kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
357270 commits 166 branches 0 tags 1.5 GiB
Commit graph

45 commits

Author SHA1 Message Date
wiz
e6e70fac03 mozilla-rootcerts: mention mozilla-rootcerts-openssl more prominently 2021-10-14 12:42:16 +00:00
tron
3278c24f5e mozilla-rootcerts: Use date of the last change as the version number 2021-10-14 07:35:54 +00:00
tron
8cff9a6ea4 mozilla-rootcerts: update to 20211014 data 2021-10-14 07:21:43 +00:00
wiz
b9331569fb mozilla-rootcerts: update to 20201204 data 2021-01-11 22:50:37 +00:00
dogcow
82b0162fd2 bump mozilla-rootcerts to 20201102 of certdata.txt 2020-11-29 06:18:17 +00:00
gdt
faf4404055 mozilla-rootcerts: Move MESSAGE content into documentation 
Drop MESSAGE content pointing out mozilla-rootcerts-openssl that is
duplicative with DESCR.

Move MESSAGE content about installation for gnupg2 into a
documentation file; this is simply normal documentation about how to
use an installed package.  Mention this documentation in DESCR, so
that prospective users get the right sense of what the package can do.
 2020-11-27 16:18:35 +00:00
maya
7cdf6f4ced mozilla-rootcerts*: remove Kamu SM from the list of certificates. 
Mozilla only trusts this for Turkish domains, see:
https://wiki.mozilla.org/CA/Additional_Trust_Changes

And users of mozilla-rootcerts likely don't implement the same fine-grained
trust.

Proposed on tech-pkg
 2020-06-12 10:35:11 +00:00
jperkin
cbc223af86 mozilla-rootcerts: Ensure script uses correct SH. 2020-06-02 22:32:02 +00:00
tnn
0d43e41b25 mozilla-rootcerts: silence pkglint warning about inconsistent patch name 2020-05-30 22:39:08 +00:00
tnn
cd30a9d01f mozilla-rootcerts: update to 20200529 
pkgsrc changes: Delete roots which expired today or earlier:
C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root
C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2

Upstream changes:
1618404 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Symantec root
1621159 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Consorci AOC,
          GRCA, and SK ID root certs. r=jcj
 2020-05-30 12:55:46 +00:00
gdt
3be7310e91 mozilla-rootcerts: Cope with missing certs dir 
While the certs dir should exist, pkg_delete of
mozilla-rootcerts-openssl currently removes it, despite it not having
been created by the corresponding pkg_add.  Instead of failing if the
directory does not exist, simply emit a warning and create it.
 2020-03-30 16:38:03 +00:00
sevan
41b29db7af Update to the latest certdata.txt version available in Mozilla repo. 2019-12-07 18:29:31 +00:00
maya
63d730d5a3 mozilla-rootcerts*: update to the latest certdata.txt commit. 
Let's call this 20190306, as that's the date of the commit.

Most notably, this adds support for Let's Encrypt
(ISRG Root X1).

Changes:
+# Certificate "Certigna Root CA"
+# Certificate "GTS Root R1"
+# Certificate "GTS Root R2"
+# Certificate "GTS Root R3"
+# Certificate "GTS Root R4"
+# Certificate "GlobalSign Root CA - R6"
+# Certificate "Hongkong Post Root CA 3"
+# Certificate "ISRG Root X1"
+# Certificate "OISTE WISeKey Global Root GC CA"
+# Certificate "UCA Extended Validation Root"
+# Certificate "UCA Global G2 Root"
+# Certificate "emSign ECC Root CA - C3"
+# Certificate "emSign ECC Root CA - G3"
+# Certificate "emSign Root CA - C1"
+# Certificate "emSign Root CA - G1"
-# Certificate "AC Raiz Certicamara S.A."
-# Certificate "Certplus Root CA G1"
-# Certificate "Certplus Root CA G2"
-# Certificate "ComSign CA"
-# Certificate "ISRG Root X1"
-# Certificate "OpenTrust Root CA G1"
-# Certificate "OpenTrust Root CA G2"
-# Certificate "OpenTrust Root CA G3"
-# Certificate "S-TRUST Universal Root CA"
-# Certificate "TC TrustCenter Class 3 CA II"
-# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
-# Certificate "Visa eCommerce Root"
 2019-05-12 19:19:27 +00:00
ryoon
3f51cc8dad Update to 1.0.20180111 
* Based on NSS 3.35 beta 1
 2018-03-04 01:42:31 +00:00
gdt
4d2903a482 Regularize path subsitution and use PREFIX 
Use PREFIX rather than LOCALBASE.  What matters is where this packages
prefix is, not anything else.

