Date: Sat, 5 Sep 2020 02:22:07 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r365357 - in stable: 11/secure/caroot/blacklisted 12/secure/caroot/blacklisted Message-ID: <202009050222.0852M7LH095182@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Sat Sep 5 02:22:07 2020 New Revision: 365357 URL: https://svnweb.freebsd.org/changeset/base/365357 Log: MFC r365248: caroot: properly remove old distrusted roots The proper procedure was not followed in r364943; all of these that were deleted should have instead been moved over to the blacklist so that certctl can DTRT. Users must still `certctl rehash` after this, but this should generally be done by one of mergemaster/etcupdate/freebsd-update/pkgbase already; note that freebsd-update doesn't come into play for this particular update, as these have not yet made it into a release. Future work (after svn -> git) will likely change the script that updatecert invokes to facilitate the process, rather than trusting that kevans or whomever updates in the future will remember. Added: stable/11/secure/caroot/blacklisted/AddTrust_External_Root.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/AddTrust_External_Root.pem stable/11/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem stable/11/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem stable/11/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem stable/11/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem stable/11/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem stable/11/secure/caroot/blacklisted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem Modified: Directory Properties: stable/11/ (props changed) Changes in other areas also in this revision: Added: stable/12/secure/caroot/blacklisted/AddTrust_External_Root.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/AddTrust_External_Root.pem stable/12/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem stable/12/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem stable/12/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem stable/12/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem stable/12/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem stable/12/secure/caroot/blacklisted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem - copied unchanged from r365248, head/secure/caroot/blacklisted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem Modified: Directory Properties: stable/12/ (props changed) Copied: stable/11/secure/caroot/blacklisted/AddTrust_External_Root.pem (from r365248, head/secure/caroot/blacklisted/AddTrust_External_Root.pem) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/11/secure/caroot/blacklisted/AddTrust_External_Root.pem Sat Sep 5 02:22:07 2020 (r365357, copy of r365248, head/secure/caroot/blacklisted/AddTrust_External_Root.pem) @@ -0,0 +1,99 @@ +## +## AddTrust External Root +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## Extracted from nss +## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root + Validity + Not Before: May 30 10:48:38 2000 GMT + Not After : May 30 10:48:38 2020 GMT + Subject: C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b7:f7:1a:33:e6:f2:00:04:2d:39:e0:4e:5b:ed: + 1f:bc:6c:0f:cd:b5:fa:23:b6:ce:de:9b:11:33:97: + a4:29:4c:7d:93:9f:bd:4a:bc:93:ed:03:1a:e3:8f: + cf:e5:6d:50:5a:d6:97:29:94:5a:80:b0:49:7a:db: + 2e:95:fd:b8:ca:bf:37:38:2d:1e:3e:91:41:ad:70: + 56:c7:f0:4f:3f:e8:32:9e:74:ca:c8:90:54:e9:c6: + 5f:0f:78:9d:9a:40:3c:0e:ac:61:aa:5e:14:8f:9e: + 87:a1:6a:50:dc:d7:9a:4e:af:05:b3:a6:71:94:9c: + 71:b3:50:60:0a:c7:13:9d:38:07:86:02:a8:e9:a8: + 69:26:18:90:ab:4c:b0:4f:23:ab:3a:4f:84:d8:df: + ce:9f:e1:69:6f:bb:d7:42:d7:6b:44:e4:c7:ad:ee: + 6d:41:5f:72:5a:71:08:37:b3:79:65:a4:59:a0:94: + 37:f7:00:2f:0d:c2:92:72:da:d0:38:72:db:14:a8: + 45:c4:5d:2a:7d:b7:b4:d6:c4:ee:ac:cd:13:44:b7: + c9:2b:dd:43:00:25:fa:61:b9:69:6a:58:23:11:b7: + a7:33:8f:56:75:59:f5:cd:29:d7:46:b7:0a:2b:65: + b6:d3:42:6f:15:b2:b8:7b:fb:ef:e9:5d:53:d5:34: + 5a:27 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A + DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root + serial:01 + + Signature Algorithm: sha1WithRSAEncryption + b0:9b:e0:85:25:c2:d6:23:e2:0f:96:06:92:9d:41:98:9c:d9: + 84:79:81:d9:1e:5b:14:07:23:36:65:8f:b0:d8:77:bb:ac:41: + 6c:47:60:83:51:b0:f9:32:3d:e7:fc:f6:26:13:c7:80:16:a5: + bf:5a:fc:87:cf:78:79:89:21:9a:e2:4c:07:0a:86:35:bc:f2: + de:51:c4:d2:96:b7:dc:7e:4e:ee:70:fd:1c:39:eb:0c:02:51: + 14:2d:8e:bd:16:e0:c1:df:46:75:e7:24:ad:ec:f4:42:b4:85: + 93:70:10:67:ba:9d:06:35:4a:18:d3:2b:7a:cc:51:42:a1:7a: + 63:d1:e6:bb:a1:c5:2b:c2:36:be:13:0d:e6:bd:63:7e:79:7b: + a7:09:0d:40:ab:6a:dd:8f:8a:c3:f6:f6:8c:1a:42:05:51:d4: + 45:f5:9f:a7:62:21:68:15:20:43:3c:99:e7:7c:bd:24:d8:a9: + 91:17:73:88:3f:56:1b:31:38:18:b4:71:0f:9a:cd:c8:0e:9e: + 8e:2e:1b:e1:8c:98:83:cb:1f:31:f1:44:4c:c6:04:73:49:76: + 60:0f:c7:f8:bd:17:80:6b:2e:e9:cc:4c:0e:5a:9a:79:0f:20: + 0a:2e:d5:9e:63:26:1e:55:92:94:d8:82:17:5a:7b:d0:bc:c7: + 8f:4e:86:04 +SHA1 Fingerprint=02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- Copied: stable/11/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem (from r365248, head/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/11/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem Sat Sep 5 02:22:07 2020 (r365357, copy of r365248, head/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem) @@ -0,0 +1,98 @@ +## +## AddTrust Low-Value Services Root +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## Extracted from nss +## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root + Validity + Not Before: May 30 10:38:31 2000 GMT + Not After : May 30 10:38:31 2020 GMT + Subject: C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:96:96:d4:21:49:60:e2:6b:e8:41:07:0c:de:c4: + e0:dc:13:23:cd:c1:35:c7:fb:d6:4e:11:0a:67:5e: + f5:06:5b:6b:a5:08:3b:5b:29:16:3a:e7:87:b2:34: + 06:c5:bc:05:a5:03:7c:82:cb:29:10:ae:e1:88:81: + bd:d6:9e:d3:fe:2d:56:c1:15:ce:e3:26:9d:15:2e: + 10:fb:06:8f:30:04:de:a7:b4:63:b4:ff:b1:9c:ae: + 3c:af:77:b6:56:c5:b5:ab:a2:e9:69:3a:3d:0e:33: + 79:32:3f:70:82:92:99:61:6d:8d:30:08:8f:71:3f: + a6:48:57:19:f8:25:dc:4b:66:5c:a5:74:8f:98:ae: + c8:f9:c0:06:22:e7:ac:73:df:a5:2e:fb:52:dc:b1: + 15:65:20:fa:35:66:69:de:df:2c:f1:6e:bc:30:db: + 2c:24:12:db:eb:35:35:68:90:cb:00:b0:97:21:3d: + 74:21:23:65:34:2b:bb:78:59:a3:d6:e1:76:39:9a: + a4:49:8e:8c:74:af:6e:a4:9a:a3:d9:9b:d2:38:5c: + 9b:a2:18:cc:75:23:84:be:eb:e2:4d:33:71:8e:1a: + f0:c2:f8:c7:1d:a2:ad:03:97:2c:f8:cf:25:c6:f6: + b8:24:31:b1:63:5d:92:7f:63:f0:25:c9:53:2e:1f: + bf:4d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B + DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root + serial:01 + + Signature Algorithm: sha1WithRSAEncryption + 2c:6d:64:1b:1f:cd:0d:dd:b9:01:fa:96:63:34:32:48:47:99: + ae:97:ed:fd:72:16:a6:73:47:5a:f4:eb:dd:e9:f5:d6:fb:45: + cc:29:89:44:5d:bf:46:39:3d:e8:ee:bc:4d:54:86:1e:1d:6c: + e3:17:27:43:e1:89:56:2b:a9:6f:72:4e:49:33:e3:72:7c:2a: + 23:9a:bc:3e:ff:28:2a:ed:a3:ff:1c:23:ba:43:57:09:67:4d: + 4b:62:06:2d:f8:ff:6c:9d:60:1e:d8:1c:4b:7d:b5:31:2f:d9: + d0:7c:5d:f8:de:6b:83:18:78:37:57:2f:e8:33:07:67:df:1e: + c7:6b:2a:95:76:ae:8f:57:a3:f0:f4:52:b4:a9:53:08:cf:e0: + 