1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-26 00:55:14 +00:00
freebsd-ports/security/ca_root_nss/files
Matthias Andree a4027193e3 Update extraction script to:
- Only look at CKA_TRUST_SERVER_AUTH, _EMAIL_PROTECTION, and
  _CODE_SIGNING attributes.

- Omit certificates that do not have any explicit trust value in these
  three attributes; at least one of the purposes must mark the
  certificate a trusted delegator.

- Validate that the trust is one of three known trust values, to become
  aware of syntax changes in certdata.txt. If it is an unknown token,
  abort with an error stating that the script must be updated.

- Check that we have at least 25 certificates in the output or abort.

This removes these two certificates that have "unknown"
(CKT_NSS_MUST_VERIFY_TRUST) in all three tokens, making them unfit as
trust anchors:

1 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA,
    CN=TC TrustCenter Universal CA III

2 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network,
    OU=http://www.usertrust.com,
    CN=UTN-USERFirst-Network Applications

164 trusted certificates remain.
2013-08-29 08:10:09 +00:00
..
MAca-bundle.pl.in Update extraction script to: 2013-08-29 08:10:09 +00:00