Substitute all paths the same way, assigning to sh variables in one
place, alphabetically, and then using them.  Sort list of substituted
variables alphabetically also, so it's easier to review the code.

No functional change for any reasonable configuration.

Based on a suggestion by J. Lewis Muir on pkgsrc-users.
 2017-07-06 00:58:35 +00:00
gdt
7cd1780f59 Add comment about multiple install locations 
This package installs into either the builtin openssl or the pkgsrc
one, depending on which is chosen.  However, that's not obviously
right (while also not obviously wrong).  If there are two versions of
of openssl, perhaps both should have certificates configured.  Or
perhaps not -- this simply adds a comment that the issue bears
thinking about.
 2017-06-22 00:30:10 +00:00
gdt
2d84716b8c Revert touching of openssl config file 
Earlier, code was added to "touch $conffile" to work around openssl
issuing a warning if openssl.conf was not present.  This is
problematic because if the warning is appropriate, 1) we have no way
of knowing that an empty config file is correct and 2) we should not
silence it.  If the warning is buggy, then openssl and/or the base
system should be fixed.  Further, this code changes the modification
date of the config file on every run, even when there is a valid
config file.

(There was no discussion prior, three objections and no concurrences,
and no response, so reverting seems ok.)
 2017-06-19 00:37:48 +00:00
gdt
4f59ea1375 Rationalize directory handling around ca-certificates.crt 
Now, ca-certificates.crt is always in the main certs dir, because we
have been careful about builtin vs pkgsrc paths.  So the directory
must exist (because it was checked earlier).  Instead, check for the
ca-certificates.crt file existing.  Add more questioning comments.

Based on a patch by J. Lewis Muir.
 2017-06-19 00:32:37 +00:00
gdt
e37d832d0a Substitute path to openssl more thoroughly 
This package can depend on builtin openssl or pkgsrc openssl.
However, it had paths from the base system hardcoded.  Be more
thorough about using builtin vs pkgsrc paths.  This is a minimal
change to use builtin/pkgsrc paths; future commits will note latent
issues uncovered in the process.

Based on a report to pkgsrc-users by J. Lewis Muir.
 2017-06-19 00:10:21 +00:00
jperkin
198d6f9004 Limit broken openssl.cnf handling to NetBSD only after no response from 
bsiegert@.  There's no reason to pollute other operating systems.

Bump PKGREVISION.
 2017-03-15 18:52:55 +00:00
bsiegert
22e5c4c326 Create /etc/openssl/openssl.cnf if it does not exist. 
Otherwise, there is one nonsensical warning on every openssl invocation.
I have seen dozens of recipes for NetBSD setups, and each one cargo-cults
a "touch openssl.cnf" against that noise.

Bump package revision.
 2017-03-03 15:46:27 +00:00
maya
6e20151200 mozilla-rootcerts: update to 052b90b5414f (commit at 2017-01-21) 
mozilla-rootcerts-openssl: catch up

closest thing to a changelog:
diff -u certdata-20160610.txt certdata-20170121.txt | grep '# '

