kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
284700 commits 166 branches 0 tags 1.5 GiB
Commit graph

43 commits

Author SHA1 Message Date
ryoon
3f51cc8dad Update to 1.0.20180111 
* Based on NSS 3.35 beta 1
 2018-03-04 01:42:31 +00:00
gdt
4d2903a482 Regularize path subsitution and use PREFIX 
Use PREFIX rather than LOCALBASE.  What matters is where this packages
prefix is, not anything else.

Substitute all paths the same way, assigning to sh variables in one
place, alphabetically, and then using them.  Sort list of substituted
variables alphabetically also, so it's easier to review the code.

No functional change for any reasonable configuration.

Based on a suggestion by J. Lewis Muir on pkgsrc-users.
 2017-07-06 00:58:35 +00:00
gdt
7cd1780f59 Add comment about multiple install locations 
This package installs into either the builtin openssl or the pkgsrc
one, depending on which is chosen.  However, that's not obviously
right (while also not obviously wrong).  If there are two versions of
of openssl, perhaps both should have certificates configured.  Or
perhaps not -- this simply adds a comment that the issue bears
thinking about.
 2017-06-22 00:30:10 +00:00
gdt
a64426014e Adjust comments around ca-certificates.crt 
(Ride earlier PKGREVISION.)
 2017-06-19 00:39:53 +00:00
gdt
2d84716b8c Revert touching of openssl config file 
Earlier, code was added to "touch $conffile" to work around openssl
issuing a warning if openssl.conf was not present.  This is
problematic because if the warning is appropriate, 1) we have no way
of knowing that an empty config file is correct and 2) we should not
silence it.  If the warning is buggy, then openssl and/or the base
system should be fixed.  Further, this code changes the modification
date of the config file on every run, even when there is a valid
config file.

(There was no discussion prior, three objections and no concurrences,
and no response, so reverting seems ok.)
 2017-06-19 00:37:48 +00:00
gdt
4f59ea1375 Rationalize directory handling around ca-certificates.crt 
Now, ca-certificates.crt is always in the main certs dir, because we
have been careful about builtin vs pkgsrc paths.  So the directory
must exist (because it was checked earlier).  Instead, check for the
ca-certificates.crt file existing.  Add more questioning comments.

Based on a patch by J. Lewis Muir.
 2017-06-19 00:32:37 +00:00
gdt
5d6b90532e Add comments questioning many things 
Describe issues with touching the config file and the spurious
directory check surrounding ca-certificates.crt.
 2017-06-19 00:20:15 +00:00
gdt
e37d832d0a Substitute path to openssl more thoroughly 
This package can depend on builtin openssl or pkgsrc openssl.
However, it had paths from the base system hardcoded.  Be more
thorough about using builtin vs pkgsrc paths.  This is a minimal
change to use builtin/pkgsrc paths; future commits will note latent
issues uncovered in the process.

Based on a report to pkgsrc-users by J. Lewis Muir.
 2017-06-19 00:10:21 +00:00
jperkin
198d6f9004 Limit broken openssl.cnf handling to NetBSD only after no response from 
bsiegert@.  There's no reason to pollute other operating systems.

Bump PKGREVISION.
 2017-03-15 18:52:55 +00:00
bsiegert
22e5c4c326 Create /etc/openssl/openssl.cnf if it does not exist. 
Otherwise, there is one nonsensical warning on every openssl invocation.
I have seen dozens of recipes for NetBSD setups, and each one cargo-cults
a "touch openssl.cnf" against that noise.

Bump package revision.
 2017-03-03 15:46:27 +00:00
maya
6e20151200 mozilla-rootcerts: update to 052b90b5414f (commit at 2017-01-21) 
mozilla-rootcerts-openssl: catch up

closest thing to a changelog:
diff -u certdata-20160610.txt certdata-20170121.txt | grep '# '

