\361\264\105\013\054\202\264\110 +\306\353\133\074\256\203\270\101\222\063\024\244\157\177\351\052 +\314\306\260\210\153\305\266\211\321\306\262\377\024\316\121\024 +\041\354\112\335\033\132\306\326\207\356\115\072\025\006\355\144 +\146\013\222\200\312\104\336\163\224\116\363\247\211\177\117\170 +\143\010\310\022\120\155\102\146\057\115\271\171\050\115\122\032 +\212\032\200\267\031\201\016\176\304\212\274\144\114\041\034\103 +\150\327\075\074\212\305\262\146\325\220\232\267\061\006\305\276 +\342\155\062\006\246\036\371\271\353\252\243\270\277\276\202\143 +\120\320\360\030\211\337\344\017\171\365\352\242\037\052\322\160 +\056\173\347\274\223\273\155\123\342\110\174\214\020\007\070\377 +\146\262\167\141\176\340\352\214\074\252\264\244\366\363\225\112 +\022\007\155\375\214\262\211\317\320\240\141\167\310\130\164\260 +\324\043\072\367\135\072\312\242\333\235\011\336\135\104\055\220 +\361\201\315\127\222\372\176\274\120\004\143\064\337\153\223\030 +\276\153\066\262\071\344\254\044\066\267\360\357\266\034\023\127 +\223\266\336\262\370\342\205\267\163\242\270\065\252\105\362\340 +\235\066\241\157\124\212\361\162\126\156\056\210\305\121\102\104 +\025\224\356\243\305\070\226\233\116\116\132\013\107\363\006\066 +\111\167\060\274\161\067\345\246\354\041\010\165\374\346\141\026 +\077\167\325\331\221\227\204\012\154\324\002\115\164\300\024\355 +\375\071\373\203\362\136\024\241\004\260\013\351\376\356\217\341 +\156\013\262\010\263\141\146\011\152\261\006\072\145\226\131\300 +\360\065\375\311\332\050\215\032\021\207\160\201\012\250\232\165 +\035\236\072\206\005\000\236\333\200\326\045\371\334\005\236\047 +\131\114\166\071\133\352\371\245\241\330\203\017\321\377\337\060 +\021\371\205\317\063\110\365\312\155\144\024\054\172\130\117\323 +\113\010\111\305\225\144\032\143\016\171\075\365\263\214\312\130 +\255\234\102\105\171\156\016\207\031\134\124\261\145\266\277\214 +\233\334\023\351\015\157\270\056\334\147\156\311\213\021\265\204 +\024\212\000\031\160\203\171\221\227\221\324\032\047\277\067\036 +\062\007\330\024\143\074\050\114\257\002\003\001\000\001\243\143 +\060\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\035\006\003\125\035\016\004\026\004\024\256\154 +\005\243\223\023\342\242\347\342\327\034\326\307\360\177\310\147 +\123\240\060\037\006\003\125\035\043\004\030\060\026\200\024\256 +\154\005\243\223\023\342\242\347\342\327\034\326\307\360\177\310 +\147\123\240\060\015\006\011\052\206\110\206\367\015\001\001\014 +\005\000\003\202\002\001\000\203\045\355\350\321\375\225\122\315 +\236\300\004\240\221\151\346\134\320\204\336\334\255\242\117\350 +\107\170\326\145\230\251\133\250\074\207\174\002\212\321\156\267 +\026\163\346\137\300\124\230\325\164\276\301\315\342\021\221\255 +\043\030\075\335\341\162\104\226\264\225\136\300\173\216\231\170 +\026\103\023\126\127\263\242\263\073\265\167\334\100\162\254\243 +\353\233\065\076\261\010\041\241\347\304\103\067\171\062\276\265 +\347\234\054\114\274\103\051\231\216\060\323\254\041\340\343\035 +\372\330\007\063\166\124\000\042\052\271\115\040\056\160\150\332 +\345\123\374\203\134\323\235\362\377\104\014\104\146\362\322\343 +\275\106\000\032\155\002\272\045\135\215\241\061\121\335\124\106 +\034\115\333\231\226\357\032\034\004\134\246\025\357\170\340\171 +\376\135\333\076\252\114\125\375\232\025\251\157\341\246\373\337 +\160\060\351\303\356\102\106\355\302\223\005\211\372\175\143\173 +\077\320\161\201\174\000\350\230\256\016\170\064\303\045\373\257 +\012\237\040\153\335\073\023\217\022\214\342\101\032\110\172\163 +\240\167\151\307\266\134\177\202\310\036\376\130\033\050\053\250 +\154\255\136\155\300\005\322\173\267\353\200\376\045\067\376\002 +\233\150\254\102\135\303\356\365\314\334\360\120\165\322\066\151 +\234\346\173\004\337\156\006\151\266\336\012\011\110\131\207\353 +\173\024\140\172\144\252\151\103\357\221\307\114\354\030\335\154 +\357\123\055\214\231\341\136\362\162\076\317\124\310\275\147\354 +\244\017\114\105\377\323\271\060\043\007\114\217\020\277\206\226 +\331\231\132\264\231\127\034\244\314\273\025\211\123\272\054\005 +\017\344\304\236\031\261\030\064\325\114\235\272\355\367\037\257 +\044\225\004\170\250\003\273\356\201\345\332\137\174\213\112\241 +\220\164\045\247\263\076\113\310\054\126\275\307\310\357\070\342 +\134\222\360\171\367\234\204\272\164\055\141\001\040\176\176\321 +\362\117\007\131\137\213\055\103\122\353\106\014\224\341\365\146 +\107\171\167\325\124\133\037\255\044\067\313\105\132\116\240\104 +\110\310\330\260\231\305\025\204\011\366\326\111\111\300\145\270 +\346\032\161\156\240\250\361\202\350\105\076\154\326\002\327\012 +\147\203\005\132\311\244\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Symantec Class 2 Public Primary Certification Authority - G4" -# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e -# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Wed Oct 05 00:00:00 2011 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92 -# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "GlobalSign Root CA - R6" +# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 +# Serial Number:45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51 +# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 +# Not Valid Before: Wed Dec 10 00:00:00 2014 +# Not Valid After : Sun Dec 10 00:00:00 2034 +# Fingerprint (SHA-256): 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69 +# Fingerprint (SHA1): 80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4" +CKA_LABEL UTF8 "GlobalSign Root CA - R6" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\147\044\220\056\110\001\260\042\226\100\020\106\264\261\147\054 -\251\165\375\053 +\200\224\144\016\265\247\241\312\021\234\037\335\325\237\201\002 +\143\247\373\321 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\160\325\060\361\332\224\227\324\327\164\337\276\355\150\336\226 +\117\335\007\344\324\042\144\071\036\014\067\102\352\321\306\256 END CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 +\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 +\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 +\055\040\122\066\061\023\060\021\006\003\125\004\012\023\012\107 +\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 +\004\003\023\012\107\154\157\142\141\154\123\151\147\156 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125 -\246\036 +\002\016\105\346\273\003\203\063\303\205\145\110\346\377\105\121 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "D-TRUST Root CA 3 2013" +# Certificate "OISTE WISeKey Global Root GC CA" # -# Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE -# Serial Number: 1039788 (0xfddac) -# Subject: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE -# Not Valid Before: Fri Sep 20 08:25:51 2013 -# Not Valid After : Wed Sep 20 08:25:51 2028 -# Fingerprint (SHA-256): A1:A8:6D:04:12:1E:B8:7F:02:7C:66:F5:33:03:C2:8E:57:39:F9:43:FC:84:B3:8A:D6:AF:00:90:35:DD:94:57 -# Fingerprint (SHA1): 6C:7C:CC:E7:D4:AE:51:5F:99:08:CD:3F:F6:E8:C3:78:DF:6F:EF:97 +# Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Serial Number:21:2a:56:0c:ae:da:0c:ab:40:45:bf:2b:a2:2d:3a:ea +# Subject: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Not Valid Before: Tue May 09 09:48:34 2017 +# Not Valid After : Fri May 09 09:58:33 2042 +# Fingerprint (SHA-256): 85:60:F9:1C:36:24:DA:BA:95:70:B5:FE:A0:DB:E3:6F:F1:1A:83:23:BE:94:86:85:4F:B3:F3:4A:55:71:19:8D +# Fingerprint (SHA1): E0:11:84:5E:34:DE:BE:88:81:B9:9C:F6:16:26:D1:96:1F:C3:B9:31 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "D-TRUST Root CA 3 2013" +CKA_LABEL UTF8 "OISTE WISeKey Global Root GC CA" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003\014 -\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103\101 -\040\063\040\062\060\061\063 +\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 +\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 +\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 +\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 +\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 +\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 +\157\142\141\154\040\122\157\157\164\040\107\103\040\103\101 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003\014 -\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103\101 -\040\063\040\062\060\061\063 +\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 +\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 +\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 +\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 +\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 +\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 +\157\142\141\154\040\122\157\157\164\040\107\103\040\103\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\017\335\254 +\002\020\041\052\126\014\256\332\014\253\100\105\277\053\242\055 +\072\352 END CKA_VALUE MULTILINE_OCTAL -\060\202\004\016\060\202\002\366\240\003\002\001\002\002\003\017 -\335\254\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165 -\163\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003 -\014\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103 -\101\040\063\040\062\060\061\063\060\036\027\015\061\063\060\071 -\062\060\060\070\062\065\065\061\132\027\015\062\070\060\071\062 -\060\060\070\062\065\065\061\132\060\105\061\013\060\011\006\003 -\125\004\006\023\002\104\105\061\025\060\023\006\003\125\004\012 -\014\014\104\055\124\162\165\163\164\040\107\155\142\110\061\037 -\060\035\006\003\125\004\003\014\026\104\055\124\122\125\123\124 -\040\122\157\157\164\040\103\101\040\063\040\062\060\061\063\060 -\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001 -\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000 -\304\173\102\222\202\037\354\355\124\230\216\022\300\312\011\337 -\223\156\072\223\134\033\344\020\167\236\116\151\210\154\366\341 -\151\362\366\233\242\141\261\275\007\040\164\230\145\361\214\046 -\010\315\250\065\312\200\066\321\143\155\350\104\172\202\303\154 -\136\336\273\350\066\322\304\150\066\214\237\062\275\204\042\340 -\334\302\356\020\106\071\155\257\223\071\256\207\346\303\274\011 -\311\054\153\147\133\331\233\166\165\114\013\340\273\305\327\274 -\076\171\362\137\276\321\220\127\371\256\366\146\137\061\277\323 -\155\217\247\272\112\363\043\145\273\267\357\243\045\327\012\352 -\130\266\357\210\372\372\171\262\122\130\325\360\254\214\241\121 -\164\051\225\252\121\073\220\062\003\237\034\162\164\220\336\075 -\355\141\322\345\343\375\144\107\345\271\267\112\251\367\037\256 -\226\206\004\254\057\343\244\201\167\267\132\026\377\330\017\077 -\366\267\170\314\244\257\372\133\074\022\133\250\122\211\162\357 -\210\363\325\104\201\206\225\043\237\173\335\274\331\064\357\174 -\224\074\252\300\101\302\343\235\120\032\300\344\031\042\374\263 -\002\003\001\000\001\243\202\001\005\060\202\001\001\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035 -\006\003\125\035\016\004\026\004\024\077\220\310\175\307\025\157 -\363\044\217\251\303\057\113\242\017\041\262\057\347\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\276 -\006\003\125\035\037\004\201\266\060\201\263\060\164\240\162\240 -\160\206\156\154\144\141\160\072\057\057\144\151\162\145\143\164 -\157\162\171\056\144\055\164\162\165\163\164\056\156\145\164\057 -\103\116\075\104\055\124\122\125\123\124\045\062\060\122\157\157 -\164\045\062\060\103\101\045\062\060\063\045\062\060\062\060\061 -\063\054\117\075\104\055\124\162\165\163\164\045\062\060\107\155 -\142\110\054\103\075\104\105\077\143\145\162\164\151\146\151\143 -\141\164\145\162\145\166\157\143\141\164\151\157\156\154\151\163 -\164\060\073\240\071\240\067\206\065\150\164\164\160\072\057\057 -\143\162\154\056\144\055\164\162\165\163\164\056\156\145\164\057 -\143\162\154\057\144\055\164\162\165\163\164\137\162\157\157\164 -\137\143\141\137\063\137\062\060\061\063\056\143\162\154\060\015 -\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001 -\001\000\016\131\016\130\344\164\110\043\104\317\064\041\265\234 -\024\032\255\232\113\267\263\210\155\134\251\027\160\360\052\237 -\215\173\371\173\205\372\307\071\350\020\010\260\065\053\137\317 -\002\322\323\234\310\013\036\356\005\124\256\067\223\004\011\175 -\154\217\302\164\274\370\034\224\276\061\001\100\055\363\044\040 -\267\204\125\054\134\310\365\164\112\020\031\213\243\307\355\065 -\326\011\110\323\016\300\272\071\250\260\106\002\260\333\306\210 -\131\302\276\374\173\261\053\317\176\142\207\125\226\314\001\157 -\233\147\041\225\065\213\370\020\374\161\033\267\113\067\151\246 -\073\326\354\213\356\301\260\363\045\311\217\222\175\241\352\303 -\312\104\277\046\245\164\222\234\343\164\353\235\164\331\313\115 -\207\330\374\264\151\154\213\240\103\007\140\170\227\351\331\223 -\174\302\106\274\233\067\122\243\355\212\074\023\251\173\123\113 -\111\232\021\005\054\013\156\126\254\037\056\202\154\340\151\147 -\265\016\155\055\331\344\300\025\361\077\372\030\162\341\025\155 -\047\133\055\060\050\053\237\110\232\144\053\231\357\362\165\111 -\137\134 +\060\202\002\151\060\202\001\357\240\003\002\001\002\002\020\041 +\052\126\014\256\332\014\253\100\105\277\053\242\055\072\352\060 +\012\006\010\052\206\110\316\075\004\003\003\060\155\061\013\060 +\011\006\003\125\004\006\023\002\103\110\061\020\060\016\006\003 +\125\004\012\023\007\127\111\123\145\113\145\171\061\042\060\040 +\006\003\125\004\013\023\031\117\111\123\124\105\040\106\157\165 +\156\144\141\164\151\157\156\040\105\156\144\157\162\163\145\144 +\061\050\060\046\006\003\125\004\003\023\037\117\111\123\124\105 +\040\127\111\123\145\113\145\171\040\107\154\157\142\141\154\040 +\122\157\157\164\040\107\103\040\103\101\060\036\027\015\061\067 +\060\065\060\071\060\071\064\070\063\064\132\027\015\064\062\060 +\065\060\071\060\071\065\070\063\063\132\060\155\061\013\060\011 +\006\003\125\004\006\023\002\103\110\061\020\060\016\006\003\125 +\004\012\023\007\127\111\123\145\113\145\171\061\042\060\040\006 +\003\125\004\013\023\031\117\111\123\124\105\040\106\157\165\156 +\144\141\164\151\157\156\040\105\156\144\157\162\163\145\144\061 +\050\060\046\006\003\125\004\003\023\037\117\111\123\124\105\040 +\127\111\123\145\113\145\171\040\107\154\157\142\141\154\040\122 +\157\157\164\040\107\103\040\103\101\060\166\060\020\006\007\052 +\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 +\004\114\351\120\300\306\017\162\030\274\330\361\272\263\211\342 +\171\112\243\026\247\153\124\044\333\121\377\352\364\011\044\303 +\013\042\237\313\152\047\202\201\015\322\300\257\061\344\164\202 +\156\312\045\331\214\165\235\361\333\320\232\242\113\041\176\026 +\247\143\220\322\071\324\261\207\170\137\030\226\017\120\033\065 +\067\017\152\306\334\331\023\115\244\216\220\067\346\275\133\061 +\221\243\124\060\122\060\016\006\003\125\035\017\001\001\377\004 +\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 +\024\110\207\024\254\343\303\236\220\140\072\327\312\211\356\323 +\255\214\264\120\146\060\020\006\011\053\006\001\004\001\202\067 +\025\001\004\003\002\001\000\060\012\006\010\052\206\110\316\075 +\004\003\003\003\150\000\060\145\002\060\046\307\151\133\334\325 +\347\262\347\310\014\214\214\303\335\171\214\033\143\325\311\122 +\224\116\115\202\112\163\036\262\200\204\251\045\300\114\132\155 +\111\051\140\170\023\342\176\110\353\144\002\061\000\333\064\040 +\062\010\377\232\111\002\266\210\336\024\257\135\154\231\161\215 +\032\077\213\327\340\242\066\206\034\007\202\072\166\123\375\302 +\242\355\357\173\260\200\117\130\017\113\123\071\275 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "D-TRUST Root CA 3 2013" -# Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE -# Serial Number: 1039788 (0xfddac) -# Subject: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE -# Not Valid Before: Fri Sep 20 08:25:51 2013 -# Not Valid After : Wed Sep 20 08:25:51 2028 -# Fingerprint (SHA-256): A1:A8:6D:04:12:1E:B8:7F:02:7C:66:F5:33:03:C2:8E:57:39:F9:43:FC:84:B3:8A:D6:AF:00:90:35:DD:94:57 -# Fingerprint (SHA1): 6C:7C:CC:E7:D4:AE:51:5F:99:08:CD:3F:F6:E8:C3:78:DF:6F:EF:97 +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "OISTE WISeKey Global Root GC CA" +# Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Serial Number:21:2a:56:0c:ae:da:0c:ab:40:45:bf:2b:a2:2d:3a:ea +# Subject: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Not Valid Before: Tue May 09 09:48:34 2017 +# Not Valid After : Fri May 09 09:58:33 2042 +# Fingerprint (SHA-256): 85:60:F9:1C:36:24:DA:BA:95:70:B5:FE:A0:DB:E3:6F:F1:1A:83:23:BE:94:86:85:4F:B3:F3:4A:55:71:19:8D +# Fingerprint (SHA1): E0:11:84:5E:34:DE:BE:88:81:B9:9C:F6:16:26:D1:96:1F:C3:B9:31 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "D-TRUST Root CA 3 2013" +CKA_LABEL UTF8 "OISTE WISeKey Global Root GC CA" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\154\174\314\347\324\256\121\137\231\010\315\077\366\350\303\170 -\337\157\357\227 +\340\021\204\136\064\336\276\210\201\271\234\366\026\046\321\226 +\037\303\271\061 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\267\042\146\230\176\326\003\340\301\161\346\165\315\126\105\277 +\251\326\271\055\057\223\144\370\245\151\312\221\351\150\007\043 END CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003\014 -\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103\101 -\040\063\040\062\060\061\063 +\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 +\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 +\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 +\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 +\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 +\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 +\157\142\141\154\040\122\157\157\164\040\107\103\040\103\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\017\335\254 +\002\020\041\052\126\014\256\332\014\253\100\105\277\053\242\055 +\072\352 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" +# Certificate "GTS Root R1" # -# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR -# Serial Number: 1 (0x1) -# Subject: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR -# Not Valid Before: Mon Nov 25 08:25:55 2013 -# Not Valid After : Sun Oct 25 08:25:55 2043 -# Fingerprint (SHA-256): 46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16 -# Fingerprint (SHA1): 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA +# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1 +# Subject: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72 +# Fingerprint (SHA1): E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" +CKA_LABEL UTF8 "GTS Root R1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145 -\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003 -\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154 -\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157 -\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165 -\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055 -\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145 -\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153 -\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060 -\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040 -\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040 -\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165 -\162\165\155\040\061 +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145 -\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003 -\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154 -\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157 -\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165 -\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055 -\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145 -\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153 -\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060 -\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040 -\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040 -\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165 -\162\165\155\040\061 +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 +\002\020\156\107\251\305\113\107\014\015\354\063\320\211\271\034 +\364\341 END CKA_VALUE MULTILINE_OCTAL -\060\202\004\143\060\202\003\113\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122\061 -\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145\040 -\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003\125 -\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154\151 -\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157\152 -\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165\162 -\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055\060 -\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145\162 -\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145 -\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060\064 -\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040\113 -\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040\123 -\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165\162 -\165\155\040\061\060\036\027\015\061\063\061\061\062\065\060\070 -\062\065\065\065\132\027\015\064\063\061\060\062\065\060\070\062 -\065\065\065\132\060\201\322\061\013\060\011\006\003\125\004\006 -\023\002\124\122\061\030\060\026\006\003\125\004\007\023\017\107 -\145\142\172\145\040\055\040\113\157\143\141\145\154\151\061\102 -\060\100\006\003\125\004\012\023\071\124\165\162\153\151\171\145 -\040\102\151\154\151\155\163\145\154\040\166\145\040\124\145\153 -\156\157\154\157\152\151\153\040\101\162\141\163\164\151\162\155 -\141\040\113\165\162\165\155\165\040\055\040\124\125\102\111\124 -\101\113\061\055\060\053\006\003\125\004\013\023\044\113\141\155 -\165\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040 -\115\145\162\153\145\172\151\040\055\040\113\141\155\165\040\123 -\115\061\066\060\064\006\003\125\004\003\023\055\124\125\102\111 -\124\101\113\040\113\141\155\165\040\123\115\040\123\123\114\040 -\113\157\153\040\123\145\162\164\151\146\151\153\141\163\151\040 -\055\040\123\165\162\165\155\040\061\060\202\001\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 -\000\060\202\001\012\002\202\001\001\000\257\165\060\063\252\273 -\153\323\231\054\022\067\204\331\215\173\227\200\323\156\347\377 -\233\120\225\076\220\225\126\102\327\031\174\046\204\215\222\372 -\001\035\072\017\342\144\070\267\214\274\350\210\371\213\044\253 -\056\243\365\067\344\100\216\030\045\171\203\165\037\073\377\154 -\250\305\306\126\370\264\355\212\104\243\253\154\114\374\035\320 -\334\357\150\275\317\344\252\316\360\125\367\242\064\324\203\153 -\067\174\034\302\376\265\003\354\127\316\274\264\265\305\355\000 -\017\123\067\052\115\364\117\014\203\373\206\317\313\376\214\116 -\275\207\371\247\213\041\127\234\172\337\003\147\211\054\235\227 -\141\247\020\270\125\220\177\016\055\047\070\164\337\347\375\332 -\116\022\343\115\025\042\002\310\340\340\374\017\255\212\327\311 -\124\120\314\073\017\312\026\200\204\320\121\126\303\216\126\177 -\211\042\063\057\346\205\012\275\245\250\033\066\336\323\334\054 -\155\073\307\023\275\131\043\054\346\345\244\367\330\013\355\352 -\220\100\104\250\225\273\223\325\320\200\064\266\106\170\016\037 -\000\223\106\341\356\351\371\354\117\027\002\003\001\000\001\243 -\102\060\100\060\035\006\003\125\035\016\004\026\004\024\145\077 -\307\212\206\306\074\335\074\124\134\065\370\072\355\122\014\107 -\127\310\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\001\001\000\052\077\341\361\062\216\256\341\230 -\134\113\136\317\153\036\152\011\322\042\251\022\307\136\127\175 -\163\126\144\200\204\172\223\344\011\271\020\315\237\052\047\341 -\000\167\276\110\310\065\250\201\237\344\270\054\311\177\016\260 -\322\113\067\135\352\271\325\013\136\064\275\364\163\051\303\355 -\046\025\234\176\010\123\212\130\215\320\113\050\337\301\263\337 -\040\363\371\343\343\072\337\314\234\224\330\116\117\303\153\027 -\267\367\162\350\255\146\063\265\045\123\253\340\370\114\251\235 -\375\362\015\272\256\271\331\252\306\153\371\223\273\256\253\270 -\227\074\003\032\272\103\306\226\271\105\162\070\263\247\241\226 -\075\221\173\176\300\041\123\114\207\355\362\013\124\225\121\223 -\325\042\245\015\212\361\223\016\076\124\016\260\330\311\116\334 -\362\061\062\126\352\144\371\352\265\235\026\146\102\162\363\177 -\323\261\061\103\374\244\216\027\361\155\043\253\224\146\370\255 -\373\017\010\156\046\055\177\027\007\011\262\214\373\120\300\237 -\226\215\317\266\375\000\235\132\024\232\277\002\104\365\301\302 -\237\042\136\242\017\241\343 +\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\156 +\107\251\305\113\107\014\015\354\063\320\211\271\034\364\341\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\107 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\042\060 +\040\006\003\125\004\012\023\031\107\157\157\147\154\145\040\124 +\162\165\163\164\040\123\145\162\166\151\143\145\163\040\114\114 +\103\061\024\060\022\006\003\125\004\003\023\013\107\124\123\040 +\122\157\157\164\040\122\061\060\036\027\015\061\066\060\066\062 +\062\060\060\060\060\060\060\132\027\015\063\066\060\066\062\062 +\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 +\004\006\023\002\125\123\061\042\060\040\006\003\125\004\012\023 +\031\107\157\157\147\154\145\040\124\162\165\163\164\040\123\145 +\162\166\151\143\145\163\040\114\114\103\061\024\060\022\006\003 +\125\004\003\023\013\107\124\123\040\122\157\157\164\040\122\061 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\266\021\002\213\036\343\241\167\233\073\334\277\224\076\267 +\225\247\100\074\241\375\202\371\175\062\006\202\161\366\366\214 +\177\373\350\333\274\152\056\227\227\243\214\113\371\053\366\261 +\371\316\204\035\261\371\305\227\336\357\271\362\243\351\274\022 +\211\136\247\252\122\253\370\043\047\313\244\261\234\143\333\327 +\231\176\360\012\136\353\150\246\364\306\132\107\015\115\020\063 +\343\116\261\023\243\310\030\154\113\354\374\011\220\337\235\144 +\051\045\043\007\241\264\322\075\056\140\340\317\322\011\207\273 +\315\110\360\115\302\302\172\210\212\273\272\317\131\031\326\257 +\217\260\007\260\236\061\361\202\301\300\337\056\246\155\154\031 +\016\265\330\176\046\032\105\003\075\260\171\244\224\050\255\017 +\177\046\345\250\010\376\226\350\074\150\224\123\356\203\072\210 +\053\025\226\011\262\340\172\214\056\165\326\234\353\247\126\144 +\217\226\117\150\256\075\227\302\204\217\300\274\100\300\013\134 +\275\366\207\263\065\154\254\030\120\177\204\340\114\315\222\323 +\040\351\063\274\122\231\257\062\265\051\263\045\052\264\110\371 +\162\341\312\144\367\346\202\020\215\350\235\302\212\210\372\070 +\146\212\374\143\371\001\371\170\375\173\134\167\372\166\207\372 +\354\337\261\016\171\225\127\264\275\046\357\326\001\321\353\026 +\012\273\216\013\265\305\305\212\125\253\323\254\352\221\113\051 +\314\031\244\062\045\116\052\361\145\104\320\002\316\252\316\111 +\264\352\237\174\203\260\100\173\347\103\253\247\154\243\217\175 +\211\201\372\114\245\377\325\216\303\316\113\340\265\330\263\216 +\105\317\166\300\355\100\053\375\123\017\260\247\325\073\015\261 +\212\242\003\336\061\255\314\167\352\157\173\076\326\337\221\042 +\022\346\276\372\330\062\374\020\143\024\121\162\336\135\326\026 +\223\275\051\150\063\357\072\146\354\007\212\046\337\023\327\127 +\145\170\047\336\136\111\024\000\242\000\177\232\250\041\266\251 +\261\225\260\245\271\015\026\021\332\307\154\110\074\100\340\176 +\015\132\315\126\074\321\227\005\271\313\113\355\071\113\234\304 +\077\322\125\023\156\044\260\326\161\372\364\301\272\314\355\033 +\365\376\201\101\330\000\230\075\072\310\256\172\230\067\030\005 +\225\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 +\035\016\004\026\004\024\344\257\053\046\161\032\053\110\047\205 +\057\122\146\054\357\360\211\023\161\076\060\015\006\011\052\206 +\110\206\367\015\001\001\014\005\000\003\202\002\001\000\070\226 +\012\356\075\264\226\036\137\357\235\234\013\063\237\053\340\312 +\375\322\216\012\037\101\164\245\174\252\204\324\345\362\036\346 +\067\122\062\234\013\321\141\035\277\050\301\266\104\051\065\165 +\167\230\262\174\331\275\164\254\212\150\343\251\061\011\051\001 +\140\163\343\107\174\123\250\220\112\047\357\113\327\237\223\347 +\202\066\316\232\150\014\202\347\317\324\020\026\157\137\016\231 +\134\366\037\161\175\357\357\173\057\176\352\066\326\227\160\013 +\025\356\327\134\126\152\063\245\343\111\070\014\270\175\373\215 +\205\244\261\131\136\364\152\341\335\241\366\144\104\256\346\121 +\203\041\146\306\021\076\363\316\107\356\234\050\037\045\332\377 +\254\146\225\335\065\017\134\357\040\054\142\375\221\272\251\314 +\374\132\234\223\201\203\051\227\112\174\132\162\264\071\320\267 +\167\313\171\375\151\072\222\067\355\156\070\145\106\176\351\140 +\275\171\210\227\137\070\022\364\356\257\133\202\310\206\325\341 +\231\155\214\004\362\166\272\111\366\156\351\155\036\137\240\357 +\047\202\166\100\370\246\323\130\134\017\054\102\332\102\306\173 +\210\064\307\301\330\105\233\301\076\305\141\035\331\143\120\111 +\366\064\205\152\340\030\305\156\107\253\101\102\051\233\366\140 +\015\322\061\323\143\230\043\223\132\000\201\110\264\357\315\212 +\315\311\317\231\356\331\236\252\066\341\150\113\161\111\024\066 +\050\072\075\035\316\232\217\045\346\200\161\141\053\265\173\314 +\371\045\026\201\341\061\137\241\243\176\026\244\234\026\152\227 +\030\275\166\162\245\013\236\035\066\346\057\241\057\276\160\221 +\017\250\346\332\370\304\222\100\154\045\176\173\263\011\334\262 +\027\255\200\104\360\150\245\217\224\165\377\164\132\350\250\002 +\174\014\011\342\251\113\013\240\205\013\142\271\357\241\061\222 +\373\357\366\121\004\211\154\350\251\164\241\273\027\263\265\375 +\111\017\174\074\354\203\030\040\103\116\325\223\272\264\064\261 +\037\026\066\037\014\346\144\071\026\114\334\340\376\035\310\251 +\142\075\100\352\312\305\064\002\264\256\211\210\063\065\334\054 +\023\163\330\047\361\320\162\356\165\073\042\336\230\150\146\133 +\361\306\143\107\125\034\272\245\010\121\165\246\110\045 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" -# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR -# Serial Number: 1 (0x1) -# Subject: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR -# Not Valid Before: Mon Nov 25 08:25:55 2013 -# Not Valid After : Sun Oct 25 08:25:55 2043 -# Fingerprint (SHA-256): 46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16 -# Fingerprint (SHA1): 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "GTS Root R1" +# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1 +# Subject: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72 +# Fingerprint (SHA1): E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" +CKA_LABEL UTF8 "GTS Root R1" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\061\103\144\233\354\316\047\354\355\072\077\013\217\015\344\350 -\221\335\356\312 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\334\000\201\334\151\057\076\057\260\073\366\075\132\221\216\111 +\341\311\120\346\357\042\370\114\126\105\162\213\222\040\140\327 +\325\247\243\350 END -CKA_ISSUER MULTILINE_OCTAL -\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145 -\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003 -\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154 -\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157 -\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165 -\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055 -\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145 -\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153 -\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060 -\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040 -\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040 -\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165 -\162\165\155\040\061 +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\202\032\357\324\322\112\362\237\342\075\227\006\024\160\162\205 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 +\002\020\156\107\251\305\113\107\014\015\354\063\320\211\271\034 +\364\341 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST @@ -22181,167 +21775,162 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "GDCA TrustAUTH R5 ROOT" +# Certificate "GTS Root R2" # -# Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN -# Serial Number:7d:09:97:fe:f0:47:ea:7a -# Subject: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN -# Not Valid Before: Wed Nov 26 05:13:15 2014 -# Not Valid After : Mon Dec 31 15:59:59 2040 -# Fingerprint (SHA-256): BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93 -# Fingerprint (SHA1): 0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4 +# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f +# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60 +# Fingerprint (SHA1): D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GDCA TrustAUTH R5 ROOT" +CKA_LABEL UTF8 "GTS Root R2" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040 -\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105 -\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114 -\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104 -\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040 -\122\117\117\124 +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040 -\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105 -\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114 -\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104 -\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040 -\122\117\117\124 +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\175\011\227\376\360\107\352\172 +\002\020\156\107\251\306\132\263\347\040\305\060\232\077\150\122 +\362\157 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\210\060\202\003\160\240\003\002\001\002\002\010\175 -\011\227\376\360\107\352\172\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\142\061\013\060\011\006\003\125\004 -\006\023\002\103\116\061\062\060\060\006\003\125\004\012\014\051 -\107\125\101\116\107\040\104\117\116\107\040\103\105\122\124\111 -\106\111\103\101\124\105\040\101\125\124\110\117\122\111\124\131 -\040\103\117\056\054\114\124\104\056\061\037\060\035\006\003\125 -\004\003\014\026\107\104\103\101\040\124\162\165\163\164\101\125 -\124\110\040\122\065\040\122\117\117\124\060\036\027\015\061\064 -\061\061\062\066\060\065\061\063\061\065\132\027\015\064\060\061 -\062\063\061\061\065\065\071\065\071\132\060\142\061\013\060\011 -\006\003\125\004\006\023\002\103\116\061\062\060\060\006\003\125 -\004\012\014\051\107\125\101\116\107\040\104\117\116\107\040\103 -\105\122\124\111\106\111\103\101\124\105\040\101\125\124\110\117 -\122\111\124\131\040\103\117\056\054\114\124\104\056\061\037\060 -\035\006\003\125\004\003\014\026\107\104\103\101\040\124\162\165 -\163\164\101\125\124\110\040\122\065\040\122\117\117\124\060\202 -\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\331 -\243\026\360\310\164\164\167\233\357\063\015\073\006\176\125\374 -\265\140\217\166\206\022\102\175\126\146\076\210\202\355\162\143 -\016\236\213\335\064\054\002\121\121\303\031\375\131\124\204\311 -\361\153\263\114\260\351\350\106\135\070\306\242\247\056\021\127 -\272\202\025\242\234\217\155\260\231\112\012\362\353\211\160\143 -\116\171\304\267\133\275\242\135\261\362\101\002\053\255\251\072 -\243\354\171\012\354\137\072\343\375\357\200\074\255\064\233\032 -\253\210\046\173\126\242\202\206\037\353\065\211\203\177\137\256 -\051\116\075\266\156\354\256\301\360\047\233\256\343\364\354\357 -\256\177\367\206\075\162\172\353\245\373\131\116\247\353\225\214 -\042\071\171\341\055\010\217\314\274\221\270\101\367\024\301\043 -\251\303\255\232\105\104\263\262\327\054\315\306\051\342\120\020 -\256\134\313\202\216\027\030\066\175\227\346\210\232\260\115\064 -\011\364\054\271\132\146\052\260\027\233\236\036\166\235\112\146 -\061\101\337\077\373\305\006\357\033\266\176\032\106\066\367\144 -\143\073\343\071\030\043\347\147\165\024\325\165\127\222\067\275 -\276\152\033\046\120\362\066\046\006\220\305\160\001\144\155\166 -\146\341\221\333\156\007\300\141\200\056\262\056\057\214\160\247 -\321\073\074\263\221\344\156\266\304\073\160\362\154\222\227\011 -\315\107\175\030\300\363\273\236\017\326\213\256\007\266\132\017 -\316\013\014\107\247\345\076\270\275\175\307\233\065\240\141\227 -\072\101\165\027\314\053\226\167\052\222\041\036\331\225\166\040 -\147\150\317\015\275\337\326\037\011\152\232\342\314\163\161\244 -\057\175\022\200\267\123\060\106\136\113\124\231\017\147\311\245 -\310\362\040\301\202\354\235\021\337\302\002\373\032\073\321\355 -\040\232\357\145\144\222\020\015\052\342\336\160\361\030\147\202 -\214\141\336\270\274\321\057\234\373\017\320\053\355\033\166\271 -\344\071\125\370\370\241\035\270\252\200\000\114\202\347\262\177 -\011\270\274\060\240\057\015\365\122\236\216\367\222\263\012\000 -\035\000\124\227\006\340\261\007\331\307\017\134\145\175\074\155 -\131\127\344\355\245\215\351\100\123\237\025\113\240\161\366\032 -\041\343\332\160\006\041\130\024\207\205\167\171\252\202\171\002 -\003\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004 -\026\004\024\342\311\100\237\115\316\350\232\241\174\317\016\077 -\145\305\051\210\152\031\121\060\017\006\003\125\035\023\001\001 -\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001 -\001\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\003\202\002\001\000\321\111\127\340 -\247\314\150\130\272\001\017\053\031\315\215\260\141\105\254\021 -\355\143\120\151\370\037\177\276\026\217\375\235\353\013\252\062 -\107\166\322\147\044\355\275\174\063\062\227\052\307\005\206\146 -\015\027\175\024\025\033\324\353\375\037\232\366\136\227\151\267 -\032\045\244\012\263\221\077\137\066\254\213\354\127\250\076\347 -\201\212\030\127\071\205\164\032\102\307\351\133\023\137\217\371 -\010\351\222\164\215\365\107\322\253\073\326\373\170\146\116\066 -\175\371\351\222\351\004\336\375\111\143\374\155\373\024\161\223 -\147\057\107\112\267\271\377\036\052\163\160\106\060\277\132\362 -\057\171\245\341\215\014\331\371\262\143\067\214\067\145\205\160 -\152\134\133\011\162\271\255\143\074\261\335\370\374\062\277\067 -\206\344\273\216\230\047\176\272\037\026\341\160\021\362\003\337 -\045\142\062\047\046\030\062\204\237\377\000\072\023\272\232\115 -\364\117\270\024\160\042\261\312\053\220\316\051\301\160\364\057 -\235\177\362\220\036\326\132\337\267\106\374\346\206\372\313\340 -\040\166\172\272\246\313\365\174\336\142\245\261\213\356\336\202 -\146\212\116\072\060\037\077\200\313\255\047\272\014\136\327\320 -\261\126\312\167\161\262\265\165\241\120\251\100\103\027\302\050 -\331\317\122\213\133\310\143\324\102\076\240\063\172\106\056\367 -\012\040\106\124\176\152\117\061\361\201\176\102\164\070\145\163 -\047\356\306\174\270\216\327\245\072\327\230\241\234\214\020\125 -\323\333\113\354\100\220\362\315\156\127\322\142\016\174\127\223 -\261\247\155\315\235\203\273\052\347\345\266\073\161\130\255\375 -\321\105\274\132\221\356\123\025\157\323\105\011\165\156\272\220 -\135\036\004\317\067\337\036\250\146\261\214\346\040\152\357\374 -\110\116\164\230\102\257\051\157\056\152\307\373\175\321\146\061 -\042\314\206\000\176\146\203\014\102\364\275\064\222\303\032\352 -\117\312\176\162\115\013\160\214\246\110\273\246\241\024\366\373 -\130\104\231\024\256\252\013\223\151\240\051\045\112\245\313\053 -\335\212\146\007\026\170\025\127\161\033\354\365\107\204\363\236 -\061\067\172\325\177\044\255\344\274\375\375\314\156\203\350\014 -\250\267\101\154\007\335\275\074\206\227\057\322 +\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\156 +\107\251\306\132\263\347\040\305\060\232\077\150\122\362\157\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\107 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\042\060 +\040\006\003\125\004\012\023\031\107\157\157\147\154\145\040\124 +\162\165\163\164\040\123\145\162\166\151\143\145\163\040\114\114 +\103\061\024\060\022\006\003\125\004\003\023\013\107\124\123\040 +\122\157\157\164\040\122\062\060\036\027\015\061\066\060\066\062 +\062\060\060\060\060\060\060\132\027\015\063\066\060\066\062\062 +\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 +\004\006\023\002\125\123\061\042\060\040\006\003\125\004\012\023 +\031\107\157\157\147\154\145\040\124\162\165\163\164\040\123\145 +\162\166\151\143\145\163\040\114\114\103\061\024\060\022\006\003 +\125\004\003\023\013\107\124\123\040\122\157\157\164\040\122\062 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\316\336\375\246\373\354\354\024\064\074\007\006\132\154\131 +\367\031\065\335\367\301\235\125\252\323\315\073\244\223\162\357 +\012\372\155\235\366\360\205\200\133\241\110\122\237\071\305\267 +\356\050\254\357\313\166\150\024\271\337\255\001\154\231\037\304 +\042\035\237\376\162\167\340\054\133\257\344\004\277\117\162\240 +\032\064\230\350\071\150\354\225\045\173\166\241\346\151\271\205 +\031\275\211\214\376\255\355\066\352\163\274\377\203\342\313\175 +\301\322\316\112\263\215\005\236\213\111\223\337\301\133\320\156 +\136\360\056\060\056\202\374\372\274\264\027\012\110\345\210\233 +\305\233\153\336\260\312\264\003\360\332\364\220\270\145\144\367 +\134\114\255\350\176\146\136\231\327\270\302\076\310\320\023\235 +\255\356\344\105\173\211\125\367\212\037\142\122\204\022\263\302 +\100\227\343\212\037\107\221\246\164\132\322\370\261\143\050\020 +\270\263\011\270\126\167\100\242\046\230\171\306\376\337\045\356 +\076\345\240\177\324\141\017\121\113\074\077\214\332\341\160\164 +\330\302\150\241\371\301\014\351\241\342\177\273\125\074\166\006 +\356\152\116\314\222\210\060\115\232\275\117\013\110\232\204\265 +\230\243\325\373\163\301\127\141\335\050\126\165\023\256\207\216 +\347\014\121\011\020\165\210\114\274\215\371\173\074\324\042\110 +\037\052\334\353\153\273\104\261\313\063\161\062\106\257\255\112 +\361\214\350\164\072\254\347\032\042\163\200\322\060\367\045\102 +\307\042\073\073\022\255\226\056\306\303\166\007\252\040\267\065 +\111\127\351\222\111\350\166\026\162\061\147\053\226\176\212\243 +\307\224\126\042\277\152\113\176\001\041\262\043\062\337\344\232 +\104\155\131\133\135\365\000\240\034\233\306\170\227\215\220\377 +\233\310\252\264\257\021\121\071\136\331\373\147\255\325\133\021 +\235\062\232\033\275\325\272\133\245\311\313\045\151\123\125\047 +\134\340\312\066\313\210\141\373\036\267\320\313\356\026\373\323 +\246\114\336\222\245\324\342\337\365\006\124\336\056\235\113\264 +\223\060\252\201\316\335\032\334\121\163\015\117\160\351\345\266 +\026\041\031\171\262\346\211\013\165\144\312\325\253\274\011\301 +\030\241\377\324\124\241\205\074\375\024\044\003\262\207\323\244 +\267\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 +\035\016\004\026\004\024\273\377\312\216\043\237\117\231\312\333 +\342\150\246\245\025\047\027\036\331\016\060\015\006\011\052\206 +\110\206\367\015\001\001\014\005\000\003\202\002\001\000\266\151 +\360\246\167\376\236\356\013\201\255\341\300\251\307\371\065\035 +\100\202\253\346\004\264\337\313\367\035\017\203\360\176\023\115 +\215\214\356\343\063\042\303\071\374\100\337\156\101\113\102\123 +\276\026\210\361\322\070\136\304\150\231\034\230\122\223\214\347 +\150\355\033\152\163\172\005\100\115\177\145\073\326\130\361\316 +\203\107\140\343\377\227\251\234\140\167\030\125\265\176\010\223 +\317\320\366\074\147\003\025\141\011\371\201\171\365\354\123\244 +\237\311\217\001\213\163\304\167\166\334\203\242\365\014\111\032 +\250\166\336\222\233\144\370\263\054\305\047\323\007\300\010\200 +\244\230\222\343\001\226\002\252\002\356\217\073\305\321\155\012 +\063\060\163\170\271\117\124\026\277\013\007\241\244\134\346\313 +\311\134\204\217\017\340\025\167\054\176\046\176\332\304\113\333 +\247\026\167\007\260\315\165\350\162\102\326\225\204\235\206\203 +\362\344\220\315\011\107\324\213\003\160\332\132\306\003\102\364 +\355\067\242\360\033\120\124\113\016\330\204\336\031\050\231\201 +\107\256\011\033\077\110\321\303\157\342\260\140\027\365\356\043 +\002\245\332\000\133\155\220\253\356\242\351\033\073\351\307\104 +\047\105\216\153\237\365\244\204\274\167\371\153\227\254\076\121 +\105\242\021\246\314\205\356\012\150\362\076\120\070\172\044\142 +\036\027\040\067\155\152\115\267\011\233\311\374\244\130\365\266 +\373\234\116\030\273\225\002\347\241\255\233\007\356\066\153\044 +\322\071\206\301\223\203\120\322\201\106\250\137\142\127\054\273 +\154\144\210\010\156\357\023\124\137\335\055\304\147\143\323\317 +\211\067\277\235\040\364\373\172\203\233\240\036\201\000\120\302 +\344\014\042\131\122\020\355\103\126\207\000\370\024\122\247\035 +\213\223\214\242\115\106\177\047\306\161\233\044\336\344\332\206 +\213\015\176\153\040\301\300\236\341\145\330\152\243\246\350\205 +\213\072\007\010\034\272\365\217\125\232\030\165\176\345\354\201 +\146\321\041\163\241\065\104\013\200\075\133\234\136\157\052\027 +\226\321\203\043\210\146\155\346\206\342\160\062\057\122\042\347 +\310\347\177\304\054\140\135\057\303\257\236\105\005\303\204\002 +\267\375\054\010\122\117\202\335\243\360\324\206\011\002 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "GDCA TrustAUTH R5 ROOT" -# Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN -# Serial Number:7d:09:97:fe:f0:47:ea:7a -# Subject: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN -# Not Valid Before: Wed Nov 26 05:13:15 2014 -# Not Valid After : Mon Dec 31 15:59:59 2040 -# Fingerprint (SHA-256): BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93 -# Fingerprint (SHA1): 0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4 +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "GTS Root R2" +# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f +# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60 +# Fingerprint (SHA1): D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GDCA TrustAUTH R5 ROOT" +CKA_LABEL UTF8 "GTS Root R2" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\017\066\070\133\201\032\045\303\233\061\116\203\312\351\064\146 -\160\314\164\264 +\322\163\226\052\052\136\071\237\163\077\341\307\036\144\077\003 +\070\064\374\115 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\143\314\331\075\064\065\134\157\123\243\342\010\160\110\037\264 +\104\355\232\016\244\011\073\000\362\256\114\243\306\141\260\213 END CKA_ISSUER MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040 -\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105 -\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114 -\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104 -\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040 -\122\117\117\124 +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\175\011\227\376\360\107\352\172 +\002\020\156\107\251\306\132\263\347\040\305\060\232\077\150\122 +\362\157 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST @@ -22349,681 +21938,723 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TrustCor RootCert CA-1" +# Certificate "GTS Root R3" # -# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:da:9b:ec:71:f3:03:b0:19 -# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:16 2016 -# Not Valid After : Mon Dec 31 17:23:16 2029 -# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C -# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A +# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d +# Subject: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5 +# Fingerprint (SHA1): 30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\332\233\354\161\363\003\260\031 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\060\060\202\003\030\240\003\002\001\002\002\011\000 -\332\233\354\161\363\003\260\031\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003 -\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010 -\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004 -\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044 -\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157 -\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040 -\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124 -\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060 -\035\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162 -\040\122\157\157\164\103\145\162\164\040\103\101\055\061\060\036 -\027\015\061\066\060\062\060\064\061\062\063\062\061\066\132\027 -\015\062\071\061\062\063\061\061\067\062\063\061\066\132\060\201 -\244\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017 -\060\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061 -\024\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141 -\040\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033 -\124\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163 -\040\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006 -\003\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103 -\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 -\162\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124 -\162\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164 -\040\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\277\216\267\225\342\302\046\022\153\063 -\031\307\100\130\012\253\131\252\215\000\243\374\200\307\120\173 -\216\324\040\046\272\062\022\330\043\124\111\045\020\042\230\235 -\106\322\301\311\236\116\033\056\054\016\070\363\032\045\150\034 -\246\132\005\346\036\213\110\277\230\226\164\076\151\312\351\265 -\170\245\006\274\325\000\136\011\012\362\047\172\122\374\055\325 -\261\352\264\211\141\044\363\032\023\333\251\317\122\355\014\044 -\272\271\236\354\176\000\164\372\223\255\154\051\222\256\121\264 -\273\323\127\277\263\363\250\215\234\364\044\113\052\326\231\236 -\364\236\376\300\176\102\072\347\013\225\123\332\267\150\016\220 -\114\373\160\077\217\112\054\224\363\046\335\143\151\251\224\330 -\020\116\305\107\010\220\231\033\027\115\271\154\156\357\140\225 -\021\216\041\200\265\275\240\163\330\320\262\167\304\105\352\132 -\046\373\146\166\166\370\006\037\141\155\017\125\305\203\267\020 -\126\162\006\007\245\363\261\032\003\005\144\016\235\132\212\326 -\206\160\033\044\336\376\050\212\053\320\152\260\374\172\242\334 -\262\171\016\213\145\017\002\003\001\000\001\243\143\060\141\060 -\035\006\003\125\035\016\004\026\004\024\356\153\111\074\172\077 -\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060\037 -\006\003\125\035\043\004\030\060\026\200\024\356\153\111\074\172 -\077\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\001\001\000\045\030\324\221\217\023\356\217\036\035\021\123 -\332\055\104\051\031\240\036\153\061\236\115\016\236\255\075\134 -\101\157\225\053\044\241\171\230\072\070\066\373\273\146\236\110 -\377\220\220\357\075\324\270\233\264\207\165\077\040\233\316\162 -\317\241\125\301\115\144\242\031\006\241\007\063\014\013\051\345 -\361\352\253\243\354\265\012\164\220\307\175\162\362\327\134\237 -\221\357\221\213\267\334\355\146\242\317\216\146\073\274\237\072 -\002\340\047\335\026\230\300\225\324\012\244\344\201\232\165\224 -\065\234\220\137\210\067\006\255\131\225\012\260\321\147\323\031 -\312\211\347\062\132\066\034\076\202\250\132\223\276\306\320\144 -\221\266\317\331\266\030\317\333\176\322\145\243\246\304\216\027 -\061\301\373\176\166\333\323\205\343\130\262\167\172\166\073\154 -\057\120\034\347\333\366\147\171\037\365\202\225\232\007\247\024 -\257\217\334\050\041\147\011\322\326\115\132\034\031\034\216\167 -\134\303\224\044\075\062\153\113\176\324\170\224\203\276\067\115 -\316\137\307\036\116\074\340\211\063\225\013\017\245\062\326\074 -\132\171\054\031 +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\307\154\251\163\044\100\211\017\003\125\335 +\215\035 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\014\060\202\001\221\240\003\002\001\002\002\020\156 +\107\251\307\154\251\163\044\100\211\017\003\125\335\215\035\060 +\012\006\010\052\206\110\316\075\004\003\003\060\107\061\013\060 +\011\006\003\125\004\006\023\002\125\123\061\042\060\040\006\003 +\125\004\012\023\031\107\157\157\147\154\145\040\124\162\165\163 +\164\040\123\145\162\166\151\143\145\163\040\114\114\103\061\024 +\060\022\006\003\125\004\003\023\013\107\124\123\040\122\157\157 +\164\040\122\063\060\036\027\015\061\066\060\066\062\062\060\060 +\060\060\060\060\132\027\015\063\066\060\066\062\062\060\060\060 +\060\060\060\132\060\107\061\013\060\011\006\003\125\004\006\023 +\002\125\123\061\042\060\040\006\003\125\004\012\023\031\107\157 +\157\147\154\145\040\124\162\165\163\164\040\123\145\162\166\151 +\143\145\163\040\114\114\103\061\024\060\022\006\003\125\004\003 +\023\013\107\124\123\040\122\157\157\164\040\122\063\060\166\060 +\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 +\042\003\142\000\004\037\117\063\207\063\051\212\241\204\336\313 +\307\041\130\101\211\352\126\235\053\113\205\306\035\114\047\274 +\177\046\121\162\157\342\237\326\243\312\314\105\024\106\213\255 +\357\176\206\214\354\261\176\057\377\251\161\235\030\204\105\004 +\101\125\156\053\352\046\177\273\220\001\343\113\031\272\344\124 +\226\105\011\261\325\154\221\104\255\204\023\216\232\214\015\200 +\014\062\366\340\047\243\102\060\100\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 +\016\004\026\004\024\301\361\046\272\240\055\256\205\201\317\323 +\361\052\022\275\270\012\147\375\274\060\012\006\010\052\206\110 +\316\075\004\003\003\003\151\000\060\146\002\061\000\200\133\244 +\174\043\300\225\245\054\334\276\211\157\043\271\243\335\145\000 +\122\136\221\254\310\235\162\164\202\123\013\175\251\100\275\150 +\140\305\341\270\124\073\301\066\027\045\330\301\275\002\061\000 +\236\065\222\164\205\045\121\365\044\354\144\122\044\120\245\037 +\333\350\313\311\166\354\354\202\156\365\205\030\123\350\270\343 +\232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "TrustCor RootCert CA-1" -# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:da:9b:ec:71:f3:03:b0:19 -# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:16 2016 -# Not Valid After : Mon Dec 31 17:23:16 2029 -# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C -# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "GTS Root R3" +# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d +# Subject: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5 +# Fingerprint (SHA1): 30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-1" +CKA_LABEL UTF8 "GTS Root R3" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\377\275\315\347\202\310\103\136\074\157\046\206\134\312\250\072 -\105\133\303\012 +\060\324\044\157\007\377\333\221\211\212\013\351\111\146\021\353 +\214\136\106\345 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\156\205\361\334\032\000\323\042\325\262\262\254\153\067\005\105 +\032\171\133\153\004\122\234\135\307\164\063\033\045\232\371\045 END CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\061 +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\332\233\354\161\363\003\260\031 +\002\020\156\107\251\307\154\251\163\044\100\211\017\003\125\335 +\215\035 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TrustCor RootCert CA-2" +# Certificate "GTS Root R4" # -# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:25:a1:df:ca:33:cb:59:02 -# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:23 2016 -# Not Valid After : Sun Dec 31 17:26:39 2034 -# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65 -# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0 +# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99 +# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD +# Fingerprint (SHA1): 2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-2" +CKA_LABEL UTF8 "GTS Root R4" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\062 +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\064 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\062 +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\045\241\337\312\063\313\131\002 +\002\020\156\107\251\310\213\224\266\350\273\073\052\330\242\262 +\301\231 END CKA_VALUE MULTILINE_OCTAL -\060\202\006\057\060\202\004\027\240\003\002\001\002\002\010\045 -\241\337\312\063\313\131\002\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003\125 -\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014 -\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007 -\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060 -\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162 -\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122 -\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162 -\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141 -\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060\035 -\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162\040 -\122\157\157\164\103\145\162\164\040\103\101\055\062\060\036\027 -\015\061\066\060\062\060\064\061\062\063\062\062\063\132\027\015 -\063\064\061\062\063\061\061\067\062\066\063\071\132\060\201\244 -\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017\060 -\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061\024 -\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141\040 -\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033\124 -\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163\040 -\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006\003 -\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103\145 -\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162 -\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124\162 -\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164\040 -\103\101\055\062\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\247\040\156\302\052\242\142\044\225\220\166 -\310\070\176\200\322\253\301\233\145\005\224\364\301\012\020\325 -\002\254\355\237\223\307\207\310\260\047\053\102\014\075\012\076 -\101\132\236\165\335\215\312\340\233\354\150\062\244\151\222\150 -\214\013\201\016\126\240\076\032\335\054\045\024\202\057\227\323 -\144\106\364\124\251\334\072\124\055\061\053\231\202\362\331\052 -\327\357\161\000\270\061\244\276\172\044\007\303\102\040\362\212 -\324\222\004\033\145\126\114\154\324\373\266\141\132\107\043\264 -\330\151\264\267\072\320\164\074\014\165\241\214\116\166\241\351 -\333\052\245\073\372\316\260\377\176\152\050\375\047\034\310\261 -\351\051\361\127\156\144\264\320\301\025\155\016\276\056\016\106 -\310\136\364\121\376\357\016\143\072\073\161\272\317\157\131\312 -\014\343\233\135\111\270\114\342\127\261\230\212\102\127\234\166 -\357\357\275\321\150\250\322\364\011\273\167\065\276\045\202\010 -\304\026\054\104\040\126\251\104\021\167\357\135\264\035\252\136 -\153\076\213\062\366\007\057\127\004\222\312\365\376\235\302\351 -\350\263\216\114\113\002\061\331\344\074\110\202\047\367\030\202 -\166\110\072\161\261\023\241\071\325\056\305\064\302\035\142\205 -\337\003\376\115\364\257\075\337\134\133\215\372\160\341\245\176 -\047\307\206\056\152\217\022\306\204\136\103\121\120\234\031\233 -\170\346\374\366\355\107\176\173\075\146\357\023\023\210\137\074 -\241\143\373\371\254\207\065\237\363\202\236\244\077\012\234\061 -\151\213\231\244\210\112\216\156\146\115\357\026\304\017\171\050 -\041\140\015\205\026\175\327\124\070\361\222\126\375\265\063\114 -\203\334\327\020\237\113\375\306\370\102\275\272\174\163\002\340 -\377\175\315\133\341\324\254\141\173\127\325\112\173\133\324\205 -\130\047\135\277\370\053\140\254\240\046\256\024\041\047\306\167 -\232\063\200\074\136\106\077\367\303\261\243\206\063\306\350\136 -\015\271\065\054\252\106\301\205\002\165\200\240\353\044\373\025 -\252\344\147\177\156\167\077\364\004\212\057\174\173\343\027\141 -\360\335\011\251\040\310\276\011\244\320\176\104\303\262\060\112 -\070\252\251\354\030\232\007\202\053\333\270\234\030\255\332\340 -\106\027\254\317\135\002\003\001\000\001\243\143\060\141\060\035 -\006\003\125\035\016\004\026\004\024\331\376\041\100\156\224\236 -\274\233\075\234\175\230\040\031\345\214\060\142\262\060\037\006 -\003\125\035\043\004\030\060\026\200\024\331\376\041\100\156\224 -\236\274\233\075\234\175\230\040\031\345\214\060\142\262\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 -\002\001\000\236\105\236\014\073\266\357\341\072\310\174\321\000 -\075\317\342\352\006\265\262\072\273\006\113\150\172\320\043\227 -\164\247\054\360\010\330\171\132\327\132\204\212\330\022\232\033 -\331\175\134\115\160\305\245\371\253\345\243\211\211\335\001\372 -\354\335\371\351\222\227\333\260\106\102\363\323\142\252\225\376 -\061\147\024\151\130\220\012\252\013\356\067\043\307\120\121\264 -\365\176\236\343\173\367\344\314\102\062\055\111\014\313\377\111 -\014\233\036\064\375\156\156\226\212\171\003\266\157\333\011\313 -\375\137\145\024\067\341\070\365\363\141\026\130\344\265\155\015 -\013\004\033\077\120\055\177\263\307\172\032\026\200\140\370\212 -\037\351\033\052\306\371\272\001\032\151\277\322\130\307\124\127 -\010\217\341\071\140\167\113\254\131\204\032\210\361\335\313\117 -\170\327\347\341\063\055\374\356\101\372\040\260\276\313\367\070 -\224\300\341\320\205\017\273\355\054\163\253\355\376\222\166\032 -\144\177\133\015\063\011\007\063\173\006\077\021\244\134\160\074 -\205\300\317\343\220\250\203\167\372\333\346\305\214\150\147\020 -\147\245\122\055\360\304\231\217\177\277\321\153\342\265\107\326 -\331\320\205\231\115\224\233\017\113\215\356\000\132\107\035\021 -\003\254\101\030\257\207\267\157\014\072\217\312\317\334\003\301 -\242\011\310\345\375\200\136\310\140\102\001\033\032\123\132\273 -\067\246\267\274\272\204\351\036\154\032\324\144\332\324\103\376 -\223\213\113\362\054\171\026\020\324\223\013\210\217\241\330\206 -\024\106\221\107\233\050\044\357\127\122\116\134\102\234\252\367 -\111\354\047\350\100\036\263\246\211\042\162\234\365\015\063\264 -\130\243\060\073\335\324\152\124\223\276\032\115\363\223\224\367 -\374\204\013\077\204\040\134\064\003\104\305\332\255\274\012\301 -\002\317\036\345\224\331\363\216\133\330\114\360\235\354\141\027 -\273\024\062\124\014\002\051\223\036\222\206\366\177\357\347\222 -\005\016\131\335\231\010\056\056\372\234\000\122\323\305\146\051 -\344\247\227\104\244\016\050\201\023\065\305\366\157\144\346\101 -\304\325\057\314\064\105\045\317\101\000\226\075\112\056\302\226 -\230\117\116\112\234\227\267\333\037\222\062\310\377\017\121\156 -\326\354\011 +\060\202\002\012\060\202\001\221\240\003\002\001\002\002\020\156 +\107\251\310\213\224\266\350\273\073\052\330\242\262\301\231\060 +\012\006\010\052\206\110\316\075\004\003\003\060\107\061\013\060 +\011\006\003\125\004\006\023\002\125\123\061\042\060\040\006\003 +\125\004\012\023\031\107\157\157\147\154\145\040\124\162\165\163 +\164\040\123\145\162\166\151\143\145\163\040\114\114\103\061\024 +\060\022\006\003\125\004\003\023\013\107\124\123\040\122\157\157 +\164\040\122\064\060\036\027\015\061\066\060\066\062\062\060\060 +\060\060\060\060\132\027\015\063\066\060\066\062\062\060\060\060 +\060\060\060\132\060\107\061\013\060\011\006\003\125\004\006\023 +\002\125\123\061\042\060\040\006\003\125\004\012\023\031\107\157 +\157\147\154\145\040\124\162\165\163\164\040\123\145\162\166\151 +\143\145\163\040\114\114\103\061\024\060\022\006\003\125\004\003 +\023\013\107\124\123\040\122\157\157\164\040\122\064\060\166\060 +\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 +\042\003\142\000\004\363\164\163\247\150\213\140\256\103\270\065 +\305\201\060\173\113\111\235\373\301\141\316\346\336\106\275\153 +\325\141\030\065\256\100\335\163\367\211\221\060\132\353\074\356 +\205\174\242\100\166\073\251\306\270\107\330\052\347\222\221\152 +\163\351\261\162\071\237\051\237\242\230\323\137\136\130\206\145 +\017\241\204\145\006\321\334\213\311\307\163\310\214\152\057\345 +\304\253\321\035\212\243\102\060\100\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 +\016\004\026\004\024\200\114\326\353\164\377\111\066\243\325\330 +\374\265\076\305\152\360\224\035\214\060\012\006\010\052\206\110 +\316\075\004\003\003\003\147\000\060\144\002\060\152\120\122\164 +\010\304\160\334\236\120\164\041\350\215\172\041\303\117\226\156 +\025\321\042\065\141\055\372\010\067\356\031\155\255\333\262\314 +\175\007\064\365\140\031\054\265\064\331\157\040\002\060\003\161 +\261\272\243\140\013\206\355\232\010\152\225\150\237\342\263\341 +\223\144\174\136\223\246\337\171\055\215\205\343\224\317\043\135 +\161\314\362\260\115\326\376\231\310\224\251\165\242\343 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "TrustCor RootCert CA-2" -# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:25:a1:df:ca:33:cb:59:02 -# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:23 2016 -# Not Valid After : Sun Dec 31 17:26:39 2034 -# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65 -# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0 +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "GTS Root R4" +# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99 +# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD +# Fingerprint (SHA1): 2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-2" +CKA_LABEL UTF8 "GTS Root R4" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\270\276\155\313\126\361\125\271\143\324\022\312\116\006\064\307 -\224\262\034\300 +\052\035\140\047\331\112\261\012\034\115\221\134\315\063\240\313 +\076\055\124\313 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\242\341\370\030\013\272\105\325\307\101\052\273\067\122\105\144 +\135\266\152\304\140\027\044\152\032\231\250\113\356\136\264\046 END CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\062 +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\045\241\337\312\063\313\131\002 +\002\020\156\107\251\310\213\224\266\350\273\073\052\330\242\262 +\301\231 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TrustCor ECA-1" +# Certificate "UCA Global G2 Root" # -# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:84:82:2c:5f:1c:62:d0:40 -# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:33 2016 -# Not Valid After : Mon Dec 31 17:28:07 2029 -# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C -# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD +# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Serial Number:5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef +# Subject: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 11 00:00:00 2016 +# Not Valid After : Mon Dec 31 00:00:00 2040 +# Fingerprint (SHA-256): 9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C +# Fingerprint (SHA1): 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor ECA-1" +CKA_LABEL UTF8 "UCA Global G2 Root" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 -\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 +\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 +\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 +\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\135\337\261\332\132\243\355\135\276\132\145\040\145\003 +\220\357 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\106\060\202\003\056\240\003\002\001\002\002\020\135 +\337\261\332\132\243\355\135\276\132\145\040\145\003\220\357\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\075 +\061\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060 +\017\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164 +\061\033\060\031\006\003\125\004\003\014\022\125\103\101\040\107 +\154\157\142\141\154\040\107\062\040\122\157\157\164\060\036\027 +\015\061\066\060\063\061\061\060\060\060\060\060\060\132\027\015 +\064\060\061\062\063\061\060\060\060\060\060\060\132\060\075\061 +\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060\017 +\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164\061 +\033\060\031\006\003\125\004\003\014\022\125\103\101\040\107\154 +\157\142\141\154\040\107\062\040\122\157\157\164\060\202\002\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\002\017\000\060\202\002\012\002\202\002\001\000\305\346\053 +\157\174\357\046\005\047\243\201\044\332\157\313\001\371\231\232 +\251\062\302\042\207\141\101\221\073\313\303\150\033\006\305\114 +\251\053\301\147\027\042\035\053\355\371\051\211\223\242\170\275 +\222\153\240\243\015\242\176\312\223\263\246\321\214\065\325\165 +\371\027\366\317\105\305\345\172\354\167\223\240\217\043\256\016 +\032\003\177\276\324\320\355\056\173\253\106\043\133\377\054\346 +\124\172\224\300\052\025\360\311\215\260\172\073\044\341\327\150 +\342\061\074\006\063\106\266\124\021\246\245\057\042\124\052\130 +\015\001\002\361\372\025\121\147\154\300\372\327\266\033\177\321 +\126\210\057\032\072\215\073\273\202\021\340\107\000\320\122\207 +\253\373\206\176\017\044\153\100\235\064\147\274\215\307\055\206 +\157\171\076\216\251\074\027\113\177\260\231\343\260\161\140\334 +\013\365\144\303\316\103\274\155\161\271\322\336\047\133\212\350 +\330\306\256\341\131\175\317\050\055\065\270\225\126\032\361\262 +\130\113\267\022\067\310\174\263\355\113\200\341\215\372\062\043 +\266\157\267\110\225\010\261\104\116\205\214\072\002\124\040\057 +\337\277\127\117\073\072\220\041\327\301\046\065\124\040\354\307 +\077\107\354\357\132\277\113\172\301\255\073\027\120\134\142\330 +\017\113\112\334\053\372\156\274\163\222\315\354\307\120\350\101 +\226\327\251\176\155\330\351\035\217\212\265\271\130\222\272\112 +\222\053\014\126\375\200\353\010\360\136\051\156\033\034\014\257 +\217\223\211\255\333\275\243\236\041\312\211\031\354\337\265\303 +\032\353\026\376\170\066\114\326\156\320\076\027\034\220\027\153 +\046\272\373\172\057\277\021\034\030\016\055\163\003\217\240\345 +\065\240\132\342\114\165\035\161\341\071\070\123\170\100\314\203 +\223\327\012\236\235\133\217\212\344\345\340\110\344\110\262\107 +\315\116\052\165\052\173\362\042\366\311\276\011\221\226\127\172 +\210\210\254\356\160\254\371\334\051\343\014\034\073\022\116\104 +\326\247\116\260\046\310\363\331\032\227\221\150\352\357\215\106 +\006\322\126\105\130\232\074\014\017\203\270\005\045\303\071\317 +\073\244\064\211\267\171\022\057\107\305\347\251\227\151\374\246 +\167\147\265\337\173\361\172\145\025\344\141\126\145\002\003\001 +\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 +\004\024\201\304\214\314\365\344\060\377\245\014\010\137\214\025 +\147\041\164\001\337\337\060\015\006\011\052\206\110\206\367\015 +\001\001\013\005\000\003\202\002\001\000\023\145\042\365\216\053 +\255\104\344\313\377\271\150\346\303\200\110\075\004\173\372\043 +\057\172\355\066\332\262\316\155\366\346\236\345\137\130\217\313 +\067\062\241\310\145\266\256\070\075\065\033\076\274\073\266\004 +\320\274\371\111\365\233\367\205\305\066\266\313\274\370\310\071 +\325\344\137\007\275\025\124\227\164\312\312\355\117\272\272\144 +\166\237\201\270\204\105\111\114\215\157\242\353\261\314\321\303 +\224\332\104\302\346\342\352\030\350\242\037\047\005\272\327\345 +\326\251\315\335\357\166\230\215\000\016\315\033\372\003\267\216 +\200\130\016\047\077\122\373\224\242\312\136\145\311\326\204\332 +\271\065\161\363\046\300\117\167\346\201\047\322\167\073\232\024 +\157\171\364\366\320\341\323\224\272\320\127\121\275\047\005\015 +\301\375\310\022\060\356\157\215\021\053\010\235\324\324\277\200 +\105\024\232\210\104\332\060\352\264\247\343\356\357\133\202\325 +\076\326\255\170\222\333\134\074\363\330\255\372\270\153\177\304 +\066\050\266\002\025\212\124\054\234\260\027\163\216\320\067\243 +\024\074\230\225\000\014\051\005\133\236\111\111\261\137\307\343 +\313\317\047\145\216\065\027\267\127\310\060\331\101\133\271\024 +\266\350\302\017\224\061\247\224\230\314\152\353\265\341\047\365 +\020\250\001\350\216\022\142\350\210\314\265\177\106\227\300\233 +\020\146\070\032\066\106\137\042\150\075\337\311\306\023\047\253 +\123\006\254\242\074\206\006\145\157\261\176\261\051\104\232\243 +\272\111\151\050\151\217\327\345\137\255\004\206\144\157\032\240 +\014\305\010\142\316\200\243\320\363\354\150\336\276\063\307\027 +\133\177\200\304\114\114\261\246\204\212\303\073\270\011\315\024 +\201\272\030\343\124\127\066\376\333\057\174\107\241\072\063\310 +\371\130\073\104\117\261\312\002\211\004\226\050\150\305\113\270 +\046\211\273\326\063\057\120\325\376\232\211\272\030\062\222\124 +\306\133\340\235\371\136\345\015\042\233\366\332\342\310\041\262 +\142\041\252\206\100\262\056\144\323\137\310\343\176\021\147\105 +\037\005\376\343\242\357\263\250\263\363\175\217\370\014\037\042 +\037\055\160\264\270\001\064\166\060\000\345\043\170\247\126\327 +\120\037\212\373\006\365\302\031\360\320 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "UCA Global G2 Root" +# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Serial Number:5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef +# Subject: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 11 00:00:00 2016 +# Not Valid After : Mon Dec 31 00:00:00 2040 +# Fingerprint (SHA-256): 9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C +# Fingerprint (SHA1): 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "UCA Global G2 Root" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\050\371\170\026\031\172\377\030\045\030\252\104\376\301\240\316 +\134\266\114\212 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\200\376\360\304\112\360\134\142\062\237\034\272\170\251\120\370 +END +CKA_ISSUER MULTILINE_OCTAL +\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 +\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\135\337\261\332\132\243\355\135\276\132\145\040\145\003 +\220\357 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "UCA Extended Validation Root" +# +# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Serial Number:4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60 +# Subject: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 13 00:00:00 2015 +# Not Valid After : Fri Dec 31 00:00:00 2038 +# Fingerprint (SHA-256): D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24 +# Fingerprint (SHA1): A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "UCA Extended Validation Root" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 +\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 +\164\151\157\156\040\122\157\157\164 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 -\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 +\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 +\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 +\164\151\157\156\040\122\157\157\164 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\204\202\054\137\034\142\320\100 +\002\020\117\322\053\217\365\144\310\063\236\117\064\130\146\043 +\160\140 END CKA_VALUE MULTILINE_OCTAL -\060\202\004\040\060\202\003\010\240\003\002\001\002\002\011\000 -\204\202\054\137\034\142\320\100\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\060\201\234\061\013\060\011\006\003 -\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010 -\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004 -\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044 -\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157 -\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040 -\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124 -\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060 -\025\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162 -\040\105\103\101\055\061\060\036\027\015\061\066\060\062\060\064 -\061\062\063\062\063\063\132\027\015\062\071\061\062\063\061\061 -\067\062\070\060\067\132\060\201\234\061\013\060\011\006\003\125 -\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014 -\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007 -\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060 -\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162 -\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122 -\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162 -\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141 -\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060\025 -\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162\040 -\105\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\317\217\340\021\265\237\250\166\166\333 -\337\017\124\357\163\143\051\202\255\107\306\243\153\355\376\137 -\063\370\103\121\351\032\063\221\061\027\240\164\304\324\247\001 -\346\262\222\076\152\235\355\016\371\164\230\100\323\077\003\200 -\006\202\100\350\261\342\247\121\247\035\203\046\153\253\336\372 -\027\221\053\330\306\254\036\261\236\031\001\325\227\246\352\015 -\267\304\125\037\047\174\322\010\325\166\037\051\025\207\100\071 -\335\070\105\021\165\320\232\247\064\340\277\315\310\122\035\271 -\107\176\015\270\273\306\014\366\163\127\026\132\176\103\221\037 -\125\072\306\155\104\004\252\234\251\234\247\114\211\027\203\256 -\243\004\136\122\200\213\036\022\045\021\031\327\014\175\175\061 -\104\101\352\333\257\260\034\357\201\320\054\305\232\041\233\075 -\355\102\073\120\046\362\354\316\161\141\006\142\041\124\116\177 -\301\235\076\177\040\214\200\313\052\330\227\142\310\203\063\221 -\175\260\242\132\017\127\350\073\314\362\045\262\324\174\057\354 -\115\306\241\072\025\172\347\266\135\065\365\366\110\112\066\105 -\146\324\272\230\130\301\002\003\001\000\001\243\143\060\141\060 -\035\006\003\125\035\016\004\026\004\024\104\236\110\365\314\155 -\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060\037 -\006\003\125\035\043\004\030\060\026\200\024\104\236\110\365\314 -\155\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\001\001\000\005\076\065\134\025\160\233\311\307\163\141\157 -\162\053\324\302\217\362\103\135\002\316\304\224\271\224\021\203 -\147\135\342\147\154\165\166\277\273\014\252\066\306\255\107\223 -\143\334\036\176\326\336\056\376\351\031\062\070\003\177\024\366 -\000\163\054\131\261\041\006\341\373\254\030\225\014\243\377\231 -\226\367\053\047\233\325\044\314\035\335\301\072\340\230\104\260 -\304\344\076\167\261\163\251\144\054\366\034\001\174\077\135\105 -\205\300\205\347\045\217\225\334\027\363\074\237\032\156\260\312 -\343\035\052\351\114\143\372\044\141\142\326\332\176\266\034\154 -\365\002\035\324\052\335\125\220\353\052\021\107\074\056\136\164 -\262\202\042\245\175\123\037\105\354\047\221\175\347\042\026\350 -\300\150\066\330\306\361\117\200\104\062\371\341\321\321\035\252 -\336\250\253\234\004\257\255\040\016\144\230\115\245\153\300\110 -\130\226\151\115\334\007\214\121\223\242\337\237\017\075\213\140 -\264\202\215\252\010\116\142\105\340\371\013\322\340\340\074\133 -\336\134\161\047\045\302\346\003\201\213\020\123\343\307\125\242 -\264\237\327\346 +\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\117 +\322\053\217\365\144\310\063\236\117\064\130\146\043\160\140\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\107 +\061\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060 +\017\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164 +\061\045\060\043\006\003\125\004\003\014\034\125\103\101\040\105 +\170\164\145\156\144\145\144\040\126\141\154\151\144\141\164\151 +\157\156\040\122\157\157\164\060\036\027\015\061\065\060\063\061 +\063\060\060\060\060\060\060\132\027\015\063\070\061\062\063\061 +\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 +\004\006\023\002\103\116\061\021\060\017\006\003\125\004\012\014 +\010\125\156\151\124\162\165\163\164\061\045\060\043\006\003\125 +\004\003\014\034\125\103\101\040\105\170\164\145\156\144\145\144 +\040\126\141\154\151\144\141\164\151\157\156\040\122\157\157\164 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\251\011\007\050\023\002\260\231\340\144\252\036\103\026\172 +\163\261\221\240\165\076\250\372\343\070\000\172\354\211\152\040 +\017\213\305\260\233\063\003\132\206\306\130\206\325\301\205\273 +\117\306\234\100\115\312\276\356\151\226\270\255\201\060\232\174 +\222\005\353\005\053\232\110\320\270\166\076\226\310\040\273\322 +\260\361\217\330\254\105\106\377\252\147\140\264\167\176\152\037 +\074\032\122\172\004\075\007\074\205\015\204\320\037\166\012\367 +\152\024\337\162\343\064\174\127\116\126\001\076\171\361\252\051 +\073\154\372\370\217\155\115\310\065\337\256\353\334\044\356\171 +\105\247\205\266\005\210\336\210\135\045\174\227\144\147\011\331 +\277\132\025\005\206\363\011\036\354\130\062\063\021\363\167\144 +\260\166\037\344\020\065\027\033\362\016\261\154\244\052\243\163 +\374\011\037\036\062\031\123\021\347\331\263\054\056\166\056\241 +\243\336\176\152\210\011\350\362\007\212\370\262\315\020\347\342 +\163\100\223\273\010\321\077\341\374\013\224\263\045\357\174\246 +\327\321\257\237\377\226\232\365\221\173\230\013\167\324\176\350 +\007\322\142\265\225\071\343\363\361\155\017\016\145\204\212\143 +\124\305\200\266\340\236\113\175\107\046\247\001\010\135\321\210 +\236\327\303\062\104\372\202\112\012\150\124\177\070\123\003\314 +\244\000\063\144\121\131\013\243\202\221\172\136\354\026\302\363 +\052\346\142\332\052\333\131\142\020\045\112\052\201\013\107\007 +\103\006\160\207\322\372\223\021\051\172\110\115\353\224\307\160 +\115\257\147\325\121\261\200\040\001\001\264\172\010\246\220\177 +\116\340\357\007\101\207\257\152\245\136\213\373\317\120\262\232 +\124\257\303\211\272\130\055\365\060\230\261\066\162\071\176\111 +\004\375\051\247\114\171\344\005\127\333\224\271\026\123\215\106 +\263\035\225\141\127\126\177\257\360\026\133\141\130\157\066\120 +\021\013\330\254\053\225\026\032\016\037\010\315\066\064\145\020 +\142\146\325\200\137\024\040\137\055\014\240\170\012\150\326\054 +\327\351\157\053\322\112\005\223\374\236\157\153\147\377\210\361 +\116\245\151\112\122\067\005\352\306\026\215\322\304\231\321\202 +\053\073\272\065\165\367\121\121\130\363\310\007\335\344\264\003 +\177\002\003\001\000\001\243\102\060\100\060\035\006\003\125\035 +\016\004\026\004\024\331\164\072\344\060\075\015\367\022\334\176 +\132\005\237\036\064\232\367\341\024\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\206\060\015\006\011\052\206 +\110\206\367\015\001\001\013\005\000\003\202\002\001\000\066\215 +\227\314\102\025\144\051\067\233\046\054\326\373\256\025\151\054 +\153\032\032\367\137\266\371\007\114\131\352\363\311\310\271\256 +\314\272\056\172\334\300\365\260\055\300\073\257\237\160\005\021 +\152\237\045\117\001\051\160\343\345\014\341\352\132\174\334\111 +\273\301\036\052\201\365\026\113\162\221\310\242\061\271\252\332 +\374\235\037\363\135\100\002\023\374\116\034\006\312\263\024\220 +\124\027\031\022\032\361\037\327\014\151\132\366\161\170\364\224 +\175\221\013\216\354\220\124\216\274\157\241\114\253\374\164\144 +\375\161\232\370\101\007\241\315\221\344\074\232\340\233\062\071 +\163\253\052\325\151\310\170\221\046\061\175\342\307\060\361\374 +\024\170\167\022\016\023\364\335\026\224\277\113\147\173\160\123 +\205\312\260\273\363\070\115\054\220\071\300\015\302\135\153\351 +\342\345\325\210\215\326\054\277\253\033\276\265\050\207\022\027 +\164\156\374\175\374\217\320\207\046\260\033\373\271\154\253\342 +\236\075\025\301\073\056\147\002\130\221\237\357\370\102\037\054 +\267\150\365\165\255\317\265\366\377\021\175\302\360\044\245\255 +\323\372\240\074\251\372\135\334\245\240\357\104\244\276\326\350 +\345\344\023\226\027\173\006\076\062\355\307\267\102\274\166\243 +\330\145\070\053\070\065\121\041\016\016\157\056\064\023\100\341 +\053\147\014\155\112\101\060\030\043\132\062\125\231\311\027\340 +\074\336\366\354\171\255\053\130\031\242\255\054\042\032\225\216 +\276\226\220\135\102\127\304\371\024\003\065\053\034\055\121\127 +\010\247\072\336\077\344\310\264\003\163\302\301\046\200\273\013 +\102\037\255\015\257\046\162\332\314\276\263\243\203\130\015\202 +\305\037\106\121\343\234\030\314\215\233\215\354\111\353\165\120 +\325\214\050\131\312\164\064\332\214\013\041\253\036\352\033\345 +\307\375\025\076\300\027\252\373\043\156\046\106\313\372\371\261 +\162\153\151\317\042\204\013\142\017\254\331\031\000\224\242\166 +\074\324\055\232\355\004\236\055\006\142\020\067\122\034\205\162 +\033\047\345\314\306\061\354\067\354\143\131\233\013\035\166\314 +\176\062\232\210\225\010\066\122\273\336\166\137\166\111\111\255 +\177\275\145\040\262\311\301\053\166\030\166\237\126\261 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "TrustCor ECA-1" -# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:84:82:2c:5f:1c:62:d0:40 -# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:33 2016 -# Not Valid After : Mon Dec 31 17:28:07 2029 -# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C -# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "UCA Extended Validation Root" +# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Serial