-# Certificate "Equifax Secure CA"
-# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Serial Number: 903804111 (0x35def4cf)
-# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Not Valid Before: Sat Aug 22 16:41:51 1998
-# Not Valid After : Wed Aug 22 16:41:51 2018
-# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
-# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
-# Trust for Certificate "Equifax Secure CA"
-# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Serial Number: 903804111 (0x35def4cf)
-# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Not Valid Before: Sat Aug 22 16:41:51 1998
-# Not Valid After : Wed Aug 22 16:41:51 2018
-# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
-# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
 # Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
 # Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
 # Serial Number: 1407252 (0x157914)
-# Certificate "Verisign Class 3 Public Primary Certification Authority"
-# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
-# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
-# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
-# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority"
-# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
-# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
-# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
-# Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
-# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
-# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon May 18 00:00:00 1998
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
-# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
-# Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
-# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
-# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon May 18 00:00:00 1998
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
-# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
 # Certificate "GlobalSign Root CA"
 # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
-# Certificate "Equifax Secure Global eBusiness CA"
+# Certificate "AddTrust Low-Value Services Root"
-# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
 # Serial Number: 1 (0x1)
-# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
-# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
+# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:38:31 2000
+# Not Valid After : Sat May 30 10:38:31 2020
+# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
+# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
-# Trust for Certificate "Equifax Secure Global eBusiness CA"
-# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 1 (0x1)
-# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
-# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
-# Certificate "Equifax Secure eBusiness CA 1"
-# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 4 (0x4)
-# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
-# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
-# Trust for Certificate "Equifax Secure eBusiness CA 1"
-# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 4 (0x4)
-# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
-# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
-# Certificate "AddTrust Low-Value Services Root"
-# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
-# Serial Number: 1 (0x1)
-# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
-# Not Valid Before: Tue May 30 10:38:31 2000
-# Not Valid After : Sat May 30 10:38:31 2020
-# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
-# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
-# Certificate "RSA Security 2048 v3"
-# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
-# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Not Valid Before: Thu Feb 22 20:39:23 2001
-# Not Valid After : Sun Feb 22 20:39:23 2026
-# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
-# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
-# Trust for Certificate "RSA Security 2048 v3"
-# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
-# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Not Valid Before: Thu Feb 22 20:39:23 2001
-# Not Valid After : Sun Feb 22 20:39:23 2026
-# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
-# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
 # Certificate "GeoTrust Global CA"
 # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
-# Certificate "IGC/A"
-# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Serial Number:39:11:45:10:94
-# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Not Valid Before: Fri Dec 13 14:29:23 2002
-# Not Valid After : Sat Oct 17 14:29:22 2020
-# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37
-# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C
-# Trust for Certificate "IGC/A"
-# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Serial Number:39:11:45:10:94
-# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Not Valid Before: Fri Dec 13 14:29:23 2002
-# Not Valid After : Sat Oct 17 14:29:22 2020
-# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37
-# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C
 # Distrust "Distrusted AC DG Tresor SSL"
 # Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
 # Serial Number: 204199 (0x31da7)
-# Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN"
-# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7
-# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Not Valid Before: Wed Jun 22 00:00:00 2005
-# Not Valid After : Fri Jun 21 23:59:59 2030
-# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64
-# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81
-# Trust for Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN"
-# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7
-# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Not Valid Before: Wed Jun 22 00:00:00 2005