-# Certificate "Equifax Secure CA"
-# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Serial Number: 903804111 (0x35def4cf)
-# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Not Valid Before: Sat Aug 22 16:41:51 1998
-# Not Valid After : Wed Aug 22 16:41:51 2018
-# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
-# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
-# Trust for Certificate "Equifax Secure CA"
-# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Serial Number: 903804111 (0x35def4cf)
-# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Not Valid Before: Sat Aug 22 16:41:51 1998
-# Not Valid After : Wed Aug 22 16:41:51 2018
-# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
-# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
 # Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
 # Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
 # Serial Number: 1407252 (0x157914)
-# Certificate "Verisign Class 3 Public Primary Certification Authority"
-# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
-# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
-# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
-# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority"
-# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
-# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
-# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
-# Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
-# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
-# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon May 18 00:00:00 1998
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
-# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
-# Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
-# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
-# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon May 18 00:00:00 1998
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
-# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
 # Certificate "GlobalSign Root CA"
 # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
-# Certificate "Equifax Secure Global eBusiness CA"
+# Certificate "AddTrust Low-Value Services Root"
-# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
 # Serial Number: 1 (0x1)
-# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
-# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
+# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:38:31 2000
+# Not Valid After : Sat May 30 10:38:31 2020
+# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
+# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
-# Trust for Certificate "Equifax Secure Global eBusiness CA"
-# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 1 (0x1)
-# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
-# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
-# Certificate "Equifax Secure eBusiness CA 1"
-# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 4 (0x4)
-# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
-# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
-# Trust for Certificate "Equifax Secure eBusiness CA 1"
-# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 4 (0x4)
-# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
-# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
-# Certificate "AddTrust Low-Value Services Root"
-# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
-# Serial Number: 1 (0x1)
-# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
-# Not Valid Before: Tue May 30 10:38:31 2000
-# Not Valid After : Sat May 30 10:38:31 2020
-# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
-# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
-# Certificate "RSA Security 2048 v3"
-# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
-# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Not Valid Before: Thu Feb 22 20:39:23 2001
-# Not Valid After : Sun Feb 22 20:39:23 2026
-# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
-# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
-# Trust for Certificate "RSA Security 2048 v3"
-# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
-# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Not Valid Before: Thu Feb 22 20:39:23 2001
-# Not Valid After : Sun Feb 22 20:39:23 2026
-# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
-# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
 # Certificate "GeoTrust Global CA"
 # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
-# Certificate "IGC/A"
-# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Serial Number:39:11:45:10:94
-# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Not Valid Before: Fri Dec 13 14:29:23 2002
-# Not Valid After : Sat Oct 17 14:29:22 2020
-# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37
-# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C
-# Trust for Certificate "IGC/A"
-# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Serial Number:39:11:45:10:94
-# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Not Valid Before: Fri Dec 13 14:29:23 2002
-# Not Valid After : Sat Oct 17 14:29:22 2020
-# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37
-# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C
 # Distrust "Distrusted AC DG Tresor SSL"
 # Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
 # Serial Number: 204199 (0x31da7)
-# Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN"
-# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7
-# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Not Valid Before: Wed Jun 22 00:00:00 2005
-# Not Valid After : Fri Jun 21 23:59:59 2030
-# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64
-# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81
-# Trust for Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN"
-# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7
-# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Not Valid Before: Wed Jun 22 00:00:00 2005
-# Not Valid After : Fri Jun 21 23:59:59 2030
-# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64
-# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81
 # Certificate "Microsec e-Szigno Root CA"
 # Issuer: CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU
-# Certificate "Buypass Class 2 CA 1"
-# Issuer: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Serial Number: 1 (0x1)
-# Subject: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Not Valid Before: Fri Oct 13 10:25:09 2006
-# Not Valid After : Thu Oct 13 10:25:09 2016
-# Fingerprint (MD5): B8:08:9A:F0:03:CC:1B:0D:C8:6C:0B:76:A1:75:64:23
-# Fingerprint (SHA1): A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC
-# Trust for Certificate "Buypass Class 2 CA 1"
-# Issuer: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Serial Number: 1 (0x1)
-# Subject: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Not Valid Before: Fri Oct 13 10:25:09 2006
-# Not Valid After : Thu Oct 13 10:25:09 2016
-# Fingerprint (MD5): B8:08:9A:F0:03:CC:1B:0D:C8:6C:0B:76:A1:75:64:23
-# Fingerprint (SHA1): A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC
-# Certificate "EBG Elektronik Sertifika Hizmet Saglayicisi"
-# Issuer: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Serial Number:4c:af:73:42:1c:8e:74:02
-# Subject: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Not Valid Before: Thu Aug 17 00:21:09 2006
-# Not Valid After : Sun Aug 14 00:31:09 2016
-# Fingerprint (MD5): 2C:20:26:9D:CB:1A:4A:00:85:B5:B7:5A:AE:C2:01:37
-# Fingerprint (SHA1): 8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58
-# Trust for Certificate "EBG Elektronik Sertifika Hizmet Saglayicisi"
-# Issuer: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Serial Number:4c:af:73:42:1c:8e:74:02
-# Subject: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Not Valid Before: Thu Aug 17 00:21:09 2006
-# Not Valid After : Sun Aug 14 00:31:09 2016
-# Fingerprint (MD5): 2C:20:26:9D:CB:1A:4A:00:85:B5:B7:5A:AE:C2:01:37
-# Fingerprint (SHA1): 8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58
 # Certificate "certSIGN ROOT CA"
 # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO
-# Certificate "Juur-SK"
-# Issuer: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Serial Number: 999181308 (0x3b8e4bfc)
-# Subject: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Not Valid Before: Thu Aug 30 14:23:01 2001
-# Not Valid After : Fri Aug 26 14:23:01 2016
-# Fingerprint (MD5): AA:8E:5D:D9:F8:DB:0A:58:B7:8D:26:87:6C:82:35:55
-# Fingerprint (SHA1): 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89
-# Trust for Certificate "Juur-SK"
-# Issuer: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Serial Number: 999181308 (0x3b8e4bfc)