Number:4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60 +# Subject: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 13 00:00:00 2015 +# Not Valid After : Fri Dec 31 00:00:00 2038 +# Fingerprint (SHA-256): D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24 +# Fingerprint (SHA1): A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor ECA-1" +CKA_LABEL UTF8 "UCA Extended Validation Root" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\130\321\337\225\225\147\153\143\300\360\133\034\027\115\213\204 -\013\310\170\275 +\243\241\260\157\044\141\043\112\343\066\245\302\067\374\246\377 +\335\360\327\072 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\047\222\043\035\012\365\100\174\351\346\153\235\330\365\347\154 +\241\363\137\103\306\064\233\332\277\214\176\005\123\255\226\342 END CKA_ISSUER MULTILINE_OCTAL -\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 -\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 +\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 +\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 +\164\151\157\156\040\122\157\157\164 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\204\202\054\137\034\142\320\100 +\002\020\117\322\053\217\365\144\310\063\236\117\064\130\146\043 +\160\140 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "SSL.com Root Certification Authority RSA" +# Certificate "Certigna Root CA" # -# Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:7b:2c:9b:d3:16:80:32:99 -# Subject: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 17:39:39 2016 -# Not Valid After : Tue Feb 12 17:39:39 2041 -# Fingerprint (SHA-256): 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69 -# Fingerprint (SHA1): B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB +# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Serial Number:00:ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1 +# Subject: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Not Valid Before: Tue Oct 01 08:32:27 2013 +# Not Valid After : Sat Oct 01 08:32:27 2033 +# Fingerprint (SHA-256): D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68 +# Fingerprint (SHA1): 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com Root Certification Authority RSA" +CKA_LABEL UTF8 "Certigna Root CA" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\122\123\101 +\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 +\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 +\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 +\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 +\151\147\156\141\040\122\157\157\164\040\103\101 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\122\123\101 +\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 +\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 +\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 +\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 +\151\147\156\141\040\122\157\157\164\040\103\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\173\054\233\323\026\200\062\231 +\002\021\000\312\351\033\211\361\125\003\015\243\346\101\155\304 +\343\246\341 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\335\060\202\003\305\240\003\002\001\002\002\010\173 -\054\233\323\026\200\062\231\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\174\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\016\060\014\006\003\125\004\010\014\005 -\124\145\170\141\163\061\020\060\016\006\003\125\004\007\014\007 -\110\157\165\163\164\157\156\061\030\060\026\006\003\125\004\012 -\014\017\123\123\114\040\103\157\162\160\157\162\141\164\151\157 -\156\061\061\060\057\006\003\125\004\003\014\050\123\123\114\056 -\143\157\155\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\122\123\101\060\036\027\015\061\066\060\062\061\062\061\067 -\063\071\063\071\132\027\015\064\061\060\062\061\062\061\067\063 -\071\063\071\132\060\174\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145 -\170\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157 -\165\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017 -\123\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061 -\061\060\057\006\003\125\004\003\014\050\123\123\114\056\143\157 -\155\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 -\123\101\060\202\002\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 -\002\001\000\371\017\335\243\053\175\313\320\052\376\354\147\205 -\246\347\056\033\272\167\341\343\365\257\244\354\372\112\135\221 -\304\127\107\153\030\167\153\166\362\375\223\344\075\017\302\026 -\236\013\146\303\126\224\236\027\203\205\316\126\357\362\026\375 -\000\142\365\042\011\124\350\145\027\116\101\271\340\117\106\227 -\252\033\310\270\156\142\136\151\261\137\333\052\002\176\374\154 -\312\363\101\330\355\320\350\374\077\141\110\355\260\003\024\035 -\020\016\113\031\340\273\116\354\206\145\377\066\363\136\147\002 -\013\235\206\125\141\375\172\070\355\376\342\031\000\267\157\241 -\120\142\165\164\074\240\372\310\045\222\264\156\172\042\307\370 -\036\241\343\262\335\221\061\253\053\035\004\377\245\112\004\067 -\351\205\244\063\053\375\342\326\125\064\174\031\244\112\150\307 -\262\250\323\267\312\241\223\210\353\301\227\274\214\371\035\331 -\042\204\044\164\307\004\075\152\251\051\223\314\353\270\133\341 -\376\137\045\252\064\130\310\301\043\124\235\033\230\021\303\070 -\234\176\075\206\154\245\017\100\206\174\002\364\134\002\117\050 -\313\256\161\237\017\072\310\063\376\021\045\065\352\374\272\305 -\140\075\331\174\030\325\262\251\323\165\170\003\162\042\312\072 -\303\037\357\054\345\056\251\372\236\054\266\121\106\375\257\003 -\326\352\140\150\352\205\026\066\153\205\351\036\300\263\335\304 -\044\334\200\052\201\101\155\224\076\310\340\311\201\101\000\236 -\136\277\177\305\010\230\242\030\054\102\100\263\371\157\070\047 -\113\116\200\364\075\201\107\340\210\174\352\034\316\265\165\134 -\121\056\034\053\177\032\162\050\347\000\265\321\164\306\327\344 -\237\255\007\223\266\123\065\065\374\067\344\303\366\135\026\276 -\041\163\336\222\012\370\240\143\152\274\226\222\152\076\370\274 -\145\125\233\336\365\015\211\046\004\374\045\032\246\045\151\313 -\302\155\312\174\342\131\137\227\254\353\357\056\310\274\327\033 -\131\074\053\314\362\031\310\223\153\047\143\031\317\374\351\046 -\370\312\161\233\177\223\376\064\147\204\116\231\353\374\263\170 -\011\063\160\272\146\246\166\355\033\163\353\032\245\015\304\042 -\023\040\224\126\012\116\054\154\116\261\375\317\234\011\272\242 -\063\355\207\002\003\001\000\001\243\143\060\141\060\035\006\003 -\125\035\016\004\026\004\024\335\004\011\007\242\365\172\175\122 -\123\022\222\225\356\070\200\045\015\246\131\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003 -\125\035\043\004\030\060\026\200\024\335\004\011\007\242\365\172 -\175\122\123\022\222\225\356\070\200\045\015\246\131\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\206\060\015\006 -\011\052\206\110\206\367\015\001\001\013\005\000\003\202\002\001 -\000\040\030\021\224\051\373\046\235\034\036\036\160\141\361\225 -\162\223\161\044\255\150\223\130\216\062\257\033\263\160\003\374 -\045\053\164\205\220\075\170\152\364\271\213\245\227\073\265\030 -\221\273\036\247\371\100\133\221\371\125\231\257\036\021\320\134 -\035\247\146\343\261\224\007\014\062\071\246\352\033\260\171\330 -\035\234\160\104\343\212\335\304\371\225\037\212\070\103\077\001 -\205\245\107\247\075\106\262\274\345\042\150\367\173\234\330\054 -\076\012\041\310\055\063\254\277\305\201\231\061\164\301\165\161 -\305\276\261\360\043\105\364\235\153\374\031\143\235\243\274\004 -\306\030\013\045\273\123\211\017\263\200\120\336\105\356\104\177 -\253\224\170\144\230\323\366\050\335\207\330\160\145\164\373\016 -\271\023\353\247\017\141\251\062\226\314\336\273\355\143\114\030 -\273\251\100\367\240\124\156\040\210\161\165\030\352\172\264\064 -\162\340\043\047\167\134\266\220\352\206\045\100\253\357\063\017 -\313\237\202\276\242\040\373\366\265\055\032\346\302\205\261\164 -\017\373\310\145\002\244\122\001\107\335\111\042\301\277\330\353 -\153\254\176\336\354\143\063\025\267\043\010\217\306\017\215\101 -\132\335\216\305\271\217\345\105\077\170\333\272\322\033\100\261 -\376\161\115\077\340\201\242\272\136\264\354\025\340\223\335\010 -\037\176\341\125\231\013\041\336\223\236\012\373\346\243\111\275 -\066\060\376\347\167\262\240\165\227\265\055\201\210\027\145\040 -\367\332\220\000\237\311\122\314\062\312\065\174\365\075\017\330 -\053\327\365\046\154\311\006\064\226\026\352\160\131\032\062\171 -\171\013\266\210\177\017\122\110\075\277\154\330\242\104\056\321 -\116\267\162\130\323\211\023\225\376\104\253\370\327\213\033\156 -\234\274\054\240\133\325\152\000\257\137\067\341\325\372\020\013 -\230\234\206\347\046\217\316\360\354\156\212\127\013\200\343\116 -\262\300\240\143\141\220\272\125\150\067\164\152\266\222\333\237 -\241\206\042\266\145\047\016\354\266\237\102\140\344\147\302\265 -\332\101\013\304\323\213\141\033\274\372\037\221\053\327\104\007 -\136\272\051\254\331\305\351\357\123\110\132\353\200\361\050\130 -\041\315\260\006\125\373\047\077\123\220\160\251\004\036\127\047 -\271 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "SSL.com Root Certification Authority RSA" -# Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:7b:2c:9b:d3:16:80:32:99 -# Subject: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 17:39:39 2016 -# Not Valid After : Tue Feb 12 17:39:39 2041 -# Fingerprint (SHA-256): 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69 -# Fingerprint (SHA1): B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB +\060\202\006\133\060\202\004\103\240\003\002\001\002\002\021\000 +\312\351\033\211\361\125\003\015\243\346\101\155\304\343\246\341 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022 +\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157\164 +\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060\060 +\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063\066 +\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164\151 +\147\156\141\040\122\157\157\164\040\103\101\060\036\027\015\061 +\063\061\060\060\061\060\070\063\062\062\067\132\027\015\063\063 +\061\060\060\061\060\070\063\062\062\067\132\060\132\061\013\060 +\011\006\003\125\004\006\023\002\106\122\061\022\060\020\006\003 +\125\004\012\014\011\104\150\151\155\171\157\164\151\163\061\034 +\060\032\006\003\125\004\013\014\023\060\060\060\062\040\064\070 +\061\064\066\063\060\070\061\060\060\060\063\066\061\031\060\027 +\006\003\125\004\003\014\020\103\145\162\164\151\147\156\141\040 +\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052 +\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 +\202\002\012\002\202\002\001\000\315\030\071\145\032\131\261\352 +\144\026\016\214\224\044\225\174\203\323\305\071\046\334\014\357 +\026\127\215\327\330\254\243\102\177\202\312\355\315\133\333\016 +\267\055\355\105\010\027\262\331\263\313\326\027\122\162\050\333 +\216\116\236\212\266\013\371\236\204\232\115\166\336\042\051\134 +\322\263\322\006\076\060\071\251\164\243\222\126\034\241\157\114 +\012\040\155\237\043\172\264\306\332\054\344\035\054\334\263\050 +\320\023\362\114\116\002\111\241\124\100\236\346\345\005\240\055 +\204\310\377\230\154\320\353\212\032\204\010\036\267\150\043\356 +\043\325\160\316\155\121\151\020\356\241\172\302\321\042\061\302 +\202\205\322\362\125\166\120\174\045\172\311\204\134\013\254\335 +\102\116\053\347\202\242\044\211\313\220\262\320\356\043\272\146 +\114\273\142\244\371\123\132\144\173\174\230\372\243\110\236\017 +\225\256\247\030\364\152\354\056\003\105\257\360\164\370\052\315 +\172\135\321\276\104\046\062\051\361\361\365\154\314\176\002\041 +\013\237\157\244\077\276\235\123\342\317\175\251\054\174\130\032 +\227\341\075\067\067\030\146\050\322\100\305\121\212\214\303\055 +\316\123\210\044\130\144\060\026\305\252\340\326\012\246\100\337 +\170\366\365\004\174\151\023\204\274\321\321\247\006\317\001\367 +\150\300\250\127\273\072\141\255\004\214\223\343\255\374\360\333 +\104\155\131\334\111\131\256\254\232\231\066\060\101\173\166\063 +\042\207\243\302\222\206\156\371\160\356\256\207\207\225\033\304 +\172\275\061\363\324\322\345\231\377\276\110\354\165\365\170\026 +\035\246\160\301\177\074\033\241\222\373\317\310\074\326\305\223 +\012\217\365\125\072\166\225\316\131\230\212\011\225\167\062\232 +\203\272\054\004\072\227\275\324\057\276\327\154\233\242\312\175 +\155\046\311\125\325\317\303\171\122\010\011\231\007\044\055\144 +\045\153\246\041\151\233\152\335\164\115\153\227\172\101\275\253 +\027\371\220\027\110\217\066\371\055\325\305\333\356\252\205\105 +\101\372\315\072\105\261\150\346\066\114\233\220\127\354\043\271 +\207\010\302\304\011\361\227\206\052\050\115\342\164\300\332\304 +\214\333\337\342\241\027\131\316\044\131\164\061\332\177\375\060 +\155\331\334\341\152\341\374\137\002\003\001\000\001\243\202\001 +\032\060\202\001\026\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 +\024\030\207\126\340\156\167\356\044\065\074\116\163\232\037\326 +\341\342\171\176\053\060\037\006\003\125\035\043\004\030\060\026 +\200\024\030\207\126\340\156\167\356\044\065\074\116\163\232\037 +\326\341\342\171\176\053\060\104\006\003\125\035\040\004\075\060 +\073\060\071\006\004\125\035\040\000\060\061\060\057\006\010\053 +\006\001\005\005\007\002\001\026\043\150\164\164\160\163\072\057 +\057\167\167\167\167\056\143\145\162\164\151\147\156\141\056\146 +\162\057\141\165\164\157\162\151\164\145\163\057\060\155\006\003 +\125\035\037\004\146\060\144\060\057\240\055\240\053\206\051\150 +\164\164\160\072\057\057\143\162\154\056\143\145\162\164\151\147 +\156\141\056\146\162\057\143\145\162\164\151\147\156\141\162\157 +\157\164\143\141\056\143\162\154\060\061\240\057\240\055\206\053 +\150\164\164\160\072\057\057\143\162\154\056\144\150\151\155\171 +\157\164\151\163\056\143\157\155\057\143\145\162\164\151\147\156 +\141\162\157\157\164\143\141\056\143\162\154\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\224 +\270\236\117\360\343\225\010\042\347\315\150\101\367\034\125\325 +\174\000\342\055\072\211\135\150\070\057\121\042\013\112\215\313 +\351\273\135\076\273\134\075\261\050\376\344\123\125\023\317\241 +\220\033\002\035\137\146\106\011\063\050\341\015\044\227\160\323 +\020\037\352\144\127\226\273\135\332\347\304\214\117\114\144\106 +\035\134\207\343\131\336\102\321\233\250\176\246\211\335\217\034 +\311\060\202\355\073\234\315\300\351\031\340\152\330\002\165\067 +\253\367\064\050\050\221\362\004\012\117\065\343\140\046\001\372 +\320\021\214\371\021\152\356\257\075\303\120\323\217\137\063\171 +\074\206\250\163\105\220\214\040\266\162\163\027\043\276\007\145 +\345\170\222\015\272\001\300\353\214\034\146\277\254\206\167\001 +\224\015\234\346\351\071\215\037\246\121\214\231\014\071\167\341 +\264\233\372\034\147\127\157\152\152\216\251\053\114\127\171\172 +\127\042\317\315\137\143\106\215\134\131\072\206\370\062\107\142 +\243\147\015\030\221\334\373\246\153\365\110\141\163\043\131\216 +\002\247\274\104\352\364\111\235\361\124\130\371\140\257\332\030 +\244\057\050\105\334\172\240\210\206\135\363\073\347\377\051\065 +\200\374\144\103\224\346\343\034\157\276\255\016\052\143\231\053 +\311\176\205\366\161\350\006\003\225\376\336\217\110\034\132\324 +\222\350\053\356\347\061\333\272\004\152\207\230\347\305\137\357 +\175\247\042\367\001\330\115\371\211\320\016\232\005\131\244\236 +\230\331\157\053\312\160\276\144\302\125\243\364\351\257\303\222 +\051\334\210\026\044\231\074\215\046\230\266\133\267\314\316\267 +\067\007\375\046\331\230\205\044\377\131\043\003\232\355\235\235 +\250\344\136\070\316\327\122\015\157\322\077\155\261\005\153\111 +\316\212\221\106\163\364\366\057\360\250\163\167\016\145\254\241 +\215\146\122\151\176\113\150\014\307\036\067\047\203\245\214\307 +\002\344\024\315\111\001\260\163\263\375\306\220\072\157\322\154 +\355\073\356\354\221\276\242\103\135\213\000\112\146\045\104\160 +\336\100\017\370\174\025\367\242\316\074\327\136\023\214\201\027 +\030\027\321\275\361\167\020\072\324\145\071\301\047\254\127\054 +\045\124\377\242\332\117\212\141\071\136\256\075\112\214\275 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Certigna Root CA" +# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Serial Number:00:ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1 +# Subject: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Not Valid Before: Tue Oct 01 08:32:27 2013 +# Not Valid After : Sat Oct 01 08:32:27 2033 +# Fingerprint (SHA-256): D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68 +# Fingerprint (SHA1): 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com Root Certification Authority RSA" +CKA_LABEL UTF8 "Certigna Root CA" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\267\253\063\010\321\352\104\167\272\024\200\022\132\157\275\251 -\066\111\014\273 +\055\015\122\024\377\236\255\231\044\001\164\040\107\156\154\205 +\047\047\365\103 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\206\151\022\300\160\361\354\254\254\302\325\274\245\133\241\051 +\016\134\060\142\047\353\133\274\327\256\142\272\351\325\337\167 END CKA_ISSUER MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\122\123\101 +\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 +\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 +\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 +\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 +\151\147\156\141\040\122\157\157\164\040\103\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\173\054\233\323\026\200\062\231 +\002\021\000\312\351\033\211\361\125\003\015\243\346\101\155\304 +\343\246\341 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -23031,123 +22662,138 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "SSL.com Root Certification Authority ECC" +# Certificate "emSign Root CA - G1" # -# Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:75:e6:df:cb:c1:68:5b:a8 -# Subject: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 18:14:03 2016 -# Not Valid After : Tue Feb 12 18:14:03 2041 -# Fingerprint (SHA-256): 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65 -# Fingerprint (SHA1): C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A +# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:31:f5:e4:62:0c:6c:58:ed:d6:d8 +# Subject: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67 +# Fingerprint (SHA1): 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com Root Certification Authority ECC" +CKA_LABEL UTF8 "emSign Root CA - G1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\105\103\103 +\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\107\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\105\103\103 +\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\107\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\165\346\337\313\301\150\133\250 +\002\012\061\365\344\142\014\154\130\355\326\330 END CKA_VALUE MULTILINE_OCTAL -\060\202\002\215\060\202\002\024\240\003\002\001\002\002\010\165 -\346\337\313\301\150\133\250\060\012\006\010\052\206\110\316\075 -\004\003\002\060\174\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145\170 -\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157\165 -\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017\123 -\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061\061 -\060\057\006\003\125\004\003\014\050\123\123\114\056\143\157\155 -\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 -\103\060\036\027\015\061\066\060\062\061\062\061\070\061\064\060 -\063\132\027\015\064\061\060\062\061\062\061\070\061\064\060\063 -\132\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 -\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 -\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 -\040\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057 -\006\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122 -\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\040\105\103\103\060 -\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201 -\004\000\042\003\142\000\004\105\156\251\120\304\246\043\066\236 -\137\050\215\027\313\226\042\144\077\334\172\216\035\314\010\263 -\242\161\044\272\216\111\271\004\033\107\226\130\253\055\225\310 -\355\236\010\065\310\047\353\211\214\123\130\353\142\212\376\360 -\133\017\153\061\122\143\101\073\211\315\354\354\266\215\031\323 -\064\007\334\273\306\006\177\302\105\225\354\313\177\250\043\340 -\011\351\201\372\363\107\323\243\143\060\141\060\035\006\003\125 -\035\016\004\026\004\024\202\321\205\163\060\347\065\004\323\216 -\002\222\373\345\244\321\304\041\350\315\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125 -\035\043\004\030\060\026\200\024\202\321\205\163\060\347\065\004 -\323\216\002\222\373\345\244\321\304\041\350\315\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\206\060\012\006\010 -\052\206\110\316\075\004\003\002\003\147\000\060\144\002\060\157 -\347\353\131\021\244\140\317\141\260\226\173\355\005\371\057\023 -\221\334\355\345\374\120\153\021\106\106\263\034\041\000\142\273 -\276\303\347\350\315\007\231\371\015\013\135\162\076\304\252\002 -\060\037\274\272\013\342\060\044\373\174\155\200\125\012\231\076 -\200\015\063\345\146\243\263\243\273\245\325\213\217\011\054\246 -\135\176\342\360\007\010\150\155\322\174\151\156\137\337\345\152 -\145 +\060\202\003\224\060\202\002\174\240\003\002\001\002\002\012\061 +\365\344\142\014\154\130\355\326\330\060\015\006\011\052\206\110 +\206\367\015\001\001\013\005\000\060\147\061\013\060\011\006\003 +\125\004\006\023\002\111\116\061\023\060\021\006\003\125\004\013 +\023\012\145\155\123\151\147\156\040\120\113\111\061\045\060\043 +\006\003\125\004\012\023\034\145\115\165\144\150\162\141\040\124 +\145\143\150\156\157\154\157\147\151\145\163\040\114\151\155\151 +\164\145\144\061\034\060\032\006\003\125\004\003\023\023\145\155 +\123\151\147\156\040\122\157\157\164\040\103\101\040\055\040\107 +\061\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 +\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 +\132\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116 +\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 +\156\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034 +\145\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157 +\147\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032 +\006\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157 +\157\164\040\103\101\040\055\040\107\061\060\202\001\042\060\015 +\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 +\017\000\060\202\001\012\002\202\001\001\000\223\113\273\351\146 +\212\356\235\133\325\064\223\320\033\036\303\347\236\270\144\063 +\177\143\170\150\264\315\056\161\165\327\233\040\306\115\051\274 +\266\150\140\212\367\041\232\126\065\132\363\166\275\330\315\232 +\377\223\126\113\245\131\006\241\223\064\051\335\026\064\165\116 +\362\201\264\307\226\116\255\031\025\122\112\376\074\160\165\160 +\315\257\053\253\025\232\063\074\252\263\213\252\315\103\375\365 +\352\160\377\355\317\021\073\224\316\116\062\026\323\043\100\052 +\167\263\257\074\001\054\154\355\231\054\213\331\116\151\230\262 +\367\217\101\260\062\170\141\326\015\137\303\372\242\100\222\035 +\134\027\346\160\076\065\347\242\267\302\142\342\253\244\070\114 +\265\071\065\157\352\003\151\372\072\124\150\205\155\326\362\057 +\103\125\036\221\015\016\330\325\152\244\226\321\023\074\054\170 +\120\350\072\222\322\027\126\345\065\032\100\034\076\215\054\355 +\071\337\102\340\203\101\164\337\243\315\302\206\140\110\150\343 +\151\013\124\000\213\344\166\151\041\015\171\116\064\010\136\024 +\302\314\261\267\255\327\174\160\212\307\205\002\003\001\000\001 +\243\102\060\100\060\035\006\003\125\035\016\004\026\004\024\373 +\357\015\206\236\260\343\335\251\271\361\041\027\177\076\374\360 +\167\053\032\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060 +\003\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001 +\013\005\000\003\202\001\001\000\131\377\362\214\365\207\175\161 +\075\243\237\033\133\321\332\370\323\234\153\066\275\233\251\141 +\353\336\026\054\164\075\236\346\165\332\327\272\247\274\102\027 +\347\075\221\353\345\175\335\076\234\361\317\222\254\154\110\314 +\302\042\077\151\073\305\266\025\057\243\065\306\150\052\034\127 +\257\071\357\215\320\065\303\030\014\173\000\126\034\315\213\031 +\164\336\276\017\022\340\320\252\241\077\002\064\261\160\316\235 +\030\326\010\003\011\106\356\140\340\176\266\304\111\004\121\175 +\160\140\274\252\262\377\171\162\172\246\035\075\137\052\370\312 +\342\375\071\267\107\271\353\176\337\004\043\257\372\234\006\007 +\351\373\143\223\200\100\265\306\154\012\061\050\316\014\237\317 +\263\043\065\200\101\215\154\304\067\173\201\057\200\241\100\102 +\205\351\331\070\215\350\241\123\315\001\277\151\350\132\006\362 +\105\013\220\372\256\341\277\235\362\256\127\074\245\256\262\126 +\364\213\145\100\351\375\061\201\054\364\071\011\330\356\153\247 +\264\246\035\025\245\230\367\001\201\330\205\175\363\121\134\161 +\210\336\272\314\037\200\176\112 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "SSL.com Root Certification Authority ECC" -# Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:75:e6:df:cb:c1:68:5b:a8 -# Subject: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 18:14:03 2016 -# Not Valid After : Tue Feb 12 18:14:03 2041 -# Fingerprint (SHA-256): 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65 -# Fingerprint (SHA1): C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign Root CA - G1" +# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:31:f5:e4:62:0c:6c:58:ed:d6:d8 +# Subject: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67 +# Fingerprint (SHA1): 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com Root Certification Authority ECC" +CKA_LABEL UTF8 "emSign Root CA - G1" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\303\031\174\071\044\346\124\257\033\304\253\040\225\172\342\303 -\016\023\002\152 +\212\307\255\217\163\254\116\301\265\165\115\245\100\364\374\317 +\174\265\216\214 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\056\332\344\071\177\234\217\067\321\160\237\046\027\121\072\216 +\234\102\204\127\335\313\013\247\056\225\255\266\363\332\274\254 END CKA_ISSUER MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\105\103\103 +\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\107\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\165\346\337\313\301\150\133\250 +\002\012\061\365\344\142\014\154\130\355\326\330 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -23155,179 +22801,545 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "SSL.com EV Root Certification Authority RSA R2" +# Certificate "emSign ECC Root CA - G3" # -# Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:56:b6:29:cd:34:bc:78:f6 -# Subject: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Wed May 31 18:14:37 2017 -# Not Valid After : Fri May 30 18:14:37 2042 -# Fingerprint (SHA-256): 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C -# Fingerprint (SHA1): 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A +# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:3c:f6:07:a9:68:70:0e:da:8b:84 +# Subject: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B +# Fingerprint (SHA1): 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com EV Root Certification Authority RSA R2" +CKA_LABEL UTF8 "emSign ECC Root CA - G3" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 -\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 -\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 -\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065 -\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105 -\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 -\123\101\040\122\062 +\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\107\063 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 -\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 -\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 -\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065 -\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105 -\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 -\123\101\040\122\062 +\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\107\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\126\266\051\315\064\274\170\366 +\002\012\074\366\007\251\150\160\016\332\213\204 END CKA_VALUE MULTILINE_OCTAL -\060\202\005\353\060\202\003\323\240\003\002\001\002\002\010\126 -\266\051\315\064\274\170\366\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\201\202\061\013\060\011\006\003\125 -\004\006\023\002\125\123\061\016\060\014\006\003\125\004\010\014 -\005\124\145\170\141\163\061\020\060\016\006\003\125\004\007\014 -\007\110\157\165\163\164\157\156\061\030\060\026\006\003\125\004 -\012\014\017\123\123\114\040\103\157\162\160\157\162\141\164\151 -\157\156\061\067\060\065\006\003\125\004\003\014\056\123\123\114 -\056\143\157\155\040\105\126\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\122\123\101\040\122\062\060\036\027\015\061 -\067\060\065\063\061\061\070\061\064\063\067\132\027\015\064\062 -\060\065\063\060\061\070\061\064\063\067\132\060\201\202\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\016\060\014\006 -\003\125\004\010\014\005\124\145\170\141\163\061\020\060\016\006 -\003\125\004\007\014\007\110\157\165\163\164\157\156\061\030\060 -\026\006\003\125\004\012\014\017\123\123\114\040\103\157\162\160 -\157\162\141\164\151\157\156\061\067\060\065\006\003\125\004\003 -\014\056\123\123\114\056\143\157\155\040\105\126\040\122\157\157 -\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\101\165\164\150\157\162\151\164\171\040\122\123\101\040\122\062 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\217\066\145\100\341\326\115\300\327\264\351\106\332\153\352 -\063\107\315\114\371\175\175\276\275\055\075\360\333\170\341\206 -\245\331\272\011\127\150\355\127\076\240\320\010\101\203\347\050 -\101\044\037\343\162\025\320\001\032\373\136\160\043\262\313\237 -\071\343\317\305\116\306\222\155\046\306\173\273\263\332\047\235 -\012\206\351\201\067\005\376\360\161\161\354\303\034\351\143\242 -\027\024\235\357\033\147\323\205\125\002\002\326\111\311\314\132 -\341\261\367\157\062\237\311\324\073\210\101\250\234\275\313\253 -\333\155\173\011\037\242\114\162\220\332\053\010\374\317\074\124 -\316\147\017\250\317\135\226\031\013\304\343\162\353\255\321\175 -\035\047\357\222\353\020\277\133\353\073\257\317\200\335\301\322 -\226\004\133\172\176\244\251\074\070\166\244\142\216\240\071\136 -\352\167\317\135\000\131\217\146\054\076\007\242\243\005\046\021 -\151\227\352\205\267\017\226\013\113\310\100\341\120\272\056\212 -\313\367\017\232\042\347\177\232\067\023\315\362\115\023\153\041 -\321\300\314\042\362\241\106\366\104\151\234\312\141\065\007\000 -\157\326\141\010\021\352\272\270\366\351\263\140\345\115\271\354 -\237\024\146\311\127\130\333\315\207\151\370\212\206\022\003\107 -\277\146\023\166\254\167\175\064\044\205\203\315\327\252\234\220 -\032\237\041\054\177\170\267\144\270\330\350\246\364\170\263\125 -\313\204\322\062\304\170\256\243\217\141\335\316\010\123\255\354 -\210\374\025\344\232\015\346\237\032\167\316\114\217\270\024\025 -\075\142\234\206\070\006\000\146\022\344\131\166\132\123\300\002 -\230\242\020\053\150\104\173\216\171\316\063\112\166\252\133\201 -\026\033\265\212\330\320\000\173\136\142\264\011\326\206\143\016 -\246\005\225\111\272\050\213\210\223\262\064\034\330\244\125\156 -\267\034\320\336\231\125\073\043\364\042\340\371\051\146\046\354 -\040\120\167\333\112\013\217\276\345\002\140\160\101\136\324\256 -\120\071\042\024\046\313\262\073\163\164\125\107\007\171\201\071 -\250\060\023\104\345\004\212\256\226\023\045\102\017\271\123\304 -\233\374\315\344\034\336\074\372\253\326\006\112\037\147\246\230 -\060\034\335\054\333\334\030\225\127\146\306\377\134\213\126\365 -\167\002\003\001\000\001\243\143\060\141\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125 -\035\043\004\030\060\026\200\024\371\140\273\324\343\325\064\366 -\270\365\006\200\045\247\163\333\106\151\250\236\060\035\006\003 -\125\035\016\004\026\004\024\371\140\273\324\343\325\064\366\270 -\365\006\200\045\247\163\333\106\151\250\236\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\206\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\126 -\263\216\313\012\235\111\216\277\244\304\221\273\146\027\005\121 -\230\165\373\345\120\054\172\236\361\024\372\253\323\212\076\377 -\221\051\217\143\213\330\264\251\124\001\015\276\223\206\057\371 -\112\155\307\136\365\127\371\312\125\034\022\276\107\017\066\305 -\337\152\267\333\165\302\107\045\177\271\361\143\370\150\055\125 -\004\321\362\215\260\244\317\274\074\136\037\170\347\245\240\040 -\160\260\004\305\267\367\162\247\336\042\015\275\063\045\106\214 -\144\222\046\343\076\056\143\226\332\233\214\075\370\030\011\327 -\003\314\175\206\202\340\312\004\007\121\120\327\377\222\325\014 -\357\332\206\237\231\327\353\267\257\150\342\071\046\224\272\150 -\267\277\203\323\352\172\147\075\142\147\256\045\345\162\350\342 -\344\354\256\022\366\113\053\074\237\351\260\100\363\070\124\263 -\375\267\150\310\332\306\217\121\074\262\373\221\334\034\347\233 -\235\341\267\015\162\217\342\244\304\251\170\371\353\024\254\306 -\103\005\302\145\071\050\030\002\303\202\262\235\005\276\145\355 -\226\137\145\164\074\373\011\065\056\173\234\023\375\033\017\135 -\307\155\201\072\126\017\314\073\341\257\002\057\042\254\106\312 -\106\074\240\034\114\326\104\264\136\056\134\025\146\011\341\046 -\051\376\306\122\141\272\261\163\377\303\014\234\345\154\152\224 -\077\024\312\100\026\225\204\363\131\251\254\137\114\141\223\155 -\321\073\314\242\225\014\042\246\147\147\104\056\271\331\322\212 -\101\263\146\013\132\373\175\043\245\362\032\260\377\336\233\203 -\224\056\321\077\337\222\267\221\257\005\073\145\307\240\154\261 -\315\142\022\303\220\033\343\045\316\064\274\157\167\166\261\020 -\303\367\005\032\300\326\257\164\142\110\027\167\222\151\220\141 -\034\336\225\200\164\124\217\030\034\303\363\003\320\277\244\103 -\165\206\123\030\172\012\056\011\034\066\237\221\375\202\212\042 -\113\321\016\120\045\335\313\003\014\027\311\203\000\010\116\065 -\115\212\213\355\360\002\224\146\054\104\177\313\225\047\226\027 -\255\011\060\254\266\161\027\156\213\027\366\034\011\324\055\073 -\230\245\161\323\124\023\331\140\363\365\113\146\117\372\361\356 -\040\022\215\264\254\127\261\105\143\241\254\166\251\302\373 +\060\202\002\116\060\202\001\323\240\003\002\001\002\002\012\074 +\366\007\251\150\160\016\332\213\204\060\012\006\010\052\206\110 +\316\075\004\003\003\060\153\061\013\060\011\006\003\125\004\006 +\023\002\111\116\061\023\060\021\006\003\125\004\013\023\012\145 +\155\123\151\147\156\040\120\113\111\061\045\060\043\006\003\125 +\004\012\023\034\145\115\165\144\150\162\141\040\124\145\143\150 +\156\157\154\157\147\151\145\163\040\114\151\155\151\164\145\144 +\061\040\060\036\006\003\125\004\003\023\027\145\155\123\151\147 +\156\040\105\103\103\040\122\157\157\164\040\103\101\040\055\040 +\107\063\060\036\027\015\061\070\060\062\061\070\061\070\063\060 +\060\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060 +\060\132\060\153\061\013\060\011\006\003\125\004\006\023\002\111 +\116\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151 +\147\156\040\120\113\111\061\045\060\043\006\003\125\004\012\023 +\034\145\115\165\144\150\162\141\040\124\145\143\150\156\157\154 +\157\147\151\145\163\040\114\151\155\151\164\145\144\061\040\060 +\036\006\003\125\004\003\023\027\145\155\123\151\147\156\040\105 +\103\103\040\122\157\157\164\040\103\101\040\055\040\107\063\060 +\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201 +\004\000\042\003\142\000\004\043\245\014\270\055\022\365\050\363 +\261\262\335\342\002\022\200\236\071\137\111\115\237\311\045\064 +\131\164\354\273\006\034\347\300\162\257\350\256\057\341\101\124 +\207\024\250\112\262\350\174\202\346\133\152\265\334\263\165\316 +\213\006\320\206\043\277\106\325\216\017\077\004\364\327\034\222 +\176\366\245\143\302\365\137\216\056\117\241\030\031\002\053\062 +\012\202\144\175\026\223\321\243\102\060\100\060\035\006\003\125 +\035\016\004\026\004\024\174\135\002\204\023\324\314\212\233\201 +\316\027\034\056\051\036\234\110\143\102\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\012\006\010\052 +\206\110\316\075\004\003\003\003\151\000\060\146\002\061\000\276 +\363\141\317\002\020\035\144\225\007\270\030\156\210\205\005\057 +\203\010\027\220\312\037\212\114\350\015\033\172\261\255\325\201 +\011\107\357\073\254\010\004\174\134\231\261\355\107\007\322\002 +\061\000\235\272\125\374\251\112\350\355\355\346\166\001\102\173 +\310\370\140\331\215\121\213\125\073\373\214\173\353\145\011\303 +\370\226\315\107\250\202\362\026\125\167\044\176\022\020\225\004 +\054\243 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign ECC Root CA - G3" +# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:3c:f6:07:a9:68:70:0e:da:8b:84 +# Subject: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B +# Fingerprint (SHA1): 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign ECC Root CA - G3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\060\103\372\117\362\127\334\240\303\200\356\056\130\352\170\262 +\077\346\273\301 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\316\013\162\321\237\210\216\320\120\003\350\343\270\213\147\100 +END +CKA_ISSUER MULTILINE_OCTAL +\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\107\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\074\366\007\251\150\160\016\332\213\204 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "emSign Root CA - C1" +# +# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:00:ae:cf:00:ba:c4:cf:32:f8:43:b2 +# Subject: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F +# Fingerprint (SHA1): E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign Root CA - C1" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 +\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 +\040\103\101\040\055\040\103\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 +\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 +\040\103\101\040\055\040\103\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\013\000\256\317\000\272\304\317\062\370\103\262 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\163\060\202\002\133\240\003\002\001\002\002\013\000 +\256\317\000\272\304\317\062\370\103\262\060\015\006\011\052\206 +\110\206\367\015\001\001\013\005\000\060\126\061\013\060\011\006 +\003\125\004\006\023\002\125\123\061\023\060\021\006\003\125\004 +\013\023\012\145\155\123\151\147\156\040\120\113\111\061\024\060 +\022\006\003\125\004\012\023\013\145\115\165\144\150\162\141\040 +\111\156\143\061\034\060\032\006\003\125\004\003\023\023\145\155 +\123\151\147\156\040\122\157\157\164\040\103\101\040\055\040\103 +\061\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 +\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 +\132\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 +\156\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013 +\145\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\103\061\060\202\001\042\060\015\006 +\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 +\000\060\202\001\012\002\202\001\001\000\317\353\251\271\361\231 +\005\314\330\050\041\112\363\163\064\121\204\126\020\365\240\117 +\054\022\343\372\023\232\047\320\317\371\171\032\164\137\035\171 +\071\374\133\370\160\216\340\222\122\367\344\045\371\124\203\331 +\035\323\310\132\205\077\136\307\266\007\356\076\300\316\232\257 +\254\126\102\052\071\045\160\326\277\265\173\066\255\254\366\163 +\334\315\327\035\212\203\245\373\053\220\025\067\153\034\046\107 +\334\073\051\126\223\152\263\301\152\072\235\075\365\301\227\070 +\130\005\213\034\021\343\344\264\270\135\205\035\203\376\170\137 +\013\105\150\030\110\245\106\163\064\073\376\017\310\166\273\307 +\030\363\005\321\206\363\205\355\347\271\331\062\255\125\210\316 +\246\266\221\260\117\254\176\025\043\226\366\077\360\040\064\026 +\336\012\306\304\004\105\171\177\247\375\276\322\251\245\257\234 +\305\043\052\367\074\041\154\275\257\217\116\305\072\262\363\064 +\022\374\337\200\032\111\244\324\251\225\367\236\211\136\242\211 +\254\224\313\250\150\233\257\212\145\047\315\211\356\335\214\265 +\153\051\160\103\240\151\013\344\271\017\002\003\001\000\001\243 +\102\060\100\060\035\006\003\125\035\016\004\026\004\024\376\241 +\340\160\036\052\003\071\122\132\102\276\134\221\205\172\030\252 +\115\265\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\003\202\001\001\000\302\112\126\372\025\041\173\050\242 +\351\345\035\373\370\055\304\071\226\101\114\073\047\054\304\154 +\030\025\200\306\254\257\107\131\057\046\013\343\066\260\357\073 +\376\103\227\111\062\231\022\025\133\337\021\051\377\253\123\370 +\273\301\170\017\254\234\123\257\127\275\150\214\075\151\063\360 +\243\240\043\143\073\144\147\042\104\255\325\161\313\126\052\170 +\222\243\117\022\061\066\066\342\336\376\000\304\243\140\017\047 +\255\240\260\212\265\066\172\122\241\275\047\364\040\047\142\350 +\115\224\044\023\344\012\004\351\074\253\056\310\103\011\112\306 +\141\004\345\111\064\176\323\304\310\365\017\300\252\351\272\124 +\136\363\143\053\117\117\120\324\376\271\173\231\214\075\300\056 +\274\002\053\323\304\100\344\212\007\061\036\233\316\046\231\023 +\373\021\352\232\042\014\021\031\307\136\033\201\120\060\310\226 +\022\156\347\313\101\177\221\073\242\107\267\124\200\033\334\000 +\314\232\220\352\303\303\120\006\142\014\060\300\025\110\247\250 +\131\174\341\256\042\242\342\012\172\017\372\142\253\122\114\341 +\361\337\312\276\203\015\102 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign Root CA - C1" +# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:00:ae:cf:00:ba:c4:cf:32:f8:43:b2 +# Subject: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F +# Fingerprint (SHA1): E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign Root CA - C1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\347\056\361\337\374\262\011\050\317\135\324\325\147\067\261\121 +\313\206\117\001 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\330\343\135\001\041\372\170\132\260\337\272\322\356\052\137\150 +END +CKA_ISSUER MULTILINE_OCTAL +\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 +\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 +\040\103\101\040\055\040\103\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\013\000\256\317\000\272\304\317\062\370\103\262 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# Trust for "SSL.com EV Root Certification Authority RSA R2" -# Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:56:b6:29:cd:34:bc:78:f6 -# Subject: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Wed May 31 18:14:37 2017 -# Not Valid After : Fri May 30 18:14:37 2042 -# Fingerprint (SHA-256): 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C -# Fingerprint (SHA1): 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A +# +# Certificate "emSign ECC Root CA - C3" +# +# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:7b:71:b6:82:56:b8:12:7c:9c:a8 +# Subject: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3 +# Fingerprint (SHA1): B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign ECC Root CA - C3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 +\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 +\122\157\157\164\040\103\101\040\055\040\103\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 +\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 +\122\157\157\164\040\103\101\040\055\040\103\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\173\161\266\202\126\270\022\174\234\250 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\053\060\202\001\261\240\003\002\001\002\002\012\173 +\161\266\202\126\270\022\174\234\250\060\012\006\010\052\206\110 +\316\075\004\003\003\060\132\061\013\060\011\006\003\125\004\006 +\023\002\125\123\061\023\060\021\006\003\125\004\013\023\012\145 +\155\123\151\147\156\040\120\113\111\061\024\060\022\006\003\125 +\004\012\023\013\145\115\165\144\150\162\141\040\111\156\143\061 +\040\060\036\006\003\125\004\003\023\027\145\155\123\151\147\156 +\040\105\103\103\040\122\157\157\164\040\103\101\040\055\040\103 +\063\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 +\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 +\132\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 +\156\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013 +\145\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\103\063\060\166\060 +\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 +\042\003\142\000\004\375\245\141\256\173\046\020\035\351\267\042 +\060\256\006\364\201\263\261\102\161\225\071\274\323\122\343\257 +\257\371\362\227\065\222\066\106\016\207\225\215\271\071\132\351 +\273\337\320\376\310\007\101\074\273\125\157\203\243\152\373\142 +\260\201\211\002\160\175\110\305\112\343\351\042\124\042\115\223 +\273\102\014\257\167\234\043\246\175\327\141\021\316\145\307\370 +\177\376\365\362\251\243\102\060\100\060\035\006\003\125\035\016 +\004\026\004\024\373\132\110\320\200\040\100\362\250\351\000\007 +\151\031\167\247\346\303\364\317\060\016\006\003\125\035\017\001 +\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001 +\001\377\004\005\060\003\001\001\377\060\012\006\010\052\206\110 +\316\075\004\003\003\003\150\000\060\145\002\061\000\264\330\057 +\002\211\375\266\114\142\272\103\116\023\204\162\265\256\335\034 +\336\326\265\334\126\217\130\100\132\055\336\040\114\042\203\312 +\223\250\176\356\022\100\307\326\207\117\370\337\205\002\060\034 +\024\144\344\174\226\203\021\234\260\321\132\141\113\246\017\111 +\323\000\374\241\374\344\245\377\177\255\327\060\320\307\167\177 +\276\201\007\125\060\120\040\024\365\127\070\012\250\061\121 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign ECC Root CA - C3" +# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:7b:71:b6:82:56:b8:12:7c:9c:a8 +# Subject: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3 +# Fingerprint (SHA1): B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com EV Root Certification Authority RSA R2" +CKA_LABEL UTF8 "emSign ECC Root CA - C3" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\164\072\360\122\233\320\062\240\364\112\203\315\324\272\251\173 -\174\056\304\232 +\266\257\103\302\233\201\123\175\366\357\153\303\037\037\140\025 +\014\356\110\146 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\341\036\061\130\032\256\124\123\002\366\027\152\021\173\115\225 +\076\123\263\243\201\356\327\020\370\323\260\035\027\222\365\325 END CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 -\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 -\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 -\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065 -\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105 -\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 -\123\101\040\122\062 +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 +\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 +\122\157\157\164\040\103\101\040\055\040\103\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\126\266\051\315\064\274\170\366 +\002\012\173\161\266\202\126\270\022\174\234\250 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Hongkong Post Root CA 3" +# +# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Serial Number:08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4 +# Subject: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Not Valid Before: Sat Jun 03 02:29:46 2017 +# Not Valid After : Tue Jun 03 02:29:46 2042 +# Fingerprint (SHA-256): 5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 +# Fingerprint (SHA1): 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hongkong Post Root CA 3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 +\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 +\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 +\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 +\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 +\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 +\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 +\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 +\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 +\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 +\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 +\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 +\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\010\026\137\212\114\245\354\000\311\223\100\337\304\306 +\256\043\270\034\132\244 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\317\060\202\003\267\240\003\002\001\002\002\024\010 +\026\137\212\114\245\354\000\311\223\100\337\304\306\256\043\270 +\034\132\244\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\060\157\061\013\060\011\006\003\125\004\006\023\002\110 +\113\061\022\060\020\006\003\125\004\010\023\011\110\157\156\147 +\040\113\157\156\147\061\022\060\020\006\003\125\004\007\023\011 +\110\157\156\147\040\113\157\156\147\061\026\060\024\006\003\125 +\004\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163 +\164\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147 +\153\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103 +\101\040\063\060\036\027\015\061\067\060\066\060\063\060\062\062 +\071\064\066\132\027\015\064\062\060\066\060\063\060\062\062\071 +\064\066\132\060\157\061\013\060\011\006\003\125\004\006\023\002 +\110\113\061\022\060\020\006\003\125\004\010\023\011\110\157\156 +\147\040\113\157\156\147\061\022\060\020\006\003\125\004\007\023 +\011\110\157\156\147\040\113\157\156\147\061\026\060\024\006\003 +\125\004\012\023\015\110\157\156\147\153\157\156\147\040\120\157 +\163\164\061\040\060\036\006\003\125\004\003\023\027\110\157\156 +\147\153\157\156\147\040\120\157\163\164\040\122\157\157\164\040 +\103\101\040\063\060\202\002\042\060\015\006\011\052\206\110\206 +\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 +\002\202\002\001\000\263\210\327\352\316\017\040\116\276\346\326 +\003\155\356\131\374\302\127\337\051\150\241\203\016\076\150\307 +\150\130\234\034\140\113\211\103\014\271\324\025\262\356\301\116 +\165\351\265\247\357\345\351\065\231\344\314\034\347\113\137\215 +\063\060\040\063\123\331\246\273\325\076\023\216\351\037\207\111 +\255\120\055\120\312\030\276\001\130\242\023\160\226\273\211\210 +\126\200\134\370\275\054\074\341\114\127\210\273\323\271\225\357 +\313\307\366\332\061\164\050\246\346\124\211\365\101\061\312\345 +\046\032\315\202\340\160\332\073\051\273\325\003\365\231\272\125 +\365\144\321\140\016\263\211\111\270\212\057\005\322\204\105\050 +\174\217\150\120\022\170\374\013\265\123\313\302\230\034\204\243 +\236\260\276\043\244\332\334\310\053\036\332\156\105\036\211\230 +\332\371\000\056\006\351\014\073\160\325\120\045\210\231\313\315 +\163\140\367\325\377\065\147\305\241\274\136\253\315\112\270\105 +\353\310\150\036\015\015\024\106\022\343\322\144\142\212\102\230 +\274\264\306\010\010\370\375\250\114\144\234\166\001\275\057\251 +\154\063\017\330\077\050\270\074\151\001\102\206\176\151\301\311 +\006\312\345\172\106\145\351\302\326\120\101\056\077\267\344\355 +\154\327\277\046\001\021\242\026\051\112\153\064\006\220\354\023 +\322\266\373\152\166\322\074\355\360\326\055\335\341\025\354\243 +\233\057\054\311\076\053\344\151\073\377\162\045\261\066\206\133 +\307\177\153\213\125\033\112\305\040\141\075\256\313\120\341\010 +\072\276\260\217\143\101\123\060\010\131\074\230\035\167\272\143 +\221\172\312\020\120\140\277\360\327\274\225\207\217\227\305\376 +\227\152\001\224\243\174\133\205\035\052\071\072\320\124\241\321 +\071\161\235\375\041\371\265\173\360\342\340\002\217\156\226\044 +\045\054\240\036\054\250\304\211\247\357\355\231\006\057\266\012 +\114\117\333\242\314\067\032\257\107\205\055\212\137\304\064\064 +\114\000\375\030\223\147\023\321\067\346\110\264\213\006\305\127 +\173\031\206\012\171\313\000\311\122\257\102\377\067\217\341\243 +\036\172\075\120\253\143\006\347\025\265\077\266\105\067\224\067 +\261\176\362\110\303\177\305\165\376\227\215\105\217\032\247\032 +\162\050\032\100\017\002\003\001\000\001\243\143\060\141\060\017 +\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 +\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 +\037\006\003\125\035\043\004\030\060\026\200\024\027\235\315\036 +\213\326\071\053\160\323\134\324\240\270\037\260\000\374\305\141 +\060\035\006\003\125\035\016\004\026\004\024\027\235\315\036\213 +\326\071\053\160\323\134\324\240\270\037\260\000\374\305\141\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 +\002\001\000\126\325\173\156\346\042\001\322\102\233\030\325\016 +\327\146\043\134\343\376\240\307\222\322\351\224\255\113\242\306 +\354\022\174\164\325\110\322\131\024\231\300\353\271\321\353\364 +\110\060\133\255\247\127\163\231\251\323\345\267\321\056\131\044 +\130\334\150\056\056\142\330\152\344\160\013\055\040\120\040\244 +\062\225\321\000\230\273\323\375\367\062\362\111\256\306\172\340 +\107\276\156\316\313\243\162\072\055\151\135\313\310\350\105\071 +\324\372\102\301\021\114\167\135\222\373\152\377\130\104\345\353 +\201\236\257\240\231\255\276\251\001\146\313\070\035\074\337\103 +\037\364\115\156\264\272\027\106\374\175\375\207\201\171\152\015 +\063\017\372\057\370\024\271\200\263\135\115\252\227\341\371\344 +\030\305\370\325\070\214\046\074\375\362\050\342\356\132\111\210 +\054\337\171\075\216\236\220\074\275\101\112\072\335\133\366\232 +\264\316\077\045\060\177\062\175\242\003\224\320\334\172\241\122 +\336\156\223\215\030\046\375\125\254\275\217\233\322\317\257\347 +\206\054\313\037\011\157\243\157\251\204\324\163\277\115\241\164 +\033\116\043\140\362\314\016\252\177\244\234\114\045\250\262\146 +\073\070\377\331\224\060\366\162\204\276\150\125\020\017\306\163 +\054\026\151\223\007\376\261\105\355\273\242\125\152\260\332\265 +\112\002\045\047\205\327\267\267\206\104\026\211\154\200\053\076 +\227\251\234\325\176\125\114\306\336\105\020\034\352\351\073\237 +\003\123\356\356\172\001\002\026\170\324\350\302\276\106\166\210 +\023\077\042\273\110\022\035\122\000\264\002\176\041\032\036\234 +\045\364\363\075\136\036\322\034\371\263\055\266\367\067\134\306 +\313\041\116\260\367\231\107\030\205\301\053\272\125\256\006\352 +\320\007\262\334\253\320\202\226\165\316\322\120\376\231\347\317 +\057\237\347\166\321\141\052\373\041\273\061\320\252\237\107\244 +\262\042\312\026\072\120\127\304\133\103\147\305\145\142\003\111 +\001\353\103\331\330\370\236\255\317\261\143\016\105\364\240\132 +\054\233\055\305\246\300\255\250\107\364\047\114\070\015\056\033 +\111\073\122\364\350\210\203\053\124\050\324\362\065\122\264\062 +\203\142\151\144\014\221\234\237\227\352\164\026\375\037\021\006 +\232\233\364 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Hongkong Post Root CA 3" +# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Serial Number:08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4 +# Subject: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Not Valid Before: Sat Jun 03 02:29:46 2017 +# Not Valid After : Tue Jun 03 02:29:46 2042 +# Fingerprint (SHA-256): 5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 +# Fingerprint (SHA1): 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hongkong Post Root CA 3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\130\242\320\354\040\122\201\133\301\363\370\144\002\044\116\302 +\216\002\113\002 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\021\374\237\275\163\060\002\212\375\077\363\130\271\313\040\360 +END +CKA_ISSUER MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 +\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 +\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 +\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 +\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 +\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 +\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\010\026\137\212\114\245\354\000\311\223\100\337\304\306 +\256\043\270\034\132\244 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST @@ -23335,128 +23347,201 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "SSL.com EV Root Certification Authority ECC" +# Certificate "Entrust Root Certification Authority - G4" # -# Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:2c:29:9c:5b:16:ed:05:95 -# Subject: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 18:15:23 2016 -# Not Valid After : Tue Feb 12 18:15:23 2041 -# Fingerprint (SHA-256): 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8 -# Fingerprint (SHA1): 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D +# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 +# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Not Valid Before: Wed May 27 11:11:16 2015 +# Not Valid After : Sun Dec 27 11:41:16 2037 +# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 +# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com EV Root Certification Authority ECC" +CKA_LABEL UTF8 "Entrust Root Certification Authority - G4" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006 -\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126 -\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 -\103 +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006 -\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126 -\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 -\103 +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\054\051\234\133\026\355\005\225 +\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125 +\145\255\130 END CKA_VALUE MULTILINE_OCTAL -\060\202\002\224\060\202\002\032\240\003\002\001\002\002\010\054 -\051\234\133\026\355\005\225\060\012\006\010\052\206\110\316\075 -\004\003\002\060\177\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145\170 -\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157\165 -\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017\123 -\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061\064 -\060\062\006\003\125\004\003\014\053\123\123\114\056\143\157\155 -\040\105\126\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\105\103\103\060\036\027\015\061\066\060\062\061\062\061\070 -\061\065\062\063\132\027\015\064\061\060\062\061\062\061\070\061 -\065\062\063\132\060\177\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145 -\170\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157 -\165\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017 -\123\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061 -\064\060\062\006\003\125\004\003\014\053\123\123\114\056\143\157 -\155\040\105\126\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\040\105\103\103\060\166\060\020\006\007\052\206\110\316\075 -\002\001\006\005\053\201\004\000\042\003\142\000\004\252\022\107 -\220\230\033\373\357\303\100\007\203\040\116\361\060\202\242\006 -\321\362\222\206\141\362\366\041\150\312\000\304\307\352\103\000 -\124\206\334\375\037\337\000\270\101\142\134\334\160\026\062\336 -\037\231\324\314\305\007\310\010\037\141\026\007\121\075\175\134 -\007\123\343\065\070\214\337\315\237\331\056\015\112\266\031\056 -\132\160\132\006\355\276\360\241\260\312\320\011\051\243\143\060 -\141\060\035\006\003\125\035\016\004\026\004\024\133\312\136\345 -\336\322\201\252\315\250\055\144\121\266\331\162\233\227\346\117 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\037\006\003\125\035\043\004\030\060\026\200\024\133\312 -\136\345\336\322\201\252\315\250\055\144\121\266\331\162\233\227 -\346\117\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\206\060\012\006\010\052\206\110\316\075\004\003\002\003\150 -\000\060\145\002\061\000\212\346\100\211\067\353\351\325\023\331 -\312\324\153\044\363\260\075\207\106\130\032\354\261\337\157\373 -\126\272\160\153\307\070\314\350\261\214\117\017\367\361\147\166 -\016\203\320\036\121\217\002\060\075\366\043\050\046\114\306\140 -\207\223\046\233\262\065\036\272\326\367\074\321\034\316\372\045 -\074\246\032\201\025\133\363\022\017\154\356\145\212\311\207\250 -\371\007\340\142\232\214\134\112 +\060\202\006\113\060\202\004\063\240\003\002\001\002\002\021\000 +\331\265\103\177\257\251\071\017\000\000\000\000\125\145\255\130 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165\163 +\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 +\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165\163 +\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162\155 +\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040 +\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111\156 +\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162\151 +\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060\060 +\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040\122 +\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157 +\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\064 +\060\036\027\015\061\065\060\065\062\067\061\061\061\061\061\066 +\132\027\015\063\067\061\062\062\067\061\061\064\061\061\066\132 +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 +\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 +\001\000\261\354\054\102\356\342\321\060\377\245\222\107\342\055 +\303\272\144\227\155\312\367\015\265\131\301\263\313\250\150\031 +\330\257\204\155\060\160\135\176\363\056\322\123\231\341\376\037 +\136\331\110\257\135\023\215\333\377\143\063\115\323\000\002\274 +\304\370\321\006\010\224\171\130\212\025\336\051\263\375\375\304 +\117\350\252\342\240\073\171\315\277\153\103\062\335\331\164\020 +\271\367\364\150\324\273\320\207\325\252\113\212\052\157\052\004 +\265\262\246\307\240\172\346\110\253\322\321\131\314\326\176\043 +\346\227\154\360\102\345\334\121\113\025\101\355\111\112\311\336 +\020\227\326\166\301\357\245\265\066\024\227\065\330\170\042\065 +\122\357\103\275\333\047\333\141\126\202\064\334\313\210\140\014 +\013\132\345\054\001\306\124\257\327\252\301\020\173\322\005\132 +\270\100\236\206\247\303\220\206\002\126\122\011\172\234\322\047 +\202\123\112\145\122\152\365\074\347\250\362\234\257\213\275\323 +\016\324\324\136\156\207\236\152\075\105\035\321\135\033\364\351 +\012\254\140\231\373\211\264\377\230\054\317\174\035\351\002\252 +\004\232\036\270\334\210\156\045\263\154\146\367\074\220\363\127 +\301\263\057\365\155\362\373\312\241\370\051\235\106\213\263\152 +\366\346\147\007\276\054\147\012\052\037\132\262\076\127\304\323 +\041\041\143\145\122\221\033\261\231\216\171\176\346\353\215\000 +\331\132\252\352\163\350\244\202\002\107\226\376\133\216\124\141 +\243\353\057\113\060\260\213\043\165\162\174\041\074\310\366\361 +\164\324\034\173\243\005\125\356\273\115\073\062\276\232\167\146 +\236\254\151\220\042\007\037\141\072\226\276\345\232\117\314\005 +\074\050\131\323\301\014\124\250\131\141\275\310\162\114\350\334 +\237\207\177\275\234\110\066\136\225\243\016\271\070\044\125\374 +\165\146\353\002\343\010\064\051\112\306\343\053\057\063\240\332 +\243\206\245\022\227\375\200\053\332\024\102\343\222\275\076\362 +\135\136\147\164\056\034\210\107\051\064\137\342\062\250\234\045 +\067\214\272\230\000\227\213\111\226\036\375\045\212\254\334\332 +\330\135\164\156\146\260\377\104\337\241\030\306\276\110\057\067 +\224\170\370\225\112\077\177\023\136\135\131\375\164\206\103\143 +\163\111\002\003\001\000\001\243\102\060\100\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 +\125\035\016\004\026\004\024\237\070\304\126\043\303\071\350\240 +\161\154\350\124\114\344\350\072\261\277\147\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\022 +\345\102\246\173\213\017\014\344\106\245\266\140\100\207\214\045 +\176\255\270\150\056\133\306\100\166\074\003\370\311\131\364\363 +\253\142\316\020\215\264\132\144\214\150\300\260\162\103\064\322 +\033\013\366\054\123\322\312\220\113\206\146\374\252\203\042\364 +\213\032\157\046\110\254\166\167\010\277\305\230\134\364\046\211 +\236\173\303\271\144\062\001\177\323\303\335\130\155\354\261\253 +\204\125\164\167\204\004\047\122\153\206\114\316\335\271\145\377 +\326\306\136\237\232\020\231\113\165\152\376\152\351\227\040\344 +\344\166\172\306\320\044\252\220\315\040\220\272\107\144\373\177 +\007\263\123\170\265\012\142\362\163\103\316\101\053\201\152\056 +\205\026\224\123\324\153\137\162\042\253\121\055\102\325\000\234 +\231\277\336\273\224\073\127\375\232\365\206\313\126\073\133\210 +\001\345\174\050\113\003\371\111\203\174\262\177\174\343\355\216 +\241\177\140\123\216\125\235\120\064\022\017\267\227\173\154\207 +\112\104\347\365\155\354\200\067\360\130\031\156\112\150\166\360 +\037\222\344\352\265\222\323\141\121\020\013\255\247\331\137\307 +\137\334\037\243\134\214\241\176\233\267\236\323\126\157\146\136 +\007\226\040\355\013\164\373\146\116\213\021\025\351\201\111\176 +\157\260\324\120\177\042\327\137\145\002\015\246\364\205\036\330 +\256\006\113\112\247\322\061\146\302\370\316\345\010\246\244\002 +\226\104\150\127\304\325\063\317\031\057\024\304\224\034\173\244 +\331\360\237\016\261\200\342\321\236\021\144\251\210\021\072\166 +\202\345\142\302\200\330\244\203\355\223\357\174\057\220\260\062 +\114\226\025\150\110\122\324\231\010\300\044\350\034\343\263\245 +\041\016\222\300\220\037\317\040\137\312\073\070\307\267\155\072 +\363\346\104\270\016\061\153\210\216\160\353\234\027\122\250\101 +\224\056\207\266\347\246\022\305\165\337\133\300\012\156\173\244 +\344\136\206\371\066\224\337\167\303\351\015\300\071\361\171\273 +\106\216\253\103\131\047\267\040\273\043\351\126\100\041\354\061 +\075\145\252\103\362\075\337\160\104\341\272\115\046\020\073\230 +\237\363\310\216\033\070\126\041\152\121\223\323\221\312\106\332 +\211\267\075\123\203\054\010\037\213\217\123\335\377\254\037 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# Trust for "SSL.com EV Root Certification Authority ECC" -# Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:2c:29:9c:5b:16:ed:05:95 -# Subject: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 18:15:23 2016 -# Not Valid After : Tue Feb 12 18:15:23 2041 -# Fingerprint (SHA-256): 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8 -# Fingerprint (SHA1): 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D +# Trust for "Entrust Root Certification Authority - G4" +# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 +# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Not Valid Before: Wed May 27 11:11:16 2015 +# Not Valid After : Sun Dec 27 11:41:16 2037 +# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 +# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com EV Root Certification Authority ECC" +CKA_LABEL UTF8 "Entrust Root Certification Authority - G4" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\114\335\121\243\321\365\040\062\024\260\306\305\062\043\003\221 -\307\106\102\155 +\024\210\116\206\046\067\260\046\257\131\142\134\100\167\354\065 +\051\272\226\001 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\131\123\042\145\203\102\001\124\300\316\102\271\132\174\362\220 +\211\123\361\203\043\267\174\216\005\361\214\161\070\116\037\210 END CKA_ISSUER MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006 -\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126 -\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 -\103 +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\054\051\234\133\026\355\005\225 +\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125 +\145\255\130 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index 22e86b1ed..b993ed68c 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -93,6 +93,8 @@ #define CKA_NSS_JPAKE_X2S (CKA_NSS + 33) #define CKA_NSS_MOZILLA_CA_POLICY (CKA_NSS + 34) +#define CKA_NSS_SERVER_DISTRUST_AFTER (CKA_NSS + 35) +#define CKA_NSS_EMAIL_DISTRUST_AFTER (CKA_NSS + 36) /* * Trust attributes: From 6712ac7edbdda06f8f6efbdb798e2d7793230915 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 22:30:39 +0800 Subject: [PATCH 09/15] cherry-picked mozilla NSS upstream changes (to rev 632864c9, which is on par with 3.21.4): bug1221620, bug1244324, bug1241034, bug1206283, bug1241037, bug1245528, bug1293334, bug1306103, bug1345089, bug1344380 --- security/nss/coreconf/Werror.mk | 6 ++ security/nss/lib/freebl/blapi.h | 6 ++ security/nss/lib/freebl/drbg.c | 27 +++++++-- security/nss/lib/nss/nss.h | 4 +- security/nss/lib/softoken/softkver.h | 4 +- security/nss/lib/ssl/ssl3con.c | 76 +++++++++++++++++++------ security/nss/lib/util/dersubr.c | 22 +++++--- security/nss/lib/util/nssb64d.c | 2 +- security/nss/lib/util/nssb64e.c | 13 +++++ security/nss/lib/util/nssutil.h | 4 +- security/nss/lib/util/secasn1d.c | 51 +++++++++++++---- security/nss/lib/util/utf8.c | 84 +++++++++++++++++++++++++--- 12 files changed, 245 insertions(+), 54 deletions(-) diff --git a/security/nss/coreconf/Werror.mk b/security/nss/coreconf/Werror.mk index 6e2588ceb..80bf0790d 100644 --- a/security/nss/coreconf/Werror.mk +++ b/security/nss/coreconf/Werror.mk @@ -61,6 +61,12 @@ ifndef WARNING_CFLAGS ifeq ($(NSS_ENABLE_WERROR),1) WARNING_CFLAGS += -Werror + # For gcc 6 and newer we need -Wno-error=misleading-indentation + # to prevent compiler errors caused by mixed whitespace. + CC_VERSION := $(subst ., ,$(shell $(CC) -dumpversion)) + ifeq (,$(filter 0 1 2 3 4 5,$(word 1,$(CC_VERSION)))) + WARNING_CFLAGS += -Wno-error=misleading-indentation + endif else # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. # Use this to disable use of that #pragma and the warnings it suppresses. diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index 8324714d8..c0bf40a56 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -1444,6 +1444,12 @@ FIPS186Change_ReduceModQForDSA(const unsigned char *w, const unsigned char *q, unsigned char *xj); +/* To allow NIST KAT tests */ +extern SECStatus +PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len, + const PRUint8 *nonce, unsigned int nonce_len, + const PRUint8 *personal_string, unsigned int ps_len); + /* * The following functions are for FIPS poweron self test and FIPS algorithm * testing. diff --git a/security/nss/lib/freebl/drbg.c b/security/nss/lib/freebl/drbg.c index 391d45604..168bc009e 100644 --- a/security/nss/lib/freebl/drbg.c +++ b/security/nss/lib/freebl/drbg.c @@ -96,7 +96,8 @@ struct RNGContextStr { * RNG_RandomUpdate. */ PRUint8 additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE]; PRUint32 additionalAvail; - PRBool isValid; /* false if RNG reaches an invalid state */ + PRBool isValid; /* false if RNG reaches an invalid state */ + PRBool isKatTest; /* true if running NIST PRNG KAT tests */ }; typedef struct RNGContextStr RNGContext; @@ -149,7 +150,7 @@ prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return, /* - * Hash_DRBG Instantiate NIST SP 800-80 10.1.1.2 + * Hash_DRBG Instantiate NIST SP 800-90 10.1.1.2 * * NOTE: bytes & len are entropy || nonce || personalization_string. In * normal operation, NSS calculates them all together in a single call. @@ -157,9 +158,11 @@ prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return, static SECStatus prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len) { - if (len < PRNG_SEEDLEN) { - /* if the seedlen is to small, it's probably because we failed to get - * enough random data */ + if (!rng->isKatTest && len < PRNG_SEEDLEN) { + /* If the seedlen is too small, it's probably because we failed to get + * enough random data. + * This is stricter than NIST SP800-90A requires. Don't enforce it for + * tests. */ PORT_SetError(SEC_ERROR_NEED_RANDOM); return SECFailure; } @@ -272,7 +275,7 @@ prng_reseed_test(RNGContext *rng, const PRUint8 *entropy, #define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \ PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ - PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry) + PRNG_ADD_CARRY_ONLY(dest, dest_len - len - 1, carry) /* * This function expands the internal state of the prng to fulfill any number @@ -423,6 +426,7 @@ static PRStatus rng_init(void) } /* the RNG is in a valid state */ globalrng->isValid = PR_TRUE; + globalrng->isKatTest = PR_FALSE; /* fetch one random value so that we can populate rng->oldV for our * continous random number test. */ @@ -667,6 +671,17 @@ RNG_RNGShutdown(void) * entropy we may have previously collected. */ RNGContext testContext; +SECStatus +PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len, + const PRUint8 *nonce, unsigned int nonce_len, + const PRUint8 *personal_string, unsigned int ps_len) +{ + testContext.isKatTest = PR_TRUE; + return PRNGTEST_Instantiate(entropy, entropy_len, + nonce, nonce_len, + personal_string, ps_len); +} + /* * Test vector API. Use NIST SP 800-90 general interface so one of the * other NIST SP 800-90 algorithms may be used in the future. diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 70951fa61..d362bcb90 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -36,10 +36,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.21" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.21.4" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 #define NSS_VMINOR 21 -#define NSS_VPATCH 0 +#define NSS_VPATCH 4 #define NSS_VBUILD 0 #define NSS_BETA PR_FALSE diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index c7e25e1be..c954c8844 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,10 +25,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.21" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.21.4" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 #define SOFTOKEN_VMINOR 21 -#define SOFTOKEN_VPATCH 0 +#define SOFTOKEN_VPATCH 4 #define SOFTOKEN_VBUILD 0 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index ead786cfe..61083fc1c 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -9963,6 +9963,7 @@ ssl3_HandleDHClientKeyExchange(sslSocket *ss, CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL); if (pms == NULL) { ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + rv = SECFailure; goto loser; } @@ -11867,6 +11868,13 @@ ssl_ConstantTimeEQ8(unsigned char a, unsigned char b) return DUPLICATE_MSB_TO_ALL_8(c); } +/* ssl_constantTimeSelect return a if mask is 0xFF and b if mask is 0x00 */ +static unsigned char +ssl_constantTimeSelect(unsigned char mask, unsigned char a, unsigned char b) +{ + return (mask & a) | (~mask & b); +} + static SECStatus ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext, unsigned int blockSize, @@ -11970,22 +11978,54 @@ ssl_CBCExtractMAC(sslBuffer *plaintext, /* scanStart contains the number of bytes that we can ignore because * the MAC's position can only vary by 255 bytes. */ unsigned scanStart = 0; - unsigned i, j, divSpoiler; + unsigned i, j; unsigned char rotateOffset; - if (originalLength > macSize + 255 + 1) + if (originalLength > macSize + 255 + 1) { scanStart = originalLength - (macSize + 255 + 1); + } - /* divSpoiler contains a multiple of macSize that is used to cause the - * modulo operation to be constant time. Without this, the time varies - * based on the amount of padding when running on Intel chips at least. - * - * The aim of right-shifting macSize is so that the compiler doesn't - * figure out that it can remove divSpoiler as that would require it - * to prove that macSize is always even, which I hope is beyond it. */ - divSpoiler = macSize >> 1; - divSpoiler <<= (sizeof(divSpoiler)-1)*8; - rotateOffset = (divSpoiler + macStart - scanStart) % macSize; + /* We want to compute + * rotateOffset = (macStart - scanStart) % macSize + * But the time to compute this varies based on the amount of padding. Thus + * we explicitely handle all mac sizes with (hopefully) constant time modulo + * using Barrett reduction: + * q := (rotateOffset * m) >> k + * rotateOffset -= q * n + * if (n <= rotateOffset) rotateOffset -= n + */ + rotateOffset = macStart - scanStart; + /* rotateOffset < 255 + 1 + 48 = 304 */ + if (macSize == 16) { + rotateOffset &= 15; + } else if (macSize == 20) { + /* + * Correctness: rotateOffset * ( 1/20 - 25/2^9 ) < 1 + * with rotateOffset <= 853 + */ + unsigned q = (rotateOffset * 25) >> 9; /* m = 25, k = 9 */ + rotateOffset -= q * 20; + rotateOffset -= ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, 20), + 20, 0); + } else if (macSize == 32) { + rotateOffset &= 31; + } else if (macSize == 48) { + /* + * Correctness: rotateOffset * ( 1/48 - 10/2^9 ) < 1 + * with rotateOffset < 768 + */ + unsigned q = (rotateOffset * 10) >> 9; /* m = 25, k = 9 */ + rotateOffset -= q * 48; + rotateOffset -= ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, 48), + 48, 0); + } else { + /* + * SHA384 (macSize == 48) is the largest we support. We should never + * get here. + */ + PORT_Assert(0); + rotateOffset = rotateOffset % macSize; + } memset(rotatedMac, 0, macSize); for (i = scanStart; i < originalLength;) { @@ -12001,12 +12041,16 @@ ssl_CBCExtractMAC(sslBuffer *plaintext, /* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line * we could line-align |rotatedMac| and rotate in place. */ memset(out, 0, macSize); + rotateOffset = macSize - rotateOffset; + rotateOffset = ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, macSize), + 0, rotateOffset); for (i = 0; i < macSize; i++) { - unsigned char offset = - (divSpoiler + macSize - rotateOffset + i) % macSize; for (j = 0; j < macSize; j++) { - out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, offset); - } + out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, rotateOffset); + } + rotateOffset++; + rotateOffset = ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, macSize), + 0, rotateOffset); } } diff --git a/security/nss/lib/util/dersubr.c b/security/nss/lib/util/dersubr.c index 0f4c6d95c..657dd9f01 100644 --- a/security/nss/lib/util/dersubr.c +++ b/security/nss/lib/util/dersubr.c @@ -179,10 +179,12 @@ long DER_GetInteger(const SECItem *it) { long ival = 0; - unsigned len = it->len; + PRBool negative = PR_FALSE; + unsigned int len = it->len; + unsigned int originalLength = len; unsigned char *cp = it->data; unsigned long overflow = 0x1ffUL << (((sizeof(ival) - 1) * 8) - 1); - unsigned long ofloinit; + unsigned long mask = 1; PORT_Assert(len); if (!len) { @@ -190,14 +192,15 @@ DER_GetInteger(const SECItem *it) return 0; } - if (*cp & 0x80) - ival = -1L; - ofloinit = ival & overflow; + if (*cp & 0x80) { + negative = PR_TRUE; + overflow <<= 1; + } while (len) { - if ((ival & overflow) != ofloinit) { + if ((ival & overflow) != 0) { PORT_SetError(SEC_ERROR_BAD_DER); - if (ival < 0) { + if (negative) { return LONG_MIN; } return LONG_MAX; @@ -206,6 +209,11 @@ DER_GetInteger(const SECItem *it) ival |= *cp++; --len; } + if (negative && ival && (overflow & ival) == 0) { + mask <<= ((originalLength * 8) - 1); + ival &= ~mask; + ival -= mask; + } return ival; } diff --git a/security/nss/lib/util/nssb64d.c b/security/nss/lib/util/nssb64d.c index 375fd5081..0993ccbe3 100644 --- a/security/nss/lib/util/nssb64d.c +++ b/security/nss/lib/util/nssb64d.c @@ -373,7 +373,7 @@ pl_base64_decode_flush (PLBase64Decoder *data) static PRUint32 PL_Base64MaxDecodedLength (PRUint32 size) { - return ((size * 3) / 4); + return size * 0.75; } diff --git a/security/nss/lib/util/nssb64e.c b/security/nss/lib/util/nssb64e.c index 5959982bb..87a870c27 100644 --- a/security/nss/lib/util/nssb64e.c +++ b/security/nss/lib/util/nssb64e.c @@ -285,6 +285,11 @@ PL_Base64MaxEncodedLength (PRUint32 size, PRUint32 line_length) { PRUint32 tokens, tokens_per_line, full_lines, line_break_chars, remainder; + /* This is the maximum length we support. */ + if (size > 0x3fffffff) { + return 0; + } + tokens = (size + 2) / 3; if (line_length == 0) @@ -461,6 +466,10 @@ PL_Base64EncodeBuffer (const unsigned char *src, PRUint32 srclen, * How much space could we possibly need for encoding this input? */ need_length = PL_Base64MaxEncodedLength (srclen, line_length); + if (need_length == 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } /* * Make sure we have at least that much, if output buffer provided. @@ -643,6 +652,10 @@ NSSBase64_EncodeItem (PLArenaPool *arenaOpt, char *outStrOpt, } max_out_len = PL_Base64MaxEncodedLength (inItem->len, 64); + if (max_out_len == 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } if (arenaOpt != NULL) mark = PORT_ArenaMark (arenaOpt); diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 0c8b480f5..decd4bf10 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,10 +19,10 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.21" +#define NSSUTIL_VERSION "3.21.4" #define NSSUTIL_VMAJOR 3 #define NSSUTIL_VMINOR 21 -#define NSSUTIL_VPATCH 0 +#define NSSUTIL_VPATCH 4 #define NSSUTIL_VBUILD 0 #define NSSUTIL_BETA PR_FALSE diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c index 7a5bcfd03..7628d65a5 100644 --- a/security/nss/lib/util/secasn1d.c +++ b/security/nss/lib/util/secasn1d.c @@ -14,6 +14,8 @@ #define PR_Assert sec_asn1d_Assert #endif +#include + #include "secasn1.h" #include "secerr.h" @@ -1593,6 +1595,7 @@ sec_asn1d_parse_leaf (sec_asn1d_state *state, item = (SECItem *)(state->dest); if (item != NULL && item->data != NULL) { + unsigned long offset; /* Strip leading zeroes when target is unsigned integer */ if (state->underlying_kind == SEC_ASN1_INTEGER && /* INTEGER */ item->len == 0 && /* MSB */ @@ -1603,8 +1606,42 @@ sec_asn1d_parse_leaf (sec_asn1d_state *state, len--; } } - PORT_Memcpy (item->data + item->len, buf, len); - item->len += len; + offset = item->len; + if (state->underlying_kind == SEC_ASN1_BIT_STRING) { + // The previous bit string must have no unused bits. + if (item->len & 0x7) { + PORT_SetError (SEC_ERROR_BAD_DER); + state->top->status = decodeError; + return 0; + } + // If this is a bit string, the length is bits, not bytes. + offset = item->len >> 3; + } + if (state->underlying_kind == SEC_ASN1_BIT_STRING) { + unsigned long len_in_bits; + // Protect against overflow during the bytes-to-bits conversion. + if (len >= (ULONG_MAX >> 3) + 1) { + PORT_SetError (SEC_ERROR_BAD_DER); + state->top->status = decodeError; + return 0; + } + len_in_bits = (len << 3) - state->bit_string_unused_bits; + // Protect against overflow when computing the total length in bits. + if (UINT_MAX - item->len < len_in_bits) { + PORT_SetError (SEC_ERROR_BAD_DER); + state->top->status = decodeError; + return 0; + } + item->len += len_in_bits; + } else { + if (UINT_MAX - item->len < len) { + PORT_SetError (SEC_ERROR_BAD_DER); + state->top->status = decodeError; + return 0; + } + item->len += len; + } + PORT_Memcpy (item->data + offset, buf, len); } state->pending -= bufLen; if (state->pending == 0) @@ -1671,14 +1708,6 @@ sec_asn1d_parse_more_bit_string (sec_asn1d_state *state, } len = sec_asn1d_parse_leaf (state, buf, len); - if (state->place == beforeEndOfContents && state->dest != NULL) { - SECItem *item; - - item = (SECItem *)(state->dest); - if (item->len) - item->len = (item->len << 3) - state->bit_string_unused_bits; - } - return len; } @@ -2208,7 +2237,7 @@ sec_asn1d_concat_substrings (sec_asn1d_state *state) * All bit-string substrings except the last one should be * a clean multiple of 8 bits. */ - if (is_bit_string && (substring->next == NULL) + if (is_bit_string && (substring->next != NULL) && (substring->len & 0x7)) { PORT_SetError (SEC_ERROR_BAD_DER); state->top->status = decodeError; diff --git a/security/nss/lib/util/utf8.c b/security/nss/lib/util/utf8.c index 2895dc109..04ef24111 100644 --- a/security/nss/lib/util/utf8.c +++ b/security/nss/lib/util/utf8.c @@ -319,10 +319,10 @@ sec_port_ucs2_utf8_conversion_function } for( i = 0; i < inBufLen; i += 2 ) { - if( (inBuf[i+H_0] == 0x00) && ((inBuf[i+H_0] & 0x80) == 0x00) ) len += 1; + if( (inBuf[i+H_0] == 0x00) && ((inBuf[i+H_1] & 0x80) == 0x00) ) len += 1; else if( inBuf[i+H_0] < 0x08 ) len += 2; - else if( ((inBuf[i+0+H_0] & 0xDC) == 0xD8) ) { - if( ((inBuf[i+2+H_0] & 0xDC) == 0xDC) && ((inBufLen - i) > 2) ) { + else if( ((inBuf[i+0+H_0] & 0xFC) == 0xD8) ) { + if( ((inBufLen - i) > 2) && ((inBuf[i+2+H_0] & 0xFC) == 