-# Not Valid After : Fri Jun 21 23:59:59 2030
-# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64
-# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81
 # Certificate "Microsec e-Szigno Root CA"
 # Issuer: CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU
-# Certificate "Buypass Class 2 CA 1"
-# Issuer: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Serial Number: 1 (0x1)
-# Subject: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Not Valid Before: Fri Oct 13 10:25:09 2006
-# Not Valid After : Thu Oct 13 10:25:09 2016
-# Fingerprint (MD5): B8:08:9A:F0:03:CC:1B:0D:C8:6C:0B:76:A1:75:64:23
-# Fingerprint (SHA1): A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC
-# Trust for Certificate "Buypass Class 2 CA 1"
-# Issuer: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Serial Number: 1 (0x1)
-# Subject: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Not Valid Before: Fri Oct 13 10:25:09 2006
-# Not Valid After : Thu Oct 13 10:25:09 2016
-# Fingerprint (MD5): B8:08:9A:F0:03:CC:1B:0D:C8:6C:0B:76:A1:75:64:23
-# Fingerprint (SHA1): A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC
-# Certificate "EBG Elektronik Sertifika Hizmet Saglayicisi"
-# Issuer: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Serial Number:4c:af:73:42:1c:8e:74:02
-# Subject: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Not Valid Before: Thu Aug 17 00:21:09 2006
-# Not Valid After : Sun Aug 14 00:31:09 2016
-# Fingerprint (MD5): 2C:20:26:9D:CB:1A:4A:00:85:B5:B7:5A:AE:C2:01:37
-# Fingerprint (SHA1): 8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58
-# Trust for Certificate "EBG Elektronik Sertifika Hizmet Saglayicisi"
-# Issuer: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Serial Number:4c:af:73:42:1c:8e:74:02
-# Subject: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Not Valid Before: Thu Aug 17 00:21:09 2006
-# Not Valid After : Sun Aug 14 00:31:09 2016
-# Fingerprint (MD5): 2C:20:26:9D:CB:1A:4A:00:85:B5:B7:5A:AE:C2:01:37
-# Fingerprint (SHA1): 8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58
 # Certificate "certSIGN ROOT CA"
 # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO
-# Certificate "Juur-SK"
-# Issuer: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Serial Number: 999181308 (0x3b8e4bfc)
-# Subject: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Not Valid Before: Thu Aug 30 14:23:01 2001
-# Not Valid After : Fri Aug 26 14:23:01 2016
-# Fingerprint (MD5): AA:8E:5D:D9:F8:DB:0A:58:B7:8D:26:87:6C:82:35:55
-# Fingerprint (SHA1): 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89
-# Trust for Certificate "Juur-SK"
-# Issuer: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Serial Number: 999181308 (0x3b8e4bfc)
-# Subject: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Not Valid Before: Thu Aug 30 14:23:01 2001
-# Not Valid After : Fri Aug 26 14:23:01 2016
-# Fingerprint (MD5): AA:8E:5D:D9:F8:DB:0A:58:B7:8D:26:87:6C:82:35:55
-# Fingerprint (SHA1): 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89
 # Certificate "Hongkong Post Root CA 1"
 # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
-# Certificate "Verisign Class 1 Public Primary Certification Authority"
+# Certificate "Microsec e-Szigno Root CA 2009"
-# Issuer: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd
-# Subject: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Wed Aug 02 23:59:59 2028
-# Fingerprint (MD5): 86:AC:DE:2B:C5:6D:C3:D9:8C:28:88:D3:8D:16:13:1E
-# Fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1
+# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:00:c2:7e:43:04:4e:47:3f:19
+# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Tue Jun 16 11:30:18 2009
+# Not Valid After : Sun Dec 30 11:30:18 2029
+# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1
+# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E
-# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority"
-# Issuer: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd
-# Subject: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Wed Aug 02 23:59:59 2028
-# Fingerprint (MD5): 86:AC:DE:2B:C5:6D:C3:D9:8C:28:88:D3:8D:16:13:1E
-# Fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1
-# Certificate "Microsec e-Szigno Root CA 2009"
-# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
-# Serial Number:00:c2:7e:43:04:4e:47:3f:19
-# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
-# Not Valid Before: Tue Jun 16 11:30:18 2009
-# Not Valid After : Sun Dec 30 11:30:18 2029
-# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1
-# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E
-# Certificate "Root CA Generalitat Valenciana"
-# Issuer: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Serial Number: 994436456 (0x3b45e568)
-# Subject: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Not Valid Before: Fri Jul 06 16:22:47 2001
-# Not Valid After : Thu Jul 01 15:22:47 2021
-# Fingerprint (MD5): 2C:8C:17:5E:B1:54:AB:93:17:B5:36:5A:DB:D1:C6:F2
-# Fingerprint (SHA1): A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46
-# Trust for Certificate "Root CA Generalitat Valenciana"
-# Issuer: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Serial Number: 994436456 (0x3b45e568)
-# Subject: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Not Valid Before: Fri Jul 06 16:22:47 2001
-# Not Valid After : Thu Jul 01 15:22:47 2021
-# Fingerprint (MD5): 2C:8C:17:5E:B1:54:AB:93:17:B5:36:5A:DB:D1:C6:F2
-# Fingerprint (SHA1): A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46
 # Certificate "TWCA Root Certification Authority"
 # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
+# Certificate "ISRG Root X1"
+# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Not Valid Before: Thu Jun 04 11:04:38 2015
+# Not Valid After : Mon Jun 04 11:04:38 2035
+# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
+# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