-# Subject: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Not Valid Before: Thu Aug 30 14:23:01 2001
-# Not Valid After : Fri Aug 26 14:23:01 2016
-# Fingerprint (MD5): AA:8E:5D:D9:F8:DB:0A:58:B7:8D:26:87:6C:82:35:55
-# Fingerprint (SHA1): 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89
 # Certificate "Hongkong Post Root CA 1"
 # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
-# Certificate "Verisign Class 1 Public Primary Certification Authority"
+# Certificate "Microsec e-Szigno Root CA 2009"
-# Issuer: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd
-# Subject: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Wed Aug 02 23:59:59 2028
-# Fingerprint (MD5): 86:AC:DE:2B:C5:6D:C3:D9:8C:28:88:D3:8D:16:13:1E
-# Fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1
+# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:00:c2:7e:43:04:4e:47:3f:19
+# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Tue Jun 16 11:30:18 2009
+# Not Valid After : Sun Dec 30 11:30:18 2029
+# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1
+# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E
-# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority"
-# Issuer: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd
-# Subject: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Wed Aug 02 23:59:59 2028
-# Fingerprint (MD5): 86:AC:DE:2B:C5:6D:C3:D9:8C:28:88:D3:8D:16:13:1E
-# Fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1
-# Certificate "Microsec e-Szigno Root CA 2009"
-# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
-# Serial Number:00:c2:7e:43:04:4e:47:3f:19
-# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
-# Not Valid Before: Tue Jun 16 11:30:18 2009
-# Not Valid After : Sun Dec 30 11:30:18 2029
-# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1
-# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E
-# Certificate "Root CA Generalitat Valenciana"
-# Issuer: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Serial Number: 994436456 (0x3b45e568)
-# Subject: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Not Valid Before: Fri Jul 06 16:22:47 2001
-# Not Valid After : Thu Jul 01 15:22:47 2021
-# Fingerprint (MD5): 2C:8C:17:5E:B1:54:AB:93:17:B5:36:5A:DB:D1:C6:F2
-# Fingerprint (SHA1): A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46
-# Trust for Certificate "Root CA Generalitat Valenciana"
-# Issuer: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Serial Number: 994436456 (0x3b45e568)
-# Subject: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Not Valid Before: Fri Jul 06 16:22:47 2001
-# Not Valid After : Thu Jul 01 15:22:47 2021
-# Fingerprint (MD5): 2C:8C:17:5E:B1:54:AB:93:17:B5:36:5A:DB:D1:C6:F2
-# Fingerprint (SHA1): A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46
 # Certificate "TWCA Root Certification Authority"
 # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
+# Certificate "ISRG Root X1"
+# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Not Valid Before: Thu Jun 04 11:04:38 2015
+# Not Valid After : Mon Jun 04 11:04:38 2035
+# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
+# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
+# Trust for "ISRG Root X1"
+# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Not Valid Before: Thu Jun 04 11:04:38 2015
+# Not Valid After : Mon Jun 04 11:04:38 2035
+# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
+# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
+# Certificate "AC RAIZ FNMT-RCM"
+# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07
+# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Not Valid Before: Wed Oct 29 15:59:56 2008
+# Not Valid After : Tue Jan 01 00:00:00 2030
+# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA
+# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20
+# Trust for "AC RAIZ FNMT-RCM"
+# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07
+# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Not Valid Before: Wed Oct 29 15:59:56 2008
+# Not Valid After : Tue Jan 01 00:00:00 2030
+# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA
+# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20
+# Certificate "Amazon Root CA 1"
+# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
+# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca
+# Subject: CN=Amazon Root CA 1,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sun Jan 17 00:00:00 2038
+# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
+# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
+# Trust for "Amazon Root CA 1"
+# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
+# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca
+# Subject: CN=Amazon Root CA 1,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sun Jan 17 00:00:00 2038
+# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
+# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
+# Certificate "Amazon Root CA 2"
+# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
+# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37
+# Subject: CN=Amazon Root CA 2,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4
+# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A
+# Trust for "Amazon Root CA 2"
+# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
+# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37
+# Subject: CN=Amazon Root CA 2,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4
+# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A
+# Certificate "Amazon Root CA 3"
+# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
+# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a
+# Subject: CN=Amazon Root CA 3,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4
+# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E
+# Trust for "Amazon Root CA 3"
+# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
+# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a
+# Subject: CN=Amazon Root CA 3,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4
+# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E
+# Certificate "Amazon Root CA 4"
+# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
+# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e
+# Subject: CN=Amazon Root CA 4,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92
+# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
+# Trust for "Amazon Root CA 4"
+# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
+# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e
+# Subject: CN=Amazon Root CA 4,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92
+# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
+# Certificate "LuxTrust Global Root 2"
+# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
+# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Not Valid Before: Thu Mar 05 13:21:57 2015
+# Not Valid After : Mon Mar 05 13:21:57 2035
+# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5
+# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
+# Trust for "LuxTrust Global Root 2"
+# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
+# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Not Valid Before: Thu Mar 05 13:21:57 2015
+# Not Valid After : Mon Mar 05 13:21:57 2035
+# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5
+# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
+# Certificate "Symantec Class 1 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9
+# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64
+# Trust for "Symantec Class 1 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9
+# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64
+# Certificate "Symantec Class 2 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0
+# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F
+# Trust for "Symantec Class 2 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0
+# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F
+# Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF
+# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67
+# Trust for "Symantec Class 1 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF
+# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67
+# Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92
+# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B
+# Trust for "Symantec Class 2 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92
+# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B
 2017-02-03 09:56:49 +00:00
yyamano
5eca272b02 Set LC_ALL=C to avoid gawk's output data corruption 
Fixed PR pkg/51802.
 2017-02-01 01:58:52 +00:00
wiz
60766081b6 Update to certificates of 20160610. 
Bump version.
 2016-07-21 12:37:43 +00:00
dsainty
f232725314 gawk will corrupt the output data stream in multibyte locales, 
so force the locale to "C".