0xDC) ) { i += 2; len += 4; } else { @@ -356,10 +356,10 @@ sec_port_ucs2_utf8_conversion_function outBuf[len+1] = 0x80 | ((inBuf[i+H_1] & 0x3F) >> 0); len += 2; - } else if( (inBuf[i+H_0] & 0xDC) == 0xD8 ) { + } else if( (inBuf[i+H_0] & 0xFC) == 0xD8 ) { int abcde, BCDE; - PORT_Assert(((inBuf[i+2+H_0] & 0xDC) == 0xDC) && ((inBufLen - i) > 2)); + PORT_Assert(((inBufLen - i) > 2) && ((inBuf[i+2+H_0] & 0xFC) == 0xDC) ); /* D800-DBFF DC00-DFFF -> 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */ /* 110110BC DEfghijk 110111lm nopqrstu -> @@ -852,6 +852,7 @@ struct ucs2 ucs2[] = { { 0x9000, "\xE9\x80\x80" }, { 0xA000, "\xEA\x80\x80" }, { 0xC000, "\xEC\x80\x80" }, + { 0xFB01, "\xEF\xAC\x81" }, { 0xFFFF, "\xEF\xBF\xBF" } }; @@ -1153,6 +1154,18 @@ char *utf8_bad[] = { "\xED\xA0\x80\xE0\xBF\xBF", }; +/* illegal UTF-16 sequences, 0-terminated */ +uint16_t utf16_bad[][3] = { + /* leading surrogate not followed by trailing surrogate */ + { 0xD800, 0, 0 }, + { 0xD800, 0x41, 0 }, + { 0xD800, 0xfe, 0 }, + { 0xD800, 0x3bb, 0 }, + { 0xD800, 0xD800, 0 }, + { 0xD800, 0xFEFF, 0 }, + { 0xD800, 0xFFFD, 0 }, +}; + static void dump_utf8 ( @@ -1220,6 +1233,18 @@ test_ucs4_chars rv = PR_FALSE; continue; } + + len = strlen(e->utf8) - 1; + result = sec_port_ucs4_utf8_conversion_function(PR_FALSE, + (unsigned char *)&e->c, sizeof(e->c), utf8 + sizeof(utf8) - len, len, + &len); + + if( result || len != strlen(e->utf8) ) { + fprintf(stdout, "Length computation error converting UCS-4 0x%08.8x" + " to UTF-8\n", e->c); + rv = PR_FALSE; + continue; + } } return rv; @@ -1277,6 +1302,18 @@ test_ucs2_chars rv = PR_FALSE; continue; } + + len = strlen(e->utf8) - 1; + result = sec_port_ucs2_utf8_conversion_function(PR_FALSE, + (unsigned char *)&e->c, sizeof(e->c), utf8 + sizeof(utf8) - len, len, + &len); + + if( result || len != strlen(e->utf8) ) { + fprintf(stdout, "Length computation error converting UCS-2 0x%04.4x" + " to UTF-8\n", e->c); + rv = PR_FALSE; + continue; + } } return rv; @@ -1426,6 +1463,38 @@ test_utf8_bad_chars return rv; } +static PRBool +test_utf16_bad_chars(void) +{ + PRBool rv = PR_TRUE; + int i; + + for( i = 0; i < sizeof(utf16_bad)/sizeof(utf16_bad[0]); ++i ) { + PRBool result; + unsigned char destbuf[18]; + unsigned int j, len, destlen; + uint16_t *buf; + + for( len = 0; utf16_bad[i][len] != 0; ++len ) + /* nothing */; + + buf = malloc(sizeof(uint16_t) * len); + for( j = 0; j < len; ++j ) + buf[j] = htons(utf16_bad[i][j]); + + result = sec_port_ucs2_utf8_conversion_function(PR_FALSE, + (unsigned char *)buf, sizeof(uint16_t) * len, destbuf, sizeof(destbuf), + &destlen); + if( result ) { + fprintf(stdout, "Failed to detect bad UTF-16 string conversion for " + "{0x%x,0x%x} (UTF-8 len = %u)\n", utf16_bad[i][0], utf16_bad[i][1], + destlen); + rv = PR_FALSE; + } + free(buf); + } +} + static PRBool test_iso88591_chars ( @@ -1576,7 +1645,7 @@ test_multichars exit(1); } - len = 0; + len = 1; for( i = 0; i < sizeof(ucs4)/sizeof(ucs4[0]); i++ ) { ucs4s[i] = ucs4[i].c; len += strlen(ucs4[i].utf8); @@ -1584,7 +1653,7 @@ test_multichars ucs4_utf8 = (char *)malloc(len); - len = 0; + len = 1; for( i = 0; i < sizeof(ucs2)/sizeof(ucs2[0]); i++ ) { ucs2s[i] = ucs2[i].c; len += strlen(ucs2[i].utf8); @@ -1781,6 +1850,7 @@ main test_ucs2_chars() && test_utf16_chars() && test_utf8_bad_chars() && + test_utf16_bad_chars() && test_iso88591_chars() && test_zeroes() && test_multichars() && From 1c9b432ff7e4952d8926188444331c030320b2cd Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Wed, 8 Jan 2020 07:39:56 +0800 Subject: [PATCH 10/15] ported changes from tenfourfox: M1357599, M923089+M1276618+M1278434, M1485864, M1520826, M1558548, #481-X25519, M1586176 with custom changes: - coreconf+makefiles: set NSS_NO_PKCS11_BYPASS by default (to disable, set NSS_PKCS11_BYPASS) and fix logic - curve25519_32: use PRuint32 instead of uint32_t - smime: fix decl on top of block - ssl3con: more VC6 fixes --- security/nss/coreconf/config.mk | 6 + security/nss/lib/certdb/genname.c | 30 +- security/nss/lib/cryptohi/seckey.c | 6 + security/nss/lib/freebl/dh.c | 3 +- security/nss/lib/freebl/ec.c | 13 +- security/nss/lib/freebl/ecl/Makefile | 4 +- security/nss/lib/freebl/ecl/curve25519_32.c | 393 ++++++++++++++++++++ security/nss/lib/freebl/manifest.mn | 2 +- security/nss/lib/freebl/mpi/mpi.c | 70 ++-- security/nss/lib/freebl/mpi/mpi.h | 3 +- security/nss/lib/freebl/rsapkcs.c | 68 ++-- security/nss/lib/pk11wrap/pk11akey.c | 21 +- security/nss/lib/pk11wrap/pk11cert.c | 4 +- security/nss/lib/pk11wrap/pk11pk12.c | 1 + security/nss/lib/smime/cmscinfo.c | 75 +++- security/nss/lib/smime/cmsdigdata.c | 4 +- security/nss/lib/smime/cmsencdata.c | 4 +- security/nss/lib/smime/cmsenvdata.c | 5 + security/nss/lib/smime/cmsmessage.c | 49 ++- security/nss/lib/smime/cmsudf.c | 2 +- security/nss/lib/softoken/legacydb/lgattr.c | 6 +- security/nss/lib/softoken/pkcs11c.c | 5 +- security/nss/lib/ssl/Makefile | 4 +- security/nss/lib/ssl/config.mk | 5 +- security/nss/lib/ssl/derive.c | 3 + security/nss/lib/ssl/ssl3con.c | 279 +++++++++----- security/nss/lib/ssl/ssl3ecc.c | 2 + security/nss/lib/ssl/sslenum.c | 1 + security/nss/lib/ssl/sslimpl.h | 6 +- security/nss/lib/ssl/sslinfo.c | 2 + security/nss/lib/ssl/sslproto.h | 1 + security/nss/lib/ssl/sslt.h | 3 +- security/nss/lib/util/quickder.c | 11 +- security/nss/lib/util/secoid.c | 12 +- security/nss/lib/util/secoidt.h | 4 + 35 files changed, 925 insertions(+), 182 deletions(-) create mode 100644 security/nss/lib/freebl/ecl/curve25519_32.c diff --git a/security/nss/coreconf/config.mk b/security/nss/coreconf/config.mk index afbef2509..99fa33063 100644 --- a/security/nss/coreconf/config.mk +++ b/security/nss/coreconf/config.mk @@ -188,3 +188,9 @@ USE_UTIL_DIRECTLY = 1 # Hide old, deprecated, TLS cipher suite names when building NSS DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES + +# build with NO_PKCS11_BYPASS by default +ifndef NSS_PKCS11_BYPASS +DEFINES += -DNO_PKCS11_BYPASS +NSS_NO_PKCS11_BYPASS = 1 +endif diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index 6529a6a09..018f3e3b0 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -1607,8 +1607,36 @@ CERT_AddNameConstraintByGeneralName(PLArenaPool *arena, "\x30\x05\x82\x03" ".nc" \ "\x30\x05\x82\x03" ".tf" \ +/* TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 */ + +#define TUBITAK1_SUBJECT_DN \ + "\x30\x81\xd2" \ + "\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02" \ + /* C */ "TR" \ + "\x31\x18\x30\x16\x06\x03\x55\x04\x07\x13\x0f" \ + /* L */ "Gebze - Kocaeli" \ + "\x31\x42\x30\x40\x06\x03\x55\x04\x0a\x13\x39" \ + /* O */ "Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK" \ + "\x31\x2d\x30\x2b\x06\x03\x55\x04\x0b\x13\x24" \ + /* OU */ "Kamu Sertifikasyon Merkezi - Kamu SM" \ + "\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d" \ + /* CN */ "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" + +#define TUBITAK1_NAME_CONSTRAINTS \ + "\x30\x65\xa0\x63" \ + "\x30\x09\x82\x07" ".gov.tr" \ + "\x30\x09\x82\x07" ".k12.tr" \ + "\x30\x09\x82\x07" ".pol.tr" \ + "\x30\x09\x82\x07" ".mil.tr" \ + "\x30\x09\x82\x07" ".tsk.tr" \ + "\x30\x09\x82\x07" ".kep.tr" \ + "\x30\x09\x82\x07" ".bel.tr" \ + "\x30\x09\x82\x07" ".edu.tr" \ + "\x30\x09\x82\x07" ".org.tr" + static const SECItem builtInNameConstraints[][2] = { - NAME_CONSTRAINTS_ENTRY(ANSSI) + NAME_CONSTRAINTS_ENTRY(ANSSI), + NAME_CONSTRAINTS_ENTRY(TUBITAK1) }; SECStatus diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index 1fcd4087f..aebe96986 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -618,6 +618,12 @@ seckey_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki) if (rv == SECSuccess) return pubk; break; case SEC_OID_ANSIX962_EC_PUBLIC_KEY: + /* A basic sanity check on inputs. */ + if (spki->algorithm.parameters.len == 0 || newOs.len == 0) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + break; + } + pubk->keyType = ecKey; pubk->u.ec.size = 0; diff --git a/security/nss/lib/freebl/dh.c b/security/nss/lib/freebl/dh.c index 66c110134..cd9a7ac60 100644 --- a/security/nss/lib/freebl/dh.c +++ b/security/nss/lib/freebl/dh.c @@ -208,7 +208,8 @@ DH_Derive(SECItem *publicValue, unsigned int len = 0; unsigned int nb; unsigned char *secret = NULL; - if (!publicValue || !prime || !privateValue || !derivedSecret) { + if (!publicValue || !publicValue->len || !prime || !prime->len || + !privateValue || !privateValue->len || !derivedSecret) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c index 4435f91ea..1c21551ed 100644 --- a/security/nss/lib/freebl/ec.c +++ b/security/nss/lib/freebl/ec.c @@ -215,7 +215,8 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, #endif MP_DIGITS(&k) = 0; - if (!ecParams || !privKey || !privKeyBytes || (privKeyLen < 0)) { + if (!ecParams || ecParams->name == ECCurve_noName || + !privKey || !privKeyBytes || privKeyLen <= 0) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } @@ -395,7 +396,7 @@ EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey) int len; unsigned char *privKeyBytes = NULL; - if (!ecParams) { + if (!ecParams || ecParams->name == ECCurve_noName || !privKey) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } @@ -437,7 +438,8 @@ EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue) mp_err err = MP_OKAY; int len; - if (!ecParams || !publicValue) { + if (!ecParams || ecParams->name == ECCurve_noName || + !publicValue || !publicValue->len) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } @@ -537,8 +539,9 @@ ECDH_Derive(SECItem *publicValue, int i; #endif - if (!publicValue || !ecParams || !privateValue || - !derivedSecret) { + if (!publicValue || !publicValue->len || + !ecParams || ecParams->name == ECCurve_noName || + !privateValue || !privateValue->len || !derivedSecret) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } diff --git a/security/nss/lib/freebl/ecl/Makefile b/security/nss/lib/freebl/ecl/Makefile index 8237d0629..0656edfc5 100644 --- a/security/nss/lib/freebl/ecl/Makefile +++ b/security/nss/lib/freebl/ecl/Makefile @@ -78,7 +78,8 @@ LIBOBJS = ecl.o ecl_curve.o ecl_mult.o ecl_gf.o \ ecp_aff.o ecp_jac.o ecp_mont.o \ ec_naf.o ecp_jm.o \ ecp_192.o ecp_224.o ecp_256.o ecp_384.o ecp_521.o \ - ecp_256_32.o + ecp_256_32.o \ + curve25519_32.o ifeq ($(ECL_USE_FP),1) LIBOBJS+= ecp_fp160.o ecp_fp192.o ecp_fp224.o ecp_fp.o endif @@ -131,6 +132,7 @@ ecp_256.o: ecp_256.c $(LIBHDRS) ecp_384.o: ecp_384.c $(LIBHDRS) ecp_521.o: ecp_521.c $(LIBHDRS) ecp_fp.o: ecp_fp.c $(LIBHDRS) +curve25519_32.o: curve25519_32.c $(LIBHDRS) ifeq ($(ECL_USE_FP),1) ecp_fp160.o: ecp_fp160.c ecp_fpinc.c $(LIBHDRS) ecp_fp192.o: ecp_fp192.c ecp_fpinc.c $(LIBHDRS) diff --git a/security/nss/lib/freebl/ecl/curve25519_32.c b/security/nss/lib/freebl/ecl/curve25519_32.c new file mode 100644 index 000000000..dfab270f9 --- /dev/null +++ b/security/nss/lib/freebl/ecl/curve25519_32.c @@ -0,0 +1,393 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Derived from public domain code by Matthew Dempsky and D. J. Bernstein. + */ + +#include "ecl-priv.h" +#include "mpi.h" + +#include + +#include "seccomon.h" +#include "secerr.h" +#include "prtypes.h" + +typedef PRUint32 elem[32]; + +/* + * Add two field elements. + * out = a + b + */ +static void +add(elem out, const elem a, const elem b) +{ + PRUint32 j; + PRUint32 u = 0; + for (j = 0; j < 31; ++j) { + u += a[j] + b[j]; + out[j] = u & 0xFF; + u >>= 8; + } + u += a[31] + b[31]; + out[31] = u; +} + +/* + * Subtract two field elements. + * out = a - b + */ +static void +sub(elem out, const elem a, const elem b) +{ + PRUint32 j; + PRUint32 u; + u = 218; + for (j = 0; j < 31; ++j) { + u += a[j] + 0xFF00 - b[j]; + out[j] = u & 0xFF; + u >>= 8; + } + u += a[31] - b[31]; + out[31] = u; +} + +/* + * "Squeeze" an element after multiplication (and square). + */ +static void +squeeze(elem a) +{ + PRUint32 j; + PRUint32 u; + u = 0; + for (j = 0; j < 31; ++j) { + u += a[j]; + a[j] = u & 0xFF; + u >>= 8; + } + u += a[31]; + a[31] = u & 0x7F; + u = 19 * (u >> 7); + for (j = 0; j < 31; ++j) { + u += a[j]; + a[j] = u & 0xFF; + u >>= 8; + } + a[31] += u; +} + +static const elem minusp = { 19, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 128 }; + +/* + * Reduce point a by 2^255-19 + */ +static void +reduce(elem a) +{ + elem aorig; + PRUint32 j; + PRUint32 negative; + + for (j = 0; j < 32; ++j) { + aorig[j] = a[j]; + } + add(a, a, minusp); + negative = 1 + ~((a[31] >> 7) & 1); + for (j = 0; j < 32; ++j) { + a[j] ^= negative & (aorig[j] ^ a[j]); + } +} + +/* + * Multiplication and squeeze + * out = a * b + */ +static void +mult(elem out, const elem a, const elem b) +{ + PRUint32 i; + PRUint32 j; + PRUint32 u; + + for (i = 0; i < 32; ++i) { + u = 0; + for (j = 0; j <= i; ++j) { + u += a[j] * b[i - j]; + } + for (j = i + 1; j < 32; ++j) { + u += 38 * a[j] * b[i + 32 - j]; + } + out[i] = u; + } + squeeze(out); +} + +/* + * Multiplication + * out = 121665 * a + */ +static void +mult121665(elem out, const elem a) +{ + PRUint32 j; + PRUint32 u; + + u = 0; + for (j = 0; j < 31; ++j) { + u += 121665 * a[j]; + out[j] = u & 0xFF; + u >>= 8; + } + u += 121665 * a[31]; + out[31] = u & 0x7F; + u = 19 * (u >> 7); + for (j = 0; j < 31; ++j) { + u += out[j]; + out[j] = u & 0xFF; + u >>= 8; + } + u += out[j]; + out[j] = u; +} + +/* + * Square a and squeeze the result. + * out = a * a + */ +static void +square(elem out, const elem a) +{ + PRUint32 i; + PRUint32 j; + PRUint32 u; + + for (i = 0; i < 32; ++i) { + u = 0; + for (j = 0; j < i - j; ++j) { + u += a[j] * a[i - j]; + } + for (j = i + 1; j < i + 32 - j; ++j) { + u += 38 * a[j] * a[i + 32 - j]; + } + u *= 2; + if ((i & 1) == 0) { + u += a[i / 2] * a[i / 2]; + u += 38 * a[i / 2 + 16] * a[i / 2 + 16]; + } + out[i] = u; + } + squeeze(out); +} + +/* + * Constant time swap between r and s depending on b + */ +static void +cswap(PRUint32 p[64], PRUint32 q[64], PRUint32 b) +{ + PRUint32 j; + PRUint32 swap = 1 + ~b; + + for (j = 0; j < 64; ++j) { + const PRUint32 t = swap & (p[j] ^ q[j]); + p[j] ^= t; + q[j] ^= t; + } +} + +/* + * Montgomery ladder + */ +static void +monty(elem x_2_out, elem z_2_out, + const elem point, const elem scalar) +{ + PRUint32 x_3[64] = { 0 }; + PRUint32 x_2[64] = { 0 }; + PRUint32 a0[64]; + PRUint32 a1[64]; + PRUint32 b0[64]; + PRUint32 b1[64]; + PRUint32 c1[64]; + PRUint32 r[32]; + PRUint32 s[32]; + PRUint32 t[32]; + PRUint32 u[32]; + PRUint32 swap = 0; + PRUint32 k_t = 0; + int j; + + for (j = 0; j < 32; ++j) { + x_3[j] = point[j]; + } + x_3[32] = 1; + x_2[0] = 1; + + for (j = 254; j >= 0; --j) { + k_t = (scalar[j >> 3] >> (j & 7)) & 1; + swap ^= k_t; + cswap(x_2, x_3, swap); + swap = k_t; + add(a0, x_2, x_2 + 32); + sub(a0 + 32, x_2, x_2 + 32); + add(a1, x_3, x_3 + 32); + sub(a1 + 32, x_3, x_3 + 32); + square(b0, a0); + square(b0 + 32, a0 + 32); + mult(b1, a1, a0 + 32); + mult(b1 + 32, a1 + 32, a0); + add(c1, b1, b1 + 32); + sub(c1 + 32, b1, b1 + 32); + square(r, c1 + 32); + sub(s, b0, b0 + 32); + mult121665(t, s); + add(u, t, b0); + mult(x_2, b0, b0 + 32); + mult(x_2 + 32, s, u); + square(x_3, c1); + mult(x_3 + 32, r, point); + } + + cswap(x_2, x_3, swap); + for (j = 0; j < 32; ++j) { + x_2_out[j] = x_2[j]; + } + for (j = 0; j < 32; ++j) { + z_2_out[j] = x_2[j + 32]; + } +} + +static void +recip(elem out, const elem z) +{ + elem z2; + elem z9; + elem z11; + elem z2_5_0; + elem z2_10_0; + elem z2_20_0; + elem z2_50_0; + elem z2_100_0; + elem t0; + elem t1; + int i; + + /* 2 */ square(z2, z); + /* 4 */ square(t1, z2); + /* 8 */ square(t0, t1); + /* 9 */ mult(z9, t0, z); + /* 11 */ mult(z11, z9, z2); + /* 22 */ square(t0, z11); + /* 2^5 - 2^0 = 31 */ mult(z2_5_0, t0, z9); + + /* 2^6 - 2^1 */ square(t0, z2_5_0); + /* 2^7 - 2^2 */ square(t1, t0); + /* 2^8 - 2^3 */ square(t0, t1); + /* 2^9 - 2^4 */ square(t1, t0); + /* 2^10 - 2^5 */ square(t0, t1); + /* 2^10 - 2^0 */ mult(z2_10_0, t0, z2_5_0); + + /* 2^11 - 2^1 */ square(t0, z2_10_0); + /* 2^12 - 2^2 */ square(t1, t0); + /* 2^20 - 2^10 */ + for (i = 2; i < 10; i += 2) { + square(t0, t1); + square(t1, t0); + } + /* 2^20 - 2^0 */ mult(z2_20_0, t1, z2_10_0); + + /* 2^21 - 2^1 */ square(t0, z2_20_0); + /* 2^22 - 2^2 */ square(t1, t0); + /* 2^40 - 2^20 */ + for (i = 2; i < 20; i += 2) { + square(t0, t1); + square(t1, t0); + } + /* 2^40 - 2^0 */ mult(t0, t1, z2_20_0); + + /* 2^41 - 2^1 */ square(t1, t0); + /* 2^42 - 2^2 */ square(t0, t1); + /* 2^50 - 2^10 */ + for (i = 2; i < 10; i += 2) { + square(t1, t0); + square(t0, t1); + } + /* 2^50 - 2^0 */ mult(z2_50_0, t0, z2_10_0); + + /* 2^51 - 2^1 */ square(t0, z2_50_0); + /* 2^52 - 2^2 */ square(t1, t0); + /* 2^100 - 2^50 */ + for (i = 2; i < 50; i += 2) { + square(t0, t1); + square(t1, t0); + } + /* 2^100 - 2^0 */ mult(z2_100_0, t1, z2_50_0); + + /* 2^101 - 2^1 */ square(t1, z2_100_0); + /* 2^102 - 2^2 */ square(t0, t1); + /* 2^200 - 2^100 */ + for (i = 2; i < 100; i += 2) { + square(t1, t0); + square(t0, t1); + } + /* 2^200 - 2^0 */ mult(t1, t0, z2_100_0); + + /* 2^201 - 2^1 */ square(t0, t1); + /* 2^202 - 2^2 */ square(t1, t0); + /* 2^250 - 2^50 */ + for (i = 2; i < 50; i += 2) { + square(t0, t1); + square(t1, t0); + } + /* 2^250 - 2^0 */ mult(t0, t1, z2_50_0); + + /* 2^251 - 2^1 */ square(t1, t0); + /* 2^252 - 2^2 */ square(t0, t1); + /* 2^253 - 2^3 */ square(t1, t0); + /* 2^254 - 2^4 */ square(t0, t1); + /* 2^255 - 2^5 */ square(t1, t0); + /* 2^255 - 21 */ mult(out, t1, z11); +} + +/* + * Computes q = Curve25519(p, s) + */ +SECStatus +ec_Curve25519_mul(PRUint8 *q, const PRUint8 *s, const PRUint8 *p) +{ + elem point = { 0 }; + elem x_2 = { 0 }; + elem z_2 = { 0 }; + elem X = { 0 }; + elem scalar = { 0 }; + PRUint32 i; + + /* read and mask scalar */ + for (i = 0; i < 32; ++i) { + scalar[i] = s[i]; + } + scalar[0] &= 0xF8; + scalar[31] &= 0x7F; + scalar[31] |= 64; + + /* read and mask point */ + for (i = 0; i < 32; ++i) { + point[i] = p[i]; + } + point[31] &= 0x7F; + + monty(x_2, z_2, point, scalar); + recip(z_2, z_2); + mult(X, x_2, z_2); + reduce(X); + for (i = 0; i < 32; ++i) { + q[i] = X[i]; + } + return 0; +} diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn index 1137e8521..22367809f 100644 --- a/security/nss/lib/freebl/manifest.mn +++ b/security/nss/lib/freebl/manifest.mn @@ -73,7 +73,7 @@ ifndef NSS_DISABLE_ECC ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \ ecp_aff.c ecp_jac.c ecp_mont.c \ ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \ - ecp_256_32.c + ecp_256_32.c curve25519_32.c ifdef NSS_ECC_MORE_THAN_SUITE_B ECL_SRCS += ec2_aff.c ec2_mont.c ec2_proj.c \ ec2_163.c ec2_193.c ec2_233.c \ diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c index 84f9b97b6..2800edc0c 100644 --- a/security/nss/lib/freebl/mpi/mpi.c +++ b/security/nss/lib/freebl/mpi/mpi.c @@ -2104,7 +2104,10 @@ mp_err s_mp_almost_inverse(const mp_int *a, const mp_int *p, mp_int *c) } } if (res >= 0) { - while (MP_SIGN(c) != MP_ZPOS) { + if (mp_cmp_mag(c, (mp_int *)p) >= 0) { + MP_CHECKOK(mp_div(c, p, NULL, c)); + } + if (MP_SIGN(c) != MP_ZPOS) { MP_CHECKOK( mp_add(c, p, c) ); } res = k; @@ -4788,38 +4791,61 @@ mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) /* }}} */ /* {{{ mp_to_fixlen_octets(mp, str) */ -/* output a buffer of big endian octets exactly as long as requested. */ +/* output a buffer of big endian octets exactly as long as requested. + constant time on the value of mp. */ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) { - int ix, pos = 0; - unsigned int bytes; - - ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); + int ix, jx; + unsigned int bytes; - bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes <= length, MP_BADARG); + ARGCHK(mp != NULL, MP_BADARG); + ARGCHK(str != NULL, MP_BADARG); + ARGCHK(!SIGN(mp), MP_BADARG); + ARGCHK(length > 0, MP_BADARG); + + /* Constant time on the value of mp. Don't use mp_unsigned_octet_size. */ + bytes = USED(mp) * MP_DIGIT_SIZE; + + /* If the output is shorter than the native size of mp, then check that any + * bytes not written have zero values. This check isn't constant time on + * the assumption that timing-sensitive callers can guarantee that mp fits + * in the allocated space. */ + ix = USED(mp) - 1; + if (bytes > length) { + unsigned int zeros = bytes - length; + + while (zeros >= MP_DIGIT_SIZE) { + ARGCHK(DIGIT(mp, ix) == 0, MP_BADARG); + zeros -= MP_DIGIT_SIZE; + ix--; + } - /* place any needed leading zeros */ - for (;length > bytes; --length) { - *str++ = 0; + if (zeros > 0) { + mp_digit d = DIGIT(mp, ix); + mp_digit m = (mp_digit)~0 << ((MP_DIGIT_SIZE - zeros) * CHAR_BIT); + ARGCHK((d & m) == 0, MP_BADARG); + for (jx = MP_DIGIT_SIZE - zeros - 1; jx >= 0; jx--) { + *str++ = d >> (jx * CHAR_BIT); + } + ix--; + } + } else if (bytes < length) { + /* Place any needed leading zeros. */ + unsigned int zeros = length - bytes; + memset(str, 0, zeros); + str += zeros; } - /* Iterate over each digit... */ - for(ix = USED(mp) - 1; ix >= 0; ix--) { - mp_digit d = DIGIT(mp, ix); - int jx; + /* Iterate over each whole digit... */ + for (; ix >= 0; ix--) { + mp_digit d = DIGIT(mp, ix); /* Unpack digit bytes, high order first */ - for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { - unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT)); - if (!pos && !x) /* suppress leading zeros */ - continue; - str[pos++] = x; + for (jx = MP_DIGIT_SIZE - 1; jx >= 0; jx--) { + *str++ = d >> (jx * CHAR_BIT); } } - if (!pos) - str[pos++] = 0; return MP_OKAY; } /* end mp_to_fixlen_octets() */ /* }}} */ diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h index b1b45d257..89a6f678b 100644 --- a/security/nss/lib/freebl/mpi/mpi.h +++ b/security/nss/lib/freebl/mpi/mpi.h @@ -125,7 +125,8 @@ typedef int mp_sword; #define MP_WORD_MAX UINT_MAX #endif -#define MP_DIGIT_BIT (CHAR_BIT*sizeof(mp_digit)) +#define MP_DIGIT_SIZE sizeof(mp_digit) +#define MP_DIGIT_BIT (CHAR_BIT * MP_DIGIT_SIZE) #define MP_WORD_BIT (CHAR_BIT*sizeof(mp_word)) #define MP_RADIX (1+(mp_word)MP_DIGIT_MAX) diff --git a/security/nss/lib/freebl/rsapkcs.c b/security/nss/lib/freebl/rsapkcs.c index c1e3d54d3..49a2a5057 100644 --- a/security/nss/lib/freebl/rsapkcs.c +++ b/security/nss/lib/freebl/rsapkcs.c @@ -907,48 +907,56 @@ RSA_DecryptBlock(RSAPrivateKey * key, const unsigned char * input, unsigned int inputLen) { - SECStatus rv; + PRInt8 rv; unsigned int modulusLen = rsa_modulusLen(&key->modulus); unsigned int i; - unsigned char * buffer; + unsigned char *buffer = NULL; + unsigned int outLen = 0; + unsigned int copyOutLen = modulusLen - 11; - if (inputLen != modulusLen) - goto failure; + if (inputLen != modulusLen || modulusLen < 10) { + return SECFailure; + } - buffer = (unsigned char *)PORT_Alloc(modulusLen + 1); - if (!buffer) - goto failure; + if (copyOutLen > maxOutputLen) { + copyOutLen = maxOutputLen; + } - rv = RSA_PrivateKeyOp(key, buffer, input); - if (rv != SECSuccess) - goto loser; + // Allocate enough space to decrypt + copyOutLen to allow copying outLen later. + buffer = PORT_ZAlloc(modulusLen + 1 + copyOutLen); + if (!buffer) { + return SECFailure; + } - /* XXX(rsleevi): Constant time */ - if (buffer[0] != RSA_BLOCK_FIRST_OCTET || - buffer[1] != (unsigned char)RSA_BlockPublic) { - goto loser; + // rv is 0 if everything is going well and 1 if an error occurs. + rv = RSA_PrivateKeyOp(key, buffer, input) != SECSuccess; + rv |= (buffer[0] != RSA_BLOCK_FIRST_OCTET) | + (buffer[1] != (unsigned char)RSA_BlockPublic); + + // There have to be at least 8 bytes of padding. + for (i = 2; i < 10; i++) { + rv |= buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET; } - *outputLen = 0; - for (i = 2; i < modulusLen; i++) { - if (buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET) { - *outputLen = modulusLen - i - 1; - break; - } + + for (i = 10; i < modulusLen; i++) { + unsigned int newLen = modulusLen - i - 1; + unsigned int c = (buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET) & (outLen == 0); + outLen = constantTimeCondition(c, newLen, outLen); } - if (*outputLen == 0) - goto loser; - if (*outputLen > maxOutputLen) - goto loser; + rv |= outLen == 0; + rv |= outLen > maxOutputLen; - PORT_Memcpy(output, buffer + modulusLen - *outputLen, *outputLen); + // Note that output is set even if SECFailure is returned. + PORT_Memcpy(output, buffer + modulusLen - outLen, copyOutLen); + *outputLen = constantTimeCondition(outLen > maxOutputLen, maxOutputLen, + outLen); PORT_Free(buffer); - return SECSuccess; -loser: - PORT_Free(buffer); -failure: - return SECFailure; + for (i = 1; i < sizeof(rv) * 8; i <<= 1) { + rv |= rv << i; + } + return (SECStatus)rv; } /* diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index b0604de3a..9fa7c9d89 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -164,7 +164,6 @@ PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, keyType = CKK_EC; PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++; PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));attrs++; - signedattr = attrs; PK11_SETATTRS(attrs, CKA_EC_PARAMS, pubKey->u.ec.DEREncodedParams.data, pubKey->u.ec.DEREncodedParams.len); attrs++; @@ -195,10 +194,14 @@ PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, } templateCount = attrs - theTemplate; - signedcount = attrs - signedattr; PORT_Assert(templateCount <= (sizeof(theTemplate)/sizeof(CK_ATTRIBUTE))); - for (attrs=signedattr; signedcount; attrs++, signedcount--) { - pk11_SignedToUnsigned(attrs); + + if (pubKey->keyType != ecKey) { + PORT_Assert(signedattr); + signedcount = attrs - signedattr; + for (attrs = signedattr; signedcount; attrs++, signedcount--) { + pk11_SignedToUnsigned(attrs); + } } rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, theTemplate, templateCount, isToken, &objectID); @@ -956,9 +959,13 @@ pk11_loadPrivKeyWithFlags(PK11SlotInfo *slot,SECKEYPrivateKey *privKey, &cktrue, &ckfalse); /* Not everyone can handle zero padded key values, give - * them the raw data as unsigned */ - for (ap=attrs; extra_count; ap++, extra_count--) { - pk11_SignedToUnsigned(ap); + * them the raw data as unsigned. The exception is EC, + * where the values are encoded or zero-preserving + * per-RFC5915 */ + if (privKey->keyType != ecKey) { + for (ap = attrs; extra_count; ap++, extra_count--) { + pk11_SignedToUnsigned(ap); + } } /* now Store the puppies */ diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index e29b4e212..159844880 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -172,7 +172,9 @@ PK11_IsUserCert(PK11SlotInfo *slot, CERTCertificate *cert, SECKEY_DestroyPublicKey(pubKey); return PR_FALSE; } - pk11_SignedToUnsigned(&theTemplate); + if (pubKey->keyType != ecKey) { + pk11_SignedToUnsigned(&theTemplate); + } if (pk11_FindObjectByTemplate(slot,&theTemplate,1) != CK_INVALID_HANDLE) { SECKEY_DestroyPublicKey(pubKey); return PR_TRUE; diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c index e5a0a21cf..a3176b2ee 100644 --- a/security/nss/lib/pk11wrap/pk11pk12.c +++ b/security/nss/lib/pk11wrap/pk11pk12.c @@ -282,6 +282,7 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk, PK11_SETATTRS(attrs, CKA_PRIVATE, isPrivate ? &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++; + PORT_Assert(lpk->keyType != ecKey); /* see bug 1558548 if this is needed */ switch (lpk->keyType) { case rsaKey: keyType = CKK_RSA; diff --git a/security/nss/lib/smime/cmscinfo.c b/security/nss/lib/smime/cmscinfo.c index b6f1d0a6a..021fd230d 100644 --- a/security/nss/lib/smime/cmscinfo.c +++ b/security/nss/lib/smime/cmscinfo.c @@ -53,6 +53,10 @@ NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo) { SECOidTag kind; + if (cinfo == NULL) { + return; + } + kind = NSS_CMSContentInfo_GetContentTypeTag(cinfo); switch (kind) { case SEC_OID_PKCS7_ENVELOPED_DATA: @@ -88,7 +92,13 @@ NSSCMSContentInfo * NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo) { NSSCMSContentInfo * ccinfo = NULL; - SECOidTag tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); + SECOidTag tag; + + if (cinfo == NULL) { + return NULL; + } + + tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); switch (tag) { case SEC_OID_PKCS7_SIGNED_DATA: if (cinfo->content.signedData != NULL) { @@ -129,6 +139,9 @@ SECStatus NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream) { SECStatus rv; + if (cinfo == NULL) { + return SECFailure; + } rv = NSS_CMSContentInfo_Private_Init(cinfo); if (rv != SECSuccess) { @@ -146,6 +159,9 @@ SECStatus NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECOidTag type, void *ptr) { SECStatus rv; + if (cinfo == NULL || cmsg == NULL) { + return SECFailure; + } cinfo->contentTypeTag = SECOID_FindOIDByTag(type); if (cinfo->contentTypeTag == NULL) @@ -227,9 +243,15 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn void * NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo) { - SECOidTag tag = cinfo->contentTypeTag - ? cinfo->contentTypeTag->offset - : SEC_OID_UNKNOWN; + SECOidTag tag; + + if (cinfo == NULL) { + return NULL; + } + + tag = cinfo->contentTypeTag + ? cinfo->contentTypeTag->offset + : SEC_OID_UNKNOWN; switch (tag) { case SEC_OID_PKCS7_DATA: case SEC_OID_PKCS7_SIGNED_DATA: @@ -255,6 +277,10 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo) SECOidTag tag; SECItem *pItem = NULL; + if (cinfo == NULL) { + return NULL; + } + tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); if (NSS_CMSType_IsData(tag)) { pItem = cinfo->content.data; @@ -278,6 +304,10 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo) SECOidTag NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo) { + if (cinfo == NULL) { + return SEC_OID_UNKNOWN; + } + if (cinfo->contentTypeTag == NULL) cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType)); @@ -290,6 +320,10 @@ NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo) SECItem * NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo) { + if (cinfo == NULL) { + return NULL; + } + if (cinfo->contentTypeTag == NULL) cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType)); @@ -306,6 +340,10 @@ NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo) SECOidTag NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo) { + if (cinfo == NULL) { + return SEC_OID_UNKNOWN; + } + if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN) cinfo->contentEncAlgTag = SECOID_GetAlgorithmTag(&(cinfo->contentEncAlg)); @@ -318,6 +356,10 @@ NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo) SECAlgorithmID * NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo) { + if (cinfo == NULL) { + return NULL; + } + return &(cinfo->contentEncAlg); } @@ -326,6 +368,9 @@ NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo SECOidTag bulkalgtag, SECItem *parameters, int keysize) { SECStatus rv; + if (cinfo == NULL) { + return SECFailure; + } rv = SECOID_SetAlgorithmID(poolp, &(cinfo->contentEncAlg), bulkalgtag, parameters); if (rv != SECSuccess) @@ -339,6 +384,9 @@ NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cin SECAlgorithmID *algid, int keysize) { SECStatus rv; + if (cinfo == NULL) { + return SECFailure; + } rv = SECOID_CopyAlgorithmID(poolp, &(cinfo->contentEncAlg), algid); if (rv != SECSuccess) @@ -351,14 +399,23 @@ NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cin void NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey) { - cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey); - cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg)); + if (cinfo == NULL) { + return; + } + + if (bulkkey == NULL) { + cinfo->bulkkey = NULL; + cinfo->keysize = 0; + } else { + cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey); + cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg)); + } } PK11SymKey * NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo) { - if (cinfo->bulkkey == NULL) + if (cinfo == NULL || cinfo->bulkkey == NULL) return NULL; return PK11_ReferenceSymKey(cinfo->bulkkey); @@ -367,5 +424,9 @@ NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo) int NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo) { + if (cinfo == NULL) { + return 0; + } + return cinfo->keysize; } diff --git a/security/nss/lib/smime/cmsdigdata.c b/security/nss/lib/smime/cmsdigdata.c index e37f7f5f0..a8c17509e 100644 --- a/security/nss/lib/smime/cmsdigdata.c +++ b/security/nss/lib/smime/cmsdigdata.c @@ -56,7 +56,9 @@ void NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd) { /* everything's in a pool, so don't worry about the storage */ - NSS_CMSContentInfo_Destroy(&(digd->contentInfo)); + if (digd != NULL) { + NSS_CMSContentInfo_Destroy(&(digd->contentInfo)); + } return; } diff --git a/security/nss/lib/smime/cmsencdata.c b/security/nss/lib/smime/cmsencdata.c index 61ff6a184..d084bbeb2 100644 --- a/security/nss/lib/smime/cmsencdata.c +++ b/security/nss/lib/smime/cmsencdata.c @@ -86,7 +86,9 @@ void NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd) { /* everything's in a pool, so don't worry about the storage */ - NSS_CMSContentInfo_Destroy(&(encd->contentInfo)); + if (encd != NULL) { + NSS_CMSContentInfo_Destroy(&(encd->contentInfo)); + } return; } diff --git a/security/nss/lib/smime/cmsenvdata.c b/security/nss/lib/smime/cmsenvdata.c index 279faff4d..1f5c6ef43 100644 --- a/security/nss/lib/smime/cmsenvdata.c +++ b/security/nss/lib/smime/cmsenvdata.c @@ -144,6 +144,11 @@ NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd) poolp = envd->cmsg->poolp; cinfo = &(envd->contentInfo); + if (cinfo == NULL) { + PORT_SetError(SEC_ERROR_BAD_DATA); + goto loser; + } + recipientinfos = envd->recipientInfos; if (recipientinfos == NULL) { PORT_SetError(SEC_ERROR_BAD_DATA); diff --git a/security/nss/lib/smime/cmsmessage.c b/security/nss/lib/smime/cmsmessage.c index a44fb0b5c..36a852dc6 100644 --- a/security/nss/lib/smime/cmsmessage.c +++ b/security/nss/lib/smime/cmsmessage.c @@ -73,6 +73,10 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg, NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg, SECAlgorithmID **detached_digestalgs, SECItem **detached_digests) { + if (cmsg == NULL) { + return; + } + if (pwfn) PK11_SetPasswordFunc(pwfn); cmsg->pwfn_arg = pwfn_arg; @@ -88,6 +92,9 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg, void NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg) { + if (cmsg == NULL) + return; + PORT_Assert (cmsg->refCount > 0); if (cmsg->refCount <= 0) /* oops */ return; @@ -127,6 +134,10 @@ NSS_CMSMessage_Copy(NSSCMSMessage *cmsg) PLArenaPool * NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg) { + if (cmsg == NULL) { + return NULL; + } + return cmsg->poolp; } @@ -136,6 +147,10 @@ NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg) NSSCMSContentInfo * NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg) { + if (cmsg == NULL) { + return NULL; + } + return &(cmsg->contentInfo); } @@ -147,9 +162,16 @@ NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg) SECItem * NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg) { + NSSCMSContentInfo *cinfo; + SECItem *pItem; + + if (cmsg == NULL) { + return NULL; + } + /* this is a shortcut */ - NSSCMSContentInfo * cinfo = NSS_CMSMessage_GetContentInfo(cmsg); - SECItem * pItem = NSS_CMSContentInfo_GetInnerContent(cinfo); + cinfo = NSS_CMSMessage_GetContentInfo(cmsg); + pItem = NSS_CMSContentInfo_GetInnerContent(cinfo); return pItem; } @@ -164,6 +186,10 @@ NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg) int count = 0; NSSCMSContentInfo *cinfo; + if (cmsg == NULL) { + return 0; + } + /* walk down the chain of contentinfos */ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) { count++; @@ -183,6 +209,10 @@ NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n) int count = 0; NSSCMSContentInfo *cinfo; + if (cmsg == NULL) { + return NULL; + } + /* walk down the chain of contentinfos */ for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { count++; @@ -199,6 +229,10 @@ NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg) { NSSCMSContentInfo *cinfo; + if (cmsg == NULL) { + return PR_FALSE; + } + /* descend into CMS message */ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { if (!NSS_CMSType_IsData(NSS_CMSContentInfo_GetContentTypeTag(cinfo))) @@ -219,6 +253,10 @@ NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg) { NSSCMSContentInfo *cinfo; + if (cmsg == NULL) { + return PR_FALSE; + } + /* walk down the chain of contentinfos */ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { @@ -249,11 +287,18 @@ NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg) { NSSCMSContentInfo *cinfo; + if (cmsg == NULL) { + return PR_FALSE; + } + /* walk down the chain of contentinfos */ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) { case SEC_OID_PKCS7_SIGNED_DATA: + if (cinfo->content.signedData == NULL) { + return PR_FALSE; + } if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos)) return PR_TRUE; break; diff --git a/security/nss/lib/smime/cmsudf.c b/security/nss/lib/smime/cmsudf.c index 472b6d663..23d9273b0 100644 --- a/security/nss/lib/smime/cmsudf.c +++ b/security/nss/lib/smime/cmsudf.c @@ -240,7 +240,7 @@ NSS_CMSGenericWrapperData_Destroy(SECOidTag type, NSSCMSGenericWrapperData *gd) { const nsscmstypeInfo *typeInfo = nss_cmstype_lookup(type); - if (typeInfo && typeInfo->destroy) { + if (typeInfo && typeInfo->destroy && (gd != NULL)) { (*typeInfo->destroy)(gd); } diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index 429ef8726..b9ff13ef9 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -960,9 +960,9 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, case CKA_UNWRAP: return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr); case CKA_VALUE: - return lg_CopyPrivAttrSigned(attribute, type, - key->u.ec.privateValue.data, - key->u.ec.privateValue.len, sdbpw); + return lg_CopyPrivAttribute(attribute, type, + key->u.ec.privateValue.data, + key->u.ec.privateValue.len, sdbpw); case CKA_EC_PARAMS: return lg_CopyAttributeSigned(attribute, type, key->u.ec.ecParams.DEREncoding.data, diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index b0e9a6e60..012978127 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -1159,8 +1159,7 @@ CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession, } /* encrypt the current padded data */ rv = (*context->update)(context->cipherInfo, pEncryptedPart, - &padoutlen, context->blockSize, context->padBuf, - context->blockSize); + &padoutlen, maxout, context->padBuf, context->blockSize); if (rv != SECSuccess) { return sftk_MapCryptError(PORT_GetError()); } @@ -6973,7 +6972,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar, withCofactor, &tmp); - PORT_Free(ecScalar.data); + PORT_ZFree(ecScalar.data, ecScalar.len); ecScalar.data = NULL; if (privKey != sourceKey->objectInfo) { nsslowkey_DestroyPrivateKey(privKey); diff --git a/security/nss/lib/ssl/Makefile b/security/nss/lib/ssl/Makefile index d56cbf29e..d618a1f35 100644 --- a/security/nss/lib/ssl/Makefile +++ b/security/nss/lib/ssl/Makefile @@ -57,7 +57,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk export:: private_export -ifndef NSS_NO_PKCS11_BYPASS +#ifndef NSS_NO_PKCS11_BYPASS # indicates dependency on freebl static lib $(SHARED_LIBRARY): $(CRYPTOLIB) -endif +#endif diff --git a/security/nss/lib/ssl/config.mk b/security/nss/lib/ssl/config.mk index 40b1c301e..ae77f5f9f 100644 --- a/security/nss/lib/ssl/config.mk +++ b/security/nss/lib/ssl/config.mk @@ -14,13 +14,14 @@ endif ifdef NSS_NO_PKCS11_BYPASS DEFINES += -DNO_PKCS11_BYPASS -else +#else +endif CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) EXTRA_LIBS += \ $(CRYPTOLIB) \ $(NULL) -endif +#endif ifeq (,$(filter-out WIN%,$(OS_TARGET))) diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c index 8b58b800d..4220ed7d1 100644 --- a/security/nss/lib/ssl/derive.c +++ b/security/nss/lib/ssl/derive.c @@ -23,6 +23,9 @@ #include "sslerr.h" #ifndef NO_PKCS11_BYPASS + +#error not patched for SHA384, see bug 923089 + /* make this a macro! */ #ifdef NOT_A_MACRO static void diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 61083fc1c..7486185cc 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -38,6 +38,17 @@ #include "zlib.h" #endif +#ifdef _MSC_VER +#if _MSC_VER < 1900 +#define inline +#endif + +#if _MSC_VER <= 1200 +typedef signed int intptr_t; +typedef unsigned int uintptr_t; +#endif +#endif /* defined(_MSC_VER) */ + #ifndef PK11_SETATTRS #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ (x)->pValue=(v); (x)->ulValueLen = (l); @@ -97,6 +108,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { #ifndef NSS_DISABLE_ECC { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around @@ -294,6 +306,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { {cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0}, {cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0}, {cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8}, + {cipher_aes_256_gcm, calg_aes_gcm, 32,32, type_aead, 4, 0,16, 8}, {cipher_camellia_128_gcm, calg_camellia_gcm, 16,16, type_aead, 4, 0,16, 8}, {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, }; @@ -419,8 +432,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa}, {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa}, // XXX: ssl_hash_sha384 hardcoded, see TenFourFox issue 480 {TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, mac_aead, kea_ecdhe_ecdsa}, @@ -502,6 +517,7 @@ static const SSLCipher2Mech alg2Mech[] = { #define mmech_md5_hmac CKM_MD5_HMAC #define mmech_sha_hmac CKM_SHA_1_HMAC #define mmech_sha256_hmac CKM_SHA256_HMAC +#define mmech_sha384_hmac CKM_SHA384_HMAC static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */ /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */ @@ -513,6 +529,7 @@ static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */ {hmac_sha, mmech_sha_hmac, 0, SHA1_LENGTH}, {hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH}, { mac_aead, mmech_invalid, 0, 0 }, + {hmac_sha384, mmech_sha384_hmac, 0, SHA384_LENGTH}, }; /* indexed by SSL3BulkCipher */ @@ -674,6 +691,7 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: case TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: + case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: case TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: @@ -2258,6 +2276,7 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms) #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) { /* Double Bypass succeeded in extracting the master_secret */ +#error not patched for SHA384, see bug 923089 const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; PRBool isTLS = (PRBool)(kea_def->tls_keygen || (pwSpec->version > SSL_LIBRARY_VERSION_3_0)); @@ -2392,6 +2411,7 @@ ssl3_ComputeRecordMAC( case ssl_hmac_sha256: /* used with TLS */ hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); break; +#error does not yet support SHA384, see bug 923089 default: break; } @@ -3636,6 +3656,55 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) return SECSuccess; } +/* XXX: These are stubs for TenFourFox issue 480, based on bug 923089. + Instead of using the prf_hash field, these simply check the cipher. + If we add a whole lot of new ciphers, we should probably just bite the + bullet and add the hash field, but for now just hard-code them IN BOTH + PLACES. + + We get away with this because the code actually just maps ssl_hash_sha256 + and _none to SHA-256, and the only other value is SHA-384 for our + exception ciphers. */ + +inline static CK_MECHANISM_TYPE +ssl3_GetTls12PrfHashMechanism(sslSocket *ss) +{ +#if(0) +// For reference + switch (ss->ssl3.hs.suite_def->prf_hash) { + case ssl_hash_sha384: + return CKM_SHA384; + case ssl_hash_sha256: + case ssl_hash_none: + /* ssl_hash_none is for pre-1.2 suites, which use SHA-256. */ + return CKM_SHA256; + default: + PORT_Assert(0); + } + return CKM_SHA256; +#else + if (ss->ssl3.hs.cipher_suite == TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) + return CKM_SHA384; + return CKM_SHA256; +#endif +} + +inline static SSLHashType +ssl3_GetSuitePrfHash(sslSocket *ss) { +#if(0) +// For reference + /* ssl_hash_none is for pre-1.2 suites, which use SHA-256. */ + if (ss->ssl3.hs.suite_def->prf_hash == ssl_hash_none) { + return ssl_hash_sha256; + } + return ss->ssl3.hs.suite_def->prf_hash; +#else + if (ss->ssl3.hs.cipher_suite == TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) + return ssl_hash_sha384; + return ssl_hash_sha256; +#endif +} + /* This method completes the derivation of the MS from the PMS. ** ** 1. Derive the MS, if possible, else return an error. @@ -3753,7 +3822,7 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, master_params.RandomInfo.pServerRandom = sr; master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; if (isTLS12) { - master_params.prfHashMechanism = CKM_SHA256; + master_params.prfHashMechanism = ssl3_GetTls12PrfHashMechanism(ss); master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); } else { /* prfHashMechanism is not relevant with this PRF */ @@ -3811,8 +3880,8 @@ tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms, } if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { - /* TLS 1.2 */ - extended_master_params.prfHashMechanism = CKM_SHA256; + /* TLS 1.2+ */ + extended_master_params.prfHashMechanism = ssl3_GetTls12PrfHashMechanism(ss); key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; } else { /* TLS < 1.2 */ @@ -3998,7 +4067,7 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss) if (isTLS12) { key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; - key_material_params.prfHashMechanism = CKM_SHA256; + key_material_params.prfHashMechanism = ssl3_GetTls12PrfHashMechanism(ss); key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS); } else if (isTLS) { key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; @@ -4076,11 +4145,14 @@ ssl3_InitHandshakeHashes(sslSocket *ss) if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { /* If we ever support ciphersuites where the PRF hash isn't SHA-256 * then this will need to be updated. */ +// We don't build with the bypass enabled, but this is here in case we need to. +#error handling for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is incomplete ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256); if (!ss->ssl3.hs.sha_obj) { ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); return SECFailure; } +#error see bug 923089 ss->ssl3.hs.sha_clone = (void (*)(void *, void *))SHA256_Clone; ss->ssl3.hs.hashType = handshake_hash_single; ss->ssl3.hs.sha_obj->begin(ss->ssl3.hs.sha_cx); @@ -4099,9 +4171,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss) * that the master secret will wind up in ... */ if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { - /* If we ever support ciphersuites where the PRF hash isn't SHA-256 - * then this will need to be updated. */ - ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA256); + /* determine the hash from the prf */ + const SECOidData *hash_oid = + SECOID_FindOIDByMechanism(ssl3_GetTls12PrfHashMechanism(ss)); + + /* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_hash) + * Convert that to the OidTag. We can then use that OidTag to create our + * PK11Context */ + PORT_Assert(hash_oid != NULL); + if (hash_oid == NULL) { + ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); + return SECFailure; + } + + ss->ssl3.hs.sha = PK11_CreateDigestContext(hash_oid->offset); if (ss->ssl3.hs.sha == NULL) { ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); return SECFailure; @@ -4422,6 +4505,12 @@ ssl3_AppendSignatureAndHashAlgorithm( sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash) { PRUint8 serialized[2]; + SECOidTag hashAlg = ssl3_TLSHashAlgorithmToOID(sigAndHash->hashAlg); + if (hashAlg == SEC_OID_UNKNOWN) { + PORT_Assert(0); + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + return SECFailure; + } serialized[0] = (PRUint8)sigAndHash->hashAlg; serialized[1] = (PRUint8)sigAndHash->sigAlg; @@ -4755,6 +4844,8 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* If we ever support ciphersuites where the PRF hash isn't SHA-256 * then this will need to be updated. */ hashes->hashAlg = ssl_hash_sha256; +// We don't build with the bypass enabled, but this is here in case we need to. +#error handling for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is incomplete rv = SECSuccess; } else if (ss->opt.bypassPKCS11) { /* compute them without PKCS11 */ @@ -4862,9 +4953,8 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, rv = SECFailure; goto tls12_loser; } - /* If we ever support ciphersuites where the PRF hash isn't SHA-256 - * then this will need to be updated. */ - hashes->hashAlg = ssl_hash_sha256; + + hashes->hashAlg = ssl3_GetSuitePrfHash(ss); rv = SECSuccess; tls12_loser: @@ -6285,7 +6375,26 @@ sendDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) +/* Once a cipher suite has been selected, make sure that the necessary secondary + * information is properly set. */ +static SECStatus +ssl3_SetCipherSuite(sslSocket *ss, ssl3CipherSuite chosenSuite) +{ + ss->ssl3.hs.cipher_suite = chosenSuite; + ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(chosenSuite); + if (!ss->ssl3.hs.suite_def) { + PORT_Assert(0); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + // XXX? + ss->ssl3.hs.kea_def = &kea_defs[ss->ssl3.hs.suite_def->key_exchange_alg]; + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; + + /* Now we've have a cipher suite, initialize the handshake hashes. */ + return ssl3_InitHandshakeHashes(ss); +} /* Called from ssl3_HandleServerHelloDone(). */ static SECStatus @@ -6526,13 +6635,6 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); - rv = ssl3_InitHandshakeHashes(ss); - if (rv != SECSuccess) { - desc = internal_error; - errCode = PORT_GetError(); - goto alert_loser; - } - rv = ssl3_ConsumeHandshake( ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); if (rv != SECSuccess) { @@ -6581,13 +6683,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) errCode = SSL_ERROR_NO_CYPHER_OVERLAP; goto alert_loser; } - ss->ssl3.hs.cipher_suite = (ssl3CipherSuite)temp; - ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef((ssl3CipherSuite)temp); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; - PORT_Assert(ss->ssl3.hs.suite_def); - if (!ss->ssl3.hs.suite_def) { - PORT_SetError(errCode = SEC_ERROR_LIBRARY_FAILURE); - goto loser; /* we don't send alerts for our screw-ups. */ + + rv = ssl3_SetCipherSuite(ss, (ssl3CipherSuite)temp); + if (rv != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; } /* find selected compression method in our list. */ @@ -7172,7 +7273,7 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss, /* Destroys the backup handshake hash context if we don't need it. Note that * this function selects the hash algorithm for client authentication * signatures; ssl3_SendCertificateVerify uses the presence of the backup hash - * to determine whether to use SHA-1 or SHA-256. */ + * to determine whether to use SHA-1, or the PRF hash of the cipher suite. */ static void ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, const SECItem *algorithms) @@ -7181,7 +7282,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, SSLSignType sigAlg; PRBool preferSha1; PRBool supportsSha1 = PR_FALSE; - PRBool supportsSha256 = PR_FALSE; + PRBool supportsHandshakeHash = PR_FALSE; PRBool needBackupHash = PR_FALSE; unsigned int i; @@ -7205,15 +7306,17 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, if (algorithms->data[i+1] == sigAlg) { if (algorithms->data[i] == ssl_hash_sha1) { supportsSha1 = PR_TRUE; - } else if (algorithms->data[i] == ssl_hash_sha256) { - supportsSha256 = PR_TRUE; - } - } + } else if (algorithms->data[i] == ssl_hash_sha256 || algorithms->data[i] == ssl_hash_sha384) { + /* XXX: This is wrong, but works. If we implement prf_hash, + we should fix it. See bug 923089. */ + supportsHandshakeHash = PR_TRUE; + } + } } - /* If either the server does not support SHA-256 or the client key prefers + /* If either the server does not support the handshake hash or the client key prefers * SHA-1, leave the backup hash. */ - if (supportsSha1 && (preferSha1 || !supportsSha256)) { + if (supportsSha1 && (preferSha1 || !supportsHandshakeHash)) { needBackupHash = PR_TRUE; } @@ -8240,14 +8343,16 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (!suite->enabled) break; #endif - /* Double check that the cached cipher suite is in the client's list */ + /* Double check that the cached cipher suite is in the client's + * list. If it isn't, fall through and start a new session. */ for (i = 0; i + 1 < suites.len; i += 2) { PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; if (suite_i == suite->cipher_suite) { - ss->ssl3.hs.cipher_suite = suite->cipher_suite; - ss->ssl3.hs.suite_def = - ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; + if (ssl3_SetCipherSuite(ss, suite_i) != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; + } /* Use the cached compression method. */ ss->ssl3.hs.compression = sid->u.ssl3.compression; @@ -8290,10 +8395,11 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) for (i = 0; i + 1 < suites.len; i += 2) { PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; if (suite_i == suite->cipher_suite) { - ss->ssl3.hs.cipher_suite = suite->cipher_suite; - ss->ssl3.hs.suite_def = - ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; + if (ssl3_SetCipherSuite(ss, suite_i) != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; + } goto suite_found; } } @@ -8807,13 +8913,6 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) } ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; - rv = ssl3_InitHandshakeHashes(ss); - if (rv != SECSuccess) { - desc = internal_error; - errCode = PORT_GetError(); - goto alert_loser; - } - /* if we get a non-zero SID, just ignore it. */ if (length != SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) { @@ -8867,10 +8966,11 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) for (i = 0; i+2 < suite_length; i += 3) { PRUint32 suite_i = (suites[i] << 16)|(suites[i+1] << 8)|suites[i+2]; if (suite_i == suite->cipher_suite) { - ss->ssl3.hs.cipher_suite = suite->cipher_suite; - ss->ssl3.hs.suite_def = - ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; + if (ssl3_SetCipherSuite(ss, suite_i) != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; + } goto suite_found; } } @@ -9419,6 +9519,8 @@ ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, unsigned maxLen, PRUint32 *len) { unsigned int i; + /* We only track a single hash, the one that is the basis for the PRF. */ + SSLHashType suiteHashAlg = ssl3_GetSuitePrfHash(ss); PORT_Assert(maxLen >= ss->ssl3.signatureAlgorithmCount * 2); if (maxLen < ss->ssl3.signatureAlgorithmCount * 2) { @@ -9430,9 +9532,9 @@ ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i]; /* Note that we don't support a handshake hash with anything other than - * SHA-256, so asking for a signature from clients for something else - * would be inviting disaster. */ - if (alg->hashAlg == ssl_hash_sha256) { + * the PRF hash, so asking for a signature from clients for something + * else would be inviting disaster. */ + if (alg->hashAlg == suiteHashAlg) { buf[(*len)++] = (PRUint8)alg->hashAlg; buf[(*len)++] = (PRUint8)alg->sigAlg; } @@ -9713,6 +9815,24 @@ ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, return pms; } +static void +ssl3_CSwapPK11SymKey(PK11SymKey **x, PK11SymKey **y, PRBool c) +{ + uintptr_t x_ptr = (uintptr_t)*x; + uintptr_t y_ptr = (uintptr_t)*y; + uintptr_t mask = (uintptr_t)c; + uintptr_t tmp; + unsigned int i; + for (i = 1; i < sizeof(uintptr_t) * 8; i <<= 1) { + mask |= mask << i; + } + tmp = (x_ptr ^ y_ptr) & mask; + x_ptr = x_ptr ^ tmp; + y_ptr = y_ptr ^ tmp; + *x = (PK11SymKey *)x_ptr; + *y = (PK11SymKey *)y_ptr; +} + /* Note: The Bleichenbacher attack on PKCS#1 necessitates that we NEVER * return any indication of failure of the Client Key Exchange message, * where that failure is caused by the content of the client's message. @@ -9808,6 +9928,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, rv = PK11_GenerateRandom(rsaPmsBuf, sizeof rsaPmsBuf); } } +#error not patched for SHA384, see bug 923089 /* have PMS, build MS without PKCS11 */ rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, PR_TRUE); @@ -9820,13 +9941,9 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, } else #endif { - PK11SymKey *tmpPms[2] = {NULL, NULL}; - PK11SlotInfo *slot; - int useFauxPms = 0; -#define currentPms tmpPms[!useFauxPms] -#define unusedPms tmpPms[useFauxPms] -#define realPms tmpPms[1] -#define fauxPms tmpPms[0] + PK11SymKey *pms = NULL; + PK11SymKey *fauxPms = NULL; + PK11SlotInfo *slot = NULL; #ifndef NO_PKCS11_BYPASS double_bypass: @@ -9886,29 +10003,28 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, * the unwrap. Rather, it is the mechanism with which the * unwrapped pms will be used. */ - realPms = PK11_PubUnwrapSymKey(serverKey, &enc_pms, - CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0); + pms = PK11_PubUnwrapSymKey(serverKey, &enc_pms, + CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0); + /* Temporarily use the PMS if unwrapping the real PMS fails. */ - useFauxPms |= (realPms == NULL); + ssl3_CSwapPK11SymKey(&pms, &fauxPms, pms == NULL); /* Attempt to derive the MS from the PMS. This is the only way to * check the version field in the RSA PMS. If this fails, we * then use the faux PMS in place of the PMS. Note that this * operation should never fail if we are using the faux PMS * since it is correctly formatted. */ - rv = ssl3_ComputeMasterSecret(ss, currentPms, NULL); - /* If we succeeded, then select the true PMS and discard the - * FPMS. Else, select the FPMS and select the true PMS */ - useFauxPms |= (rv != SECSuccess); - - if (unusedPms) { - PK11_FreeSymKey(unusedPms); - } + rv = ssl3_ComputeMasterSecret(ss, pms, NULL); + /* If we succeeded, then select the true PMS, else select the FPMS. */ + ssl3_CSwapPK11SymKey(&pms, &fauxPms, (rv != SECSuccess) & (fauxPms != NULL)); /* This step will derive the MS from the PMS, among other things. */ - rv = ssl3_InitPendingCipherSpec(ss, currentPms); - PK11_FreeSymKey(currentPms); + rv = ssl3_InitPendingCipherSpec(ss, pms); + + /* Clear both PMS. */ + PK11_FreeSymKey(pms); + PK11_FreeSymKey(fauxPms); } if (rv != SECSuccess) { @@ -9916,11 +10032,6 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ } -#undef currentPms -#undef unusedPms -#undef realPms -#undef fauxPms - return SECSuccess; } @@ -10886,7 +10997,7 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error) } static SECStatus -ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, +ssl3_ComputeTLSFinished(sslSocket *ss, ssl3CipherSpec *spec, PRBool isServer, const SSL3Hashes * hashes, TLSFinished * tlsFinished) @@ -10909,7 +11020,7 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) { tls_mac_params.prfMechanism = CKM_TLS_PRF; } else { - tls_mac_params.prfMechanism = CKM_SHA256; + tls_mac_params.prfMechanism = ssl3_GetTls12PrfHashMechanism(ss); } tls_mac_params.ulMacLength = 12; tls_mac_params.ulServerOrClient = isServer ? 1 : 2; @@ -11111,7 +11222,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags) isTLS = (PRBool)(cwSpec->version > SSL_LIBRARY_VERSION_3_0); rv = ssl3_ComputeHandshakeHashes(ss, cwSpec, &hashes, sender); if (isTLS && rv == SECSuccess) { - rv = ssl3_ComputeTLSFinished(cwSpec, isServer, &hashes, &tlsFinished); + rv = ssl3_ComputeTLSFinished(ss, cwSpec, isServer, &hashes, &tlsFinished); } ssl_ReleaseSpecReadLock(ss); if (rv != SECSuccess) { @@ -11282,7 +11393,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED); return SECFailure; } - rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer, + rv = ssl3_ComputeTLSFinished(ss, ss->ssl3.crSpec, !isServer, hashes, &tlsFinished); if (!isServer) ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished; diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 4aac635ce..fc4f91d26 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -931,6 +931,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, @@ -952,6 +953,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index 3b09b5bd6..8d04c153b 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -50,6 +50,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { #ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index de4f64dbe..28d80f163 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -64,6 +64,7 @@ typedef SSLSignType SSL3SignType; #define hmac_md5 ssl_hmac_md5 #define hmac_sha ssl_hmac_sha #define hmac_sha256 ssl_hmac_sha256 +#define hmac_sha384 ssl_hmac_sha384 #define mac_aead ssl_mac_aead #define SET_ERROR_CODE /* reminder */ @@ -292,7 +293,7 @@ typedef struct { } ssl3CipherSuiteCfg; #ifndef NSS_DISABLE_ECC -#define ssl_V3_SUITES_IMPLEMENTED 66 +#define ssl_V3_SUITES_IMPLEMENTED 67 #else #define ssl_V3_SUITES_IMPLEMENTED 40 #endif /* NSS_DISABLE_ECC */ @@ -478,6 +479,7 @@ typedef enum { cipher_camellia_256, cipher_seed, cipher_aes_128_gcm, + cipher_aes_256_gcm, cipher_camellia_128_gcm, cipher_missing /* reserved for no such supported cipher */ /* This enum must match ssl3_cipherName[] in ssl3con.c. */ @@ -596,7 +598,7 @@ typedef struct { ssl3KeyMaterial client; ssl3KeyMaterial server; SECItem msItem; - unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; + unsigned char key_block[NUM_MIXERS * HASH_LENGTH_MAX]; unsigned char raw_master_secret[56]; SECItem srvVirtName; /* for server: name that was negotiated * with a client. For client - is diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index f631ec408..41ea6aee7 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -160,6 +160,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, #define B_0 0, 0, 0 #define M_AEAD_128 "AEAD", ssl_mac_aead, 128 +#define M_SHA384 "SHA384", ssl_hmac_sha384, 384 #define M_SHA256 "SHA256", ssl_hmac_sha256, 256 #define M_SHA "SHA1", ssl_mac_sha, 160 #define M_MD5 "MD5", ssl_mac_md5, 128 @@ -216,6 +217,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { #ifndef NSS_DISABLE_ECC /* ECC cipher suites */ {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, +{0,CS(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 246447b79..055d89e33 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -258,6 +258,7 @@ #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index 6f5d609eb..cc0d9d2cb 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -115,7 +115,8 @@ typedef enum { ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */ ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */ ssl_hmac_sha256 = 5, - ssl_mac_aead = 6 + ssl_mac_aead = 6, + ssl_hmac_sha384 = 7 } SSLMACAlgorithm; typedef enum { diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c index fe72b293a..40e38c518 100644 --- a/security/nss/lib/util/quickder.c +++ b/security/nss/lib/util/quickder.c @@ -870,8 +870,15 @@ static SECStatus DecodeItem(void* dest, break; } - case SEC_ASN1_BIT_STRING: - { + case SEC_ASN1_BIT_STRING: { + /* Can't be 8 or more spare bits, or any spare bits + * if there are no octets. */ + if (temp.data[0] >= 8 || (temp.data[0] > 0 && temp.len == 1)) { + PORT_SetError(SEC_ERROR_BAD_DER); + rv = SECFailure; + break; + } + /* change the length in the SECItem to be the number of bits */ temp.len = (temp.len-1)*8 - (temp.data[0] & 0x7); diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index 942abab93..ad15d0b06 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -466,6 +466,7 @@ CONST_OID aes128_OFB[] = { AES, 3 }; CONST_OID aes128_CFB[] = { AES, 4 }; #endif CONST_OID aes128_KEY_WRAP[] = { AES, 5 }; +CONST_OID aes128_GCM[] = { AES, 6 }; CONST_OID aes192_ECB[] = { AES, 21 }; CONST_OID aes192_CBC[] = { AES, 22 }; @@ -474,6 +475,7 @@ CONST_OID aes192_OFB[] = { AES, 23 }; CONST_OID aes192_CFB[] = { AES, 24 }; #endif CONST_OID aes192_KEY_WRAP[] = { AES, 25 }; +CONST_OID aes192_GCM[] = { AES, 26 }; CONST_OID aes256_ECB[] = { AES, 41 }; CONST_OID aes256_CBC[] = { AES, 42 }; @@ -482,6 +484,7 @@ CONST_OID aes256_OFB[] = { AES, 43 }; CONST_OID aes256_CFB[] = { AES, 44 }; #endif CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; +CONST_OID aes256_GCM[] = { AES, 46 }; CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2}; CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3}; @@ -1639,7 +1642,14 @@ const static SECOidData oids[SEC_OID_TOTAL] = { "Microsoft Trust List Signing", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), OD( x520Name, SEC_OID_AVA_NAME, - "X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ) + "X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), + + OD( aes128_GCM, SEC_OID_AES_128_GCM, + "AES-128-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), + OD( aes192_GCM, SEC_OID_AES_192_GCM, + "AES-192-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), + OD( aes256_GCM, SEC_OID_AES_256_GCM, + "AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ) }; /* PRIVATE EXTENDED SECOID Table diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h index 747450ed0..13fb7de08 100644 --- a/security/nss/lib/util/secoidt.h +++ b/security/nss/lib/util/secoidt.h @@ -443,6 +443,10 @@ typedef enum { /* The 'name' attribute type in X.520 */ SEC_OID_AVA_NAME = 317, + SEC_OID_AES_128_GCM = 318, + SEC_OID_AES_192_GCM = 319, + SEC_OID_AES_256_GCM = 320, + SEC_OID_TOTAL } SECOidTag; From cd62ee110247da0275e5e1d61dfefb3cf267e80f Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Thu, 9 Jan 2020 00:31:35 +0800 Subject: [PATCH 11/15] ssl3con: add missing AES-256-GCM in ssl3_cipherName --- security/nss/lib/ssl/ssl3con.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 7486185cc..2a2faf71f 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -550,6 +550,7 @@ const char * const ssl3_cipherName[] = { "Camellia-256", "SEED-CBC", "AES-128-GCM", + "AES-256-GCM", "Camellia-128-GCM", "missing" }; From 9ab743b4d6c20939caffd149ddc7a6be8a9777a9 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Mon, 27 Jan 2020 12:16:12 +0800 Subject: [PATCH 12/15] [NSS] sqlite3: turn explicitly linked InterlockedCompareExchange to dynamic loading with emulation, should work on Win95, and remove usage of GetFileAttributesExW which is not exist on NT 3.51 --- security/nss/lib/sqlite/sqlite3.c | 96 ++++++++++++++++++++++--------- 1 file changed, 69 insertions(+), 27 deletions(-) diff --git a/security/nss/lib/sqlite/sqlite3.c b/security/nss/lib/sqlite/sqlite3.c index 8f261e801..90f6bb9b2 100644 --- a/security/nss/lib/sqlite/sqlite3.c +++ b/security/nss/lib/sqlite/sqlite3.c @@ -18318,6 +18318,51 @@ static int winMutexNotheld(sqlite3_mutex *p){ #endif +typedef PVOID WINAPI interlocked_cmp_xchg_t(PVOID *dest, PVOID exc, PVOID comperand); + +/* Sorry mate, but we haven't got InterlockedCompareExchange in Win95! */ +static PVOID WINAPI +interlocked_cmp_xchg(PVOID *dest, PVOID exc, PVOID comperand) +{ + static LONG spinlock = 0; + PVOID result; + DWORD dwSleep = 0; + + /* Acqire spinlock (yielding control to other threads if cant aquire for the moment) */ + while(InterlockedExchange(&spinlock, 1)) + { + // Using Sleep(0) can cause a priority inversion. + // Sleep(0) only yields the processor if there's + // another thread of the same priority that's + // ready to run. If a high-priority thread is + // trying to acquire the lock, which is held by + // a low-priority thread, then the low-priority + // thread may never get scheduled and hence never + // free the lock. NT attempts to avoid priority + // inversions by temporarily boosting the priority + // of low-priority runnable threads, but the problem + // can still occur if there's a medium-priority + // thread that's always runnable. If Sleep(1) is used, + // then the thread unconditionally yields the CPU. We + // only do this for the second and subsequent even + // iterations, since a millisecond is a long time to wait + // if the thread can be scheduled in again sooner + // (~100,000 instructions). + // Avoid priority inversion: 0, 1, 0, 1,... + Sleep(dwSleep); + dwSleep = !dwSleep; + } + result = *dest; + if (result == comperand) + *dest = exc; + /* Release spinlock */ + spinlock = 0; + return result; +} + +static interlocked_cmp_xchg_t *ixchg; + + /* ** Initialize and deinitialize the mutex subsystem. */ @@ -18340,8 +18385,15 @@ static long winMutex_lock = 0; SQLITE_API void sqlite3_win32_sleep(DWORD milliseconds); /* os_win.c */ static int winMutexInit(void){ + if (!ixchg) + { + /* Sorely, Win95 has no InterlockedCompareExchange API (Win98 has), so we have to use emulation */ + HANDLE kernel = GetModuleHandleA("kernel32.dll"); + if (!kernel || (ixchg = (interlocked_cmp_xchg_t *)GetProcAddress(kernel, "InterlockedCompareExchange")) == NULL) + ixchg = interlocked_cmp_xchg; + } /* The first to increment to 1 does actual initialization */ - if( InterlockedCompareExchange(&winMutex_lock, 1, 0)==0 ){ + if( ixchg(&winMutex_lock, 1, 0)==0 ){ int i; for(i=0; i Date: Mon, 27 Jan 2020 12:53:45 +0800 Subject: [PATCH 13/15] [NSS] sqlite3: fix CP_UTF8 not working in Win95 and NT3.51 --- security/nss/lib/sqlite/sqlite3.c | 165 +++++++++++++++++++++++++++++- 1 file changed, 161 insertions(+), 4 deletions(-) diff --git a/security/nss/lib/sqlite/sqlite3.c b/security/nss/lib/sqlite/sqlite3.c index 90f6bb9b2..86f376cc7 100644 --- a/security/nss/lib/sqlite/sqlite3.c +++ b/security/nss/lib/sqlite/sqlite3.c @@ -31418,6 +31418,163 @@ SQLITE_PRIVATE void sqlite3MemSetDefault(void){ } #endif /* SQLITE_WIN32_MALLOC */ +/*** UTF16<-->UTF8 functions minicking MultiByteToWideChar/WideCharToMultiByte ***/ +int utf8GetMaskIndex(unsigned char n) { + if((unsigned char)(n + 2) < 0xc2) return 1; // 00~10111111, fe, ff + if(n < 0xe0) return 2; // 110xxxxx + if(n < 0xf0) return 3; // 1110xxxx + if(n < 0xf8) return 4; // 11110xxx + if(n < 0xfc) return 5; // 111110xx + return 6; // 1111110x +} + +int wc2Utf8Len(wchar_t ** n, int *len) { + wchar_t *ch = *n, ch2; + int qch; + if((0xD800 <= *ch && *ch <= 0xDBFF) && *len) { + ch2 = *(ch + 1); + if(0xDC00 <= ch2 && ch2 <= 0xDFFF) { + qch = 0x10000 + (((*ch - 0xD800) & 0x3ff) << 10) + ((ch2 - 0xDC00) & 0x3ff); + (*n)++; + (*len)--; + } + } + else + qch = (int) *ch; + + if (qch <= 0x7f) return 1; + else if (qch <= 0x7ff) return 2; + else if (qch <= 0xffff) return 3; + else if (qch <= 0x1fffff) return 4; + else if (qch <= 0x3ffffff) return 5; + else return 6; +} + +int Utf8ToWideChar(unsigned int unused1, unsigned long unused2, char *sb, int ss, wchar_t * wb, int ws) { + static const unsigned char utf8mask[] = { 0, 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01 }; + char *p = (char *)(sb); + char *e = (char *)(sb + ss); + wchar_t *w = wb; + int cnt = 0, t, qch; + + if (ss < 1) { + ss = lstrlenA(sb); + e = (char *)(sb + ss); + } + + if (wb && ws) { + for (; p < e; ++w) { + t = utf8GetMaskIndex(*p); + qch = (*p++ & utf8mask[t]); + while(p < e && --t) + qch <<= 6, qch |= (*p++) & 0x3f; + if(qch < 0x10000) { + if(cnt <= ws) + *w = (wchar_t) qch; + cnt++; + } else { + if (cnt + 2 <= ws) { + *w++ = (wchar_t) (0xD800 + (((qch - 0x10000) >> 10) & 0x3ff)), + *w = (wchar_t) (0xDC00 + (((qch - 0x10000)) & 0x3ff)); + } + cnt += 2; + } + } + if(cnt < ws) { + *(wb+cnt) = 0; + return cnt; + } else { + *(wb+ws) = 0; + return ws; + } + } else { + for (t; p < e;) { + t = utf8GetMaskIndex(*p); + qch = (*p++ & utf8mask[t]); + while (p < e && --t) + qch <<= 6, qch |= (*p++) & 0x3f; + if (qch < 0x10000) + cnt++; + else + cnt += 2; + } + return cnt+1; + } +} + +int WideCharToUtf8(unsigned int unused1, unsigned long unused2, wchar_t * wb, int ws, char *sb, int ss) { + wchar_t *p = (wchar_t *)(wb); + wchar_t *e = (wchar_t *)(wb + ws); + wchar_t *oldp; + char *s = sb; + int cnt = 0, qch, t; + + if (ws < 1) { + ws = lstrlenW(wb); + e = (wchar_t *)(wb + ws); + } + + if (sb && ss) { + for (t; p < e; ++p) { + oldp = p; + t = wc2Utf8Len(&p, &ws); + + if (p != oldp) { /* unicode surrogates encountered */ + qch = 0x10000 + (((*oldp - 0xD800) & 0x3ff) << 10) + ((*p - 0xDC00) & 0x3ff); + } else + qch = *p; + + if (qch <= 0x7f) + *s++ = (char) (qch), + cnt++; + else if (qch <= 0x7ff) + *s++ = 0xc0 | (char) (qch >> 6), + *s++ = 0x80 | (char) (qch & 0x3f), + cnt += 2; + else if (qch <= 0xffff) + *s++ = 0xe0 | (char) (qch >> 12), + *s++ = 0x80 | (char) ((qch >> 6) & 0x3f), + *s++ = 0x80 | (char) (qch & 0x3f), + cnt += 3; + else if (qch <= 0x1fffff) + *s++ = 0xf0 | (char) (qch >> 18), + *s++ = 0x80 | (char) ((qch >> 12) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 6) & 0x3f), + *s++ = 0x80 | (char) (qch & 0x3f), + cnt += 4; + else if (qch <= 0x3ffffff) + *s++ = 0xf8 | (char) (qch >> 24), + *s++ = 0x80 | (char) ((qch >> 18) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 12) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 6) & 0x3f), + *s++ = 0x80 | (char) (qch & 0x3f), + cnt += 5; + else + *s++ = 0xfc | (char) (qch >> 30), + *s++ = 0x80 | (char) ((qch >> 24) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 18) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 12) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 6) & 0x3f), + *s++ = 0x80 | (char) (qch & 0x3f), + cnt += 6; + } + if(cnt < ss) { + *(sb+cnt) = 0; + return cnt; + } else { + *(sb+ss) = 0; + return ss; + } + } else { + for (t; p < e; ++p) { + t = wc2Utf8Len(&p, &ws); + cnt += t; + } + return cnt+1; + } +} +/*** Ends ***/ + /* ** Convert a UTF-8 string to Microsoft Unicode (UTF-16?). ** @@ -31427,7 +31584,7 @@ static LPWSTR utf8ToUnicode(const char *zFilename){ int nChar; LPWSTR zWideFilename; - nChar = osMultiByteToWideChar(CP_UTF8, 0, zFilename, -1, NULL, 0); + nChar = Utf8ToWideChar(CP_UTF8, 0, zFilename, -1, NULL, 0); if( nChar==0 ){ return 0; } @@ -31435,7 +31592,7 @@ static LPWSTR utf8ToUnicode(const char *zFilename){ if( zWideFilename==0 ){ return 0; } - nChar = osMultiByteToWideChar(CP_UTF8, 0, zFilename, -1, zWideFilename, + nChar = Utf8ToWideChar(CP_UTF8, 0, zFilename, -1, zWideFilename, nChar); if( nChar==0 ){ sqlite3_free(zWideFilename); @@ -31452,7 +31609,7 @@ static char *unicodeToUtf8(LPCWSTR zWideFilename){ int nByte; char *zFilename; - nByte = osWideCharToMultiByte(CP_UTF8, 0, zWideFilename, -1, 0, 0, 0, 0); + nByte = WideCharToUtf8(CP_UTF8, 0, zWideFilename, -1, 0, 0, 0, 0); if( nByte == 0 ){ return 0; } @@ -31460,7 +31617,7 @@ static char *unicodeToUtf8(LPCWSTR zWideFilename){ if( zFilename==0 ){ return 0; } - nByte = osWideCharToMultiByte(CP_UTF8, 0, zWideFilename, -1, zFilename, nByte, + nByte = WideCharToUtf8(CP_UTF8, 0, zWideFilename, -1, zFilename, nByte, 0, 0); if( nByte == 0 ){ sqlite3_free(zFilename); From db2c36920504e182562d3f4a4423e1e188c939c0 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Fri, 31 Jan 2020 15:54:04 +0800 Subject: [PATCH 14/15] import NSS mozilla upstream changes in order to implement ChaCha20-Poly1305 support: bug917571, bug1227905, bug1255443, bug1265196 --- security/nss/cmd/bltest/blapitest.c | 174 ++++- .../cmd/bltest/tests/chacha20_poly1305/aad0 | 1 + .../tests/chacha20_poly1305/ciphertext0 | 1 + .../tests/chacha20_poly1305/ciphertext1 | 1 + .../cmd/bltest/tests/chacha20_poly1305/key0 | 1 + .../cmd/bltest/tests/chacha20_poly1305/key1 | 1 + .../bltest/tests/chacha20_poly1305/numtests | 1 + .../bltest/tests/chacha20_poly1305/plaintext0 | 1 + .../bltest/tests/chacha20_poly1305/plaintext1 | 1 + security/nss/cmd/ssltap/ssltap.c | 4 + security/nss/lib/dbm/include/cdefs.h | 126 ++++ security/nss/lib/dbm/include/mpool.h | 97 +++ security/nss/lib/freebl/Makefile | 25 + security/nss/lib/freebl/blapi.h | 29 + security/nss/lib/freebl/blapit.h | 2 + security/nss/lib/freebl/chacha20.c | 111 ++++ security/nss/lib/freebl/chacha20.h | 26 + security/nss/lib/freebl/chacha20_vec.c | 278 ++++++++ security/nss/lib/freebl/chacha20poly1305.c | 175 +++++ security/nss/lib/freebl/chacha20poly1305.h | 15 + security/nss/lib/freebl/ldvector.c | 10 +- security/nss/lib/freebl/loader.c | 56 ++ security/nss/lib/freebl/loader.h | 29 +- security/nss/lib/freebl/manifest.mn | 2 + ...ly1305-donna-x64-sse2-incremental-source.c | 623 ++++++++++++++++++ security/nss/lib/freebl/poly1305.c | 261 ++++++++ security/nss/lib/freebl/poly1305.h | 28 + security/nss/lib/pk11wrap/pk11mech.c | 7 + security/nss/lib/softoken/pkcs11.c | 3 + security/nss/lib/softoken/pkcs11c.c | 124 ++++ security/nss/lib/softoken/pkcs11i.h | 12 + security/nss/lib/ssl/manifest.mn | 2 +- security/nss/lib/ssl/ssl3con.c | 106 ++- security/nss/lib/ssl/ssl3ecc.c | 4 + security/nss/lib/ssl/sslenum.c | 3 + security/nss/lib/ssl/sslimpl.h | 6 +- security/nss/lib/ssl/sslinfo.c | 4 + security/nss/lib/ssl/sslproto.h | 4 + security/nss/lib/ssl/sslt.h | 3 +- security/nss/lib/util/pkcs11n.h | 13 + security/nss/lib/util/secoid.c | 6 +- security/nss/lib/util/secoidt.h | 2 + security/nss/tests/cipher/cipher.txt | 2 + security/nss/tests/ssl/ssl.sh | 12 +- security/nss/tests/ssl/sslcov.txt | 1 + 45 files changed, 2356 insertions(+), 37 deletions(-) create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/aad0 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/key0 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/key1 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/numtests create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1 create mode 100644 security/nss/lib/dbm/include/cdefs.h create mode 100644 security/nss/lib/dbm/include/mpool.h create mode 100644 security/nss/lib/freebl/chacha20.c create mode 100644 security/nss/lib/freebl/chacha20.h create mode 100644 security/nss/lib/freebl/chacha20_vec.c create mode 100644 security/nss/lib/freebl/chacha20poly1305.c create mode 100644 security/nss/lib/freebl/chacha20poly1305.h create mode 100644 security/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c create mode 100644 security/nss/lib/freebl/poly1305.c create mode 100644 security/nss/lib/freebl/poly1305.h diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 204814d82..74de908dc 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -613,6 +613,17 @@ typedef SECStatus (* bltestSymmCipherFn)(void *cx, const unsigned char *input, unsigned int inputLen); +typedef SECStatus (* bltestAEADFn)(void *cx, + unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen, + const unsigned char *nonce, + unsigned int nonceLen, + const unsigned char *ad, + unsigned int adLen); + typedef SECStatus (* bltestPubKeyCipherFn)(void *key, SECItem *output, const SECItem *input); @@ -646,6 +657,7 @@ typedef enum { bltestCAMELLIA_CBC, /* . */ bltestSEED_ECB, /* SEED algorithm */ bltestSEED_CBC, /* SEED algorithm */ + bltestCHACHA20, /* ChaCha20 + Poly1305 */ bltestRSA, /* Public Key Ciphers */ bltestRSA_OAEP, /* . (Public Key Enc.) */ bltestRSA_PSS, /* . (Public Key Sig.) */ @@ -685,6 +697,7 @@ static char *mode_strings[] = "camellia_cbc", "seed_ecb", "seed_cbc", + "chacha20_poly1305", "rsa", "rsa_oaep", "rsa_pss", @@ -805,6 +818,7 @@ struct bltestCipherInfoStr { /* Cipher function (encrypt/decrypt/sign/verify/hash) */ union { bltestSymmCipherFn symmkeyCipher; + bltestAEADFn aeadCipher; bltestPubKeyCipherFn pubkeyCipher; bltestHashCipherFn hashCipher; } cipher; @@ -826,13 +840,29 @@ is_symmkeyCipher(bltestCipherMode mode) return PR_FALSE; } +PRBool +is_aeadCipher(bltestCipherMode mode) +{ + /* change as needed! */ + switch (mode) { + case bltestCHACHA20: + return PR_TRUE; + default: + return PR_FALSE; + } +} + PRBool is_authCipher(bltestCipherMode mode) { /* change as needed! */ - if (mode == bltestAES_GCM) - return PR_TRUE; - return PR_FALSE; + switch (mode) { + case bltestAES_GCM: + case bltestCHACHA20: + return PR_TRUE; + default: + return PR_FALSE; + } } @@ -840,11 +870,14 @@ PRBool is_singleShotCipher(bltestCipherMode mode) { /* change as needed! */ - if (mode == bltestAES_GCM) - return PR_TRUE; - if (mode == bltestAES_CTS) - return PR_TRUE; - return PR_FALSE; + switch (mode) { + case bltestAES_GCM: + case bltestAES_CTS: + case bltestCHACHA20: + return PR_TRUE; + default: + return PR_FALSE; + } } PRBool @@ -878,16 +911,24 @@ PRBool cipher_requires_IV(bltestCipherMode mode) { /* change as needed! */ - if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC || - mode == bltestRC2_CBC || + switch (mode) { + case bltestDES_CBC: + case bltestDES_EDE_CBC: + case bltestRC2_CBC: #ifdef NSS_SOFTOKEN_DOES_RC5 - mode == bltestRC5_CBC || + case bltestRC5_CBC: #endif - mode == bltestAES_CBC || mode == bltestAES_CTS || - mode == bltestAES_CTR || mode == bltestAES_GCM || - mode == bltestCAMELLIA_CBC || mode == bltestSEED_CBC) - return PR_TRUE; - return PR_FALSE; + case bltestAES_CBC: + case bltestAES_CTS: + case bltestAES_CTR: + case bltestAES_GCM: + case bltestCAMELLIA_CBC: + case bltestSEED_CBC: + case bltestCHACHA20: + return PR_TRUE; + default: + return PR_FALSE; + } } SECStatus finishIO(bltestIO *output, PRFileDesc *file); @@ -1126,6 +1167,30 @@ aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, input, inputLen); } +SECStatus +chacha20_poly1305_Encrypt(void *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + return ChaCha20Poly1305_Seal((ChaCha20Poly1305Context *)cx, output, + outputLen, maxOutputLen, input, inputLen, + nonce, nonceLen, ad, adLen); +} + +SECStatus +chacha20_poly1305_Decrypt(void *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + return ChaCha20Poly1305_Open((ChaCha20Poly1305Context *)cx, output, + outputLen, maxOutputLen, input, inputLen, + nonce, nonceLen, ad, adLen); +} + SECStatus camellia_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, @@ -1575,6 +1640,21 @@ bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt) return SECSuccess; } +SECStatus +bltest_chacha20_init(bltestCipherInfo *cipherInfo, PRBool encrypt) +{ + const unsigned int tagLen = 16; + const bltestSymmKeyParams *sk = &cipherInfo->params.sk; + cipherInfo->cx = ChaCha20Poly1305_CreateContext(sk->key.buf.data, + sk->key.buf.len, tagLen); + + if (encrypt) + cipherInfo->cipher.aeadCipher = chacha20_poly1305_Encrypt; + else + cipherInfo->cipher.aeadCipher = chacha20_poly1305_Decrypt; + return SECSuccess; +} + SECStatus bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { @@ -2226,6 +2306,11 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) cipherInfo->input.pBuf.len); return bltest_seed_init(cipherInfo, encrypt); break; + case bltestCHACHA20: + outlen = cipherInfo->input.pBuf.len + (encrypt ? 