+# Trust for "ISRG Root X1"
+# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Not Valid Before: Thu Jun 04 11:04:38 2015
+# Not Valid After : Mon Jun 04 11:04:38 2035
+# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
+# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
+# Certificate "AC RAIZ FNMT-RCM"
+# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07
+# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Not Valid Before: Wed Oct 29 15:59:56 2008
+# Not Valid After : Tue Jan 01 00:00:00 2030
+# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA
+# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20
+# Trust for "AC RAIZ FNMT-RCM"
+# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07
+# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Not Valid Before: Wed Oct 29 15:59:56 2008
+# Not Valid After : Tue Jan 01 00:00:00 2030
+# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA
+# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20
+# Certificate "Amazon Root CA 1"
+# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
+# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca
+# Subject: CN=Amazon Root CA 1,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sun Jan 17 00:00:00 2038
+# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
+# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
+# Trust for "Amazon Root CA 1"
+# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
+# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca
+# Subject: CN=Amazon Root CA 1,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sun Jan 17 00:00:00 2038
+# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
+# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
+# Certificate "Amazon Root CA 2"
+# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
+# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37
+# Subject: CN=Amazon Root CA 2,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4
+# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A
+# Trust for "Amazon Root CA 2"
+# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
+# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37
+# Subject: CN=Amazon Root CA 2,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4
+# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A
+# Certificate "Amazon Root CA 3"
+# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
+# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a
+# Subject: CN=Amazon Root CA 3,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4
+# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E
+# Trust for "Amazon Root CA 3"
+# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
+# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a
+# Subject: CN=Amazon Root CA 3,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4
+# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E
+# Certificate "Amazon Root CA 4"
+# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
+# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e
+# Subject: CN=Amazon Root CA 4,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92
+# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
+# Trust for "Amazon Root CA 4"
+# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
+# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e
+# Subject: CN=Amazon Root CA 4,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92
+# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
+# Certificate "LuxTrust Global Root 2"
+# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
+# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Not Valid Before: Thu Mar 05 13:21:57 2015
+# Not Valid After : Mon Mar 05 13:21:57 2035
+# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5
+# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
+# Trust for "LuxTrust Global Root 2"
+# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
+# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Not Valid Before: Thu Mar 05 13:21:57 2015
+# Not Valid After : Mon Mar 05 13:21:57 2035
+# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5
+# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
+# Certificate "Symantec Class 1 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9
+# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64
+# Trust for "Symantec Class 1 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9
+# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64
+# Certificate "Symantec Class 2 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0
+# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F
+# Trust for "Symantec Class 2 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0
+# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F
+# Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF
+# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67
+# Trust for "Symantec Class 1 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF
+# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67
+# Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92
+# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B
+# Trust for "Symantec Class 2 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92
+# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B
 2017-02-03 09:56:49 +00:00
wiz
60766081b6 Update to certificates of 20160610. 
Bump version.
 2016-07-21 12:37:43 +00:00
tron
879aef85da Create and install a file called "share/mozilla-rootcerts/cacert.pem" 
which contains all the trusted certificates in PEM format. This file
can e.g. be used with command line clients like "curl" or "wget" to
validate certificates.
 2016-02-06 10:22:54 +00:00
tnn
7618149b5e set HOMEPAGE to the hg revision log URL to make it easier to figure out if 
the package needs an update.
 2015-10-18 19:24:39 +00:00
tnn
d80fe900e7 mention mozilla-rootcerts-openssl 2015-09-12 13:06:13 +00:00
tnn
0ff9c47083 Update to 20150804. 
Added:

C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
C=DE, O=Deutscher Sparkassen Verlag GmbH, OU=S-TRUST Certification Services, \
    CN=S-TRUST Universal Root CA
C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
C=TR, L=Ankara, \
    O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?., \
    CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H5
C=TR, L=Ankara, \
    O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?., \
    CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H6
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, \
    OU=(c) 2009 Entrust, Inc. - for authorized use only, \
    CN=Entrust Root Certification Authority - G2
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, \
    OU=(c) 2012 Entrust, Inc. - for authorized use only, \
    CN=Entrust Root Certification Authority - EC1
C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1

Removed:

C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, \
    CN=TC TrustCenter Class 2 CA II
C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, \
    CN=TC TrustCenter Universal CA I
C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1
C=TR, O=Elektronik Bilgi Guvenligi A.S., \
    CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
CN=SG TRUST SERVICES RACINE, OU=0002 43525289500022, O=SG TRUST SERVICES, C=FR
CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?, C=TR, L=ANKARA, \
    O=(c) 2005 T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?.
 2015-09-11 20:32:33 +00:00
dholland
69b63823bc Add support for -d destdir to the mozilla-rootcerts installer script. 2015-04-18 20:11:35 +00:00
tnn
a84f21ab9f Update to mozilla-rootcerts-20141117. 
Added root certs:

C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Secure Server CA - G2
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign

Removed root certs:

C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
C=US, O=America Online Inc., CN=America Online Root Certification Authority 2
C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
 2015-02-16 13:09:10 +00:00
jperkin
e31292423f Ensure we call the full path to the script. Bump PKGREVISION. 2015-01-27 13:53:06 +00:00
wiz
8fb0245862 Improve detection of untrusted certificates. From John D. Baker 
in PR 49176. Bump PKGREVISION.
 2014-09-06 08:03:00 +00:00
mlelstv
6c6af783d9 Update certs to more recent version. The License changed to MPL 2.0. 2014-08-25 08:34:44 +00:00
obache
2e5395c626 reset CHECK_BUILTIN.openssl to avoid side effect. 2014-03-03 06:01:26 +00:00
bsiegert
d35d58370a Add a new subcommand "mozilla-rootcerts install" that unpacks and installs 
the certificates with a single command.

ok gdt, wiz
 2013-03-15 16:14:55 +00:00
fhajny
4900d3dd39 Substitute the openssl tool path in a different manner, so that pkgsrc 
openssl will be used if not builtin. Fixes problem with incorrect cert
hashes generated on (at least) SunOS.
 2013-03-15 12:36:25 +00:00
wiz
45f7f4801f Update mozilla root certificates to 20121229 version. 2013-01-31 09:39:00 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
drochner
0b08870926 mozilla has switched to a scheme of explicitly distrusting certificates 
in its stable branch (ie firefox-6.0.2) too,
so deal with this in the mozilla-rootcerts script (this is not great -
it depends on syntactic details of the file where it should better
use checksums, but the perl script which is distributed with "curl"
works the same way),
and switch back to the certificate list in CVS HEAD
 2011-09-08 19:46:01 +00:00
drochner
3a2c5b4628 update to the version distributed with firefox-6.0.1, in response 
to the recent discovery of false certificates from diginotar
(Recent versions from the source repository don't work, see the
comment in Makefile.)
 2011-08-31 11:42:43 +00:00
shattered
3b05a61c76 Follow HTTP redirects to new HOMEPAGEs and/or MASTER_SITES. 2010-11-13 21:08:54 +00:00
wiz
b838928231 Update to 20100827. Set LICENSE. 
Fix bug reported by Makoto Yamakura in PR 43992.
 2010-10-22 10:41:49 +00:00
wiz
a4eec2f4cc Reset maintainer, developer lost his commit bit. 2010-03-21 16:29:38 +00:00
wiz
a1981918ab Simplify awk usage to make it work with nawk, from Matthias Pfaller in 
PR 42238.

While here, update to latest certificates from mozilla.
 2009-11-03 02:43:55 +00:00
joerg
b34aa6885e DESTDIR support. 2008-06-22 23:05:00 +00:00
jlam
909f41a142 Import security/mozilla-rootcerts: 
This package provides a script which can be used to extract the root
CA certificates distributed by the Mozilla Project into the current
working directory and to rehash the existing certificates.  The directory
can be used by most SSL-aware programs that expect a "CA certificate
path".
 2007-09-20 20:02:53 +00:00