4f:d3:7a:53:8b:fd:bb:1c:56:36:f2:fe:b2:b6:e5:76:bb:d5: + 22:65:a7:3f:fe:d1:66:ad:0b:bc:6b:99:86:ef:3f:7d:f3:18: + 32:ca:7b:c6:e3:ab:64:46:95:f8:26:69:d9:55:83:7b:2c:96: + 07:ff:59:2c:44:a3:c6:e5:e9:a9:dc:a1:63:80:5a:21:5e:21: + cf:53:54:f0:ba:6f:89:db:a8:aa:95:cf:8b:e3:71:cc:1e:1b: + 20:44:08:c0:7a:b6:40:fd:c4:e4:35:e1:1d:16:1c:d0:bc:2b: + 8e:d6:71:d9 +SHA1 Fingerprint=CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D +-----BEGIN CERTIFICATE----- +MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw +MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD +VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul +CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n +tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl +dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch +PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC ++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O +BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk +ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB +IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X +7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz +43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY +eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl +pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA +WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= +-----END CERTIFICATE----- Copied: stable/11/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem (from r365248, head/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/11/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem Sat Sep 5 02:22:07 2020 (r365357, copy of r365248, head/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem) @@ -0,0 +1,141 @@ +## +## LuxTrust Global Root 2 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## Extracted from nss +## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = LU, O = LuxTrust S.A., CN = LuxTrust Global Root 2 + Validity + Not Before: Mar 5 13:21:57 2015 GMT + Not After : Mar 5 13:21:57 2035 GMT + Subject: C = LU, O = LuxTrust S.A., CN = LuxTrust Global Root 2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:d7:85:97:bf:11:98:e9:f0:62:83:4c:3c:87:f9: + 53:6a:37:0b:f2:0f:3c:87:ce:6f:dc:26:29:bd:c5: + 89:ba:c9:83:3d:f7:ee:ca:5b:c6:6d:49:73:b4:c9: + 46:a3:1b:34:13:3f:c1:89:45:57:f4:d9:b1:fb:36: + 65:4b:fb:08:e2:48:71:11:c8:6e:3b:9e:9d:df:89: + 65:37:a6:85:f6:3b:44:18:b6:c6:37:30:62:44:92: + 97:69:7d:42:30:24:e4:0d:0c:89:6b:63:de:c5:e1: + df:4e:a9:14:6c:53:e0:61:ce:f6:17:2f:1d:3c:bd: + e6:22:4c:1d:93:f5:10:c4:a1:76:ec:6a:de:c5:6c: + df:96:b4:56:40:42:c0:62:92:30:a1:2d:15:94:a0: + d2:20:06:09:6e:6a:6d:e5:eb:b7:be:d4:f0:f1:15: + 7c:8b:e6:4e:ba:13:cc:4b:27:5e:99:3c:17:5d:8f: + 81:7f:33:3d:4f:d3:3f:1b:ec:5c:3f:f0:3c:4c:75: + 6e:f2:a6:d5:9d:da:2d:07:63:02:c6:72:e9:94:bc: + 4c:49:95:4f:88:52:c8:db:e8:69:82:f8:cc:34:5b: + 22:f0:86:a7:89:bd:48:0a:6d:66:81:6d:c8:c8:64: + fb:01:e1:f4:e1:de:d9:9e:dd:db:5b:d4:2a:99:26: + 15:1b:1e:4c:92:29:82:9e:d5:92:81:92:41:70:19: + f7:a4:e5:93:4b:bc:77:67:31:dd:1c:fd:31:70:0d: + 17:99:0c:f9:0c:39:19:2a:17:b5:30:71:55:d5:0f: + ae:58:e1:3d:2f:34:9b:cf:9f:f6:78:85:c2:93:7a: + 72:3e:66:8f:9c:16:11:60:8f:9e:89:6f:67:be:e0: + 47:5a:3b:0c:9a:67:8b:cf:46:c6:ae:38:a3:f2:a7: + bc:e6:d6:85:6b:33:24:70:22:4b:cb:08:9b:bb:c8: + f8:02:29:1d:be:20:0c:46:bf:6b:87:9b:b3:2a:66: + 42:35:46:6c:aa:ba:ad:f9:98:7b:e9:50:55:14:31: + bf:b1:da:2d:ed:80:ad:68:24:fb:69:ab:d8:71:13: + 30:e6:67:b3:87:40:fd:89:7e:f2:43:d1:11:df:2f: + 65:2f:64:ce:5f:14:b9:b1:bf:31:bd:87:78:5a:59: + 65:88:aa:fc:59:32:48:86:d6:4c:b9:29:4b:95:d3: + 