Fixes mozilla-rootcerts under Linux.
 2016-03-03 03:02:21 +00:00
tron
879aef85da Create and install a file called "share/mozilla-rootcerts/cacert.pem" 
which contains all the trusted certificates in PEM format. This file
can e.g. be used with command line clients like "curl" or "wget" to
validate certificates.
 2016-02-06 10:22:54 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category 
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
 2015-11-04 01:17:40 +00:00
tnn
7618149b5e set HOMEPAGE to the hg revision log URL to make it easier to figure out if 
the package needs an update.
 2015-10-18 19:24:39 +00:00
tnn
d80fe900e7 mention mozilla-rootcerts-openssl 2015-09-12 13:06:13 +00:00
tnn
0ff9c47083 Update to 20150804. 
Added:

C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
C=DE, O=Deutscher Sparkassen Verlag GmbH, OU=S-TRUST Certification Services, \
    CN=S-TRUST Universal Root CA
C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
C=TR, L=Ankara, \
    O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?., \
    CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H5
C=TR, L=Ankara, \
    O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?., \
    CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H6
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, \
    OU=(c) 2009 Entrust, Inc. - for authorized use only, \
    CN=Entrust Root Certification Authority - G2
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, \
    OU=(c) 2012 Entrust, Inc. - for authorized use only, \
    CN=Entrust Root Certification Authority - EC1
C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1

Removed:

C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, \
    CN=TC TrustCenter Class 2 CA II
C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, \
    CN=TC TrustCenter Universal CA I
C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1
C=TR, O=Elektronik Bilgi Guvenligi A.S., \
    CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
CN=SG TRUST SERVICES RACINE, OU=0002 43525289500022, O=SG TRUST SERVICES, C=FR
CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?, C=TR, L=ANKARA, \
    O=(c) 2005 T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?.
 2015-09-11 20:32:33 +00:00
dholland
69b63823bc Add support for -d destdir to the mozilla-rootcerts installer script. 2015-04-18 20:11:35 +00:00
tnn
a84f21ab9f Update to mozilla-rootcerts-20141117. 
Added root certs:

C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Secure Server CA - G2
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign

Removed root certs:

C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
C=US, O=America Online Inc., CN=America Online Root Certification Authority 2
C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
 2015-02-16 13:09:10 +00:00
jperkin
805047afbd Fix typo in previous. 2015-01-27 13:54:10 +00:00
jperkin
e31292423f Ensure we call the full path to the script. Bump PKGREVISION. 2015-01-27 13:53:06 +00:00
wiz
8fb0245862 Improve detection of untrusted certificates. From John D. Baker 
in PR 49176. Bump PKGREVISION.
 2014-09-06 08:03:00 +00:00
mlelstv
6c6af783d9 Update certs to more recent version. The License changed to MPL 2.0. 2014-08-25 08:34:44 +00:00
wiz
f78434a2b8 Use 'mkdir -p' in case ${PREFIX}/etc doesn't exist yet. 2014-08-10 10:47:42 +00:00
obache
2e5395c626 reset CHECK_BUILTIN.openssl to avoid side effect. 2014-03-03 06:01:26 +00:00
bsiegert
d35d58370a Add a new subcommand "mozilla-rootcerts install" that unpacks and installs 
the certificates with a single command.

ok gdt, wiz
 2013-03-15 16:14:55 +00:00
fhajny
4900d3dd39 Substitute the openssl tool path in a different manner, so that pkgsrc 
openssl will be used if not builtin. Fixes problem with incorrect cert
hashes generated on (at least) SunOS.
 2013-03-15 12:36:25 +00:00
wiz
45f7f4801f Update mozilla root certificates to 20121229 version. 2013-01-31 09:39:00 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
drochner
0b08870926 mozilla has switched to a scheme of explicitly distrusting certificates 
in its stable branch (ie firefox-6.0.2) too,
so deal with this in the mozilla-rootcerts script (this is not great -
it depends on syntactic details of the file where it should better
use checksums, but the perl script which is distributed with "curl"
works the same way),
and switch back to the certificate list in CVS HEAD
 2011-09-08 19:46:01 +00:00
drochner
3a2c5b4628 update to the version distributed with firefox-6.0.1, in response 
to the recent discovery of false certificates from diginotar
(Recent versions from the source repository don't work, see the
comment in Makefile.)
 2011-08-31 11:42:43 +00:00
drochner
eef8ae78bc add a hint for gnupg2 users (as claws-mail with the s/mime plugin) 2011-06-10 16:23:45 +00:00
drochner
8453b39053 add some clarification about the difference between OpenSSL and GnuTLS, 
and guidance for users of the latter
 2011-03-11 21:00:06 +00:00
jym
b49129eb91 Add MESSAGE to give a hint on what to do (~copy/pasted from script) 2011-01-31 03:05:17 +00:00
shattered
3b05a61c76 Follow HTTP redirects to new HOMEPAGEs and/or MASTER_SITES. 2010-11-13 21:08:54 +00:00
wiz
b838928231 Update to 20100827. Set LICENSE. 
Fix bug reported by Makoto Yamakura in PR 43992.
 2010-10-22 10:41:49 +00:00
wiz
a4eec2f4cc Reset maintainer, developer lost his commit bit. 2010-03-21 16:29:38 +00:00
wiz
a1981918ab Simplify awk usage to make it work with nawk, from Matthias Pfaller in 
PR 42238.

While here, update to latest certificates from mozilla.
 2009-11-03 02:43:55 +00:00
joerg
f0bbd1517d Remove @dirrm entries from PLISTs 2009-06-14 18:13:25 +00:00
joerg
b34aa6885e DESTDIR support. 2008-06-22 23:05:00 +00:00
jlam
909f41a142 Import security/mozilla-rootcerts: 
This package provides a script which can be used to extract the root
CA certificates distributed by the Mozilla Project into the current
working directory and to rehash the existing certificates.  The directory
can be used by most SSL-aware programs that expect a "CA certificate
path".
 2007-09-20 20:02:53 +00:00