16 : 0); + SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen); + return bltest_chacha20_init(cipherInfo, encrypt); + break; case bltestRSA: case bltestRSA_OAEP: case bltestRSA_PSS: @@ -2376,6 +2461,55 @@ cipherDoOp(bltestCipherInfo *cipherInfo) } } TIMEFINISH(cipherInfo->optime, 1.0); + } else if (is_aeadCipher(cipherInfo->mode)) { + const unsigned char *input = cipherInfo->input.pBuf.data; + unsigned int inputLen = cipherInfo->input.pBuf.len; + unsigned char *output = cipherInfo->output.pBuf.data; + unsigned int outputLen; + bltestSymmKeyParams *sk = &cipherInfo->params.sk; + bltestAuthSymmKeyParams *ask = &cipherInfo->params.ask; + + TIMESTART(); + rv = (*cipherInfo->cipher.aeadCipher)( + cipherInfo->cx, + output, &outputLen, maxLen, + input, inputLen, + sk->iv.buf.data, sk->iv.buf.len, + ask->aad.buf.data, ask->aad.buf.len); + CHECKERROR(rv, __LINE__); + cipherInfo->output.pBuf.len = outputLen; + TIMEFINISH(cipherInfo->optime, 1.0); + + cipherInfo->repetitions = 0; + if (cipherInfo->repetitionsToPerfom != 0) { + TIMESTART(); + for (i=0; irepetitionsToPerfom; i++, + cipherInfo->repetitions++) { + rv = (*cipherInfo->cipher.aeadCipher)( + cipherInfo->cx, + output, &outputLen, maxLen, + input, inputLen, + sk->iv.buf.data, sk->iv.buf.len, + ask->aad.buf.data, ask->aad.buf.len); + CHECKERROR(rv, __LINE__); + } + } else { + int opsBetweenChecks = 0; + TIMEMARK(cipherInfo->seconds); + while (! (TIMETOFINISH())) { + int j = 0; + for (;j < opsBetweenChecks;j++) { + (*cipherInfo->cipher.aeadCipher)( + cipherInfo->cx, + output, &outputLen, maxLen, + input, inputLen, + sk->iv.buf.data, sk->iv.buf.len, + ask->aad.buf.data, ask->aad.buf.len); + } + cipherInfo->repetitions += j; + } + } + TIMEFINISH(cipherInfo->optime, 1.0); } else if (is_pubkeyCipher(cipherInfo->mode)) { TIMESTART(); rv = (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, @@ -2477,6 +2611,10 @@ cipherFinish(bltestCipherInfo *cipherInfo) case bltestSEED_CBC: SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE); break; + case bltestCHACHA20: + ChaCha20Poly1305_DestroyContext((ChaCha20Poly1305Context *) + cipherInfo->cx, PR_TRUE); + break; case bltestRC2_ECB: case bltestRC2_CBC: RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE); @@ -2808,6 +2946,7 @@ get_params(PLArenaPool *arena, bltestParams *params, #endif switch (mode) { case bltestAES_GCM: + case bltestCHACHA20: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j); load_file_data(arena, ¶ms->ask.aad, filename, bltestBinary); case bltestDES_CBC: @@ -3753,7 +3892,8 @@ int main(int argc, char **argv) /* Set up an encryption key. */ keysize = 0; file = NULL; - if (is_symmkeyCipher(cipherInfo->mode)) { + if (is_symmkeyCipher(cipherInfo->mode) || + is_aeadCipher(cipherInfo->mode)) { char *keystr = NULL; /* if key is on command line */ if (bltest.options[opt_Key].activated) { if (bltest.options[opt_CmdLine].activated) { diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/aad0 b/security/nss/cmd/bltest/tests/chacha20_poly1305/aad0 new file mode 100644 index 000000000..a420ef184 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/aad0 @@ -0,0 +1 @@ +PQRSÀÁÂÃÄÅÆÇ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0 b/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0 new file mode 100644 index 000000000..a06f68b5f --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0 @@ -0,0 +1 @@ +0xqNNGSOYNt7hq+8U+9+wqSt7VEpbgj+qeK1pzbuYtY9vqRejKlnEoL6+2naknKLGnHeCp4GCykF1qW2fs07NpLdvX8td4uMmAOu4ygJG1j6syTk+tZ1lFWFgItIMde8P/Te8I5Lep3ldtJlhs7GS2EWGuELWU8J4mp+kC7L0GAGkQ== diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1 b/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1 new file mode 100644 index 000000000..e7f0d0100 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1 @@ -0,0 +1 @@ +ZKCGFXWGGvRg8GLHm+ZDvV6AXP00XPOJ8QhnCsdsjLJMbPwYdV1D7qCe6U44LSawvbe3PDIbAQDU8Dt/NViUzzMvgw5xC5fOmMioSr0LlIEUrRduAI0zvWD5grH/N8hVl5egbvTw72HBhjJOKzUGODYGkHtqfAKw+fYVe1PIZ+S5Fmx2e4BNRqWbUhbN56TpkEDFpAQzIl7igqGwoGxSPq9FNNf4P6EVWwBHcYy8VGoNBysEs1ZO6htCInP1SCcaC7IxYFP6dpkZVevWMVlDTs67TkZtrloQc6ZydicJehBJ5hfZHTYQlPpo8P93mHEwMFvqui7aBN+Ze3FNbG8sKaatXLQCKwJwm+6tnWeJDLsiOSM2/qGFHzg= diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/key0 b/security/nss/cmd/bltest/tests/chacha20_poly1305/key0 new file mode 100644 index 000000000..503ecb84e --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/key0 @@ -0,0 +1 @@ +€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/key1 b/security/nss/cmd/bltest/tests/chacha20_poly1305/key1 new file mode 100644 index 000000000..002bf1b45 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/key1 @@ -0,0 +1 @@ +’@¥ëUÓŠó3ˆ†öµðG9Á@+€ Ê\¼ puÀ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/numtests b/security/nss/cmd/bltest/tests/chacha20_poly1305/numtests new file mode 100644 index 000000000..0cfbf0888 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/numtests @@ -0,0 +1 @@ +2 diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0 b/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0 new file mode 100644 index 000000000..74c222908 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0 @@ -0,0 +1 @@ +Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it. \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1 b/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1 new file mode 100644 index 000000000..029317d8e --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1 @@ -0,0 +1 @@ +Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as /“work in progress./†\ No newline at end of file diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c index 8ea465ef3..29b91910e 100644 --- a/security/nss/cmd/ssltap/ssltap.c +++ b/security/nss/cmd/ssltap/ssltap.c @@ -443,6 +443,10 @@ const char * V2CipherString(int cs_int) case 0x00C02C: cs_str = "TLS/ECDHE-ECDSA/AES256-GCM/SHA384"; break; case 0x00C02F: cs_str = "TLS/ECDHE-RSA/AES128-GCM/SHA256"; break; + case 0x00CCA8: cs_str = "TLS/ECDHE-RSA/CHACHA20-POLY1305/SHA256"; break; + case 0x00CCA9: cs_str = "TLS/ECDHE-ECDSA/CHACHA20-POLY1305/SHA256"; break; + case 0x00CCAA: cs_str = "TLS/DHE-RSA/CHACHA20-POLY1305/SHA256"; break; + case 0x00FEFF: cs_str = "SSL3/RSA-FIPS/3DESEDE-CBC/SHA"; break; case 0x00FEFE: cs_str = "SSL3/RSA-FIPS/DES-CBC/SHA"; break; case 0x00FFE1: cs_str = "SSL3/RSA-FIPS/DES56-CBC/SHA"; break; diff --git a/security/nss/lib/dbm/include/cdefs.h b/security/nss/lib/dbm/include/cdefs.h new file mode 100644 index 000000000..6df5a80e3 --- /dev/null +++ b/security/nss/lib/dbm/include/cdefs.h @@ -0,0 +1,126 @@ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Berkeley Software Design, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. ***REMOVED*** - see + * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)cdefs.h 8.7 (Berkeley) 1/21/94 + */ + +#ifndef _CDEFS_H_ +#define _CDEFS_H_ + +#if defined(__cplusplus) +#define __BEGIN_DECLS extern "C" { +#define __END_DECLS } +#else +#define __BEGIN_DECLS +#define __END_DECLS +#endif + +/* + * The __CONCAT macro is used to concatenate parts of symbol names, e.g. + * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. + * The __CONCAT macro is a bit tricky -- make sure you don't put spaces + * in between its arguments. __CONCAT can also concatenate double-quoted + * strings produced by the __STRING macro, but this only works with ANSI C. + */ +#if defined(__STDC__) || defined(__cplusplus) || defined(_WINDOWS) || defined(XP_OS2) +#define __P(protos) protos /* full-blown ANSI C */ +#define __CONCAT(x,y) x ## y +#define __STRING(x) #x + +/* On HP-UX 11.00, defines __const. */ +#ifndef __const +#define __const const /* define reserved names to standard */ +#endif /* __const */ +#define __signed signed +#define __volatile volatile +#ifndef _WINDOWS +#if defined(__cplusplus) +#define __inline inline /* convert to C++ keyword */ +#else +#if !defined(__GNUC__) && !defined(__MWERKS__) +#define __inline /* delete GCC keyword */ +#endif /* !__GNUC__ */ +#endif /* !__cplusplus */ +#endif /* !_WINDOWS */ + +#else /* !(__STDC__ || __cplusplus) */ +#define __P(protos) () /* traditional C preprocessor */ +#define __CONCAT(x,y) x/**/y +#define __STRING(x) "x" + +#ifndef __GNUC__ +#define __const /* delete pseudo-ANSI C keywords */ +#define __inline +#define __signed +#define __volatile +/* + * In non-ANSI C environments, new programs will want ANSI-only C keywords + * deleted from the program and old programs will want them left alone. + * When using a compiler other than gcc, programs using the ANSI C keywords + * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS. + * When using "gcc -traditional", we assume that this is the intent; if + * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone. + */ +#ifndef NO_ANSI_KEYWORDS +#define const /* delete ANSI C keywords */ +#define inline +#define signed +#define volatile +#endif +#endif /* !__GNUC__ */ +#endif /* !(__STDC__ || __cplusplus) */ + +/* + * GCC1 and some versions of GCC2 declare dead (non-returning) and + * pure (no side effects) functions using "volatile" and "const"; + * unfortunately, these then cause warnings under "-ansi -pedantic". + * GCC2 uses a new, peculiar __attribute__((attrs)) style. All of + * these work for GNU C++ (modulo a slight glitch in the C++ grammar + * in the distribution version of 2.5.5). + */ +#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC_MINOR__ < 5 +#define __attribute__(x) /* delete __attribute__ if non-gcc or gcc1 */ +#if defined(__GNUC__) && !defined(__STRICT_ANSI__) +#define __dead __volatile +#define __pure __const +#endif +#endif + +/* Delete pseudo-keywords wherever they are not available or needed. */ +#ifndef __dead +#define __dead +#define __pure +#endif + +#endif /* !_CDEFS_H_ */ diff --git a/security/nss/lib/dbm/include/mpool.h b/security/nss/lib/dbm/include/mpool.h new file mode 100644 index 000000000..0483d243e --- /dev/null +++ b/security/nss/lib/dbm/include/mpool.h @@ -0,0 +1,97 @@ +/*- + * Copyright (c) 1991, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. ***REMOVED*** - see + * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)mpool.h 8.2 (Berkeley) 7/14/94 + */ + +#include + +/* + * The memory pool scheme is a simple one. Each in-memory page is referenced + * by a bucket which is threaded in up to two of three ways. All active pages + * are threaded on a hash chain (hashed by page number) and an lru chain. + * Inactive pages are threaded on a free chain. Each reference to a memory + * pool is handed an opaque MPOOL cookie which stores all of this information. + */ +#define HASHSIZE 128 +#define HASHKEY(pgno) ((pgno - 1) % HASHSIZE) + +/* The BKT structures are the elements of the queues. */ +typedef struct _bkt { + CIRCLEQ_ENTRY(_bkt) hq; /* hash queue */ + CIRCLEQ_ENTRY(_bkt) q; /* lru queue */ + void *page; /* page */ + pgno_t pgno; /* page number */ + +#define MPOOL_DIRTY 0x01 /* page needs to be written */ +#define MPOOL_PINNED 0x02 /* page is pinned into memory */ + uint8 flags; /* flags */ +} BKT; + +typedef struct MPOOL { + CIRCLEQ_HEAD(_lqh, _bkt) lqh; /* lru queue head */ + /* hash queue array */ + CIRCLEQ_HEAD(_hqh, _bkt) hqh[HASHSIZE]; + pgno_t curcache; /* current number of cached pages */ + pgno_t maxcache; /* max number of cached pages */ + pgno_t npages; /* number of pages in the file */ + uint32 pagesize; /* file page size */ + int fd; /* file descriptor */ + /* page in conversion routine */ + void (*pgin) (void *, pgno_t, void *); + /* page out conversion routine */ + void (*pgout) (void *, pgno_t, void *); + void *pgcookie; /* cookie for page in/out routines */ +#ifdef STATISTICS + uint32 cachehit; + uint32 cachemiss; + uint32 pagealloc; + uint32 pageflush; + uint32 pageget; + uint32 pagenew; + uint32 pageput; + uint32 pageread; + uint32 pagewrite; +#endif +} MPOOL; + +__BEGIN_DECLS +MPOOL *mpool_open (void *, int, pgno_t, pgno_t); +void mpool_filter (MPOOL *, void (*)(void *, pgno_t, void *), + void (*)(void *, pgno_t, void *), void *); +void *mpool_new (MPOOL *, pgno_t *); +void *mpool_get (MPOOL *, pgno_t, uint); +int mpool_put (MPOOL *, void *, uint); +int mpool_sync (MPOOL *); +int mpool_close (MPOOL *); +#ifdef STATISTICS +void mpool_stat (MPOOL *); +#endif +__END_DECLS diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index ab0b1e571..d9f876bed 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -479,6 +479,31 @@ ifndef NSS_DISABLE_ECC endif endif +# poly1305-donna-x64-sse2-incremental-source.c requires __int128 support +# in GCC 4.6.0. +ifeq ($(CC_NAME),clang) + HAVE_INT128_SUPPORT = 1 +else ifeq (1,$(CC_IS_GCC)) + ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) + HAVE_INT128_SUPPORT = 1 + endif + ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) + HAVE_INT128_SUPPORT = 1 + endif +endif + +ifeq ($(CPU_ARCH),x86_64) + ifdef HAVE_INT128_SUPPORT + EXTRA_SRCS += poly1305-donna-x64-sse2-incremental-source.c + else + EXTRA_SRCS += poly1305.c + endif + EXTRA_SRCS += chacha20_vec.c +else + EXTRA_SRCS += poly1305.c + EXTRA_SRCS += chacha20.c +endif # x86_64 + ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index c0bf40a56..4c631c72d 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -986,6 +986,35 @@ Camellia_Decrypt(CamelliaContext *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen); +/******************************************/ +/* +** ChaCha20+Poly1305 AEAD +*/ + +extern SECStatus ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, + const unsigned char *key, + unsigned int keyLen, + unsigned int tagLen); + +extern ChaCha20Poly1305Context *ChaCha20Poly1305_CreateContext( + const unsigned char *key, unsigned int keyLen, unsigned int tagLen); + +extern void ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, + PRBool freeit); + +extern SECStatus ChaCha20Poly1305_Seal( + const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen); + +extern SECStatus ChaCha20Poly1305_Open( + const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen); /******************************************/ /* diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h index 8e172d424..eacf48a7e 100644 --- a/security/nss/lib/freebl/blapit.h +++ b/security/nss/lib/freebl/blapit.h @@ -222,6 +222,7 @@ struct SHA256ContextStr ; struct SHA512ContextStr ; struct AESKeyWrapContextStr ; struct SEEDContextStr ; +struct ChaCha20Poly1305ContextStr; typedef struct DESContextStr DESContext; typedef struct RC2ContextStr RC2Context; @@ -240,6 +241,7 @@ typedef struct SHA512ContextStr SHA512Context; typedef struct SHA512ContextStr SHA384Context; typedef struct AESKeyWrapContextStr AESKeyWrapContext; typedef struct SEEDContextStr SEEDContext; +typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context; /*************************************************************************** ** RSA Public and Private Key structures diff --git a/security/nss/lib/freebl/chacha20.c b/security/nss/lib/freebl/chacha20.c new file mode 100644 index 000000000..687be6639 --- /dev/null +++ b/security/nss/lib/freebl/chacha20.c @@ -0,0 +1,111 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Adopted from the public domain code in NaCl by djb. */ + +#include +#include + +#include "prtypes.h" +#include "secport.h" +#include "chacha20.h" + +#if defined(_MSC_VER) +#pragma intrinsic(_lrotl) +#define ROTL32(x, n) _lrotl(x, n) +#else +#define ROTL32(x, n) ((x << n) | (x >> ((8 * sizeof x) - n))) +#endif + +#define ROTATE(v, c) ROTL32((v), (c)) + +#define U32TO8_LITTLE(p, v) \ + { (p)[0] = ((v) ) & 0xff; (p)[1] = ((v) >> 8) & 0xff; \ + (p)[2] = ((v) >> 16) & 0xff; (p)[3] = ((v) >> 24) & 0xff; } +#define U8TO32_LITTLE(p) \ + (((PRUint32)((p)[0]) ) | ((PRUint32)((p)[1]) << 8) | \ + ((PRUint32)((p)[2]) << 16) | ((PRUint32)((p)[3]) << 24)) + +#define QUARTERROUND(x, a, b, c, d) \ + x[a] = x[a] + x[b]; x[d] = ROTATE(x[d] ^ x[a], 16); \ + x[c] = x[c] + x[d]; x[b] = ROTATE(x[b] ^ x[c], 12); \ + x[a] = x[a] + x[b]; x[d] = ROTATE(x[d] ^ x[a], 8); \ + x[c] = x[c] + x[d]; x[b] = ROTATE(x[b] ^ x[c], 7); + +static void +ChaChaCore(unsigned char output[64], const PRUint32 input[16], int num_rounds) +{ + PRUint32 x[16]; + int i; + + PORT_Memcpy(x, input, sizeof(PRUint32) * 16); + for (i = num_rounds; i > 0; i -= 2) { + QUARTERROUND(x, 0, 4, 8, 12) + QUARTERROUND(x, 1, 5, 9, 13) + QUARTERROUND(x, 2, 6, 10, 14) + QUARTERROUND(x, 3, 7, 11, 15) + QUARTERROUND(x, 0, 5, 10, 15) + QUARTERROUND(x, 1, 6, 11, 12) + QUARTERROUND(x, 2, 7, 8, 13) + QUARTERROUND(x, 3, 4, 9, 14) + } + + for (i = 0; i < 16; ++i) { + x[i] = x[i] + input[i]; + } + for (i = 0; i < 16; ++i) { + U32TO8_LITTLE(output + 4 * i, x[i]); + } +} + +static const unsigned char sigma[16] = "expand 32-byte k"; + +void +ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inLen, + const unsigned char key[32], const unsigned char nonce[12], + uint32_t counter) +{ + unsigned char block[64]; + PRUint32 input[16]; + unsigned int i; + + input[4] = U8TO32_LITTLE(key + 0); + input[5] = U8TO32_LITTLE(key + 4); + input[6] = U8TO32_LITTLE(key + 8); + input[7] = U8TO32_LITTLE(key + 12); + + input[8] = U8TO32_LITTLE(key + 16); + input[9] = U8TO32_LITTLE(key + 20); + input[10] = U8TO32_LITTLE(key + 24); + input[11] = U8TO32_LITTLE(key + 28); + + input[0] = U8TO32_LITTLE(sigma + 0); + input[1] = U8TO32_LITTLE(sigma + 4); + input[2] = U8TO32_LITTLE(sigma + 8); + input[3] = U8TO32_LITTLE(sigma + 12); + + input[12] = counter; + input[13] = U8TO32_LITTLE(nonce + 0); + input[14] = U8TO32_LITTLE(nonce + 4); + input[15] = U8TO32_LITTLE(nonce + 8); + + while (inLen >= 64) { + ChaChaCore(block, input, 20); + for (i = 0; i < 64; i++) { + out[i] = in[i] ^ block[i]; + } + + input[12]++; + inLen -= 64; + in += 64; + out += 64; + } + + if (inLen > 0) { + ChaChaCore(block, input, 20); + for (i = 0; i < inLen; i++) { + out[i] = in[i] ^ block[i]; + } + } +} diff --git a/security/nss/lib/freebl/chacha20.h b/security/nss/lib/freebl/chacha20.h new file mode 100644 index 000000000..7e396fa8c --- /dev/null +++ b/security/nss/lib/freebl/chacha20.h @@ -0,0 +1,26 @@ +/* + * chacha20.h - header file for ChaCha20 implementation. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef FREEBL_CHACHA20_H_ +#define FREEBL_CHACHA20_H_ + +#if defined(_MSC_VER) && _MSC_VER < 1600 +#include "prtypes.h" +typedef PRUint32 uint32_t; +typedef PRUint64 uint64_t; +#else +#include +#endif + +/* ChaCha20XOR encrypts |inLen| bytes from |in| with the given key and + * nonce and writes the result to |out|, which may be equal to |in|. The + * initial block counter is specified by |counter|. */ +extern void ChaCha20XOR(unsigned char *out, const unsigned char *in, + unsigned int inLen, const unsigned char key[32], + const unsigned char nonce[12], uint32_t counter); + +#endif /* FREEBL_CHACHA20_H_ */ diff --git a/security/nss/lib/freebl/chacha20_vec.c b/security/nss/lib/freebl/chacha20_vec.c new file mode 100644 index 000000000..352b70d38 --- /dev/null +++ b/security/nss/lib/freebl/chacha20_vec.c @@ -0,0 +1,278 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This implementation is by Ted Krovetz and was submitted to SUPERCOP and + * marked as public domain. It was been altered to allow for non-aligned inputs + * and to allow the block counter to be passed in specifically. */ + +#include + +#include "chacha20.h" + +#ifndef CHACHA_RNDS +#define CHACHA_RNDS 20 /* 8 (high speed), 20 (conservative), 12 (middle) */ +#endif + +/* Architecture-neutral way to specify 16-byte vector of ints */ +typedef unsigned vec __attribute__ ((vector_size (16))); + +/* This implementation is designed for Neon, SSE and AltiVec machines. The + * following specify how to do certain vector operations efficiently on + * each architecture, using intrinsics. + * This implementation supports parallel processing of multiple blocks, + * including potentially using general-purpose registers. + */ +#if __ARM_NEON__ +#include +#define GPR_TOO 1 +#define VBPI 2 +#define ONE (vec)vsetq_lane_u32(1,vdupq_n_u32(0),0) +#define LOAD(m) (vec)(*((vec*)(m))) +#define STORE(m,r) (*((vec*)(m))) = (r) +#define ROTV1(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,1) +#define ROTV2(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,2) +#define ROTV3(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,3) +#define ROTW16(x) (vec)vrev32q_u16((uint16x8_t)x) +#if __clang__ +#define ROTW7(x) (x << ((vec){ 7, 7, 7, 7})) ^ (x >> ((vec){25,25,25,25})) +#define ROTW8(x) (x << ((vec){ 8, 8, 8, 8})) ^ (x >> ((vec){24,24,24,24})) +#define ROTW12(x) (x << ((vec){12,12,12,12})) ^ (x >> ((vec){20,20,20,20})) +#else +#define ROTW7(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,7),(uint32x4_t)x,25) +#define ROTW8(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,8),(uint32x4_t)x,24) +#define ROTW12(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,12),(uint32x4_t)x,20) +#endif +#elif __SSE2__ +#include +#define GPR_TOO 0 +#if __clang__ +#define VBPI 4 +#else +#define VBPI 3 +#endif +#define ONE (vec)_mm_set_epi32(0,0,0,1) +#define LOAD(m) (vec)_mm_loadu_si128((__m128i*)(m)) +#define STORE(m,r) _mm_storeu_si128((__m128i*)(m), (__m128i) (r)) +#define ROTV1(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(0,3,2,1)) +#define ROTV2(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(1,0,3,2)) +#define ROTV3(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(2,1,0,3)) +#define ROTW7(x) (vec)(_mm_slli_epi32((__m128i)x, 7) ^ _mm_srli_epi32((__m128i)x,25)) +#define ROTW12(x) (vec)(_mm_slli_epi32((__m128i)x,12) ^ _mm_srli_epi32((__m128i)x,20)) +#if __SSSE3__ +#include +#define ROTW8(x) (vec)_mm_shuffle_epi8((__m128i)x,_mm_set_epi8(14,13,12,15,10,9,8,11,6,5,4,7,2,1,0,3)) +#define ROTW16(x) (vec)_mm_shuffle_epi8((__m128i)x,_mm_set_epi8(13,12,15,14,9,8,11,10,5,4,7,6,1,0,3,2)) +#else +#define ROTW8(x) (vec)(_mm_slli_epi32((__m128i)x, 8) ^ _mm_srli_epi32((__m128i)x,24)) +#define ROTW16(x) (vec)(_mm_slli_epi32((__m128i)x,16) ^ _mm_srli_epi32((__m128i)x,16)) +#endif +#else +#error -- Implementation supports only machines with neon or SSE2 +#endif + +#ifndef REVV_BE +#define REVV_BE(x) (x) +#endif + +#ifndef REVW_BE +#define REVW_BE(x) (x) +#endif + +#define BPI (VBPI + GPR_TOO) /* Blocks computed per loop iteration */ + +#define DQROUND_VECTORS(a,b,c,d) \ + a += b; d ^= a; d = ROTW16(d); \ + c += d; b ^= c; b = ROTW12(b); \ + a += b; d ^= a; d = ROTW8(d); \ + c += d; b ^= c; b = ROTW7(b); \ + b = ROTV1(b); c = ROTV2(c); d = ROTV3(d); \ + a += b; d ^= a; d = ROTW16(d); \ + c += d; b ^= c; b = ROTW12(b); \ + a += b; d ^= a; d = ROTW8(d); \ + c += d; b ^= c; b = ROTW7(b); \ + b = ROTV3(b); c = ROTV2(c); d = ROTV1(d); + +#define QROUND_WORDS(a,b,c,d) \ + a = a+b; d ^= a; d = d<<16 | d>>16; \ + c = c+d; b ^= c; b = b<<12 | b>>20; \ + a = a+b; d ^= a; d = d<< 8 | d>>24; \ + c = c+d; b ^= c; b = b<< 7 | b>>25; + +#define WRITE_XOR(in, op, d, v0, v1, v2, v3) \ + STORE(op + d + 0, LOAD(in + d + 0) ^ REVV_BE(v0)); \ + STORE(op + d + 4, LOAD(in + d + 4) ^ REVV_BE(v1)); \ + STORE(op + d + 8, LOAD(in + d + 8) ^ REVV_BE(v2)); \ + STORE(op + d +12, LOAD(in + d +12) ^ REVV_BE(v3)); + +void +ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inlen, + const unsigned char key[32], const unsigned char nonce[12], + uint32_t counter) +{ + unsigned iters, i, *op=(unsigned *)out, *ip=(unsigned *)in, *kp; +#if defined(__ARM_NEON__) + unsigned *np; +#endif + vec s0, s1, s2, s3; +#if !defined(__ARM_NEON__) && !defined(__SSE2__) + __attribute__ ((aligned (16))) unsigned key[8], nonce[4]; +#endif + __attribute__ ((aligned (16))) unsigned chacha_const[] = + {0x61707865,0x3320646E,0x79622D32,0x6B206574}; +#if defined(__ARM_NEON__) || defined(__SSE2__) + kp = (unsigned *)key; +#else + ((vec *)key)[0] = REVV_BE(((vec *)key)[0]); + ((vec *)key)[1] = REVV_BE(((vec *)key)[1]); + ((unsigned *)nonce)[0] = REVW_BE(((unsigned *)nonce)[0]); + ((unsigned *)nonce)[1] = REVW_BE(((unsigned *)nonce)[1]); + ((unsigned *)nonce)[2] = REVW_BE(((unsigned *)nonce)[2]); + ((unsigned *)nonce)[3] = REVW_BE(((unsigned *)nonce)[3]); + kp = (unsigned *)key; + np = (unsigned *)nonce; +#endif +#if defined(__ARM_NEON__) + np = (unsigned*) nonce; +#endif + s0 = LOAD(chacha_const); + s1 = LOAD(&((vec*)kp)[0]); + s2 = LOAD(&((vec*)kp)[1]); + s3 = (vec) { + counter, + ((uint32_t*)nonce)[0], + ((uint32_t*)nonce)[1], + ((uint32_t*)nonce)[2] + }; + + for (iters = 0; iters < inlen/(BPI*64); iters++) { +#if GPR_TOO + register unsigned x0, x1, x2, x3, x4, x5, x6, x7, x8, + x9, x10, x11, x12, x13, x14, x15; +#endif +#if VBPI > 2 + vec v8,v9,v10,v11; +#endif +#if VBPI > 3 + vec v12,v13,v14,v15; +#endif + + vec v0,v1,v2,v3,v4,v5,v6,v7; + v4 = v0 = s0; v5 = v1 = s1; v6 = v2 = s2; v3 = s3; + v7 = v3 + ONE; +#if VBPI > 2 + v8 = v4; v9 = v5; v10 = v6; + v11 = v7 + ONE; +#endif +#if VBPI > 3 + v12 = v8; v13 = v9; v14 = v10; + v15 = v11 + ONE; +#endif +#if GPR_TOO + x0 = chacha_const[0]; x1 = chacha_const[1]; + x2 = chacha_const[2]; x3 = chacha_const[3]; + x4 = kp[0]; x5 = kp[1]; x6 = kp[2]; x7 = kp[3]; + x8 = kp[4]; x9 = kp[5]; x10 = kp[6]; x11 = kp[7]; + x12 = counter+BPI*iters+(BPI-1); x13 = np[0]; + x14 = np[1]; x15 = np[2]; +#endif + for (i = CHACHA_RNDS/2; i; i--) { + DQROUND_VECTORS(v0,v1,v2,v3) + DQROUND_VECTORS(v4,v5,v6,v7) +#if VBPI > 2 + DQROUND_VECTORS(v8,v9,v10,v11) +#endif +#if VBPI > 3 + DQROUND_VECTORS(v12,v13,v14,v15) +#endif +#if GPR_TOO + QROUND_WORDS( x0, x4, x8,x12) + QROUND_WORDS( x1, x5, x9,x13) + QROUND_WORDS( x2, x6,x10,x14) + QROUND_WORDS( x3, x7,x11,x15) + QROUND_WORDS( x0, x5,x10,x15) + QROUND_WORDS( x1, x6,x11,x12) + QROUND_WORDS( x2, x7, x8,x13) + QROUND_WORDS( x3, x4, x9,x14) +#endif + } + + WRITE_XOR(ip, op, 0, v0+s0, v1+s1, v2+s2, v3+s3) + s3 += ONE; + WRITE_XOR(ip, op, 16, v4+s0, v5+s1, v6+s2, v7+s3) + s3 += ONE; +#if VBPI > 2 + WRITE_XOR(ip, op, 32, v8+s0, v9+s1, v10+s2, v11+s3) + s3 += ONE; +#endif +#if VBPI > 3 + WRITE_XOR(ip, op, 48, v12+s0, v13+s1, v14+s2, v15+s3) + s3 += ONE; +#endif + ip += VBPI*16; + op += VBPI*16; +#if GPR_TOO + op[0] = REVW_BE(REVW_BE(ip[0]) ^ (x0 + chacha_const[0])); + op[1] = REVW_BE(REVW_BE(ip[1]) ^ (x1 + chacha_const[1])); + op[2] = REVW_BE(REVW_BE(ip[2]) ^ (x2 + chacha_const[2])); + op[3] = REVW_BE(REVW_BE(ip[3]) ^ (x3 + chacha_const[3])); + op[4] = REVW_BE(REVW_BE(ip[4]) ^ (x4 + kp[0])); + op[5] = REVW_BE(REVW_BE(ip[5]) ^ (x5 + kp[1])); + op[6] = REVW_BE(REVW_BE(ip[6]) ^ (x6 + kp[2])); + op[7] = REVW_BE(REVW_BE(ip[7]) ^ (x7 + kp[3])); + op[8] = REVW_BE(REVW_BE(ip[8]) ^ (x8 + kp[4])); + op[9] = REVW_BE(REVW_BE(ip[9]) ^ (x9 + kp[5])); + op[10] = REVW_BE(REVW_BE(ip[10]) ^ (x10 + kp[6])); + op[11] = REVW_BE(REVW_BE(ip[11]) ^ (x11 + kp[7])); + op[12] = REVW_BE(REVW_BE(ip[12]) ^ (x12 + counter+BPI*iters+(BPI-1))); + op[13] = REVW_BE(REVW_BE(ip[13]) ^ (x13 + np[0])); + op[14] = REVW_BE(REVW_BE(ip[14]) ^ (x14 + np[1])); + op[15] = REVW_BE(REVW_BE(ip[15]) ^ (x15 + np[2])); + s3 += ONE; + ip += 16; + op += 16; +#endif + } + + for (iters = inlen%(BPI*64)/64; iters != 0; iters--) { + vec v0 = s0, v1 = s1, v2 = s2, v3 = s3; + for (i = CHACHA_RNDS/2; i; i--) { + DQROUND_VECTORS(v0,v1,v2,v3); + } + WRITE_XOR(ip, op, 0, v0+s0, v1+s1, v2+s2, v3+s3) + s3 += ONE; + ip += 16; + op += 16; + } + + inlen = inlen % 64; + if (inlen) { + __attribute__ ((aligned (16))) vec buf[4]; + vec v0,v1,v2,v3; + v0 = s0; v1 = s1; v2 = s2; v3 = s3; + for (i = CHACHA_RNDS/2; i; i--) { + DQROUND_VECTORS(v0,v1,v2,v3); + } + + if (inlen >= 16) { + STORE(op + 0, LOAD(ip + 0) ^ REVV_BE(v0 + s0)); + if (inlen >= 32) { + STORE(op + 4, LOAD(ip + 4) ^ REVV_BE(v1 + s1)); + if (inlen >= 48) { + STORE(op + 8, LOAD(ip + 8) ^ REVV_BE(v2 + s2)); + buf[3] = REVV_BE(v3 + s3); + } else { + buf[2] = REVV_BE(v2 + s2); + } + } else { + buf[1] = REVV_BE(v1 + s1); + } + } else { + buf[0] = REVV_BE(v0 + s0); + } + + for (i=inlen & ~15; i +#include + +#include "seccomon.h" +#include "secerr.h" +#include "blapit.h" +#include "poly1305.h" +#include "chacha20.h" +#include "chacha20poly1305.h" + +/* Poly1305Do writes the Poly1305 authenticator of the given additional data + * and ciphertext to |out|. */ +static void +Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen, + const unsigned char *ciphertext, unsigned int ciphertextLen, + const unsigned char key[32]) +{ + poly1305_state state; + unsigned int j; + unsigned char lengthBytes[8]; + static const unsigned char zeros[15]; + unsigned int i; + + Poly1305Init(&state, key); + Poly1305Update(&state, ad, adLen); + if (adLen % 16 > 0) { + Poly1305Update(&state, zeros, 16 - adLen % 16); + } + Poly1305Update(&state, ciphertext, ciphertextLen); + if (ciphertextLen % 16 > 0) { + Poly1305Update(&state, zeros, 16 - ciphertextLen % 16); + } + j = adLen; + for (i = 0; i < sizeof(lengthBytes); i++) { + lengthBytes[i] = j; + j >>= 8; + } + Poly1305Update(&state, lengthBytes, sizeof(lengthBytes)); + j = ciphertextLen; + for (i = 0; i < sizeof(lengthBytes); i++) { + lengthBytes[i] = j; + j >>= 8; + } + Poly1305Update(&state, lengthBytes, sizeof(lengthBytes)); + Poly1305Finish(&state, out); +} + +SECStatus +ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, + const unsigned char *key, unsigned int keyLen, + unsigned int tagLen) +{ + if (keyLen != 32) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } + if (tagLen == 0 || tagLen > 16) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + + PORT_Memcpy(ctx->key, key, sizeof(ctx->key)); + ctx->tagLen = tagLen; + + return SECSuccess; +} + +ChaCha20Poly1305Context * +ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen, + unsigned int tagLen) +{ + ChaCha20Poly1305Context *ctx; + + ctx = PORT_New(ChaCha20Poly1305Context); + if (ctx == NULL) { + return NULL; + } + + if (ChaCha20Poly1305_InitContext(ctx, key, keyLen, tagLen) != SECSuccess) { + PORT_Free(ctx); + ctx = NULL; + } + + return ctx; +} + +void +ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, PRBool freeit) +{ + PORT_Memset(ctx, 0, sizeof(*ctx)); + if (freeit) { + PORT_Free(ctx); + } +} + +SECStatus +ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + unsigned char block[64]; + unsigned char tag[16]; + + if (nonceLen != 12) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + *outputLen = inputLen + ctx->tagLen; + if (maxOutputLen < *outputLen) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + + PORT_Memset(block, 0, sizeof(block)); + // Generate a block of keystream. The first 32 bytes will be the poly1305 + // key. The remainder of the block is discarded. + ChaCha20XOR(block, block, sizeof(block), ctx->key, nonce, 0); + ChaCha20XOR(output, input, inputLen, ctx->key, nonce, 1); + + Poly1305Do(tag, ad, adLen, output, inputLen, block); + PORT_Memcpy(output + inputLen, tag, ctx->tagLen); + + return SECSuccess; +} + +SECStatus +ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + unsigned char block[64]; + unsigned char tag[16]; + unsigned int ciphertextLen; + + if (nonceLen != 12) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + if (inputLen < ctx->tagLen) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + ciphertextLen = inputLen - ctx->tagLen; + *outputLen = ciphertextLen; + if (maxOutputLen < *outputLen) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + + PORT_Memset(block, 0, sizeof(block)); + // Generate a block of keystream. The first 32 bytes will be the poly1305 + // key. The remainder of the block is discarded. + ChaCha20XOR(block, block, sizeof(block), ctx->key, nonce, 0); + Poly1305Do(tag, ad, adLen, input, ciphertextLen, block); + if (NSS_SecureMemcmp(tag, &input[ciphertextLen], ctx->tagLen) != 0) { + PORT_SetError(SEC_ERROR_BAD_DATA); + return SECFailure; + } + + ChaCha20XOR(output, input, ciphertextLen, ctx->key, nonce, 1); + + return SECSuccess; +} diff --git a/security/nss/lib/freebl/chacha20poly1305.h b/security/nss/lib/freebl/chacha20poly1305.h new file mode 100644 index 000000000..c77632aa1 --- /dev/null +++ b/security/nss/lib/freebl/chacha20poly1305.h @@ -0,0 +1,15 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _CHACHA20_POLY1305_H_ +#define _CHACHA20_POLY1305_H_ 1 + +/* ChaCha20Poly1305ContextStr saves the key and tag length for a + * ChaCha20+Poly1305 AEAD operation. */ +struct ChaCha20Poly1305ContextStr { + unsigned char key[32]; + unsigned char tagLen; +}; + +#endif /* _CHACHA20_POLY1305_H_ */ diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c index 1d9affec2..e11e4f6ae 100644 --- a/security/nss/lib/freebl/ldvector.c +++ b/security/nss/lib/freebl/ldvector.c @@ -286,9 +286,17 @@ static const struct FREEBLVectorStr vector = EC_FillParams, EC_DecodeParams, - EC_CopyParams + EC_CopyParams, /* End of Version 3.017 */ + + ChaCha20Poly1305_InitContext, + ChaCha20Poly1305_CreateContext, + ChaCha20Poly1305_DestroyContext, + ChaCha20Poly1305_Seal, + ChaCha20Poly1305_Open + + /* End of Version 3.018 */ }; const FREEBLVector * diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 9105a6900..821aa19ae 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -2128,3 +2128,59 @@ SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, return (vector->p_EC_CopyParams)(arena, dstParams, srcParams); } +SECStatus +ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, + const unsigned char *key, unsigned int keyLen, + unsigned int tagLen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_ChaCha20Poly1305_InitContext)(ctx, key, keyLen, tagLen); +} + +ChaCha20Poly1305Context * +ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen, + unsigned int tagLen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return NULL; + return (vector->p_ChaCha20Poly1305_CreateContext)(key, keyLen, tagLen); +} + +void +ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, PRBool freeit) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return; + (vector->p_ChaCha20Poly1305_DestroyContext)(ctx, freeit); +} + +SECStatus +ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx, + unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_ChaCha20Poly1305_Seal)( + ctx, output, outputLen, maxOutputLen, input, inputLen, + nonce, nonceLen, ad, adLen); +} + +SECStatus +ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, + unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_ChaCha20Poly1305_Open)( + ctx, output, outputLen, maxOutputLen, input, inputLen, + nonce, nonceLen, ad, adLen); +} diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h index 65cfd76de..9f533efd3 100644 --- a/security/nss/lib/freebl/loader.h +++ b/security/nss/lib/freebl/loader.h @@ -10,7 +10,7 @@ #include "blapi.h" -#define FREEBL_VERSION 0x0311 +#define FREEBL_VERSION 0x0312 struct FREEBLVectorStr { @@ -707,6 +707,33 @@ struct FREEBLVectorStr { /* Version 3.017 came to here */ + SECStatus (* p_ChaCha20Poly1305_InitContext)(ChaCha20Poly1305Context *ctx, + const unsigned char *key, + unsigned int keyLen, + unsigned int tagLen); + + ChaCha20Poly1305Context *(* p_ChaCha20Poly1305_CreateContext)( + const unsigned char *key, unsigned int keyLen, unsigned int tagLen); + + void (* p_ChaCha20Poly1305_DestroyContext)(ChaCha20Poly1305Context *ctx, + PRBool freeit); + + SECStatus (* p_ChaCha20Poly1305_Seal)( + const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen); + + SECStatus (* p_ChaCha20Poly1305_Open)( + const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen); + + /* Version 3.018 came to here */ + /* Add new function pointers at the end of this struct and bump * FREEBL_VERSION at the beginning of this file. */ }; diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn index 22367809f..e666b78cb 100644 --- a/security/nss/lib/freebl/manifest.mn +++ b/security/nss/lib/freebl/manifest.mn @@ -56,6 +56,7 @@ EXPORTS = \ PRIVATE_EXPORTS = \ alghmac.h \ blapi.h \ + chacha20poly1305.h \ hmacct.h \ secmpi.h \ secrng.h \ @@ -101,6 +102,7 @@ CSRCS = \ desblapi.c \ des.c \ drbg.c \ + chacha20poly1305.c \ cts.c \ ctr.c \ gcm.c \ diff --git a/security/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c b/security/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c new file mode 100644 index 000000000..38cbf35fd --- /dev/null +++ b/security/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c @@ -0,0 +1,623 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This implementation of poly1305 is by Andrew Moon + * (https://github.com/floodyberry/poly1305-donna) and released as public + * domain. It implements SIMD vectorization based on the algorithm described in + * http://cr.yp.to/papers.html#neoncrypto. Unrolled to 2 powers, i.e. 64 byte + * block size. */ + +#include +#include + +#include "poly1305.h" + +#define ALIGN(x) __attribute__((aligned(x))) +#define INLINE inline +#define U8TO64_LE(m) (*(uint64_t*)(m)) +#define U8TO32_LE(m) (*(uint32_t*)(m)) +#define U64TO8_LE(m,v) (*(uint64_t*)(m)) = v + +typedef __m128i xmmi; +typedef unsigned __int128 uint128_t; + +static const uint32_t ALIGN(16) poly1305_x64_sse2_message_mask[4] = {(1 << 26) - 1, 0, (1 << 26) - 1, 0}; +static const uint32_t ALIGN(16) poly1305_x64_sse2_5[4] = {5, 0, 5, 0}; +static const uint32_t ALIGN(16) poly1305_x64_sse2_1shl128[4] = {(1 << 24), 0, (1 << 24), 0}; + +static uint128_t INLINE +add128(uint128_t a, uint128_t b) { + return a + b; +} + +static uint128_t INLINE +add128_64(uint128_t a, uint64_t b) { + return a + b; +} + +static uint128_t INLINE +mul64x64_128(uint64_t a, uint64_t b) { + return (uint128_t)a * b; +} + +static uint64_t INLINE +lo128(uint128_t a) { + return (uint64_t)a; +} + +static uint64_t INLINE +shr128(uint128_t v, const int shift) { + return (uint64_t)(v >> shift); +} + +static uint64_t INLINE +shr128_pair(uint64_t hi, uint64_t lo, const int shift) { + return (uint64_t)((((uint128_t)hi << 64) | lo) >> shift); +} + +typedef struct poly1305_power_t { + union { + xmmi v; + uint64_t u[2]; + uint32_t d[4]; + } R20,R21,R22,R23,R24,S21,S22,S23,S24; +} poly1305_power; + +typedef struct poly1305_state_internal_t { + poly1305_power P[2]; /* 288 bytes, top 32 bit halves unused = 144 bytes of free storage */ + union { + xmmi H[5]; /* 80 bytes */ + uint64_t HH[10]; + }; + /* uint64_t r0,r1,r2; [24 bytes] */ + /* uint64_t pad0,pad1; [16 bytes] */ + uint64_t started; /* 8 bytes */ + uint64_t leftover; /* 8 bytes */ + uint8_t buffer[64]; /* 64 bytes */ +} poly1305_state_internal; /* 448 bytes total + 63 bytes for alignment = 511 bytes raw */ + +static poly1305_state_internal INLINE +*poly1305_aligned_state(poly1305_state *state) { + return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63); +} + +/* copy 0-63 bytes */ +static void INLINE +poly1305_block_copy(uint8_t *dst, const uint8_t *src, size_t bytes) { + size_t offset = src - dst; + if (bytes & 32) { + _mm_storeu_si128((xmmi *)(dst + 0), _mm_loadu_si128((xmmi *)(dst + offset + 0))); + _mm_storeu_si128((xmmi *)(dst + 16), _mm_loadu_si128((xmmi *)(dst + offset + 16))); + dst += 32; + } + if (bytes & 16) { _mm_storeu_si128((xmmi *)dst, _mm_loadu_si128((xmmi *)(dst + offset))); dst += 16; } + if (bytes & 8) { *(uint64_t *)dst = *(uint64_t *)(dst + offset); dst += 8; } + if (bytes & 4) { *(uint32_t *)dst = *(uint32_t *)(dst + offset); dst += 4; } + if (bytes & 2) { *(uint16_t *)dst = *(uint16_t *)(dst + offset); dst += 2; } + if (bytes & 1) { *( uint8_t *)dst = *( uint8_t *)(dst + offset); } +} + +/* zero 0-15 bytes */ +static void INLINE +poly1305_block_zero(uint8_t *dst, size_t bytes) { + if (bytes & 8) { *(uint64_t *)dst = 0; dst += 8; } + if (bytes & 4) { *(uint32_t *)dst = 0; dst += 4; } + if (bytes & 2) { *(uint16_t *)dst = 0; dst += 2; } + if (bytes & 1) { *( uint8_t *)dst = 0; } +} + +static size_t INLINE +poly1305_min(size_t a, size_t b) { + return (a < b) ? a : b; +} + +void +Poly1305Init(poly1305_state *state, const unsigned char key[32]) { + poly1305_state_internal *st = poly1305_aligned_state(state); + poly1305_power *p; + uint64_t r0,r1,r2; + uint64_t t0,t1; + + /* clamp key */ + t0 = U8TO64_LE(key + 0); + t1 = U8TO64_LE(key + 8); + r0 = t0 & 0xffc0fffffff; t0 >>= 44; t0 |= t1 << 20; + r1 = t0 & 0xfffffc0ffff; t1 >>= 24; + r2 = t1 & 0x00ffffffc0f; + + /* store r in un-used space of st->P[1] */ + p = &st->P[1]; + p->R20.d[1] = (uint32_t)(r0 ); + p->R20.d[3] = (uint32_t)(r0 >> 32); + p->R21.d[1] = (uint32_t)(r1 ); + p->R21.d[3] = (uint32_t)(r1 >> 32); + p->R22.d[1] = (uint32_t)(r2 ); + p->R22.d[3] = (uint32_t)(r2 >> 32); + + /* store pad */ + p->R23.d[1] = U8TO32_LE(key + 16); + p->R23.d[3] = U8TO32_LE(key + 20); + p->R24.d[1] = U8TO32_LE(key + 24); + p->R24.d[3] = U8TO32_LE(key + 28); + + /* H = 0 */ + st->H[0] = _mm_setzero_si128(); + st->H[1] = _mm_setzero_si128(); + st->H[2] = _mm_setzero_si128(); + st->H[3] = _mm_setzero_si128(); + st->H[4] = _mm_setzero_si128(); + + st->started = 0; + st->leftover = 0; +} + +static void +poly1305_first_block(poly1305_state_internal *st, const uint8_t *m) { + const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask); + const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5); + const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128); + xmmi T5,T6; + poly1305_power *p; + uint128_t d[3]; + uint64_t r0,r1,r2; + uint64_t r20,r21,r22,s22; + uint64_t pad0,pad1; + uint64_t c; + uint64_t i; + + /* pull out stored info */ + p = &st->P[1]; + + r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; + r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; + r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; + pad0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1]; + pad1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1]; + + /* compute powers r^2,r^4 */ + r20 = r0; + r21 = r1; + r22 = r2; + for (i = 0; i < 2; i++) { + s22 = r22 * (5 << 2); + + d[0] = add128(mul64x64_128(r20, r20), mul64x64_128(r21 * 2, s22)); + d[1] = add128(mul64x64_128(r22, s22), mul64x64_128(r20 * 2, r21)); + d[2] = add128(mul64x64_128(r21, r21), mul64x64_128(r22 * 2, r20)); + + r20 = lo128(d[0]) & 0xfffffffffff; c = shr128(d[0], 44); + d[1] = add128_64(d[1], c); r21 = lo128(d[1]) & 0xfffffffffff; c = shr128(d[1], 44); + d[2] = add128_64(d[2], c); r22 = lo128(d[2]) & 0x3ffffffffff; c = shr128(d[2], 42); + r20 += c * 5; c = (r20 >> 44); r20 = r20 & 0xfffffffffff; + r21 += c; + + p->R20.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)( r20 ) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); + p->R21.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r20 >> 26) | (r21 << 18)) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); + p->R22.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 8) ) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); + p->R23.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 34) | (r22 << 10)) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); + p->R24.