76:f3:77:25:6d:42:1c:38:83:4d:fd:a3:5f:9b:7f: + 2d:ac:79:1b:0e:42:31:97:63:a4:fb:8a:69:d5:22: + 0d:34:90:30:2e:a8:b4:e0:6d:b6:94:ac:bc:8b:4e: + d7:70:fc:c5:38:8e:64:25:e1:4d:39:90:ce:c9:87: + 84:58:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: 1.3.171.1.1.1.10 + CPS: https://repository.luxtrust.lu + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Authority Key Identifier: + keyid:FF:18:28:76:F9:48:05:2C:A1:AE:F1:2B:1B:2B:B2:53:F8:4B:7C:B3 + + X509v3 Subject Key Identifier: + FF:18:28:76:F9:48:05:2C:A1:AE:F1:2B:1B:2B:B2:53:F8:4B:7C:B3 + Signature Algorithm: sha256WithRSAEncryption + 6a:19:14:ed:6e:79:c1:2c:87:d4:0d:70:7e:d7:f6:78:c9:0b: + 04:4e:c4:b1:ce:93:70:fe:b0:54:c0:32:cd:99:30:64:17:bf: + 0f:e5:e2:33:fd:07:36:40:72:0e:1a:b6:6a:59:d6:00:e5:68: + 20:dd:2e:72:0d:1f:6a:64:31:20:84:7d:49:a6:5a:37:eb:45: + c9:85:f5:d4:c7:17:99:07:e6:9b:55:e4:0c:e8:a9:b4:ce:8c: + 5b:b5:11:5c:cf:8a:0e:0d:d6:ac:77:81:fe:32:9c:24:9e:72: + ce:54:f3:d0:6f:a2:56:d6:ec:c3:37:2c:65:58:be:57:00:1a: + f2:35:fa:eb:7b:31:5d:c2:c1:12:3d:96:81:88:96:89:c1:59: + 5c:7a:e6:7f:70:34:e7:83:e2:b1:e1:e1:b8:58:ef:d4:95:e4: + 60:9c:f0:96:97:72:8c:eb:84:02:2e:65:8f:a4:b7:d2:7f:67: + dd:c8:d3:9e:5c:aa:a9:a4:a0:25:14:06:9b:ec:4f:7e:2d:0b: + 7f:1d:75:f1:33:d8:ed:ce:b8:75:6d:3e:5b:b9:98:1d:31:0d: + 56:d8:43:0f:30:91:b2:04:6b:dd:56:be:95:80:55:67:be:d8: + cd:83:d9:18:ee:2e:0f:86:2d:92:9e:70:13:ec:de:51:c9:43: + 78:02:a5:4d:c8:f9:5f:c4:91:58:46:16:77:5a:74:aa:40:bc: + 07:9f:30:b9:b1:f7:12:17:dd:e3:ff:24:40:1d:7a:6a:d1:4f: + 18:0a:aa:90:1d:eb:40:1e:df:a1:1e:44:92:10:9a:f2:8d:e1: + d1:4b:46:9e:e8:45:42:97:ea:45:99:f3:ec:66:d5:02:fa:f2: + a6:4a:24:aa:de:ce:b9:ca:f9:3f:93:6f:f9:a3:ba:ea:a5:3e: + 99:ad:fd:ff:7b:99:f5:65:ee:f0:59:28:67:d7:90:95:a4:13: + 84:a9:84:c1:e8:ce:ce:75:93:63:1a:bc:3c:ea:d5:64:1f:2d: + 2a:12:39:c6:c3:5a:32:ed:47:91:16:0e:bc:38:c1:50:de:8f: + ca:2a:90:34:1c:ee:41:94:9c:5e:19:2e:f8:45:49:99:74:91: + b0:04:6f:e3:04:5a:b1:ab:2a:ab:fe:c7:d0:96:b6:da:e1:4a: + 64:06:6e:60:4d:bd:42:4e:ff:78:da:24:ca:1b:b4:d7:96:39: + 6c:ae:f1:0e:aa:a7:7d:48:8b:20:4c:cf:64:d6:b8:97:46:b0: + 4e:d1:2a:56:3a:a0:93:bd:af:80:24:e0:0a:7e:e7:ca:d5:ca: + e8:85:55:dc:36:2a:e1:94:68:93:c7:66:72:44:0f:80:21:32: + 6c:25:c7:23:80:83:0a:eb +SHA1 Fingerprint=1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F +-----BEGIN CERTIFICATE----- +MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQEL +BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV +BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUw +MzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B +LjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wmKb3F +ibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTem +hfY7RBi2xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1 +EMShduxq3sVs35a0VkBCwGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsn +Xpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4 +zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkmFRseTJIpgp7VkoGSQXAZ +96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niFwpN6cj5m +j5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4g +DEa/a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+ +8kPREd8vZS9kzl8UubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2j +X5t/Lax5Gw5CMZdjpPuKadUiDTSQMC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmH +hFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGByuB +KwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5Lmx1eHRydXN0 +Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT ++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQEL +BQADggIBAGoZFO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9 +BzZAcg4atmpZ1gDlaCDdLnINH2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTO +jFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW7MM3LGVYvlcAGvI1+ut7MV3CwRI9 +loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIuZY+kt9J/Z93I055c +qqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWAVWe+ +2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/ +JEAdemrRTxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKre +zrnK+T+Tb/mjuuqlPpmt/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQf +LSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+ +x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6 +oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr +-----END CERTIFICATE----- Copied: stable/11/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem (from r365248, head/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/11/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem Sat Sep 5 02:22:07 2020 (r365357, copy of r365248, head/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem) @@ -0,0 +1,137 @@ +## +## Staat der Nederlanden Root CA - G2 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## Extracted from nss +## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10000012 (0x98968c) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2 + Validity + Not Before: Mar 26 11:18:17 2008 GMT + Not After : Mar 25 11:03:10 2020 GMT + Subject: C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:c5:59:e7:6f:75:aa:3e:4b:9c:b5:b8:ac:9e:0b: + e4:f9:d9:ca:ab:5d:8f:b5:39:10:82:d7:af:51:e0: + 3b:e1:00:48:6a:cf:da:e1:06:43:11:99:aa:14:25: + 12:ad:22:e8:00:6d:43:c4:a9:b8:e5:1f:89:4b:67: + bd:61:48:ef:fd:d2:e0:60:88:e5:b9:18:60:28:c3: + 77:2b:ad:b0:37:aa:37:de:64:59:2a:46:57:e4:4b: + b9:f8:37:7c:d5:36:e7:80:c1:b6:f3:d4:67:9b:96: + e8:ce:d7:c6:0a:53:d0:6b:49:96:f3:a3:0b:05:77: + 48:f7:25:e5:70:ac:30:14:20:25:e3:7f:75:5a:e5: + 48:f8:4e:7b:03:07:04:fa:82:61:87:6e:f0:3b:c4: + a4:c7:d0:f5:74:3e:a5:5d:1a:08:f2:9b:25:d2:f6: + ac:04:26:3e:55:3a:62:28:a5:7b:b2:30:af:f8:37: + c2:d1:ba:d6:38:fd:f4:ef:49:30:37:99:26:21:48: + 85:01:a9:e5:16:e7:dc:90:55:df:0f:e8:38:cd:99: + 37:21:4f:5d:f5:22:6f:6a:c5:12:16:60:17:55:f2: + 65:66:a6:a7:30:91:38:c1:38:1d:86:04:84:ba:1a: + 25:78:5e:9d:af:cc:50:60:d6:13:87:52:ed:63:1f: + 6d:65:7d:c2:15:18:74:ca:e1:7e:64:29:8c:72:d8: + 16:13:7d:0b:49:4a:f1:28:1b:20:74:6b:c5:3d:dd: + b0:aa:48:09:3d:2e:82:94:cd:1a:65:d9:2b:88:9a: + 99:bc:18:7e:9f:ee:7d:66:7c:3e:bd:94:b8:81:ce: + cd:98:30:78:c1:6f:67:d0:be:5f:e0:68:ed:de:e2: + b1:c9:2c:59:78:92:aa:df:2b:60:63:f2:e5:5e:b9: + e3:ca:fa:7f:50:86:3e:a2:34:18:0c:09:68:28:11: + 1c:e4:e1:b9:5c:3e:47:ba:32:3f:18:cc:5b:84:f5: + f3:6b:74:c4:72:74:e1:e3:8b:a0:4a:bd:8d:66:2f: + ea:ad:35:da:20:d3:88:82:61:f0:12:22:b6:bc:d0: + d5:a4:ec:af:54:88:25:24:3c:a7:6d:b1:72:29:3f: + 3e:57:a6:7f:55:af:6e:26:c6:fe:e7:cc:40:5c:51: + 44:81:0a:78:de:4a:ce:55:bf:1d:d5:d9:b7:56:ef: + f0:76:ff:0b:79:b5:af:bd:fb:a9:69:91:46:97:68: + 80:14:36:1d:b3:7f:bb:29:98:36:a5:20:fa:82:60: + 62:33:a4:ec:d6:ba:07:a7:6e:c5:cf:14:a6:e7:d6: + 92:34:d8:81:f5:fc:1d:5d:aa:5c:1e:f6:a3:4d:3b: + b8:f7:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://www.pkioverheid.nl/policies/root-policy-G2 + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 91:68:32:87:15:1D:89:E2:B5:F1:AC:36:28:34:8D:0B:7C:62:88:EB + Signature Algorithm: sha256WithRSAEncryption + a8:41:4a:67:2a:92:81:82:50:6e:e1:d7:d8:b3:39:3b:f3:02: + 15:09:50:51:ef:2d:bd:24:7b:88:86:3b:f9:b4:bc:92:09:96: + b9:f6:c0:ab:23:60:06:79:8c:11:4e:51:d2:79:80:33:fb:9d: + 48:be:ec:41:43:81:1f:7e:47:40:1c:e5:7a:08:ca:aa:8b:75: + ad:14:c4:c2:e8:66:3c:82:07:a7:e6:27:82:5b:18:e6:0f:6e: + d9:50:3e:8a:42:18:29:c6:b4:56:fc:56:10:a0:05:17:bd:0c: + 23:7f:f4:93:ed:9c:1a:51:be:dd:45:41:bf:91:24:b4:1f:8c: + e9:5f:cf:7b:21:99:9f:95:9f:39:3a:46:1c:6c:f9:cd:7b:9c: + 90:cd:28:a9:c7:a9:55:bb:ac:62:34:62:35:13:4b:14:3a:55: + 83:b9:86:8d:92:a6:c6:f4:07:25:54:cc:16:57:12:4a:82:78: + c8:14:d9:17:82:26:2d:5d:20:1f:79:ae:fe:d4:70:16:16:95: + 83:d8:35:39:ff:52:5d:75:1c:16:c5:13:55:cf:47:cc:75:65: + 52:4a:de:f0:b0:a7:e4:0a:96:0b:fb:ad:c2:e2:25:84:b2:dd: + e4:bd:7e:59:6c:9b:f0:f0:d8:e7:ca:f2:e9:97:38:7e:89:be: + cc:fb:39:17:61:3f:72:db:3a:91:d8:65:01:19:1d:ad:50:a4: + 57:0a:7c:4b:bc:9c:71:73:2a:45:51:19:85:cc:8e:fd:47:a7: + 74:95:1d:a8:d1:af:4e:17:b1:69:26:c2:aa:78:57:5b:c5:4d: + a7:e5:9e:05:17:94:ca:b2:5f:a0:49:18:8d:34:e9:26:6c:48: + 1e:aa:68:92:05:e1:82:73:5a:9b:dc:07:5b:08:6d:7d:9d:d7: + 8d:21:d9:fc:14:20:aa:c2:45:df:3f:e7:00:b2:51:e4:c2:f8: + 05:b9:79:1a:8c:34:f3:9e:5b:e4:37:5b:6b:4a:df:2c:57:8a: + 40:5a:36:ba:dd:75:44:08:37:42:70:0c:fe:dc:5e:21:a0:a3: + 8a:c0:90:9c:68:da:50:e6:45:10:47:78:b6:4e:d2:65:c9:c3: + 37:df:e1:42:63:b0:57:37:45:2d:7b:8a:9c:bf:05:ea:65:55: + 33:f7:39:10:c5:28:2a:21:7a:1b:8a:c4:24:f9:3f:15:c8:9a: + 15:20:f5:55:62:96:ed:6d:93:50:bc:e4:aa:78:ad:d9:cb:0a: + 65:87:a6:66:c1:c4:81:a3:77:3a:58:1e:0b:ee:83:8b:9d:1e: + d2:52:a4:cc:1d:6f:b0:98:6d:94:31:b5:f8:71:0a:dc:b9:fc: + 7d:32:60:e6:eb:af:8a:01 +SHA1 Fingerprint=59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16 +-----BEGIN CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX +DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 +qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp +uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU +Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE +pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp +5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M +UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN +GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy +5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv +6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK +eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 +B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ +BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov +L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG +SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS +CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen +5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 +IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK +gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL ++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL +vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm +bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk +N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC +Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z +ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== +-----END CERTIFICATE----- Copied: stable/11/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem (from r365248, head/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/11/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem Sat Sep 5 02:22:07 2020 (r365357, copy of r365248, head/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem) @@ -0,0 +1,68 @@ +## +## Symantec Class 1 Public Primary Certification Authority - G4 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## Extracted from nss +## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 1 Public Primary Certification Authority - G4 + Validity + Not Before: Oct 5 00:00:00 2011 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 1 Public Primary Certification Authority - G4 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d7:66:b5:1b:db:ae:b3:60:ee:46:ea:88:63:75: + 3b:2a:94:6d:f3:5f:12:f6:e3:0f:9e:b6:0a:14:53: + 48:52:c8:dc:3a:b3:cb:48:20:26:12:4e:fa:89:84: + d4:df:91:e4:29:7d:28:01:d9:db:18:43:69:a1:1f: + b5:d3:86:16:dc:c7:7f:67:23:df:df:31:31:83:03: + 35:70:b1:4b:b7:c8:17:bb:51:cb:dc:94:17:db:ea: + 09:3b:76:12:de:aa:b5 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 65:C0:8D:25:F5:0C:BA:97:77:90:3F:9E:2E:E0:5A:F5:CE:D5:E1:E4 + Signature Algorithm: ecdsa-with-SHA384 + 30:66:02:31:00:a5:ae:e3:46:53:f8:98:36:e3:22:fa:2e:28: + 49:0d:ee:30:7e:33:f3:ec:3f:71:5e:cc:55:89:78:99:ac:b2: + fd:dc:1c:5c:33:8e:29:b9:6b:17:c8:11:68:b5:dc:83:07:02: + 31:00:9c:c8:44:da:69:c2:36:c3:54:19:10:85:02:da:9d:47: + ef:41:e7:6c:26:9d:09:3d:f7:6d:90:d1:05:44:2f:b0:bc:83: + 93:68:f2:0c:45:49:39:bf:99:04:1c:d3:10:a0 +SHA1 Fingerprint=84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 +-----BEGIN CERTIFICATE----- +MIICqDCCAi2gAwIBAgIQIW4zpcvTiKRvKQe0JzzE2DAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAxIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATXZrUb266zYO5G6ohjdTsqlG3zXxL24w+etgoUU0hS +yNw6s8tIICYSTvqJhNTfkeQpfSgB2dsYQ2mhH7XThhbcx39nI9/fMTGDAzVwsUu3 +yBe7UcvclBfb6gk7dhLeqrWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRlwI0l9Qy6l3eQP54u4Fr1ztXh5DAKBggqhkjOPQQD +AwNpADBmAjEApa7jRlP4mDbjIvouKEkN7jB+M/PsP3FezFWJeJmssv3cHFwzjim5 +axfIEWi13IMHAjEAnMhE2mnCNsNUGRCFAtqdR+9B52wmnQk9922Q0QVEL7C8g5No +8gxFSTm/mQQc0xCg +-----END CERTIFICATE----- Copied: stable/11/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem (from r365248, head/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/11/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem Sat Sep 5 02:22:07 2020 (r365357, copy of r365248, head/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem) @@ -0,0 +1,68 @@ +## +## Symantec Class 2 Public Primary Certification Authority - G4 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## Extracted from nss +## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 2 Public Primary Certification Authority - G4 + Validity + Not Before: Oct 5 00:00:00 2011 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 2 Public Primary Certification Authority - G4 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d1:d9:4a:8e:4c:0d:84:4a:51:ba:7c:ef:d3:cc: + fa:3a:9a:b5:a7:63:13:3d:01:e0:49:3e:fa:c1:47: + c9:92:b3:3a:d7:fe:6f:9c:f7:9a:3a:0f:f5:0e:0a: + 0a:c3:3f:c8:e7:12:14:8e:d5:d5:6d:98:2c:b3:71: + 32:0a:eb:2a:bd:f6:d7:6a:20:0b:67:45:9c:d2:b2: + bf:53:22:66:09:5d:db:11:f3:f1:05:33:58:a3:e2: + b8:cf:7c:cd:82:9b:bd + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 3D:32:F3:3A:A9:0C:90:84:F9:A2:8C:69:06:61:54:2F:87:72:FE:05 + Signature Algorithm: ecdsa-with-SHA384 + 30:66:02:31:00:c8:a6:a9:af:41:7f:b5:c9:11:42:16:68:69: + 4c:5c:b8:27:18:b6:98:f1:c0:7f:90:6d:87:d3:8c:46:17:f0: + 3e:4f:fc:ea:b0:08:c4:7a:4b:bc:08:2f:c7:e2:a7:6f:65:02: + 31:00:d6:59:de:86:ce:5f:0e:ca:54:d5:c6:d0:15:0e:fc:8b: + 94:72:d4:8e:00:58:53:cf:7e:b1:4b:0d:e5:50:86:eb:9e:6b: + df:ff:29:a6:d8:47:d9:a0:96:18:db:f2:45:b3 +SHA1 Fingerprint=67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B +-----BEGIN CERTIFICATE----- +MIICqDCCAi2gAwIBAgIQNBdlEkA7t1aALYDLeVWmHjAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAyIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATR2UqOTA2ESlG6fO/TzPo6mrWnYxM9AeBJPvrBR8mS +szrX/m+c95o6D/UOCgrDP8jnEhSO1dVtmCyzcTIK6yq99tdqIAtnRZzSsr9TImYJ +XdsR8/EFM1ij4rjPfM2Cm72jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBQ9MvM6qQyQhPmijGkGYVQvh3L+BTAKBggqhkjOPQQD +AwNpADBmAjEAyKapr0F/tckRQhZoaUxcuCcYtpjxwH+QbYfTjEYX8D5P/OqwCMR6 +S7wIL8fip29lAjEA1lnehs5fDspU1cbQFQ78i5Ry1I4AWFPPfrFLDeVQhuuea9// +KabYR9mglhjb8kWz +-----END CERTIFICATE----- Copied: stable/11/secure/caroot/blacklisted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem (from r365248, head/secure/caroot/blacklisted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/11/secure/caroot/blacklisted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem Sat Sep 5 02:22:07 2020 (r365357, copy of r365248, head/secure/caroot/blacklisted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem) @@ -0,0 +1,87 @@ +## +## Verisign Class 3 Public Primary Certification Authority - G3 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## Extracted from nss +## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## +## @generated +## +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G3 + Validity + Not Before: Oct 1 00:00:00 1999 GMT + Not After : Jul 16 23:59:59 2036 GMT + Subject: C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cb:ba:9c:52:fc:78:1f:1a:1e:6f:1b:37:73:bd: + f8:c9:6b:94:12:30:4f:f0:36:47:f5:d0:91:0a:f5: + 17:c8:a5:61:c1:16:40:4d:fb:8a:61:90:e5:76:20: + c1:11:06:7d:ab:2c:6e:a6:f5:11:41:8e:fa:2d:ad: + 2a:61:59:a4:67:26:4c:d0:e8:bc:52:5b:70:20:04: + 58:d1:7a:c9:a4:69:bc:83:17:64:ad:05:8b:bc:d0: + 58:ce:8d:8c:f5:eb:f0:42:49:0b:9d:97:27:67:32: + 6e:e1:ae:93:15:1c:70:bc:20:4d:2f:18:de:92:88: + e8:6c:85:57:11:1a:e9:7e:e3:26:11:54:a2:45:96: + 55:83:ca:30:89:e8:dc:d8:a3:ed:2a:80:3f:7f:79: + 65:57:3e:15:20:66:08:2f:95:93:bf:aa:47:2f:a8: + 46:97:f0:12:e2:fe:c2:0a:2b:51:e6:76:e6:b7:46: + b7:e2:0d:a6:cc:a8:c3:4c:59:55:89:e6:e8:53:5c: + 1c:ea:9d:f0:62:16:0b:a7:c9:5f:0c:f0:de:c2:76: + ce:af:f7:6a:f2:fa:41:a6:a2:33:14:c9:e5:7a:63: + d3:9e:62:37:d5:85:65:9e:0e:e6:53:24:74:1b:5e: + 1d:12:53:5b:c7:2c:e7:83:49:3b:15:ae:8a:68:b9: + 57:97 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 11:14:96:c1:ab:92:08:f7:3f:2f:c9:b2:fe:e4:5a:9f:64:de: + db:21:4f:86:99:34:76:36:57:dd:d0:15:2f:c5:ad:7f:15:1f: + 37:62:73:3e:d4:e7:5f:ce:17:03:db:35:fa:2b:db:ae:60:09: + 5f:1e:5f:8f:6e:bb:0b:3d:ea:5a:13:1e:0c:60:6f:b5:c0:b5: + 23:22:2e:07:0b:cb:a9:74:cb:47:bb:1d:c1:d7:a5:6b:cc:2f: + d2:42:fd:49:dd:a7:89:cf:53:ba:da:00:5a:28:bf:82:df:f8: + ba:13:1d:50:86:82:fd:8e:30:8f:29:46:b0:1e:3d:35:da:38: + 62:16:18:4a:ad:e6:b6:51:6c:de:af:62:eb:01:d0:1e:24:fe: + 7a:8f:12:1a:12:68:b8:fb:66:99:14:14:45:5c:ae:e7:ae:69: + 17:81:2b:5a:37:c9:5e:2a:f4:c6:e2:a1:5c:54:9b:a6:54:00: + cf:f0:f1:c1:c7:98:30:1a:3b:36:16:db:a3:6e:ea:fd:ad:b2: + c2:da:ef:02:47:13:8a:c0:f1:b3:31:ad:4f:1c:e1:4f:9c:af: + 0f:0c:9d:f7:78:0d:d8:f4:35:56:80:da:b7:6d:17:8f:9d:1e: + 81:64:e1:fe:c5:45:ba:ad:6b:b9:0a:7a:4e:4f:4b:84:ee:4b: + f1:7d:dd:11 +SHA1 Fingerprint=13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6 +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b +N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t +KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu +kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm +CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ +Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu +imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te +2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe +DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p +F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt +TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009050222.0852M7LH095182>