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r22 >> 16) ) ), _MM_SHUFFLE(1,0,1,0)); + p->S21.v = _mm_mul_epu32(p->R21.v, FIVE); + p->S22.v = _mm_mul_epu32(p->R22.v, FIVE); + p->S23.v = _mm_mul_epu32(p->R23.v, FIVE); + p->S24.v = _mm_mul_epu32(p->R24.v, FIVE); + p--; + } + + /* put saved info back */ + p = &st->P[1]; + p->R20.d[1] = (uint32_t)(r0 ); + p->R20.d[3] = (uint32_t)(r0 >> 32); + p->R21.d[1] = (uint32_t)(r1 ); + p->R21.d[3] = (uint32_t)(r1 >> 32); + p->R22.d[1] = (uint32_t)(r2 ); + p->R22.d[3] = (uint32_t)(r2 >> 32); + p->R23.d[1] = (uint32_t)(pad0 ); + p->R23.d[3] = (uint32_t)(pad0 >> 32); + p->R24.d[1] = (uint32_t)(pad1 ); + p->R24.d[3] = (uint32_t)(pad1 >> 32); + + /* H = [Mx,My] */ + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24))); + st->H[0] = _mm_and_si128(MMASK, T5); + st->H[1] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + st->H[2] = _mm_and_si128(MMASK, T5); + st->H[3] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + st->H[4] = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); +} + +static void +poly1305_blocks(poly1305_state_internal *st, const uint8_t *m, size_t bytes) { + const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask); + const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5); + const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128); + + poly1305_power *p; + xmmi H0,H1,H2,H3,H4; + xmmi T0,T1,T2,T3,T4,T5,T6; + xmmi M0,M1,M2,M3,M4; + xmmi C1,C2; + + H0 = st->H[0]; + H1 = st->H[1]; + H2 = st->H[2]; + H3 = st->H[3]; + H4 = st->H[4]; + + while (bytes >= 64) { + /* H *= [r^4,r^4] */ + p = &st->P[0]; + T0 = _mm_mul_epu32(H0, p->R20.v); + T1 = _mm_mul_epu32(H0, p->R21.v); + T2 = _mm_mul_epu32(H0, p->R22.v); + T3 = _mm_mul_epu32(H0, p->R23.v); + T4 = _mm_mul_epu32(H0, p->R24.v); + T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5); + + /* H += [Mx,My]*[r^2,r^2] */ + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24))); + M0 = _mm_and_si128(MMASK, T5); + M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + M2 = _mm_and_si128(MMASK, T5); + M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); + + p = &st->P[1]; + T5 = _mm_mul_epu32(M0, p->R20.v); T6 = _mm_mul_epu32(M0, p->R21.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M1, p->S24.v); T6 = _mm_mul_epu32(M1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M2, p->S23.v); T6 = _mm_mul_epu32(M2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M3, p->S22.v); T6 = _mm_mul_epu32(M3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M4, p->S21.v); T6 = _mm_mul_epu32(M4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M0, p->R22.v); T6 = _mm_mul_epu32(M0, p->R23.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M1, p->R21.v); T6 = _mm_mul_epu32(M1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M2, p->R20.v); T6 = _mm_mul_epu32(M2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M3, p->S24.v); T6 = _mm_mul_epu32(M3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M4, p->S23.v); T6 = _mm_mul_epu32(M4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M0, p->R24.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M1, p->R23.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M2, p->R22.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M3, p->R21.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M4, p->R20.v); T4 = _mm_add_epi64(T4, T5); + + /* H += [Mx,My] */ + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 32)), _mm_loadl_epi64((xmmi *)(m + 48))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 40)), _mm_loadl_epi64((xmmi *)(m + 56))); + M0 = _mm_and_si128(MMASK, T5); + M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + M2 = _mm_and_si128(MMASK, T5); + M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); + + T0 = _mm_add_epi64(T0, M0); + T1 = _mm_add_epi64(T1, M1); + T2 = _mm_add_epi64(T2, M2); + T3 = _mm_add_epi64(T3, M3); + T4 = _mm_add_epi64(T4, M4); + + /* reduce */ + C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1); + + /* H = (H*[r^4,r^4] + [Mx,My]*[r^2,r^2] + [Mx,My]) */ + H0 = T0; + H1 = T1; + H2 = T2; + H3 = T3; + H4 = T4; + + m += 64; + bytes -= 64; + } + + st->H[0] = H0; + st->H[1] = H1; + st->H[2] = H2; + st->H[3] = H3; + st->H[4] = H4; +} + +static size_t +poly1305_combine(poly1305_state_internal *st, const uint8_t *m, size_t bytes) { + const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask); + const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128); + const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5); + + poly1305_power *p; + xmmi H0,H1,H2,H3,H4; + xmmi M0,M1,M2,M3,M4; + xmmi T0,T1,T2,T3,T4,T5,T6; + xmmi C1,C2; + + uint64_t r0,r1,r2; + uint64_t t0,t1,t2,t3,t4; + uint64_t c; + size_t consumed = 0; + + H0 = st->H[0]; + H1 = st->H[1]; + H2 = st->H[2]; + H3 = st->H[3]; + H4 = st->H[4]; + + /* p = [r^2,r^2] */ + p = &st->P[1]; + + if (bytes >= 32) { + /* H *= [r^2,r^2] */ + T0 = _mm_mul_epu32(H0, p->R20.v); + T1 = _mm_mul_epu32(H0, p->R21.v); + T2 = _mm_mul_epu32(H0, p->R22.v); + T3 = _mm_mul_epu32(H0, p->R23.v); + T4 = _mm_mul_epu32(H0, p->R24.v); + T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5); + + /* H += [Mx,My] */ + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24))); + M0 = _mm_and_si128(MMASK, T5); + M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + M2 = _mm_and_si128(MMASK, T5); + M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); + + T0 = _mm_add_epi64(T0, M0); + T1 = _mm_add_epi64(T1, M1); + T2 = _mm_add_epi64(T2, M2); + T3 = _mm_add_epi64(T3, M3); + T4 = _mm_add_epi64(T4, M4); + + /* reduce */ + C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1); + + /* H = (H*[r^2,r^2] + [Mx,My]) */ + H0 = T0; + H1 = T1; + H2 = T2; + H3 = T3; + H4 = T4; + + consumed = 32; + } + + /* finalize, H *= [r^2,r] */ + r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; + r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; + r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; + + p->R20.d[2] = (uint32_t)( r0 ) & 0x3ffffff; + p->R21.d[2] = (uint32_t)((r0 >> 26) | (r1 << 18)) & 0x3ffffff; + p->R22.d[2] = (uint32_t)((r1 >> 8) ) & 0x3ffffff; + p->R23.d[2] = (uint32_t)((r1 >> 34) | (r2 << 10)) & 0x3ffffff; + p->R24.d[2] = (uint32_t)((r2 >> 16) ) ; + p->S21.d[2] = p->R21.d[2] * 5; + p->S22.d[2] = p->R22.d[2] * 5; + p->S23.d[2] = p->R23.d[2] * 5; + p->S24.d[2] = p->R24.d[2] * 5; + + /* H *= [r^2,r] */ + T0 = _mm_mul_epu32(H0, p->R20.v); + T1 = _mm_mul_epu32(H0, p->R21.v); + T2 = _mm_mul_epu32(H0, p->R22.v); + T3 = _mm_mul_epu32(H0, p->R23.v); + T4 = _mm_mul_epu32(H0, p->R24.v); + T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5); + + C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1); + + /* H = H[0]+H[1] */ + H0 = _mm_add_epi64(T0, _mm_srli_si128(T0, 8)); + H1 = _mm_add_epi64(T1, _mm_srli_si128(T1, 8)); + H2 = _mm_add_epi64(T2, _mm_srli_si128(T2, 8)); + H3 = _mm_add_epi64(T3, _mm_srli_si128(T3, 8)); + H4 = _mm_add_epi64(T4, _mm_srli_si128(T4, 8)); + + t0 = _mm_cvtsi128_si32(H0) ; c = (t0 >> 26); t0 &= 0x3ffffff; + t1 = _mm_cvtsi128_si32(H1) + c; c = (t1 >> 26); t1 &= 0x3ffffff; + t2 = _mm_cvtsi128_si32(H2) + c; c = (t2 >> 26); t2 &= 0x3ffffff; + t3 = _mm_cvtsi128_si32(H3) + c; c = (t3 >> 26); t3 &= 0x3ffffff; + t4 = _mm_cvtsi128_si32(H4) + c; c = (t4 >> 26); t4 &= 0x3ffffff; + t0 = t0 + (c * 5); c = (t0 >> 26); t0 &= 0x3ffffff; + t1 = t1 + c; + + st->HH[0] = ((t0 ) | (t1 << 26) ) & 0xfffffffffffull; + st->HH[1] = ((t1 >> 18) | (t2 << 8) | (t3 << 34)) & 0xfffffffffffull; + st->HH[2] = ((t3 >> 10) | (t4 << 16) ) & 0x3ffffffffffull; + + return consumed; +} + +void +Poly1305Update(poly1305_state *state, const unsigned char *m, size_t bytes) { + poly1305_state_internal *st = poly1305_aligned_state(state); + size_t want; + + /* need at least 32 initial bytes to start the accelerated branch */ + if (!st->started) { + if ((st->leftover == 0) && (bytes > 32)) { + poly1305_first_block(st, m); + m += 32; + bytes -= 32; + } else { + want = poly1305_min(32 - st->leftover, bytes); + poly1305_block_copy(st->buffer + st->leftover, m, want); + bytes -= want; + m += want; + st->leftover += want; + if ((st->leftover < 32) || (bytes == 0)) + return; + poly1305_first_block(st, st->buffer); + st->leftover = 0; + } + st->started = 1; + } + + /* handle leftover */ + if (st->leftover) { + want = poly1305_min(64 - st->leftover, bytes); + poly1305_block_copy(st->buffer + st->leftover, m, want); + bytes -= want; + m += want; + st->leftover += want; + if (st->leftover < 64) + return; + poly1305_blocks(st, st->buffer, 64); + st->leftover = 0; + } + + /* process 64 byte blocks */ + if (bytes >= 64) { + want = (bytes & ~63); + poly1305_blocks(st, m, want); + m += want; + bytes -= want; + } + + if (bytes) { + poly1305_block_copy(st->buffer + st->leftover, m, bytes); + st->leftover += bytes; + } +} + +void +Poly1305Finish(poly1305_state *state, unsigned char mac[16]) { + poly1305_state_internal *st = poly1305_aligned_state(state); + size_t leftover = st->leftover; + uint8_t *m = st->buffer; + uint128_t d[3]; + uint64_t h0,h1,h2; + uint64_t t0,t1; + uint64_t g0,g1,g2,c,nc; + uint64_t r0,r1,r2,s1,s2; + poly1305_power *p; + + if (st->started) { + size_t consumed = poly1305_combine(st, m, leftover); + leftover -= consumed; + m += consumed; + } + + /* st->HH will either be 0 or have the combined result */ + h0 = st->HH[0]; + h1 = st->HH[1]; + h2 = st->HH[2]; + + p = &st->P[1]; + r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; + r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; + r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; + s1 = r1 * (5 << 2); + s2 = r2 * (5 << 2); + + if (leftover < 16) + goto poly1305_donna_atmost15bytes; + +poly1305_donna_atleast16bytes: + t0 = U8TO64_LE(m + 0); + t1 = U8TO64_LE(m + 8); + h0 += t0 & 0xfffffffffff; + t0 = shr128_pair(t1, t0, 44); + h1 += t0 & 0xfffffffffff; + h2 += (t1 >> 24) | ((uint64_t)1 << 40); + +poly1305_donna_mul: + d[0] = add128(add128(mul64x64_128(h0, r0), mul64x64_128(h1, s2)), mul64x64_128(h2, s1)); + d[1] = add128(add128(mul64x64_128(h0, r1), mul64x64_128(h1, r0)), mul64x64_128(h2, s2)); + d[2] = add128(add128(mul64x64_128(h0, r2), mul64x64_128(h1, r1)), mul64x64_128(h2, r0)); + h0 = lo128(d[0]) & 0xfffffffffff; c = shr128(d[0], 44); + d[1] = add128_64(d[1], c); h1 = lo128(d[1]) & 0xfffffffffff; c = shr128(d[1], 44); + d[2] = add128_64(d[2], c); h2 = lo128(d[2]) & 0x3ffffffffff; c = shr128(d[2], 42); + h0 += c * 5; + + m += 16; + leftover -= 16; + if (leftover >= 16) goto poly1305_donna_atleast16bytes; + + /* final bytes */ +poly1305_donna_atmost15bytes: + if (!leftover) goto poly1305_donna_finish; + + m[leftover++] = 1; + poly1305_block_zero(m + leftover, 16 - leftover); + leftover = 16; + + t0 = U8TO64_LE(m+0); + t1 = U8TO64_LE(m+8); + h0 += t0 & 0xfffffffffff; t0 = shr128_pair(t1, t0, 44); + h1 += t0 & 0xfffffffffff; + h2 += (t1 >> 24); + + goto poly1305_donna_mul; + +poly1305_donna_finish: + c = (h0 >> 44); h0 &= 0xfffffffffff; + h1 += c; c = (h1 >> 44); h1 &= 0xfffffffffff; + h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff; + h0 += c * 5; + + g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff; + g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff; + g2 = h2 + c - ((uint64_t)1 << 42); + + c = (g2 >> 63) - 1; + nc = ~c; + h0 = (h0 & nc) | (g0 & c); + h1 = (h1 & nc) | (g1 & c); + h2 = (h2 & nc) | (g2 & c); + + /* pad */ + t0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1]; + t1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1]; + h0 += (t0 & 0xfffffffffff) ; c = (h0 >> 44); h0 &= 0xfffffffffff; t0 = shr128_pair(t1, t0, 44); + h1 += (t0 & 0xfffffffffff) + c; c = (h1 >> 44); h1 &= 0xfffffffffff; t1 = (t1 >> 24); + h2 += (t1 ) + c; + + U64TO8_LE(mac + 0, ((h0 ) | (h1 << 44))); + U64TO8_LE(mac + 8, ((h1 >> 20) | (h2 << 24))); +} diff --git a/security/nss/lib/freebl/poly1305.c b/security/nss/lib/freebl/poly1305.c new file mode 100644 index 000000000..da0ab6d78 --- /dev/null +++ b/security/nss/lib/freebl/poly1305.c @@ -0,0 +1,261 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This implementation of poly1305 is by Andrew Moon + * (https://github.com/floodyberry/poly1305-donna) and released as public + * domain. */ + +#include + +#include "poly1305.h" + +#if defined(_MSC_VER) && _MSC_VER < 1600 +#include "prtypes.h" +typedef PRUint32 uint32_t; +typedef PRUint64 uint64_t; +#else +#include +#endif + +#if defined(NSS_X86) || defined(NSS_X64) +/* We can assume little-endian. */ +static uint32_t U8TO32_LE(const unsigned char *m) { + uint32_t r; + memcpy(&r, m, sizeof(r)); + return r; +} + +static void U32TO8_LE(unsigned char *m, uint32_t v) { + memcpy(m, &v, sizeof(v)); +} +#else +static uint32_t U8TO32_LE(const unsigned char *m) { + return (uint32_t)m[0] | + (uint32_t)m[1] << 8 | + (uint32_t)m[2] << 16 | + (uint32_t)m[3] << 24; +} + +static void U32TO8_LE(unsigned char *m, uint32_t v) { + m[0] = v; + m[1] = v >> 8; + m[2] = v >> 16; + m[3] = v >> 24; +} +#endif + +static uint64_t +mul32x32_64(uint32_t a, uint32_t b) { + return (uint64_t)a * b; +} + +struct poly1305_state_st { + uint32_t r0,r1,r2,r3,r4; + uint32_t s1,s2,s3,s4; + uint32_t h0,h1,h2,h3,h4; + unsigned char buf[16]; + unsigned int buf_used; + unsigned char key[16]; +}; + +/* update updates |state| given some amount of input data. This function may + * only be called with a |len| that is not a multiple of 16 at the end of the + * data. Otherwise the input must be buffered into 16 byte blocks. */ +static void update(struct poly1305_state_st *state, const unsigned char *in, + size_t len) { + uint32_t t0,t1,t2,t3; + uint64_t t[5]; + uint32_t b; + uint64_t c; + size_t j; + unsigned char mp[16]; + + if (len < 16) + goto poly1305_donna_atmost15bytes; + +poly1305_donna_16bytes: + t0 = U8TO32_LE(in); + t1 = U8TO32_LE(in+4); + t2 = U8TO32_LE(in+8); + t3 = U8TO32_LE(in+12); + + in += 16; + len -= 16; + + state->h0 += t0 & 0x3ffffff; + state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; + state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; + state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; + state->h4 += (t3 >> 8) | (1 << 24); + +poly1305_donna_mul: + t[0] = mul32x32_64(state->h0,state->r0) + + mul32x32_64(state->h1,state->s4) + + mul32x32_64(state->h2,state->s3) + + mul32x32_64(state->h3,state->s2) + + mul32x32_64(state->h4,state->s1); + t[1] = mul32x32_64(state->h0,state->r1) + + mul32x32_64(state->h1,state->r0) + + mul32x32_64(state->h2,state->s4) + + mul32x32_64(state->h3,state->s3) + + mul32x32_64(state->h4,state->s2); + t[2] = mul32x32_64(state->h0,state->r2) + + mul32x32_64(state->h1,state->r1) + + mul32x32_64(state->h2,state->r0) + + mul32x32_64(state->h3,state->s4) + + mul32x32_64(state->h4,state->s3); + t[3] = mul32x32_64(state->h0,state->r3) + + mul32x32_64(state->h1,state->r2) + + mul32x32_64(state->h2,state->r1) + + mul32x32_64(state->h3,state->r0) + + mul32x32_64(state->h4,state->s4); + t[4] = mul32x32_64(state->h0,state->r4) + + mul32x32_64(state->h1,state->r3) + + mul32x32_64(state->h2,state->r2) + + mul32x32_64(state->h3,state->r1) + + mul32x32_64(state->h4,state->r0); + + state->h0 = (uint32_t)t[0] & 0x3ffffff; c = (t[0] >> 26); + t[1] += c; state->h1 = (uint32_t)t[1] & 0x3ffffff; b = (uint32_t)(t[1] >> 26); + t[2] += b; state->h2 = (uint32_t)t[2] & 0x3ffffff; b = (uint32_t)(t[2] >> 26); + t[3] += b; state->h3 = (uint32_t)t[3] & 0x3ffffff; b = (uint32_t)(t[3] >> 26); + t[4] += b; state->h4 = (uint32_t)t[4] & 0x3ffffff; b = (uint32_t)(t[4] >> 26); + state->h0 += b * 5; + + if (len >= 16) + goto poly1305_donna_16bytes; + + /* final bytes */ +poly1305_donna_atmost15bytes: + if (!len) + return; + + for (j = 0; j < len; j++) + mp[j] = in[j]; + mp[j++] = 1; + for (; j < 16; j++) + mp[j] = 0; + len = 0; + + t0 = U8TO32_LE(mp+0); + t1 = U8TO32_LE(mp+4); + t2 = U8TO32_LE(mp+8); + t3 = U8TO32_LE(mp+12); + + state->h0 += t0 & 0x3ffffff; + state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; + state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; + state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; + state->h4 += (t3 >> 8); + + goto poly1305_donna_mul; +} + +void Poly1305Init(poly1305_state *statep, const unsigned char key[32]) { + struct poly1305_state_st *state = (struct poly1305_state_st*) statep; + uint32_t t0,t1,t2,t3; + + t0 = U8TO32_LE(key+0); + t1 = U8TO32_LE(key+4); + t2 = U8TO32_LE(key+8); + t3 = U8TO32_LE(key+12); + + /* precompute multipliers */ + state->r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6; + state->r1 = t0 & 0x3ffff03; t1 >>= 20; t1 |= t2 << 12; + state->r2 = t1 & 0x3ffc0ff; t2 >>= 14; t2 |= t3 << 18; + state->r3 = t2 & 0x3f03fff; t3 >>= 8; + state->r4 = t3 & 0x00fffff; + + state->s1 = state->r1 * 5; + state->s2 = state->r2 * 5; + state->s3 = state->r3 * 5; + state->s4 = state->r4 * 5; + + /* init state */ + state->h0 = 0; + state->h1 = 0; + state->h2 = 0; + state->h3 = 0; + state->h4 = 0; + + state->buf_used = 0; + memcpy(state->key, key + 16, sizeof(state->key)); +} + +void Poly1305Update(poly1305_state *statep, const unsigned char *in, + size_t in_len) { + unsigned int i; + struct poly1305_state_st *state = (struct poly1305_state_st*) statep; + + if (state->buf_used) { + unsigned int todo = 16 - state->buf_used; + if (todo > in_len) + todo = in_len; + for (i = 0; i < todo; i++) + state->buf[state->buf_used + i] = in[i]; + state->buf_used += todo; + in_len -= todo; + in += todo; + + if (state->buf_used == 16) { + update(state, state->buf, 16); + state->buf_used = 0; + } + } + + if (in_len >= 16) { + size_t todo = in_len & ~0xf; + update(state, in, todo); + in += todo; + in_len &= 0xf; + } + + if (in_len) { + for (i = 0; i < in_len; i++) + state->buf[i] = in[i]; + state->buf_used = in_len; + } +} + +void Poly1305Finish(poly1305_state *statep, unsigned char mac[16]) { + struct poly1305_state_st *state = (struct poly1305_state_st*) statep; + uint64_t f0,f1,f2,f3; + uint32_t g0,g1,g2,g3,g4; + uint32_t b, nb; + + if (state->buf_used) + update(state, state->buf, state->buf_used); + + b = state->h0 >> 26; state->h0 = state->h0 & 0x3ffffff; + state->h1 += b; b = state->h1 >> 26; state->h1 = state->h1 & 0x3ffffff; + state->h2 += b; b = state->h2 >> 26; state->h2 = state->h2 & 0x3ffffff; + state->h3 += b; b = state->h3 >> 26; state->h3 = state->h3 & 0x3ffffff; + state->h4 += b; b = state->h4 >> 26; state->h4 = state->h4 & 0x3ffffff; + state->h0 += b * 5; + + g0 = state->h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff; + g1 = state->h1 + b; b = g1 >> 26; g1 &= 0x3ffffff; + g2 = state->h2 + b; b = g2 >> 26; g2 &= 0x3ffffff; + g3 = state->h3 + b; b = g3 >> 26; g3 &= 0x3ffffff; + g4 = state->h4 + b - (1 << 26); + + b = (g4 >> 31) - 1; + nb = ~b; + state->h0 = (state->h0 & nb) | (g0 & b); + state->h1 = (state->h1 & nb) | (g1 & b); + state->h2 = (state->h2 & nb) | (g2 & b); + state->h3 = (state->h3 & nb) | (g3 & b); + state->h4 = (state->h4 & nb) | (g4 & b); + + f0 = ((state->h0 ) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]); + f1 = ((state->h1 >> 6) | (state->h2 << 20)) + (uint64_t)U8TO32_LE(&state->key[4]); + f2 = ((state->h2 >> 12) | (state->h3 << 14)) + (uint64_t)U8TO32_LE(&state->key[8]); + f3 = ((state->h3 >> 18) | (state->h4 << 8)) + (uint64_t)U8TO32_LE(&state->key[12]); + + U32TO8_LE(&mac[ 0], (uint32_t)f0); f1 += (f0 >> 32); + U32TO8_LE(&mac[ 4], (uint32_t)f1); f2 += (f1 >> 32); + U32TO8_LE(&mac[ 8], (uint32_t)f2); f3 += (f2 >> 32); + U32TO8_LE(&mac[12], (uint32_t)f3); +} diff --git a/security/nss/lib/freebl/poly1305.h b/security/nss/lib/freebl/poly1305.h new file mode 100644 index 000000000..0a463483f --- /dev/null +++ b/security/nss/lib/freebl/poly1305.h @@ -0,0 +1,28 @@ +/* + * poly1305.h - header file for Poly1305 implementation. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef FREEBL_POLY1305_H_ +#define FREEBL_POLY1305_H_ + +typedef unsigned char poly1305_state[512]; + +/* Poly1305Init sets up |state| so that it can be used to calculate an + * authentication tag with the one-time key |key|. Note that |key| is a + * one-time key and therefore there is no `reset' method because that would + * enable several messages to be authenticated with the same key. */ +extern void Poly1305Init(poly1305_state* state, const unsigned char key[32]); + +/* Poly1305Update processes |in_len| bytes from |in|. It can be called zero or + * more times after poly1305_init. */ +extern void Poly1305Update(poly1305_state* state, const unsigned char* in, + size_t inLen); + +/* Poly1305Finish completes the poly1305 calculation and writes a 16 byte + * authentication tag to |mac|. */ +extern void Poly1305Finish(poly1305_state* state, unsigned char mac[16]); + +#endif /* FREEBL_POLY1305_H_ */ diff --git a/security/nss/lib/pk11wrap/pk11mech.c b/security/nss/lib/pk11wrap/pk11mech.c index f70c30940..0b4e8a8de 100644 --- a/security/nss/lib/pk11wrap/pk11mech.c +++ b/security/nss/lib/pk11wrap/pk11mech.c @@ -152,6 +152,8 @@ PK11_GetKeyMechanism(CK_KEY_TYPE type) return CKM_SEED_CBC; case CKK_CAMELLIA: return CKM_CAMELLIA_CBC; + case CKK_NSS_CHACHA20: + return CKM_NSS_CHACHA20_POLY1305; case CKK_AES: return CKM_AES_CBC; case CKK_DES: @@ -220,6 +222,9 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len) case CKM_CAMELLIA_KEY_GEN: case CKM_CAMELLIA_GCM: return CKK_CAMELLIA; + case CKM_NSS_CHACHA20_POLY1305: + case CKM_NSS_CHACHA20_KEY_GEN: + return CKK_NSS_CHACHA20; case CKM_AES_ECB: case CKM_AES_CBC: case CKM_AES_CCM: @@ -433,6 +438,8 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size) case CKM_CAMELLIA_KEY_GEN: case CKM_CAMELLIA_GCM: return CKM_CAMELLIA_KEY_GEN; + case CKM_NSS_CHACHA20_POLY1305: + return CKM_NSS_CHACHA20_KEY_GEN; case CKM_AES_ECB: case CKM_AES_CBC: case CKM_AES_CCM: diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 4fd7aecc6..8008d1f05 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -371,6 +371,9 @@ static const struct mechanismList mechanisms[] = { {CKM_SEED_MAC, {16, 16, CKF_SN_VR}, PR_TRUE}, {CKM_SEED_MAC_GENERAL, {16, 16, CKF_SN_VR}, PR_TRUE}, {CKM_SEED_CBC_PAD, {16, 16, CKF_EN_DE_WR_UN}, PR_TRUE}, + /* ------------------------- ChaCha20 Operations ---------------------- */ + {CKM_NSS_CHACHA20_KEY_GEN, {32, 32, CKF_GENERATE}, PR_TRUE}, + {CKM_NSS_CHACHA20_POLY1305,{32, 32, CKF_EN_DE}, PR_TRUE}, /* ------------------------- Hashing Operations ----------------------- */ {CKM_MD2, {0, 0, CKF_DIGEST}, PR_FALSE}, {CKM_MD2_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 012978127..b0d422db8 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -664,6 +664,97 @@ sftk_RSADecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, return rv; } +static SFTKChaCha20Poly1305Info * +sftk_ChaCha20Poly1305_CreateContext(const unsigned char *key, + unsigned int keyLen, + const CK_NSS_AEAD_PARAMS *params) +{ + SFTKChaCha20Poly1305Info *ctx; + + if (params->ulNonceLen != sizeof(ctx->nonce)) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return NULL; + } + + ctx = PORT_New(SFTKChaCha20Poly1305Info); + if (ctx == NULL) { + return NULL; + } + + if (ChaCha20Poly1305_InitContext(&ctx->freeblCtx, key, keyLen, + params->ulTagLen) != SECSuccess) { + PORT_Free(ctx); + return NULL; + } + + PORT_Memcpy(ctx->nonce, params->pNonce, sizeof(ctx->nonce)); + + if (params->ulAADLen > sizeof(ctx->ad)) { + /* Need to allocate an overflow buffer for the additional data. */ + ctx->adOverflow = (unsigned char *)PORT_Alloc(params->ulAADLen); + if (!ctx->adOverflow) { + PORT_Free(ctx); + return NULL; + } + PORT_Memcpy(ctx->adOverflow, params->pAAD, params->ulAADLen); + } else { + ctx->adOverflow = NULL; + PORT_Memcpy(ctx->ad, params->pAAD, params->ulAADLen); + } + ctx->adLen = params->ulAADLen; + + return ctx; +} + +static void +sftk_ChaCha20Poly1305_DestroyContext(SFTKChaCha20Poly1305Info *ctx, + PRBool freeit) +{ + ChaCha20Poly1305_DestroyContext(&ctx->freeblCtx, PR_FALSE); + if (ctx->adOverflow != NULL) { + PORT_Free(ctx->adOverflow); + ctx->adOverflow = NULL; + } + ctx->adLen = 0; + if (freeit) { + PORT_Free(ctx); + } +} + +static SECStatus +sftk_ChaCha20Poly1305_Encrypt(const SFTKChaCha20Poly1305Info *ctx, + unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + const unsigned char *ad = ctx->adOverflow; + + if (ad == NULL) { + ad = ctx->ad; + } + + return ChaCha20Poly1305_Seal(&ctx->freeblCtx, output, outputLen, + maxOutputLen, input, inputLen, ctx->nonce, + sizeof(ctx->nonce), ad, ctx->adLen); +} + +static SECStatus +sftk_ChaCha20Poly1305_Decrypt(const SFTKChaCha20Poly1305Info *ctx, + unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + const unsigned char *ad = ctx->adOverflow; + + if (ad == NULL) { + ad = ctx->ad; + } + + return ChaCha20Poly1305_Open(&ctx->freeblCtx, output, outputLen, + maxOutputLen, input, inputLen, ctx->nonce, + sizeof(ctx->nonce), ad, ctx->adLen); +} + /** NSC_CryptInit initializes an encryption/Decryption operation. * * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey. @@ -1057,6 +1148,34 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, context->destroy = (SFTKDestroy) AES_DestroyContext; break; + case CKM_NSS_CHACHA20_POLY1305: + if (pMechanism->ulParameterLen != sizeof(CK_NSS_AEAD_PARAMS)) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + context->multi = PR_FALSE; + if (key_type != CKK_NSS_CHACHA20) { + crv = CKR_KEY_TYPE_INCONSISTENT; + break; + } + att = sftk_FindAttribute(key,CKA_VALUE); + if (att == NULL) { + crv = CKR_KEY_HANDLE_INVALID; + break; + } + context->cipherInfo = sftk_ChaCha20Poly1305_CreateContext( + (unsigned char*) att->attrib.pValue, att->attrib.ulValueLen, + (CK_NSS_AEAD_PARAMS*) pMechanism->pParameter); + sftk_FreeAttribute(att); + if (context->cipherInfo == NULL) { + crv = sftk_MapCryptError(PORT_GetError()); + break; + } + context->update = (SFTKCipher) (isEncrypt ? sftk_ChaCha20Poly1305_Encrypt : + sftk_ChaCha20Poly1305_Decrypt); + context->destroy = (SFTKDestroy) sftk_ChaCha20Poly1305_DestroyContext; + break; + case CKM_NETSCAPE_AES_KEY_WRAP_PAD: context->doPad = PR_TRUE; /* fall thru */ @@ -3653,6 +3772,10 @@ nsc_SetupBulkKeyGen(CK_MECHANISM_TYPE mechanism, CK_KEY_TYPE *key_type, *key_type = CKK_AES; if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; break; + case CKM_NSS_CHACHA20_KEY_GEN: + *key_type = CKK_NSS_CHACHA20; + if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; + break; default: PORT_Assert(0); crv = CKR_MECHANISM_INVALID; @@ -3899,6 +4022,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, case CKM_SEED_KEY_GEN: case CKM_CAMELLIA_KEY_GEN: case CKM_AES_KEY_GEN: + case CKM_NSS_CHACHA20_KEY_GEN: #if NSS_SOFTOKEN_DOES_RC5 case CKM_RC5_KEY_GEN: #endif diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index 1023a0012..8f16357ce 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -14,6 +14,7 @@ #include "pkcs11t.h" #include "sftkdbt.h" +#include "chacha20poly1305.h" #include "hasht.h" /* @@ -104,6 +105,7 @@ typedef struct SFTKHashSignInfoStr SFTKHashSignInfo; typedef struct SFTKOAEPEncryptInfoStr SFTKOAEPEncryptInfo; typedef struct SFTKOAEPDecryptInfoStr SFTKOAEPDecryptInfo; typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo; +typedef struct SFTKChaCha20Poly1305InfoStr SFTKChaCha20Poly1305Info; typedef struct SFTKItemTemplateStr SFTKItemTemplate; /* define function pointer typdefs for pointer tables */ @@ -399,6 +401,16 @@ struct SFTKSSLMACInfoStr { unsigned int keySize; }; +/* SFTKChaCha20Poly1305Info saves the key, tag length, nonce, + * and additional data for a ChaCha20+Poly1305 AEAD operation. */ +struct SFTKChaCha20Poly1305InfoStr { + ChaCha20Poly1305Context freeblCtx; + unsigned char nonce[12]; + unsigned char ad[16]; + unsigned char *adOverflow; + unsigned int adLen; +}; + /* * Template based on SECItems, suitable for passing as arrays */ diff --git a/security/nss/lib/ssl/manifest.mn b/security/nss/lib/ssl/manifest.mn index 4d46d46b8..371a571d0 100644 --- a/security/nss/lib/ssl/manifest.mn +++ b/security/nss/lib/ssl/manifest.mn @@ -50,4 +50,4 @@ LIBRARY_NAME = ssl LIBRARY_VERSION = 3 # This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 +#export ALLOW_OPT_CODE_SIZE = 1 diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 2a2faf71f..a14e1cafe 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -111,6 +111,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around * bug 946147. */ @@ -127,6 +129,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { #endif /* NSS_DISABLE_ECC */ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -307,6 +310,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { {cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0}, {cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8}, {cipher_aes_256_gcm, calg_aes_gcm, 32,32, type_aead, 4, 0,16, 8}, + {cipher_chacha20, calg_chacha20, 32,32, type_aead, 12, 0,16, 0}, {cipher_camellia_128_gcm, calg_camellia_gcm, 16,16, type_aead, 4, 0,16, 8}, {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, }; @@ -443,6 +447,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss}, {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss}, + {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa}, + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa}, + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa}, + #ifndef NSS_DISABLE_ECC {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, @@ -507,6 +515,7 @@ static const SSLCipher2Mech alg2Mech[] = { { calg_camellia , CKM_CAMELLIA_CBC }, { calg_seed , CKM_SEED_CBC }, { calg_aes_gcm , CKM_AES_GCM }, + { calg_chacha20 , CKM_NSS_CHACHA20_POLY1305 }, { calg_camellia_gcm , CKM_CAMELLIA_GCM }, /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */ }; @@ -551,6 +560,7 @@ const char * const ssl3_cipherName[] = { "SEED-CBC", "AES-128-GCM", "AES-256-GCM", + "ChaCha20-Ploy1305", "Camellia-128-GCM", "missing" }; @@ -696,6 +706,9 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: + case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and @@ -1811,6 +1824,7 @@ ssl3_InitPendingContextsBypass(sslSocket *ss) case ssl_calg_idea: case ssl_calg_fortezza: case ssl_calg_aes_gcm: + case ssl_calg_chacha20: break; } @@ -1933,8 +1947,9 @@ ssl3_CipherGCM(ssl3KeyMaterial *keys, CK_GCM_PARAMS gcmParams; CK_MECHANISM_TYPE mechanism; - static const int tagSize = 16; - static const int explicitNonceLen = 8; + const int tagSize = bulk_cipher_defs[cipher_aes_128_gcm].tag_size; + const int explicitNonceLen = + bulk_cipher_defs[cipher_aes_128_gcm].explicit_nonce_size; /* See https://tools.ietf.org/html/rfc5288#section-3 for details of how the * nonce is formed. */ @@ -2009,8 +2024,9 @@ ssl3_CipherGCMBypass(ssl3KeyMaterial *keys, SSLCipher encode, decode; SSLDestroy destroy; - static const int tagSize = 16; - static const int explicitNonceLen = 8; + const int tagSize = bulk_cipher_defs[cipher_aes_128_gcm].tag_size; + const int explicitNonceLen = + bulk_cipher_defs[cipher_aes_128_gcm].explicit_nonce_size; /* See https://tools.ietf.org/html/rfc5288#section-3 for details of how the * nonce is formed. */ @@ -2084,6 +2100,55 @@ ssl3_CipherGCMBypass(ssl3KeyMaterial *keys, } #endif +static SECStatus +ssl3_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt, + unsigned char *out, int *outlen, int maxout, + const unsigned char *in, int inlen, + const unsigned char *additionalData, + int additionalDataLen, SSLCipherAlgorithm calg) +{ + size_t i; + SECItem param; + SECStatus rv = SECFailure; + unsigned int uOutLen; + unsigned char nonce[12]; + CK_NSS_AEAD_PARAMS aeadParams; + + const int tagSize = bulk_cipher_defs[cipher_chacha20].tag_size; + + /* See + * https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04#section-2 + * for details of how the nonce is formed. */ + PORT_Memcpy(nonce, keys->write_iv, 12); + + /* XOR the last 8 bytes of the IV with the sequence number. */ + PORT_Assert(additionalDataLen >= 8); + for (i = 0; i < 8; ++i) { + nonce[4 + i] ^= additionalData[i]; + } + + param.type = siBuffer; + param.len = sizeof(aeadParams); + param.data = (unsigned char *)&aeadParams; + memset(&aeadParams, 0, sizeof(aeadParams)); + aeadParams.pNonce = nonce; + aeadParams.ulNonceLen = sizeof(nonce); + aeadParams.pAAD = (unsigned char *)additionalData; + aeadParams.ulAADLen = additionalDataLen; + aeadParams.ulTagLen = tagSize; + + if (doDecrypt) { + rv = PK11_Decrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, ¶m, + out, &uOutLen, maxout, in, inlen); + } else { + rv = PK11_Encrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, ¶m, + out, &uOutLen, maxout, in, inlen); + } + *outlen = (int)uOutLen; + + return rv; +} + /* Initialize encryption and MAC contexts for pending spec. * Master Secret already is derived. * Caller holds Spec write lock. @@ -2123,7 +2188,18 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss) pwSpec->destroy = NULL; pwSpec->encodeContext = NULL; pwSpec->decodeContext = NULL; - pwSpec->aead = ssl3_CipherGCM; + switch (calg) { + case calg_aes_gcm: + case calg_camellia_gcm: + pwSpec->aead = ssl3_CipherGCM; + break; + case calg_chacha20: + pwSpec->aead = ssl3_ChaCha20Poly1305; + break; + default: + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } return SECSuccess; } @@ -2236,6 +2312,23 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss) return SECFailure; } +/* Returns whether we can bypass PKCS#11 for a given cipher algorithm. + * + * We do not support PKCS#11 bypass for ChaCha20/Poly1305. + */ +#ifndef NO_PKCS11_BYPASS +static PRBool +ssl3_CanBypassCipher(SSLCipherAlgorithm calg) +{ + switch (calg) { + case calg_chacha20: + return PR_FALSE; + default: + return PR_TRUE; + } +} +#endif + /* Complete the initialization of all keys, ciphers, MACs and their contexts * for the pending Cipher Spec. * Called from: ssl3_SendClientKeyExchange (for Full handshake) @@ -2275,7 +2368,8 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms) } } #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) { + if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data && + ssl3_CanBypassCipher(ss->ssl3.pwSpec->cipher_def->calg)) { /* Double Bypass succeeded in extracting the master_secret */ #error not patched for SHA384, see bug 923089 const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index fc4f91d26..b5f36adfc 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -921,6 +921,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0 /* end of list marker */ @@ -934,6 +935,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0 /* end of list marker */ @@ -947,6 +949,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, @@ -956,6 +959,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index 8d04c153b..6bf9d70cb 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -53,6 +53,8 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. */ @@ -69,6 +71,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { #endif /* NSS_DISABLE_ECC */ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 28d80f163..c4eeb7360 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -57,6 +57,7 @@ typedef SSLSignType SSL3SignType; #define calg_seed ssl_calg_seed #define calg_aes_gcm ssl_calg_aes_gcm #define calg_camellia_gcm ssl_calg_camellia_gcm +#define calg_chacha20 ssl_calg_chacha20 #define mac_null ssl_mac_null #define mac_md5 ssl_mac_md5 @@ -293,9 +294,9 @@ typedef struct { } ssl3CipherSuiteCfg; #ifndef NSS_DISABLE_ECC -#define ssl_V3_SUITES_IMPLEMENTED 67 +#define ssl_V3_SUITES_IMPLEMENTED 70 #else -#define ssl_V3_SUITES_IMPLEMENTED 40 +#define ssl_V3_SUITES_IMPLEMENTED 41 #endif /* NSS_DISABLE_ECC */ #define MAX_DTLS_SRTP_CIPHER_SUITES 4 @@ -480,6 +481,7 @@ typedef enum { cipher_seed, cipher_aes_128_gcm, cipher_aes_256_gcm, + cipher_chacha20, cipher_camellia_128_gcm, cipher_missing /* reserved for no such supported cipher */ /* This enum must match ssl3_cipherName[] in ssl3con.c. */ diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 41ea6aee7..969a29421 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -149,6 +149,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, #define C_SJ "SKIPJACK", calg_sj #define C_AESGCM "AES-GCM", calg_aes_gcm #define C_CAMELLIAGCM "CAMELLIA-GCM", calg_camellia_gcm +#define C_CHACHA20 "CHACHA20POLY1305", calg_chacha20 #define B_256 256, 256, 256 #define B_128 128, 128, 128 @@ -169,6 +170,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, static const SSLCipherSuiteInfo suiteInfo[] = { /* <------ Cipher suite --------------------> */ {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, +{0,CS(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_DHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 }, {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, @@ -234,6 +236,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, +{0,CS(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), S_ECDSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 }, {0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, }, {0,CS(TLS_ECDH_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, }, @@ -247,6 +250,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, +{0,CS(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 }, #endif /* NSS_DISABLE_ECC */ /* SSL 2 table */ diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 055d89e33..f90f77f77 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -264,6 +264,10 @@ #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A +#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 +#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 +#define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA + /* Netscape "experimental" cipher suites. */ #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index cc0d9d2cb..7560bd468 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -105,7 +105,8 @@ typedef enum { ssl_calg_camellia = 8, ssl_calg_seed = 9, ssl_calg_aes_gcm = 10, - ssl_calg_camellia_gcm = 11 + ssl_calg_chacha20 = 11, + ssl_calg_camellia_gcm = 12 } SSLCipherAlgorithm; typedef enum { diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index b993ed68c..55a810823 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -51,6 +51,8 @@ #define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2) #define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3) +#define CKK_NSS_CHACHA20 (CKK_NSS + 4) + /* * NSS-defined certificate types * @@ -222,6 +224,9 @@ #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25) #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26) +#define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 27) +#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28) + /* * HISTORICAL: * Do not attempt to use these. They are only used by NETSCAPE's internal @@ -289,6 +294,14 @@ typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { CK_ULONG ulHeaderLen; /* in */ } CK_NSS_MAC_CONSTANT_TIME_PARAMS; +typedef struct CK_NSS_AEAD_PARAMS { + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagLen; +} CK_NSS_AEAD_PARAMS; + /* * NSS-defined return values * diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index ad15d0b06..20d6e7d12 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -582,8 +582,10 @@ CONST_OID evIncorporationCountry[] = { EV_NAME_ATTRIBUTE, 3 }; #define OI(x) { siDEROID, (unsigned char *)x, sizeof x } #ifndef SECOID_NO_STRINGS #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext } +#define ODE(tag,desc,mech,ext) { { siDEROID, NULL, 0 }, tag, desc, mech, ext } #else #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext } +#define ODE(tag,desc,mech,ext) { { siDEROID, NULL, 0 }, tag, 0, mech, ext } #endif #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL) @@ -1649,7 +1651,9 @@ const static SECOidData oids[SEC_OID_TOTAL] = { OD( aes192_GCM, SEC_OID_AES_192_GCM, "AES-192-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), OD( aes256_GCM, SEC_OID_AES_256_GCM, - "AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ) + "AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), + ODE( SEC_OID_CHACHA20_POLY1305, + "ChaCha20-Poly1305", CKM_NSS_CHACHA20_POLY1305, INVALID_CERT_EXTENSION ), }; /* PRIVATE EXTENDED SECOID Table diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h index 13fb7de08..056833227 100644 --- a/security/nss/lib/util/secoidt.h +++ b/security/nss/lib/util/secoidt.h @@ -447,6 +447,8 @@ typedef enum { SEC_OID_AES_192_GCM = 319, SEC_OID_AES_256_GCM = 320, + SEC_OID_CHACHA20_POLY1305 = 321, + SEC_OID_TOTAL } SECOidTag; diff --git a/security/nss/tests/cipher/cipher.txt b/security/nss/tests/cipher/cipher.txt index 6728d1799..447a3ebd6 100644 --- a/security/nss/tests/cipher/cipher.txt +++ b/security/nss/tests/cipher/cipher.txt @@ -31,6 +31,8 @@ 0 seed_ecb_-D SEED_ECB_Decrypt 0 seed_cbc_-E SEED_CBC_Encrypt 0 seed_cbc_-D SEED_CBC_Decrypt + 0 chacha20_poly1305_-E ChaCha20_Poly1305_Encrypt + 0 chacha20_poly1305_-D ChaCha20_Poly1305_Decrypt 0 rc2_ecb_-E RC2_ECB_Encrypt 0 rc2_ecb_-D RC2_ECB_Decrypt 0 rc2_cbc_-E RC2_CBC_Encrypt diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index 1bfb4b74e..608e5c775 100644 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -84,12 +84,14 @@ ssl_init() if [ -z "$NSS_DISABLE_ECC" ] ; then ECC_STRING=" - with ECC" + # List of cipher suites to test, including ECC cipher suites. + CIPHER_SUITES="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:CCA8:CCA9:CCAA:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" else ECC_STRING="" + # List of cipher suites to test, excluding ECC cipher suites. + CIPHER_SUITES="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2:CCAAcdefgijklmnvyz" fi - CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" - CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" if [ "${OS_ARCH}" != "WINNT" ]; then ulimit -n 1000 # make sure we have enough file descriptors @@ -259,11 +261,7 @@ ssl_cov() html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING" testname="" - if [ -z "$NSS_DISABLE_ECC" ] ; then - sparam="$CLONG" - else - sparam="$CSHORT" - fi + sparam="$CIPHER_SUITES" mixed=0 start_selfserv # Launch the server diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt index f24318eaa..a023d210f 100644 --- a/security/nss/tests/ssl/sslcov.txt +++ b/security/nss/tests/ssl/sslcov.txt @@ -101,6 +101,7 @@ noECC TLS12 :009C TLS12_RSA_WITH_AES_128_GCM_SHA256 noECC TLS12 :009E TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256 noECC TLS12 :00A2 TLS12_DHE_DSS_WITH_AES_128_GCM_SHA256 + noECC TLS12 :CCAA TLS12_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 # # ECC ciphers (TLS) # From bc91a4081b48ae3b90f332e41b4b537e3e2da02c Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Fri, 31 Jan 2020 22:04:14 +0800 Subject: [PATCH 15/15] NSS: fix typo in ssl3_cipherName --- security/nss/lib/ssl/ssl3con.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index a14e1cafe..2914e15f7 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -560,7 +560,7 @@ const char * const ssl3_cipherName[] = { "SEED-CBC", "AES-128-GCM", "AES-256-GCM", - "ChaCha20-Ploy1305", + "ChaCha20-Poly1305", "Camellia-128-GCM", "missing" };